From 2e1deb3e93c6638c420377ff8075891b07bfcfe9 Mon Sep 17 00:00:00 2001 From: Gregory Colpart Date: Tue, 22 Aug 2017 05:57:19 +0200 Subject: [PATCH] write php role with https://wiki.evolix.org/HowtoPHP --- php/README.md | 4 +- php/defaults/main.yml | 3 ++ php/tasks/apache.yml | 59 +++++++++++++++++++++++++ php/tasks/fpm.yml | 90 +++++++++++++++++++++++++++++++++++++++ php/tasks/main.yml | 33 +++++++------- php/tasks/php_jessie.yml | 53 +++++++++++++++++++++++ php/tasks/php_stretch.yml | 54 +++++++++++++++++++++++ 7 files changed, 278 insertions(+), 18 deletions(-) create mode 100644 php/tasks/apache.yml create mode 100644 php/tasks/fpm.yml create mode 100644 php/tasks/php_jessie.yml create mode 100644 php/tasks/php_stretch.yml diff --git a/php/README.md b/php/README.md index bac322fe..e0a194ac 100644 --- a/php/README.md +++ b/php/README.md @@ -1,6 +1,6 @@ -# PHP-FPM +# PHP -Installation and basic configuration of php-fpm +Installation and basic configuration of PHP ## Tasks diff --git a/php/defaults/main.yml b/php/defaults/main.yml index ed97d539..010b8d62 100644 --- a/php/defaults/main.yml +++ b/php/defaults/main.yml @@ -1 +1,4 @@ --- + +php_fpm_enable: False +php_apache_enable: False diff --git a/php/tasks/apache.yml b/php/tasks/apache.yml new file mode 100644 index 00000000..2059648b --- /dev/null +++ b/php/tasks/apache.yml @@ -0,0 +1,59 @@ +--- + +- name: "Install mod_php packages (jessie)" + apt: + name: '{{ item }}' + state: present + with_items: + - libapache2-mod-php5 + when: ansible_distribution_release == "jessie" + +- name: "Install mod_php packages (Debian 9 or later)" + apt: + name: '{{ item }}' + state: present + with_items: + - libapache2-mod-php + when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: "Set php.ini config for apache2 (jessie)" + set_fact: + php_apache_defaults_file: /etc/php5/apache2/conf.d/z-evolinux-defaults.ini + php_apache_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux-custom.ini + when: ansible_distribution_release == "jessie" + +- name: "Set php.ini config for apache2 (Debian 9 or later)" + set_fact: + php_apache_defaults_file: /etc/php/7.0/apache2/conf.d/z-evolinux-defaults.ini + php_apache_custom_file: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini + when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: Set default values for PHP + ini_file: + dest: "{{ php_apache_defaults_file }}" + section: PHP + option: "{{ item.option }}" + value: "{{ item.value }}" + mode: "0644" + create: yes + with_items: + - { option: "short_open_tag", value: "Off" } + - { option: "expose_php", value: "Off" } + - { option: "display_errors", value: "Off" } + - { option: "log_errors", value: "On" } + - { option: "html_errors", value: "Off" } + - { option: "allow_url_fopen", value: "Off" } + +- name: Disable PHP functions + ini_file: + dest: "{{ php_apache_defaults_file }}" + section: PHP + option: disable_functions + value: "exec,shell-exec,system,passthru,putenv,popen" + +- name: Custom php.ini + copy: + dest: "{{ php_apache_custom_file }}" + content: | + # Put customized values here. + force: no diff --git a/php/tasks/fpm.yml b/php/tasks/fpm.yml new file mode 100644 index 00000000..276a7181 --- /dev/null +++ b/php/tasks/fpm.yml @@ -0,0 +1,90 @@ +--- + +- name: "Install PHP FPM packages (jessie)" + apt: + name: '{{ item }}' + state: present + with_items: + - php5-fpm + when: ansible_distribution_release == "jessie" + +- name: "Install PHP FPM packages (Debian 9 or later)" + apt: + name: '{{ item }}' + state: present + with_items: + - php-fpm + when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: "Set config files for FPM (jessie)" + set_fact: + phpini_fpm_defaults_file: /etc/php5/fpm/conf.d/z-evolinux-defaults.ini + phpini_fpm_custom_file: /etc/php5/fpm/conf.d/zzz-evolinux-custom.ini + php_fpm_defaults_file: /etc/php5/fpm/pool.d/z-evolinux-defaults.conf + php_fpm_custom_file: /etc/php5/fpm/pool.d/zzz-evolinux-custom.conf + when: ansible_distribution_release == "jessie" + +- name: "Set config files for FPM (Debian 9 or later)" + set_fact: + phpini_fpm_defaults_file: /etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini + phpini_fpm_custom_file: /etc/php/7.0/fpm/conf.d/zzz-evolinux-custom.ini + php_fpm_defaults_file: /etc/php/7.0/fpm/pool.d/z-evolinux-defaults.conf + php_fpm_custom_file: /etc/php/7.0/fpm/pool.d/zzz-evolinux-custom.conf + when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: Set default php.ini values for FPM + ini_file: + dest: "{{ phpini_fpm_defaults_file }}" + section: PHP + option: "{{ item.option }}" + value: "{{ item.value }}" + mode: "0644" + create: yes + with_items: + - { option: "short_open_tag", value: "Off" } + - { option: "expose_php", value: "Off" } + - { option: "display_errors", value: "Off" } + - { option: "log_errors", value: "On" } + - { option: "html_errors", value: "Off" } + - { option: "allow_url_fopen", value: "Off" } + +- name: Disable PHP functions for FPM + ini_file: + dest: "{{ phpini_fpm_defaults_file }}" + section: PHP + option: disable_functions + value: "exec,shell-exec,system,passthru,putenv,popen" + +- name: Custom php.ini for FPM + copy: + dest: "{{ phpini_fpm_custom_file }}" + content: | + # Put customized values here. + force: no + +- name: Set default PHP FPM values + ini_file: + dest: "{{ php_fpm_defaults_file }}" + section: www + option: "{{ item.option }}" + value: "{{ item.value }}" + mode: "0644" + create: yes + with_items: + - { option: "pm", value: "ondemand" } + - { option: "pm.max_children", value: "100" } + - { option: "pm.process_idle_timeout", value: "10s" } + - { option: "slowlog", value: "log/$pool.log.slow" } + - { option: "request_slowlog_timeout", value: "5s" } + - { option: "pm.status_path", value: "/fpm_status" } + - { option: "request_terminate_timeout", value: "60s" } + - { option: "chroot", value: "/var/www/html" } + when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: Custom PHP FPM values + copy: + dest: "{{ php_fpm_custom_file }}" + content: | + # Put customized values here. + force: no + diff --git a/php/tasks/main.yml b/php/tasks/main.yml index de12d1a7..7f438569 100644 --- a/php/tasks/main.yml +++ b/php/tasks/main.yml @@ -1,19 +1,20 @@ -- name: Ensure php5-fpm package is installed - apt: - name: php5-fpm - state: present - when: - - ansible_distribution == "Debian" - - ansible_distribution_release == "jessie" - tags: - - php-fpm +--- -- name: Ensure php-fpm packages is installed - apt: - name: php-fpm - state: present +- fail: + msg: only compatible with Debian >= 8 when: - ansible_distribution == "Debian" - - ansible_distribution_major_version | version_compare('9', '>=') - tags: - - php-fpm + - ansible_distribution_major_version | version_compare('8', '<') + +- include: php_jessie.yml + when: ansible_distribution_release == "jessie" + +- include: php_stretch.yml + when: ansible_distribution_major_version | version_compare('9', '>=') + +- include: fpm.yml + when: php_fpm_enable + +- include: apache.yml + when: php_apache_enable + diff --git a/php/tasks/php_jessie.yml b/php/tasks/php_jessie.yml new file mode 100644 index 00000000..53b4e4ca --- /dev/null +++ b/php/tasks/php_jessie.yml @@ -0,0 +1,53 @@ +--- + +- name: "Install PHP packages (jessie)" + apt: + name: '{{ item }}' + state: present + with_items: + - php5 + - php5-cli + - php5-gd + - php5-imap + - php5-ldap + - php5-mcrypt + - php5-mysql + - php5-pgsql + - php-gettext + - php5-curl + - libssh2-php + +- name: "Set php.ini config for CLI (jessie)" + set_fact: + phpini_cli_defaults_file: /etc/php5/cli/conf.d/z-evolinux-defaults.ini + phpini_cli_custom_file: /etc/php5/cli/conf.d/zzz-evolinux-custom.ini + +- name: Set default php.ini values for CLI + ini_file: + dest: "{{ phpini_cli_defaults_file }}" + section: PHP + option: "{{ item.option }}" + value: "{{ item.value }}" + mode: "0644" + create: yes + with_items: + - { option: "short_open_tag", value: "Off" } + - { option: "expose_php", value: "Off" } + - { option: "display_errors", value: "Off" } + - { option: "log_errors", value: "On" } + - { option: "html_errors", value: "Off" } + - { option: "allow_url_fopen", value: "Off" } + +- name: Disable PHP functions for CLI + ini_file: + dest: "{{ phpini_cli_defaults_file }}" + section: PHP + option: disable_functions + value: "exec,shell-exec,system,passthru,putenv,popen" + +- name: Custom php.ini for CLI + copy: + dest: "{{ phpini_cli_custom_file }}" + content: | + # Put customized values here. + force: no diff --git a/php/tasks/php_stretch.yml b/php/tasks/php_stretch.yml new file mode 100644 index 00000000..64b54a45 --- /dev/null +++ b/php/tasks/php_stretch.yml @@ -0,0 +1,54 @@ +--- + +- name: "Install PHP packages (Debian 9 or later)" + apt: + name: '{{ item }}' + state: present + with_items: + - php + - php-cli + - php-gd + - php-imap + - php-ldap + - php-mcrypt + - php-mysql + - php-pgsql + - php-gettext + - php-curl + - php-ssh2 + - composer + +- name: "Set php.ini config for CLI (Debian 9 or later)" + set_fact: + phpini_cli_defaults_file: /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini + phpini_cli_custom_file: /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini + +- name: Set default php.ini values for CLI + ini_file: + dest: "{{ phpini_cli_defaults_file }}" + section: PHP + option: "{{ item.option }}" + value: "{{ item.value }}" + mode: "0644" + create: yes + with_items: + - { option: "short_open_tag", value: "Off" } + - { option: "expose_php", value: "Off" } + - { option: "display_errors", value: "Off" } + - { option: "log_errors", value: "On" } + - { option: "html_errors", value: "Off" } + - { option: "allow_url_fopen", value: "Off" } + +- name: Disable PHP functions for CLI + ini_file: + dest: "{{ phpini_cli_defaults_file }}" + section: PHP + option: disable_functions + value: "exec,shell-exec,system,passthru,putenv,popen" + +- name: Custom php.ini for CLI + copy: + dest: "{{ phpini_cli_custom_file }}" + content: | + # Put customized values here. + force: no