From 8c72a7de8e28f9da9f32c72d73c86618b66d95d0 Mon Sep 17 00:00:00 2001 From: Eric Morino Date: Thu, 24 Aug 2023 15:23:32 +0200 Subject: [PATCH 1/2] New container lcx php82 in bookworm --- lxc-php/defaults/main.yml | 2 +- lxc-php/tasks/php82.yml | 63 ++++--------------- lxc-php/templates/bookworm_basics.sources.j2 | 8 +++ .../templates/bookworm_security.sources.j2 | 8 +++ 4 files changed, 30 insertions(+), 51 deletions(-) create mode 100644 lxc-php/templates/bookworm_basics.sources.j2 create mode 100644 lxc-php/templates/bookworm_security.sources.j2 diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml index 17af05cf..578cfd2b 100644 --- a/lxc-php/defaults/main.yml +++ b/lxc-php/defaults/main.yml @@ -21,7 +21,7 @@ lxc_php_container_releases: php74: "bullseye" php80: "bullseye" php81: "bullseye" - php82: "bullseye" + php82: "bookworm" lxc_php_services: php56: 'php5-fpm.service' diff --git a/lxc-php/tasks/php82.yml b/lxc-php/tasks/php82.yml index acb47f76..c0f623c3 100644 --- a/lxc-php/tasks/php82.yml +++ b/lxc-php/tasks/php82.yml @@ -1,46 +1,23 @@ --- -- name: set APT keyring (Debian <12) - ansible.builtin.set_fact: - lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d - when: ansible_distribution_major_version is version('12', '<') - -- name: set APT keyring (Debian >=12) - ansible.builtin.set_fact: - lxc_apt_keyring_dir: /etc/apt/keyrings - when: ansible_distribution_major_version is version('12', '>=') - -- name: "{{ lxc_php_version }} - Install dependency packages" +- name: "{{ lxc_php_version }} - Install PHP packages" community.general.lxc_container: name: "{{ lxc_php_version }}" - container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer" -- name: "{{ lxc_php_version }} - fix bullseye repository" - ansible.builtin.replace: - dest: "{{ lxc_rootfs }}/etc/apt/sources.list" - regexp: 'bullseye/updates' - replace: 'bullseye-security' - -- name: "{{ lxc_php_version }} - Add sury repo (Debian >=12)" +- name: "{{ lxc_php_version }} - system bookworm repository" ansible.builtin.template: - src: sury.sources.j2 - dest: /etc/apt/sources.list.d/sury.sources - mode: "0644" + src: bookworm_basics.sources.j2 + dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources" + force: true + mode: "0644" + +- name: "{{ lxc_php_version }} - security bookworm repository" + ansible.builtin.template: + src: bookworm_security.sources.j2 + dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources" force: true - register: sury_sources - when: ansible_distribution_major_version is version('12', '>=') - -- name: "{{ lxc_php_version }} - Add sury repo (Debian <12)" - ansible.builtin.lineinfile: - dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list" - line: "{{ item }}" - state: present - create: yes mode: "0644" - loop: - - "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main" - - "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php82 main" - when: ansible_distribution_major_version is version('12', '<') - name: "Ensure {{ lxc_rootfs }}{{ apt_keyring_dir }} directory exists" file: @@ -53,16 +30,7 @@ - name: copy pub.evolix.org GPG key ansible.builtin.copy: src: pub_evolix.asc - dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/pub_evolix.asc - mode: "0644" - owner: root - group: root - when: ansible_distribution_major_version is version('12', '<') - -- name: copy packages.sury.org GPG Key - ansible.builtin.copy: - src: sury.gpg - dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg + dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/pub_evolix.asc" mode: "0644" owner: root group: root @@ -72,11 +40,6 @@ name: "{{ lxc_php_version }}" container_command: "DEBIAN_FRONTEND=noninteractive apt update" -- name: "{{ lxc_php_version }} - Install PHP packages" - community.general.lxc_container: - name: "{{ lxc_php_version }}" - container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer" - - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" ansible.builtin.template: src: z-evolinux-defaults.ini.j2 diff --git a/lxc-php/templates/bookworm_basics.sources.j2 b/lxc-php/templates/bookworm_basics.sources.j2 new file mode 100644 index 00000000..948c4adf --- /dev/null +++ b/lxc-php/templates/bookworm_basics.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: http://mirror.evolix.org/debian +Suites: bookworm bookworm-updates +Components: {{ apt_basics_components | mandatory }} +Enabled: yes +Signed-By: /usr/share/keyrings/debian-archive-bookworm-automatic.gpg diff --git a/lxc-php/templates/bookworm_security.sources.j2 b/lxc-php/templates/bookworm_security.sources.j2 new file mode 100644 index 00000000..07f1345b --- /dev/null +++ b/lxc-php/templates/bookworm_security.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types: deb +URIs: https://security.debian.org/debian-security +Suites: bookworm-security +Components: {{ apt_basics_components | mandatory }} +Enabled: yes +Signed-By: /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg \ No newline at end of file From 090495e920494117468a729eeb0169c654058b21 Mon Sep 17 00:00:00 2001 From: Eric Morino Date: Tue, 29 Aug 2023 15:07:35 +0200 Subject: [PATCH 2/2] =?UTF-8?q?Fix=20r=C3=B4le=20lxc-php=20for=20php82=20i?= =?UTF-8?q?n=20bookworm=20container?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lxc-php/defaults/main.yml | 2 ++ lxc-php/tasks/php82.yml | 18 ++++++++++++++++-- lxc-php/templates/bookworm_security.sources.j2 | 2 +- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml index 578cfd2b..c0612f4e 100644 --- a/lxc-php/defaults/main.yml +++ b/lxc-php/defaults/main.yml @@ -33,3 +33,5 @@ lxc_php_services: php82: 'php8.2-fpm.service' apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}" +apt_basics_components: "{{ (ansible_virtualization_role == 'host') | ternary('main contrib non-free', 'main') }}" + diff --git a/lxc-php/tasks/php82.yml b/lxc-php/tasks/php82.yml index c0f623c3..f8fe2f33 100644 --- a/lxc-php/tasks/php82.yml +++ b/lxc-php/tasks/php82.yml @@ -1,9 +1,18 @@ --- -- name: "{{ lxc_php_version }} - Install PHP packages" +- name: set APT keyring + ansible.builtin.set_fact: + lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d + +- name: "{{ lxc_php_version }} - Install dependency packages" community.general.lxc_container: name: "{{ lxc_php_version }}" - container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg" + +- name: "{{ lxc_php_version }} - delete sources.list bookworm repository" + ansible.builtin.file: + path: "{{ lxc_rootfs }}/etc/apt/sources.list" + state: absent - name: "{{ lxc_php_version }} - system bookworm repository" ansible.builtin.template: @@ -40,6 +49,11 @@ name: "{{ lxc_php_version }}" container_command: "DEBIAN_FRONTEND=noninteractive apt update" +- name: "{{ lxc_php_version }} - Install PHP packages" + community.general.lxc_container: + name: "{{ lxc_php_version }}" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer" + - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" ansible.builtin.template: src: z-evolinux-defaults.ini.j2 diff --git a/lxc-php/templates/bookworm_security.sources.j2 b/lxc-php/templates/bookworm_security.sources.j2 index 07f1345b..c98d5671 100644 --- a/lxc-php/templates/bookworm_security.sources.j2 +++ b/lxc-php/templates/bookworm_security.sources.j2 @@ -5,4 +5,4 @@ URIs: https://security.debian.org/debian-security Suites: bookworm-security Components: {{ apt_basics_components | mandatory }} Enabled: yes -Signed-By: /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg \ No newline at end of file +Signed-By: /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg