From 1d9ab0f1f310969acacd41edf99599478da2b6ab Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Thu, 4 Jun 2020 16:19:48 +0200 Subject: [PATCH 1/7] Allows using localhost to connect to MySQL in lxc Add 'php_conf_mysql_default_socket' variable to lxc-php role that configure both the lxc containers and PHP so that a local MySQL database may be used through localhost. The PHP containers will automount /var/run/mysqld/mysqld.sock (the default path to the mysql socket) to the path defined by the variable 'php_conf_mysql_default_socket' which will be the path used by php to contact MySQL both with mysqli and PDO_MYSQL. --- lxc-php/defaults/main.yml | 3 +++ lxc-php/tasks/misc.yml | 9 ++++++++- lxc-php/templates/z-evolinux-defaults.ini.j2 | 8 ++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml index 8cb62665..bacd7635 100644 --- a/lxc-php/defaults/main.yml +++ b/lxc-php/defaults/main.yml @@ -7,6 +7,9 @@ php_conf_html_errors: "Off" php_conf_allow_url_fopen: "Off" php_conf_disable_functions: "exec,shell-exec,system,passthru,popen" +# Allows accessing a local mysql database using localhost +php_conf_mysql_default_socket: Null + lxc_php_version: Null lxc_php_container_releases: diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml index af848213..30565c9c 100644 --- a/lxc-php/tasks/misc.yml +++ b/lxc-php/tasks/misc.yml @@ -18,8 +18,15 @@ dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/mailname" notify: "Restart opensmtpd" - - name: "{{ lxc_php_version }} - Install misc packages" lxc_container: name: "{{ lxc_php_version }}" container_command: "DEBIAN_FRONTEND=noninteractive apt install -y cron logrotate git zip unzip" + +- name: "{{ lxc_php_version }} - Add MySQL socket to container default mounts" + lxc_container: + name: "{{ lxc_php_version }}" + container_config: + - "lxc.mount.entry = /var/run/mysqld/mysqld {{ php_conf_mysql_default_socket | replace('/', '', 1) }} none bind,create=file 0 0" + state: restarted + when: php_conf_mysql_default_socket is string diff --git a/lxc-php/templates/z-evolinux-defaults.ini.j2 b/lxc-php/templates/z-evolinux-defaults.ini.j2 index 7e3e116b..b407e520 100644 --- a/lxc-php/templates/z-evolinux-defaults.ini.j2 +++ b/lxc-php/templates/z-evolinux-defaults.ini.j2 @@ -6,3 +6,11 @@ log_errors = {{ php_conf_log_errors }} html_errors = {{ php_conf_html_errors }} allow_url_fopen = {{ php_conf_allow_url_fopen }} disable_functions = {{ php_conf_disable_functions }} + +{% if php_conf_mysql_default_socket %} +[Pdo_mysql] +pdo_mysql.default_socket = {{ php_conf_mysql_default_socket }} + +[MySQLi] +mysqli.default_socket = {{ php_conf_mysql_default_socket }} +{% endif %} From 49b20f9b126a2a9344446656c1b732b817f980bc Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Fri, 5 Jun 2020 09:37:43 +0200 Subject: [PATCH 2/7] lxc-php: Have mysqld.sock inside of a directory Bind mount don't seems to work on a file so the default socket is now always named mysqld.sock and the configurable variable is php_conf_mysql_socket_dir that define the directory the socket will be in. --- lxc-php/defaults/main.yml | 3 ++- lxc-php/tasks/misc.yml | 5 ++--- lxc-php/templates/z-evolinux-defaults.ini.j2 | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml index bacd7635..a76e1a5b 100644 --- a/lxc-php/defaults/main.yml +++ b/lxc-php/defaults/main.yml @@ -8,7 +8,8 @@ php_conf_allow_url_fopen: "Off" php_conf_disable_functions: "exec,shell-exec,system,passthru,popen" # Allows accessing a local mysql database using localhost -php_conf_mysql_default_socket: Null +php_conf_mysql_socket_dir: Null +php_conf_mysql_default_socket: "{{ php_conf_mysql_socket_dir }}/mysqld.sock" lxc_php_version: Null diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml index 30565c9c..b643bb4a 100644 --- a/lxc-php/tasks/misc.yml +++ b/lxc-php/tasks/misc.yml @@ -27,6 +27,5 @@ lxc_container: name: "{{ lxc_php_version }}" container_config: - - "lxc.mount.entry = /var/run/mysqld/mysqld {{ php_conf_mysql_default_socket | replace('/', '', 1) }} none bind,create=file 0 0" - state: restarted - when: php_conf_mysql_default_socket is string + - "lxc.mount.entry = /var/run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0" + when: php_conf_mysql_socket_dir is string diff --git a/lxc-php/templates/z-evolinux-defaults.ini.j2 b/lxc-php/templates/z-evolinux-defaults.ini.j2 index b407e520..3bc6e4ee 100644 --- a/lxc-php/templates/z-evolinux-defaults.ini.j2 +++ b/lxc-php/templates/z-evolinux-defaults.ini.j2 @@ -7,7 +7,7 @@ html_errors = {{ php_conf_html_errors }} allow_url_fopen = {{ php_conf_allow_url_fopen }} disable_functions = {{ php_conf_disable_functions }} -{% if php_conf_mysql_default_socket %} +{% if php_conf_mysql_socket_dir %} [Pdo_mysql] pdo_mysql.default_socket = {{ php_conf_mysql_default_socket }} From 5e13f8da4ef28d6886948546ff4fb8994b1f2a47 Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Fri, 5 Jun 2020 12:09:19 +0200 Subject: [PATCH 3/7] lxc-php: Make mysql socket binding work on fresh install /var/run/mysqld only exist after mysql is installed, as such the role lxc-php need to run after the role mysql. Also only cause a restart of the containers when their configuration has been changed. For now socket binding might only work for mysql and not mysql-oracle (it's default socket seems to be /tmp/mysql.sock). --- lxc-php/tasks/misc.yml | 7 +++++++ packweb-apache/meta/main.yml | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml index b643bb4a..582c4170 100644 --- a/lxc-php/tasks/misc.yml +++ b/lxc-php/tasks/misc.yml @@ -29,3 +29,10 @@ container_config: - "lxc.mount.entry = /var/run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0" when: php_conf_mysql_socket_dir is string + register: added_mysql_socket + +- name: "{{ lxc_php_versionĀ }} - Restart container as configuration changed" + lxc_container: + name: "{{ lxc_php_version }}" + state: restarted + when: added_mysql_socket.changed diff --git a/packweb-apache/meta/main.yml b/packweb-apache/meta/main.yml index c8981b6e..f98442a6 100644 --- a/packweb-apache/meta/main.yml +++ b/packweb-apache/meta/main.yml @@ -21,11 +21,11 @@ dependencies: - { role: evolix/apache } - { role: evolix/php, php_apache_enable: True, when: packweb_apache_modphp } - { role: evolix/php, php_fpm_enable: True, when: packweb_apache_fpm } - - { role: evolix/lxc-php, lxc_php_version: php56, when: "'php56' in packweb_multiphp_versions" } - - { role: evolix/lxc-php, lxc_php_version: php70, when: "'php70' in packweb_multiphp_versions" } - - { role: evolix/lxc-php, lxc_php_version: php73, when: "'php73' in packweb_multiphp_versions" } - { role: evolix/squid, squid_localproxy_enable: True } - { role: evolix/mysql, when: packweb_mysql_variant == "debian" } - { role: evolix/mysql-oracle, when: packweb_mysql_variant == "oracle" } + - { role: evolix/lxc-php, lxc_php_version: php56, when: "'php56' in packweb_multiphp_versions" } + - { role: evolix/lxc-php, lxc_php_version: php70, when: "'php70' in packweb_multiphp_versions" } + - { role: evolix/lxc-php, lxc_php_version: php73, when: "'php73' in packweb_multiphp_versions" } - { role: evolix/webapps/evoadmin-web, evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}", evoadmin_multiphp_versions: "{{ packweb_multiphp_versions }}" } - { role: evolix/evoacme } From d33b4baef159df18ecf8bfca7add484a29d7a454 Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Mon, 19 Oct 2020 14:16:53 +0200 Subject: [PATCH 4/7] Make container restart an handler --- lxc-php/handlers/main.yml | 6 ++++++ lxc-php/tasks/misc.yml | 7 +------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lxc-php/handlers/main.yml b/lxc-php/handlers/main.yml index 06953b4f..b8322e94 100644 --- a/lxc-php/handlers/main.yml +++ b/lxc-php/handlers/main.yml @@ -18,3 +18,9 @@ lxc_container: name: "{{ lxc_php_version }}" container_command: "systemctl restart opensmtpd" + +- name: Restart container + lxc_container: + name: "{{ lxc_php_version }}" + state: restarted + diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml index 582c4170..4bd5728e 100644 --- a/lxc-php/tasks/misc.yml +++ b/lxc-php/tasks/misc.yml @@ -29,10 +29,5 @@ container_config: - "lxc.mount.entry = /var/run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0" when: php_conf_mysql_socket_dir is string - register: added_mysql_socket + notify: Restart container -- name: "{{ lxc_php_versionĀ }} - Restart container as configuration changed" - lxc_container: - name: "{{ lxc_php_version }}" - state: restarted - when: added_mysql_socket.changed From d7aed91043062a3a9ffe3f4e4b7a258f988f0d8d Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Mon, 19 Oct 2020 17:33:58 +0200 Subject: [PATCH 5/7] packweb-multiphp: Change default configuration for compatibility /var/run is now /run (and it is what is used in the .service file) Have a default directory configured as bind target so things works by default --- lxc-php/defaults/main.yml | 2 +- lxc-php/tasks/misc.yml | 4 ++-- mysql-oracle/files/evolinux-defaults.cnf | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml index a76e1a5b..69ef9380 100644 --- a/lxc-php/defaults/main.yml +++ b/lxc-php/defaults/main.yml @@ -8,7 +8,7 @@ php_conf_allow_url_fopen: "Off" php_conf_disable_functions: "exec,shell-exec,system,passthru,popen" # Allows accessing a local mysql database using localhost -php_conf_mysql_socket_dir: Null +php_conf_mysql_socket_dir: /mysqld php_conf_mysql_default_socket: "{{ php_conf_mysql_socket_dir }}/mysqld.sock" lxc_php_version: Null diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml index 4bd5728e..3b6164d0 100644 --- a/lxc-php/tasks/misc.yml +++ b/lxc-php/tasks/misc.yml @@ -27,7 +27,7 @@ lxc_container: name: "{{ lxc_php_version }}" container_config: - - "lxc.mount.entry = /var/run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0" + - "lxc.mount.entry = /run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0" when: php_conf_mysql_socket_dir is string - notify: Restart container + notify: "Restart container" diff --git a/mysql-oracle/files/evolinux-defaults.cnf b/mysql-oracle/files/evolinux-defaults.cnf index 395ccac4..0b4b017b 100644 --- a/mysql-oracle/files/evolinux-defaults.cnf +++ b/mysql-oracle/files/evolinux-defaults.cnf @@ -1,6 +1,8 @@ [mysqld] ###### Connexions +# Path to socket +socket = /run/mysqld/mysqld.sock # Maximum de connexions concurrentes (defaut = 100)... provoque un "Too many connections" max_connections = 250 # Maximum de connexions en attente en cas de max_connections atteint (defaut = 50) From 2ea4745f93b3ad705d2e66172d34c621689f6ae9 Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Tue, 20 Oct 2020 17:27:34 +0200 Subject: [PATCH 6/7] lxc-php: Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b83ea994..5a872e86 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release. ### Added * nextcloud: New role to setup a nextcloud instance +* lxc-php: Allow php containers to contact local MySQL with localhost ### Changed From 6b89fa18cb5b61a50855575d51e9ce8bf964ff19 Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Fri, 23 Oct 2020 13:03:23 +0200 Subject: [PATCH 7/7] mysql-oracle: Update clients' conf to match server's The socket path was changed in the server configuration, update the client configuration to match so as not to break anything. --- mysql-oracle/files/evolinux-defaults.cnf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mysql-oracle/files/evolinux-defaults.cnf b/mysql-oracle/files/evolinux-defaults.cnf index 0b4b017b..c42ed727 100644 --- a/mysql-oracle/files/evolinux-defaults.cnf +++ b/mysql-oracle/files/evolinux-defaults.cnf @@ -62,3 +62,6 @@ character-set-server=utf8 collation-server=utf8_general_ci # Patch MySQL 5.5.53 secure-file-priv = "" + +[client] +socket = /run/mysqld/mysqld.sock