Merge pull request 'Enhancing our multiphp-setup' (#97) from lpoujol/better-multiphp into unstable

CHANGELOG.md

@@ -69,6 +69,7 @@ The **patch** part changes incrementally at each release.
 * lxc: remove useless loop in apt execution
 * lxc: update our default template to be compatible with Debian 10
 * lxc-php: refactor tasks for better maintainability
+* lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
 * lxc-solr: changed default Solr version to 8.4.1
 * minifirewall: better alert5 activation
 * minifirewall: no http filtering by default
@@ -76,6 +77,7 @@ The **patch** part changes incrementally at each release.
 * nagios-nrpe: change default haproxy socket path
 * nagios-nrpe: check_mode per cpu dynamically
 * nodejs: change default version to 12 (new LTS)
+* packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
 * php: By default, allow 128M for OpCache (instead of 64M)
 * php: Don't set a chroot for the default fpm pool
 * php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
@@ -92,6 +94,8 @@ The **patch** part changes incrementally at each release.
 ### Fixed
 * etc-git: fix warnings ansible-lint
 * evoadmin-web: Put the php config at the right place for Buster
+* lxc: Don't stop the container if it already exists
+* lxc: Fix container existance check to be able to run in check_mode
 * lxc-php: Don't remove the default pool
 * minifirewall: fix warnings ansible-lint
 * nginx: fix munin fcgi not working (missing chmod 660 on logs)
@@ -104,6 +108,11 @@ The **patch** part changes incrementally at each release.
 * webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
 * minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
 * minifirewall: Properly detect alert5.sh to turn on firewall at boot
+* packweb-apache: Add missing dependency to evoacme role
+* php: Chose the debian version repo archive for packages.sury.org
+* php: update surry_post.yml to match current latest PHP release
+* packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
+*
 
 ### Removed
 * clamav : do not install the zoo package anymore

lxc-php/defaults/main.yml

@@ -6,3 +6,10 @@ php_conf_log_errors: "On"
 php_conf_html_errors: "Off"
 php_conf_allow_url_fopen: "Off"
 php_conf_disable_functions: "exec,shell-exec,system,passthru,putenv,popen"
+
+lxc_php_version: Null
+
+lxc_php_container_releases:
+  php56: "jessie"
+  php70: "stretch"
+  php73: "buster"

lxc-php/handlers/main.yml

@@ -1,9 +1,20 @@
 ---
-- name: Reload php56-fpm
-  command: "lxc-attach -n php56 -- systemctl reload php5-fpm"
+- name: Reload php73-fpm
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl reload php7.3-fpm"
 
 - name: Reload php70-fpm
-  command: "lxc-attach -n php70 -- systemctl reload php7.0-fpm"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl reload php7.0-fpm"
 
-- name: Reload php73-fpm
-  command: "lxc-attach -n php73 -- systemctl reload php7.3-fpm"
+- name: Reload php56-fpm
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl reload php5-fpm"
+
+- name: Restart opensmtpd
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl restart opensmtpd"

lxc-php/meta/main.yml

@@ -0,0 +1,23 @@
+galaxy_info:
+  author: Evolix
+  description: Creation of LXC Containers & Setting up PHP-FPM for a multiphp setup
+
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
+
+  license: GPLv2
+
+  min_ansible_version: 2.2
+
+  platforms:
+  - name: Debian
+    versions:
+    - stretch
+    - buster
+
+allow_duplicates: yes
+
+dependencies:
+  - { role: evolix/lxc,
+      lxc_containers: [ { name: "{{ lxc_php_version }}", release: "{{ lxc_php_container_releases[lxc_php_version] }}" } ],
+      when: lxc_php_version is defined
+    }

lxc-php/tasks/mail_opensmtpd.yml

@@ -0,0 +1,13 @@
+---
+
+- name: "{{ lxc_php_version }} - Install opensmtpd"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y ssmtp"
+
+- name: "{{ lxc_php_version }} - Configure opensmtpd (in the container)"
+  template:
+    src: smtpd.conf.j2
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/smtpd.conf"
+    mode: "0644"
+  notify: "Restart opensmtpd"

lxc-php/tasks/mail_ssmtp.yml

@@ -0,0 +1,12 @@
+---
+
+- name: "{{ lxc_php_version }} - Install ssmtp"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y ssmtp"
+
+- name: "{{ lxc_php_version }} - Configure ssmtp"
+  template:
+    src: ssmtp.conf.j2
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/ssmtp/ssmtp.conf"
+    mode: "0644"

lxc-php/tasks/main.yml

@@ -1,24 +1,21 @@
 ---
-- name: LXC configuration      
-  include_role:
-    name: evolix/lxc
+- name: "Ensure that lxc_php_version is defined"
+  fail:
+    msg: Please configure var lxc_php_version
+  when: lxc_php_version is none
 
-- name: Update APT cache
-  command: "lxc-attach -n {{name}} -- apt-get update"
+- name: "Update APT cache in container {{lxc_php_version}}"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "apt-get update"
 
 - include: "php56.yml"
-  with_items:
-    - "{{ lxc_containers }}"
-  when: name == "php56"
+  when: lxc_php_version == "php56"
 
 - include: "php70.yml"
-  with_items:
-    - "{{ lxc_containers }}"
-  when: name == "php70"
+  when: lxc_php_version == "php70"
 
 - include: "php73.yml"
-  with_items:
-    - "{{ lxc_containers }}"
-  when: name == "php73"
+  when: lxc_php_version == "php73"
 
 - include: "misc.yml"

lxc-php/tasks/misc.yml

@@ -1,24 +1,25 @@
 ---
 
-- name: Configure ssmtp
-  replace:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/ssmtp/ssmtp.conf"
-    regexp: "{{ item.regexp }}"
-    replace: "{{ item.replace }}"
-  with_dict:
-    - { regexp: "^mailhub=.*$", replace: "mailhub=127.0.0.1"}
-    - { regexp: "^#FromLineOverride=.*$", replace: "FromLineOverride=YES"}
-    - { regexp: "^hostname=.*", replace: "hostname={{ansible_fqdn}}"}
-
-- name: Configure timezone
+- name: "{{ lxc_php_version }} - Configure timezone for the container"
   copy:
-    dest: "/var/lib/lxc/{{name}}/rootfs/etc/timezone"
-    content: "Europe/Paris\n"
+    remote_src: yes
+    src: "/etc/timezone"
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/timezone"
 
-- name: Ensure containers root directory is 755
+- name: "{{ lxc_php_version }} - Ensure container's root directory is 755"
   file:
-    path: "/var/lib/lxc/{{ item.name }}/rootfs"
+    path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs"
     state: directory
     mode: '0755'
-  with_items:
-    - "{{ lxc_containers }}"
+
+- name: "{{ lxc_php_version }} - Configure mailname for the container"
+  copy:
+    content: "{{ evolinux_hostname }}.{{ evolinux_domain }}\n"
+    dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/mailname"
+  notify: "Restart opensmtpd"
+
+
+- name: "{{ lxc_php_version }} - Install misc packages"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y cron logrotate git zip unzip"

lxc-php/tasks/php56.yml

@@ -1,16 +1,20 @@
 ---
 
-- name: Install PHP packages
-  command: "lxc-attach -n {{name}} -- apt-get install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer ssmtp git zip unzip"
+- name: "{{ lxc_php_version }} - Install PHP packages"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer ssmtp"
 
-- name: Copy evolinux PHP 5.6 configuration
+- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
-  notify: "Reload {{name}}-fpm"
+  notify: "Reload {{ lxc_php_version }}-fpm"
   with_items:
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
+
+- include: "mail_ssmtp.yml"

lxc-php/tasks/php70.yml

@@ -1,16 +1,20 @@
 ---
 
-- name: Install PHP packages
-  command: "lxc-attach -n {{name}} -- apt-get install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer ssmtp git zip unzip php-zip"
+- name: "{{ lxc_php_version }} - Install PHP packages"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 php-zip php-mbstring composer libphp-phpmailer"
 
-- name: Copy evolinux PHP 7.0 configuration
+- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
-  notify: "Reload {{name}}-fpm"
+  notify: "Reload {{ lxc_php_version }}-fpm"
   with_items:
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
+
+- include: "mail_opensmtpd.yml"

lxc-php/tasks/php73.yml

@@ -1,31 +1,20 @@
 ---
 
-- name: Install requirements for sury repository
-  command: "lxc-attach -n {{name}} -- apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg"
+- name: "{{ lxc_php_version }} - Install PHP packages"
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-gettext php-curl php-ssh2 php-zip php-mbstring php-zip composer libphp-phpmailer"
 
-- name: Add sury APT repository
-  copy:
-    content: "deb https://packages.sury.org/php/ stretch main"
-    dest: "/var/lib/lxc/{{name}}/rootfs/etc/apt/sources.list.d/sury.list"
-    mode: "0644"
-
-- name: Add sury GPG key
-  shell: "wget -O- https://packages.sury.org/php/apt.gpg |lxc-attach -n {{name}} -- apt-key add -"
-
-- name: Update APT cache
-  command: "lxc-attach -n {{name}} -- apt-get update"
-
-- name: Install PHP packages
-  command: "lxc-attach -n {{name}} -- apt-get install -y php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer ssmtp git zip unzip php7.3-zip"
-
-- name: Copy evolinux PHP 7.3 configuration
+- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
   template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
-  notify: "Reload {{name}}-fpm"
+  notify: "Reload {{ lxc_php_version }}-fpm"
   with_items:
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
-    - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
+    - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
   loop_control:
     loop_var: line_item
+
+- include: "mail_opensmtpd.yml"

lxc-php/templates/smtpd.conf.j2

@@ -0,0 +1,14 @@
+# This is the smtpd server system-wide configuration file.
+# See smtpd.conf(5) for more information.
+
+# To accept external mail, replace with: listen on all
+#listen on localhost
+
+# If you edit the file, you have to run "smtpctl update table aliases"
+table aliases file:/etc/aliases
+
+# Uncomment the following to accept external mail for domain "example.org"
+#accept from any for domain "example.org" alias <aliases> deliver to mbox
+
+accept for local alias <aliases> deliver to mbox
+accept for any relay via "smtp://127.0.0.1"

lxc-php/templates/ssmtp.conf.j2

@@ -0,0 +1,21 @@
+#
+# Config file for sSMTP sendmail
+#
+# The person who gets all mail for userids < 1000
+# Make this empty to disable rewriting.
+root=postmaster
+
+# The place where the mail goes. The actual machine name is required no
+# MX records are consulted. Commonly mailhosts are named mail.domain.com
+mailhub=127.0.0.1
+
+# Where will the mail seem to come from?
+#rewriteDomain=
+
+# The full hostname
+hostname={{ ansible_fqdn }}
+
+# Are users allowed to set their own From: address?
+# YES - Allow the user to specify their own From: address
+# NO - Use the system generated From: address
+FromLineOverride=YES

lxc/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: Evolix
+  description: Creation of LXC Containers 
+
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
+
+  license: GPLv2
+
+  min_ansible_version: 2.2
+
+  platforms:
+  - name: Debian
+    versions:
+    - stretch
+    - buster
+
+allow_duplicates: yes

lxc/tasks/create-container.yml

@@ -1,34 +1,36 @@
 ---
 - name: "Check if container {{ name }} exists"
-  command: "lxc-ls {{name}}"
+  command: "lxc-ls {{ name }}"
   changed_when: false
+  check_mode: no
   register: container_exists
 
 - name: "Create container {{ name }}"
   lxc_container:
-    name: "{{name}}"
+    name: "{{ name }}"
     container_log: true
     template: debian
     state: stopped
-    template_options: "--arch amd64 --release {{release}}"
+    template_options: "--arch amd64 --release {{ release }}"
+  when: container_exists.stdout_lines == []
 
 - name: "Disable network configuration inside container {{ name }}"
   replace:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/default/networking"
+    name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking"
     regexp: "^#CONFIGURE_INTERFACES=yes"
     replace: CONFIGURE_INTERFACES=no
   when: lxc_network_type == "none"
 
 - name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
   lineinfile:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/default/halt"
+    name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
     line: "NETDOWN=no"
   when: lxc_network_type == "none" and release == "jessie"
 
 - name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
   file:
     src: /lib/systemd/system/poweroff.target
-    dest: "/var/lib/lxc/{{name}}/rootfs/etc/systemd/system/sigpwr.target"
+    dest: "/var/lib/lxc/{{ name }}/rootfs/etc/systemd/system/sigpwr.target"
     state: link
   when: release == 'jessie'
 
@@ -36,21 +38,21 @@
   copy:
     remote_src: yes
     src: /etc/resolv.conf
-    dest: "/var/lib/lxc/{{name}}/rootfs/etc/"
+    dest: "/var/lib/lxc/{{ name }}/rootfs/etc/"
 
 - name: "Add hostname in /etc/hosts for container {{ name }}"
   lineinfile:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/hosts"
-    line: "127.0.0.1 {{name}}"
+    name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
+    line: "127.0.0.1 {{ name }}"
 
 - name: "Fix permission on /dev for container {{ name }}"
   lineinfile:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/rc.local"
+    name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local"
     line: "chmod 755 /dev"
     insertbefore: "^exit 0$"
   when: release == 'jessie'
 
-- name: "Ensure that {{name}} container is running"
+- name: "Ensure that {{ name }} container is running"
   lxc_container:
-    name: "{{name}}"
+    name: "{{ name }}"
     state: started

lxc/tasks/main.yml

@@ -7,9 +7,11 @@
       - xz-utils
       - python-lxc
 
-- name: Install lxc-templates on Buster
+- name: Install additional packages on Buster
   apt:
-    name: lxc-templates
+    name:
+      - apparmor
+      - lxc-templates
   when: ansible_distribution_major_version is version('10', '>=')
 
 - name: Copy LXC default containers configuration
@@ -34,5 +36,5 @@
   include: create-container.yml
   vars:
     name: "{{ item.name }}"
-    release: "{{item.release}}"
-  with_items: "{{lxc_containers}}"
+    release: "{{ item.release }}"
+  loop: "{{ lxc_containers }}"

packweb-apache/defaults/main.yml

@@ -11,3 +11,5 @@ packweb_phpmyadmin_suffix: ""
 packweb_phpmyadmin_suffix_file: "/etc/evolinux/phpmyadmin_suffix"
 
 packweb_mysql_variant: "debian"
+
+packweb_multiphp_versions: []

packweb-apache/files/multiphp-sudoers

@@ -0,0 +1,3 @@
+
+Defaults        env_keep += "LOGNAME PWD"
+ALL ALL = NOPASSWD: /usr/local/bin/phpContainer

packweb-apache/files/phpContainer

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# If this script isn't run as root, then, re-run it with sudo.
+if [ "$EUID" -ne 0 ]; then
+  sudo $(readlink -f  ${BASH_SOURCE[0]}) "$@"
+  exit 0;
+fi;
+
+PHPVersion=$(grep SetHandler /etc/apache2/sites-enabled/$LOGNAME.conf 2>/dev/null | grep -m 1 -o 'fpm[0-9][0-9]' | head -n 1 | sed 's/php//g' | sed 's/fpm//g')
+
+if [ "$PHPVersion" != "" ]; then
+    lxc-attach -n php$PHPVersion -- su - $LOGNAME -c "cd \"${PWD@E}\" && php ${*@Q}"
+else
+    # TODO: fallback?
+    # command php $*
+    echo "ERROR - Could not determine \$PHPVersion - Are you a web account ?"
+    exit 1
+fi

packweb-apache/meta/main.yml

@@ -13,12 +13,19 @@ galaxy_info:
     versions:
     - jessie
     - stretch
+    - buster
+
+allow_duplicates: true
 
 dependencies:
   - { role: evolix/apache }
   - { role: evolix/php, php_apache_enable: True, when: packweb_apache_modphp }
   - { role: evolix/php, php_fpm_enable: True, when: packweb_apache_fpm }
+  - { role: evolix/lxc-php, lxc_php_version: php56, when: "'php56' in packweb_multiphp_versions" }
+  - { role: evolix/lxc-php, lxc_php_version: php70, when: "'php70' in packweb_multiphp_versions" }
+  - { role: evolix/lxc-php, lxc_php_version: php73, when: "'php73' in packweb_multiphp_versions" }
   - { role: evolix/squid, squid_localproxy_enable: True }
   - { role: evolix/mysql,        when: packweb_mysql_variant == "debian" }
   - { role: evolix/mysql-oracle, when: packweb_mysql_variant == "oracle" }
-  - { role: evolix/webapps/evoadmin-web, evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}" }
+  - { role: evolix/webapps/evoadmin-web, evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}", evoadmin_multiphp_versions: "{{ packweb_multiphp_versions }}" }
+  - { role: evolix/evoacme }

packweb-apache/tasks/main.yml

@@ -78,6 +78,7 @@
 - include: apache.yml
 
 - include: phpmyadmin.yml
+  when: ansible_distribution_release != "buster"
 
 - include: awstats.yml
 
@@ -89,3 +90,6 @@
     name: "ProFTPd directory size caching"
     special_time: daily
     job: "/usr/share/scripts/evoadmin/stats.sh"
+
+- include: multiphp.yml
+  when: packweb_multiphp_versions | length > 0

packweb-apache/tasks/multiphp.yml

@@ -0,0 +1,34 @@
+---
+
+- name: Enable proxy_fcgi
+  apache2_module:
+    state: present
+    name: proxy_fcgi
+  notify: restart apache2
+
+- include_role:
+    name: remount-usr
+
+- name: Copy phpContainer script
+  copy:
+    src: phpContainer
+    dest: /usr/local/bin/phpContainer
+    mode: 0755
+
+# - name: Copy php shim to call phpContainer when the user is a web user
+#   copy:
+#     src: multiphp-shim
+#     dest: /usr/local/bin/php
+#     mode: 0755
+
+# - name: Modify bashrc skel file
+#   lineinfile:
+#     dest: /etc/skel/.bashrc
+#     line: "alias php='sudo /usr/local/bin/phpContainer'"
+
+- name: Add multiphp sudoers file
+  copy:
+    src: multiphp-sudoers
+    dest: /etc/sudoers.d/multiphp
+    mode: "0600"
+    validate: "visudo -cf %s"

php/tasks/sury_post.yml

@@ -1,52 +1,52 @@
 ---
 
-- name: Symlink Evolix CLI config files from 7.3 to 7.0
+- name: Symlink Evolix CLI config files from 7.4 to 7.0
   file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
     state: link
   with_items:
-    - { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.3/cli/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini" }
 
-- name: Enforce permissions on PHP 7.3/cli directory
+- name: Enforce permissions on PHP 7.4/cli directory
   file:
-    dest: /etc/php/7.3/cli
+    dest: /etc/php/7.4/cli
     mode: "0755"
 
-- name: Symlink Evolix Apache config files from 7.3 to 7.0
+- name: Symlink Evolix Apache config files from 7.4 to 7.0
   file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
     state: link
   with_items:
-    - { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.3/apache2/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.3/apache2/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini" }
   when: php_apache_enable
 
-- name: Enforce permissions on PHP 7.3/cli directory
+- name: Enforce permissions on PHP 7.4/cli directory
   file:
-    dest: /etc/php/7.3/apache2
+    dest: /etc/php/7.4/apache2
     mode: "0755"
   when: php_apache_enable
 
-- name: Symlink Evolix FPM config files from 7.3 to 7.0
+- name: Symlink Evolix FPM config files from 7.4 to 7.0
   file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
     state: link
   with_items:
-    - { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini" }
-    - { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.3/fpm/conf.d/zzz-evolinux-custom.ini" }
-    - { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.3/fpm/pool.d/z-evolinux-defaults.conf" }
-    - { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.3/fpm/pool.d/zzz-evolinux-custom.conf" }
+    - { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini" }
+    - { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini" }
+    - { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/z-evolinux-defaults.conf" }
+    - { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/zzz-evolinux-custom.conf" }
   when: php_fpm_enable
 
-- name: Enforce permissions on PHP 7.3/cli directory
+- name: Enforce permissions on PHP 7.4/cli directory
   file:
-    dest: /etc/php/7.3/fpm
+    dest: /etc/php/7.4/fpm
     mode: "0755"
   when: php_fpm_enable

php/tasks/sury_pre.yml

@@ -18,7 +18,7 @@
 
 - name: Setup deb.sury.org repository - Add source list
   apt_repository:
-    repo: "deb https://packages.sury.org/php/ stretch main"
+    repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
     filename: sury
     state: present
 

webapps/evoadmin-web/defaults/main.yml

@@ -10,7 +10,7 @@ evoadmin_scripts_dir: /usr/share/scripts/evoadmin
 evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
 evoadmin_username: evoadmin
 
-evoadmin_multi_php: False
+evoadmin_multiphp_versions: []
 evoadmin_enable_vhost: True
 
 evoadmin_force_vhost: False

webapps/evoadmin-web/files/phpContainer

@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-evolixContainerVersion=$(grep SetHandler /etc/apache2/sites-enabled/$LOGNAME.conf 2>/dev/null | grep -m 1 -o 'fpm[0-9][0-9]' | head -n 1 | sed 's/php//g' | sed 's/fpm//g')                                                                                                                                                  
-if [ "$evolixContainerVersion" != "" ]; then
-    lxc-attach -n php$evolixContainerVersion -- su - $LOGNAME -c "cd \"${PWD@E}\" && php ${*@Q}"
-else
-    # TODO: fallback?
-    # command php $*
-    echo "could not determine \$evolixContainerVersion"
-    exit 1
-fi

webapps/evoadmin-web/tasks/config.yml

@@ -29,10 +29,3 @@
     - "templates/evoadmin-web/web-mail.tpl.j2"
     - "web-mail.tpl.j2"
   register: evoadmin_mail_tpl_template
-
-- name: Copy multi php-cli script
-  copy:
-    src: phpContainer
-    dest: /usr/local/bin/phpContainer
-    mode: 0700
-  when: evoadmin_multi_php

webapps/evoadmin-web/tasks/user.yml

@@ -116,9 +116,3 @@
     - "templates/evoadmin-web/sudoers.j2"
     - "sudoers.j2"
   register: evoadmin_sudoers_conf
-
-- name: Modify bashrc skel file
-  lineinfile:
-    dest: /etc/skel/.bashrc
-    line: "alias php='sudo /usr/local/bin/phpContainer'"
-  when: evoadmin_multi_php

webapps/evoadmin-web/tasks/web.yml

@@ -84,10 +84,3 @@
     - "templates/evoadmin-web/config.local.php.j2"
     - "config.local.php.j2"
   register: evoadmin_config_local_php_template
-
-- name: Enable proxy_fcgi
-  apache2_module:
-    state: present
-    name: proxy_fcgi
-  notify: restart apache2
-  when: evoadmin_multi_php

webapps/evoadmin-web/templates/config.local.php.j2

@@ -7,9 +7,11 @@ $localconf['superadmin'] = array();
 $localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
 $localconf['cluster'] = FALSE;
 // auth (sha256 hashs) / echo -n YourPass | sha256sum
+
 $oriconf['logins'] = array();
 //$oriconf['logins']['foo'] = 'd5d3c723fb82cb0078f399888af78204234535ec2ef3da56710fdd51f90d2477';
 //$oriconf['logins']['bar'] = '7938c84d6e43d1659612a7ea7c1101ed02e52751bb64597a8c20ebaba8ba4303';
-{% if evoadmin_multi_php %}
-$localconf['php_versions'] = array(56, 70, 73);
+
+{% if evoadmin_multiphp_versions != [] %}
+$localconf['php_versions'] = array( {{ evoadmin_multiphp_versions | join(', ') | replace('php', '') }} );
 {% endif %}

webapps/evoadmin-web/templates/sudoers.j2

@@ -1,7 +1,3 @@
 User_Alias EVOADMIN = www-evoadmin
 Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh, {{ evoadmin_scripts_dir | mandatory }}/dbadmin.sh
 EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB
-{% if evoadmin_multi_php %}
-Defaults        env_keep += "LOGNAME PWD"
-ALL ALL = NOPASSWD: /usr/local/bin/phpContainer
-{% endif %}

webapps/evoadmin-web/templates/web-add.conf.j2

@@ -1,5 +1,6 @@
 CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
 WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"
-{% if evoadmin_multi_php %}
-PHP_VERSIONS=(56 70 73)
+
+{% if evoadmin_multiphp_versions != [] %}
+PHP_VERSIONS=({{ evoadmin_multiphp_versions | join(' ') | replace('php', '') }});
 {% endif %}