diff --git a/CHANGELOG.md b/CHANGELOG.md index a7a96271..9b0e4f03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * Preliminary work for php83 * nagios-nrpe: add check_sentinel for monitoring Redis Sentinel * webapps/nextcloud: Added var nextcloud_user_uid to enforce uid for nextcloud user +* lxc-php: Allow one to install php83 on Bookworm container ### Changed diff --git a/evolinux-users/templates/sudoers.j2 b/evolinux-users/templates/sudoers.j2 index 60b5b782..0e8471bf 100644 --- a/evolinux-users/templates/sudoers.j2 +++ b/evolinux-users/templates/sudoers.j2 @@ -15,6 +15,7 @@ nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/ nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/ nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/ +nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/ nagios ALL = NOPASSWD: /usr/sbin/megaclisas-status --nagios nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ipmi_sensor nagios ALL = NOPASSWD: /sbin/dmsetup status --noflush diff --git a/generate-ldif/templates/generateldif.sh.j2 b/generate-ldif/templates/generateldif.sh.j2 index 7e35ff5a..75eedfb4 100755 --- a/generate-ldif/templates/generateldif.sh.j2 +++ b/generate-ldif/templates/generateldif.sh.j2 @@ -699,6 +699,20 @@ ServiceVersion: PHP-FPM 8.2 (multiphp) EOT fi +if lxc-ls | grep -q php83 ; then + cat <> "${ldif_file}" + +dn: ServiceName=php-fpm83,${computer_dn} +NagiosEnabled: TRUE +ipServiceProtocol: tcp +objectClass: EvoService +ServiceName: php-fpm83 +ipServicePort: 443 +ServiceType: web +ServiceVersion: PHP-FPM 8.3 (multiphp) +EOT +fi + fi # END - LXC (multiphp) diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml index 6b1e1b9c..561a11f3 100644 --- a/lxc-php/defaults/main.yml +++ b/lxc-php/defaults/main.yml @@ -23,6 +23,7 @@ lxc_php_container_releases: php80: "bullseye" php81: "bullseye" php82: "bookworm" + php83: "bookworm" lxc_php_services: php56: 'php5-fpm.service' @@ -32,6 +33,7 @@ lxc_php_services: php80: 'php8.0-fpm.service' php81: 'php8.1-fpm.service' php82: 'php8.2-fpm.service' + php83: 'php8.3-fpm.service' apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}" apt_basics_components: "{{ (ansible_virtualization_role == 'host') | ternary('main contrib non-free', 'main') }}" diff --git a/lxc-php/handlers/main.yml b/lxc-php/handlers/main.yml index b703933b..c1f58f92 100644 --- a/lxc-php/handlers/main.yml +++ b/lxc-php/handlers/main.yml @@ -10,6 +10,11 @@ name: "{{ lxc_php_version }}" container_command: "systemctl restart {{ lxc_php_services[lxc_php_version] }}" +- name: Reload php83-fpm + community.general.lxc_container: + name: "{{ lxc_php_version }}" + container_command: "systemctl reload php8.3-fpm" + - name: Reload php82-fpm community.general.lxc_container: name: "{{ lxc_php_version }}" diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml index 13622b9e..770031fa 100644 --- a/lxc-php/tasks/main.yml +++ b/lxc-php/tasks/main.yml @@ -42,6 +42,9 @@ - ansible.builtin.import_tasks: "php82.yml" when: lxc_php_version == "php82" +- ansible.builtin.import_tasks: "php83.yml" + when: lxc_php_version == "php83" + - ansible.builtin.import_tasks: "umask.yml" - ansible.builtin.import_tasks: "misc.yml" diff --git a/lxc-php/tasks/php83.yml b/lxc-php/tasks/php83.yml new file mode 100644 index 00000000..80c33eb6 --- /dev/null +++ b/lxc-php/tasks/php83.yml @@ -0,0 +1,91 @@ +--- + +- name: set APT keyring + ansible.builtin.set_fact: + lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d + +- name: "{{ lxc_php_version }} - Install dependency packages" + community.general.lxc_container: + name: "{{ lxc_php_version }}" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg" + +- name: "{{ lxc_php_version }} - delete sources.list bookworm repository" + ansible.builtin.file: + path: "{{ lxc_rootfs }}/etc/apt/sources.list" + state: absent + +- name: "{{ lxc_php_version }} - system bookworm repository" + ansible.builtin.template: + src: bookworm_basics.sources.j2 + dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources" + force: true + mode: "0644" + +- name: "{{ lxc_php_version }} - security bookworm repository" + ansible.builtin.template: + src: bookworm_security.sources.j2 + dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources" + force: true + mode: "0644" + +- name: "{{ lxc_php_version }} - Add sury repo" + ansible.builtin.template: + src: sury.sources.j2 + dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.sources" + force: true + mode: "0644" + +- name: "{{ lxc_php_version }} - Add sury failsafe repo" + ansible.builtin.template: + src: evolix_sury.sources.j2 + dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/evolix_sury.sources" + force: true + mode: "0644" + +- name: "Ensure {{ lxc_rootfs }}{{ lxc_apt_keyring_dir }} directory exists" + file: + path: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}" + state: directory + mode: "755" + owner: root + group: root + +- name: copy pub.evolix.org GPG key + ansible.builtin.copy: + src: pub_evolix.asc + dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/pub_evolix.asc" + mode: "0644" + owner: root + group: root + +- name: copy packages.sury.org GPG Key + ansible.builtin.copy: + src: sury.gpg + dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/sury.gpg" + mode: "0644" + owner: root + group: root + +- name: "{{ lxc_php_version }} - Update APT cache" + community.general.lxc_container: + name: "{{ lxc_php_version }}" + container_command: "DEBIAN_FRONTEND=noninteractive apt update" + +- name: "{{ lxc_php_version }} - Install PHP packages" + community.general.lxc_container: + name: "{{ lxc_php_version }}" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer" + +- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" + ansible.builtin.template: + src: z-evolinux-defaults.ini.j2 + dest: "{{ line_item }}" + mode: "0644" + notify: "Reload {{ lxc_php_version }}-fpm" + loop: + - "{{ lxc_rootfs }}/etc/php/8.3/fpm/conf.d/z-evolinux-defaults.ini" + - "{{ lxc_rootfs }}/etc/php/8.3/cli/conf.d/z-evolinux-defaults.ini" + loop_control: + loop_var: line_item + +- ansible.builtin.include: "mail_opensmtpd.yml" diff --git a/lxc-php/templates/bookworm_basics.sources.j2 b/lxc-php/templates/bookworm_basics.sources.j2 index 948c4adf..8599143d 100644 --- a/lxc-php/templates/bookworm_basics.sources.j2 +++ b/lxc-php/templates/bookworm_basics.sources.j2 @@ -2,7 +2,7 @@ Types: deb URIs: http://mirror.evolix.org/debian -Suites: bookworm bookworm-updates +Suites: {{ lxc_php_container_releases[lxc_php_version] }} {{ lxc_php_container_releases[lxc_php_version] }}-updates Components: {{ apt_basics_components | mandatory }} Enabled: yes Signed-By: /usr/share/keyrings/debian-archive-bookworm-automatic.gpg diff --git a/lxc-php/templates/bookworm_security.sources.j2 b/lxc-php/templates/bookworm_security.sources.j2 index c98d5671..a3ccc581 100644 --- a/lxc-php/templates/bookworm_security.sources.j2 +++ b/lxc-php/templates/bookworm_security.sources.j2 @@ -2,7 +2,7 @@ Types: deb URIs: https://security.debian.org/debian-security -Suites: bookworm-security +Suites: {{ lxc_php_container_releases[lxc_php_version] }}-security Components: {{ apt_basics_components | mandatory }} Enabled: yes Signed-By: /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg diff --git a/lxc-php/templates/evolix_sury.sources.j2 b/lxc-php/templates/evolix_sury.sources.j2 new file mode 100644 index 00000000..ee09a474 --- /dev/null +++ b/lxc-php/templates/evolix_sury.sources.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +Types:deb +URIs: http://pub.evolix.org/evolix +Suites: {{ lxc_php_container_releases[lxc_php_version] }}-{{ lxc_php_version }} +Components: main +Signed-by: {{ apt_keyring_dir }}/pub_evolix.asc +Enabled: yes diff --git a/lxc-php/templates/sury.sources.j2 b/lxc-php/templates/sury.sources.j2 index 22725a58..2c17ef9d 100644 --- a/lxc-php/templates/sury.sources.j2 +++ b/lxc-php/templates/sury.sources.j2 @@ -2,7 +2,7 @@ Types: deb URIs: https://packages.sury.org/php/ -Suites: {{ ansible_distribution_release }} +Suites: {{ lxc_php_container_releases[lxc_php_version] }} Components: main Signed-by: {{ lxc_apt_keyring_dir }}/sury.gpg -Enabled: yes \ No newline at end of file +Enabled: yes diff --git a/nagios-nrpe/templates/evolix.cfg.j2 b/nagios-nrpe/templates/evolix.cfg.j2 index de495868..ecfd6f22 100644 --- a/nagios-nrpe/templates/evolix.cfg.j2 +++ b/nagios-nrpe/templates/evolix.cfg.j2 @@ -85,6 +85,7 @@ command[check_php-fpm74]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi command[check_php-fpm80]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/ command[check_php-fpm81]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/ command[check_php-fpm82]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/ +command[check_php-fpm83]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/ command[check_ipmi_sensors]=sudo /usr/lib/nagios/plugins/check_ipmi_sensor command[check_raid_status]=/usr/lib/nagios/plugins/check_raid command[check_dhcp_pool]={{ nagios_plugins_directory }}/check_dhcp_pool diff --git a/php/handlers/main.yml b/php/handlers/main.yml index b333fe9b..d2b96b99 100644 --- a/php/handlers/main.yml +++ b/php/handlers/main.yml @@ -34,3 +34,8 @@ ansible.builtin.service: name: php8.2-fpm state: restarted + +- name: restart php8.3-fpm + ansible.builtin.service: + name: php8.3-fpm + state: restarted