From e6f2bbb3312af67a13b4dcc932d002551dfd3d0d Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Thu, 14 Nov 2019 16:36:44 +0100 Subject: [PATCH] lxc-php: An almost complete rewrite ** BREAKING ** This is a breaking change as lxc-php should now be called for *each* php containers we want, with the correct lxc_php_version variable. Current valid values are : - php56 - php70 - php73 Other changes includes : - LXC Containers are created by calling lxc as a dependency of the role. - Relying on lxc_container module to do commands into the container (instead of the command module) - PHP 7.3 container is now a Debian Buster container - All containers will have opensmtpd to relay emails to postfix on the host system. --- lxc-php/defaults/main.yml | 7 +++++++ lxc-php/handlers/main.yml | 21 ++++++++++++++++----- lxc-php/meta/main.yml | 23 +++++++++++++++++++++++ lxc-php/tasks/main.yml | 25 ++++++++++++++----------- lxc-php/tasks/misc.yml | 30 ++++++++++++++++-------------- lxc-php/tasks/php56.yml | 14 ++++++++------ lxc-php/tasks/php70.yml | 14 ++++++++------ lxc-php/tasks/php73.yml | 29 ++++++++--------------------- lxc-php/templates/smtpd.conf.j2 | 14 ++++++++++++++ 9 files changed, 114 insertions(+), 63 deletions(-) create mode 100644 lxc-php/meta/main.yml create mode 100644 lxc-php/templates/smtpd.conf.j2 diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml index 24342068..ef564b2a 100644 --- a/lxc-php/defaults/main.yml +++ b/lxc-php/defaults/main.yml @@ -6,3 +6,10 @@ php_conf_log_errors: "On" php_conf_html_errors: "Off" php_conf_allow_url_fopen: "Off" php_conf_disable_functions: "exec,shell-exec,system,passthru,putenv,popen" + +lxc_php_version: Null + +lxc_php_container_releases: + php56: "jessie" + php70: "stretch" + php73: "buster" diff --git a/lxc-php/handlers/main.yml b/lxc-php/handlers/main.yml index 365179ea..29ace623 100644 --- a/lxc-php/handlers/main.yml +++ b/lxc-php/handlers/main.yml @@ -1,9 +1,20 @@ --- -- name: Reload php56-fpm - command: "lxc-attach -n php56 -- systemctl reload php5-fpm" +- name: Reload php73-fpm + lxc_container: + name: "{{ lxc_php_version }}" + container_command: "systemctl reload php7.3-fpm" - name: Reload php70-fpm - command: "lxc-attach -n php70 -- systemctl reload php7.0-fpm" + lxc_container: + name: "{{ lxc_php_version }}" + container_command: "systemctl reload php7.0-fpm" -- name: Reload php73-fpm - command: "lxc-attach -n php73 -- systemctl reload php7.3-fpm" +- name: Reload php70-fpm + lxc_container: + name: "{{ lxc_php_version }}" + container_command: "systemctl reload php5-fpm" + +- name: Restart opensmtpd + lxc_container: + name: "{{ lxc_php_version }}" + container_command: "systemctl restart opensmtpd" diff --git a/lxc-php/meta/main.yml b/lxc-php/meta/main.yml new file mode 100644 index 00000000..7a04f85d --- /dev/null +++ b/lxc-php/meta/main.yml @@ -0,0 +1,23 @@ +galaxy_info: + author: Evolix + description: Creation of LXC Containers & Setting up PHP-FPM for a multiphp setup + + issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues + + license: GPLv2 + + min_ansible_version: 2.2 + + platforms: + - name: Debian + versions: + - stretch + - buster + +allow_duplicates: yes + +dependencies: + - { role: lxc, + lxc_containers: [ { name: "{{ lxc_php_version }}", release: "{{ lxc_php_container_releases[lxc_php_version] }}" } ], + when: lxc_php_version is defined + } diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml index 8fb9f0a9..cc0bf11a 100644 --- a/lxc-php/tasks/main.yml +++ b/lxc-php/tasks/main.yml @@ -1,24 +1,27 @@ --- +<<<<<<< HEAD - name: LXC configuration include_role: name: evolix/lxc +======= +- name: "Ensure that lxc_php_version is defined" + fail: + msg: Please configure var lxc_php_version + when: lxc_php_version is none +>>>>>>> lxc-php: An almost complete rewrite ** BREAKING ** -- name: Update APT cache - command: "lxc-attach -n {{name}} -- apt-get update" +- name: "Update APT cache in container {{lxc_php_version}}" + lxc_container: + name: "{{ lxc_php_version }}" + container_command: "apt-get update" - include: "php56.yml" - with_items: - - "{{ lxc_containers }}" - when: name == "php56" + when: lxc_php_version == "php56" - include: "php70.yml" - with_items: - - "{{ lxc_containers }}" - when: name == "php70" + when: lxc_php_version == "php70" - include: "php73.yml" - with_items: - - "{{ lxc_containers }}" - when: name == "php73" + when: lxc_php_version == "php73" - include: "misc.yml" diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml index fb4e5f2a..cfa78db0 100644 --- a/lxc-php/tasks/misc.yml +++ b/lxc-php/tasks/misc.yml @@ -1,24 +1,26 @@ --- -- name: Configure ssmtp - replace: - name: "/var/lib/lxc/{{name}}/rootfs/etc/ssmtp/ssmtp.conf" - regexp: "{{ item.regexp }}" - replace: "{{ item.replace }}" - with_dict: - - { regexp: "^mailhub=.*$", replace: "mailhub=127.0.0.1"} - - { regexp: "^#FromLineOverride=.*$", replace: "FromLineOverride=YES"} - - { regexp: "^hostname=.*", replace: "hostname={{ansible_fqdn}}"} +- name: Configure opensmtpd + template: + src: smtpd.conf.j2 + dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/smtpd.conf" + mode: "0644" + notify: "Restart opensmtpd" + +- name: Copy using inline content + copy: + content: "{{ evolinux_hostname }}.{{ evolinux_domain }}\n" + dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/mailname" + notify: "Restart opensmtpd" - name: Configure timezone copy: - dest: "/var/lib/lxc/{{name}}/rootfs/etc/timezone" - content: "Europe/Paris\n" + remote_src: yes + src: "/etc/timezone" + dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/timezone" - name: Ensure containers root directory is 755 file: - path: "/var/lib/lxc/{{ item.name }}/rootfs" + path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs" state: directory mode: '0755' - with_items: - - "{{ lxc_containers }}" diff --git a/lxc-php/tasks/php56.yml b/lxc-php/tasks/php56.yml index ab7595ae..d3e8556a 100644 --- a/lxc-php/tasks/php56.yml +++ b/lxc-php/tasks/php56.yml @@ -1,16 +1,18 @@ --- -- name: Install PHP packages - command: "lxc-attach -n {{name}} -- apt-get install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer ssmtp git zip unzip" +- name: "{{ lxc_php_version }} - Install PHP packages" + lxc_container: + name: "{{ lxc_php_version }}" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php-gettext php5-intl php5-curl php5-ssh2 php5-zip php5-mbstring libphp-phpmailer opensmtpd git zip unzip" -- name: Copy evolinux PHP 5.6 configuration +- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" template: src: z-evolinux-defaults.ini.j2 dest: "{{ line_item }}" mode: "0644" - notify: "Reload {{name}}-fpm" + notify: "Reload {{ lxc_php_version }}-fpm" with_items: - - "/var/lib/lxc/{{name}}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{name}}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini" + - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini" + - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/tasks/php70.yml b/lxc-php/tasks/php70.yml index 1f5eb181..932758f2 100644 --- a/lxc-php/tasks/php70.yml +++ b/lxc-php/tasks/php70.yml @@ -1,16 +1,18 @@ --- -- name: Install PHP packages - command: "lxc-attach -n {{name}} -- apt-get install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 composer libphp-phpmailer ssmtp git zip unzip php-zip" +- name: "{{ lxc_php_version }} - Install PHP packages" + lxc_container: + name: "{{ lxc_php_version }}" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-gettext php-curl php-ssh2 php-mbstring composer libphp-phpmailer opensmtpd git zip unzip php-zip" -- name: Copy evolinux PHP 7.0 configuration +- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" template: src: z-evolinux-defaults.ini.j2 dest: "{{ line_item }}" mode: "0644" - notify: "Reload {{name}}-fpm" + notify: "Reload {{ lxc_php_version }}-fpm" with_items: - - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini" + - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini" + - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/tasks/php73.yml b/lxc-php/tasks/php73.yml index ac0007d8..ac6a9fea 100644 --- a/lxc-php/tasks/php73.yml +++ b/lxc-php/tasks/php73.yml @@ -1,31 +1,18 @@ --- -- name: Install requirements for sury repository - command: "lxc-attach -n {{name}} -- apt-get install -y --no-install-recommends wget apt-transport-https ca-certificates gnupg" +- name: "{{ lxc_php_version }} - Install PHP packages" + lxc_container: + name: "{{ lxc_php_version }}" + container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-gettext php-curl php-ssh2 php-mbstring composer libphp-phpmailer opensmtpd git zip unzip php-zip" -- name: Add sury APT repository - copy: - content: "deb https://packages.sury.org/php/ stretch main" - dest: "/var/lib/lxc/{{name}}/rootfs/etc/apt/sources.list.d/sury.list" - mode: "0644" - -- name: Add sury GPG key - shell: "wget -O- https://packages.sury.org/php/apt.gpg |lxc-attach -n {{name}} -- apt-key add -" - -- name: Update APT cache - command: "lxc-attach -n {{name}} -- apt-get update" - -- name: Install PHP packages - command: "lxc-attach -n {{name}} -- apt-get install -y php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer ssmtp git zip unzip php7.3-zip" - -- name: Copy evolinux PHP 7.3 configuration +- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" template: src: z-evolinux-defaults.ini.j2 dest: "{{ line_item }}" mode: "0644" - notify: "Reload {{name}}-fpm" + notify: "Reload {{ lxc_php_version }}-fpm" with_items: - - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini" - - "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini" + - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini" + - "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini" loop_control: loop_var: line_item diff --git a/lxc-php/templates/smtpd.conf.j2 b/lxc-php/templates/smtpd.conf.j2 new file mode 100644 index 00000000..8458d4b4 --- /dev/null +++ b/lxc-php/templates/smtpd.conf.j2 @@ -0,0 +1,14 @@ +# This is the smtpd server system-wide configuration file. +# See smtpd.conf(5) for more information. + +# To accept external mail, replace with: listen on all +#listen on localhost + +# If you edit the file, you have to run "smtpctl update table aliases" +table aliases file:/etc/aliases + +# Uncomment the following to accept external mail for domain "example.org" +#accept from any for domain "example.org" alias deliver to mbox + +accept for local alias deliver to mbox +accept for any relay via "smtp://127.0.0.1"