Update CHANGELOG for php changes

CHANGELOG.md

@@ -20,6 +20,7 @@ The **patch** part changes incrementally at each release.
 * haproxy: install Munin plugins
 * proftpd: use proftpd_accounts list for manage ftp accounts
 * etc-git: add tags for Ansible
+* php: FPM default pool can be removed or not installed
 
 ### Changed
 * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`).
@@ -33,6 +34,8 @@ The **patch** part changes incrementally at each release.
 * nginx: fix basic auth for default vhost
 * dovecot: fix support of plus sign
 * mysql/mysql-oracle: mysqltuner cron task is executable
+* php: fix FPM custom file permissions
+* php: more tasks notify FPM handler to restart if needed
 
 ## [9.1.6] - 2018-02-02
 

nextcloud/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+nextcloud_root: '/home'
+nextcloud_version: "13.0.1"
+nextcloud_instances: {}

nextcloud/tasks/main.yml

@@ -0,0 +1,165 @@
+---
+- name: Install dependencies
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - bzip2
+    - php-ctype
+    - php-gd
+    - php-json
+    - php-xml
+    - php-mbstring
+    - php-zip
+    - php-pdo-mysql
+    - php-curl
+    - php-bz2
+    - php-intl
+    - php-mcrypt
+    - php-ldap
+    - php-imap
+    - php-gmp
+    - php-apcu
+    - php-redis
+    - python-mysqldb
+  tags:
+    - nextcloud
+
+- name: Create Nextcloud groups
+  group:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud
+
+- name: Create Nextcloud users
+  user:
+    name: "{{ item }}"
+    group: "{{ item }}"
+    home: "{{ nextcloud_root }}/{{ item }}"
+    shell: '/bin/bash'
+    createhome: True
+    state: present
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+  - nextcloud
+
+- name: Create needed directories
+  file:
+    dest: "{{ nextcloud_root }}/{{ item[0] }}/{{ item[1] }}"
+    state: directory
+    mode: "0770"
+    owner: "{{ item[0] }}"
+    group: "{{ item[0] }}"
+  with_nested:
+    - "{{ nextcloud_instances | list }}"
+    - [ 'logs', 'config', 'data', 'tmp' ]
+  tags:
+    - nextcloud
+
+- name: Retrieve Nextcloud archive
+  get_url:
+    url: "https://download.nextcloud.com/server/releases/nextcloud-{{ item.value.version | default(nextcloud_version) }}.tar.bz2"
+    dest: "/home/nextcloud-{{ item.value.version | default(nextcloud_version) }}.tar.bz2"
+  with_dict: "{{ nextcloud_instances }}"
+  tags:
+    - nextcloud
+
+- name: Retrieve Nextcloud sha256 checksum
+  get_url:
+    url: "https://download.nextcloud.com/server/releases/nextcloud-{{ item.value.version | default(nextcloud_version) }}.tar.bz2.sha256"
+    dest: "/home/nextcloud-{{ item.value.version | default(nextcloud_version) }}.tar.bz2.sha256"
+  with_dict: "{{ nextcloud_instances }}"
+  tags:
+    - nextcloud
+
+- name: Verify Nextcloud sha256 checksum
+  command: "sha256sum -c nextcloud-{{ item.value.version | default(nextcloud_version) }}.tar.bz2.sha256"
+  changed_when: False
+  args:
+    chdir: "/home/"
+  with_dict: "{{ nextcloud_instances }}"
+  tags:
+    - nextcloud
+
+- name: Extract Nextcloud archive
+  unarchive:
+    src: '/home/nextcloud-{{ item.value.version | default(nextcloud_version) }}.tar.bz2'
+    dest: "{{ nextcloud_root }}/{{ item.key }}"
+    remote_src: True
+    mode: "0750"
+    owner: "{{ item.key }}"
+    group: "{{ item.key }}"
+  with_dict: "{{ nextcloud_instances }}"
+  tags:
+    - nextcloud
+
+- include: mysql.yml
+
+- name: Link config dir to global config dir
+  file:
+    src: "{{ nextcloud_root }}/{{ item }}/config/config.php"
+    dest: "{{ nextcloud_root }}/{{ item }}/nextcloud/config/config.php"
+    state: link
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    force: True
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud
+
+- name: Install Nextcloud
+  shell: "php ./occ maintenance:install --database mysql --database-name {{ item.key }} --database-user {{ item.key }} --database-pass {{ item.value.db_pass }} --admin-user admin --admin-pass toor --data-dir {{ nextcloud_root }}/{{ item.key }}/data"
+  args:
+    chdir: "{{ nextcloud_root }}/{{ item.key }}/nextcloud/"
+    creates: "{{ nextcloud_root }}/{{ item.key }}/config/config.php"
+  with_dict: "{{ nextcloud_instances }}"
+  tags:
+    - nextcloud
+
+- name: Configure Nextcloud cron
+  cron:
+    name: 'Nextcloud'
+    minute: "*/15"
+    job: "php -f ~/nextcloud/cron.php"
+    user: "{{ item }}"
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud
+
+- name: Erase previously trusted domains config
+  shell: "php ./occ config:system:set trusted_domains"
+  args:
+    chdir: "{{ nextcloud_root }}/{{ item }}/nextcloud/"
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud
+
+- name: Configure trusted domains
+  shell: "php ./occ config:system:set trusted_domains {{ item[1] }} --value {{ nextcloud_instances[item[0]].domains[item[1]] }}"
+  args:
+    chdir: "{{ nextcloud_root }}/{{ item[0] }}/nextcloud/"
+  with_nested:
+    - "{{ nextcloud_instances | list }}"
+    - "{{ range(0, nextcloud_instances | list | length ) | list }}"
+  tags:
+    - nextcloud
+
+#- name: Configure memcache local to APCu
+#  shell: "php ./occ config:system:set memcache.local --value '\\OC\\Memcache\\APCu'"
+#  args:
+#    chdir: "{{ nextcloud_root }}/{{ item }}/nextcloud/"
+#  with_items: "{{ nextcloud_instances | list }}"
+#  tags:
+#    - nextcloud
+
+- name: Fix right on config.php
+  file:
+    dest: "{{ nextcloud_root }}/{{ item }}/config/config.php"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: "0660"
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud

nextcloud/tasks/mysql.yml

@@ -0,0 +1,78 @@
+---
+- name: Generate Mysql password
+  shell: 'apg -n 1 -m 16 -M lcN'
+  register: nextcloud_apg_password
+  check_mode: no
+  changed_when: False
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud
+
+- name: Set Mysql password
+  set_fact:
+    nextcloud_instances: "{{ nextcloud_instances | combine({ item[0]: nextcloud_instances[item[0]] | combine({ 'db_pass': item[1].stdout }) }, recursive=True) }}"
+  with_together:
+    - "{{ nextcloud_instances | list }}"
+    - "{{ nextcloud_apg_password.results }}"
+  tags:
+    - nextcloud
+
+- name: Create Mysql database
+  mysql_db:
+    name: "{{ item }}"
+    config_file: "/root/.my.cnf"
+    state: present
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud
+
+- name: Create Mysql user
+  mysql_user:
+    name: "{{ item.key }}"
+    password: '{{ item.value.db_pass }}'
+    priv: "{{ item.key }}.*:ALL"
+    config_file: "/root/.my.cnf"
+    update_password: always
+    state: present
+  with_dict: "{{ nextcloud_instances }}"
+  tags:
+    - nextcloud
+
+- name: Store credentials in my.cnf
+  ini_file:
+    dest: "/home/{{ item }}/.my.cnf"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: "0600"
+    section: client
+    option: 'user'
+    value: '{{ item }}'
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud
+
+- name: Store credentials in my.cnf
+  ini_file:
+    dest: "/home/{{ item }}/.my.cnf"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: "0600"
+    section: client
+    option: 'database'
+    value: '{{ item }}'
+  with_items: "{{ nextcloud_instances | list }}"
+  tags:
+    - nextcloud
+
+- name: Store credentials in my.cnf
+  ini_file:
+    dest: "/home/{{ item.key }}/.my.cnf"
+    owner: "{{ item.key }}"
+    group: "{{ item.key }}"
+    mode: "0600"
+    section: client
+    option: 'password'
+    value: '{{ item.value.db_pass }}'
+  with_dict: "{{ nextcloud_instances }}"
+  tags:
+    - nextcloud

php/defaults/main.yml

@@ -4,3 +4,4 @@ php_sury_enable: False
 php_fpm_enable: False
 php_apache_enable: False
 php_symfony_requirements: False
+php_fpm_add_www_pool: True

php/tasks/fpm.yml

@@ -5,8 +5,8 @@
     name: '{{ item }}'
     state: present
   with_items:
-  - php5-fpm
-  - php5
+    - php5-fpm
+    - php5
   when: ansible_distribution_release == "jessie"
 
 - name: "Install PHP FPM packages (Debian 9 or later)"
@@ -14,8 +14,8 @@
     name: '{{ item }}'
     state: present
   with_items:
-  - php-fpm
-  - php
+    - php-fpm
+    - php
   when: ansible_distribution_major_version | version_compare('9', '>=')
 
 - name: "Set config files for FPM (jessie)"
@@ -43,12 +43,13 @@
     mode: "0644"
     create: yes
   with_items:
-  - { option: "short_open_tag", value: "Off" }
-  - { option: "expose_php", value: "Off" }
-  - { option: "display_errors", value: "Off" }
-  - { option: "log_errors", value: "On" }
-  - { option: "html_errors", value: "Off" }
-  - { option: "allow_url_fopen", value: "Off" }
+    - { option: "short_open_tag", value: "Off" }
+    - { option: "expose_php", value: "Off" }
+    - { option: "display_errors", value: "Off" }
+    - { option: "log_errors", value: "On" }
+    - { option: "html_errors", value: "Off" }
+    - { option: "allow_url_fopen", value: "Off" }
+  notify: restart php-fpm
 
 - name: Disable PHP functions for FPM
   ini_file:
@@ -56,6 +57,7 @@
     section: PHP
     option: disable_functions
     value: "exec,shell-exec,system,passthru,putenv,popen"
+  notify: restart php-fpm
 
 - name: Custom php.ini for FPM
   copy:
@@ -63,6 +65,7 @@
     content: |
       ; Put customized values here.
     force: no
+  notify: restart php-fpm
 
 - name: Set default PHP FPM values
   ini_file:
@@ -73,15 +76,18 @@
     mode: "0644"
     create: yes
   with_items:
-  - { option: "pm", value: "ondemand" }
-  - { option: "pm.max_children", value: "100" }
-  - { option: "pm.process_idle_timeout", value: "10s" }
-  - { option: "slowlog", value: "log/$pool.log.slow" }
-  - { option: "request_slowlog_timeout", value: "5s" }
-  - { option: "pm.status_path", value: "/fpm_status" }
-  - { option: "request_terminate_timeout", value: "60s" }
-  - { option: "chroot", value: "/var/www/html" }
-  when: ansible_distribution_major_version | version_compare('9', '>=')
+    - { option: "pm", value: "ondemand" }
+    - { option: "pm.max_children", value: "100" }
+    - { option: "pm.process_idle_timeout", value: "10s" }
+    - { option: "slowlog", value: "log/$pool.log.slow" }
+    - { option: "request_slowlog_timeout", value: "5s" }
+    - { option: "pm.status_path", value: "/fpm_status" }
+    - { option: "request_terminate_timeout", value: "60s" }
+    - { option: "chroot", value: "/var/www/html" }
+  notify: restart php-fpm
+  when:
+    - php_fpm_add_www_pool | bool
+    - ansible_distribution_major_version | version_compare('9', '>=')
 
 - name: Custom PHP FPM values
   copy:
@@ -89,7 +95,25 @@
     content: |
       ; Put customized values here.
       ; default_charset = "ISO-8859-1"
+    mode: "0644"
     force: no
+  notify: restart php-fpm
+  when:
+    - php_fpm_add_www_pool | bool
+    - ansible_distribution_major_version | version_compare('9', '>=')
+
+- name: Disable FPM www pool
+  file:
+    dest: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/php/7.0/fpm/pool.d/www.conf
+    - "{{ php_fpm_defaults_file }}"
+    - "{{ php_fpm_custom_file }}"
+  notify: restart php-fpm
+  when:
+    - not (php_fpm_add_www_pool | bool)
+    - ansible_distribution_major_version | version_compare('9', '>=')
 
 - name: "Set custom values for PHP to enable Symfony"
   ini_file:
@@ -99,6 +123,6 @@
     value: "{{ item.value }}"
     mode: "0644"
   with_items:
-  - { option: "date.timezone", value: "Europe/Paris" }
+    - { option: "date.timezone", value: "Europe/Paris" }
+  notify: restart php-fpm
   when: php_symfony_requirements
-