CHANGELOG.md

@@ -14,6 +14,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 
 * all: Use proper keyrings directory for APT version
 * all: Add signed-by option for additional APT sources
+* all: preliminary work to support Debian 12
 * evolinux-base: replace regular kernel by cloud kernel on virtual servers
 * nagios-nrpe: check_haproxy_stats supports DRAIN status
 * lxc-php: set php-fpm umask to 007

apt/templates/bookworm_basics.list.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+deb http://mirror.evolix.org/debian bookworm {{ apt_basics_components | mandatory }}
+deb http://mirror.evolix.org/debian/ bookworm-updates {{ apt_basics_components | mandatory }} 
+deb http://security.debian.org/debian-security bookworm-security {{ apt_basics_components | mandatory }}

mysql/tasks/main.yml

@@ -4,44 +4,44 @@
   set_fact:
     mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
 
-- include: packages_stretch.yml
+- include_tasks: packages_stretch.yml
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include: packages_jessie.yml
+- include_tasks: packages_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-## There is nothing to do with users on Debian 11 - yet we need a /root/.my.cnf for compatibility
-- include: users_bullseye.yml
-  when: ansible_distribution_release == "bullseye"
+## There is nothing to do with users on Debian 11+ - yet we need a /root/.my.cnf for compatibility
+- include_tasks: users_bullseye.yml
+  when: ansible_distribution_major_version is version('11', '>=')
 
-- include: users_buster.yml
+- include_tasks: users_buster.yml
   when: ansible_distribution_release == "buster"
 
-- include: users_stretch.yml
+- include_tasks: users_stretch.yml
   when: ansible_distribution_release == "stretch"
 
-- include: users_jessie.yml
+- include_tasks: users_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include: config_stretch.yml
+- include_tasks: config_stretch.yml
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include: config_jessie.yml
+- include_tasks: config_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include: replication.yml
+- include_tasks: replication.yml
   when: mysql_replication | bool
 
-- include: datadir.yml
+- include_tasks: datadir.yml
 
-- include: logdir.yml
+- include_tasks: logdir.yml
 
-- include: tmpdir.yml
+- include_tasks: tmpdir.yml
 
-- include: nrpe.yml
+- include_tasks: nrpe.yml
 
-- include: munin.yml
+- include_tasks: munin.yml
 
-- include: log2mail.yml
+- include_tasks: log2mail.yml
 
-- include: utils.yml
+- include_tasks: utils.yml

mysql/tasks/utils.yml

@@ -17,7 +17,7 @@
 
 # mytop
 
-- name: "Install mytop (Debian 9)"
+- name: "Install mytop (Debian 8)"
   apt:
     name: mytop
     state: present
@@ -43,14 +43,23 @@
       - libterm-readkey-perl
   when: ansible_distribution_release == "buster"
 
-- name: "Install dependencies for mytop (Debian 11 or later)"
+- name: "Install dependencies for mytop (Debian 11)"
   apt:
     name:
       - mariadb-client-10.5
       - libconfig-inifiles-perl
       - libterm-readkey-perl
       - libdbd-mariadb-perl
-  when: ansible_distribution_major_version is version('11', '>=')
+  when: ansible_distribution_release == "bullseye"
+
+- name: "Install dependencies for mytop (Debian 12 or later)"
+  apt:
+    name:
+      - mariadb-client-10.6
+      - libconfig-inifiles-perl
+      - libterm-readkey-perl
+      - libdbd-mariadb-perl
+  when: ansible_distribution_major_version is version('12', '=')
 
 - name: Read debian-sys-maint password (Debian < 11)
   shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'

php/tasks/main.yml

@@ -4,17 +4,20 @@
     that:
       - ansible_distribution == "Debian"
       - ansible_distribution_major_version is version('8', '>=')
-      - ansible_distribution_major_version is version('11', '<=')
-    msg: This is only compatible with Debian 8 → 11
+      - ansible_distribution_major_version is version('12', '<=')
+    msg: This is only compatible with Debian 8 → 12
 
-- include: main_jessie.yml
+- include_tasks: main_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include: main_stretch.yml
+- include_tasks: main_stretch.yml
   when: ansible_distribution_release == "stretch"
 
-- include: main_buster.yml
+- include_tasks: main_buster.yml
   when: ansible_distribution_release == "buster"
 
-- include: main_bullseye.yml
+- include_tasks: main_bullseye.yml
   when: ansible_distribution_release == "bullseye"
+
+- include_tasks: main_bookworm.yml
+  when: ansible_distribution_release == "bookworm"

php/tasks/main_bookworm.yml

@@ -0,0 +1,108 @@
+---
+
+- name: "Set php version to 8.1 (Debian 12)"
+  set_fact:
+    php_version: "8.1"
+
+- name: "Set php config directories (Debian 12)"
+  set_fact:
+    php_cli_conf_dir: "/etc/php/{{ php_version }}/cli/conf.d"
+    php_apache_conf_dir: "/etc/php/{{ php_version }}/apache2/conf.d"
+    php_fpm_conf_dir: "/etc/php/{{ php_version }}/fpm/conf.d"
+    php_fpm_pool_dir: "/etc/php/{{ php_version }}/fpm/pool.d"
+
+- name: "Set php config files (Debian 12)"
+  set_fact:
+    php_cli_defaults_ini_file: "{{ php_cli_conf_dir }}/z-evolinux-defaults.ini"
+    php_cli_custom_ini_file: "{{ php_cli_conf_dir }}/zzz-evolinux-custom.ini"
+    php_apache_defaults_ini_file: "{{ php_apache_conf_dir }}/z-evolinux-defaults.ini"
+    php_apache_custom_ini_file: "{{ php_apache_conf_dir }}/zzz-evolinux-custom.ini"
+    php_fpm_defaults_ini_file: "{{ php_fpm_conf_dir }}/z-evolinux-defaults.ini"
+    php_fpm_custom_ini_file: "{{ php_fpm_conf_dir }}/zzz-evolinux-custom.ini"
+    php_fpm_debian_default_pool_file: "{{ php_fpm_pool_dir}}/www.conf"
+    php_fpm_default_pool_file: "{{ php_fpm_pool_dir}}/www-evolinux-defaults.conf"
+    php_fpm_default_pool_custom_file: "{{ php_fpm_pool_dir}}/www-evolinux-zcustom.conf"
+    php_fpm_default_pool_socket: "/var/run/php/php{{ php_version }}-fpm.sock"
+    php_fpm_service_name: "php{{ php_version }}-fpm"
+
+# Packages
+
+- name: "Set package list (Debian 12)"
+  set_fact:
+    php_stretch_packages:
+      - php-cli
+      - php-gd
+      - php-intl
+      - php-imap
+      - php-ldap
+      - php-mysql
+      # php-mcrypt is no longer packaged for PHP 7.2
+      - php-pgsql
+      - php-sqlite3
+      - php-curl
+      - php-ssh2
+      - php-xml
+      - php-zip
+      - composer
+      - libphp-phpmailer
+
+- include: sury_pre.yml
+  when: php_sury_enable
+
+- name: "Install PHP packages (Debian 12)"
+  apt:
+    name: '{{ php_stretch_packages }}'
+    state: present
+
+- name: "Install mod_php packages (Debian 12)"
+  apt:
+    name:
+      - libapache2-mod-php
+      - php
+    state: present
+  when: php_apache_enable
+
+- name: "Install PHP FPM packages (Debian 12)"
+  apt:
+    name:
+      - php-fpm
+      - php
+    state: present
+  when: php_fpm_enable
+
+# Configuration
+
+- name: "Enforce permissions on PHP directory (Debian 12)"
+  file:
+    dest: "{{ item }}"
+    mode: "0755"
+  with_items:
+    - /etc/php
+    - /etc/php/{{ php_version }}
+
+- include: config_cli.yml
+- name: "Enforce permissions on PHP cli directory (Debian 12)"
+  file:
+    dest: /etc/php/{{ php_version }}/cli
+    mode: "0755"
+
+- include: config_fpm.yml
+  when: php_fpm_enable
+
+- name: "Enforce permissions on PHP fpm directory (Debian 12)"
+  file:
+    dest: /etc/php/{{ php_version }}/fpm
+    mode: "0755"
+  when: php_fpm_enable
+
+- include: config_apache.yml
+  when: php_apache_enable
+
+- name: "Enforce permissions on PHP apache2 directory (Debian 12)"
+  file:
+    dest: /etc/php/{{ php_version }}/apache2
+    mode: "0755"
+  when: php_apache_enable
+
+- include: sury_post.yml
+  when: php_sury_enable

postgresql/tasks/packages_bookworm.yml

@@ -0,0 +1,16 @@
+---
+  
+- name: "Set variables (Debian 12)"
+  set_fact:
+    postgresql_version: '15'
+  when: postgresql_version is none or postgresql_version | length == 0
+
+- include: pgdg-repo.yml
+  when: postgresql_version != '15'
+
+- name: Install postgresql package
+  apt:
+    name:
+      - "postgresql-{{postgresql_version}}"
+      - pgtop
+      - libdbd-pg-perl

rabbitmq/tasks/nrpe.yml

@@ -34,7 +34,7 @@
     group: root
     mode: "0755"
     force: yes
-  when: ansible_distribution_major_version is version('11', '==')
+  when: ansible_distribution_major_version is version('11', '>=')
 
 - name: check_rabbitmq is available for NRPE
   lineinfile:

webapps/evoadmin-web/tasks/packages.yml

@@ -17,6 +17,14 @@
     - 'http://mirror.evolix.org/debian/pool/main/p/php-log/php-log_1.12.9-2_all.deb'
   when: ansible_distribution_major_version is version('10', '=')
 
+- name: Install PHP packages from sid (Debian 12)
+  apt:
+    deb: '{{ item }}'
+    state: present
+  loop:
+    - 'http://mirror.evolix.org/debian/pool/main/p/php-log/php-log_1.13.2-1_all.deb'
+  when: ansible_distribution_major_version is version('12', '=')
+
 - name: Install PHP packages
   apt:
     name:

webapps/evoadmin-web/tasks/web.yml

@@ -16,7 +16,7 @@
     option: "disable_functions"
     value: "shell-exec,system,passthru,putenv,popen"
   notify: reload apache2
-  when: ansible_distribution_major_version is version('9', '=')
+  when: ansible_distribution_release == "stretch"
 
 - name: "Set custom values for PHP config (Debian 10)"
   ini_file:
@@ -25,7 +25,7 @@
     option: "disable_functions"
     value: "shell-exec,system,passthru,putenv,popen"
   notify: reload apache2
-  when: ansible_distribution_major_version is version('10', '=')
+  when: ansible_distribution_release == "buster"
 
 - name: "Set custom values for PHP config (Debian 11)"
   ini_file:
@@ -34,7 +34,16 @@
     option: "disable_functions"
     value: "shell-exec,system,passthru,putenv,popen"
   notify: reload apache2
-  when: ansible_distribution_major_version is version('11', '=')
+  when: ansible_distribution_release == "bullseye"
+
+- name: "Set custom values for PHP config (Debian 11)"
+  ini_file:
+    dest: /etc/php/8.1/apache2/conf.d/zzz-evolinux-custom.ini
+    section: PHP
+    option: "disable_functions"
+    value: "shell-exec,system,passthru,putenv,popen"
+  notify: reload apache2
+  when: ansible_distribution_release == "bookworm"
 
 - name: Install evoadmin VHost
   template: