From b36d4c4766bd106d45ad7348ae44854444a079a5 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 6 Nov 2022 15:20:31 +0100 Subject: [PATCH] various fixes for Debian 12 --- CHANGELOG.md | 1 + apt/templates/bookworm_basics.list.j2 | 5 ++ mysql/tasks/main.yml | 36 ++++---- mysql/tasks/utils.yml | 15 +++- php/tasks/main.yml | 15 ++-- php/tasks/main_bookworm.yml | 108 ++++++++++++++++++++++++ postgresql/tasks/packages_bookworm.yml | 16 ++++ rabbitmq/tasks/nrpe.yml | 2 +- webapps/evoadmin-web/tasks/packages.yml | 8 ++ webapps/evoadmin-web/tasks/web.yml | 15 +++- 10 files changed, 190 insertions(+), 31 deletions(-) create mode 100644 apt/templates/bookworm_basics.list.j2 create mode 100644 php/tasks/main_bookworm.yml create mode 100644 postgresql/tasks/packages_bookworm.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 1bdfb87d..006d7a11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * all: Use proper keyrings directory for APT version * all: Add signed-by option for additional APT sources +* all: preliminary work to support Debian 12 * evolinux-base: replace regular kernel by cloud kernel on virtual servers * nagios-nrpe: check_haproxy_stats supports DRAIN status * lxc-php: set php-fpm umask to 007 diff --git a/apt/templates/bookworm_basics.list.j2 b/apt/templates/bookworm_basics.list.j2 new file mode 100644 index 00000000..1c6bc15b --- /dev/null +++ b/apt/templates/bookworm_basics.list.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +deb http://mirror.evolix.org/debian bookworm {{ apt_basics_components | mandatory }} +deb http://mirror.evolix.org/debian/ bookworm-updates {{ apt_basics_components | mandatory }} +deb http://security.debian.org/debian-security bookworm-security {{ apt_basics_components | mandatory }} diff --git a/mysql/tasks/main.yml b/mysql/tasks/main.yml index a7c38808..70a972f3 100644 --- a/mysql/tasks/main.yml +++ b/mysql/tasks/main.yml @@ -4,44 +4,44 @@ set_fact: mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}" -- include: packages_stretch.yml +- include_tasks: packages_stretch.yml when: ansible_distribution_major_version is version('9', '>=') -- include: packages_jessie.yml +- include_tasks: packages_jessie.yml when: ansible_distribution_release == "jessie" -## There is nothing to do with users on Debian 11 - yet we need a /root/.my.cnf for compatibility -- include: users_bullseye.yml - when: ansible_distribution_release == "bullseye" +## There is nothing to do with users on Debian 11+ - yet we need a /root/.my.cnf for compatibility +- include_tasks: users_bullseye.yml + when: ansible_distribution_major_version is version('11', '>=') -- include: users_buster.yml +- include_tasks: users_buster.yml when: ansible_distribution_release == "buster" -- include: users_stretch.yml +- include_tasks: users_stretch.yml when: ansible_distribution_release == "stretch" -- include: users_jessie.yml +- include_tasks: users_jessie.yml when: ansible_distribution_release == "jessie" -- include: config_stretch.yml +- include_tasks: config_stretch.yml when: ansible_distribution_major_version is version('9', '>=') -- include: config_jessie.yml +- include_tasks: config_jessie.yml when: ansible_distribution_release == "jessie" -- include: replication.yml +- include_tasks: replication.yml when: mysql_replication | bool -- include: datadir.yml +- include_tasks: datadir.yml -- include: logdir.yml +- include_tasks: logdir.yml -- include: tmpdir.yml +- include_tasks: tmpdir.yml -- include: nrpe.yml +- include_tasks: nrpe.yml -- include: munin.yml +- include_tasks: munin.yml -- include: log2mail.yml +- include_tasks: log2mail.yml -- include: utils.yml +- include_tasks: utils.yml diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index e55b6361..1ac8f2df 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -17,7 +17,7 @@ # mytop -- name: "Install mytop (Debian 9)" +- name: "Install mytop (Debian 8)" apt: name: mytop state: present @@ -43,14 +43,23 @@ - libterm-readkey-perl when: ansible_distribution_release == "buster" -- name: "Install dependencies for mytop (Debian 11 or later)" +- name: "Install dependencies for mytop (Debian 11)" apt: name: - mariadb-client-10.5 - libconfig-inifiles-perl - libterm-readkey-perl - libdbd-mariadb-perl - when: ansible_distribution_major_version is version('11', '>=') + when: ansible_distribution_release == "bullseye" + +- name: "Install dependencies for mytop (Debian 12 or later)" + apt: + name: + - mariadb-client-10.6 + - libconfig-inifiles-perl + - libterm-readkey-perl + - libdbd-mariadb-perl + when: ansible_distribution_major_version is version('12', '=') - name: Read debian-sys-maint password (Debian < 11) shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3' diff --git a/php/tasks/main.yml b/php/tasks/main.yml index 86bde74f..180712b2 100644 --- a/php/tasks/main.yml +++ b/php/tasks/main.yml @@ -4,17 +4,20 @@ that: - ansible_distribution == "Debian" - ansible_distribution_major_version is version('8', '>=') - - ansible_distribution_major_version is version('11', '<=') - msg: This is only compatible with Debian 8 → 11 + - ansible_distribution_major_version is version('12', '<=') + msg: This is only compatible with Debian 8 → 12 -- include: main_jessie.yml +- include_tasks: main_jessie.yml when: ansible_distribution_release == "jessie" -- include: main_stretch.yml +- include_tasks: main_stretch.yml when: ansible_distribution_release == "stretch" -- include: main_buster.yml +- include_tasks: main_buster.yml when: ansible_distribution_release == "buster" -- include: main_bullseye.yml +- include_tasks: main_bullseye.yml when: ansible_distribution_release == "bullseye" + +- include_tasks: main_bookworm.yml + when: ansible_distribution_release == "bookworm" diff --git a/php/tasks/main_bookworm.yml b/php/tasks/main_bookworm.yml new file mode 100644 index 00000000..4dcde767 --- /dev/null +++ b/php/tasks/main_bookworm.yml @@ -0,0 +1,108 @@ +--- + +- name: "Set php version to 8.1 (Debian 12)" + set_fact: + php_version: "8.1" + +- name: "Set php config directories (Debian 12)" + set_fact: + php_cli_conf_dir: "/etc/php/{{ php_version }}/cli/conf.d" + php_apache_conf_dir: "/etc/php/{{ php_version }}/apache2/conf.d" + php_fpm_conf_dir: "/etc/php/{{ php_version }}/fpm/conf.d" + php_fpm_pool_dir: "/etc/php/{{ php_version }}/fpm/pool.d" + +- name: "Set php config files (Debian 12)" + set_fact: + php_cli_defaults_ini_file: "{{ php_cli_conf_dir }}/z-evolinux-defaults.ini" + php_cli_custom_ini_file: "{{ php_cli_conf_dir }}/zzz-evolinux-custom.ini" + php_apache_defaults_ini_file: "{{ php_apache_conf_dir }}/z-evolinux-defaults.ini" + php_apache_custom_ini_file: "{{ php_apache_conf_dir }}/zzz-evolinux-custom.ini" + php_fpm_defaults_ini_file: "{{ php_fpm_conf_dir }}/z-evolinux-defaults.ini" + php_fpm_custom_ini_file: "{{ php_fpm_conf_dir }}/zzz-evolinux-custom.ini" + php_fpm_debian_default_pool_file: "{{ php_fpm_pool_dir}}/www.conf" + php_fpm_default_pool_file: "{{ php_fpm_pool_dir}}/www-evolinux-defaults.conf" + php_fpm_default_pool_custom_file: "{{ php_fpm_pool_dir}}/www-evolinux-zcustom.conf" + php_fpm_default_pool_socket: "/var/run/php/php{{ php_version }}-fpm.sock" + php_fpm_service_name: "php{{ php_version }}-fpm" + +# Packages + +- name: "Set package list (Debian 12)" + set_fact: + php_stretch_packages: + - php-cli + - php-gd + - php-intl + - php-imap + - php-ldap + - php-mysql + # php-mcrypt is no longer packaged for PHP 7.2 + - php-pgsql + - php-sqlite3 + - php-curl + - php-ssh2 + - php-xml + - php-zip + - composer + - libphp-phpmailer + +- include: sury_pre.yml + when: php_sury_enable + +- name: "Install PHP packages (Debian 12)" + apt: + name: '{{ php_stretch_packages }}' + state: present + +- name: "Install mod_php packages (Debian 12)" + apt: + name: + - libapache2-mod-php + - php + state: present + when: php_apache_enable + +- name: "Install PHP FPM packages (Debian 12)" + apt: + name: + - php-fpm + - php + state: present + when: php_fpm_enable + +# Configuration + +- name: "Enforce permissions on PHP directory (Debian 12)" + file: + dest: "{{ item }}" + mode: "0755" + with_items: + - /etc/php + - /etc/php/{{ php_version }} + +- include: config_cli.yml +- name: "Enforce permissions on PHP cli directory (Debian 12)" + file: + dest: /etc/php/{{ php_version }}/cli + mode: "0755" + +- include: config_fpm.yml + when: php_fpm_enable + +- name: "Enforce permissions on PHP fpm directory (Debian 12)" + file: + dest: /etc/php/{{ php_version }}/fpm + mode: "0755" + when: php_fpm_enable + +- include: config_apache.yml + when: php_apache_enable + +- name: "Enforce permissions on PHP apache2 directory (Debian 12)" + file: + dest: /etc/php/{{ php_version }}/apache2 + mode: "0755" + when: php_apache_enable + +- include: sury_post.yml + when: php_sury_enable diff --git a/postgresql/tasks/packages_bookworm.yml b/postgresql/tasks/packages_bookworm.yml new file mode 100644 index 00000000..2a78b967 --- /dev/null +++ b/postgresql/tasks/packages_bookworm.yml @@ -0,0 +1,16 @@ +--- + +- name: "Set variables (Debian 12)" + set_fact: + postgresql_version: '15' + when: postgresql_version is none or postgresql_version | length == 0 + +- include: pgdg-repo.yml + when: postgresql_version != '15' + +- name: Install postgresql package + apt: + name: + - "postgresql-{{postgresql_version}}" + - pgtop + - libdbd-pg-perl diff --git a/rabbitmq/tasks/nrpe.yml b/rabbitmq/tasks/nrpe.yml index ba6b8d47..b2f2a3a8 100644 --- a/rabbitmq/tasks/nrpe.yml +++ b/rabbitmq/tasks/nrpe.yml @@ -34,7 +34,7 @@ group: root mode: "0755" force: yes - when: ansible_distribution_major_version is version('11', '==') + when: ansible_distribution_major_version is version('11', '>=') - name: check_rabbitmq is available for NRPE lineinfile: diff --git a/webapps/evoadmin-web/tasks/packages.yml b/webapps/evoadmin-web/tasks/packages.yml index e78f6c7b..1d0af87a 100644 --- a/webapps/evoadmin-web/tasks/packages.yml +++ b/webapps/evoadmin-web/tasks/packages.yml @@ -17,6 +17,14 @@ - 'http://mirror.evolix.org/debian/pool/main/p/php-log/php-log_1.12.9-2_all.deb' when: ansible_distribution_major_version is version('10', '=') +- name: Install PHP packages from sid (Debian 12) + apt: + deb: '{{ item }}' + state: present + loop: + - 'http://mirror.evolix.org/debian/pool/main/p/php-log/php-log_1.13.2-1_all.deb' + when: ansible_distribution_major_version is version('12', '=') + - name: Install PHP packages apt: name: diff --git a/webapps/evoadmin-web/tasks/web.yml b/webapps/evoadmin-web/tasks/web.yml index 9778da4e..ea4019a3 100644 --- a/webapps/evoadmin-web/tasks/web.yml +++ b/webapps/evoadmin-web/tasks/web.yml @@ -16,7 +16,7 @@ option: "disable_functions" value: "shell-exec,system,passthru,putenv,popen" notify: reload apache2 - when: ansible_distribution_major_version is version('9', '=') + when: ansible_distribution_release == "stretch" - name: "Set custom values for PHP config (Debian 10)" ini_file: @@ -25,7 +25,7 @@ option: "disable_functions" value: "shell-exec,system,passthru,putenv,popen" notify: reload apache2 - when: ansible_distribution_major_version is version('10', '=') + when: ansible_distribution_release == "buster" - name: "Set custom values for PHP config (Debian 11)" ini_file: @@ -34,7 +34,16 @@ option: "disable_functions" value: "shell-exec,system,passthru,putenv,popen" notify: reload apache2 - when: ansible_distribution_major_version is version('11', '=') + when: ansible_distribution_release == "bullseye" + +- name: "Set custom values for PHP config (Debian 11)" + ini_file: + dest: /etc/php/8.1/apache2/conf.d/zzz-evolinux-custom.ini + section: PHP + option: "disable_functions" + value: "shell-exec,system,passthru,putenv,popen" + notify: reload apache2 + when: ansible_distribution_release == "bookworm" - name: Install evoadmin VHost template: