New PHP management

- New versions (7.x)
- PHP upstream name
- Sites can use : default PHP version, select first one by PHP version,
  select by upstream name
- Add PHP filter plugin

.gitignore

@@ -1,3 +1,4 @@
 .vagrant*
 *.swp
 *.retry
+*.pyc

.travis.yml

@@ -6,10 +6,12 @@ env:
   - PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.3,<2.4'
   - PLATFORM='docker-debian-jessie-dotdeb'    ANSIBLE_VERSION='ansible>=2.3,<2.4'
   - PLATFORM='docker-debian-stretch'          ANSIBLE_VERSION='ansible>=2.3,<2.4'
+  - PLATFORM='docker-debian-stretch-sury'     ANSIBLE_VERSION='ansible>=2.3,<2.4'
   - PLATFORM='docker-debian-jessie'           ANSIBLE_VERSION='ansible>=2.4,<2.5'
   - PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.4,<2.5'
   - PLATFORM='docker-debian-jessie-dotdeb'    ANSIBLE_VERSION='ansible>=2.4,<2.5'
   - PLATFORM='docker-debian-stretch'          ANSIBLE_VERSION='ansible>=2.4,<2.5'
+  - PLATFORM='docker-debian-stretch-stretch'  ANSIBLE_VERSION='ansible>=2.4,<2.5'
 
 matrix:
   allow_failures:
@@ -17,6 +19,7 @@ matrix:
     - env: PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.4,<2.5'
     - env: PLATFORM='docker-debian-jessie-dotdeb'    ANSIBLE_VERSION='ansible>=2.4,<2.5'
     - env: PLATFORM='docker-debian-stretch'          ANSIBLE_VERSION='ansible>=2.4,<2.5'
+    - env: PLATFORM='docker-debian-stretch-sury'     ANSIBLE_VERSION='ansible>=2.4,<2.5'
   fast_finish: true
 
 sudo: required

Vagrantfile

@@ -6,10 +6,11 @@
 Vagrant.configure("2") do |config|
 
   vms_debian = [
-    { :name => "debian-jessie", :box => "debian/jessie64", :vars => { "nginx_php56": true,  "nginx_php70": false, "dotdeb": false, "nginx_backports": false }},
-    { :name => "debian-jessie-backports", :box => "debian/jessie64", :vars => { "nginx_php56": true,  "nginx_php70": false, "dotdeb": false, "nginx_backports": true  }},
-    { :name => "debian-jessie-dotdeb", :box => "debian/jessie64", :vars => { "nginx_php56": true,  "nginx_php70": true,  "dotdeb": true,  "nginx_backports": false }},
-    { :name => "debian-stretch", :box => "debian/stretch64", :vars => { "nginx_php56": false, "nginx_php70": true,  "dotdeb": false, "nginx_backports": false }}
+    { :name => "debian-jessie", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "5.6"}] }},
+    { :name => "debian-jessie-backports", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "5.6"}], "nginx_backports": true }},
+    { :name => "debian-jessie-dotdeb", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "7.0"}, {"version": "5.6", "upstream_name": "legacy"} ], "dotdeb": true }},
+    { :name => "debian-stretch", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.0"}] }},
+    { :name => "debian-stretch-sury", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }}
   ]
 
   vms_freebsd = [
@@ -17,10 +18,11 @@ Vagrant.configure("2") do |config|
   ]
 
   conts = [
-    { :name => "docker-debian-jessie", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php56": true,  "nginx_php70": false, "dotdeb": false, "nginx_backports": false }},
-    { :name => "docker-debian-jessie-backports", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php56": true,  "nginx_php70": false, "dotdeb": false, "nginx_backports": true  }},
-    { :name => "docker-debian-jessie-dotdeb", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php56": true,  "nginx_php70": true,  "dotdeb": true,  "nginx_backports": false }},
-    { :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php56": false, "nginx_php70": true,  "dotdeb": false, "nginx_backports": false }}
+    { :name => "docker-debian-jessie", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php" => [{"version" => "5.6"}] }},
+    { :name => "docker-debian-jessie-backports", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php": [{"version": "5.6"}], "nginx_backports": true }},
+    { :name => "docker-debian-jessie-dotdeb", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php": [{"version": "7.0"}, {"version": "5.6", "upstream_name": "legacy"} ], "dotdeb": true }},
+    { :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.0"}] }},
+    { :name => "docker-debian-stretch-sury", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }}
   ]
 
   config.vm.network "private_network", type: "dhcp"
@@ -52,7 +54,7 @@ Vagrant.configure("2") do |config|
          ansible.playbook = "tests/test.yml"
          ansible.verbose = 'vv'
          ansible.sudo = true
-          ansible.extra_vars = opts[:vars]
+         ansible.extra_vars = opts[:vars]
        end
     end
   end

defaults/main.yml

@@ -32,13 +32,7 @@ nginx_helper_dir: '{{ nginx_etc_dir}}/helper'
 #
 
 # PHP
-nginx_php56: false
-nginx_php70: false
-nginx_php56_sockets:
-  - unix_socket: "/run/php5-fpm.sock"
-nginx_php70_sockets:
-  - unix_socket: "/run/php/php7.0-fpm.sock"
-nginx_upstreams: []
+nginx_php: []
 
 #
 # Nginx configuration

doc/php.md

@@ -1,18 +1,23 @@
 PHP
 ===
 
-- `nginx_php56` and `nginx_php70`: boolean if you need to preconfigure PHP (default: false)
-- `nginx_php##_sockets`: list of sockets (see bellow)
+`nginx_php`:
+  - `version`: (M) PHP version
+  - `upstream_name` (O)
+  - `sockets`: (O) socket list
+
+If `sockets` is not provided, if uses local unix socket (based on PHP version).
 
 You should see [Nginx upstream module doc](http://nginx.org/en/docs/http/ngx_http_upstream_module.html).
 
 Each socket have:
 
-- `unix_socket`
+- `unix`
+
+XOR
+
 - `host`
 - `port`
 - `weight`
 - `max_fails`
 - `fail_timeout`
-
-With default configuration, it works fine with PHP-FPM.

filter_plugins/php.py

@@ -0,0 +1,25 @@
+def php_default_upstream_socket(php_version):
+    if php_version == '5.6':
+        return '/run/php5-fpm.sock'
+    else:
+        return '/run/php/php%s-fpm.sock' % php_version
+
+def php_default_upstream_name(php_version):
+    return 'default_php_%s' % php_version
+
+def php_fpm_service(php_version):
+    if php_version == '5.6':
+        return 'php5-fpm'
+    else:
+        return 'php%s-fpm' % php_version
+
+class FilterModule(object):
+    ''' PHP module '''
+
+    def filters(self):
+        return {
+            'php_default_upstream_socket': php_default_upstream_socket,
+            'php_default_upstream_name': php_default_upstream_name,
+            'php_fpm_service': php_fpm_service,
+            'php_fpm_package': php_fpm_service
+        }

tasks/site.yml

@@ -2,7 +2,7 @@
 
 - name: FAIL | Check filenames
   fail:
-    msg: "Forbidden keyword default on site {{ item.name if item.name is string else item.name[0] }}"
+    msg: "Forbidden keyword default on site {{ item.name if item.name is string else item.name.0 }}"
   when: item.filename is defined and item.filename == 'default'
   with_items: "{{ nginx_sites }}"
 
@@ -21,7 +21,7 @@
 
 - name: FILE | Create root public folders (foreach nginx_sites)
   file:
-    path: "{{ nginx_root }}/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}/public"
+    path: "{{ nginx_root }}/{{ item.filename | default(item.name if item.name is string else item.name.0) }}/public"
     state: directory
     owner: "{{ item.owner | default(nginx_user) }}"
     group: "{{ item.group | default(nginx_user) }}"
@@ -36,14 +36,14 @@
 - name: TEMPLATE | Create sites
   template:
     src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2"
-    dest: "{{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}"
+    dest: "{{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name.0) }}"
   with_items: "{{ nginx_sites }}"
   notify: ['reload nginx', 'restart nginx freebsd']
   when: item.state is not defined or item.state != 'absent'
 
 - name: FILE | Delete sites
   file:
-    path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0.filename | default(item.0.name if item.0.name is string else item.0.name[0]) }}"
+    path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0.filename | default(item.0.name if item.0.name is string else item.0.name.0) }}"
     state: absent
   with_nested:
     - "{{ nginx_sites }}"
@@ -53,8 +53,8 @@
 
 - name: FILE | Enable sites
   file:
-    src: "{{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}"
-    dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}"
+    src: "{{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name.0) }}"
+    dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name.0) }}"
     state: link
   with_items: "{{ nginx_sites }}"
   notify: ['reload nginx', 'restart nginx freebsd']
@@ -63,7 +63,7 @@
 
 - name: FILE | Disable sites
   file:
-    path: "{{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}"
+    path: "{{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name.0) }}"
     state: absent
   with_items: "{{ nginx_sites }}"
   notify: ['reload nginx', 'restart nginx freebsd']

tasks/upstream.yml

@@ -1,15 +1,10 @@
 ---
 
-- name: SET_FACT | Backward compatibility with old version of this role
-  set_fact:
-    nginx_php56: true
-  when: nginx_php is defined and nginx_php
-
 - name: TEMPLATE | Deploy PHP upstream to Nginx
   template:
     src: "etc/nginx/upstream/php.conf.j2"
     dest: "{{ nginx_etc_dir }}/conf.d/php.conf"
-  when: nginx_php56 or nginx_php70
+  when: nginx_php | length > 0
   notify: reload nginx
 
 - name: TEMPLATE | Deploy other upstreams

templates/etc/nginx/sites-available/_php.j2

@@ -1,22 +1,14 @@
 {% extends "_base.j2" %}
 
-{% macro phpv(version) %}
-{% if version == 56 or version == "56" or version == "5.6" %}
-{{ nginx_upstream_php56 -}}
-{% elif version == 70 or version == "70" or version == "7.0" %}
-{{ nginx_upstream_php70 -}}
-{% else %}
-{# Hack... define another upstream #}
-{{ version -}}
-{% endif %}
-{%- endmacro -%}
-
 {% if item.php_version is defined %}
-{% set php_upstream = phpv(item.php_version) %}
-{% elif nginx_php56 %}
-{% set php_upstream = phpv(56) %}
-{% elif nginx_php70 %}
-{% set php_upstream = phpv(70) %}
+{% set php_info = 'Explicit PHP version on site' %}
+{% set php_upstream = (nginx_php|selectattr('version', 'equalto', item.php_version)|first).upstream_name | default(item.php_version | php_default_upstream_name) %}
+{% elif item.php_upstream is defined %}
+{% set php_info = 'Explicit Nginx/PHP upstream on site' %}
+{% set php_upstream = item.php_upstream %}
+{% else %}
+{% set php_info = 'Warning: using first PHP version on config' %}
+{% set php_upstream = nginx_php.0.upstream_name | default(nginx_php.0.version | php_default_upstream_name) %}
 {% endif %}
 
 {% block template_index %}
@@ -29,6 +21,7 @@
 
 {% block template_upstream_location %}
 	location ~ \.php$ {
+		# {{ php_info }}
 		fastcgi_pass {{ php_upstream }};
 		fastcgi_index index.php;
 {% if item.upstream_params is defined and item.upstream_params is iterable %}

templates/etc/nginx/sites-available/_php_index.j2

@@ -2,6 +2,7 @@
 
 {% block template_upstream_location %}
 	location = /index.php {
+		# {{ php_info }}
 		fastcgi_pass {{ php_upstream }};
 		fastcgi_index index.php;
 {% if item.upstream_params is defined and item.upstream_params is iterable %}

templates/etc/nginx/upstream/php.conf.j2

@@ -2,29 +2,19 @@
 # {{ ansible_managed }}
 #
 
-{% if nginx_php56 %}
-upstream {{ nginx_upstream_php56 }} {
-{% for item in nginx_php56_sockets %}
-{% if item.unix_socket is defined %}
-	server unix:{{ item.unix_socket }} weight={{ item.weight | default('1') }};
+{% for php in nginx_php %}
+upstream {{ php.upstream_name | default((php.version | php_default_upstream_name)) }} {
+{% for sock in php.sockets | default([]) %}
+{% if php.host is defined %}
+    server {{ sock.host }}:{{ sock.port }} weight={{ sock.weight | default('1') }} max_fails={{ sock.max_fails | default('5') }} fail_timeout={{ sock.fail_timeout | default('10s') }};
 {% else %}
-	server {{ item.host }}:{{ item.port }} weight={{ item.weight | default('1') }} max_fails={{ item.max_fails | default('5') }} fail_timeout={{ item.fail_timeout | default('10s') }};
+    server unix:{{ sock.unix | default((php.version | php_default_upstream_socket)) }} weight={{ sock.weight | default('1') }};
 {% endif %}
+{% else %}
+    server unix:{{ php.version | php_default_upstream_socket }} weight=1;
 {% endfor %}
 }
 
-{% endif %}
-{% if nginx_php70 %}
-upstream {{ nginx_upstream_php70 }} {
-{% for item in nginx_php70_sockets %}
-{% if item.unix_socket is defined %}
-	server unix:{{ item.unix_socket }} weight={{ item.weight | default('1') }};
-{% else %}
-	server {{ item.host }}:{{ item.port }} weight={{ item.weight | default('1') }} max_fails={{ item.max_fails | default('5') }} fail_timeout={{ item.fail_timeout | default('10s') }};
-{% endif %}
 {% endfor %}
-}
-
-{% endif %}
 
 # vim:filetype=nginx

tests/includes/pre_Debian.yml

@@ -4,6 +4,7 @@
   apt_repository:
     repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main'
     state: present
+  when: nginx_backports
 
 - block:
 
@@ -22,7 +23,25 @@
       content: "Package: *\nPin: release o=packages.dotdeb.org\nPin-Priority: 100"
       dest: /etc/apt/preferences
 
-  when: ansible_distribution_release == 'jessie' and dotdeb
+  when: ansible_distribution_release == 'jessie' and dotdeb | default(false)
+
+- block:
+
+  - name: APT | Install apt-transport-https
+    apt:
+      pkg: apt-transport-https
+      update_cache: yes
+      cache_valid_time: 3600
+
+  - name: APT_KEY | Install GPG key
+    apt_key:
+      url: 'https://packages.sury.org/php/apt.gpg'
+
+  - name: APT_REPOSITORY | Add APT repository
+    apt_repository:
+      repo: 'deb https://packages.sury.org/php {{ ansible_distribution_release }} main'
+
+  when: sury | default(false)
 
 - name: APT | Install needed packages
   apt:
@@ -37,35 +56,21 @@
     - strace
     - vim
 
-- name: APT | Install PHP5.6
+- name: APT | Install PHP
   apt:
-    pkg: "{{ item }}"
+    pkg: "{{ item.version | php_fpm_package }}"
     update_cache: yes
     cache_valid_time: 3600
     state: present
-  with_items:
-    - php5-fpm
-    - php5-sqlite
-  when: nginx_php56
+  with_items: "{{ nginx_php }}"
 
-- name: APT | Install PHP7
-  apt:
-    pkg: "{{ item }}"
-    update_cache: yes
-    cache_valid_time: 3600
-    state: present
-  with_items:
-    - php7.0-fpm
-    - php7.0-sqlite3
-  when: nginx_php70
-
-- name: SERVICE | Force start services
+- name: SERVICE | Force start fcgiwrap
   service:
-    name: "{{ item.name }}"
+    name: "fcgiwrap"
     state: started
-  register: sf
-  with_items:
-    - { name: 'php5-fpm', cond: "{{ nginx_php56 }}" }
-    - { name: 'php7.0-fpm', cond: "{{ nginx_php70 }}" }
-    - { name: 'fcgiwrap', cond: true }
-  when: item.cond
+
+- name: SERVICE | Force start PHP
+  service:
+    name: "{{ item.version | php_fpm_service }}"
+    state: started
+  with_items: "{{ nginx_php }}"

tests/includes/pre_FreeBSD.yml

@@ -4,10 +4,11 @@
   set_fact:
     nginx_pkgng_package: 'nginx-devel'
     nginx_user: 'www'
-    nginx_php70: false
-    nginx_php56_sockets:
-      - host: '127.0.0.1'
-        port: 9000
+    nginx_php:
+      - version: '5.6'
+        sockets:
+          - host: '127.0.0.1'
+            port: 9000
 
 - name: PKGNG | Install needed packages
   pkgng:

tests/test.yml

@@ -2,10 +2,6 @@
 
 - hosts: all
   pre_tasks:
-    - debug: var=dotdeb
-    - debug: var=nginx_php56
-    - debug: var=nginx_php70
-    - debug: var=nginx_backports
     - name: INCLUDE | Pre_tasks related to OS version
       include: "includes/pre_{{ ansible_distribution }}.yml"
     - name: FILE | Create an internal SSL dir
@@ -171,7 +167,7 @@
           - '/b'
           - '/c'
       - name: 'test-php.local'
-        php_version: "{{ '7.0' if nginx_php70 else '5.6' }}"
+        php_version: "{{ nginx_php.1.version if nginx_php.1 is defined else nginx_php.0.version }}"
         upstream_params:
           - 'fastcgi_param FOO bar;'
         redirect_from:
@@ -296,21 +292,15 @@
 # --------------------------------
 # PHP
 # --------------------------------
-    - name: -- VERIFY PHP5 SITES (implicit default) --
-      command: "curl -H 'Host: {{ item }}' http://127.0.0.1/"
+    - name: -- VERIFY PHP SITES --
+      command: "curl -H 'Host: {{ item.name }}' http://127.0.0.1/"
       register: p
+      with_items: "{{ nginx_sites }}"
+      when: >
+        item.template is defined and
+        (item.template == '_php' or item.template == '_php_index')
       changed_when: false
-      failed_when: p.stdout.find('PHP Version 5') == -1
-      with_items: ['test-php-index.local']
-      when: nginx_php56
-
-    - name: -- VERIFY PHP7 SITES --
-      command: "curl -H 'Host: {{ item }}' http://127.0.0.1/"
-      register: p
-      changed_when: false
-      failed_when: p.stdout.find('PHP Version 7') == -1
-      with_items: ['test-php.local']
-      when: nginx_php70
+      failed_when: p.stdout.find('PHP Version ' + item.php_version if 'php_version' in item else nginx_php.0.version) == -1
 
 # --------------------------------
 # Basic Auth
@@ -377,7 +367,7 @@
         register: nagios_cgi
         failed_when: nagios_cgi.stdout.find('Nagios Event Summary') == -1
 
-      when: ansible_distribution_major_version | version_compare('9', 'lt') 
+      when: ansible_distribution_major_version | version_compare('9', 'lt')
 
 # --------------------------------
 # Owncloud

vars/main.yml

@@ -43,6 +43,3 @@ nginx_servers_default_headers:
   'X-Frame-Options': 'DENY always'
   'X-Content-Type-Options': 'nosniff always'
   'X-XSS-Protection': '1; mode=block'
-
-nginx_upstream_php56: 'php56'
-nginx_upstream_php70: 'php70'