diff --git a/.gitignore b/.gitignore index c7cdbe1..5a00188 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .vagrant* *.swp *.retry +*.pyc diff --git a/.travis.yml b/.travis.yml index 77be752..9f15cb0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,10 +6,12 @@ env: - PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.3,<2.4' - PLATFORM='docker-debian-jessie-dotdeb' ANSIBLE_VERSION='ansible>=2.3,<2.4' - PLATFORM='docker-debian-stretch' ANSIBLE_VERSION='ansible>=2.3,<2.4' + - PLATFORM='docker-debian-stretch-sury' ANSIBLE_VERSION='ansible>=2.3,<2.4' - PLATFORM='docker-debian-jessie' ANSIBLE_VERSION='ansible>=2.4,<2.5' - PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.4,<2.5' - PLATFORM='docker-debian-jessie-dotdeb' ANSIBLE_VERSION='ansible>=2.4,<2.5' - PLATFORM='docker-debian-stretch' ANSIBLE_VERSION='ansible>=2.4,<2.5' + - PLATFORM='docker-debian-stretch-stretch' ANSIBLE_VERSION='ansible>=2.4,<2.5' matrix: allow_failures: @@ -17,6 +19,7 @@ matrix: - env: PLATFORM='docker-debian-jessie-backports' ANSIBLE_VERSION='ansible>=2.4,<2.5' - env: PLATFORM='docker-debian-jessie-dotdeb' ANSIBLE_VERSION='ansible>=2.4,<2.5' - env: PLATFORM='docker-debian-stretch' ANSIBLE_VERSION='ansible>=2.4,<2.5' + - env: PLATFORM='docker-debian-stretch-sury' ANSIBLE_VERSION='ansible>=2.4,<2.5' fast_finish: true sudo: required diff --git a/Vagrantfile b/Vagrantfile index 2a7ce55..e4bfd94 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -6,10 +6,11 @@ Vagrant.configure("2") do |config| vms_debian = [ - { :name => "debian-jessie", :box => "debian/jessie64", :vars => { "nginx_php56": true, "nginx_php70": false, "dotdeb": false, "nginx_backports": false }}, - { :name => "debian-jessie-backports", :box => "debian/jessie64", :vars => { "nginx_php56": true, "nginx_php70": false, "dotdeb": false, "nginx_backports": true }}, - { :name => "debian-jessie-dotdeb", :box => "debian/jessie64", :vars => { "nginx_php56": true, "nginx_php70": true, "dotdeb": true, "nginx_backports": false }}, - { :name => "debian-stretch", :box => "debian/stretch64", :vars => { "nginx_php56": false, "nginx_php70": true, "dotdeb": false, "nginx_backports": false }} + { :name => "debian-jessie", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "5.6"}] }}, + { :name => "debian-jessie-backports", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "5.6"}], "nginx_backports": true }}, + { :name => "debian-jessie-dotdeb", :box => "debian/jessie64", :vars => { "nginx_php": [{"version": "7.0"}, {"version": "5.6", "upstream_name": "legacy"} ], "dotdeb": true }}, + { :name => "debian-stretch", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.0"}] }}, + { :name => "debian-stretch-sury", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }} ] vms_freebsd = [ @@ -17,10 +18,11 @@ Vagrant.configure("2") do |config| ] conts = [ - { :name => "docker-debian-jessie", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php56": true, "nginx_php70": false, "dotdeb": false, "nginx_backports": false }}, - { :name => "docker-debian-jessie-backports", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php56": true, "nginx_php70": false, "dotdeb": false, "nginx_backports": true }}, - { :name => "docker-debian-jessie-dotdeb", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php56": true, "nginx_php70": true, "dotdeb": true, "nginx_backports": false }}, - { :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php56": false, "nginx_php70": true, "dotdeb": false, "nginx_backports": false }} + { :name => "docker-debian-jessie", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php" => [{"version" => "5.6"}] }}, + { :name => "docker-debian-jessie-backports", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php": [{"version": "5.6"}], "nginx_backports": true }}, + { :name => "docker-debian-jessie-dotdeb", :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "nginx_php": [{"version": "7.0"}, {"version": "5.6", "upstream_name": "legacy"} ], "dotdeb": true }}, + { :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.0"}] }}, + { :name => "docker-debian-stretch-sury", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }} ] config.vm.network "private_network", type: "dhcp" @@ -52,7 +54,7 @@ Vagrant.configure("2") do |config| ansible.playbook = "tests/test.yml" ansible.verbose = 'vv' ansible.sudo = true - ansible.extra_vars = opts[:vars] + ansible.extra_vars = opts[:vars] end end end diff --git a/defaults/main.yml b/defaults/main.yml index 2a1461a..4526d04 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -32,13 +32,7 @@ nginx_helper_dir: '{{ nginx_etc_dir}}/helper' # # PHP -nginx_php56: false -nginx_php70: false -nginx_php56_sockets: - - unix_socket: "/run/php5-fpm.sock" -nginx_php70_sockets: - - unix_socket: "/run/php/php7.0-fpm.sock" -nginx_upstreams: [] +nginx_php: [] # # Nginx configuration diff --git a/doc/php.md b/doc/php.md index f011018..6d7cafc 100644 --- a/doc/php.md +++ b/doc/php.md @@ -1,18 +1,23 @@ PHP === -- `nginx_php56` and `nginx_php70`: boolean if you need to preconfigure PHP (default: false) -- `nginx_php##_sockets`: list of sockets (see bellow) +`nginx_php`: + - `version`: (M) PHP version + - `upstream_name` (O) + - `sockets`: (O) socket list + +If `sockets` is not provided, if uses local unix socket (based on PHP version). You should see [Nginx upstream module doc](http://nginx.org/en/docs/http/ngx_http_upstream_module.html). Each socket have: -- `unix_socket` +- `unix` + +XOR + - `host` - `port` - `weight` - `max_fails` - `fail_timeout` - -With default configuration, it works fine with PHP-FPM. diff --git a/filter_plugins/php.py b/filter_plugins/php.py new file mode 100644 index 0000000..d543aad --- /dev/null +++ b/filter_plugins/php.py @@ -0,0 +1,25 @@ +def php_default_upstream_socket(php_version): + if php_version == '5.6': + return '/run/php5-fpm.sock' + else: + return '/run/php/php%s-fpm.sock' % php_version + +def php_default_upstream_name(php_version): + return 'default_php_%s' % php_version + +def php_fpm_service(php_version): + if php_version == '5.6': + return 'php5-fpm' + else: + return 'php%s-fpm' % php_version + +class FilterModule(object): + ''' PHP module ''' + + def filters(self): + return { + 'php_default_upstream_socket': php_default_upstream_socket, + 'php_default_upstream_name': php_default_upstream_name, + 'php_fpm_service': php_fpm_service, + 'php_fpm_package': php_fpm_service + } diff --git a/tasks/site.yml b/tasks/site.yml index 4563d01..a8c2fbe 100644 --- a/tasks/site.yml +++ b/tasks/site.yml @@ -2,7 +2,7 @@ - name: FAIL | Check filenames fail: - msg: "Forbidden keyword default on site {{ item.name if item.name is string else item.name[0] }}" + msg: "Forbidden keyword default on site {{ item.name if item.name is string else item.name.0 }}" when: item.filename is defined and item.filename == 'default' with_items: "{{ nginx_sites }}" @@ -21,7 +21,7 @@ - name: FILE | Create root public folders (foreach nginx_sites) file: - path: "{{ nginx_root }}/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}/public" + path: "{{ nginx_root }}/{{ item.filename | default(item.name if item.name is string else item.name.0) }}/public" state: directory owner: "{{ item.owner | default(nginx_user) }}" group: "{{ item.group | default(nginx_user) }}" @@ -36,14 +36,14 @@ - name: TEMPLATE | Create sites template: src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2" - dest: "{{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}" + dest: "{{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name.0) }}" with_items: "{{ nginx_sites }}" notify: ['reload nginx', 'restart nginx freebsd'] when: item.state is not defined or item.state != 'absent' - name: FILE | Delete sites file: - path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0.filename | default(item.0.name if item.0.name is string else item.0.name[0]) }}" + path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0.filename | default(item.0.name if item.0.name is string else item.0.name.0) }}" state: absent with_nested: - "{{ nginx_sites }}" @@ -53,8 +53,8 @@ - name: FILE | Enable sites file: - src: "{{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}" - dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}" + src: "{{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name.0) }}" + dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name.0) }}" state: link with_items: "{{ nginx_sites }}" notify: ['reload nginx', 'restart nginx freebsd'] @@ -63,7 +63,7 @@ - name: FILE | Disable sites file: - path: "{{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}" + path: "{{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name.0) }}" state: absent with_items: "{{ nginx_sites }}" notify: ['reload nginx', 'restart nginx freebsd'] diff --git a/tasks/upstream.yml b/tasks/upstream.yml index fe86353..7b36d26 100644 --- a/tasks/upstream.yml +++ b/tasks/upstream.yml @@ -1,15 +1,10 @@ --- -- name: SET_FACT | Backward compatibility with old version of this role - set_fact: - nginx_php56: true - when: nginx_php is defined and nginx_php - - name: TEMPLATE | Deploy PHP upstream to Nginx template: src: "etc/nginx/upstream/php.conf.j2" dest: "{{ nginx_etc_dir }}/conf.d/php.conf" - when: nginx_php56 or nginx_php70 + when: nginx_php | length > 0 notify: reload nginx - name: TEMPLATE | Deploy other upstreams diff --git a/templates/etc/nginx/sites-available/_php.j2 b/templates/etc/nginx/sites-available/_php.j2 index 41b6bfc..409b047 100644 --- a/templates/etc/nginx/sites-available/_php.j2 +++ b/templates/etc/nginx/sites-available/_php.j2 @@ -1,22 +1,14 @@ {% extends "_base.j2" %} -{% macro phpv(version) %} -{% if version == 56 or version == "56" or version == "5.6" %} -{{ nginx_upstream_php56 -}} -{% elif version == 70 or version == "70" or version == "7.0" %} -{{ nginx_upstream_php70 -}} -{% else %} -{# Hack... define another upstream #} -{{ version -}} -{% endif %} -{%- endmacro -%} - {% if item.php_version is defined %} -{% set php_upstream = phpv(item.php_version) %} -{% elif nginx_php56 %} -{% set php_upstream = phpv(56) %} -{% elif nginx_php70 %} -{% set php_upstream = phpv(70) %} +{% set php_info = 'Explicit PHP version on site' %} +{% set php_upstream = (nginx_php|selectattr('version', 'equalto', item.php_version)|first).upstream_name | default(item.php_version | php_default_upstream_name) %} +{% elif item.php_upstream is defined %} +{% set php_info = 'Explicit Nginx/PHP upstream on site' %} +{% set php_upstream = item.php_upstream %} +{% else %} +{% set php_info = 'Warning: using first PHP version on config' %} +{% set php_upstream = nginx_php.0.upstream_name | default(nginx_php.0.version | php_default_upstream_name) %} {% endif %} {% block template_index %} @@ -29,6 +21,7 @@ {% block template_upstream_location %} location ~ \.php$ { + # {{ php_info }} fastcgi_pass {{ php_upstream }}; fastcgi_index index.php; {% if item.upstream_params is defined and item.upstream_params is iterable %} diff --git a/templates/etc/nginx/sites-available/_php_index.j2 b/templates/etc/nginx/sites-available/_php_index.j2 index 3bbb158..4ee9c33 100644 --- a/templates/etc/nginx/sites-available/_php_index.j2 +++ b/templates/etc/nginx/sites-available/_php_index.j2 @@ -2,6 +2,7 @@ {% block template_upstream_location %} location = /index.php { + # {{ php_info }} fastcgi_pass {{ php_upstream }}; fastcgi_index index.php; {% if item.upstream_params is defined and item.upstream_params is iterable %} diff --git a/templates/etc/nginx/upstream/php.conf.j2 b/templates/etc/nginx/upstream/php.conf.j2 index 08afcb8..73f2f17 100644 --- a/templates/etc/nginx/upstream/php.conf.j2 +++ b/templates/etc/nginx/upstream/php.conf.j2 @@ -2,29 +2,19 @@ # {{ ansible_managed }} # -{% if nginx_php56 %} -upstream {{ nginx_upstream_php56 }} { -{% for item in nginx_php56_sockets %} -{% if item.unix_socket is defined %} - server unix:{{ item.unix_socket }} weight={{ item.weight | default('1') }}; +{% for php in nginx_php %} +upstream {{ php.upstream_name | default((php.version | php_default_upstream_name)) }} { +{% for sock in php.sockets | default([]) %} +{% if php.host is defined %} + server {{ sock.host }}:{{ sock.port }} weight={{ sock.weight | default('1') }} max_fails={{ sock.max_fails | default('5') }} fail_timeout={{ sock.fail_timeout | default('10s') }}; {% else %} - server {{ item.host }}:{{ item.port }} weight={{ item.weight | default('1') }} max_fails={{ item.max_fails | default('5') }} fail_timeout={{ item.fail_timeout | default('10s') }}; + server unix:{{ sock.unix | default((php.version | php_default_upstream_socket)) }} weight={{ sock.weight | default('1') }}; {% endif %} +{% else %} + server unix:{{ php.version | php_default_upstream_socket }} weight=1; {% endfor %} } -{% endif %} -{% if nginx_php70 %} -upstream {{ nginx_upstream_php70 }} { -{% for item in nginx_php70_sockets %} -{% if item.unix_socket is defined %} - server unix:{{ item.unix_socket }} weight={{ item.weight | default('1') }}; -{% else %} - server {{ item.host }}:{{ item.port }} weight={{ item.weight | default('1') }} max_fails={{ item.max_fails | default('5') }} fail_timeout={{ item.fail_timeout | default('10s') }}; -{% endif %} {% endfor %} -} - -{% endif %} # vim:filetype=nginx diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml index e5da181..639d383 100644 --- a/tests/includes/pre_Debian.yml +++ b/tests/includes/pre_Debian.yml @@ -4,6 +4,7 @@ apt_repository: repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main' state: present + when: nginx_backports - block: @@ -22,7 +23,25 @@ content: "Package: *\nPin: release o=packages.dotdeb.org\nPin-Priority: 100" dest: /etc/apt/preferences - when: ansible_distribution_release == 'jessie' and dotdeb + when: ansible_distribution_release == 'jessie' and dotdeb | default(false) + +- block: + + - name: APT | Install apt-transport-https + apt: + pkg: apt-transport-https + update_cache: yes + cache_valid_time: 3600 + + - name: APT_KEY | Install GPG key + apt_key: + url: 'https://packages.sury.org/php/apt.gpg' + + - name: APT_REPOSITORY | Add APT repository + apt_repository: + repo: 'deb https://packages.sury.org/php {{ ansible_distribution_release }} main' + + when: sury | default(false) - name: APT | Install needed packages apt: @@ -37,35 +56,21 @@ - strace - vim -- name: APT | Install PHP5.6 +- name: APT | Install PHP apt: - pkg: "{{ item }}" + pkg: "{{ item.version | php_fpm_package }}" update_cache: yes cache_valid_time: 3600 state: present - with_items: - - php5-fpm - - php5-sqlite - when: nginx_php56 + with_items: "{{ nginx_php }}" -- name: APT | Install PHP7 - apt: - pkg: "{{ item }}" - update_cache: yes - cache_valid_time: 3600 - state: present - with_items: - - php7.0-fpm - - php7.0-sqlite3 - when: nginx_php70 - -- name: SERVICE | Force start services +- name: SERVICE | Force start fcgiwrap service: - name: "{{ item.name }}" + name: "fcgiwrap" state: started - register: sf - with_items: - - { name: 'php5-fpm', cond: "{{ nginx_php56 }}" } - - { name: 'php7.0-fpm', cond: "{{ nginx_php70 }}" } - - { name: 'fcgiwrap', cond: true } - when: item.cond + +- name: SERVICE | Force start PHP + service: + name: "{{ item.version | php_fpm_service }}" + state: started + with_items: "{{ nginx_php }}" diff --git a/tests/includes/pre_FreeBSD.yml b/tests/includes/pre_FreeBSD.yml index fae7053..3227c7f 100644 --- a/tests/includes/pre_FreeBSD.yml +++ b/tests/includes/pre_FreeBSD.yml @@ -4,10 +4,11 @@ set_fact: nginx_pkgng_package: 'nginx-devel' nginx_user: 'www' - nginx_php70: false - nginx_php56_sockets: - - host: '127.0.0.1' - port: 9000 + nginx_php: + - version: '5.6' + sockets: + - host: '127.0.0.1' + port: 9000 - name: PKGNG | Install needed packages pkgng: diff --git a/tests/test.yml b/tests/test.yml index 4a5269c..e7a3eb2 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -2,10 +2,6 @@ - hosts: all pre_tasks: - - debug: var=dotdeb - - debug: var=nginx_php56 - - debug: var=nginx_php70 - - debug: var=nginx_backports - name: INCLUDE | Pre_tasks related to OS version include: "includes/pre_{{ ansible_distribution }}.yml" - name: FILE | Create an internal SSL dir @@ -171,7 +167,7 @@ - '/b' - '/c' - name: 'test-php.local' - php_version: "{{ '7.0' if nginx_php70 else '5.6' }}" + php_version: "{{ nginx_php.1.version if nginx_php.1 is defined else nginx_php.0.version }}" upstream_params: - 'fastcgi_param FOO bar;' redirect_from: @@ -296,21 +292,15 @@ # -------------------------------- # PHP # -------------------------------- - - name: -- VERIFY PHP5 SITES (implicit default) -- - command: "curl -H 'Host: {{ item }}' http://127.0.0.1/" + - name: -- VERIFY PHP SITES -- + command: "curl -H 'Host: {{ item.name }}' http://127.0.0.1/" register: p + with_items: "{{ nginx_sites }}" + when: > + item.template is defined and + (item.template == '_php' or item.template == '_php_index') changed_when: false - failed_when: p.stdout.find('PHP Version 5') == -1 - with_items: ['test-php-index.local'] - when: nginx_php56 - - - name: -- VERIFY PHP7 SITES -- - command: "curl -H 'Host: {{ item }}' http://127.0.0.1/" - register: p - changed_when: false - failed_when: p.stdout.find('PHP Version 7') == -1 - with_items: ['test-php.local'] - when: nginx_php70 + failed_when: p.stdout.find('PHP Version ' + item.php_version if 'php_version' in item else nginx_php.0.version) == -1 # -------------------------------- # Basic Auth @@ -377,7 +367,7 @@ register: nagios_cgi failed_when: nagios_cgi.stdout.find('Nagios Event Summary') == -1 - when: ansible_distribution_major_version | version_compare('9', 'lt') + when: ansible_distribution_major_version | version_compare('9', 'lt') # -------------------------------- # Owncloud diff --git a/vars/main.yml b/vars/main.yml index a8587d3..75923ad 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -43,6 +43,3 @@ nginx_servers_default_headers: 'X-Frame-Options': 'DENY always' 'X-Content-Type-Options': 'nosniff always' 'X-XSS-Protection': '1; mode=block' - -nginx_upstream_php56: 'php56' -nginx_upstream_php70: 'php70'