diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index 454cf00..0000000 --- a/.ansible-lint +++ /dev/null @@ -1,8 +0,0 @@ ---- - -# TODO: enable later -enable_list: - - fqcn-builtins - -skip_list: - - role-name diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml new file mode 100644 index 0000000..c334001 --- /dev/null +++ b/.config/ansible-lint.yml @@ -0,0 +1,12 @@ +--- + +profile: production + +warn_list: [] + +skip_list: [] + +exclude_paths: + - .github/ + - .venv/ + - venv/ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c783900..d502f71 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,13 +31,9 @@ jobs: ansible-lint: name: Ansible Lint - runs-on: ubuntu-latest - + runs-on: ubuntu-24.04 steps: - - name: Fetch code - uses: actions/checkout@v3 - with: - fetch-depth: 0 + - uses: actions/checkout@v4 - name: Run ansible-lint - uses: ansible/ansible-lint-action@v6.15.0 + uses: ansible/ansible-lint@main diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 948b727..ae6446a 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -1,4 +1,5 @@ --- + name: Molecule 'on': @@ -14,12 +15,16 @@ jobs: fail-fast: false matrix: scenario: - - debian-10 - debian-11 - debian-12 - - ubuntu-18.04 - ubuntu-20.04 - ubuntu-22.04 + - ubuntu-24.04 + allowed-to-fail: + - false + include: + - scenario: debian-13 + allowed-to-fail: true steps: - name: Checkout @@ -28,8 +33,11 @@ jobs: path: "${{ github.repository }}" - name: Molecule - uses: gofrolist/molecule-action@v2.3.19 + uses: gofrolist/molecule-action@v2.7.62 with: molecule_options: --base-config molecule/_shared/base.yml molecule_args: --scenario-name ${{ matrix.scenario }} - molecule_working_dir: "HanXHX/ansible-php" + continue-on-error: ${{ matrix.allowed-to-fail }} + + - name: Fake command + run: echo "End of job" diff --git a/.gitignore b/.gitignore index 9f1df40..9865f61 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,9 @@ -.vagrant* *.swp *.retry *.log /filter_plugins/*.pyc /filter_plugins/__pycache__ /.idea +/.venv +/venv +/.ansible diff --git a/.yamllint.yml b/.yamllint.yml index 53974a0..a3618d2 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -4,3 +4,5 @@ extends: default rules: line-length: disable + +ignore-from-file: .gitignore diff --git a/README.md b/README.md index 9d9b212..29fa6b2 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,14 @@ -Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD -===================================================== +Ansible PHP (+FPM) role for Debian / Ubuntu +=========================================== [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) ![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-php/molecule.yml?branch=master) -Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug. +Install PHP on Debian / Ubuntu. Manage PHP-FPM, APCu, Opcache and Xdebug. Managed OS / Versions --------------------- -On all Debian versions, you can install all PHP versions by using [Sury's APT repository](https://deb.sury.org/). - -Other cases: - -| OS | PHP 7.0 | PHP 7.1 | PHP 7.2 | PHP 7.3 | PHP >= 7.4 | -|:---------------------:|:-------------------:|:--------------------:|:--------------------:|:--------------------:|:--------------------: -| Ubuntu Bionic (18.04) | :x: | :x: | :heavy_check_mark: | :x: | :x: | -| FreeBSD 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Need tests... | -| FreeBSD 12 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Need tests... | +On all Debian versions, you can install all PHP versions (from PHP 5.6 to latest version) by using [Sury's APT repository](https://deb.sury.org/). Links: - [Sury](https://deb.sury.org/) @@ -28,13 +20,6 @@ Requirements - Collections: [community.general](https://galaxy.ansible.com/community/general) - If you need PHP-FPM, you must install a webserver with FastCGI support. You can use my [nginx role](https://github.com/HanXHX/ansible-nginx). -FreeBSD limitations -------------------- - -- It doesn't split ini file for FPM/CLI. It's hardcoded as `/usr/local/etc/php.ini`. -- It can't manage multiple PHP versions at the time (like legacy Debian versions) -- You must explicitely set xdebug package name (use `pkg search xdebug` to find the good one) - Role Variables -------------- @@ -42,7 +27,7 @@ You should look at [default vars](defaults/main.yml). ### Writable vars -- `php_version`: 7.3, 7.4... depending OS (see above) +- `php_version`: 7.3, 7.4... depending on OS - `php_install_fpm`: boolean, install and manage php-fpm (default is true) - `php_install_xdebug`: boolean, install [Xdebug](http://xdebug.org) - `php_extra_packages`: additional php packages to install (default is an empty list). @@ -159,16 +144,20 @@ Example Playbook ### Simple Playbook - - hosts: servers - roles: - - { role: hanxhx.php } +```yaml +- hosts: servers + roles: + - { role: HanXHX.php } +``` ### Debian Bullseye with PHP 8.0 CLI (no FPM) - - hosts: servers - roles: - - { role: HanXHX.sury } - - { role: hanxhx.php, php_version: '8.0', php_install_fpm: false } +```yaml +- hosts: servers + roles: + - { role: HanXHX.sury } + - { role: HanXHX.php, php_version: '8.0', php_install_fpm: false } +``` License ------- @@ -185,7 +174,7 @@ If this code helped you, or if you’ve used them for your projects, feel free t - Litecoin: `LeNDw34zQLX84VvhCGADNvHMEgb5QyFXyD` - Monero: `45wbf7VdQAZS5EWUrPhen7Wo4hy7Pa7c7ZBdaWQSRowtd3CZ5vpVw5nTPphTuqVQrnYZC72FXDYyfP31uJmfSQ6qRXFy3bQ` -No crypto-currency? :star: the project is also a way of saying thank you! :sunglasses: +No cryptocurrency? :star: the project is also a way of saying thank you! :sunglasses: Author Information ------------------ diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 547c338..0000000 --- a/Vagrantfile +++ /dev/null @@ -1,87 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : -# vi: set tabstop=2 : -# vi: set shiftwidth=2 : - -Vagrant.configure("2") do |config| - - vms_debian = [ - { :name => "debian-buster-php73", :box => "debian/buster64", :vars => { }}, - { :name => "debian-buster-php74", :box => "debian/buster64", :vars => { "php_version": '7.4' }}, - { :name => "debian-bullseye-php74", :box => "debian/bullseye64", :vars => { }}, - { :name => "debian-bullseye-php80", :box => "debian/bullseye64", :vars => { "php_version": '8.0' }}, - { :name => "ubuntu-bionic-php72", :box => "ubuntu/bionic64", :vars => { }}, - ] - - vms_freebsd = [ - { :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE", :vars => {} }, - { :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} } - ] - - conts = [ - { :name => "docker-debian-buster-php73", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { }}, - { :name => "docker-debian-buster-php74", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { "php_version": '7.4' }}, - { :name => "docker-debian-bullseye-php74", :docker => "hanxhx/vagrant-ansible:debian11", :vars => { }}, - { :name => "docker-debian-bullseye-php80", :docker => "hanxhx/vagrant-ansible:debian11", :vars => { "php_version": '8.0' }}, - { :name => "docker-ubuntu-bionic-php72", :docker => "hanxhx/vagrant-ansible:ubuntu18.04", :vars => { }}, - ] - - config.vm.network "private_network", type: "dhcp" - - conts.each do |opts| - config.vm.define opts[:name] do |m| - m.vm.provider "docker" do |d| - d.image = opts[:docker] - d.remains_running = true - d.has_ssh = true - end - - #m.vm.provision "shell", inline: "apt-get update && apt-get install -y python python-apt" - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars] - end - end - end - - vms_debian.each do |opts| - config.vm.define opts[:name] do |m| - m.vm.box = opts[:box] - m.vm.provider "virtualbox" do |v| - v.cpus = 1 - v.memory = 256 - end - m.vm.provision "shell", inline: "apt-get update && apt-get install -y ifupdown python" - - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars] - end - end - end - - vms_freebsd.each do |opts| - config.vm.synced_folder ".", "/vagrant", disabled: true - config.vm.base_mac = "080027D14C66" - config.vm.define opts[:name] do |m| - m.vm.box = opts[:box] - m.vm.provider "virtualbox" do |v, override| - override.ssh.shell = "csh" - v.cpus = 2 - v.memory = 512 - end - m.vm.provision "shell", inline: "pkg install -y python bash" - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars].merge({ "ansible_python_interpreter": '/usr/local/bin/python' }) - end - end - end - -end diff --git a/handlers/main.yml b/handlers/main.yml index ba4aec0..c4e0a91 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -5,8 +5,3 @@ name: '{{ php_fpm_service }}' state: restarted when: php_install_fpm - notify: Docker restart php-fpm - -- name: Docker restart php-fpm # noqa: command-instead-of-module no-changed-when - ansible.builtin.command: 'service {{ php_fpm_service }} restart' - when: ansible_virtualization_type == 'docker' diff --git a/meta/main.yml b/meta/main.yml index 309ea78..93b20bd 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,26 +1,23 @@ --- galaxy_info: author: Emilien Mantel - role_name: php namespace: hanxhx + role_name: php description: Install and configure PHP 7.x/8.x company: TripleStack license: GPLv2 - min_ansible_version: '2.11' + min_ansible_version: "2.18" platforms: - name: Debian versions: - - buster - bullseye - bookworm + - trixie - name: Ubuntu versions: - - bionic - - name: FreeBSD - versions: - - '11.0' - - '11.1' - - '12.0' + - focal + - jammy + - noble galaxy_tags: - development - web @@ -30,6 +27,4 @@ galaxy_info: - php8 - debian - ubuntu - - freebsd - dependencies: [] diff --git a/molecule/_shared/base.yml b/molecule/_shared/base.yml index aa58e29..54e7092 100644 --- a/molecule/_shared/base.yml +++ b/molecule/_shared/base.yml @@ -13,12 +13,15 @@ scenario: dependency: name: galaxy options: - requirements-file: ../../requirements.yml + requirements-file: ./molecule/_shared/requirements.yml + role-file: ./molecule/_shared/requirements.yml driver: name: docker role_name_check: 1 provisioner: name: ansible + env: + ANSIBLE_FILTER_PLUGINS: "../../filter_plugins" config_options: defaults: deprecation_warnings: false @@ -32,5 +35,8 @@ provisioner: converge: ../_shared/converge.yml prepare: ../_shared/prepare.yml verify: ../_shared/verify.yml + inventory: + links: + group_vars: ../_shared/group_vars verifier: name: ansible diff --git a/molecule/_shared/converge.yml b/molecule/_shared/converge.yml index 9100e5a..87cdaa5 100644 --- a/molecule/_shared/converge.yml +++ b/molecule/_shared/converge.yml @@ -1,25 +1,41 @@ --- -- name: Converge +- name: Converge # noqa: role-name[path] hosts: all gather_facts: true + roles: + - ../../../ handlers: - name: Reload nginx ansible.builtin.service: name: nginx state: reloaded - tasks: - - name: Include role - ansible.builtin.include_role: - name: "hanxhx.php" + vars: + __nginx_conf: /etc/nginx/nginx.conf post_tasks: - name: TEMPLATE | Nginx site config ansible.builtin.template: - src: "../../tests/templates/nginx.conf.j2" + src: "templates/nginx.conf.j2" dest: "{{ __nginx_conf }}" mode: 0644 owner: root group: root notify: Reload nginx - vars_files: - - vars/misc.yml + + - name: COMMAND | Fix nginx config + ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf" + args: + creates: "{{ __nginx_conf | dirname }}/fastcgi.conf" + notify: Reload nginx + + - name: LINEINFILE | Fix nginx config (second step) + ansible.builtin.lineinfile: + regexp: '^fastcgi_param\s+SCRIPT_FILENAME' + line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;" + dest: "{{ __nginx_conf | dirname }}/fastcgi.conf" + notify: Reload nginx + + - name: SERVICE | Ensure Nginx is started + ansible.builtin.service: + name: nginx + state: started diff --git a/molecule/_shared/vars/misc.yml b/molecule/_shared/group_vars/all/main.yml similarity index 71% rename from molecule/_shared/vars/misc.yml rename to molecule/_shared/group_vars/all/main.yml index ff486cb..563f5e5 100644 --- a/molecule/_shared/vars/misc.yml +++ b/molecule/_shared/group_vars/all/main.yml @@ -1,20 +1,21 @@ --- -# Force SysVinit, since systemd won't work in a Docker container -ansible_service_mgr: "sysvinit" - -# ---------------------------------------- -# Copied from {role_dir}/tests/test.yml -# ---------------------------------------- vhost: 'test.local' + +php_version: null + php_extra_packages: - '{{ php_package_prefix }}pgsql' + php_install_xdebug: true php_autoremove_default_pool: true + php_ini_fpm: display_errors: 'Off' + php_ini_cli: error_reporting: 'E_ALL' + php_fpm_poold: - pool_name: 'test_ansible' listen: '/run/php/php-ansible1.sock' @@ -26,10 +27,9 @@ php_fpm_poold: status_path: '/status' ping_path: '/ping' ping_response: 'ok' + - name: 'test_ansible2' user: 'foo' - php_env: - foo: bar php_value: display_errors: 'Off' php_admin_value: diff --git a/molecule/_shared/prepare.yml b/molecule/_shared/prepare.yml index 3920a6e..f84cf80 100644 --- a/molecule/_shared/prepare.yml +++ b/molecule/_shared/prepare.yml @@ -3,19 +3,35 @@ - name: Prepare hosts: all gather_facts: true - vars_files: - - vars/misc.yml - - handlers: - - name: Reload nginx - ansible.builtin.service: - name: nginx - state: reloaded - tasks: + - name: APT | Install packages + ansible.builtin.apt: + pkg: "{{ p }}" + update_cache: true + cache_valid_time: 3600 + vars: + p: + - apt-transport-https + - ca-certificates + - curl + - gpg + - lsb-release + - nginx + - vim - - name: INCLUDE_TASKS | Pre tasks related to OS - ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml" + - name: BLOCK | Setup Sury on Debian + when: + - php_version is not none + - php_version != php_default_version + - ansible_distribution == 'Debian' + block: + - name: APT | Install Sury key + ansible.builtin.apt_key: + url: 'https://packages.sury.org/php/apt.gpg' + + - name: APT_REPOSITORY | Add Sury repository + ansible.builtin.apt_repository: + repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' - name: USER | Create PHP user ansible.builtin.user: @@ -23,45 +39,3 @@ system: true create_home: false shell: '/usr/sbin/nologin' - - - name: COMMAND | Fix nginx config - ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf" - args: - creates: "{{ __nginx_conf | dirname }}/fastcgi.conf" - notify: Reload nginx - - - name: LINEINFILE | Fix nginx config (second step) - ansible.builtin.lineinfile: - regexp: '^fastcgi_param\s+SCRIPT_FILENAME' - line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;" - dest: "{{ __nginx_conf | dirname }}/fastcgi.conf" - notify: Reload nginx - - - name: SERVICE | Ensure nginx is started - ansible.builtin.service: - name: nginx - state: started - - - name: FILE | Create /var/www - ansible.builtin.file: - dest: /var/www - state: directory - owner: root - group: root - mode: 0755 - - - name: COPY | Add phpinfo - ansible.builtin.copy: - dest: /var/www/phpinfo.php - content: ' {{ ansible_local.hanxhx_php.php_version }}' | head -n 1 changed_when: false + register: p + failed_when: p.stdout == '' + args: + executable: /bin/bash + + - name: FILE | Create /var/www + ansible.builtin.file: + dest: /var/www + state: directory + owner: root + group: root + mode: 0755 + + - name: COPY | Add phpinfo + ansible.builtin.copy: + dest: /var/www/phpinfo.php + content: ' /dev/null | grep h1 | grep 'PHP Version'" + ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ ansible_local.hanxhx_php.php_version }}' | sed -r 's/ {{ php_version }}' | head -n 1 - changed_when: false - register: p - failed_when: p.stdout == '' - args: - executable: /bin/bash - - - name: SHELL | Check vhost - ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/ /dev/null" changed_when: false @@ -55,20 +62,15 @@ url: "http://localhost{{ php_fpm_poold.0.status_path }}" when: php_fpm_poold.0.status_path is defined - - name: Debian extra checks - when: ansible_os_family == 'Debian' - block: + - name: SHELL | Check if we installed multiple PHP versions + ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l) + args: + executable: /bin/bash + failed_when: false + changed_when: false + register: check_multiple_php - - name: SHELL | Check if we installed multiple PHP versions - ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l) - args: - executable: /bin/bash - failed_when: false - changed_when: false - register: check_multiple_php - - - - name: FAIL | If we have multiple PHP version - ansible.builtin.fail: - msg: "Multiple PHP versions detected" - when: check_multiple_php.stdout != '1' + - name: FAIL | If we have multiple PHP version + ansible.builtin.fail: + msg: "Multiple PHP versions detected" + when: check_multiple_php.stdout != '1' diff --git a/molecule/debian-10/molecule.yml b/molecule/debian-10/molecule.yml deleted file mode 100644 index 46e4107..0000000 --- a/molecule/debian-10/molecule.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -platforms: - - name: debian-10 - image: dokken/debian-10 - command: /lib/systemd/systemd - dockerfile: ../_shared/Dockerfile.j2 - capabilities: - - SYS_ADMIN - cgroupns_mode: host - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - privileged: true - - name: debian-10-php-7.4 - image: dokken/debian-10 - command: /lib/systemd/systemd - dockerfile: ../_shared/Dockerfile.j2 - capabilities: - - SYS_ADMIN - cgroupns_mode: host - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - privileged: true - -provisioner: - inventory: - group_vars: - all: - __nginx_conf: /etc/nginx/nginx.conf - host_vars: - debian-10-php-7.4: - php_version: '7.4' diff --git a/molecule/debian-11/molecule.yml b/molecule/debian-11/molecule.yml index 7c6640f..a9d5a5f 100644 --- a/molecule/debian-11/molecule.yml +++ b/molecule/debian-11/molecule.yml @@ -11,22 +11,3 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true - - name: debian-11-php-8.0 - image: dokken/debian-11 - command: /lib/systemd/systemd - dockerfile: ../_shared/Dockerfile.j2 - capabilities: - - SYS_ADMIN - cgroupns_mode: host - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - privileged: true - -provisioner: - inventory: - group_vars: - all: - __nginx_conf: /etc/nginx/nginx.conf - host_vars: - debian-11-php-8.0: - php_version: '8.0' diff --git a/molecule/debian-12/molecule.yml b/molecule/debian-12/molecule.yml index b02eb1d..6d4e51f 100644 --- a/molecule/debian-12/molecule.yml +++ b/molecule/debian-12/molecule.yml @@ -11,9 +11,3 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true - -provisioner: - inventory: - group_vars: - all: - __nginx_conf: /etc/nginx/nginx.conf diff --git a/molecule/ubuntu-18.04/molecule.yml b/molecule/debian-13/molecule.yml similarity index 59% rename from molecule/ubuntu-18.04/molecule.yml rename to molecule/debian-13/molecule.yml index 6e2b836..058273c 100644 --- a/molecule/ubuntu-18.04/molecule.yml +++ b/molecule/debian-13/molecule.yml @@ -1,8 +1,8 @@ --- platforms: - - name: ubuntu-18.04 - image: dokken/ubuntu-18.04 + - name: debian-12 + image: dokken/debian-13 command: /lib/systemd/systemd dockerfile: ../_shared/Dockerfile.j2 capabilities: @@ -11,9 +11,3 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true - -provisioner: - inventory: - group_vars: - all: - __nginx_conf: /etc/nginx/nginx.conf diff --git a/molecule/ubuntu-20.04/molecule.yml b/molecule/ubuntu-20.04/molecule.yml index 22fde77..d889c6a 100644 --- a/molecule/ubuntu-20.04/molecule.yml +++ b/molecule/ubuntu-20.04/molecule.yml @@ -11,9 +11,3 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true - -provisioner: - inventory: - group_vars: - all: - __nginx_conf: /etc/nginx/nginx.conf diff --git a/molecule/ubuntu-22.04/molecule.yml b/molecule/ubuntu-22.04/molecule.yml index 995c5ea..d820e55 100644 --- a/molecule/ubuntu-22.04/molecule.yml +++ b/molecule/ubuntu-22.04/molecule.yml @@ -11,9 +11,3 @@ platforms: volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw privileged: true - -provisioner: - inventory: - group_vars: - all: - __nginx_conf: /etc/nginx/nginx.conf diff --git a/molecule/ubuntu-24.04/molecule.yml b/molecule/ubuntu-24.04/molecule.yml new file mode 100644 index 0000000..0a569eb --- /dev/null +++ b/molecule/ubuntu-24.04/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: ubuntu-24.04 + image: dokken/ubuntu-24.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..69eebc6 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,49 @@ +ansible==11.6.0 +ansible-compat==25.5.0 +ansible-core==2.18.6 +ansible-lint==25.5.0 +attrs==25.3.0 +black==25.1.0 +bracex==2.5.post1 +certifi==2025.4.26 +cffi==1.17.1 +charset-normalizer==3.4.2 +click==8.2.1 +click-help-colors==0.9.4 +cryptography==45.0.3 +distro==1.9.0 +docker==7.1.0 +enrich==1.2.7 +filelock==3.18.0 +idna==3.10 +importlib-metadata==8.7.0 +jinja2==3.1.6 +jsonschema==4.24.0 +jsonschema-specifications==2025.4.1 +markdown-it-py==3.0.0 +markupsafe==3.0.2 +mdurl==0.1.2 +molecule==25.5.0 +molecule-plugins==23.7.0 +mypy-extensions==1.1.0 +packaging==25.0 +pathspec==0.12.1 +platformdirs==4.3.8 +pluggy==1.6.0 +pycparser==2.22 +pygments==2.19.1 +pyyaml==6.0.2 +referencing==0.36.2 +requests==2.32.3 +resolvelib==1.0.1 +rich==14.0.0 +rpds-py==0.25.1 +ruamel-yaml==0.18.12 +ruamel-yaml-clib==0.2.12 +selinux==0.3.0 +subprocess-tee==0.4.2 +typing-extensions==4.13.2 +urllib3==2.4.0 +wcmatch==10.0 +yamllint==1.37.1 +zipp==3.22.0 diff --git a/tasks/fpm.yml b/tasks/fpm.yml index ddc2a6c..a817bdd 100644 --- a/tasks/fpm.yml +++ b/tasks/fpm.yml @@ -6,12 +6,6 @@ state: "{{ 'present' if php_install_fpm else 'absent' }}" when: ansible_os_family == 'Debian' -- name: SERVICE | Enable service on FreeBSD - ansible.builtin.service: - name: "{{ php_fpm_service }}" - enabled: "{{ 'true' if php_install_fpm else 'false' }}" - when: ansible_os_family == 'FreeBSD' - - name: LINEINFILE | PHP configuration ansible.builtin.lineinfile: dest: '{{ php_fpm_ini }}' @@ -22,7 +16,6 @@ group: root mode: 0644 loop: "{{ php_ini | combine(php_ini_fpm) | dict2items }}" - when: php_install_fpm | bool notify: Restart php-fpm - name: TEMPLATE | Deploy pool configuration @@ -33,14 +26,11 @@ group: root mode: 0644 loop: "{{ ansible_local.hanxhx_php.fpm_pool }}" - when: php_install_fpm | bool notify: Restart php-fpm - name: FILE | Delete default pool if necessary ansible.builtin.file: path: "{{ php_fpm_pool_dir }}/www.conf" state: absent - when: - - '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool' - - php_install_fpm | bool + when: '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool' notify: Restart php-fpm diff --git a/tasks/main.yml b/tasks/main.yml index 452f2d9..bf8f5b0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -19,6 +19,11 @@ - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" +- name: SET_FACT | Prepare PHP version if not defined + ansible.builtin.set_fact: + php_version: "{{ php_default_version }}" + when: php_version is none or php_version == '' or php_version is not defined + - name: SET_FACT | Transform data ansible.builtin.set_fact: __php_fpm_full_pool: | @@ -55,7 +60,7 @@ - name: COPY | Manage facts ansible.builtin.copy: - content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }} }" + content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }}, \"php_version\": \"{{ php_version }}\" }" dest: /etc/ansible/facts.d/hanxhx_php.fact owner: root group: root @@ -80,13 +85,6 @@ vars: pkgs: "{{ php_packages + php_extra_packages | flatten }}" notify: Restart php-fpm - when: ansible_os_family == 'Debian' - -- name: PKGNG | Install PHP packages - community.general.pkgng: - name: "{{ php_packages + php_extra_packages | flatten | join(',') }}" - notify: Restart php-fpm - when: ansible_os_family == 'FreeBSD' - name: IMPORT_TASKS | PHP-FPM ansible.builtin.import_tasks: fpm.yml @@ -104,22 +102,9 @@ - name: APT | Install and configure opcache ansible.builtin.import_tasks: opcache.yml -- name: SERVICE | Ensure PHP-FPM is started +- name: SERVICE | Ensure PHP-FPM is started and enabled + when: php_install_fpm ansible.builtin.service: name: '{{ php_fpm_service }}' state: started - when: php_install_fpm and ansible_virtualization_type != 'docker' - -- name: BLOCK | Ensure PHP-FPM is started if running on Docker - when: php_install_fpm and ansible_virtualization_type == 'docker' - block: - - - name: COMMAND | Check if PHP-FPM is started (Docker) # noqa: command-instead-of-module - ansible.builtin.command: 'service {{ php_fpm_service }} status' - register: dps - changed_when: false - failed_when: false - - - name: COMMAND | Ensure PHP-FPM is started (Docker) # noqa: command-instead-of-module no-changed-when - ansible.builtin.command: 'service {{ php_fpm_service }} start' - when: dps.stdout.find('is not running') != -1 + enabled: true diff --git a/tasks/opcache.yml b/tasks/opcache.yml index 26ccf51..f911ee3 100644 --- a/tasks/opcache.yml +++ b/tasks/opcache.yml @@ -1,31 +1,14 @@ --- -- name: Install opcache/apcu on Debian - when: ansible_os_family == 'Debian' - block: +- name: APT | Install APCu + ansible.builtin.apt: + pkg: "{{ php_apcu_package }}" + install_recommends: false - - name: APT | Install APCu - ansible.builtin.apt: - pkg: "{{ php_apcu_package }}" - install_recommends: false - - - name: APT | Install Opcache - ansible.builtin.apt: - pkg: "{{ php_package_prefix }}opcache" - install_recommends: false - - -- name: Install opcache/apcu on FreeBSD - when: ansible_os_family == 'FreeBSD' - block: - - - name: PKGNG | Install APCu - community.general.pkgng: - name: "php{{ php_version | replace('.', '') }}-pecl-APCu" - - - name: PKGNG | Install Opcache - community.general.pkgng: - name: "{{ php_package_prefix }}opcache" +- name: APT | Install Opcache + ansible.builtin.apt: + pkg: "{{ php_package_prefix }}opcache" + install_recommends: false - name: TEMPLATE | Configure Opcache ansible.builtin.template: diff --git a/tasks/xdebug.yml b/tasks/xdebug.yml index b7dd363..03669c2 100644 --- a/tasks/xdebug.yml +++ b/tasks/xdebug.yml @@ -1,9 +1,8 @@ --- -- name: BLOCK | Uninstall xdebug +- name: BLOCK | Install Xdebug when: php_install_xdebug block: - - name: APT | Install xdebug ansible.builtin.apt: pkg: "{{ php_xdebug_package }}" @@ -13,11 +12,6 @@ install_recommends: false when: ansible_os_family == 'Debian' - - name: PKGNG | Install xdebug - community.general.pkgng: - name: "{{ php_xdebug_package }}" - when: ansible_os_family == 'FreeBSD' and php_xdebug_package is defined - - name: TEMPLATE | Deploy module configurations ansible.builtin.template: src: "etc/__php__/mods-available/xdebug.ini.j2" @@ -26,19 +20,8 @@ mode: 0644 notify: Restart php-fpm - -- name: BLOCK | Uninstall xdebug +- name: APT | Uninstall xdebug + ansible.builtin.apt: + pkg: "{{ php_xdebug_package }}" + state: absent when: not php_install_xdebug - block: - - - name: APT | Uninstall xdebug - ansible.builtin.apt: - pkg: "{{ php_xdebug_package }}" - state: absent - when: ansible_os_family == 'Debian' - - - name: PKGNG | Uninstall xdebug - community.general.pkgng: - name: "{{ php_xdebug_package }}" - state: absent - when: ansible_os_family == 'FreeBSD' diff --git a/tests/includes/Debian/sury.yml b/tests/includes/Debian/sury.yml deleted file mode 100644 index a0ee287..0000000 --- a/tests/includes/Debian/sury.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: APT | Install Sury key - ansible.builtin.apt_key: - url: 'https://packages.sury.org/php/apt.gpg' - -- name: APT_REPOSITORY | Add Sury repository - ansible.builtin.apt_repository: - repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml deleted file mode 100644 index 5fd0687..0000000 --- a/tests/includes/pre_Debian.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: SET_FACT | Prepare test vars - ansible.builtin.set_fact: - __nginx_conf: /etc/nginx/nginx.conf - -- name: APT | Install packages - ansible.builtin.apt: - pkg: "{{ p }}" - update_cache: true - cache_valid_time: 3600 - vars: - p: - - apt-transport-https - - ca-certificates - - curl - - gpg - - lsb-release - - nginx - - vim - -- name: INCLUDE_TASKS | Sury (only if a specific php_version is defined) - ansible.builtin.include_tasks: Debian/sury.yml - when: php_version is defined diff --git a/tests/includes/pre_FreeBSD.yml b/tests/includes/pre_FreeBSD.yml deleted file mode 100644 index f4bf1bd..0000000 --- a/tests/includes/pre_FreeBSD.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: SET_FACT | Prepare test vars - ansible.builtin.set_fact: - __nginx_conf: /usr/local/etc/nginx/nginx.conf - php_xdebug_package: 'php72-pecl-xdebug-2.6.1' - -- name: PKGNG | Install packages - community.general.pkgng: - name: ['curl', 'nginx'] diff --git a/tests/test.yml b/tests/test.yml deleted file mode 100644 index 65fefa9..0000000 --- a/tests/test.yml +++ /dev/null @@ -1,181 +0,0 @@ ---- - -- hosts: all - name: Test all - vars: - vhost: 'test.local' - php_extra_packages: - - '{{ php_package_prefix }}pgsql' - php_install_xdebug: true - php_autoremove_default_pool: true - php_ini_fpm: - display_errors: 'Off' - php_ini_cli: - error_reporting: 'E_ALL' - php_fpm_poold: - - pool_name: 'test_ansible' - listen: '/run/php/php-ansible1.sock' - pm: 'dynamic' - pm_max_children: 250 - pm_start_servers: 10 - pm_min_spare_servers: 10 - pm_max_spare_servers: 20 - status_path: '/status' - ping_path: '/ping' - ping_response: 'ok' - - name: 'test_ansible2' - user: 'foo' - php_env: - foo: bar - php_value: - display_errors: 'Off' - php_admin_value: - memory_limit: '98M' - - pre_tasks: - - - name: INCLUDE_TASKS | Pre tasks related to OS - ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml" - - - name: USER | Create PHP user - ansible.builtin.user: - name: 'foo' - system: true - create_home: false - shell: '/usr/sbin/nologin' - - tasks: - - - name: TEMPLATE | Nginx site config - ansible.builtin.template: - src: "templates/nginx.conf.j2" - dest: "{{ __nginx_conf }}" - mode: 0644 - owner: root - group: root - notify: Reload nginx - - - name: COMMAND | Fix nginx config - ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf" - args: - creates: "{{ __nginx_conf | dirname }}/fastcgi.conf" - notify: Reload nginx - - - name: LINEINFILE | Fix nginx config (second step) - ansible.builtin.lineinfile: - regexp: '^fastcgi_param\s+SCRIPT_FILENAME' - line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;" - dest: "{{ __nginx_conf | dirname }}/fastcgi.conf" - notify: Reload nginx - - - name: SERVICE | Ensure nginx is started - ansible.builtin.service: - name: nginx - state: started - when: ansible_virtualization_type != 'docker' - - - name: Start nginx if testing with Docker - when: ansible_virtualization_type == 'docker' - block: - - - name: COMMAND | Docker nginx status # noqa: command-instead-of-module - ansible.builtin.command: service nginx status - changed_when: false - failed_when: false - register: ngs - - - name: COMMAND | Docker start nginx # noqa: command-instead-of-module no-changed-when - ansible.builtin.command: service nginx start - when: ngs.stdout.find('nginx is not running') != -1 - - handlers: - - - name: Reload nginx - ansible.builtin.service: - name: nginx - state: reloaded - notify: Docker reload nginx - - - name: Docker reload nginx # noqa: command-instead-of-module no-changed-when - ansible.builtin.command: service nginx reload - notify: Docker reload nginx - when: ansible_virtualization_type == 'docker' - - roles: - - ../../ - - post_tasks: - - - name: SHELL | Test php-cli - ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1 - changed_when: false - register: p - failed_when: p.stdout == '' - args: - executable: /bin/bash - - - name: FILE | Create /var/www - ansible.builtin.file: - dest: /var/www - state: directory - owner: root - group: root - mode: 0755 - - - name: COPY | Add phpinfo - ansible.builtin.copy: - dest: /var/www/phpinfo.php - content: ' /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/ /dev/null" - changed_when: false - register: c - failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout' - - - name: URI | Check ping - ansible.builtin.uri: - url: "http://localhost{{ php_fpm_poold.0.ping_path }}" - when: php_fpm_poold.0.ping_path is defined - - - name: URI | Check status - ansible.builtin.uri: - url: "http://localhost{{ php_fpm_poold.0.status_path }}" - when: php_fpm_poold.0.status_path is defined - - - name: Debian extra checks - when: ansible_os_family == 'Debian' - block: - - - name: SHELL | Check if we installed multiple PHP versions - ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l) - args: - executable: /bin/bash - failed_when: false - changed_when: false - register: check_multiple_php - - - - name: FAIL | If we have multiple PHP version - ansible.builtin.fail: - msg: "Multiple PHP versions detected" - when: check_multiple_php.stdout != '1' diff --git a/vars/Debian-buster.yml b/vars/Debian-buster.yml deleted file mode 100644 index 0ac2956..0000000 --- a/vars/Debian-buster.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.3' diff --git a/vars/Debian-trixie.yml b/vars/Debian-trixie.yml new file mode 100644 index 0000000..68a47f8 --- /dev/null +++ b/vars/Debian-trixie.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '8.4' diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml deleted file mode 100644 index 23ec322..0000000 --- a/vars/FreeBSD-11.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.2' diff --git a/vars/FreeBSD-12.yml b/vars/FreeBSD-12.yml deleted file mode 100644 index 23ec322..0000000 --- a/vars/FreeBSD-12.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.2' diff --git a/vars/OS_Family_FreeBSD.yml b/vars/OS_Family_FreeBSD.yml deleted file mode 100644 index 8c675f2..0000000 --- a/vars/OS_Family_FreeBSD.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -php_packages: - - '{{ php_package_prefix }}curl' - - '{{ php_package_prefix }}gd' - - '{{ php_package_prefix }}mysqli' - - '{{ php_package_prefix }}intl' - -php_package_prefix: 'php{{ php_version | replace(".", "") }}-' - -php_mods_dir: '/usr/local/etc/php' -php_fpm_pool_dir: '/usr/local/etc/php-fpm.d' - -php_fpm_service: 'php-fpm' -php_default_fpm_sock: '/var/run/php-fpm.sock' - -php_cli_ini: '/usr/local/etc/php.ini' -php_fpm_ini: '/usr/local/etc/php.ini' - -php_default_user_group: 'www' diff --git a/vars/Ubuntu-bionic.yml b/vars/Ubuntu-bionic.yml deleted file mode 100644 index 23ec322..0000000 --- a/vars/Ubuntu-bionic.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.2' diff --git a/vars/Ubuntu-noble.yml b/vars/Ubuntu-noble.yml new file mode 100644 index 0000000..fe72c38 --- /dev/null +++ b/vars/Ubuntu-noble.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '8.3' diff --git a/vars/Ubuntu-xenial.yml b/vars/Ubuntu-xenial.yml deleted file mode 100644 index 7712f6a..0000000 --- a/vars/Ubuntu-xenial.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.0'