radityo
/
ansible-php
mirror of https://github.com/HanXHX/ansible-php.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

⚗️ Modernize and add CI

modernize
Emilien Mantel 2025-06-02 12:09:08 +02:00
parent 4aef107c1a
commit b0834f9a1a
49 changed files with 599 additions and 506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.ansible-lint
View File

@ -1,8 +0,0 @@
---
# TODO: enable later
enable_list:
- fqcn-builtins
skip_list:
- role-name

1
.ansible/roles/hanxhx.php 120000
View File

@ -0,0 +1 @@
/home/triplestack/dev/PERSO/ansible-php

12
.config/ansible-lint.yml 100644
View File

@ -0,0 +1,12 @@
---
profile: production
warn_list: []
skip_list: []
exclude_paths:
- .github/
- .venv/
- venv/

39
.github/workflows/ci.yml vendored 100644
View File

@ -0,0 +1,39 @@
---
name: ci
'on':
pull_request:
push:
branches:
- master
jobs:
yaml-lint:
name: YAML Lint
runs-on: ubuntu-latest
steps:
- name: Fetch code
uses: actions/checkout@v3
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
ansible-lint:
name: Ansible Lint
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@main

17
.github/workflows/galaxy.yml vendored 100644
View File

@ -0,0 +1,17 @@
---
name: Deploy on Ansible Galaxy
'on':
- push
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: galaxy
uses: robertdebock/galaxy-action@1.2.0
with:
galaxy_api_key: ${{ secrets.galaxy_api_key }}

43
.github/workflows/molecule.yml vendored 100644
View File

@ -0,0 +1,43 @@
---
name: Molecule
'on':
pull_request:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
scenario:
- debian-11
- debian-12
- ubuntu-20.04
- ubuntu-22.04
- ubuntu-24.04
allowed-to-fail:
- false
include:
- scenario: debian-13
allowed-to-fail: true
steps:
- name: Checkout
uses: actions/checkout@v3
with:
path: "${{ github.repository }}"
- name: Molecule
uses: gofrolist/molecule-action@v2.7.62
with:
molecule_options: --base-config molecule/_shared/base.yml
molecule_args: --scenario-name ${{ matrix.scenario }}
continue-on-error: ${{ matrix.allowed-to-fail }}
- name: Fake command
run: echo "End of job"

4
.gitignore vendored
View File

@ -1,6 +1,8 @@
.vagrant*
*.swp
*.retry
*.log
/filter_plugins/*.pyc
/filter_plugins/__pycache__
/.idea
/.venv
/venv

2
.yamllint.yml
View File

@ -4,3 +4,5 @@ extends: default
rules:
line-length: disable
ignore-from-file: .gitignore

45
README.md
View File

@ -1,22 +1,14 @@
Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD
=====================================================
Ansible PHP (+FPM) role for Debian / Ubuntu
===========================================
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.php-blue.svg)](https://galaxy.ansible.com/HanXHX/php) [![Build Status](https://app.travis-ci.com/HanXHX/ansible-php.svg?branch=master)](https://app.travis-ci.com/HanXHX/ansible-php)
Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug.
Install PHP on Debian / Ubuntu. Manage PHP-FPM, APCu, Opcache and Xdebug.
Managed OS / Versions
---------------------
On all Debian versions, you can install all PHP versions (from PHP 5.6 to 8.1 beta) by using [Sury's APT repository](https://deb.sury.org/).
Other cases:
| OS | PHP 7.0 | PHP 7.1 | PHP 7.2 | PHP 7.3 | PHP >= 7.4 |
|:---------------------:|:-------------------:|:--------------------:|:--------------------:|:--------------------:|:--------------------:
| Ubuntu Bionic (18.04) | :x: | :x: | :heavy_check_mark: | :x: | :x: |
| FreeBSD 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Need tests... |
| FreeBSD 12 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Need tests... |
On all Debian versions, you can install all PHP versions (from PHP 5.6 to latest version) by using [Sury's APT repository](https://deb.sury.org/).
Links:
- [Sury](https://deb.sury.org/)
@ -28,13 +20,6 @@ Requirements
- Collections: [community.general](https://galaxy.ansible.com/community/general)
- If you need PHP-FPM, you must install a webserver with FastCGI support. You can use my [nginx role](https://github.com/HanXHX/ansible-nginx).
FreeBSD limitations
-------------------
- It doesn't split ini file for FPM/CLI. It's hardcoded as `/usr/local/etc/php.ini`.
- It can't manage multiple PHP versions at the time (like legacy Debian versions)
- You must explicitely set xdebug package name (use `pkg search xdebug` to find the good one)
Role Variables
--------------
@ -42,7 +27,7 @@ You should look at [default vars](defaults/main.yml).
### Writable vars
- `php_version`: 7.3, 7.4... depending OS (see above)
- `php_version`: 7.3, 7.4... depending on OS
- `php_install_fpm`: boolean, install and manage php-fpm (default is true)
- `php_install_xdebug`: boolean, install [Xdebug](http://xdebug.org)
- `php_extra_packages`: additional php packages to install (default is an empty list).
@ -159,16 +144,20 @@ Example Playbook
### Simple Playbook
- hosts: servers
roles:
- { role: HanXHX.php }
```yaml
- hosts: servers
roles:
- { role: HanXHX.php }
```
### Debian Bullseye with PHP 8.0 CLI (no FPM)
- hosts: servers
roles:
- { role: HanXHX.sury }
- { role: HanXHX.php, php_version: '8.0', php_install_fpm: false }
```yaml
- hosts: servers
roles:
- { role: HanXHX.sury }
- { role: HanXHX.php, php_version: '8.0', php_install_fpm: false }
```
License
-------
@ -185,7 +174,7 @@ If this code helped you, or if youve used them for your projects, feel free t
- Litecoin: `LeNDw34zQLX84VvhCGADNvHMEgb5QyFXyD`
- Monero: `45wbf7VdQAZS5EWUrPhen7Wo4hy7Pa7c7ZBdaWQSRowtd3CZ5vpVw5nTPphTuqVQrnYZC72FXDYyfP31uJmfSQ6qRXFy3bQ`
No crypto-currency? :star: the project is also a way of saying thank you! :sunglasses:
No cryptocurrency? :star: the project is also a way of saying thank you! :sunglasses:
Author Information
------------------

91
Vagrantfile vendored
View File

@ -1,91 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# vi: set tabstop=2 :
# vi: set shiftwidth=2 :
Vagrant.configure("2") do |config|
vms_debian = [
{ :name => "debian-stretch-php70", :box => "debian/stretch64", :vars => { }},
{ :name => "debian-stretch-php74", :box => "debian/stretch64", :vars => { "php_version": '7.4' }},
{ :name => "debian-buster-php73", :box => "debian/buster64", :vars => { }},
{ :name => "debian-buster-php74", :box => "debian/buster64", :vars => { "php_version": '7.4' }},
{ :name => "debian-bullseye-php74", :box => "debian/bullseye64", :vars => { }},
{ :name => "debian-bullseye-php80", :box => "debian/bullseye64", :vars => { "php_version": '8.0' }},
{ :name => "ubuntu-bionic-php72", :box => "ubuntu/bionic64", :vars => { }},
]
vms_freebsd = [
{ :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE", :vars => {} },
{ :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} }
]
conts = [
{ :name => "docker-debian-stretch-php70", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { }},
{ :name => "docker-debian-stretch-php74", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "php_version": '7.4' }},
{ :name => "docker-debian-buster-php73", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { }},
{ :name => "docker-debian-buster-php74", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { "php_version": '7.4' }},
{ :name => "docker-debian-bullseye-php74", :docker => "hanxhx/vagrant-ansible:debian11", :vars => { }},
{ :name => "docker-debian-bullseye-php80", :docker => "hanxhx/vagrant-ansible:debian11", :vars => { "php_version": '8.0' }},
{ :name => "docker-ubuntu-bionic-php72", :docker => "hanxhx/vagrant-ansible:ubuntu18.04", :vars => { }},
]
config.vm.network "private_network", type: "dhcp"
conts.each do |opts|
config.vm.define opts[:name] do |m|
m.vm.provider "docker" do |d|
d.image = opts[:docker]
d.remains_running = true
d.has_ssh = true
end
#m.vm.provision "shell", inline: "apt-get update && apt-get install -y python python-apt"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars]
end
end
end
vms_debian.each do |opts|
config.vm.define opts[:name] do |m|
m.vm.box = opts[:box]
m.vm.provider "virtualbox" do |v|
v.cpus = 1
v.memory = 256
end
m.vm.provision "shell", inline: "apt-get update && apt-get install -y ifupdown python"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars]
end
end
end
vms_freebsd.each do |opts|
config.vm.synced_folder ".", "/vagrant", disabled: true
config.vm.base_mac = "080027D14C66"
config.vm.define opts[:name] do |m|
m.vm.box = opts[:box]
m.vm.provider "virtualbox" do |v, override|
override.ssh.shell = "csh"
v.cpus = 2
v.memory = 512
end
m.vm.provision "shell", inline: "pkg install -y python bash"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars].merge({ "ansible_python_interpreter": '/usr/local/bin/python' })
end
end
end
end

9
handlers/main.yml
View File

@ -1,14 +1,7 @@
---
- name: restart php-fpm
- name: Restart php-fpm
ansible.builtin.service:
name: '{{ php_fpm_service }}'
state: restarted
when: php_install_fpm
notify: docker restart php-fpm
- name: docker restart php-fpm
ansible.builtin.command: 'service {{ php_fpm_service }} restart'
args:
warn: false
when: ansible_virtualization_type == 'docker'

22
meta/main.yml
View File

@ -1,24 +1,23 @@
---
galaxy_info:
author: Emilien Mantel
description: Install and configure PHP 7.0/7.1/7.2/7.3/7.4/8.0
company:
namespace: hanxhx
role_name: php
description: Install and configure PHP 7.x/8.x
company: TripleStack
license: GPLv2
min_ansible_version: 2.11
min_ansible_version: "2.18"
platforms:
- name: Debian
versions:
- stretch
- buster
- bullseye
- bookworm
- trixie
- name: Ubuntu
versions:
- bionic
- name: FreeBSD
versions:
- 11.0
- 11.1
- 12.0
- focal
- jammy
- noble
galaxy_tags:
- development
- web
@ -28,5 +27,4 @@ galaxy_info:
- php8
- debian
- ubuntu
- freebsd
dependencies: []

19
molecule/_shared/Dockerfile.j2 100644
View File

@ -0,0 +1,19 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
{% if item.env is defined %}
{% for var, value in item.env.items() %}
{% if value %}
ENV {{ var }} {{ value }}
{% endif %}
{% endfor %}
{% endif %}
RUN apt-get update && \
apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
&& apt-get clean

42
molecule/_shared/base.yml 100644
View File

@ -0,0 +1,42 @@
---
scenario:
test_sequence:
- dependency
- syntax
- create
- prepare
- converge
- idempotence
- verify
- destroy
dependency:
name: galaxy
options:
requirements-file: ./molecule/_shared/requirements.yml
role-file: ./molecule/_shared/requirements.yml
driver:
name: docker
role_name_check: 1
provisioner:
name: ansible
env:
ANSIBLE_FILTER_PLUGINS: "../../filter_plugins"
config_options:
defaults:
deprecation_warnings: false
callback_whitelist: timer,profile_tasks
fact_caching: jsonfile
fact_caching_connection: ./cache
forks: 100
connection:
pipelining: true
playbooks:
converge: ../_shared/converge.yml
prepare: ../_shared/prepare.yml
verify: ../_shared/verify.yml
inventory:
links:
group_vars: ../_shared/group_vars
verifier:
name: ansible

41
molecule/_shared/converge.yml 100644
View File

@ -0,0 +1,41 @@
---
- name: Converge # noqa: role-name[path]
hosts: all
gather_facts: true
roles:
- ../../../
handlers:
- name: Reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
vars:
__nginx_conf: /etc/nginx/nginx.conf
post_tasks:
- name: TEMPLATE | Nginx site config
ansible.builtin.template:
src: "templates/nginx.conf.j2"
dest: "{{ __nginx_conf }}"
mode: 0644
owner: root
group: root
notify: Reload nginx
- name: COMMAND | Fix nginx config
ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
args:
creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: LINEINFILE | Fix nginx config (second step)
ansible.builtin.lineinfile:
regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;"
dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: SERVICE | Ensure Nginx is started
ansible.builtin.service:
name: nginx
state: started

36
molecule/_shared/group_vars/all/main.yml 100644
View File

@ -0,0 +1,36 @@
---
vhost: 'test.local'
php_version: null
php_extra_packages:
- '{{ php_package_prefix }}pgsql'
php_install_xdebug: true
php_autoremove_default_pool: true
php_ini_fpm:
display_errors: 'Off'
php_ini_cli:
error_reporting: 'E_ALL'
php_fpm_poold:
- pool_name: 'test_ansible'
listen: '/run/php/php-ansible1.sock'
pm: 'dynamic'
pm_max_children: 250
pm_start_servers: 10
pm_min_spare_servers: 10
pm_max_spare_servers: 20
status_path: '/status'
ping_path: '/ping'
ping_response: 'ok'
- name: 'test_ansible2'
user: 'foo'
php_value:
display_errors: 'Off'
php_admin_value:
memory_limit: '98M'

41
molecule/_shared/prepare.yml 100644
View File

@ -0,0 +1,41 @@
---
- name: Prepare
hosts: all
gather_facts: true
tasks:
- name: APT | Install packages
ansible.builtin.apt:
pkg: "{{ p }}"
update_cache: true
cache_valid_time: 3600
vars:
p:
- apt-transport-https
- ca-certificates
- curl
- gpg
- lsb-release
- nginx
- vim
- name: BLOCK | Setup Sury on Debian
when:
- php_version is not none
- php_version != php_default_version
- ansible_distribution == 'Debian'
block:
- name: APT | Install Sury key
ansible.builtin.apt_key:
url: 'https://packages.sury.org/php/apt.gpg'
- name: APT_REPOSITORY | Add Sury repository
ansible.builtin.apt_repository:
repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
- name: USER | Create PHP user
ansible.builtin.user:
name: 'foo'
system: true
create_home: false
shell: '/usr/sbin/nologin'

4
molecule/_shared/requirements.yml 100644
View File

@ -0,0 +1,4 @@
---
collections:
- community.general

16
molecule/_shared/templates/custom_template.conf.j2 100644
View File

@ -0,0 +1,16 @@
# {{ ansible_managed }} - custom template
server {
listen 80;
listen 8888 http2;
listen 9999 http2 proxy_protocol;
server_name {{ item.name }};
index index.html index.htm;
root {{ item.root }};
location / {
try_files $uri $uri/ =404;
}
}

8
tests/templates/nginx.conf.j2 → molecule/_shared/templates/nginx.conf.j2
View File

@ -1,8 +1,12 @@
events {
worker_connections 1024;
worker_connections 512;
multi_accept on;
use epoll;
}
user {{ php_default_user_group }};
user www-data;
worker_processes 1;
pid /run/nginx.pid;
http {
include mime.types;

76
molecule/_shared/verify.yml 100644
View File

@ -0,0 +1,76 @@
---
- name: Verify
hosts: all
gather_facts: true
vars:
nginx_root: "/srv/www"
tasks:
- name: SHELL | Test php-cli
ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ ansible_local.hanxhx_php.php_version }}' | head -n 1
changed_when: false
register: p
failed_when: p.stdout == ''
args:
executable: /bin/bash
- name: FILE | Create /var/www
ansible.builtin.file:
dest: /var/www
state: directory
owner: root
group: root
mode: 0755
- name: COPY | Add phpinfo
ansible.builtin.copy:
dest: /var/www/phpinfo.php
content: '<?php phpinfo();'
owner: root
group: root
mode: 0644
- name: COPY | Add ini test file
ansible.builtin.copy:
dest: /var/www/ini.php
content: '<?php echo ini_get("memory_limit") . "\n";'
owner: root
group: root
mode: 0644
- name: SHELL | Check vhost
ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ ansible_local.hanxhx_php.php_version }}' | sed -r 's/<//g'"
args:
executable: /bin/bash
changed_when: false
register: c
failed_when: c.stdout == ''
- name: SHELL | Check custom php value # noqa: command-instead-of-module
ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
changed_when: false
register: c
failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
- name: URI | Check ping
ansible.builtin.uri:
url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
when: php_fpm_poold.0.ping_path is defined
- name: URI | Check status
ansible.builtin.uri:
url: "http://localhost{{ php_fpm_poold.0.status_path }}"
when: php_fpm_poold.0.status_path is defined
- name: SHELL | Check if we installed multiple PHP versions
ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
args:
executable: /bin/bash
failed_when: false
changed_when: false
register: check_multiple_php
- name: FAIL | If we have multiple PHP version
ansible.builtin.fail:
msg: "Multiple PHP versions detected"
when: check_multiple_php.stdout != '1'

13
molecule/debian-11/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: debian-11
image: dokken/debian-11
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/debian-12/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: debian-12
image: dokken/debian-12
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/debian-13/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: debian-12
image: dokken/debian-13
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

0
molecule/default/.gitkeep 100644
View File

13
molecule/ubuntu-20.04/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-20.04
image: dokken/ubuntu-20.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/ubuntu-22.04/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-22.04
image: dokken/ubuntu-22.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/ubuntu-24.04/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-24.04
image: dokken/ubuntu-24.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

49
requirements.txt 100644
View File

@ -0,0 +1,49 @@
ansible==11.6.0
ansible-compat==25.5.0
ansible-core==2.18.6
ansible-lint==25.5.0
attrs==25.3.0
black==25.1.0
bracex==2.5.post1
certifi==2025.4.26
cffi==1.17.1
charset-normalizer==3.4.2
click==8.2.1
click-help-colors==0.9.4
cryptography==45.0.3
distro==1.9.0
docker==7.1.0
enrich==1.2.7
filelock==3.18.0
idna==3.10
importlib-metadata==8.7.0
jinja2==3.1.6
jsonschema==4.24.0
jsonschema-specifications==2025.4.1
markdown-it-py==3.0.0
markupsafe==3.0.2
mdurl==0.1.2
molecule==25.5.0
molecule-plugins==23.7.0
mypy-extensions==1.1.0
packaging==25.0
pathspec==0.12.1
platformdirs==4.3.8
pluggy==1.6.0
pycparser==2.22
pygments==2.19.1
pyyaml==6.0.2
referencing==0.36.2
requests==2.32.3
resolvelib==1.0.1
rich==14.0.0
rpds-py==0.25.1
ruamel-yaml==0.18.12
ruamel-yaml-clib==0.2.12
selinux==0.3.0
subprocess-tee==0.4.2
typing-extensions==4.13.2
urllib3==2.4.0
wcmatch==10.0
yamllint==1.37.1
zipp==3.22.0

12
tasks/fpm.yml
View File

@ -6,12 +6,6 @@
state: "{{ 'present' if php_install_fpm else 'absent' }}"
when: ansible_os_family == 'Debian'
- name: SERVICE | Enable service on FreeBSD
ansible.builtin.service:
name: "{{ php_fpm_service }}"
enabled: "{{ 'true' if php_install_fpm else 'false' }}"
when: ansible_os_family == 'FreeBSD'
- name: LINEINFILE | PHP configuration
ansible.builtin.lineinfile:
dest: '{{ php_fpm_ini }}'
@ -22,7 +16,7 @@
group: root
mode: 0644
loop: "{{ php_ini | combine(php_ini_fpm) | dict2items }}"
notify: restart php-fpm
notify: Restart php-fpm
- name: TEMPLATE | Deploy pool configuration
ansible.builtin.template:
@ -32,11 +26,11 @@
group: root
mode: 0644
loop: "{{ ansible_local.hanxhx_php.fpm_pool }}"
notify: restart php-fpm
notify: Restart php-fpm
- name: FILE | Delete default pool if necessary
ansible.builtin.file:
path: "{{ php_fpm_pool_dir }}/www.conf"
state: absent
when: '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool'
notify: restart php-fpm
notify: Restart php-fpm

39
tasks/main.yml
View File

@ -19,6 +19,11 @@
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- name: SET_FACT | Prepare PHP version if not defined
ansible.builtin.set_fact:
php_version: "{{ php_default_version }}"
when: php_version is none or php_version == '' or php_version is not defined
- name: SET_FACT | Transform data
ansible.builtin.set_fact:
__php_fpm_full_pool: |
@ -54,7 +59,7 @@
- name: COPY | Manage facts
ansible.builtin.copy:
content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }} }"
content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }}, \"php_version\": \"{{ php_version }}\" }"
dest: /etc/ansible/facts.d/hanxhx_php.fact
owner: root
group: root
@ -76,14 +81,7 @@
install_recommends: false
vars:
pkgs: "{{ php_packages + php_extra_packages | flatten }}"
notify: restart php-fpm
when: ansible_os_family == 'Debian'
- name: PKGNG | Install PHP packages
community.general.pkgng:
name: "{{ php_packages + php_extra_packages | flatten | join(',') }}"
notify: restart php-fpm
when: ansible_os_family == 'FreeBSD'
notify: Restart php-fpm
- name: IMPORT_TASKS | PHP-FPM
ansible.builtin.import_tasks: fpm.yml
@ -101,26 +99,9 @@
- name: APT | Install and configure opcache
ansible.builtin.import_tasks: opcache.yml
- name: SERVICE | Ensure PHP-FPM is started
- name: SERVICE | Ensure PHP-FPM is started and enabled
when: php_install_fpm
ansible.builtin.service:
name: '{{ php_fpm_service }}'
state: started
when: php_install_fpm and ansible_virtualization_type != 'docker'
- block:
- name: COMMAND | Check if PHP-FPM is started (Docker)
ansible.builtin.command: 'service {{ php_fpm_service }} status'
args:
warn: false
register: dps
changed_when: false
failed_when: false
- name: COMMAND | Ensure PHP-FPM is started (Docker)
ansible.builtin.command: 'service {{ php_fpm_service }} start'
args:
warn: false
when: dps.stdout.find('is not running') != -1
when: php_install_fpm and ansible_virtualization_type == 'docker'
enabled: true

36
tasks/opcache.yml
View File

@ -1,30 +1,14 @@
---
- block:
- name: APT | Install APCu
ansible.builtin.apt:
pkg: "{{ php_apcu_package }}"
install_recommends: false
- name: APT | Install APCu
ansible.builtin.apt:
pkg: "{{ php_apcu_package }}"
install_recommends: false
- name: APT | Install Opcache
ansible.builtin.apt:
pkg: "{{ php_package_prefix }}opcache"
install_recommends: false
when: ansible_os_family == 'Debian'
- block:
- name: PKGNG | Install APCu
community.general.pkgng:
name: "php{{ php_version | replace('.', '') }}-pecl-APCu"
- name: PKGNG | Install Opcache
community.general.pkgng:
name: "{{ php_package_prefix }}opcache"
when: ansible_os_family == 'FreeBSD'
- name: APT | Install Opcache
ansible.builtin.apt:
pkg: "{{ php_package_prefix }}opcache"
install_recommends: false
- name: TEMPLATE | Configure Opcache
ansible.builtin.template:
@ -33,7 +17,7 @@
owner: root
group: root
mode: 0644
notify: restart php-fpm
notify: Restart php-fpm
- name: TEMPLATE | Configure APCu
ansible.builtin.template:
@ -42,4 +26,4 @@
owner: root
group: root
mode: 0644
notify: restart php-fpm
notify: Restart php-fpm

32
tasks/xdebug.yml
View File

@ -1,7 +1,8 @@
---
- block:
- name: BLOCK | Install Xdebug
when: php_install_xdebug
block:
- name: APT | Install xdebug
ansible.builtin.apt:
pkg: "{{ php_xdebug_package }}"
@ -11,33 +12,16 @@
install_recommends: false
when: ansible_os_family == 'Debian'
- name: PKGNG | Install xdebug
community.general.pkgng:
name: "{{ php_xdebug_package }}"
when: ansible_os_family == 'FreeBSD' and php_xdebug_package is defined
- name: TEMPLATE | Deploy module configurations
ansible.builtin.template:
src: "etc/__php__/mods-available/xdebug.ini.j2"
dest: "{{ php_mods_dir }}/xdebug.ini"
owner: root
mode: 0644
notify: restart php-fpm
when: php_install_xdebug
- block:
- name: APT | Uninstall xdebug
ansible.builtin.apt:
pkg: "{{ php_xdebug_package }}"
state: absent
when: ansible_os_family == 'Debian'
- name: PKGNG | Uninstall xdebug
community.general.pkgng:
name: "{{ php_xdebug_package }}"
state: absent
when: ansible_os_family == 'FreeBSD'
notify: Restart php-fpm
- name: APT | Uninstall xdebug
ansible.builtin.apt:
pkg: "{{ php_xdebug_package }}"
state: absent
when: not php_install_xdebug

9
tests/includes/Debian/sury.yml
View File

@ -1,9 +0,0 @@
---
- name: APT | Install Sury key
ansible.builtin.apt_key:
url: 'https://packages.sury.org/php/apt.gpg'
- name: APT_REPOSITORY | Add Sury repository
ansible.builtin.apt_repository:
repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'

24
tests/includes/pre_Debian.yml
View File

@ -1,24 +0,0 @@
---
- name: SET_FACT | Prepare test vars
ansible.builtin.set_fact:
__nginx_conf: /etc/nginx/nginx.conf
- name: APT | Install packages
ansible.builtin.apt:
pkg: "{{ p }}"
update_cache: true
cache_valid_time: 3600
vars:
p:
- apt-transport-https
- ca-certificates
- curl
- gpg
- lsb-release
- nginx
- vim
- name: INCLUDE_TASKS | Sury
ansible.builtin.include_tasks: Debian/sury.yml
when: php_version != php_default_version

10
tests/includes/pre_FreeBSD.yml
View File

@ -1,10 +0,0 @@
---
- name: SET_FACT | Prepare test vars
ansible.builtin.set_fact:
__nginx_conf: /usr/local/etc/nginx/nginx.conf
php_xdebug_package: 'php72-pecl-xdebug-2.6.1'
- name: PKGNG | Install packages
community.general.pkgng:
name: ['curl', 'nginx']

187
tests/test.yml
View File

@ -1,187 +0,0 @@
---
- hosts: all
vars:
vhost: 'test.local'
php_extra_packages:
- '{{ php_package_prefix }}pgsql'
php_install_xdebug: true
php_autoremove_default_pool: true
php_ini_fpm:
display_errors: 'Off'
php_ini_cli:
error_reporting: 'E_ALL'
php_fpm_poold:
- pool_name: 'test_ansible'
listen: '/run/php/php-ansible1.sock'
pm: 'dynamic'
pm_max_children: 250
pm_start_servers: 10
pm_min_spare_servers: 10
pm_max_spare_servers: 20
status_path: '/status'
ping_path: '/ping'
ping_response: 'ok'
- name: 'test_ansible2'
user: 'foo'
php_value:
display_errors: 'Off'
php_admin_value:
memory_limit: '98M'
pre_tasks:
- name: INCLUDE_TASKS | Pre tasks related to OS
ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml"
- name: USER | Create PHP user
ansible.builtin.user:
name: 'foo'
system: true
create_home: false
shell: '/usr/sbin/nologin'
tasks:
- name: TEMPLATE | Nginx site config
ansible.builtin.template:
src: "templates/nginx.conf.j2"
dest: "{{ __nginx_conf }}"
mode: 0644
owner: root
group: root
notify: reload nginx
- name: COMMAND | Fix nginx config
ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
args:
creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: reload nginx
- name: LINEINFILE | Fix nginx config (second step)
ansible.builtin.lineinfile:
regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;"
dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: reload nginx
- name: SERVICE | Ensure nginx is started
ansible.builtin.service:
name: nginx
state: started
when: ansible_virtualization_type != 'docker'
- block:
- name: COMMAND | Docker nginx status
ansible.builtin.command: service nginx status
args:
warn: false
changed_when: false
failed_when: false
register: ngs
- name: COMMAND | Docker start nginx
ansible.builtin.command: service nginx start
args:
warn: false
when: ngs.stdout.find('nginx is not running') != -1
when: ansible_virtualization_type == 'docker'
handlers:
- name: reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
notify: docker reload nginx
- name: docker reload nginx
ansible.builtin.command: service nginx reload
args:
warn: false
notify: docker reload nginx
when: ansible_virtualization_type == 'docker'
roles:
- ../../
post_tasks:
- name: SHELL | Test php-cli
ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
changed_when: false
register: p
failed_when: p.stdout == ''
args:
executable: /bin/bash
- name: FILE | Create /var/www
ansible.builtin.file:
dest: /var/www
state: directory
owner: root
group: root
mode: 0755
- name: COPY | Add phpinfo
ansible.builtin.copy:
dest: /var/www/phpinfo.php
content: '<?php phpinfo();'
owner: root
group: root
mode: 0644
- name: COPY | Add ini test file
ansible.builtin.copy:
dest: /var/www/ini.php
content: '<?php echo ini_get("memory_limit") . "\n";'
owner: root
group: root
mode: 0644
- name: SHELL | Check vhost
ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
args:
warn: false
executable: /bin/bash
changed_when: false
register: c
failed_when: c.stdout == ''
- name: SHELL | Check custom php value
ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
args:
warn: false
changed_when: false
register: c
failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
- name: URI | Check ping
ansible.builtin.uri:
url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
when: php_fpm_poold.0.ping_path is defined
- name: URI | Check status
ansible.builtin.uri:
url: "http://localhost{{ php_fpm_poold.0.status_path }}"
when: php_fpm_poold.0.status_path is defined
- block:
- name: SHELL | Check if we installed multiple PHP versions
ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
args:
executable: /bin/bash
failed_when: false
changed_when: false
register: check_multiple_php
- name: FAIL | If we have multiple PHP version
ansible.builtin.fail:
msg: "Multiple PHP versions detected"
when: check_multiple_php.stdout != '1'
when: ansible_os_family == 'Debian'

3
vars/Debian-bookworm.yml 100644
View File

@ -0,0 +1,3 @@
---
php_default_version: '8.2'

3
vars/Debian-buster.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.3'

3
vars/Debian-stretch.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.0'

3
vars/Debian-trixie.yml 100644
View File

@ -0,0 +1,3 @@
---
php_default_version: '8.4'

3
vars/FreeBSD-11.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.2'

3
vars/FreeBSD-12.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.2'

20
vars/OS_Family_FreeBSD.yml
View File

@ -1,20 +0,0 @@
---
php_packages:
- '{{ php_package_prefix }}curl'
- '{{ php_package_prefix }}gd'
- '{{ php_package_prefix }}mysqli'
- '{{ php_package_prefix }}intl'
php_package_prefix: 'php{{ php_version | replace(".", "") }}-'
php_mods_dir: '/usr/local/etc/php'
php_fpm_pool_dir: '/usr/local/etc/php-fpm.d'
php_fpm_service: 'php-fpm'
php_default_fpm_sock: '/var/run/php-fpm.sock'
php_cli_ini: '/usr/local/etc/php.ini'
php_fpm_ini: '/usr/local/etc/php.ini'
php_default_user_group: 'www'

3
vars/Ubuntu-bionic.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.2'

3
vars/Ubuntu-focal.yml 100644
View File

@ -0,0 +1,3 @@
---
php_default_version: '7.4'

3
vars/Ubuntu-jammy.yml 100644
View File

@ -0,0 +1,3 @@
---
php_default_version: '8.1'

3
vars/Ubuntu-noble.yml 100644
View File

@ -0,0 +1,3 @@
---
php_default_version: '8.3'

3
vars/Ubuntu-xenial.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.0'