diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index 454cf00..0000000 --- a/.ansible-lint +++ /dev/null @@ -1,8 +0,0 @@ ---- - -# TODO: enable later -enable_list: - - fqcn-builtins - -skip_list: - - role-name diff --git a/.ansible/roles/hanxhx.php b/.ansible/roles/hanxhx.php new file mode 120000 index 0000000..7b0554b --- /dev/null +++ b/.ansible/roles/hanxhx.php @@ -0,0 +1 @@ +/home/triplestack/dev/PERSO/ansible-php \ No newline at end of file diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml new file mode 100644 index 0000000..c334001 --- /dev/null +++ b/.config/ansible-lint.yml @@ -0,0 +1,12 @@ +--- + +profile: production + +warn_list: [] + +skip_list: [] + +exclude_paths: + - .github/ + - .venv/ + - venv/ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..d502f71 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,39 @@ +--- + +name: ci +'on': + pull_request: + push: + branches: + - master + +jobs: + + yaml-lint: + name: YAML Lint + runs-on: ubuntu-latest + steps: + + - name: Fetch code + uses: actions/checkout@v3 + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + ansible-lint: + name: Ansible Lint + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + + - name: Run ansible-lint + uses: ansible/ansible-lint@main diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml new file mode 100644 index 0000000..6ccf841 --- /dev/null +++ b/.github/workflows/galaxy.yml @@ -0,0 +1,17 @@ +--- + +name: Deploy on Ansible Galaxy + +'on': + - push + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v2 + - name: galaxy + uses: robertdebock/galaxy-action@1.2.0 + with: + galaxy_api_key: ${{ secrets.galaxy_api_key }} diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml new file mode 100644 index 0000000..ae6446a --- /dev/null +++ b/.github/workflows/molecule.yml @@ -0,0 +1,43 @@ +--- + +name: Molecule + +'on': + pull_request: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + scenario: + - debian-11 + - debian-12 + - ubuntu-20.04 + - ubuntu-22.04 + - ubuntu-24.04 + allowed-to-fail: + - false + include: + - scenario: debian-13 + allowed-to-fail: true + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + path: "${{ github.repository }}" + + - name: Molecule + uses: gofrolist/molecule-action@v2.7.62 + with: + molecule_options: --base-config molecule/_shared/base.yml + molecule_args: --scenario-name ${{ matrix.scenario }} + continue-on-error: ${{ matrix.allowed-to-fail }} + + - name: Fake command + run: echo "End of job" diff --git a/.gitignore b/.gitignore index 0e2ef64..e5ba8ab 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ -.vagrant* *.swp *.retry *.log /filter_plugins/*.pyc /filter_plugins/__pycache__ +/.idea +/.venv +/venv diff --git a/.yamllint.yml b/.yamllint.yml index 53974a0..a3618d2 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -4,3 +4,5 @@ extends: default rules: line-length: disable + +ignore-from-file: .gitignore diff --git a/README.md b/README.md index 78ab819..49e1dc4 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,14 @@ -Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD -===================================================== +Ansible PHP (+FPM) role for Debian / Ubuntu +=========================================== [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.php-blue.svg)](https://galaxy.ansible.com/HanXHX/php) [![Build Status](https://app.travis-ci.com/HanXHX/ansible-php.svg?branch=master)](https://app.travis-ci.com/HanXHX/ansible-php) -Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug. +Install PHP on Debian / Ubuntu. Manage PHP-FPM, APCu, Opcache and Xdebug. Managed OS / Versions --------------------- -On all Debian versions, you can install all PHP versions (from PHP 5.6 to 8.1 beta) by using [Sury's APT repository](https://deb.sury.org/). - -Other cases: - -| OS | PHP 7.0 | PHP 7.1 | PHP 7.2 | PHP 7.3 | PHP >= 7.4 | -|:---------------------:|:-------------------:|:--------------------:|:--------------------:|:--------------------:|:--------------------: -| Ubuntu Bionic (18.04) | :x: | :x: | :heavy_check_mark: | :x: | :x: | -| FreeBSD 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Need tests... | -| FreeBSD 12 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Need tests... | +On all Debian versions, you can install all PHP versions (from PHP 5.6 to latest version) by using [Sury's APT repository](https://deb.sury.org/). Links: - [Sury](https://deb.sury.org/) @@ -28,13 +20,6 @@ Requirements - Collections: [community.general](https://galaxy.ansible.com/community/general) - If you need PHP-FPM, you must install a webserver with FastCGI support. You can use my [nginx role](https://github.com/HanXHX/ansible-nginx). -FreeBSD limitations -------------------- - -- It doesn't split ini file for FPM/CLI. It's hardcoded as `/usr/local/etc/php.ini`. -- It can't manage multiple PHP versions at the time (like legacy Debian versions) -- You must explicitely set xdebug package name (use `pkg search xdebug` to find the good one) - Role Variables -------------- @@ -42,7 +27,7 @@ You should look at [default vars](defaults/main.yml). ### Writable vars -- `php_version`: 7.3, 7.4... depending OS (see above) +- `php_version`: 7.3, 7.4... depending on OS - `php_install_fpm`: boolean, install and manage php-fpm (default is true) - `php_install_xdebug`: boolean, install [Xdebug](http://xdebug.org) - `php_extra_packages`: additional php packages to install (default is an empty list). @@ -159,16 +144,20 @@ Example Playbook ### Simple Playbook - - hosts: servers - roles: - - { role: HanXHX.php } +```yaml +- hosts: servers + roles: + - { role: HanXHX.php } +``` ### Debian Bullseye with PHP 8.0 CLI (no FPM) - - hosts: servers - roles: - - { role: HanXHX.sury } - - { role: HanXHX.php, php_version: '8.0', php_install_fpm: false } +```yaml +- hosts: servers + roles: + - { role: HanXHX.sury } + - { role: HanXHX.php, php_version: '8.0', php_install_fpm: false } +``` License ------- @@ -185,7 +174,7 @@ If this code helped you, or if you’ve used them for your projects, feel free t - Litecoin: `LeNDw34zQLX84VvhCGADNvHMEgb5QyFXyD` - Monero: `45wbf7VdQAZS5EWUrPhen7Wo4hy7Pa7c7ZBdaWQSRowtd3CZ5vpVw5nTPphTuqVQrnYZC72FXDYyfP31uJmfSQ6qRXFy3bQ` -No crypto-currency? :star: the project is also a way of saying thank you! :sunglasses: +No cryptocurrency? :star: the project is also a way of saying thank you! :sunglasses: Author Information ------------------ diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 9a75806..0000000 --- a/Vagrantfile +++ /dev/null @@ -1,91 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : -# vi: set tabstop=2 : -# vi: set shiftwidth=2 : - -Vagrant.configure("2") do |config| - - vms_debian = [ - { :name => "debian-stretch-php70", :box => "debian/stretch64", :vars => { }}, - { :name => "debian-stretch-php74", :box => "debian/stretch64", :vars => { "php_version": '7.4' }}, - { :name => "debian-buster-php73", :box => "debian/buster64", :vars => { }}, - { :name => "debian-buster-php74", :box => "debian/buster64", :vars => { "php_version": '7.4' }}, - { :name => "debian-bullseye-php74", :box => "debian/bullseye64", :vars => { }}, - { :name => "debian-bullseye-php80", :box => "debian/bullseye64", :vars => { "php_version": '8.0' }}, - { :name => "ubuntu-bionic-php72", :box => "ubuntu/bionic64", :vars => { }}, - ] - - vms_freebsd = [ - { :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE", :vars => {} }, - { :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} } - ] - - conts = [ - { :name => "docker-debian-stretch-php70", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { }}, - { :name => "docker-debian-stretch-php74", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "php_version": '7.4' }}, - { :name => "docker-debian-buster-php73", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { }}, - { :name => "docker-debian-buster-php74", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { "php_version": '7.4' }}, - { :name => "docker-debian-bullseye-php74", :docker => "hanxhx/vagrant-ansible:debian11", :vars => { }}, - { :name => "docker-debian-bullseye-php80", :docker => "hanxhx/vagrant-ansible:debian11", :vars => { "php_version": '8.0' }}, - { :name => "docker-ubuntu-bionic-php72", :docker => "hanxhx/vagrant-ansible:ubuntu18.04", :vars => { }}, - ] - - config.vm.network "private_network", type: "dhcp" - - conts.each do |opts| - config.vm.define opts[:name] do |m| - m.vm.provider "docker" do |d| - d.image = opts[:docker] - d.remains_running = true - d.has_ssh = true - end - - #m.vm.provision "shell", inline: "apt-get update && apt-get install -y python python-apt" - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars] - end - end - end - - vms_debian.each do |opts| - config.vm.define opts[:name] do |m| - m.vm.box = opts[:box] - m.vm.provider "virtualbox" do |v| - v.cpus = 1 - v.memory = 256 - end - m.vm.provision "shell", inline: "apt-get update && apt-get install -y ifupdown python" - - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars] - end - end - end - - vms_freebsd.each do |opts| - config.vm.synced_folder ".", "/vagrant", disabled: true - config.vm.base_mac = "080027D14C66" - config.vm.define opts[:name] do |m| - m.vm.box = opts[:box] - m.vm.provider "virtualbox" do |v, override| - override.ssh.shell = "csh" - v.cpus = 2 - v.memory = 512 - end - m.vm.provision "shell", inline: "pkg install -y python bash" - m.vm.provision "ansible" do |ansible| - ansible.playbook = "tests/test.yml" - ansible.verbose = 'vv' - ansible.become = true - ansible.extra_vars = opts[:vars].merge({ "ansible_python_interpreter": '/usr/local/bin/python' }) - end - end - end - -end diff --git a/handlers/main.yml b/handlers/main.yml index f15ce53..c4e0a91 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,14 +1,7 @@ --- -- name: restart php-fpm +- name: Restart php-fpm ansible.builtin.service: name: '{{ php_fpm_service }}' state: restarted when: php_install_fpm - notify: docker restart php-fpm - -- name: docker restart php-fpm - ansible.builtin.command: 'service {{ php_fpm_service }} restart' - args: - warn: false - when: ansible_virtualization_type == 'docker' diff --git a/meta/main.yml b/meta/main.yml index 3fde8d4..93b20bd 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,24 +1,23 @@ --- galaxy_info: author: Emilien Mantel - description: Install and configure PHP 7.0/7.1/7.2/7.3/7.4/8.0 - company: + namespace: hanxhx + role_name: php + description: Install and configure PHP 7.x/8.x + company: TripleStack license: GPLv2 - min_ansible_version: 2.11 + min_ansible_version: "2.18" platforms: - name: Debian versions: - - stretch - - buster - bullseye + - bookworm + - trixie - name: Ubuntu versions: - - bionic - - name: FreeBSD - versions: - - 11.0 - - 11.1 - - 12.0 + - focal + - jammy + - noble galaxy_tags: - development - web @@ -28,5 +27,4 @@ galaxy_info: - php8 - debian - ubuntu - - freebsd dependencies: [] diff --git a/molecule/_shared/Dockerfile.j2 b/molecule/_shared/Dockerfile.j2 new file mode 100644 index 0000000..ca98098 --- /dev/null +++ b/molecule/_shared/Dockerfile.j2 @@ -0,0 +1,19 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} + +RUN apt-get update && \ + apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \ + && apt-get clean \ No newline at end of file diff --git a/molecule/_shared/base.yml b/molecule/_shared/base.yml new file mode 100644 index 0000000..54e7092 --- /dev/null +++ b/molecule/_shared/base.yml @@ -0,0 +1,42 @@ +--- + +scenario: + test_sequence: + - dependency + - syntax + - create + - prepare + - converge + - idempotence + - verify + - destroy +dependency: + name: galaxy + options: + requirements-file: ./molecule/_shared/requirements.yml + role-file: ./molecule/_shared/requirements.yml +driver: + name: docker +role_name_check: 1 +provisioner: + name: ansible + env: + ANSIBLE_FILTER_PLUGINS: "../../filter_plugins" + config_options: + defaults: + deprecation_warnings: false + callback_whitelist: timer,profile_tasks + fact_caching: jsonfile + fact_caching_connection: ./cache + forks: 100 + connection: + pipelining: true + playbooks: + converge: ../_shared/converge.yml + prepare: ../_shared/prepare.yml + verify: ../_shared/verify.yml + inventory: + links: + group_vars: ../_shared/group_vars +verifier: + name: ansible diff --git a/molecule/_shared/converge.yml b/molecule/_shared/converge.yml new file mode 100644 index 0000000..87cdaa5 --- /dev/null +++ b/molecule/_shared/converge.yml @@ -0,0 +1,41 @@ +--- + +- name: Converge # noqa: role-name[path] + hosts: all + gather_facts: true + roles: + - ../../../ + handlers: + - name: Reload nginx + ansible.builtin.service: + name: nginx + state: reloaded + vars: + __nginx_conf: /etc/nginx/nginx.conf + post_tasks: + - name: TEMPLATE | Nginx site config + ansible.builtin.template: + src: "templates/nginx.conf.j2" + dest: "{{ __nginx_conf }}" + mode: 0644 + owner: root + group: root + notify: Reload nginx + + - name: COMMAND | Fix nginx config + ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf" + args: + creates: "{{ __nginx_conf | dirname }}/fastcgi.conf" + notify: Reload nginx + + - name: LINEINFILE | Fix nginx config (second step) + ansible.builtin.lineinfile: + regexp: '^fastcgi_param\s+SCRIPT_FILENAME' + line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;" + dest: "{{ __nginx_conf | dirname }}/fastcgi.conf" + notify: Reload nginx + + - name: SERVICE | Ensure Nginx is started + ansible.builtin.service: + name: nginx + state: started diff --git a/molecule/_shared/group_vars/all/main.yml b/molecule/_shared/group_vars/all/main.yml new file mode 100644 index 0000000..563f5e5 --- /dev/null +++ b/molecule/_shared/group_vars/all/main.yml @@ -0,0 +1,36 @@ +--- + +vhost: 'test.local' + +php_version: null + +php_extra_packages: + - '{{ php_package_prefix }}pgsql' + +php_install_xdebug: true +php_autoremove_default_pool: true + +php_ini_fpm: + display_errors: 'Off' + +php_ini_cli: + error_reporting: 'E_ALL' + +php_fpm_poold: + - pool_name: 'test_ansible' + listen: '/run/php/php-ansible1.sock' + pm: 'dynamic' + pm_max_children: 250 + pm_start_servers: 10 + pm_min_spare_servers: 10 + pm_max_spare_servers: 20 + status_path: '/status' + ping_path: '/ping' + ping_response: 'ok' + + - name: 'test_ansible2' + user: 'foo' + php_value: + display_errors: 'Off' + php_admin_value: + memory_limit: '98M' diff --git a/molecule/_shared/prepare.yml b/molecule/_shared/prepare.yml new file mode 100644 index 0000000..f84cf80 --- /dev/null +++ b/molecule/_shared/prepare.yml @@ -0,0 +1,41 @@ +--- + +- name: Prepare + hosts: all + gather_facts: true + tasks: + - name: APT | Install packages + ansible.builtin.apt: + pkg: "{{ p }}" + update_cache: true + cache_valid_time: 3600 + vars: + p: + - apt-transport-https + - ca-certificates + - curl + - gpg + - lsb-release + - nginx + - vim + + - name: BLOCK | Setup Sury on Debian + when: + - php_version is not none + - php_version != php_default_version + - ansible_distribution == 'Debian' + block: + - name: APT | Install Sury key + ansible.builtin.apt_key: + url: 'https://packages.sury.org/php/apt.gpg' + + - name: APT_REPOSITORY | Add Sury repository + ansible.builtin.apt_repository: + repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' + + - name: USER | Create PHP user + ansible.builtin.user: + name: 'foo' + system: true + create_home: false + shell: '/usr/sbin/nologin' diff --git a/molecule/_shared/requirements.yml b/molecule/_shared/requirements.yml new file mode 100644 index 0000000..f212a67 --- /dev/null +++ b/molecule/_shared/requirements.yml @@ -0,0 +1,4 @@ +--- + +collections: + - community.general diff --git a/molecule/_shared/templates/custom_template.conf.j2 b/molecule/_shared/templates/custom_template.conf.j2 new file mode 100644 index 0000000..9c19619 --- /dev/null +++ b/molecule/_shared/templates/custom_template.conf.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} - custom template + +server { + listen 80; + listen 8888 http2; + listen 9999 http2 proxy_protocol; + server_name {{ item.name }}; + + index index.html index.htm; + + root {{ item.root }}; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/tests/templates/nginx.conf.j2 b/molecule/_shared/templates/nginx.conf.j2 similarity index 88% rename from tests/templates/nginx.conf.j2 rename to molecule/_shared/templates/nginx.conf.j2 index e5c83fb..1362619 100644 --- a/tests/templates/nginx.conf.j2 +++ b/molecule/_shared/templates/nginx.conf.j2 @@ -1,8 +1,12 @@ events { - worker_connections 1024; + worker_connections 512; + multi_accept on; + use epoll; } -user {{ php_default_user_group }}; +user www-data; +worker_processes 1; +pid /run/nginx.pid; http { include mime.types; diff --git a/molecule/_shared/verify.yml b/molecule/_shared/verify.yml new file mode 100644 index 0000000..c666017 --- /dev/null +++ b/molecule/_shared/verify.yml @@ -0,0 +1,76 @@ +--- + +- name: Verify + hosts: all + gather_facts: true + vars: + nginx_root: "/srv/www" + tasks: + - name: SHELL | Test php-cli + ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ ansible_local.hanxhx_php.php_version }}' | head -n 1 + changed_when: false + register: p + failed_when: p.stdout == '' + args: + executable: /bin/bash + + - name: FILE | Create /var/www + ansible.builtin.file: + dest: /var/www + state: directory + owner: root + group: root + mode: 0755 + + - name: COPY | Add phpinfo + ansible.builtin.copy: + dest: /var/www/phpinfo.php + content: ' /dev/null | grep h1 | grep -o 'PHP Version {{ ansible_local.hanxhx_php.php_version }}' | sed -r 's/ /dev/null" + changed_when: false + register: c + failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout' + + - name: URI | Check ping + ansible.builtin.uri: + url: "http://localhost{{ php_fpm_poold.0.ping_path }}" + when: php_fpm_poold.0.ping_path is defined + + - name: URI | Check status + ansible.builtin.uri: + url: "http://localhost{{ php_fpm_poold.0.status_path }}" + when: php_fpm_poold.0.status_path is defined + + - name: SHELL | Check if we installed multiple PHP versions + ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l) + args: + executable: /bin/bash + failed_when: false + changed_when: false + register: check_multiple_php + + - name: FAIL | If we have multiple PHP version + ansible.builtin.fail: + msg: "Multiple PHP versions detected" + when: check_multiple_php.stdout != '1' diff --git a/molecule/debian-11/molecule.yml b/molecule/debian-11/molecule.yml new file mode 100644 index 0000000..a9d5a5f --- /dev/null +++ b/molecule/debian-11/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: debian-11 + image: dokken/debian-11 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/debian-12/molecule.yml b/molecule/debian-12/molecule.yml new file mode 100644 index 0000000..6d4e51f --- /dev/null +++ b/molecule/debian-12/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: debian-12 + image: dokken/debian-12 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/debian-13/molecule.yml b/molecule/debian-13/molecule.yml new file mode 100644 index 0000000..058273c --- /dev/null +++ b/molecule/debian-13/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: debian-12 + image: dokken/debian-13 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/default/.gitkeep b/molecule/default/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/molecule/ubuntu-20.04/molecule.yml b/molecule/ubuntu-20.04/molecule.yml new file mode 100644 index 0000000..d889c6a --- /dev/null +++ b/molecule/ubuntu-20.04/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: ubuntu-20.04 + image: dokken/ubuntu-20.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/ubuntu-22.04/molecule.yml b/molecule/ubuntu-22.04/molecule.yml new file mode 100644 index 0000000..d820e55 --- /dev/null +++ b/molecule/ubuntu-22.04/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: ubuntu-22.04 + image: dokken/ubuntu-22.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/molecule/ubuntu-24.04/molecule.yml b/molecule/ubuntu-24.04/molecule.yml new file mode 100644 index 0000000..0a569eb --- /dev/null +++ b/molecule/ubuntu-24.04/molecule.yml @@ -0,0 +1,13 @@ +--- + +platforms: + - name: ubuntu-24.04 + image: dokken/ubuntu-24.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..69eebc6 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,49 @@ +ansible==11.6.0 +ansible-compat==25.5.0 +ansible-core==2.18.6 +ansible-lint==25.5.0 +attrs==25.3.0 +black==25.1.0 +bracex==2.5.post1 +certifi==2025.4.26 +cffi==1.17.1 +charset-normalizer==3.4.2 +click==8.2.1 +click-help-colors==0.9.4 +cryptography==45.0.3 +distro==1.9.0 +docker==7.1.0 +enrich==1.2.7 +filelock==3.18.0 +idna==3.10 +importlib-metadata==8.7.0 +jinja2==3.1.6 +jsonschema==4.24.0 +jsonschema-specifications==2025.4.1 +markdown-it-py==3.0.0 +markupsafe==3.0.2 +mdurl==0.1.2 +molecule==25.5.0 +molecule-plugins==23.7.0 +mypy-extensions==1.1.0 +packaging==25.0 +pathspec==0.12.1 +platformdirs==4.3.8 +pluggy==1.6.0 +pycparser==2.22 +pygments==2.19.1 +pyyaml==6.0.2 +referencing==0.36.2 +requests==2.32.3 +resolvelib==1.0.1 +rich==14.0.0 +rpds-py==0.25.1 +ruamel-yaml==0.18.12 +ruamel-yaml-clib==0.2.12 +selinux==0.3.0 +subprocess-tee==0.4.2 +typing-extensions==4.13.2 +urllib3==2.4.0 +wcmatch==10.0 +yamllint==1.37.1 +zipp==3.22.0 diff --git a/tasks/fpm.yml b/tasks/fpm.yml index c66a9a4..a817bdd 100644 --- a/tasks/fpm.yml +++ b/tasks/fpm.yml @@ -6,12 +6,6 @@ state: "{{ 'present' if php_install_fpm else 'absent' }}" when: ansible_os_family == 'Debian' -- name: SERVICE | Enable service on FreeBSD - ansible.builtin.service: - name: "{{ php_fpm_service }}" - enabled: "{{ 'true' if php_install_fpm else 'false' }}" - when: ansible_os_family == 'FreeBSD' - - name: LINEINFILE | PHP configuration ansible.builtin.lineinfile: dest: '{{ php_fpm_ini }}' @@ -22,7 +16,7 @@ group: root mode: 0644 loop: "{{ php_ini | combine(php_ini_fpm) | dict2items }}" - notify: restart php-fpm + notify: Restart php-fpm - name: TEMPLATE | Deploy pool configuration ansible.builtin.template: @@ -32,11 +26,11 @@ group: root mode: 0644 loop: "{{ ansible_local.hanxhx_php.fpm_pool }}" - notify: restart php-fpm + notify: Restart php-fpm - name: FILE | Delete default pool if necessary ansible.builtin.file: path: "{{ php_fpm_pool_dir }}/www.conf" state: absent when: '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool' - notify: restart php-fpm + notify: Restart php-fpm diff --git a/tasks/main.yml b/tasks/main.yml index 52444ed..a8f20b0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -19,6 +19,11 @@ - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" +- name: SET_FACT | Prepare PHP version if not defined + ansible.builtin.set_fact: + php_version: "{{ php_default_version }}" + when: php_version is none or php_version == '' or php_version is not defined + - name: SET_FACT | Transform data ansible.builtin.set_fact: __php_fpm_full_pool: | @@ -54,7 +59,7 @@ - name: COPY | Manage facts ansible.builtin.copy: - content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }} }" + content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }}, \"php_version\": \"{{ php_version }}\" }" dest: /etc/ansible/facts.d/hanxhx_php.fact owner: root group: root @@ -76,14 +81,7 @@ install_recommends: false vars: pkgs: "{{ php_packages + php_extra_packages | flatten }}" - notify: restart php-fpm - when: ansible_os_family == 'Debian' - -- name: PKGNG | Install PHP packages - community.general.pkgng: - name: "{{ php_packages + php_extra_packages | flatten | join(',') }}" - notify: restart php-fpm - when: ansible_os_family == 'FreeBSD' + notify: Restart php-fpm - name: IMPORT_TASKS | PHP-FPM ansible.builtin.import_tasks: fpm.yml @@ -101,26 +99,9 @@ - name: APT | Install and configure opcache ansible.builtin.import_tasks: opcache.yml -- name: SERVICE | Ensure PHP-FPM is started +- name: SERVICE | Ensure PHP-FPM is started and enabled + when: php_install_fpm ansible.builtin.service: name: '{{ php_fpm_service }}' state: started - when: php_install_fpm and ansible_virtualization_type != 'docker' - -- block: - - - name: COMMAND | Check if PHP-FPM is started (Docker) - ansible.builtin.command: 'service {{ php_fpm_service }} status' - args: - warn: false - register: dps - changed_when: false - failed_when: false - - - name: COMMAND | Ensure PHP-FPM is started (Docker) - ansible.builtin.command: 'service {{ php_fpm_service }} start' - args: - warn: false - when: dps.stdout.find('is not running') != -1 - - when: php_install_fpm and ansible_virtualization_type == 'docker' + enabled: true diff --git a/tasks/opcache.yml b/tasks/opcache.yml index ce3dac9..f911ee3 100644 --- a/tasks/opcache.yml +++ b/tasks/opcache.yml @@ -1,30 +1,14 @@ --- -- block: +- name: APT | Install APCu + ansible.builtin.apt: + pkg: "{{ php_apcu_package }}" + install_recommends: false - - name: APT | Install APCu - ansible.builtin.apt: - pkg: "{{ php_apcu_package }}" - install_recommends: false - - - name: APT | Install Opcache - ansible.builtin.apt: - pkg: "{{ php_package_prefix }}opcache" - install_recommends: false - - when: ansible_os_family == 'Debian' - -- block: - - - name: PKGNG | Install APCu - community.general.pkgng: - name: "php{{ php_version | replace('.', '') }}-pecl-APCu" - - - name: PKGNG | Install Opcache - community.general.pkgng: - name: "{{ php_package_prefix }}opcache" - - when: ansible_os_family == 'FreeBSD' +- name: APT | Install Opcache + ansible.builtin.apt: + pkg: "{{ php_package_prefix }}opcache" + install_recommends: false - name: TEMPLATE | Configure Opcache ansible.builtin.template: @@ -33,7 +17,7 @@ owner: root group: root mode: 0644 - notify: restart php-fpm + notify: Restart php-fpm - name: TEMPLATE | Configure APCu ansible.builtin.template: @@ -42,4 +26,4 @@ owner: root group: root mode: 0644 - notify: restart php-fpm + notify: Restart php-fpm diff --git a/tasks/xdebug.yml b/tasks/xdebug.yml index 11ef482..03669c2 100644 --- a/tasks/xdebug.yml +++ b/tasks/xdebug.yml @@ -1,7 +1,8 @@ --- -- block: - +- name: BLOCK | Install Xdebug + when: php_install_xdebug + block: - name: APT | Install xdebug ansible.builtin.apt: pkg: "{{ php_xdebug_package }}" @@ -11,33 +12,16 @@ install_recommends: false when: ansible_os_family == 'Debian' - - name: PKGNG | Install xdebug - community.general.pkgng: - name: "{{ php_xdebug_package }}" - when: ansible_os_family == 'FreeBSD' and php_xdebug_package is defined - - name: TEMPLATE | Deploy module configurations ansible.builtin.template: src: "etc/__php__/mods-available/xdebug.ini.j2" dest: "{{ php_mods_dir }}/xdebug.ini" owner: root mode: 0644 - notify: restart php-fpm - - when: php_install_xdebug - -- block: - - - name: APT | Uninstall xdebug - ansible.builtin.apt: - pkg: "{{ php_xdebug_package }}" - state: absent - when: ansible_os_family == 'Debian' - - - name: PKGNG | Uninstall xdebug - community.general.pkgng: - name: "{{ php_xdebug_package }}" - state: absent - when: ansible_os_family == 'FreeBSD' + notify: Restart php-fpm +- name: APT | Uninstall xdebug + ansible.builtin.apt: + pkg: "{{ php_xdebug_package }}" + state: absent when: not php_install_xdebug diff --git a/tests/includes/Debian/sury.yml b/tests/includes/Debian/sury.yml deleted file mode 100644 index a0ee287..0000000 --- a/tests/includes/Debian/sury.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: APT | Install Sury key - ansible.builtin.apt_key: - url: 'https://packages.sury.org/php/apt.gpg' - -- name: APT_REPOSITORY | Add Sury repository - ansible.builtin.apt_repository: - repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml deleted file mode 100644 index 3f12797..0000000 --- a/tests/includes/pre_Debian.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: SET_FACT | Prepare test vars - ansible.builtin.set_fact: - __nginx_conf: /etc/nginx/nginx.conf - -- name: APT | Install packages - ansible.builtin.apt: - pkg: "{{ p }}" - update_cache: true - cache_valid_time: 3600 - vars: - p: - - apt-transport-https - - ca-certificates - - curl - - gpg - - lsb-release - - nginx - - vim - -- name: INCLUDE_TASKS | Sury - ansible.builtin.include_tasks: Debian/sury.yml - when: php_version != php_default_version diff --git a/tests/includes/pre_FreeBSD.yml b/tests/includes/pre_FreeBSD.yml deleted file mode 100644 index f4bf1bd..0000000 --- a/tests/includes/pre_FreeBSD.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: SET_FACT | Prepare test vars - ansible.builtin.set_fact: - __nginx_conf: /usr/local/etc/nginx/nginx.conf - php_xdebug_package: 'php72-pecl-xdebug-2.6.1' - -- name: PKGNG | Install packages - community.general.pkgng: - name: ['curl', 'nginx'] diff --git a/tests/test.yml b/tests/test.yml deleted file mode 100644 index 5e722df..0000000 --- a/tests/test.yml +++ /dev/null @@ -1,187 +0,0 @@ ---- - -- hosts: all - vars: - vhost: 'test.local' - php_extra_packages: - - '{{ php_package_prefix }}pgsql' - php_install_xdebug: true - php_autoremove_default_pool: true - php_ini_fpm: - display_errors: 'Off' - php_ini_cli: - error_reporting: 'E_ALL' - php_fpm_poold: - - pool_name: 'test_ansible' - listen: '/run/php/php-ansible1.sock' - pm: 'dynamic' - pm_max_children: 250 - pm_start_servers: 10 - pm_min_spare_servers: 10 - pm_max_spare_servers: 20 - status_path: '/status' - ping_path: '/ping' - ping_response: 'ok' - - name: 'test_ansible2' - user: 'foo' - php_value: - display_errors: 'Off' - php_admin_value: - memory_limit: '98M' - - pre_tasks: - - - name: INCLUDE_TASKS | Pre tasks related to OS - ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml" - - - name: USER | Create PHP user - ansible.builtin.user: - name: 'foo' - system: true - create_home: false - shell: '/usr/sbin/nologin' - - tasks: - - - name: TEMPLATE | Nginx site config - ansible.builtin.template: - src: "templates/nginx.conf.j2" - dest: "{{ __nginx_conf }}" - mode: 0644 - owner: root - group: root - notify: reload nginx - - - name: COMMAND | Fix nginx config - ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf" - args: - creates: "{{ __nginx_conf | dirname }}/fastcgi.conf" - notify: reload nginx - - - name: LINEINFILE | Fix nginx config (second step) - ansible.builtin.lineinfile: - regexp: '^fastcgi_param\s+SCRIPT_FILENAME' - line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;" - dest: "{{ __nginx_conf | dirname }}/fastcgi.conf" - notify: reload nginx - - - name: SERVICE | Ensure nginx is started - ansible.builtin.service: - name: nginx - state: started - when: ansible_virtualization_type != 'docker' - - - block: - - - name: COMMAND | Docker nginx status - ansible.builtin.command: service nginx status - args: - warn: false - changed_when: false - failed_when: false - register: ngs - - - name: COMMAND | Docker start nginx - ansible.builtin.command: service nginx start - args: - warn: false - when: ngs.stdout.find('nginx is not running') != -1 - - when: ansible_virtualization_type == 'docker' - - handlers: - - - name: reload nginx - ansible.builtin.service: - name: nginx - state: reloaded - notify: docker reload nginx - - - name: docker reload nginx - ansible.builtin.command: service nginx reload - args: - warn: false - notify: docker reload nginx - when: ansible_virtualization_type == 'docker' - - roles: - - ../../ - - post_tasks: - - - name: SHELL | Test php-cli - ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1 - changed_when: false - register: p - failed_when: p.stdout == '' - args: - executable: /bin/bash - - - name: FILE | Create /var/www - ansible.builtin.file: - dest: /var/www - state: directory - owner: root - group: root - mode: 0755 - - - name: COPY | Add phpinfo - ansible.builtin.copy: - dest: /var/www/phpinfo.php - content: ' /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/ /dev/null" - args: - warn: false - changed_when: false - register: c - failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout' - - - name: URI | Check ping - ansible.builtin.uri: - url: "http://localhost{{ php_fpm_poold.0.ping_path }}" - when: php_fpm_poold.0.ping_path is defined - - - name: URI | Check status - ansible.builtin.uri: - url: "http://localhost{{ php_fpm_poold.0.status_path }}" - when: php_fpm_poold.0.status_path is defined - - - block: - - - name: SHELL | Check if we installed multiple PHP versions - ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l) - args: - executable: /bin/bash - failed_when: false - changed_when: false - register: check_multiple_php - - - - name: FAIL | If we have multiple PHP version - ansible.builtin.fail: - msg: "Multiple PHP versions detected" - when: check_multiple_php.stdout != '1' - - when: ansible_os_family == 'Debian' diff --git a/vars/Debian-bookworm.yml b/vars/Debian-bookworm.yml new file mode 100644 index 0000000..0a62d95 --- /dev/null +++ b/vars/Debian-bookworm.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '8.2' diff --git a/vars/Debian-buster.yml b/vars/Debian-buster.yml deleted file mode 100644 index 0ac2956..0000000 --- a/vars/Debian-buster.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.3' diff --git a/vars/Debian-stretch.yml b/vars/Debian-stretch.yml deleted file mode 100644 index 7712f6a..0000000 --- a/vars/Debian-stretch.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.0' diff --git a/vars/Debian-trixie.yml b/vars/Debian-trixie.yml new file mode 100644 index 0000000..68a47f8 --- /dev/null +++ b/vars/Debian-trixie.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '8.4' diff --git a/vars/FreeBSD-11.yml b/vars/FreeBSD-11.yml deleted file mode 100644 index 23ec322..0000000 --- a/vars/FreeBSD-11.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.2' diff --git a/vars/FreeBSD-12.yml b/vars/FreeBSD-12.yml deleted file mode 100644 index 23ec322..0000000 --- a/vars/FreeBSD-12.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.2' diff --git a/vars/OS_Family_FreeBSD.yml b/vars/OS_Family_FreeBSD.yml deleted file mode 100644 index 8c675f2..0000000 --- a/vars/OS_Family_FreeBSD.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -php_packages: - - '{{ php_package_prefix }}curl' - - '{{ php_package_prefix }}gd' - - '{{ php_package_prefix }}mysqli' - - '{{ php_package_prefix }}intl' - -php_package_prefix: 'php{{ php_version | replace(".", "") }}-' - -php_mods_dir: '/usr/local/etc/php' -php_fpm_pool_dir: '/usr/local/etc/php-fpm.d' - -php_fpm_service: 'php-fpm' -php_default_fpm_sock: '/var/run/php-fpm.sock' - -php_cli_ini: '/usr/local/etc/php.ini' -php_fpm_ini: '/usr/local/etc/php.ini' - -php_default_user_group: 'www' diff --git a/vars/Ubuntu-bionic.yml b/vars/Ubuntu-bionic.yml deleted file mode 100644 index 23ec322..0000000 --- a/vars/Ubuntu-bionic.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.2' diff --git a/vars/Ubuntu-focal.yml b/vars/Ubuntu-focal.yml new file mode 100644 index 0000000..46567b9 --- /dev/null +++ b/vars/Ubuntu-focal.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '7.4' diff --git a/vars/Ubuntu-jammy.yml b/vars/Ubuntu-jammy.yml new file mode 100644 index 0000000..b26cebb --- /dev/null +++ b/vars/Ubuntu-jammy.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '8.1' diff --git a/vars/Ubuntu-noble.yml b/vars/Ubuntu-noble.yml new file mode 100644 index 0000000..fe72c38 --- /dev/null +++ b/vars/Ubuntu-noble.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '8.3' diff --git a/vars/Ubuntu-xenial.yml b/vars/Ubuntu-xenial.yml deleted file mode 100644 index 7712f6a..0000000 --- a/vars/Ubuntu-xenial.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -php_default_version: '7.0'