✅ Add Ansible molecule

molecule/_shared/Dockerfile.j2

@@ -0,0 +1,19 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN apt-get update && \
+	apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
+	&& apt-get clean

molecule/_shared/base.yml

@@ -0,0 +1,36 @@
+---
+
+scenario:
+  test_sequence:
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - destroy
+dependency:
+  name: galaxy
+  options:
+    requirements-file: ../../requirements.yml
+driver:
+  name: docker
+role_name_check: 1
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      deprecation_warnings: false
+      callback_whitelist: timer,profile_tasks
+      fact_caching: jsonfile
+      fact_caching_connection: ./cache
+      forks: 100
+    connection:
+      pipelining: true
+  playbooks:
+    converge: ../_shared/converge.yml
+    prepare: ../_shared/prepare.yml
+    verify: ../_shared/verify.yml
+verifier:
+  name: ansible

molecule/_shared/converge.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Converge
+  hosts: all
+  gather_facts: true
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: "hanxhx.php"
+  post_tasks:
+    - name: TEMPLATE | Nginx site config
+      ansible.builtin.template:
+        src: "../../tests/templates/nginx.conf.j2"
+        dest: "{{ __nginx_conf }}"
+        mode: 0644
+        owner: root
+        group: root
+      notify: Reload nginx
+  vars_files:
+    - vars/misc.yml

molecule/_shared/prepare.yml

@@ -0,0 +1,82 @@
+---
+
+- name: Prepare
+  hosts: all
+  gather_facts: true
+  vars_files:
+    - vars/misc.yml
+
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+
+  tasks:
+
+    - name: INCLUDE_TASKS | Pre tasks related to OS
+      ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml"
+
+    - name: USER | Create PHP user
+      ansible.builtin.user:
+        name: 'foo'
+        system: true
+        create_home: false
+        shell: '/usr/sbin/nologin'
+
+    - name: COMMAND | Fix nginx config
+      ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
+      args:
+        creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: LINEINFILE | Fix nginx config (second step)
+      ansible.builtin.lineinfile:
+        regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
+        line: "fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;"
+        dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: SERVICE | Ensure nginx is started
+      ansible.builtin.service:
+        name: nginx
+        state: started
+      when: ansible_virtualization_type != 'docker'
+
+    - name: Start nginx if testing with Docker
+      when: ansible_virtualization_type == 'docker'
+      block:
+
+        - name: COMMAND | Docker nginx status
+          ansible.builtin.command: service nginx status
+          changed_when: false
+          failed_when: false
+          register: ngs
+
+        - name: COMMAND | Docker start nginx
+          ansible.builtin.command: service nginx start
+          when: ngs.stdout.find('nginx is not running') != -1
+
+    - name: FILE | Create /var/www
+      ansible.builtin.file:
+        dest: /var/www
+        state: directory
+        owner: root
+        group: root
+        mode: 0755
+
+    - name: COPY | Add phpinfo
+      ansible.builtin.copy:
+        dest: /var/www/phpinfo.php
+        content: '<?php phpinfo();'
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: COPY | Add ini test file
+      ansible.builtin.copy:
+        dest: /var/www/ini.php
+        content: '<?php echo ini_get("memory_limit") . "\n";'
+        owner: root
+        group: root
+        mode: 0644

molecule/_shared/vars/misc.yml

@@ -0,0 +1,36 @@
+---
+
+# Force SysVinit, since systemd won't work in a Docker container
+ansible_service_mgr: "sysvinit"
+
+# ----------------------------------------
+# Copied from {role_dir}/tests/test.yml
+# ----------------------------------------
+vhost: 'test.local'
+php_extra_packages:
+  - '{{ php_package_prefix }}pgsql'
+php_install_xdebug: true
+php_autoremove_default_pool: true
+php_ini_fpm:
+  display_errors: 'Off'
+php_ini_cli:
+  error_reporting: 'E_ALL'
+php_fpm_poold:
+  - pool_name: 'test_ansible'
+    listen: '/run/php/php-ansible1.sock'
+    pm: 'dynamic'
+    pm_max_children: 250
+    pm_start_servers: 10
+    pm_min_spare_servers: 10
+    pm_max_spare_servers: 20
+    status_path: '/status'
+    ping_path: '/ping'
+    ping_response: 'ok'
+  - name: 'test_ansible2'
+    user: 'foo'
+    php_env:
+      foo: bar
+    php_value:
+      display_errors: 'Off'
+    php_admin_value:
+      memory_limit: '98M'

molecule/_shared/verify.yml

@@ -0,0 +1,74 @@
+---
+
+- name: Verify
+  hosts: all
+  gather_facts: true
+  vars_files:
+    - vars/misc.yml
+  tasks:
+
+    - name: COMMAND | Test php-cli
+      ansible.builtin.command: php -v
+      changed_when: false
+
+    - name: SHELL | Check vhost
+      ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep 'PHP Version'"
+      args:
+        executable: /bin/bash
+      changed_when: false
+      register: c
+      failed_when: c.stdout == ''
+
+    - name: BLOCK | Test explicit version
+      when: php_version is defined
+      block:
+
+        - name: SHELL | Test php-cli (explicit version)
+          ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
+          changed_when: false
+          register: p
+          failed_when: p.stdout == ''
+          args:
+            executable: /bin/bash
+
+        - name: SHELL | Check vhost
+          ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
+          args:
+            executable: /bin/bash
+          changed_when: false
+          register: c
+          failed_when: c.stdout == ''
+
+    - name: SHELL | Check custom php value
+      ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
+      changed_when: false
+      register: c
+      failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
+
+    - name: URI | Check ping
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
+      when: php_fpm_poold.0.ping_path is defined
+
+    - name: URI | Check status
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.status_path }}"
+      when: php_fpm_poold.0.status_path is defined
+
+    - name: Debian extra checks
+      when: ansible_os_family == 'Debian'
+      block:
+
+        - name: SHELL | Check if we installed multiple PHP versions
+          ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
+          args:
+            executable: /bin/bash
+          failed_when: false
+          changed_when: false
+          register: check_multiple_php
+
+
+        - name: FAIL | If we have multiple PHP version
+          ansible.builtin.fail:
+            msg: "Multiple PHP versions detected"
+          when: check_multiple_php.stdout != '1'

molecule/debian-10/molecule.yml

@@ -0,0 +1,32 @@
+---
+
+platforms:
+  - name: debian-10
+    image: dokken/debian-10
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+  - name: debian-10-php-7.4
+    image: dokken/debian-10
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf
+    host_vars:
+      debian-10-php-7.4:
+        php_version: '7.4'

molecule/debian-11/molecule.yml

@@ -0,0 +1,32 @@
+---
+
+platforms:
+  - name: debian-11
+    image: dokken/debian-11
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+  - name: debian-11-php-8.0
+    image: dokken/debian-11
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf
+    host_vars:
+      debian-11-php-8.0:
+        php_version: '8.0'

molecule/debian-12/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: debian-12
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-18.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-18.04
+    image: dokken/ubuntu-18.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-20.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-20.04
+    image: dokken/ubuntu-20.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-22.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-22.04
+    image: dokken/ubuntu-22.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

requirements.yml

@@ -0,0 +1,4 @@
+---
+
+collections:
+  - community.general

tests/includes/pre_Debian.yml

@@ -19,6 +19,6 @@
       - nginx
       - vim
 
-- name: INCLUDE_TASKS | Sury
+- name: INCLUDE_TASKS | Sury (only if a specific php_version is defined)
   ansible.builtin.include_tasks: Debian/sury.yml
-  when: php_version != php_default_version
+  when: php_version is defined

tests/templates/nginx.conf.j2

@@ -2,7 +2,7 @@ events {
     worker_connections  1024;
 }
 
-user {{ php_default_user_group }};
+user root;
 
 http {
     include       mime.types;