diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c783900 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,43 @@ +--- + +name: ci +'on': + pull_request: + push: + branches: + - master + +jobs: + + yaml-lint: + name: YAML Lint + runs-on: ubuntu-latest + steps: + + - name: Fetch code + uses: actions/checkout@v3 + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + ansible-lint: + name: Ansible Lint + runs-on: ubuntu-latest + + steps: + - name: Fetch code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Run ansible-lint + uses: ansible/ansible-lint-action@v6.15.0 diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml new file mode 100644 index 0000000..6ccf841 --- /dev/null +++ b/.github/workflows/galaxy.yml @@ -0,0 +1,17 @@ +--- + +name: Deploy on Ansible Galaxy + +'on': + - push + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v2 + - name: galaxy + uses: robertdebock/galaxy-action@1.2.0 + with: + galaxy_api_key: ${{ secrets.galaxy_api_key }} diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml new file mode 100644 index 0000000..948b727 --- /dev/null +++ b/.github/workflows/molecule.yml @@ -0,0 +1,35 @@ +--- +name: Molecule + +'on': + pull_request: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + scenario: + - debian-10 + - debian-11 + - debian-12 + - ubuntu-18.04 + - ubuntu-20.04 + - ubuntu-22.04 + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + path: "${{ github.repository }}" + + - name: Molecule + uses: gofrolist/molecule-action@v2.3.19 + with: + molecule_options: --base-config molecule/_shared/base.yml + molecule_args: --scenario-name ${{ matrix.scenario }} + molecule_working_dir: "HanXHX/ansible-php" diff --git a/.gitignore b/.gitignore index 0e2ef64..9f1df40 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ *.log /filter_plugins/*.pyc /filter_plugins/__pycache__ +/.idea diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index ee837f0..0000000 --- a/.travis.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- - -env: - global: - - VAGRANT_VERSION='2.2.18' - jobs: - - PLATFORM='docker-debian-buster-php73' ANSIBLE_VERSION='>=2.11,<2.12' - - PLATFORM='docker-debian-bullseye-php74' ANSIBLE_VERSION='>=2.11,<2.12' - - PLATFORM='docker-debian-bullseye-php80' ANSIBLE_VERSION='>=2.11,<2.12' - - PLATFORM='docker-debian-buster-php74' ANSIBLE_VERSION='>=2.11,<2.12' - - PLATFORM='docker-ubuntu-bionic-php72' ANSIBLE_VERSION='>=2.11,<2.12' - -os: - - linux -dist: focal - -language: python -python: - - 3.8 - -services: - - docker - -before_install: - - sudo apt-get -q update - - sudo apt-get install -y yamllint - - sudo wget -nv https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb - - sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb - -install: - - sudo pip install "ansible-core$ANSIBLE_VERSION" - - sudo pip install ansible-lint - - ansible-galaxy collection install community.general - -script: - - VAGRANT_DEFAULT_PROVIDER=docker vagrant up $PLATFORM - - > - VAGRANT_DEFAULT_PROVIDER=docker vagrant provision $PLATFORM - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - VAGRANT_DEFAULT_PROVIDER=docker vagrant status - - > - yamllint . - && (echo 'YAML lint test: pass' && exit 0) - || (echo 'YAML lint test: fail' && exit 1) - - > - ansible-lint -v tests/test.yml - && (echo 'Ansible lint test: pass' && exit 0) - || (echo 'Ansible lint test: fail' && exit 1) - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/README.md b/README.md index f0c4342..9d9b212 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD ===================================================== -[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) [![Build Status](https://app.travis-ci.com/HanXHX/ansible-php.svg?branch=master)](https://app.travis-ci.com/HanXHX/ansible-php) +[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) ![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-php/molecule.yml?branch=master) Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug. diff --git a/handlers/main.yml b/handlers/main.yml index 87cb18f..ba4aec0 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -7,8 +7,6 @@ when: php_install_fpm notify: Docker restart php-fpm -- name: Docker restart php-fpm +- name: Docker restart php-fpm # noqa: command-instead-of-module no-changed-when ansible.builtin.command: 'service {{ php_fpm_service }} restart' - args: - warn: false when: ansible_virtualization_type == 'docker' diff --git a/meta/main.yml b/meta/main.yml index 5323dda..309ea78 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -12,6 +12,7 @@ galaxy_info: versions: - buster - bullseye + - bookworm - name: Ubuntu versions: - bionic diff --git a/molecule/_shared/Dockerfile.j2 b/molecule/_shared/Dockerfile.j2 new file mode 100644 index 0000000..ca98098 --- /dev/null +++ b/molecule/_shared/Dockerfile.j2 @@ -0,0 +1,19 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +{% if item.env is defined %} +{% for var, value in item.env.items() %} +{% if value %} +ENV {{ var }} {{ value }} +{% endif %} +{% endfor %} +{% endif %} + +RUN apt-get update && \ + apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \ + && apt-get clean \ No newline at end of file diff --git a/molecule/_shared/base.yml b/molecule/_shared/base.yml new file mode 100644 index 0000000..aa58e29 --- /dev/null +++ b/molecule/_shared/base.yml @@ -0,0 +1,36 @@ +--- + +scenario: + test_sequence: + - dependency + - syntax + - create + - prepare + - converge + - idempotence + - verify + - destroy +dependency: + name: galaxy + options: + requirements-file: ../../requirements.yml +driver: + name: docker +role_name_check: 1 +provisioner: + name: ansible + config_options: + defaults: + deprecation_warnings: false + callback_whitelist: timer,profile_tasks + fact_caching: jsonfile + fact_caching_connection: ./cache + forks: 100 + connection: + pipelining: true + playbooks: + converge: ../_shared/converge.yml + prepare: ../_shared/prepare.yml + verify: ../_shared/verify.yml +verifier: + name: ansible diff --git a/molecule/_shared/converge.yml b/molecule/_shared/converge.yml new file mode 100644 index 0000000..9100e5a --- /dev/null +++ b/molecule/_shared/converge.yml @@ -0,0 +1,25 @@ +--- + +- name: Converge + hosts: all + gather_facts: true + handlers: + - name: Reload nginx + ansible.builtin.service: + name: nginx + state: reloaded + tasks: + - name: Include role + ansible.builtin.include_role: + name: "hanxhx.php" + post_tasks: + - name: TEMPLATE | Nginx site config + ansible.builtin.template: + src: "../../tests/templates/nginx.conf.j2" + dest: "{{ __nginx_conf }}" + mode: 0644 + owner: root + group: root + notify: Reload nginx + vars_files: + - vars/misc.yml diff --git a/molecule/_shared/prepare.yml b/molecule/_shared/prepare.yml new file mode 100644 index 0000000..3920a6e --- /dev/null +++ b/molecule/_shared/prepare.yml @@ -0,0 +1,67 @@ +--- + +- name: Prepare + hosts: all + gather_facts: true + vars_files: + - vars/misc.yml + + handlers: + - name: Reload nginx + ansible.builtin.service: + name: nginx + state: reloaded + + tasks: + + - name: INCLUDE_TASKS | Pre tasks related to OS + ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml" + + - name: USER | Create PHP user + ansible.builtin.user: + name: 'foo' + system: true + create_home: false + shell: '/usr/sbin/nologin' + + - name: COMMAND | Fix nginx config + ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf" + args: + creates: "{{ __nginx_conf | dirname }}/fastcgi.conf" + notify: Reload nginx + + - name: LINEINFILE | Fix nginx config (second step) + ansible.builtin.lineinfile: + regexp: '^fastcgi_param\s+SCRIPT_FILENAME' + line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;" + dest: "{{ __nginx_conf | dirname }}/fastcgi.conf" + notify: Reload nginx + + - name: SERVICE | Ensure nginx is started + ansible.builtin.service: + name: nginx + state: started + + - name: FILE | Create /var/www + ansible.builtin.file: + dest: /var/www + state: directory + owner: root + group: root + mode: 0755 + + - name: COPY | Add phpinfo + ansible.builtin.copy: + dest: /var/www/phpinfo.php + content: ' /dev/null | grep h1 | grep 'PHP Version'" + args: + executable: /bin/bash + changed_when: false + register: c + failed_when: c.stdout == '' + + - name: BLOCK | Test explicit version + when: php_version is defined + block: + + - name: SHELL | Test php-cli (explicit version) + ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1 + changed_when: false + register: p + failed_when: p.stdout == '' + args: + executable: /bin/bash + + - name: SHELL | Check vhost + ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/ /dev/null" + changed_when: false + register: c + failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout' + + - name: URI | Check ping + ansible.builtin.uri: + url: "http://localhost{{ php_fpm_poold.0.ping_path }}" + when: php_fpm_poold.0.ping_path is defined + + - name: URI | Check status + ansible.builtin.uri: + url: "http://localhost{{ php_fpm_poold.0.status_path }}" + when: php_fpm_poold.0.status_path is defined + + - name: Debian extra checks + when: ansible_os_family == 'Debian' + block: + + - name: SHELL | Check if we installed multiple PHP versions + ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l) + args: + executable: /bin/bash + failed_when: false + changed_when: false + register: check_multiple_php + + + - name: FAIL | If we have multiple PHP version + ansible.builtin.fail: + msg: "Multiple PHP versions detected" + when: check_multiple_php.stdout != '1' diff --git a/molecule/debian-10/molecule.yml b/molecule/debian-10/molecule.yml new file mode 100644 index 0000000..46e4107 --- /dev/null +++ b/molecule/debian-10/molecule.yml @@ -0,0 +1,32 @@ +--- + +platforms: + - name: debian-10 + image: dokken/debian-10 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + - name: debian-10-php-7.4 + image: dokken/debian-10 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + +provisioner: + inventory: + group_vars: + all: + __nginx_conf: /etc/nginx/nginx.conf + host_vars: + debian-10-php-7.4: + php_version: '7.4' diff --git a/molecule/debian-11/molecule.yml b/molecule/debian-11/molecule.yml new file mode 100644 index 0000000..7c6640f --- /dev/null +++ b/molecule/debian-11/molecule.yml @@ -0,0 +1,32 @@ +--- + +platforms: + - name: debian-11 + image: dokken/debian-11 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + - name: debian-11-php-8.0 + image: dokken/debian-11 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + +provisioner: + inventory: + group_vars: + all: + __nginx_conf: /etc/nginx/nginx.conf + host_vars: + debian-11-php-8.0: + php_version: '8.0' diff --git a/molecule/debian-12/molecule.yml b/molecule/debian-12/molecule.yml new file mode 100644 index 0000000..b02eb1d --- /dev/null +++ b/molecule/debian-12/molecule.yml @@ -0,0 +1,19 @@ +--- + +platforms: + - name: debian-12 + image: dokken/debian-12 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + +provisioner: + inventory: + group_vars: + all: + __nginx_conf: /etc/nginx/nginx.conf diff --git a/molecule/default/.gitkeep b/molecule/default/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/molecule/ubuntu-18.04/molecule.yml b/molecule/ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..6e2b836 --- /dev/null +++ b/molecule/ubuntu-18.04/molecule.yml @@ -0,0 +1,19 @@ +--- + +platforms: + - name: ubuntu-18.04 + image: dokken/ubuntu-18.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + +provisioner: + inventory: + group_vars: + all: + __nginx_conf: /etc/nginx/nginx.conf diff --git a/molecule/ubuntu-20.04/molecule.yml b/molecule/ubuntu-20.04/molecule.yml new file mode 100644 index 0000000..22fde77 --- /dev/null +++ b/molecule/ubuntu-20.04/molecule.yml @@ -0,0 +1,19 @@ +--- + +platforms: + - name: ubuntu-20.04 + image: dokken/ubuntu-20.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + +provisioner: + inventory: + group_vars: + all: + __nginx_conf: /etc/nginx/nginx.conf diff --git a/molecule/ubuntu-22.04/molecule.yml b/molecule/ubuntu-22.04/molecule.yml new file mode 100644 index 0000000..995c5ea --- /dev/null +++ b/molecule/ubuntu-22.04/molecule.yml @@ -0,0 +1,19 @@ +--- + +platforms: + - name: ubuntu-22.04 + image: dokken/ubuntu-22.04 + command: /lib/systemd/systemd + dockerfile: ../_shared/Dockerfile.j2 + capabilities: + - SYS_ADMIN + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + privileged: true + +provisioner: + inventory: + group_vars: + all: + __nginx_conf: /etc/nginx/nginx.conf diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..f212a67 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,4 @@ +--- + +collections: + - community.general diff --git a/tasks/main.yml b/tasks/main.yml index 5ca0e3b..452f2d9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -114,16 +114,12 @@ when: php_install_fpm and ansible_virtualization_type == 'docker' block: - - name: COMMAND | Check if PHP-FPM is started (Docker) + - name: COMMAND | Check if PHP-FPM is started (Docker) # noqa: command-instead-of-module ansible.builtin.command: 'service {{ php_fpm_service }} status' - args: - warn: false register: dps changed_when: false failed_when: false - - name: COMMAND | Ensure PHP-FPM is started (Docker) + - name: COMMAND | Ensure PHP-FPM is started (Docker) # noqa: command-instead-of-module no-changed-when ansible.builtin.command: 'service {{ php_fpm_service }} start' - args: - warn: false when: dps.stdout.find('is not running') != -1 diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml index 3f12797..5fd0687 100644 --- a/tests/includes/pre_Debian.yml +++ b/tests/includes/pre_Debian.yml @@ -19,6 +19,6 @@ - nginx - vim -- name: INCLUDE_TASKS | Sury +- name: INCLUDE_TASKS | Sury (only if a specific php_version is defined) ansible.builtin.include_tasks: Debian/sury.yml - when: php_version != php_default_version + when: php_version is defined diff --git a/tests/templates/nginx.conf.j2 b/tests/templates/nginx.conf.j2 index e5c83fb..1d538ee 100644 --- a/tests/templates/nginx.conf.j2 +++ b/tests/templates/nginx.conf.j2 @@ -2,7 +2,7 @@ events { worker_connections 1024; } -user {{ php_default_user_group }}; +user root; http { include mime.types; diff --git a/tests/test.yml b/tests/test.yml index c87b3cd..65fefa9 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -78,18 +78,14 @@ when: ansible_virtualization_type == 'docker' block: - - name: COMMAND | Docker nginx status + - name: COMMAND | Docker nginx status # noqa: command-instead-of-module ansible.builtin.command: service nginx status - args: - warn: false changed_when: false failed_when: false register: ngs - - name: COMMAND | Docker start nginx + - name: COMMAND | Docker start nginx # noqa: command-instead-of-module no-changed-when ansible.builtin.command: service nginx start - args: - warn: false when: ngs.stdout.find('nginx is not running') != -1 handlers: @@ -100,10 +96,8 @@ state: reloaded notify: Docker reload nginx - - name: Docker reload nginx + - name: Docker reload nginx # noqa: command-instead-of-module no-changed-when ansible.builtin.command: service nginx reload - args: - warn: false notify: Docker reload nginx when: ansible_virtualization_type == 'docker' @@ -147,16 +141,13 @@ - name: SHELL | Check vhost ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/ /dev/null" - args: - warn: false changed_when: false register: c failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout' diff --git a/vars/Debian-bookworm.yml b/vars/Debian-bookworm.yml new file mode 100644 index 0000000..0a62d95 --- /dev/null +++ b/vars/Debian-bookworm.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '8.2' diff --git a/vars/Ubuntu-focal.yml b/vars/Ubuntu-focal.yml new file mode 100644 index 0000000..46567b9 --- /dev/null +++ b/vars/Ubuntu-focal.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '7.4' diff --git a/vars/Ubuntu-jammy.yml b/vars/Ubuntu-jammy.yml new file mode 100644 index 0000000..b26cebb --- /dev/null +++ b/vars/Ubuntu-jammy.yml @@ -0,0 +1,3 @@ +--- + +php_default_version: '8.1'