Merge pull request #21 from HanXHX/improvements/misc

Many improvements
2023-05-30 13:22:51 +02:00 · 2023-05-30 13:22:51 +02:00 · f6652efe77
parent 746b05ca4a 0a9a5c7aaf
commit f6652efe77
29 changed files with 518 additions and 79 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -0,0 +1,43 @@
 ---
 name: ci
 'on':
  pull_request:
  push:
    branches:
      - master
 jobs:
  yaml-lint:
    name: YAML Lint
    runs-on: ubuntu-latest
    steps:
      - name: Fetch code
        uses: actions/checkout@v3
      - name: Set up Python 3.
        uses: actions/setup-python@v2
        with:
          python-version: '3.x'
      - name: Install test dependencies.
        run: pip3 install yamllint
      - name: Lint code.
        run: |
          yamllint .
  ansible-lint:
    name: Ansible Lint
    runs-on: ubuntu-latest
    steps:
      - name: Fetch code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Run ansible-lint
        uses: ansible/ansible-lint-action@v6.15.0
--- a/.github/workflows/galaxy.yml
+++ b/.github/workflows/galaxy.yml
@ -0,0 +1,17 @@
 ---
 name: Deploy on Ansible Galaxy
 'on':
  - push
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: checkout
        uses: actions/checkout@v2
      - name: galaxy
        uses: robertdebock/galaxy-action@1.2.0
        with:
          galaxy_api_key: ${{ secrets.galaxy_api_key }}
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@ -0,0 +1,35 @@
 ---
 name: Molecule
 'on':
  pull_request:
  push:
    branches:
      - master
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        scenario:
          - debian-10
          - debian-11
          - debian-12
          - ubuntu-18.04
          - ubuntu-20.04
          - ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          path: "${{ github.repository }}"
      - name: Molecule
        uses: gofrolist/molecule-action@v2.3.19
        with:
          molecule_options: --base-config molecule/_shared/base.yml
          molecule_args: --scenario-name ${{ matrix.scenario }}
          molecule_working_dir: "HanXHX/ansible-php"
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@
 *.log
 /filter_plugins/*.pyc
 /filter_plugins/__pycache__
 /.idea
--- a/.travis.yml
+++ b/.travis.yml
@ -1,53 +0,0 @@
 ---
 env:
  global:
    - VAGRANT_VERSION='2.2.18'
  jobs:
    - PLATFORM='docker-debian-buster-php73'   ANSIBLE_VERSION='>=2.11,<2.12'
    - PLATFORM='docker-debian-bullseye-php74' ANSIBLE_VERSION='>=2.11,<2.12'
    - PLATFORM='docker-debian-bullseye-php80' ANSIBLE_VERSION='>=2.11,<2.12'
    - PLATFORM='docker-debian-buster-php74'   ANSIBLE_VERSION='>=2.11,<2.12'
    - PLATFORM='docker-ubuntu-bionic-php72'   ANSIBLE_VERSION='>=2.11,<2.12'
 os:
  - linux
 dist: focal
 language: python
 python:
  - 3.8
 services:
  - docker
 before_install:
  - sudo apt-get -q update
  - sudo apt-get install -y yamllint
  - sudo wget -nv https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb
  - sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb
 install:
  - sudo pip install "ansible-core$ANSIBLE_VERSION"
  - sudo pip install ansible-lint
  - ansible-galaxy collection install community.general
 script:
  - VAGRANT_DEFAULT_PROVIDER=docker vagrant up $PLATFORM
  - >
    VAGRANT_DEFAULT_PROVIDER=docker vagrant provision $PLATFORM
    | grep -q 'changed=0.*failed=0'
    && (echo 'Idempotence test: pass' && exit 0)
    || (echo 'Idempotence test: fail' && exit 1)
  - VAGRANT_DEFAULT_PROVIDER=docker vagrant status
  - >
    yamllint .
    && (echo 'YAML lint test: pass' && exit 0)
    || (echo 'YAML lint test: fail' && exit 1)
  - >
    ansible-lint -v tests/test.yml
    && (echo 'Ansible lint test: pass' && exit 0)
    || (echo 'Ansible lint test: fail' && exit 1)
 notifications:
  webhooks: https://galaxy.ansible.com/api/v1/notifications/
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD
 =====================================================
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) [![Build Status](https://app.travis-ci.com/HanXHX/ansible-php.svg?branch=master)](https://app.travis-ci.com/HanXHX/ansible-php)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) ![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-php/molecule.yml?branch=master)
 Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug.
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -7,8 +7,6 @@
  when: php_install_fpm
  notify: Docker restart php-fpm
- name: Docker restart php-fpm
+- name: Docker restart php-fpm  # noqa: command-instead-of-module no-changed-when
  ansible.builtin.command: 'service {{ php_fpm_service }} restart'
  args:
    warn: false
  when: ansible_virtualization_type == 'docker'
--- a/meta/main.yml
+++ b/meta/main.yml
@ -12,6 +12,7 @@ galaxy_info:
      versions:
        - buster
        - bullseye
        - bookworm
    - name: Ubuntu
      versions:
        - bionic
--- a/molecule/_shared/Dockerfile.j2
+++ b/molecule/_shared/Dockerfile.j2
@ -0,0 +1,19 @@
 # Molecule managed
 {% if item.registry is defined %}
 FROM {{ item.registry.url }}/{{ item.image }}
 {% else %}
 FROM {{ item.image }}
 {% endif %}
 {% if item.env is defined %}
 {% for var, value in item.env.items() %}
 {% if value %}
 ENV {{ var }} {{ value }}
 {% endif %}
 {% endfor %}
 {% endif %}
 RUN apt-get update && \
 	apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
 	&& apt-get clean
--- a/molecule/_shared/base.yml
+++ b/molecule/_shared/base.yml
@ -0,0 +1,36 @@
 ---
 scenario:
  test_sequence:
    - dependency
    - syntax
    - create
    - prepare
    - converge
    - idempotence
    - verify
    - destroy
 dependency:
  name: galaxy
  options:
    requirements-file: ../../requirements.yml
 driver:
  name: docker
 role_name_check: 1
 provisioner:
  name: ansible
  config_options:
    defaults:
      deprecation_warnings: false
      callback_whitelist: timer,profile_tasks
      fact_caching: jsonfile
      fact_caching_connection: ./cache
      forks: 100
    connection:
      pipelining: true
  playbooks:
    converge: ../_shared/converge.yml
    prepare: ../_shared/prepare.yml
    verify: ../_shared/verify.yml
 verifier:
  name: ansible
--- a/molecule/_shared/converge.yml
+++ b/molecule/_shared/converge.yml
@ -0,0 +1,25 @@
 ---
 - name: Converge
  hosts: all
  gather_facts: true
  handlers:
    - name: Reload nginx
      ansible.builtin.service:
        name: nginx
        state: reloaded
  tasks:
    - name: Include role
      ansible.builtin.include_role:
        name: "hanxhx.php"
  post_tasks:
    - name: TEMPLATE | Nginx site config
      ansible.builtin.template:
        src: "../../tests/templates/nginx.conf.j2"
        dest: "{{ __nginx_conf }}"
        mode: 0644
        owner: root
        group: root
      notify: Reload nginx
  vars_files:
    - vars/misc.yml
--- a/molecule/_shared/prepare.yml
+++ b/molecule/_shared/prepare.yml
@ -0,0 +1,67 @@
 ---
 - name: Prepare
  hosts: all
  gather_facts: true
  vars_files:
    - vars/misc.yml
  handlers:
    - name: Reload nginx
      ansible.builtin.service:
        name: nginx
        state: reloaded
  tasks:
    - name: INCLUDE_TASKS | Pre tasks related to OS
      ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml"
    - name: USER | Create PHP user
      ansible.builtin.user:
        name: 'foo'
        system: true
        create_home: false
        shell: '/usr/sbin/nologin'
    - name: COMMAND | Fix nginx config
      ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
      args:
        creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
      notify: Reload nginx
    - name: LINEINFILE | Fix nginx config (second step)
      ansible.builtin.lineinfile:
        regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
        line: "fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;"
        dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
      notify: Reload nginx
    - name: SERVICE | Ensure nginx is started
      ansible.builtin.service:
        name: nginx
        state: started
    - name: FILE | Create /var/www
      ansible.builtin.file:
        dest: /var/www
        state: directory
        owner: root
        group: root
        mode: 0755
    - name: COPY | Add phpinfo
      ansible.builtin.copy:
        dest: /var/www/phpinfo.php
        content: '<?php phpinfo();'
        owner: root
        group: root
        mode: 0644
    - name: COPY | Add ini test file
      ansible.builtin.copy:
        dest: /var/www/ini.php
        content: '<?php echo ini_get("memory_limit") . "\n";'
        owner: root
        group: root
        mode: 0644
--- a/molecule/_shared/vars/misc.yml
+++ b/molecule/_shared/vars/misc.yml
@ -0,0 +1,36 @@
 ---
 # Force SysVinit, since systemd won't work in a Docker container
 ansible_service_mgr: "sysvinit"
 # ----------------------------------------
 # Copied from {role_dir}/tests/test.yml
 # ----------------------------------------
 vhost: 'test.local'
 php_extra_packages:
  - '{{ php_package_prefix }}pgsql'
 php_install_xdebug: true
 php_autoremove_default_pool: true
 php_ini_fpm:
  display_errors: 'Off'
 php_ini_cli:
  error_reporting: 'E_ALL'
 php_fpm_poold:
  - pool_name: 'test_ansible'
    listen: '/run/php/php-ansible1.sock'
    pm: 'dynamic'
    pm_max_children: 250
    pm_start_servers: 10
    pm_min_spare_servers: 10
    pm_max_spare_servers: 20
    status_path: '/status'
    ping_path: '/ping'
    ping_response: 'ok'
  - name: 'test_ansible2'
    user: 'foo'
    php_env:
      foo: bar
    php_value:
      display_errors: 'Off'
    php_admin_value:
      memory_limit: '98M'
--- a/molecule/_shared/verify.yml
+++ b/molecule/_shared/verify.yml
@ -0,0 +1,74 @@
 ---
 - name: Verify
  hosts: all
  gather_facts: true
  vars_files:
    - vars/misc.yml
  tasks:
    - name: COMMAND | Test php-cli
      ansible.builtin.command: php -v
      changed_when: false
    - name: SHELL | Check vhost
      ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep 'PHP Version'"
      args:
        executable: /bin/bash
      changed_when: false
      register: c
      failed_when: c.stdout == ''
    - name: BLOCK | Test explicit version
      when: php_version is defined
      block:
        - name: SHELL | Test php-cli (explicit version)
          ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
          changed_when: false
          register: p
          failed_when: p.stdout == ''
          args:
            executable: /bin/bash
        - name: SHELL | Check vhost
          ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
          args:
            executable: /bin/bash
          changed_when: false
          register: c
          failed_when: c.stdout == ''
    - name: SHELL | Check custom php value  # noqa: command-instead-of-module
      ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
      changed_when: false
      register: c
      failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
    - name: URI | Check ping
      ansible.builtin.uri:
        url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
      when: php_fpm_poold.0.ping_path is defined
    - name: URI | Check status
      ansible.builtin.uri:
        url: "http://localhost{{ php_fpm_poold.0.status_path }}"
      when: php_fpm_poold.0.status_path is defined
    - name: Debian extra checks
      when: ansible_os_family == 'Debian'
      block:
        - name: SHELL | Check if we installed multiple PHP versions
          ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
          args:
            executable: /bin/bash
          failed_when: false
          changed_when: false
          register: check_multiple_php
        - name: FAIL | If we have multiple PHP version
          ansible.builtin.fail:
            msg: "Multiple PHP versions detected"
          when: check_multiple_php.stdout != '1'
--- a/molecule/debian-10/molecule.yml
+++ b/molecule/debian-10/molecule.yml
@ -0,0 +1,32 @@
 ---
 platforms:
  - name: debian-10
    image: dokken/debian-10
    command: /lib/systemd/systemd
    dockerfile: ../_shared/Dockerfile.j2
    capabilities:
      - SYS_ADMIN
    cgroupns_mode: host
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    privileged: true
  - name: debian-10-php-7.4
    image: dokken/debian-10
    command: /lib/systemd/systemd
    dockerfile: ../_shared/Dockerfile.j2
    capabilities:
      - SYS_ADMIN
    cgroupns_mode: host
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    privileged: true
 provisioner:
  inventory:
    group_vars:
      all:
        __nginx_conf: /etc/nginx/nginx.conf
    host_vars:
      debian-10-php-7.4:
        php_version: '7.4'
--- a/molecule/debian-11/molecule.yml
+++ b/molecule/debian-11/molecule.yml
@ -0,0 +1,32 @@
 ---
 platforms:
  - name: debian-11
    image: dokken/debian-11
    command: /lib/systemd/systemd
    dockerfile: ../_shared/Dockerfile.j2
    capabilities:
      - SYS_ADMIN
    cgroupns_mode: host
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    privileged: true
  - name: debian-11-php-8.0
    image: dokken/debian-11
    command: /lib/systemd/systemd
    dockerfile: ../_shared/Dockerfile.j2
    capabilities:
      - SYS_ADMIN
    cgroupns_mode: host
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    privileged: true
 provisioner:
  inventory:
    group_vars:
      all:
        __nginx_conf: /etc/nginx/nginx.conf
    host_vars:
      debian-11-php-8.0:
        php_version: '8.0'
--- a/molecule/debian-12/molecule.yml
+++ b/molecule/debian-12/molecule.yml
@ -0,0 +1,19 @@
 ---
 platforms:
  - name: debian-12
    image: dokken/debian-12
    command: /lib/systemd/systemd
    dockerfile: ../_shared/Dockerfile.j2
    capabilities:
      - SYS_ADMIN
    cgroupns_mode: host
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    privileged: true
 provisioner:
  inventory:
    group_vars:
      all:
        __nginx_conf: /etc/nginx/nginx.conf
--- a/molecule/default/.gitkeep
+++ b/molecule/default/.gitkeep
--- a/molecule/ubuntu-18.04/molecule.yml
+++ b/molecule/ubuntu-18.04/molecule.yml
@ -0,0 +1,19 @@
 ---
 platforms:
  - name: ubuntu-18.04
    image: dokken/ubuntu-18.04
    command: /lib/systemd/systemd
    dockerfile: ../_shared/Dockerfile.j2
    capabilities:
      - SYS_ADMIN
    cgroupns_mode: host
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    privileged: true
 provisioner:
  inventory:
    group_vars:
      all:
        __nginx_conf: /etc/nginx/nginx.conf
--- a/molecule/ubuntu-20.04/molecule.yml
+++ b/molecule/ubuntu-20.04/molecule.yml
@ -0,0 +1,19 @@
 ---
 platforms:
  - name: ubuntu-20.04
    image: dokken/ubuntu-20.04
    command: /lib/systemd/systemd
    dockerfile: ../_shared/Dockerfile.j2
    capabilities:
      - SYS_ADMIN
    cgroupns_mode: host
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    privileged: true
 provisioner:
  inventory:
    group_vars:
      all:
        __nginx_conf: /etc/nginx/nginx.conf
--- a/molecule/ubuntu-22.04/molecule.yml
+++ b/molecule/ubuntu-22.04/molecule.yml
@ -0,0 +1,19 @@
 ---
 platforms:
  - name: ubuntu-22.04
    image: dokken/ubuntu-22.04
    command: /lib/systemd/systemd
    dockerfile: ../_shared/Dockerfile.j2
    capabilities:
      - SYS_ADMIN
    cgroupns_mode: host
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    privileged: true
 provisioner:
  inventory:
    group_vars:
      all:
        __nginx_conf: /etc/nginx/nginx.conf
--- a/requirements.yml
+++ b/requirements.yml
@ -0,0 +1,4 @@
 ---
 collections:
  - community.general
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -114,16 +114,12 @@
  when: php_install_fpm and ansible_virtualization_type == 'docker'
  block:
-    - name: COMMAND | Check if PHP-FPM is started (Docker)
+    - name: COMMAND | Check if PHP-FPM is started (Docker)  # noqa: command-instead-of-module
      ansible.builtin.command: 'service {{ php_fpm_service }} status'
      args:
        warn: false
      register: dps
      changed_when: false
      failed_when: false
-    - name: COMMAND | Ensure PHP-FPM is started (Docker)
+    - name: COMMAND | Ensure PHP-FPM is started (Docker)  # noqa: command-instead-of-module no-changed-when
      ansible.builtin.command: 'service {{ php_fpm_service }} start'
      args:
        warn: false
      when: dps.stdout.find('is not running') != -1
--- a/tests/includes/pre_Debian.yml
+++ b/tests/includes/pre_Debian.yml
@ -19,6 +19,6 @@
      - nginx
      - vim
- name: INCLUDE_TASKS | Sury
+- name: INCLUDE_TASKS | Sury (only if a specific php_version is defined)
  ansible.builtin.include_tasks: Debian/sury.yml
-  when: php_version != php_default_version
+  when: php_version is defined
--- a/tests/templates/nginx.conf.j2
+++ b/tests/templates/nginx.conf.j2
@ -2,7 +2,7 @@ events {
    worker_connections  1024;
 }
-user {{ php_default_user_group }};
+user root;
 http {
    include       mime.types;
--- a/tests/test.yml
+++ b/tests/test.yml
@ -78,18 +78,14 @@
      when: ansible_virtualization_type == 'docker'
      block:
-        - name: COMMAND | Docker nginx status
+        - name: COMMAND | Docker nginx status  # noqa: command-instead-of-module
          ansible.builtin.command: service nginx status
          args:
            warn: false
          changed_when: false
          failed_when: false
          register: ngs
-        - name: COMMAND | Docker start nginx
+        - name: COMMAND | Docker start nginx  # noqa: command-instead-of-module no-changed-when
          ansible.builtin.command: service nginx start
          args:
            warn: false
          when: ngs.stdout.find('nginx is not running') != -1
  handlers:
@ -100,10 +96,8 @@
        state: reloaded
      notify: Docker reload nginx
-    - name: Docker reload nginx
+    - name: Docker reload nginx  # noqa: command-instead-of-module no-changed-when
      ansible.builtin.command: service nginx reload
      args:
        warn: false
      notify: Docker reload nginx
      when: ansible_virtualization_type == 'docker'
@ -147,16 +141,13 @@
    - name: SHELL | Check vhost
      ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
      args:
        warn: false
        executable: /bin/bash
      changed_when: false
      register: c
      failed_when: c.stdout == ''
-    - name: SHELL | Check custom php value
+    - name: SHELL | Check custom php value  # noqa: command-instead-of-module
      ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
      args:
        warn: false
      changed_when: false
      register: c
      failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
--- a/vars/Debian-bookworm.yml
+++ b/vars/Debian-bookworm.yml
@ -0,0 +1,3 @@
 ---
 php_default_version: '8.2'
--- a/vars/Ubuntu-focal.yml
+++ b/vars/Ubuntu-focal.yml
@ -0,0 +1,3 @@
 ---
 php_default_version: '7.4'
--- a/vars/Ubuntu-jammy.yml
+++ b/vars/Ubuntu-jammy.yml
@ -0,0 +1,3 @@
 ---
 php_default_version: '8.1'