Merge pull request #21 from HanXHX/improvements/misc

Many improvements

.ansible-lint

@@ -0,0 +1,8 @@
+---
+
+# TODO: enable later
+enable_list:
+  - fqcn-builtins
+
+skip_list:
+  - role-name

.github/workflows/ci.yml

@@ -0,0 +1,43 @@
+---
+
+name: ci
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+
+  yaml-lint:
+    name: YAML Lint
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Fetch code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  ansible-lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint-action@v6.15.0

.github/workflows/galaxy.yml

@@ -0,0 +1,17 @@
+---
+
+name: Deploy on Ansible Galaxy
+
+'on':
+  - push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: galaxy
+        uses: robertdebock/galaxy-action@1.2.0
+        with:
+          galaxy_api_key: ${{ secrets.galaxy_api_key }}

.github/workflows/molecule.yml

@@ -0,0 +1,35 @@
+---
+name: Molecule
+
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        scenario:
+          - debian-10
+          - debian-11
+          - debian-12
+          - ubuntu-18.04
+          - ubuntu-20.04
+          - ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: "${{ github.repository }}"
+
+      - name: Molecule
+        uses: gofrolist/molecule-action@v2.3.19
+        with:
+          molecule_options: --base-config molecule/_shared/base.yml
+          molecule_args: --scenario-name ${{ matrix.scenario }}
+          molecule_working_dir: "HanXHX/ansible-php"

.gitignore

@@ -1,3 +1,7 @@
 .vagrant*
 *.swp
 *.retry
+*.log
+/filter_plugins/*.pyc
+/filter_plugins/__pycache__
+/.idea

.travis.yml

@@ -1,49 +0,0 @@
-env:
-  - PLATFORM='docker-debian-jessie-php56'  ANSIBLE_VERSION='ansible>=2.0,<2.1'
-  - PLATFORM='docker-debian-jessie-php70'  ANSIBLE_VERSION='ansible>=2.0,<2.1'
-  - PLATFORM='docker-debian-jessie-php71'  ANSIBLE_VERSION='ansible>=2.0,<2.1'
-  - PLATFORM='docker-debian-stretch-php70' ANSIBLE_VERSION='ansible>=2.0,<2.1'
-  - PLATFORM='docker-debian-stretch-php71' ANSIBLE_VERSION='ansible>=2.0,<2.1'
-  - PLATFORM='docker-debian-jessie-php56'  ANSIBLE_VERSION='ansible>=2.1,<2.2'
-  - PLATFORM='docker-debian-jessie-php70'  ANSIBLE_VERSION='ansible>=2.1,<2.2'
-  - PLATFORM='docker-debian-jessie-php71'  ANSIBLE_VERSION='ansible>=2.1,<2.2'
-  - PLATFORM='docker-debian-stretch-php70' ANSIBLE_VERSION='ansible>=2.1,<2.2'
-  - PLATFORM='docker-debian-stretch-php71' ANSIBLE_VERSION='ansible>=2.1,<2.2'
-  - PLATFORM='docker-debian-jessie-php56'  ANSIBLE_VERSION='ansible>=2.2,<2.3'
-  - PLATFORM='docker-debian-jessie-php70'  ANSIBLE_VERSION='ansible>=2.2,<2.3'
-  - PLATFORM='docker-debian-jessie-php71'  ANSIBLE_VERSION='ansible>=2.2,<2.3'
-  - PLATFORM='docker-debian-stretch-php70' ANSIBLE_VERSION='ansible>=2.2,<2.3'
-  - PLATFORM='docker-debian-stretch-php71' ANSIBLE_VERSION='ansible>=2.2,<2.3'
-  - PLATFORM='docker-debian-jessie-php56'  ANSIBLE_VERSION='ansible>=2.3,<2.4'
-  - PLATFORM='docker-debian-jessie-php70'  ANSIBLE_VERSION='ansible>=2.3,<2.4'
-  - PLATFORM='docker-debian-jessie-php71'  ANSIBLE_VERSION='ansible>=2.3,<2.4'
-  - PLATFORM='docker-debian-stretch-php70' ANSIBLE_VERSION='ansible>=2.3,<2.4'
-  - PLATFORM='docker-debian-stretch-php71' ANSIBLE_VERSION='ansible>=2.3,<2.4'
-
-sudo: required
-
-dist: trusty
-
-language: python
-
-services:
-  - docker
-
-before_install:
-  - wget https://releases.hashicorp.com/vagrant/1.9.5/vagrant_1.9.5_x86_64.deb
-  - sudo dpkg -i vagrant_1.9.5_x86_64.deb
-
-install:
-  - pip install "$ANSIBLE_VERSION"
-
-script:
-  - VAGRANT_DEFAULT_PROVIDER=docker vagrant up $PLATFORM
-  - >
-    VAGRANT_DEFAULT_PROVIDER=docker vagrant provision $PLATFORM
-    | grep -q 'changed=0.*failed=0'
-    && (echo 'Idempotence test: pass' && exit 0)
-    || (echo 'Idempotence test: fail' && exit 1)
-  - VAGRANT_DEFAULT_PROVIDER=docker vagrant status
-
-notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint.yml

@@ -0,0 +1,6 @@
+---
+
+extends: default
+
+rules:
+  line-length: disable

README.md

@@ -1,22 +1,39 @@
-Ansible PHP (+FPM) role for Debian
-==================================
+Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD
+=====================================================
 
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.php-blue.svg)](https://galaxy.ansible.com/HanXHX/php) [![Build Status](https://travis-ci.org/HanXHX/ansible-php.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-php)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) ![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-php/molecule.yml?branch=master)
 
-Install PHP (php-fpm optional) on Debian. Manage APCu, Opcache, Xdebug.
+Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug.
 
 Managed OS / Versions
 ---------------------
 
-|       OS      	|      PHP 5.6      	|          PHP 7.0          	|          PHP 7.1          	|
-|:-------------:	|:-----------------:	|:-------------------------:	|:-------------------------:	|
-| Debian Jessie 	| Yes (from Debian) 	| Yes (from [Dotdeb](https://www.dotdeb.org) or [Sury](https://deb.sury.org/)) 	| Yes (from [Dotdeb](https://www.dotdeb.org) or [Sury](https://deb.sury.org/)) 	|
-| Debian Strech 	| No                	| Yes (from Debian)         	| Yes (from [Sury](https://deb.sury.org/))           	|
+On all Debian versions, you can install all PHP versions by using [Sury's APT repository](https://deb.sury.org/).
+
+Other cases:
+
+|         OS            |       PHP 7.0       |        PHP 7.1       |      PHP 7.2         |       PHP 7.3        |     PHP >= 7.4      |
+|:---------------------:|:-------------------:|:--------------------:|:--------------------:|:--------------------:|:--------------------:
+| Ubuntu Bionic (18.04) | :x:                 | :x:                  | :heavy_check_mark:   | :x:                  | :x:                 |
+| FreeBSD 11            | :heavy_check_mark:  | :heavy_check_mark:   | :heavy_check_mark:   | :heavy_check_mark:   | Need tests...       |
+| FreeBSD 12            | :heavy_check_mark:  | :heavy_check_mark:   | :heavy_check_mark:   | :heavy_check_mark:   | Need tests...       |
+
+Links:
+- [Sury](https://deb.sury.org/)
 
 Requirements
 ------------
 
-If you need PHP-FPM, you must install a webserver with FastCGI support. You can use my [nginx role](https://github.com/HanXHX/ansible-nginx).
+- Ansible >= 2.11
+- Collections: [community.general](https://galaxy.ansible.com/community/general)
+- If you need PHP-FPM, you must install a webserver with FastCGI support. You can use my [nginx role](https://github.com/HanXHX/ansible-nginx).
+
+FreeBSD limitations
+-------------------
+
+- It doesn't split ini file for FPM/CLI. It's hardcoded as `/usr/local/etc/php.ini`.
+- It can't manage multiple PHP versions at the time (like legacy Debian versions)
+- You must explicitely set xdebug package name (use `pkg search xdebug` to find the good one)
 
 Role Variables
 --------------
@@ -25,7 +42,7 @@ You should look at [default vars](defaults/main.yml).
 
 ### Writable vars
 
-- `php_version`: 5.6 (default), 7.0, 7.1
+- `php_version`: 7.3, 7.4... depending OS (see above)
 - `php_install_fpm`: boolean, install and manage php-fpm (default is true)
 - `php_install_xdebug`: boolean, install [Xdebug](http://xdebug.org)
 - `php_extra_packages`: additional php packages to install (default is an empty list).
@@ -42,7 +59,6 @@ Note:
 - Put specific configuration in `php_ini_fpm`/`php_ini_cli`.
 - You can override with `php_ini_fpm`/`php_ini_cli`, but it breaks idempotence.
 
-
 #### OpCache settings
 
 See [Opcache doc](https://secure.php.net/manual/en/opcache.configuration.php)
@@ -145,22 +161,33 @@ Example Playbook
 
     - hosts: servers
       roles:
-         - { role: HanXHX.php }
+         - { role: hanxhx.php }
 
-### Debian Jessie with PHP 7.0 CLI (no FPM)
+### Debian Bullseye with PHP 8.0 CLI (no FPM)
 
-    - hosts: jessie-servers
+    - hosts: servers
       roles:
-         - { role: HanXHX.dotdeb }
-         - { role: HanXHX.php, php_version: '7.0', php_install_fpm: false }
+         - { role: HanXHX.sury }
+         - { role: hanxhx.php, php_version: '8.0', php_install_fpm: false }
 
 License
 -------
 
 GPLv2
 
+Donation
+--------
+
+If this code helped you, or if you’ve used them for your projects, feel free to buy me some :beers:
+
+- Bitcoin: `1BQwhBeszzWbUTyK4aUyq3SRg7rBSHcEQn`
+- Ethereum: `0x63abe6b2648fd892816d87a31e3d9d4365a737b5`
+- Litecoin: `LeNDw34zQLX84VvhCGADNvHMEgb5QyFXyD`
+- Monero: `45wbf7VdQAZS5EWUrPhen7Wo4hy7Pa7c7ZBdaWQSRowtd3CZ5vpVw5nTPphTuqVQrnYZC72FXDYyfP31uJmfSQ6qRXFy3bQ`
+
+No crypto-currency? :star: the project is also a way of saying thank you! :sunglasses:
+
 Author Information
 ------------------
 
 - Twitter: [@hanxhx_](https://twitter.com/hanxhx_)
-- All issues, pull-requests are welcome :)

Vagrantfile

@@ -6,19 +6,24 @@
 Vagrant.configure("2") do |config|
 
   vms_debian = [
-    { :name => "debian-jessie-php56",  :box => "debian/jessie64",  :vars => { }},
-    { :name => "debian-jessie-php70",  :box => "debian/jessie64",  :vars => { "php_version": '7.0' }},
-    { :name => "debian-jessie-php71",  :box => "debian/jessie64",  :vars => { "php_version": '7.1' }},
-    { :name => "debian-stretch-php70", :box => "debian/stretch64", :vars => { }},
-    { :name => "debian-stretch-php71", :box => "debian/stretch64", :vars => { "php_version": '7.1' }}
+    { :name => "debian-buster-php73",   :box => "debian/buster64",   :vars => { }},
+    { :name => "debian-buster-php74",   :box => "debian/buster64",   :vars => { "php_version": '7.4' }},
+    { :name => "debian-bullseye-php74", :box => "debian/bullseye64", :vars => { }},
+    { :name => "debian-bullseye-php80", :box => "debian/bullseye64", :vars => { "php_version": '8.0' }},
+    { :name => "ubuntu-bionic-php72",   :box => "ubuntu/bionic64",   :vars => { }},
+  ]
+
+  vms_freebsd = [
+    { :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE",  :vars => {} },
+    { :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} }
   ]
 
   conts = [
-    { :name => "docker-debian-jessie-php56",  :docker => "hanxhx/vagrant-ansible:debian8", :vars => { }},
-    { :name => "docker-debian-jessie-php70",  :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "php_version": '7.0' }},
-    { :name => "docker-debian-jessie-php71",  :docker => "hanxhx/vagrant-ansible:debian8", :vars => { "php_version": '7.1' }},
-    { :name => "docker-debian-stretch-php70", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { }},
-    { :name => "docker-debian-stretch-php71", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "php_version": '7.1' }}
+    { :name => "docker-debian-buster-php73",   :docker => "hanxhx/vagrant-ansible:debian10",    :vars => { }},
+    { :name => "docker-debian-buster-php74",   :docker => "hanxhx/vagrant-ansible:debian10",    :vars => { "php_version": '7.4' }},
+    { :name => "docker-debian-bullseye-php74", :docker => "hanxhx/vagrant-ansible:debian11",    :vars => { }},
+    { :name => "docker-debian-bullseye-php80", :docker => "hanxhx/vagrant-ansible:debian11",    :vars => { "php_version": '8.0' }},
+    { :name => "docker-ubuntu-bionic-php72",   :docker => "hanxhx/vagrant-ansible:ubuntu18.04", :vars => { }},
   ]
 
   config.vm.network "private_network", type: "dhcp"
@@ -30,10 +35,12 @@ Vagrant.configure("2") do |config|
         d.remains_running = true
         d.has_ssh = true
       end
+
+      #m.vm.provision "shell", inline: "apt-get update && apt-get install -y python python-apt"
       m.vm.provision "ansible" do |ansible|
         ansible.playbook = "tests/test.yml"
         ansible.verbose = 'vv'
-        ansible.sudo = true
+        ansible.become = true
         ansible.extra_vars = opts[:vars]
       end
     end
@@ -46,12 +53,35 @@ Vagrant.configure("2") do |config|
         v.cpus = 1
         v.memory = 256
       end
-       m.vm.provision "ansible" do |ansible|
-         ansible.playbook = "tests/test.yml"
-         ansible.verbose = 'vv'
-         ansible.sudo = true
-          ansible.extra_vars = opts[:vars]
-       end
+      m.vm.provision "shell", inline: "apt-get update && apt-get install -y ifupdown python"
+
+      m.vm.provision "ansible" do |ansible|
+        ansible.playbook = "tests/test.yml"
+        ansible.verbose = 'vv'
+        ansible.become = true
+        ansible.extra_vars = opts[:vars]
+      end
     end
   end
+
+  vms_freebsd.each do |opts|
+    config.vm.synced_folder ".", "/vagrant", disabled: true
+    config.vm.base_mac = "080027D14C66"
+    config.vm.define opts[:name] do |m|
+      m.vm.box = opts[:box]
+      m.vm.provider "virtualbox" do |v, override|
+        override.ssh.shell = "csh"
+        v.cpus = 2
+        v.memory = 512
+      end
+      m.vm.provision "shell", inline: "pkg install -y python bash"
+      m.vm.provision "ansible" do |ansible|
+        ansible.playbook = "tests/test.yml"
+        ansible.verbose = 'vv'
+        ansible.become = true
+        ansible.extra_vars = opts[:vars].merge({ "ansible_python_interpreter": '/usr/local/bin/python' })
+      end
+    end
+  end
+
 end

defaults/main.yml

@@ -4,17 +4,16 @@ php_version: '{{ php_default_version }}'
 php_install_fpm: true
 php_install_xdebug: false
 php_extra_packages: []
+php_xdebug_package: null
+php_autoremove_default_pool: false
 
 # php.ini config
 php_ini:
-  - key: 'date.timezone'
-    value: 'Europe/Paris'
-  - key: 'expose_php'
-    value: 'Off'
-  - key: 'memory_limit'
-    value: '256M'
-php_ini_fpm: []
-php_ini_cli: []
+  'date.timezone': 'Europe/Paris'
+  'expose_php': 'Off'
+  'memory_limit': '256M'
+php_ini_fpm: {}
+php_ini_cli: {}
 
 # OpCache settings
 php_opcache_enable: "1"
@@ -92,10 +91,10 @@ php_xdebug_var_display_max_depth: '3'
 
 # PHP-FPM
 php_fpm_poold:
-  - pool_name: 'www'
+  - name: 'www'
     listen: '{{ php_default_fpm_sock }}'
     pm: 'dynamic'
-    pm_max_children: 250
+    pm_max_children: 100
     pm_start_servers: 10
     pm_min_spare_servers: 10
     pm_max_spare_servers: 20

filter_plugins/php.py

@@ -0,0 +1,10 @@
+def php_socket(php_version, pool_name):
+    return '/run/php/php%s-%s-fpm.sock' % (php_version, pool_name)
+
+class FilterModule(object):
+    ''' PHP module '''
+
+    def filters(self):
+        return {
+            'php_socket': php_socket,
+        }

handlers/main.yml

@@ -1,5 +1,12 @@
 ---
 
-- name: restart php-fpm
-  service: name='{{ php_fpm_service }}' state=restarted
+- name: Restart php-fpm
+  ansible.builtin.service:
+    name: '{{ php_fpm_service }}'
+    state: restarted
   when: php_install_fpm
+  notify: Docker restart php-fpm
+
+- name: Docker restart php-fpm  # noqa: command-instead-of-module no-changed-when
+  ansible.builtin.command: 'service {{ php_fpm_service }} restart'
+  when: ansible_virtualization_type == 'docker'

meta/argument_specs.yml

@@ -0,0 +1,6 @@
+---
+
+argument_specs:
+  main:
+    short_description: Main entry point
+    options: {}

meta/main.yml

@@ -1,23 +1,35 @@
 ---
 galaxy_info:
   author: Emilien Mantel
-  description: Install and configure PHP 5.6/7.0/7.1 (+ FPM is wanted)
-  company:
+  role_name: php
+  namespace: hanxhx
+  description: Install and configure PHP 7.x/8.x
+  company: TripleStack
   license: GPLv2
-  min_ansible_version: 2.0
+  min_ansible_version: '2.11'
   platforms:
-  - name: Debian
-    versions:
-    - jessie
+    - name: Debian
+      versions:
+        - buster
+        - bullseye
+        - bookworm
+    - name: Ubuntu
+      versions:
+        - bionic
+    - name: FreeBSD
+      versions:
+        - '11.0'
+        - '11.1'
+        - '12.0'
   galaxy_tags:
-  - development
-  - web
-  - php
-  - php5.6
-  - php5
-  - php7
-  - php7.0
-  - php7.1
-  - debian
-dependencies: []
+    - development
+    - web
+    - php
+    - fpm
+    - php7
+    - php8
+    - debian
+    - ubuntu
+    - freebsd
 
+dependencies: []

molecule/_shared/Dockerfile.j2

@@ -0,0 +1,19 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN apt-get update && \
+	apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
+	&& apt-get clean

molecule/_shared/base.yml

@@ -0,0 +1,36 @@
+---
+
+scenario:
+  test_sequence:
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - destroy
+dependency:
+  name: galaxy
+  options:
+    requirements-file: ../../requirements.yml
+driver:
+  name: docker
+role_name_check: 1
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      deprecation_warnings: false
+      callback_whitelist: timer,profile_tasks
+      fact_caching: jsonfile
+      fact_caching_connection: ./cache
+      forks: 100
+    connection:
+      pipelining: true
+  playbooks:
+    converge: ../_shared/converge.yml
+    prepare: ../_shared/prepare.yml
+    verify: ../_shared/verify.yml
+verifier:
+  name: ansible

molecule/_shared/converge.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Converge
+  hosts: all
+  gather_facts: true
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: "hanxhx.php"
+  post_tasks:
+    - name: TEMPLATE | Nginx site config
+      ansible.builtin.template:
+        src: "../../tests/templates/nginx.conf.j2"
+        dest: "{{ __nginx_conf }}"
+        mode: 0644
+        owner: root
+        group: root
+      notify: Reload nginx
+  vars_files:
+    - vars/misc.yml

molecule/_shared/prepare.yml

@@ -0,0 +1,67 @@
+---
+
+- name: Prepare
+  hosts: all
+  gather_facts: true
+  vars_files:
+    - vars/misc.yml
+
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+
+  tasks:
+
+    - name: INCLUDE_TASKS | Pre tasks related to OS
+      ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml"
+
+    - name: USER | Create PHP user
+      ansible.builtin.user:
+        name: 'foo'
+        system: true
+        create_home: false
+        shell: '/usr/sbin/nologin'
+
+    - name: COMMAND | Fix nginx config
+      ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
+      args:
+        creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: LINEINFILE | Fix nginx config (second step)
+      ansible.builtin.lineinfile:
+        regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
+        line: "fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;"
+        dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: SERVICE | Ensure nginx is started
+      ansible.builtin.service:
+        name: nginx
+        state: started
+
+    - name: FILE | Create /var/www
+      ansible.builtin.file:
+        dest: /var/www
+        state: directory
+        owner: root
+        group: root
+        mode: 0755
+
+    - name: COPY | Add phpinfo
+      ansible.builtin.copy:
+        dest: /var/www/phpinfo.php
+        content: '<?php phpinfo();'
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: COPY | Add ini test file
+      ansible.builtin.copy:
+        dest: /var/www/ini.php
+        content: '<?php echo ini_get("memory_limit") . "\n";'
+        owner: root
+        group: root
+        mode: 0644

molecule/_shared/vars/misc.yml

@@ -0,0 +1,36 @@
+---
+
+# Force SysVinit, since systemd won't work in a Docker container
+ansible_service_mgr: "sysvinit"
+
+# ----------------------------------------
+# Copied from {role_dir}/tests/test.yml
+# ----------------------------------------
+vhost: 'test.local'
+php_extra_packages:
+  - '{{ php_package_prefix }}pgsql'
+php_install_xdebug: true
+php_autoremove_default_pool: true
+php_ini_fpm:
+  display_errors: 'Off'
+php_ini_cli:
+  error_reporting: 'E_ALL'
+php_fpm_poold:
+  - pool_name: 'test_ansible'
+    listen: '/run/php/php-ansible1.sock'
+    pm: 'dynamic'
+    pm_max_children: 250
+    pm_start_servers: 10
+    pm_min_spare_servers: 10
+    pm_max_spare_servers: 20
+    status_path: '/status'
+    ping_path: '/ping'
+    ping_response: 'ok'
+  - name: 'test_ansible2'
+    user: 'foo'
+    php_env:
+      foo: bar
+    php_value:
+      display_errors: 'Off'
+    php_admin_value:
+      memory_limit: '98M'

molecule/_shared/verify.yml

@@ -0,0 +1,74 @@
+---
+
+- name: Verify
+  hosts: all
+  gather_facts: true
+  vars_files:
+    - vars/misc.yml
+  tasks:
+
+    - name: COMMAND | Test php-cli
+      ansible.builtin.command: php -v
+      changed_when: false
+
+    - name: SHELL | Check vhost
+      ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep 'PHP Version'"
+      args:
+        executable: /bin/bash
+      changed_when: false
+      register: c
+      failed_when: c.stdout == ''
+
+    - name: BLOCK | Test explicit version
+      when: php_version is defined
+      block:
+
+        - name: SHELL | Test php-cli (explicit version)
+          ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
+          changed_when: false
+          register: p
+          failed_when: p.stdout == ''
+          args:
+            executable: /bin/bash
+
+        - name: SHELL | Check vhost
+          ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
+          args:
+            executable: /bin/bash
+          changed_when: false
+          register: c
+          failed_when: c.stdout == ''
+
+    - name: SHELL | Check custom php value  # noqa: command-instead-of-module
+      ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
+      changed_when: false
+      register: c
+      failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
+
+    - name: URI | Check ping
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
+      when: php_fpm_poold.0.ping_path is defined
+
+    - name: URI | Check status
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.status_path }}"
+      when: php_fpm_poold.0.status_path is defined
+
+    - name: Debian extra checks
+      when: ansible_os_family == 'Debian'
+      block:
+
+        - name: SHELL | Check if we installed multiple PHP versions
+          ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
+          args:
+            executable: /bin/bash
+          failed_when: false
+          changed_when: false
+          register: check_multiple_php
+
+
+        - name: FAIL | If we have multiple PHP version
+          ansible.builtin.fail:
+            msg: "Multiple PHP versions detected"
+          when: check_multiple_php.stdout != '1'

molecule/debian-10/molecule.yml

@@ -0,0 +1,32 @@
+---
+
+platforms:
+  - name: debian-10
+    image: dokken/debian-10
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+  - name: debian-10-php-7.4
+    image: dokken/debian-10
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf
+    host_vars:
+      debian-10-php-7.4:
+        php_version: '7.4'

molecule/debian-11/molecule.yml

@@ -0,0 +1,32 @@
+---
+
+platforms:
+  - name: debian-11
+    image: dokken/debian-11
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+  - name: debian-11-php-8.0
+    image: dokken/debian-11
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf
+    host_vars:
+      debian-11-php-8.0:
+        php_version: '8.0'

molecule/debian-12/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: debian-12
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-18.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-18.04
+    image: dokken/ubuntu-18.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-20.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-20.04
+    image: dokken/ubuntu-20.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-22.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-22.04
+    image: dokken/ubuntu-22.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

requirements.yml

@@ -0,0 +1,4 @@
+---
+
+collections:
+  - community.general

tasks/fpm.yml

@@ -1,21 +1,46 @@
 ---
 
-- name: APT | Install PHP-FPM
-  apt: pkg={{ php_fpm_service }} state=present
+- name: APT | Install PHP-FPM for Debian based systems
+  ansible.builtin.apt:
+    pkg: "{{ php_fpm_service }}"
+    state: "{{ 'present' if php_install_fpm else 'absent' }}"
+  when: ansible_os_family == 'Debian'
+
+- name: SERVICE | Enable service on FreeBSD
+  ansible.builtin.service:
+    name: "{{ php_fpm_service }}"
+    enabled: "{{ 'true' if php_install_fpm else 'false' }}"
+  when: ansible_os_family == 'FreeBSD'
 
 - name: LINEINFILE | PHP configuration
-  lineinfile: >
-    dest='{{ php_etc_dir }}/fpm/php.ini'
-    regexp='^;?{{ item.key }}'
-    line='{{ item.key }} = {{ item.value }}'
-  with_flattened:
-    - "{{ php_ini }}"
-    - "{{ php_ini_fpm }}"
-  notify: restart php-fpm
+  ansible.builtin.lineinfile:
+    dest: '{{ php_fpm_ini }}'
+    regexp: '^;?{{ item.key }}'
+    line: '{{ item.key }} = {{ item.value }}'
+    create: true
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ php_ini | combine(php_ini_fpm) | dict2items }}"
+  when: php_install_fpm | bool
+  notify: Restart php-fpm
 
 - name: TEMPLATE | Deploy pool configuration
-  template: >
-    src=etc/__php__/fpm/pool.d/pool.conf.j2
-    dest='{{ php_etc_dir }}/fpm/pool.d/{{ item.pool_name }}.conf'
-  with_items: "{{ php_fpm_poold }}"
-  notify: restart php-fpm
+  ansible.builtin.template:
+    src: etc/__php__/fpm/pool.d/pool.conf.j2
+    dest: '{{ php_fpm_pool_dir }}/{{ item.name }}.conf'
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ ansible_local.hanxhx_php.fpm_pool }}"
+  when: php_install_fpm | bool
+  notify: Restart php-fpm
+
+- name: FILE | Delete default pool if necessary
+  ansible.builtin.file:
+    path: "{{ php_fpm_pool_dir }}/www.conf"
+    state: absent
+  when:
+    - '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool'
+    - php_install_fpm | bool
+  notify: Restart php-fpm

tasks/main.yml

@@ -1,43 +1,125 @@
 ---
 
-- name: INCLUDE_VARS | Related to OS
-  include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
-
-- name: ASSERT | Check variables
-  assert:
-    that: "php_version in php_managed_versions"
-
-- name: INCLUDE_VARS | Related to PHP version
-  include_vars: "php-{{ php_version }}.yml"
-
-- name: APT | Update cache
-  apt: update_cache=yes cache_valid_time=3600
+- name: SHELL | Check if we are in multiple PHP distribution
+  ansible.builtin.shell: set -o pipefail && apt-cache search php xdebug | grep 'php[[:digit:]].[[:digit:]]'
+  args:
+    executable: /bin/bash
+  failed_when: false
   changed_when: false
+  register: multiple_php
+  when: ansible_os_family == 'Debian'
+
+- name: INCLUDE_VARS | Related to OS family
+  ansible.builtin.include_vars: "OS_Family_{{ ansible_os_family }}.yml"
+
+- name: INCLUDE_VARS | Related to OS version
+  ansible.builtin.include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml"
+    - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+
+- name: SET_FACT | Transform data
+  ansible.builtin.set_fact:
+    __php_fpm_full_pool: |
+      [
+      {% for p in php_fpm_poold %}
+        {
+          name: "{{ p.name | default(p.pool_name) }}",
+          listen: "{{ p.listen | default(php_version | php_socket(p.name | default(p.pool_name))) }}",
+          user: "{{ p.user | default(php_default_user_group) }}",
+          group: "{% if p.user is defined %}{{ p.group | default(p.user) }}{% else %}{{ p.group | default(php_default_user_group) }}{% endif %}",
+          php_env: {% if p.php_env is defined %}{{ p.php_env | to_nice_json }}{% else %}{}{% endif %},
+          php_value: {% if p.php_value is defined %}{{ p.php_value | to_nice_json }}{% else %}{}{% endif %},
+          php_admin_value: {% if p.php_admin_value is defined %}{{ p.php_admin_value | to_nice_json }}{% else %}{}{% endif %},
+          {% for k, v in p.items() | list %}
+          {% if k not in ['name', 'pool_name', 'listen', 'user', 'group', 'php_env', 'php_value', 'php_admin_value'] %}
+          {{ k }}: "{{ v }}"{% if not loop.last %},{% endif %}
+          {% endif %}
+          {% endfor %}
+        }{% if not loop.last %},{% endif %}
+      {% endfor %}
+      ]
+
+- name: SET_FACT | To YAML
+  ansible.builtin.set_fact:
+    php_fpm_full_pool: "{{ __php_fpm_full_pool | from_yaml }}"
+
+- name: FILE | Creates ansible facts.d
+  ansible.builtin.file:
+    path: /etc/ansible/facts.d
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: COPY | Manage facts
+  ansible.builtin.copy:
+    content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }} }"
+    dest: /etc/ansible/facts.d/hanxhx_php.fact
+    owner: root
+    group: root
+    mode: 0644
+  register: f
+  tags:
+    - skip_ansible_lint
+
+- name: SETUP | Gathers new facts
+  ansible.builtin.setup:
+  when: f.changed
+  tags:
+    - skip_ansible_lint
 
 - name: APT | Install PHP packages
-  apt: pkg={{ item }} state=present
-  with_flattened:
-    - "{{ php_packages }}"
-    - "{{ php_extra_packages }}"
-  notify: restart php-fpm
+  ansible.builtin.apt:
+    pkg: "{{ pkgs }}"
+    state: present
+    update_cache: true
+    cache_valid_time: 3600
+    install_recommends: false
+  vars:
+    pkgs: "{{ php_packages + php_extra_packages | flatten }}"
+  notify: Restart php-fpm
+  when: ansible_os_family == 'Debian'
 
-- name: INCLUDE | PHP-FPM
-  include: fpm.yml
-  when: php_install_fpm
+- name: PKGNG | Install PHP packages
+  community.general.pkgng:
+    name: "{{ php_packages + php_extra_packages | flatten | join(',') }}"
+  notify: Restart php-fpm
+  when: ansible_os_family == 'FreeBSD'
 
-- name: LINEINFILE | PHP configuration
-  lineinfile: >
-    dest='{{ php_etc_dir }}/cli/php.ini'
-    regexp='^;?{{ item.key }}'
-    line='{{ item.key }} = {{ item.value }}'
-  with_flattened:
-    - "{{ php_ini }}"
-    - "{{ php_ini_cli }}"
+- name: IMPORT_TASKS | PHP-FPM
+  ansible.builtin.import_tasks: fpm.yml
 
-- name: INCLUDE | Xdebug
-  include: xdebug.yml
-  when: php_install_xdebug
+- name: LINEINFILE | PHP CLI configuration
+  ansible.builtin.lineinfile:
+    dest: '{{ php_cli_ini }}'
+    regexp: '^;?{{ item.key }}'
+    line: '{{ item.key }} = {{ item.value }}'
+  loop: "{{ php_ini | combine(php_ini_cli) | dict2items }}"
+
+- name: IMPORT_TASKS | Xdebug
+  ansible.builtin.import_tasks: xdebug.yml
 
 - name: APT | Install and configure opcache
-  include: opcache.yml
+  ansible.builtin.import_tasks: opcache.yml
 
+- name: SERVICE | Ensure PHP-FPM is started
+  ansible.builtin.service:
+    name: '{{ php_fpm_service }}'
+    state: started
+  when: php_install_fpm and ansible_virtualization_type != 'docker'
+
+- name: BLOCK | Ensure PHP-FPM is started if running on Docker
+  when: php_install_fpm and ansible_virtualization_type == 'docker'
+  block:
+
+    - name: COMMAND | Check if PHP-FPM is started (Docker)  # noqa: command-instead-of-module
+      ansible.builtin.command: 'service {{ php_fpm_service }} status'
+      register: dps
+      changed_when: false
+      failed_when: false
+
+    - name: COMMAND | Ensure PHP-FPM is started (Docker)  # noqa: command-instead-of-module no-changed-when
+      ansible.builtin.command: 'service {{ php_fpm_service }} start'
+      when: dps.stdout.find('is not running') != -1

tasks/opcache.yml

@@ -1,20 +1,46 @@
 ---
 
-- name: APT | Install APCu
-  apt: pkg="{{ php_apt_prefix }}apcu" state=present
+- name: Install opcache/apcu on Debian
+  when: ansible_os_family == 'Debian'
+  block:
 
-- name: APT | Install Opcache
-  apt: pkg="{{ php_apt_prefix }}opcache" state=present
-  when: php_version | version_compare('7.0', 'ge')
+    - name: APT | Install APCu
+      ansible.builtin.apt:
+        pkg: "{{ php_apcu_package }}"
+        install_recommends: false
+
+    - name: APT | Install Opcache
+      ansible.builtin.apt:
+        pkg: "{{ php_package_prefix }}opcache"
+        install_recommends: false
+
+
+- name: Install opcache/apcu on FreeBSD
+  when: ansible_os_family == 'FreeBSD'
+  block:
+
+    - name: PKGNG | Install APCu
+      community.general.pkgng:
+        name: "php{{ php_version | replace('.', '') }}-pecl-APCu"
+
+    - name: PKGNG | Install Opcache
+      community.general.pkgng:
+        name: "{{ php_package_prefix }}opcache"
+
+- name: TEMPLATE | Configure Opcache
+  ansible.builtin.template:
+    src: "etc/__php__/mods-available/opcache.ini.j2"
+    dest: "{{ php_mods_dir }}/opcache.ini"
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart php-fpm
 
 - name: TEMPLATE | Configure APCu
-  template: >
-    src=etc/__php__/mods-available/opcache.ini.j2
-    dest="{{ php_mods_dir }}/opcache.ini"
-  notify: restart php-fpm
-
-- name: TEMPLATE | Configure APCu
-  template: >
-    src=etc/__php__/mods-available/apcu.ini.j2
-    dest={{ php_mods_dir }}/apcu.ini
-  notify: restart php-fpm
+  ansible.builtin.template:
+    src: "etc/__php__/mods-available/apcu.ini.j2"
+    dest: "{{ php_mods_dir }}/apcu.ini"
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart php-fpm

tasks/xdebug.yml

@@ -1,21 +1,44 @@
 ---
 
-- name: APT | Install php-xdebug
-  apt: >
-    pkg="{{ php_apt_prefix }}xdebug"
-    state=present
-    update_cache=yes
-    cache_valid_time=3600
+- name: BLOCK | Uninstall xdebug
+  when: php_install_xdebug
+  block:
 
-- name: SHELL | Get Xdebug version
-  shell: dpkg -l | awk '$2 ~ /xdebug$/ { print $3 }'
-  changed_when: false
-  register: xdebug_version
+    - name: APT | Install xdebug
+      ansible.builtin.apt:
+        pkg: "{{ php_xdebug_package }}"
+        state: present
+        update_cache: true
+        cache_valid_time: 3600
+        install_recommends: false
+      when: ansible_os_family == 'Debian'
 
-- name: TEMPLATE | Deploy module configurations
-  template: >
-    src=etc/__php__/mods-available/xdebug.ini.j2
-    dest={{ php_mods_dir }}/xdebug.ini
-    owner=root
-    mode=0644
-  notify: restart php-fpm
+    - name: PKGNG | Install xdebug
+      community.general.pkgng:
+        name: "{{ php_xdebug_package }}"
+      when: ansible_os_family == 'FreeBSD' and php_xdebug_package is defined
+
+    - name: TEMPLATE | Deploy module configurations
+      ansible.builtin.template:
+        src: "etc/__php__/mods-available/xdebug.ini.j2"
+        dest: "{{ php_mods_dir }}/xdebug.ini"
+        owner: root
+        mode: 0644
+      notify: Restart php-fpm
+
+
+- name: BLOCK | Uninstall xdebug
+  when: not php_install_xdebug
+  block:
+
+    - name: APT | Uninstall xdebug
+      ansible.builtin.apt:
+        pkg: "{{ php_xdebug_package }}"
+        state: absent
+      when: ansible_os_family == 'Debian'
+
+    - name: PKGNG | Uninstall xdebug
+      community.general.pkgng:
+        name: "{{ php_xdebug_package }}"
+        state: absent
+      when: ansible_os_family == 'FreeBSD'

templates/etc/__php__/fpm/pool.d/pool.conf.j2

@@ -1,7 +1,7 @@
-; Start a new pool named '{{ item.pool_name }}'.
+; Start a new pool named '{{ item.name }}'.
 ; the variable $pool can we used in any directive and will be replaced by the
-; pool name ('{{ item.pool_name }}' here)
-[{{ item.pool_name }}]
+; pool name ('{{ item.name }}' here)
+[{{ item.name }}]
 
 ; Per pool prefix
 ; It only applies on the following directives:
@@ -20,8 +20,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = {{ item.user | default('www-data') }}
-group = {{ item.group | default('www-data') }}
+user = {{ item.user }}
+group = {{ item.group }}
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
@@ -46,8 +46,8 @@ listen = {{ item.listen }}
 ; BSD-derived systems allow connections regardless of permissions.
 ; Default Values: user and group are set as the running user
 ;                 mode is set to 0660
-listen.owner = {{ item.listen_owner | default('www-data') }}
-listen.group = {{ item.listen_owner | default('www-data') }}
+listen.owner = {{ item.listen_owner | default(php_default_user_group) }}
+listen.group = {{ item.listen_owner | default(php_default_user_group) }}
 ;listen.mode = 0660
 ; When POSIX Access Control Lists are supported you can set them using
 ; these options, value is a comma separated list of user/group names.
@@ -95,7 +95,7 @@ listen.group = {{ item.listen_owner | default('www-data') }}
 ;             pm.process_idle_timeout   - The number of seconds after which
 ;                                         an idle process will be killed.
 ; Note: This value is mandatory.
-pm = {{ item.pm }}
+pm = {{ item.pm | default('dynamic') }}
 
 ; The number of child processes to be created when pm is set to 'static' and the
 ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
@@ -106,33 +106,33 @@ pm = {{ item.pm }}
 ; forget to tweak pm.* to fit your needs.
 ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 ; Note: This value is mandatory.
-pm.max_children = {{ item.pm_max_children }}
+pm.max_children = {{ item.pm_max_children | default('250') }}
 
 ; The number of child processes created on startup.
 ; Note: Used only when pm is set to 'dynamic'
 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = {{ item.pm_start_servers }}
+pm.start_servers = {{ item.pm_start_servers | default('10') }}
 
 ; The desired minimum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = {{ item.pm_min_spare_servers }}
+pm.min_spare_servers = {{ item.pm_min_spare_servers | default('10') }}
 
 ; The desired maximum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = {{ item.pm_max_spare_servers }}
+pm.max_spare_servers = {{ item.pm_max_spare_servers | default('20') }}
 
 ; The number of seconds after which an idle process will be killed.
 ; Note: Used only when pm is set to 'ondemand'
 ; Default Value: 10s
-;pm.process_idle_timeout = 10s;
+pm.process_idle_timeout = {{ item.pm_process_idle_timeout | default('10s') }};
 
 ; The number of requests each child process should execute before respawning.
 ; This can be useful to work around memory leaks in 3rd party libraries. For
 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 ; Default Value: 0
-;pm.max_requests = 500
+pm.max_requests = {{ item.pm_max_requests | default('0') }}
 
 ; The URI to view the FPM status page. If this value is not set, no URI will be
 ; recognized as a status page. It shows the following informations:
@@ -231,7 +231,11 @@ pm.max_spare_servers = {{ item.pm_max_spare_servers }}
 ;       anything, but it may not be a good idea to use the .php extension or it
 ;       may conflict with a real PHP file.
 ; Default Value: not set
-;pm.status_path = /status
+{% if item.status_path is defined %}
+pm.status_path = {{ item.status_path }}
+{% else %}
+;pm.status.path = /status
+{% endif %}
 
 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
 ; URI will be recognized as a ping page. This could be used to test from outside
@@ -243,12 +247,20 @@ pm.max_spare_servers = {{ item.pm_max_spare_servers }}
 ;       anything, but it may not be a good idea to use the .php extension or it
 ;       may conflict with a real PHP file.
 ; Default Value: not set
+{% if item.ping_path is defined %}
+ping.path = {{ item.ping_path }}
+{% else %}
 ;ping.path = /ping
+{% endif %}
 
 ; This directive may be used to customize the response of a ping request. The
 ; response is formatted as text/plain with a 200 response code.
 ; Default Value: pong
+{% if item.ping_response is defined %}
+ping.response = {{ item.ping_response }}
+{% else %}
 ;ping.response = pong
+{% endif %}
 
 ; The access log file
 ; Default: not set
@@ -357,7 +369,7 @@ chdir = /
 ; Note: on highloaded environement, this can cause some delay in the page
 ; process time (several ms).
 ; Default Value: no
-;catch_workers_output = yes
+catch_workers_output = {{ item.catch_workers_output | default('no') }}
 
 ; Clear environment in FPM workers
 ; Prevents arbitrary environment variables from reaching FPM worker processes
@@ -409,5 +421,19 @@ chdir = /
 ;php_admin_value[error_log] = /var/log/fpm-php.www.log
 ;php_admin_flag[log_errors] = on
 ;php_admin_value[memory_limit] = 32M
-
+{% if item.php_env is defined %}
+{% for k, v in item.php_env.items() | list %}
+env[{{ k }}] = {{ v }}
+{% endfor %}
+{% endif %}
+{% if item.php_value is defined %}
+{% for k, v in item.php_value.items() | list %}
+php_value[{{ k }}] = {{ v }}
+{% endfor %}
+{% endif %}
+{% if item.php_admin_value is defined %}
+{% for k, v in item.php_admin_value.items() | list %}
+php_admin_value[{{ k }}] = {{ v }}
+{% endfor %}
+{% endif %}
 ; vim:filetype=dosini

templates/etc/__php__/mods-available/xdebug.ini.j2

@@ -2,9 +2,6 @@
 ; priority=20
 zend_extension=xdebug.so
 
-{% if xdebug_version.stdout|version_compare('2.3', 'gt') %}
-{% endif %}
-
 xdebug_auto_trace={{ php_xdebug_auto_trace }}
 xdebug_cli_color={{ php_xdebug_cli_color }}
 xdebug_collect_assignments={{ php_xdebug_collect_assignments }}
@@ -29,9 +26,7 @@ xdebug_overload_var_dump={{ php_xdebug_overload_var_dump }}
 xdebug_profiler_append={{ php_xdebug_profiler_append }}
 xdebug_profiler_enable={{ php_xdebug_profiler_enable }}
 xdebug_profiler_enable_trigger={{ php_xdebug_profiler_enable_trigger }}
-{% if xdebug_version.stdout|version_compare('2.3', 'gt') %}
 xdebug_profiler_enable_trigger_value={{ php_xdebug_profiler_enable_trigger_value }}
-{% endif %}
 xdebug_profiler_output_dir={{ php_xdebug_profiler_output_dir }}
 xdebug_profiler_output_name={{ php_xdebug_profiler_output_name }}
 xdebug_remote_autostart={{ php_xdebug_remote_autostart }}
@@ -48,9 +43,7 @@ xdebug_show_exception_trace={{ php_xdebug_show_exception_trace }}
 xdebug_show_local_vars={{ php_xdebug_show_local_vars }}
 xdebug_show_mem_delta={{ php_xdebug_show_mem_delta }}
 xdebug_trace_enable_trigger={{ php_xdebug_trace_enable_trigger }}
-{% if xdebug_version.stdout|version_compare('2.3', 'gt') %}
 xdebug_trace_enable_trigger_value={{ php_xdebug_trace_enable_trigger_value }}
-{% endif %}
 xdebug_trace_format={{ php_xdebug_trace_format }}
 xdebug_trace_options={{ php_xdebug_trace_options }}
 xdebug_trace_output_dir={{ php_xdebug_trace_output_dir }}

tests/includes/Debian/sury.yml

@@ -0,0 +1,9 @@
+---
+
+- name: APT | Install Sury key
+  ansible.builtin.apt_key:
+    url: 'https://packages.sury.org/php/apt.gpg'
+
+- name: APT_REPOSITORY | Add Sury repository
+  ansible.builtin.apt_repository:
+    repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'

tests/includes/dotdeb.yml

@@ -1,7 +0,0 @@
----
-
-- name: APT | Install DotDeb key
-  apt_key: url='http://www.dotdeb.org/dotdeb.gpg' state=present
-
-- name: APT | Add Dotdeb repository
-  apt_repository: repo='deb http://packages.dotdeb.org {{ ansible_distribution_release }} all' state=present

tests/includes/pre_Debian.yml

@@ -0,0 +1,24 @@
+---
+
+- name: SET_FACT | Prepare test vars
+  ansible.builtin.set_fact:
+    __nginx_conf: /etc/nginx/nginx.conf
+
+- name: APT | Install packages
+  ansible.builtin.apt:
+    pkg: "{{ p }}"
+    update_cache: true
+    cache_valid_time: 3600
+  vars:
+    p:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - gpg
+      - lsb-release
+      - nginx
+      - vim
+
+- name: INCLUDE_TASKS | Sury (only if a specific php_version is defined)
+  ansible.builtin.include_tasks: Debian/sury.yml
+  when: php_version is defined

tests/includes/pre_FreeBSD.yml

@@ -0,0 +1,10 @@
+---
+
+- name: SET_FACT | Prepare test vars
+  ansible.builtin.set_fact:
+    __nginx_conf: /usr/local/etc/nginx/nginx.conf
+    php_xdebug_package: 'php72-pecl-xdebug-2.6.1'
+
+- name: PKGNG | Install packages
+  community.general.pkgng:
+    name: ['curl', 'nginx']

tests/includes/sury.yml

@@ -1,7 +0,0 @@
----
-
-- name: APT | Install Sury key
-  apt_key: url='https://packages.sury.org/php/apt.gpg' state=present
-
-- name: APT | Add Sury repository
-  apt_repository: repo='deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' state=present

tests/templates/nginx.conf.j2

@@ -0,0 +1,41 @@
+events {
+    worker_connections  1024;
+}
+
+user root;
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout  65;
+
+	server {
+		server_name {{ vhost }};
+
+		root /var/www;
+
+{% if ansible_local.hanxhx_php.fpm_pool.0.status_path is defined %}
+		location = {{ ansible_local.hanxhx_php.fpm_pool.0.status_path }} {
+			include fastcgi.conf;
+			fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
+		}
+{% endif %}
+{% if ansible_local.hanxhx_php.fpm_pool.0.ping_path is defined %}
+		location = {{ ansible_local.hanxhx_php.fpm_pool.0.ping_path }} {
+			include fastcgi.conf;
+			fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
+		}
+{% endif %}
+
+		location = /ini.php {
+			include fastcgi.conf;
+			fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.1.listen }};
+		}
+
+		location ~ \.php$ {
+			include fastcgi.conf;
+			fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
+		}
+	}
+}

tests/test.yml

@@ -1,56 +1,105 @@
 ---
 
 - hosts: all
+  name: Test all
   vars:
     vhost: 'test.local'
     php_extra_packages:
-      - '{{ php_apt_prefix }}recode'
+      - '{{ php_package_prefix }}pgsql'
     php_install_xdebug: true
+    php_autoremove_default_pool: true
+    php_ini_fpm:
+      display_errors: 'Off'
+    php_ini_cli:
+      error_reporting: 'E_ALL'
+    php_fpm_poold:
+      - pool_name: 'test_ansible'
+        listen: '/run/php/php-ansible1.sock'
+        pm: 'dynamic'
+        pm_max_children: 250
+        pm_start_servers: 10
+        pm_min_spare_servers: 10
+        pm_max_spare_servers: 20
+        status_path: '/status'
+        ping_path: '/ping'
+        ping_response: 'ok'
+      - name: 'test_ansible2'
+        user: 'foo'
+        php_env:
+          foo: bar
+        php_value:
+          display_errors: 'Off'
+        php_admin_value:
+          memory_limit: '98M'
 
   pre_tasks:
 
-    - name: APT | Install packages
-      apt: pkg={{ item }} update_cache=yes cache_valid_time=3600
-      with_items: ['apt-transport-https', 'curl', 'lsb-release', 'ca-certificates']
+    - name: INCLUDE_TASKS | Pre tasks related to OS
+      ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml"
 
-    - name: INCLUDE | Dotdeb
-      include: includes/dotdeb.yml
-      when: >
-        ansible_distribution_major_version | version_compare(8, 'eq') and
-        php_version | version_compare('7.0', 'eq')
-
-    - name: INCLUDE | Sury
-      include: includes/sury.yml
-      when: >
-        ansible_distribution_major_version | version_compare(9, 'le') and
-        php_version | version_compare('7.1', 'eq')
-
-    - name: APT | Install nginx
-      apt: pkg=nginx state=present update_cache=yes cache_valid_time=3600
-
-    - name: SHELL | Get nginx version
-      shell: nginx -V 2>&1 | awk -F '/' '/nginx version/ { print $2 }'
-      register: nginx_version
-      changed_when: false
-
-    - set_fact: nginx_include="fastcgi_params"
-      when: nginx_version.stdout | version_compare('1.6', '<', true)
-
-    - set_fact: nginx_include="fastcgi.conf"
-      when: nginx_version.stdout | version_compare('1.6', '>=', true)
+    - name: USER | Create PHP user
+      ansible.builtin.user:
+        name: 'foo'
+        system: true
+        create_home: false
+        shell: '/usr/sbin/nologin'
 
   tasks:
 
-    - name: COPY | Vhost
-      copy: >
-        dest=/etc/nginx/sites-enabled/{{ vhost }}
-        content='server { server_name {{ vhost }}; root /var/www; location ~ \.php$ { include {{ nginx_include }}; fastcgi_pass unix:{{ php_default_fpm_sock }};  } }'
-      notify: reload nginx
+    - name: TEMPLATE | Nginx site config
+      ansible.builtin.template:
+        src: "templates/nginx.conf.j2"
+        dest: "{{ __nginx_conf }}"
+        mode: 0644
+        owner: root
+        group: root
+      notify: Reload nginx
+
+    - name: COMMAND | Fix nginx config
+      ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
+      args:
+        creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: LINEINFILE | Fix nginx config (second step)
+      ansible.builtin.lineinfile:
+        regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
+        line: "fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;"
+        dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: SERVICE | Ensure nginx is started
+      ansible.builtin.service:
+        name: nginx
+        state: started
+      when: ansible_virtualization_type != 'docker'
+
+    - name: Start nginx if testing with Docker
+      when: ansible_virtualization_type == 'docker'
+      block:
+
+        - name: COMMAND | Docker nginx status  # noqa: command-instead-of-module
+          ansible.builtin.command: service nginx status
+          changed_when: false
+          failed_when: false
+          register: ngs
+
+        - name: COMMAND | Docker start nginx  # noqa: command-instead-of-module no-changed-when
+          ansible.builtin.command: service nginx start
+          when: ngs.stdout.find('nginx is not running') != -1
 
   handlers:
 
-    - name: reload nginx
-      service: name=nginx state=reloaded
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+      notify: Docker reload nginx
+
+    - name: Docker reload nginx  # noqa: command-instead-of-module no-changed-when
+      ansible.builtin.command: service nginx reload
+      notify: Docker reload nginx
+      when: ansible_virtualization_type == 'docker'
 
   roles:
     - ../../
@@ -58,21 +107,75 @@
   post_tasks:
 
     - name: SHELL | Test php-cli
-      shell: php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
+      ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
       changed_when: false
       register: p
       failed_when: p.stdout == ''
+      args:
+        executable: /bin/bash
 
     - name: FILE | Create /var/www
-      file: dest=/var/www state=directory
+      ansible.builtin.file:
+        dest: /var/www
+        state: directory
+        owner: root
+        group: root
+        mode: 0755
 
     - name: COPY | Add phpinfo
-      copy: dest=/var/www/phpinfo.php content='<?php phpinfo();'
+      ansible.builtin.copy:
+        dest: /var/www/phpinfo.php
+        content: '<?php phpinfo();'
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: COPY | Add ini test file
+      ansible.builtin.copy:
+        dest: /var/www/ini.php
+        content: '<?php echo ini_get("memory_limit") . "\n";'
+        owner: root
+        group: root
+        mode: 0644
 
     - name: SHELL | Check vhost
-      shell: "curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
+      ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
       args:
-        warn: false
+        executable: /bin/bash
       changed_when: false
       register: c
       failed_when: c.stdout == ''
+
+    - name: SHELL | Check custom php value  # noqa: command-instead-of-module
+      ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
+      changed_when: false
+      register: c
+      failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
+
+    - name: URI | Check ping
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
+      when: php_fpm_poold.0.ping_path is defined
+
+    - name: URI | Check status
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.status_path }}"
+      when: php_fpm_poold.0.status_path is defined
+
+    - name: Debian extra checks
+      when: ansible_os_family == 'Debian'
+      block:
+
+        - name: SHELL | Check if we installed multiple PHP versions
+          ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
+          args:
+            executable: /bin/bash
+          failed_when: false
+          changed_when: false
+          register: check_multiple_php
+
+
+        - name: FAIL | If we have multiple PHP version
+          ansible.builtin.fail:
+            msg: "Multiple PHP versions detected"
+          when: check_multiple_php.stdout != '1'

vars/Debian-8.yml

@@ -1,5 +0,0 @@
-php_default_version: '5.6'
-php_managed_versions:
-  - '5.6'
-  - '7.0'
-  - '7.1'

vars/Debian-9.yml

@@ -1,4 +0,0 @@
-php_default_version: '7.0'
-php_managed_versions:
-  - '7.0'
-  - '7.1'

vars/Debian-bookworm.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '8.2'

vars/Debian-bullseye.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.4'

vars/Debian-buster.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.3'

vars/FreeBSD-11.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.2'

vars/FreeBSD-12.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.2'

vars/OS_Family_Debian.yml

@@ -0,0 +1,24 @@
+---
+
+php_packages:
+  - '{{ php_package_prefix }}cli'
+  - '{{ php_package_prefix }}curl'
+  - '{{ php_package_prefix }}gd'
+  - '{{ php_package_prefix }}mysql'
+  - '{{ php_package_prefix }}intl'
+
+php_xdebug_package: '{% if multiple_php.rc == 0 %}{{ php_package_prefix }}{% else %}php-{% endif %}xdebug'
+php_apcu_package: '{% if multiple_php.rc == 0 %}{{ php_package_prefix }}{% else %}php-{% endif %}apcu'
+
+php_package_prefix: 'php{{ php_version }}-'
+
+php_mods_dir: '/etc/php/{{ php_version }}/mods-available'
+php_fpm_pool_dir: '/etc/php/{{ php_version }}/fpm/pool.d'
+
+php_fpm_service: 'php{{ php_version }}-fpm'
+php_default_fpm_sock: '/var/run/php/php{{ php_version }}-fpm.sock'
+
+php_cli_ini: '/etc/php/{{ php_version }}/cli/php.ini'
+php_fpm_ini: '/etc/php/{{ php_version }}/fpm/php.ini'
+
+php_default_user_group: 'www-data'

vars/OS_Family_FreeBSD.yml

@@ -0,0 +1,20 @@
+---
+
+php_packages:
+  - '{{ php_package_prefix }}curl'
+  - '{{ php_package_prefix }}gd'
+  - '{{ php_package_prefix }}mysqli'
+  - '{{ php_package_prefix }}intl'
+
+php_package_prefix: 'php{{ php_version | replace(".", "") }}-'
+
+php_mods_dir: '/usr/local/etc/php'
+php_fpm_pool_dir: '/usr/local/etc/php-fpm.d'
+
+php_fpm_service: 'php-fpm'
+php_default_fpm_sock: '/var/run/php-fpm.sock'
+
+php_cli_ini: '/usr/local/etc/php.ini'
+php_fpm_ini: '/usr/local/etc/php.ini'
+
+php_default_user_group: 'www'

vars/Ubuntu-bionic.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.2'

vars/Ubuntu-focal.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.4'

vars/Ubuntu-jammy.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '8.1'

vars/Ubuntu-xenial.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.0'

vars/main.yml

@@ -1,9 +0,0 @@
----
-
-php_packages:
-  - '{{ php_apt_prefix }}cli'
-  - '{{ php_apt_prefix }}curl'
-  - '{{ php_apt_prefix }}gd'
-  - '{{ php_apt_prefix }}mcrypt'
-  - '{{ php_mysql_package }}'
-  - '{{ php_apt_prefix }}intl'

vars/php-5.6.yml

@@ -1,8 +0,0 @@
----
-
-php_apt_prefix: 'php5-'
-php_etc_dir: '/etc/php5'
-php_fpm_service: 'php5-fpm'
-php_default_fpm_sock: '/var/run/php5-fpm.sock'
-php_mods_dir: '/etc/php5/mods-available'
-php_mysql_package: 'php5-mysqlnd'

vars/php-7.0.yml

@@ -1,8 +0,0 @@
----
-
-php_apt_prefix: 'php7.0-'
-php_etc_dir: '/etc/php/7.0'
-php_fpm_service: 'php7.0-fpm'
-php_default_fpm_sock: '/var/run/php/php7.0-fpm.sock'
-php_mods_dir: '/etc/php/7.0/mods-available'
-php_mysql_package: 'php7.0-mysql'

vars/php-7.1.yml

@@ -1,8 +0,0 @@
----
-
-php_apt_prefix: 'php7.1-'
-php_etc_dir: '/etc/php/7.1'
-php_fpm_service: 'php7.1-fpm'
-php_default_fpm_sock: '/var/run/php/php7.1-fpm.sock'
-php_mods_dir: '/etc/php/7.1/mods-available'
-php_mysql_package: 'php7.1-mysql'