Merge pull request #21 from HanXHX/improvements/misc

Many improvements

.ansible-lint

@@ -0,0 +1,8 @@
+---
+
+# TODO: enable later
+enable_list:
+  - fqcn-builtins
+
+skip_list:
+  - role-name

.github/workflows/ci.yml

@@ -0,0 +1,43 @@
+---
+
+name: ci
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+
+  yaml-lint:
+    name: YAML Lint
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Fetch code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  ansible-lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint-action@v6.15.0

.github/workflows/galaxy.yml

@@ -0,0 +1,17 @@
+---
+
+name: Deploy on Ansible Galaxy
+
+'on':
+  - push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: galaxy
+        uses: robertdebock/galaxy-action@1.2.0
+        with:
+          galaxy_api_key: ${{ secrets.galaxy_api_key }}

.github/workflows/molecule.yml

@@ -0,0 +1,35 @@
+---
+name: Molecule
+
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        scenario:
+          - debian-10
+          - debian-11
+          - debian-12
+          - ubuntu-18.04
+          - ubuntu-20.04
+          - ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: "${{ github.repository }}"
+
+      - name: Molecule
+        uses: gofrolist/molecule-action@v2.3.19
+        with:
+          molecule_options: --base-config molecule/_shared/base.yml
+          molecule_args: --scenario-name ${{ matrix.scenario }}
+          molecule_working_dir: "HanXHX/ansible-php"

.gitignore

@@ -2,3 +2,6 @@
 *.swp
 *.retry
 *.log
+/filter_plugins/*.pyc
+/filter_plugins/__pycache__
+/.idea

.travis.yml

@@ -1,46 +0,0 @@
-env:
-  - PLATFORM='docker-debian-stretch-php70' ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-debian-stretch-php71' ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-debian-stretch-php72' ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-debian-stretch-php73' ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-debian-buster-php73' ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-ubuntu-xenial-php70' ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-ubuntu-bionic-php72' ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-ubuntu-bionic-php72' ANSIBLE_VERSION='ansible>=2.6,<2.7'
-  - PLATFORM='docker-debian-stretch-php70' ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-debian-stretch-php71' ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-debian-stretch-php72' ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-debian-stretch-php73' ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-debian-buster-php73' ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-ubuntu-xenial-php70' ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-ubuntu-bionic-php72' ANSIBLE_VERSION='ansible>=2.7,<2.8'
-  - PLATFORM='docker-ubuntu-bionic-php72' ANSIBLE_VERSION='ansible>=2.7,<2.8'
-
-sudo: required
-
-dist: trusty
-
-language: python
-python: 2.7
-
-services:
-  - docker
-
-before_install:
-  - wget https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_x86_64.deb
-  - sudo dpkg -i vagrant_2.0.1_x86_64.deb
-
-install:
-  - pip install "$ANSIBLE_VERSION"
-
-script:
-  - VAGRANT_DEFAULT_PROVIDER=docker vagrant up $PLATFORM
-  - >
-    VAGRANT_DEFAULT_PROVIDER=docker vagrant provision $PLATFORM
-    | grep -q 'changed=0.*failed=0'
-    && (echo 'Idempotence test: pass' && exit 0)
-    || (echo 'Idempotence test: fail' && exit 1)
-  - VAGRANT_DEFAULT_PROVIDER=docker vagrant status
-
-notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint.yml

@@ -0,0 +1,6 @@
+---
+
+extends: default
+
+rules:
+  line-length: disable

README.md

@@ -1,21 +1,22 @@
 Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD
 =====================================================
 
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.php-blue.svg)](https://galaxy.ansible.com/HanXHX/php) [![Build Status](https://travis-ci.org/HanXHX/ansible-php.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-php)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) ![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-php/molecule.yml?branch=master)
 
 Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug.
 
 Managed OS / Versions
 ---------------------
 
-|         OS            |       PHP 7.0       |          PHP 7.1           |          PHP 7.2           |           PHP 7.3         |
+On all Debian versions, you can install all PHP versions by using [Sury's APT repository](https://deb.sury.org/).
-|:---------------------:|:-------------------:|:--------------------------:|:--------------------------:|:-------------------------:|
+
-| Debian Stretch (9)    | :heavy_check_mark:  | :heavy_check_mark: (Sury)  | :heavy_check_mark: (Sury)  | :heavy_check_mark: (Sury) |
+Other cases:
-| Debian Buster (10)    | :x:                 | :x:                        | :x:                        | :heavy_check_mark:        |
+
-| Ubuntu Xenial (16.04) | :heavy_check_mark:  | :x:                        | :x:                        | :x:                       |
+|         OS            |       PHP 7.0       |        PHP 7.1       |      PHP 7.2         |       PHP 7.3        |     PHP >= 7.4      |
-| Ubuntu Bionic (18.04) | :x:                 | :x:                        | :heavy_check_mark:         | :x:                       |
+|:---------------------:|:-------------------:|:--------------------:|:--------------------:|:--------------------:|:--------------------:
-| FreeBSD 11            | :heavy_check_mark:  | :heavy_check_mark:         | :heavy_check_mark:         | :heavy_check_mark:        |
+| Ubuntu Bionic (18.04) | :x:                 | :x:                  | :heavy_check_mark:   | :x:                  | :x:                 |
-| FreeBSD 12            | :heavy_check_mark:  | :heavy_check_mark:         | :heavy_check_mark:         | :heavy_check_mark:        |
+| FreeBSD 11            | :heavy_check_mark:  | :heavy_check_mark:   | :heavy_check_mark:   | :heavy_check_mark:   | Need tests...       |
+| FreeBSD 12            | :heavy_check_mark:  | :heavy_check_mark:   | :heavy_check_mark:   | :heavy_check_mark:   | Need tests...       |
 
 Links:
 - [Sury](https://deb.sury.org/)
@@ -23,13 +24,15 @@ Links:
 Requirements
 ------------
 
-If you need PHP-FPM, you must install a webserver with FastCGI support. You can use my [nginx role](https://github.com/HanXHX/ansible-nginx).
+- Ansible >= 2.11
+- Collections: [community.general](https://galaxy.ansible.com/community/general)
+- If you need PHP-FPM, you must install a webserver with FastCGI support. You can use my [nginx role](https://github.com/HanXHX/ansible-nginx).
 
 FreeBSD limitations
 -------------------
 
 - It doesn't split ini file for FPM/CLI. It's hardcoded as `/usr/local/etc/php.ini`.
-- It can't manage multiple PHP versions at the time (like old Debian versions)
+- It can't manage multiple PHP versions at the time (like legacy Debian versions)
 - You must explicitely set xdebug package name (use `pkg search xdebug` to find the good one)
 
 Role Variables
@@ -39,7 +42,7 @@ You should look at [default vars](defaults/main.yml).
 
 ### Writable vars
 
-- `php_version`: 7.0, 7.1, 7.2, 7.3
+- `php_version`: 7.3, 7.4... depending OS (see above)
 - `php_install_fpm`: boolean, install and manage php-fpm (default is true)
 - `php_install_xdebug`: boolean, install [Xdebug](http://xdebug.org)
 - `php_extra_packages`: additional php packages to install (default is an empty list).
@@ -56,7 +59,6 @@ Note:
 - Put specific configuration in `php_ini_fpm`/`php_ini_cli`.
 - You can override with `php_ini_fpm`/`php_ini_cli`, but it breaks idempotence.
 
-
 #### OpCache settings
 
 See [Opcache doc](https://secure.php.net/manual/en/opcache.configuration.php)
@@ -159,14 +161,14 @@ Example Playbook
 
     - hosts: servers
       roles:
-         - { role: HanXHX.php }
+         - { role: hanxhx.php }
 
-### Debian Stretch with PHP 7.2 CLI (no FPM)
+### Debian Bullseye with PHP 8.0 CLI (no FPM)
 
     - hosts: servers
       roles:
          - { role: HanXHX.sury }
-         - { role: HanXHX.php, php_version: '7.2', php_install_fpm: false }
+         - { role: hanxhx.php, php_version: '8.0', php_install_fpm: false }
 
 License
 -------

Vagrantfile

@@ -6,12 +6,10 @@
 Vagrant.configure("2") do |config|
 
   vms_debian = [
-    { :name => "debian-stretch-php70", :box => "debian/stretch64", :vars => { }},
-    { :name => "debian-stretch-php71", :box => "debian/stretch64", :vars => { "php_version": '7.1' }},
-    { :name => "debian-stretch-php72", :box => "debian/stretch64", :vars => { "php_version": '7.2' }},
-    { :name => "debian-stretch-php73", :box => "debian/stretch64", :vars => { "php_version": '7.3' }},
     { :name => "debian-buster-php73",   :box => "debian/buster64",   :vars => { }},
-    { :name => "ubuntu-xenial-php70",  :box => "ubuntu/xenial64",  :vars => { }},
+    { :name => "debian-buster-php74",   :box => "debian/buster64",   :vars => { "php_version": '7.4' }},
+    { :name => "debian-bullseye-php74", :box => "debian/bullseye64", :vars => { }},
+    { :name => "debian-bullseye-php80", :box => "debian/bullseye64", :vars => { "php_version": '8.0' }},
     { :name => "ubuntu-bionic-php72",   :box => "ubuntu/bionic64",   :vars => { }},
   ]
 
@@ -21,12 +19,10 @@ Vagrant.configure("2") do |config|
   ]
 
   conts = [
-    { :name => "docker-debian-stretch-php70", :docker => "hanxhx/vagrant-ansible:debian9",     :vars => { }},
-    { :name => "docker-debian-stretch-php71", :docker => "hanxhx/vagrant-ansible:debian9",     :vars => { "php_version": '7.1' }},
-    { :name => "docker-debian-stretch-php72", :docker => "hanxhx/vagrant-ansible:debian9",     :vars => { "php_version": '7.2' }},
-    { :name => "docker-debian-stretch-php73", :docker => "hanxhx/vagrant-ansible:debian9",     :vars => { "php_version": '7.3' }},
     { :name => "docker-debian-buster-php73",   :docker => "hanxhx/vagrant-ansible:debian10",    :vars => { }},
-    { :name => "docker-ubuntu-xenial-php70",  :docker => "hanxhx/vagrant-ansible:ubuntu16.04", :vars => { }},
+    { :name => "docker-debian-buster-php74",   :docker => "hanxhx/vagrant-ansible:debian10",    :vars => { "php_version": '7.4' }},
+    { :name => "docker-debian-bullseye-php74", :docker => "hanxhx/vagrant-ansible:debian11",    :vars => { }},
+    { :name => "docker-debian-bullseye-php80", :docker => "hanxhx/vagrant-ansible:debian11",    :vars => { "php_version": '8.0' }},
     { :name => "docker-ubuntu-bionic-php72",   :docker => "hanxhx/vagrant-ansible:ubuntu18.04", :vars => { }},
   ]
 
@@ -39,7 +35,8 @@ Vagrant.configure("2") do |config|
         d.remains_running = true
         d.has_ssh = true
       end
-      m.vm.provision "shell", inline: "apt-get update && apt-get install -y python python-apt"
+
+      #m.vm.provision "shell", inline: "apt-get update && apt-get install -y python python-apt"
       m.vm.provision "ansible" do |ansible|
         ansible.playbook = "tests/test.yml"
         ansible.verbose = 'vv'
@@ -57,6 +54,7 @@ Vagrant.configure("2") do |config|
         v.memory = 256
       end
       m.vm.provision "shell", inline: "apt-get update && apt-get install -y ifupdown python"
+
       m.vm.provision "ansible" do |ansible|
         ansible.playbook = "tests/test.yml"
         ansible.verbose = 'vv'

defaults/main.yml

@@ -5,6 +5,7 @@ php_install_fpm: true
 php_install_xdebug: false
 php_extra_packages: []
 php_xdebug_package: null
+php_autoremove_default_pool: false
 
 # php.ini config
 php_ini:
@@ -90,10 +91,10 @@ php_xdebug_var_display_max_depth: '3'
 
 # PHP-FPM
 php_fpm_poold:
-  - pool_name: 'www'
+  - name: 'www'
     listen: '{{ php_default_fpm_sock }}'
     pm: 'dynamic'
-    pm_max_children: 250
+    pm_max_children: 100
     pm_start_servers: 10
     pm_min_spare_servers: 10
     pm_max_spare_servers: 20

filter_plugins/php.py

@@ -0,0 +1,10 @@
+def php_socket(php_version, pool_name):
+    return '/run/php/php%s-%s-fpm.sock' % (php_version, pool_name)
+
+class FilterModule(object):
+    ''' PHP module '''
+
+    def filters(self):
+        return {
+            'php_socket': php_socket,
+        }

handlers/main.yml

@@ -1,14 +1,12 @@
 ---
 
-- name: restart php-fpm
+- name: Restart php-fpm
-  service:
+  ansible.builtin.service:
     name: '{{ php_fpm_service }}'
     state: restarted
   when: php_install_fpm
-  notify: docker restart php-fpm
+  notify: Docker restart php-fpm
 
-- name: docker restart php-fpm
+- name: Docker restart php-fpm  # noqa: command-instead-of-module no-changed-when
-  command: 'service {{ php_fpm_service }} restart'
+  ansible.builtin.command: 'service {{ php_fpm_service }} restart'
-  args:
-    warn: false
   when: ansible_virtualization_type == 'docker'

meta/argument_specs.yml

@@ -0,0 +1,6 @@
+---
+
+argument_specs:
+  main:
+    short_description: Main entry point
+    options: {}

meta/main.yml

@@ -1,32 +1,35 @@
 ---
 galaxy_info:
   author: Emilien Mantel
-  description: Install and configure PHP 7.0/7.1/7.2/7.3
+  role_name: php
-  company:
+  namespace: hanxhx
+  description: Install and configure PHP 7.x/8.x
+  company: TripleStack
   license: GPLv2
-  min_ansible_version: 2.6
+  min_ansible_version: '2.11'
   platforms:
     - name: Debian
       versions:
-    - stretch
         - buster
+        - bullseye
+        - bookworm
     - name: Ubuntu
       versions:
-    - xenial
         - bionic
     - name: FreeBSD
       versions:
-    - 11.0
+        - '11.0'
-    - 11.1
+        - '11.1'
-    - 12.0
+        - '12.0'
   galaxy_tags:
     - development
     - web
     - php
-  - php-fpm
+    - fpm
     - php7
+    - php8
     - debian
     - ubuntu
     - freebsd
-dependencies: []
 
+dependencies: []

molecule/_shared/Dockerfile.j2

@@ -0,0 +1,19 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN apt-get update && \
+	apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
+	&& apt-get clean

molecule/_shared/base.yml

@@ -0,0 +1,36 @@
+---
+
+scenario:
+  test_sequence:
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - destroy
+dependency:
+  name: galaxy
+  options:
+    requirements-file: ../../requirements.yml
+driver:
+  name: docker
+role_name_check: 1
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      deprecation_warnings: false
+      callback_whitelist: timer,profile_tasks
+      fact_caching: jsonfile
+      fact_caching_connection: ./cache
+      forks: 100
+    connection:
+      pipelining: true
+  playbooks:
+    converge: ../_shared/converge.yml
+    prepare: ../_shared/prepare.yml
+    verify: ../_shared/verify.yml
+verifier:
+  name: ansible

molecule/_shared/converge.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Converge
+  hosts: all
+  gather_facts: true
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: "hanxhx.php"
+  post_tasks:
+    - name: TEMPLATE | Nginx site config
+      ansible.builtin.template:
+        src: "../../tests/templates/nginx.conf.j2"
+        dest: "{{ __nginx_conf }}"
+        mode: 0644
+        owner: root
+        group: root
+      notify: Reload nginx
+  vars_files:
+    - vars/misc.yml

molecule/_shared/prepare.yml

@@ -0,0 +1,67 @@
+---
+
+- name: Prepare
+  hosts: all
+  gather_facts: true
+  vars_files:
+    - vars/misc.yml
+
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+
+  tasks:
+
+    - name: INCLUDE_TASKS | Pre tasks related to OS
+      ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml"
+
+    - name: USER | Create PHP user
+      ansible.builtin.user:
+        name: 'foo'
+        system: true
+        create_home: false
+        shell: '/usr/sbin/nologin'
+
+    - name: COMMAND | Fix nginx config
+      ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
+      args:
+        creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: LINEINFILE | Fix nginx config (second step)
+      ansible.builtin.lineinfile:
+        regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
+        line: "fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;"
+        dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: SERVICE | Ensure nginx is started
+      ansible.builtin.service:
+        name: nginx
+        state: started
+
+    - name: FILE | Create /var/www
+      ansible.builtin.file:
+        dest: /var/www
+        state: directory
+        owner: root
+        group: root
+        mode: 0755
+
+    - name: COPY | Add phpinfo
+      ansible.builtin.copy:
+        dest: /var/www/phpinfo.php
+        content: '<?php phpinfo();'
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: COPY | Add ini test file
+      ansible.builtin.copy:
+        dest: /var/www/ini.php
+        content: '<?php echo ini_get("memory_limit") . "\n";'
+        owner: root
+        group: root
+        mode: 0644

molecule/_shared/vars/misc.yml

@@ -0,0 +1,36 @@
+---
+
+# Force SysVinit, since systemd won't work in a Docker container
+ansible_service_mgr: "sysvinit"
+
+# ----------------------------------------
+# Copied from {role_dir}/tests/test.yml
+# ----------------------------------------
+vhost: 'test.local'
+php_extra_packages:
+  - '{{ php_package_prefix }}pgsql'
+php_install_xdebug: true
+php_autoremove_default_pool: true
+php_ini_fpm:
+  display_errors: 'Off'
+php_ini_cli:
+  error_reporting: 'E_ALL'
+php_fpm_poold:
+  - pool_name: 'test_ansible'
+    listen: '/run/php/php-ansible1.sock'
+    pm: 'dynamic'
+    pm_max_children: 250
+    pm_start_servers: 10
+    pm_min_spare_servers: 10
+    pm_max_spare_servers: 20
+    status_path: '/status'
+    ping_path: '/ping'
+    ping_response: 'ok'
+  - name: 'test_ansible2'
+    user: 'foo'
+    php_env:
+      foo: bar
+    php_value:
+      display_errors: 'Off'
+    php_admin_value:
+      memory_limit: '98M'

molecule/_shared/verify.yml

@@ -0,0 +1,74 @@
+---
+
+- name: Verify
+  hosts: all
+  gather_facts: true
+  vars_files:
+    - vars/misc.yml
+  tasks:
+
+    - name: COMMAND | Test php-cli
+      ansible.builtin.command: php -v
+      changed_when: false
+
+    - name: SHELL | Check vhost
+      ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep 'PHP Version'"
+      args:
+        executable: /bin/bash
+      changed_when: false
+      register: c
+      failed_when: c.stdout == ''
+
+    - name: BLOCK | Test explicit version
+      when: php_version is defined
+      block:
+
+        - name: SHELL | Test php-cli (explicit version)
+          ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
+          changed_when: false
+          register: p
+          failed_when: p.stdout == ''
+          args:
+            executable: /bin/bash
+
+        - name: SHELL | Check vhost
+          ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
+          args:
+            executable: /bin/bash
+          changed_when: false
+          register: c
+          failed_when: c.stdout == ''
+
+    - name: SHELL | Check custom php value  # noqa: command-instead-of-module
+      ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
+      changed_when: false
+      register: c
+      failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
+
+    - name: URI | Check ping
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
+      when: php_fpm_poold.0.ping_path is defined
+
+    - name: URI | Check status
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.status_path }}"
+      when: php_fpm_poold.0.status_path is defined
+
+    - name: Debian extra checks
+      when: ansible_os_family == 'Debian'
+      block:
+
+        - name: SHELL | Check if we installed multiple PHP versions
+          ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
+          args:
+            executable: /bin/bash
+          failed_when: false
+          changed_when: false
+          register: check_multiple_php
+
+
+        - name: FAIL | If we have multiple PHP version
+          ansible.builtin.fail:
+            msg: "Multiple PHP versions detected"
+          when: check_multiple_php.stdout != '1'

molecule/debian-10/molecule.yml

@@ -0,0 +1,32 @@
+---
+
+platforms:
+  - name: debian-10
+    image: dokken/debian-10
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+  - name: debian-10-php-7.4
+    image: dokken/debian-10
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf
+    host_vars:
+      debian-10-php-7.4:
+        php_version: '7.4'

molecule/debian-11/molecule.yml

@@ -0,0 +1,32 @@
+---
+
+platforms:
+  - name: debian-11
+    image: dokken/debian-11
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+  - name: debian-11-php-8.0
+    image: dokken/debian-11
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf
+    host_vars:
+      debian-11-php-8.0:
+        php_version: '8.0'

molecule/debian-12/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: debian-12
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-18.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-18.04
+    image: dokken/ubuntu-18.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-20.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-20.04
+    image: dokken/ubuntu-20.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-22.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-22.04
+    image: dokken/ubuntu-22.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

requirements.yml

@@ -0,0 +1,4 @@
+---
+
+collections:
+  - community.general

tasks/fpm.yml

@@ -1,36 +1,46 @@
 ---
 
 - name: APT | Install PHP-FPM for Debian based systems
-  apt:
+  ansible.builtin.apt:
     pkg: "{{ php_fpm_service }}"
     state: "{{ 'present' if php_install_fpm else 'absent' }}"
   when: ansible_os_family == 'Debian'
 
 - name: SERVICE | Enable service on FreeBSD
-  service:
+  ansible.builtin.service:
     name: "{{ php_fpm_service }}"
-    enabled: "{{ 'yes' if php_install_fpm else 'no' }}"
+    enabled: "{{ 'true' if php_install_fpm else 'false' }}"
   when: ansible_os_family == 'FreeBSD'
 
 - name: LINEINFILE | PHP configuration
-  lineinfile:
+  ansible.builtin.lineinfile:
-    dest: '{{ php_cli_ini }}'
+    dest: '{{ php_fpm_ini }}'
     regexp: '^;?{{ item.key }}'
     line: '{{ item.key }} = {{ item.value }}'
-    create: yes
+    create: true
+    owner: root
+    group: root
+    mode: 0644
   loop: "{{ php_ini | combine(php_ini_fpm) | dict2items }}"
-  notify: restart php-fpm
+  when: php_install_fpm | bool
+  notify: Restart php-fpm
 
 - name: TEMPLATE | Deploy pool configuration
-  template:
+  ansible.builtin.template:
     src: etc/__php__/fpm/pool.d/pool.conf.j2
-    dest: '{{ php_fpm_pool_dir }}/{{ item.pool_name }}.conf'
+    dest: '{{ php_fpm_pool_dir }}/{{ item.name }}.conf'
-  loop: "{{ php_fpm_poold }}"
+    owner: root
-  notify: restart php-fpm
+    group: root
+    mode: 0644
+  loop: "{{ ansible_local.hanxhx_php.fpm_pool }}"
+  when: php_install_fpm | bool
+  notify: Restart php-fpm
 
 - name: FILE | Delete default pool if necessary
-  file:
+  ansible.builtin.file:
     path: "{{ php_fpm_pool_dir }}/www.conf"
     state: absent
-  when: '"www" not in (php_fpm_poold | map(attribute="pool_name") | list)'
+  when:
-  notify: restart php-fpm
+    - '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool'
+    - php_install_fpm | bool
+  notify: Restart php-fpm

tasks/main.yml

@@ -1,73 +1,125 @@
 ---
 
-- name: SET_FACT | Bypass https://github.com/ansible/ansible/issues/19874
+- name: SHELL | Check if we are in multiple PHP distribution
-  set_fact:
+  ansible.builtin.shell: set -o pipefail && apt-cache search php xdebug | grep 'php[[:digit:]].[[:digit:]]'
-    ansible_distribution_release: 'buster'
+  args:
-  when: ansible_facts.distribution_major_version == "buster/sid"
+    executable: /bin/bash
+  failed_when: false
+  changed_when: false
+  register: multiple_php
+  when: ansible_os_family == 'Debian'
 
 - name: INCLUDE_VARS | Related to OS family
-  include_vars: "OS_Family_{{ ansible_os_family }}.yml"
+  ansible.builtin.include_vars: "OS_Family_{{ ansible_os_family }}.yml"
 
 - name: INCLUDE_VARS | Related to OS version
-  include_vars: "{{ item }}"
+  ansible.builtin.include_vars: "{{ item }}"
   with_first_found:
     - "{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml"
     - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
     - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
 
+- name: SET_FACT | Transform data
+  ansible.builtin.set_fact:
+    __php_fpm_full_pool: |
+      [
+      {% for p in php_fpm_poold %}
+        {
+          name: "{{ p.name | default(p.pool_name) }}",
+          listen: "{{ p.listen | default(php_version | php_socket(p.name | default(p.pool_name))) }}",
+          user: "{{ p.user | default(php_default_user_group) }}",
+          group: "{% if p.user is defined %}{{ p.group | default(p.user) }}{% else %}{{ p.group | default(php_default_user_group) }}{% endif %}",
+          php_env: {% if p.php_env is defined %}{{ p.php_env | to_nice_json }}{% else %}{}{% endif %},
+          php_value: {% if p.php_value is defined %}{{ p.php_value | to_nice_json }}{% else %}{}{% endif %},
+          php_admin_value: {% if p.php_admin_value is defined %}{{ p.php_admin_value | to_nice_json }}{% else %}{}{% endif %},
+          {% for k, v in p.items() | list %}
+          {% if k not in ['name', 'pool_name', 'listen', 'user', 'group', 'php_env', 'php_value', 'php_admin_value'] %}
+          {{ k }}: "{{ v }}"{% if not loop.last %},{% endif %}
+          {% endif %}
+          {% endfor %}
+        }{% if not loop.last %},{% endif %}
+      {% endfor %}
+      ]
+
+- name: SET_FACT | To YAML
+  ansible.builtin.set_fact:
+    php_fpm_full_pool: "{{ __php_fpm_full_pool | from_yaml }}"
+
+- name: FILE | Creates ansible facts.d
+  ansible.builtin.file:
+    path: /etc/ansible/facts.d
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: COPY | Manage facts
+  ansible.builtin.copy:
+    content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }} }"
+    dest: /etc/ansible/facts.d/hanxhx_php.fact
+    owner: root
+    group: root
+    mode: 0644
+  register: f
+  tags:
+    - skip_ansible_lint
+
+- name: SETUP | Gathers new facts
+  ansible.builtin.setup:
+  when: f.changed
+  tags:
+    - skip_ansible_lint
+
 - name: APT | Install PHP packages
-  apt:
+  ansible.builtin.apt:
-    pkg: "{{ item }}"
+    pkg: "{{ pkgs }}"
     state: present
-    update_cache: yes
+    update_cache: true
     cache_valid_time: 3600
-  loop: "{{ php_packages + php_extra_packages | flatten }}"
+    install_recommends: false
-  notify: restart php-fpm
+  vars:
+    pkgs: "{{ php_packages + php_extra_packages | flatten }}"
+  notify: Restart php-fpm
   when: ansible_os_family == 'Debian'
 
 - name: PKGNG | Install PHP packages
-  pkgng:
+  community.general.pkgng:
-    name: "{{ item }}"
+    name: "{{ php_packages + php_extra_packages | flatten | join(',') }}"
-  loop: "{{ php_packages + php_extra_packages | flatten }}"
+  notify: Restart php-fpm
-  notify: restart php-fpm
   when: ansible_os_family == 'FreeBSD'
 
 - name: IMPORT_TASKS | PHP-FPM
-  import_tasks: fpm.yml
+  ansible.builtin.import_tasks: fpm.yml
 
 - name: LINEINFILE | PHP CLI configuration
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: '{{ php_cli_ini }}'
     regexp: '^;?{{ item.key }}'
     line: '{{ item.key }} = {{ item.value }}'
   loop: "{{ php_ini | combine(php_ini_cli) | dict2items }}"
 
 - name: IMPORT_TASKS | Xdebug
-  import_tasks: xdebug.yml
+  ansible.builtin.import_tasks: xdebug.yml
 
 - name: APT | Install and configure opcache
-  import_tasks: opcache.yml
+  ansible.builtin.import_tasks: opcache.yml
 
 - name: SERVICE | Ensure PHP-FPM is started
-  service:
+  ansible.builtin.service:
     name: '{{ php_fpm_service }}'
     state: started
   when: php_install_fpm and ansible_virtualization_type != 'docker'
 
-- block:
+- name: BLOCK | Ensure PHP-FPM is started if running on Docker
+  when: php_install_fpm and ansible_virtualization_type == 'docker'
+  block:
 
-  - name: COMMAND | Check if PHP-FPM is started (Docker)
+    - name: COMMAND | Check if PHP-FPM is started (Docker)  # noqa: command-instead-of-module
-    command: 'service {{ php_fpm_service }} status'
+      ansible.builtin.command: 'service {{ php_fpm_service }} status'
-    args:
-      warn: false
       register: dps
       changed_when: false
       failed_when: false
 
-  - name: COMMAND | Ensure PHP-FPM is started (Docker)
+    - name: COMMAND | Ensure PHP-FPM is started (Docker)  # noqa: command-instead-of-module no-changed-when
-    command: 'service {{ php_fpm_service }} start'
+      ansible.builtin.command: 'service {{ php_fpm_service }} start'
-    args:
-      warn: false
       when: dps.stdout.find('is not running') != -1
-
-  when: php_install_fpm and ansible_virtualization_type == 'docker'

tasks/opcache.yml

@@ -1,37 +1,46 @@
 ---
 
-- block:
+- name: Install opcache/apcu on Debian
+  when: ansible_os_family == 'Debian'
+  block:
 
     - name: APT | Install APCu
-    apt:
+      ansible.builtin.apt:
-      pkg: "php-apcu"
+        pkg: "{{ php_apcu_package }}"
+        install_recommends: false
 
     - name: APT | Install Opcache
-    apt:
+      ansible.builtin.apt:
         pkg: "{{ php_package_prefix }}opcache"
+        install_recommends: false
 
-  when: ansible_os_family == 'Debian'
 
-- block:
+- name: Install opcache/apcu on FreeBSD
+  when: ansible_os_family == 'FreeBSD'
+  block:
 
     - name: PKGNG | Install APCu
-    pkgng:
+      community.general.pkgng:
         name: "php{{ php_version | replace('.', '') }}-pecl-APCu"
 
     - name: PKGNG | Install Opcache
-    pkgng:
+      community.general.pkgng:
         name: "{{ php_package_prefix }}opcache"
 
-  when: ansible_os_family == 'FreeBSD'
-
 - name: TEMPLATE | Configure Opcache
-  template:
+  ansible.builtin.template:
     src: "etc/__php__/mods-available/opcache.ini.j2"
     dest: "{{ php_mods_dir }}/opcache.ini"
-  notify: restart php-fpm
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart php-fpm
 
 - name: TEMPLATE | Configure APCu
-  template:
+  ansible.builtin.template:
     src: "etc/__php__/mods-available/apcu.ini.j2"
     dest: "{{ php_mods_dir }}/apcu.ini"
-  notify: restart php-fpm
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart php-fpm

tasks/xdebug.yml

@@ -1,41 +1,44 @@
 ---
 
-- block:
+- name: BLOCK | Uninstall xdebug
+  when: php_install_xdebug
+  block:
 
     - name: APT | Install xdebug
-    apt:
+      ansible.builtin.apt:
         pkg: "{{ php_xdebug_package }}"
         state: present
-      update_cache: yes
+        update_cache: true
         cache_valid_time: 3600
+        install_recommends: false
       when: ansible_os_family == 'Debian'
 
     - name: PKGNG | Install xdebug
-    pkgng:
+      community.general.pkgng:
         name: "{{ php_xdebug_package }}"
       when: ansible_os_family == 'FreeBSD' and php_xdebug_package is defined
 
     - name: TEMPLATE | Deploy module configurations
-    template:
+      ansible.builtin.template:
         src: "etc/__php__/mods-available/xdebug.ini.j2"
         dest: "{{ php_mods_dir }}/xdebug.ini"
         owner: root
         mode: 0644
-    notify: restart php-fpm
+      notify: Restart php-fpm
 
-  when: php_install_xdebug
 
-- block:
+- name: BLOCK | Uninstall xdebug
+  when: not php_install_xdebug
+  block:
 
     - name: APT | Uninstall xdebug
-    apt:
+      ansible.builtin.apt:
         pkg: "{{ php_xdebug_package }}"
         state: absent
       when: ansible_os_family == 'Debian'
 
-  - name: PKGNG | Install xdebug
+    - name: PKGNG | Uninstall xdebug
-    pkgng:
+      community.general.pkgng:
         name: "{{ php_xdebug_package }}"
-    when: ansible_os_family == 'FreeBSD' and php_xdebug_package is defined
+        state: absent
-
+      when: ansible_os_family == 'FreeBSD'
-  when: not php_install_xdebug

templates/etc/__php__/fpm/pool.d/pool.conf.j2

@@ -1,7 +1,7 @@
-; Start a new pool named '{{ item.pool_name }}'.
+; Start a new pool named '{{ item.name }}'.
 ; the variable $pool can we used in any directive and will be replaced by the
-; pool name ('{{ item.pool_name }}' here)
+; pool name ('{{ item.name }}' here)
-[{{ item.pool_name }}]
+[{{ item.name }}]
 
 ; Per pool prefix
 ; It only applies on the following directives:
@@ -20,8 +20,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = {{ item.user | default(php_default_user_group) }}
+user = {{ item.user }}
-group = {{ item.group | default(php_default_user_group) }}
+group = {{ item.group }}
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
@@ -95,7 +95,7 @@ listen.group = {{ item.listen_owner | default(php_default_user_group) }}
 ;             pm.process_idle_timeout   - The number of seconds after which
 ;                                         an idle process will be killed.
 ; Note: This value is mandatory.
-pm = {{ item.pm }}
+pm = {{ item.pm | default('dynamic') }}
 
 ; The number of child processes to be created when pm is set to 'static' and the
 ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
@@ -106,33 +106,33 @@ pm = {{ item.pm }}
 ; forget to tweak pm.* to fit your needs.
 ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 ; Note: This value is mandatory.
-pm.max_children = {{ item.pm_max_children }}
+pm.max_children = {{ item.pm_max_children | default('250') }}
 
 ; The number of child processes created on startup.
 ; Note: Used only when pm is set to 'dynamic'
 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = {{ item.pm_start_servers }}
+pm.start_servers = {{ item.pm_start_servers | default('10') }}
 
 ; The desired minimum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = {{ item.pm_min_spare_servers }}
+pm.min_spare_servers = {{ item.pm_min_spare_servers | default('10') }}
 
 ; The desired maximum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = {{ item.pm_max_spare_servers }}
+pm.max_spare_servers = {{ item.pm_max_spare_servers | default('20') }}
 
 ; The number of seconds after which an idle process will be killed.
 ; Note: Used only when pm is set to 'ondemand'
 ; Default Value: 10s
-;pm.process_idle_timeout = 10s;
+pm.process_idle_timeout = {{ item.pm_process_idle_timeout | default('10s') }};
 
 ; The number of requests each child process should execute before respawning.
 ; This can be useful to work around memory leaks in 3rd party libraries. For
 ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 ; Default Value: 0
-;pm.max_requests = 500
+pm.max_requests = {{ item.pm_max_requests | default('0') }}
 
 ; The URI to view the FPM status page. If this value is not set, no URI will be
 ; recognized as a status page. It shows the following informations:
@@ -369,7 +369,7 @@ chdir = /
 ; Note: on highloaded environement, this can cause some delay in the page
 ; process time (several ms).
 ; Default Value: no
-;catch_workers_output = yes
+catch_workers_output = {{ item.catch_workers_output | default('no') }}
 
 ; Clear environment in FPM workers
 ; Prevents arbitrary environment variables from reaching FPM worker processes
@@ -421,5 +421,19 @@ chdir = /
 ;php_admin_value[error_log] = /var/log/fpm-php.www.log
 ;php_admin_flag[log_errors] = on
 ;php_admin_value[memory_limit] = 32M
-
+{% if item.php_env is defined %}
+{% for k, v in item.php_env.items() | list %}
+env[{{ k }}] = {{ v }}
+{% endfor %}
+{% endif %}
+{% if item.php_value is defined %}
+{% for k, v in item.php_value.items() | list %}
+php_value[{{ k }}] = {{ v }}
+{% endfor %}
+{% endif %}
+{% if item.php_admin_value is defined %}
+{% for k, v in item.php_admin_value.items() | list %}
+php_admin_value[{{ k }}] = {{ v }}
+{% endfor %}
+{% endif %}
 ; vim:filetype=dosini

tests/includes/Debian/sury.yml

@@ -1,9 +1,9 @@
 ---
 
 - name: APT | Install Sury key
-  apt_key:
+  ansible.builtin.apt_key:
     url: 'https://packages.sury.org/php/apt.gpg'
 
 - name: APT_REPOSITORY | Add Sury repository
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'

tests/includes/pre_Debian.yml

@@ -1,24 +1,24 @@
 ---
 
 - name: SET_FACT | Prepare test vars
-  set_fact:
+  ansible.builtin.set_fact:
     __nginx_conf: /etc/nginx/nginx.conf
 
 - name: APT | Install packages
-  apt:
+  ansible.builtin.apt:
     pkg: "{{ p }}"
-    update_cache: yes
+    update_cache: true
     cache_valid_time: 3600
   vars:
     p:
       - apt-transport-https
       - ca-certificates
       - curl
+      - gpg
       - lsb-release
       - nginx
+      - vim
 
-- name: INCLUDE_TASKS | Sury
+- name: INCLUDE_TASKS | Sury (only if a specific php_version is defined)
-  include_tasks: Debian/sury.yml
+  ansible.builtin.include_tasks: Debian/sury.yml
-  when:
+  when: php_version is defined
-    (ansible_distribution_major_version is version('9', 'eq')) and
-    (php_version is version('7.1', 'ge'))

tests/includes/pre_FreeBSD.yml

@@ -1,10 +1,10 @@
 ---
 
 - name: SET_FACT | Prepare test vars
-  set_fact:
+  ansible.builtin.set_fact:
     __nginx_conf: /usr/local/etc/nginx/nginx.conf
     php_xdebug_package: 'php72-pecl-xdebug-2.6.1'
 
 - name: PKGNG | Install packages
-  pkgng:
+  community.general.pkgng:
     name: ['curl', 'nginx']

tests/templates/nginx.conf.j2

@@ -2,7 +2,7 @@ events {
     worker_connections  1024;
 }
 
-user {{ php_default_user_group }};
+user root;
 
 http {
     include       mime.types;
@@ -15,22 +15,27 @@ http {
 
 		root /var/www;
 
-{% if php_fpm_poold.0.status_path is defined %}
+{% if ansible_local.hanxhx_php.fpm_pool.0.status_path is defined %}
-		location = {{ php_fpm_poold.0.status_path }} {
+		location = {{ ansible_local.hanxhx_php.fpm_pool.0.status_path }} {
 			include fastcgi.conf;
-			fastcgi_pass unix:{{ php_default_fpm_sock }};
+			fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
 		}
 {% endif %}
-{% if php_fpm_poold.0.ping_path is defined %}
+{% if ansible_local.hanxhx_php.fpm_pool.0.ping_path is defined %}
-		location = {{ php_fpm_poold.0.ping_path }} {
+		location = {{ ansible_local.hanxhx_php.fpm_pool.0.ping_path }} {
 			include fastcgi.conf;
-			fastcgi_pass unix:{{ php_default_fpm_sock }};
+			fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
 		}
 {% endif %}
 
+		location = /ini.php {
+			include fastcgi.conf;
+			fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.1.listen }};
+		}
+
 		location ~ \.php$ {
 			include fastcgi.conf;
-			fastcgi_pass unix:{{ php_default_fpm_sock }};
+			fastcgi_pass unix:{{ ansible_local.hanxhx_php.fpm_pool.0.listen }};
 		}
 	}
 }

tests/test.yml

@@ -1,18 +1,20 @@
 ---
 
 - hosts: all
+  name: Test all
   vars:
     vhost: 'test.local'
     php_extra_packages:
-      - '{{ php_package_prefix }}recode'
+      - '{{ php_package_prefix }}pgsql'
     php_install_xdebug: true
+    php_autoremove_default_pool: true
     php_ini_fpm:
       display_errors: 'Off'
     php_ini_cli:
       error_reporting: 'E_ALL'
     php_fpm_poold:
       - pool_name: 'test_ansible'
-        listen: '{{ php_default_fpm_sock }}'
+        listen: '/run/php/php-ansible1.sock'
         pm: 'dynamic'
         pm_max_children: 250
         pm_start_servers: 10
@@ -21,70 +23,82 @@
         status_path: '/status'
         ping_path: '/ping'
         ping_response: 'ok'
+      - name: 'test_ansible2'
+        user: 'foo'
+        php_env:
+          foo: bar
+        php_value:
+          display_errors: 'Off'
+        php_admin_value:
+          memory_limit: '98M'
 
   pre_tasks:
 
     - name: INCLUDE_TASKS | Pre tasks related to OS
-      include_tasks: "includes/pre_{{ ansible_os_family }}.yml"
+      ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml"
+
+    - name: USER | Create PHP user
+      ansible.builtin.user:
+        name: 'foo'
+        system: true
+        create_home: false
+        shell: '/usr/sbin/nologin'
 
   tasks:
 
     - name: TEMPLATE | Nginx site config
-      template:
+      ansible.builtin.template:
         src: "templates/nginx.conf.j2"
         dest: "{{ __nginx_conf }}"
-      notify: reload nginx
+        mode: 0644
+        owner: root
+        group: root
+      notify: Reload nginx
 
     - name: COMMAND | Fix nginx config
-      command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
+      ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
       args:
         creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
-      notify: reload nginx
+      notify: Reload nginx
 
     - name: LINEINFILE | Fix nginx config (second step)
-      lineinfile:
+      ansible.builtin.lineinfile:
         regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
         line: "fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;"
         dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
-      notify: reload nginx
+      notify: Reload nginx
 
     - name: SERVICE | Ensure nginx is started
-      service:
+      ansible.builtin.service:
         name: nginx
         state: started
       when: ansible_virtualization_type != 'docker'
 
-    - block:
+    - name: Start nginx if testing with Docker
+      when: ansible_virtualization_type == 'docker'
+      block:
 
-      - name: COMMAND | Docker nginx status
+        - name: COMMAND | Docker nginx status  # noqa: command-instead-of-module
-        command: service nginx status
+          ansible.builtin.command: service nginx status
-        args:
-          warn: false
           changed_when: false
           failed_when: false
           register: ngs
 
-      - name: COMMAND | Docker start nginx
+        - name: COMMAND | Docker start nginx  # noqa: command-instead-of-module no-changed-when
-        command: service nginx start
+          ansible.builtin.command: service nginx start
-        args:
-          warn: false
           when: ngs.stdout.find('nginx is not running') != -1
 
-      when: ansible_virtualization_type == 'docker'
-
   handlers:
 
-    - name: reload nginx
+    - name: Reload nginx
-      service:
+      ansible.builtin.service:
         name: nginx
         state: reloaded
-      notify: docker reload nginx
+      notify: Docker reload nginx
 
-    - name: docker reload nginx
+    - name: Docker reload nginx  # noqa: command-instead-of-module no-changed-when
-      command: service nginx reload
+      ansible.builtin.command: service nginx reload
-      args:
+      notify: Docker reload nginx
-        warn: false
-      notify: docker reload nginx
       when: ansible_virtualization_type == 'docker'
 
   roles:
@@ -93,35 +107,75 @@
   post_tasks:
 
     - name: SHELL | Test php-cli
-      shell: php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
+      ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
       changed_when: false
       register: p
       failed_when: p.stdout == ''
+      args:
+        executable: /bin/bash
 
     - name: FILE | Create /var/www
-      file:
+      ansible.builtin.file:
         dest: /var/www
         state: directory
+        owner: root
+        group: root
+        mode: 0755
 
     - name: COPY | Add phpinfo
-      copy:
+      ansible.builtin.copy:
         dest: /var/www/phpinfo.php
         content: '<?php phpinfo();'
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: COPY | Add ini test file
+      ansible.builtin.copy:
+        dest: /var/www/ini.php
+        content: '<?php echo ini_get("memory_limit") . "\n";'
+        owner: root
+        group: root
+        mode: 0644
 
     - name: SHELL | Check vhost
-      shell: "curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
+      ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
       args:
-        warn: false
+        executable: /bin/bash
       changed_when: false
       register: c
       failed_when: c.stdout == ''
 
+    - name: SHELL | Check custom php value  # noqa: command-instead-of-module
+      ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
+      changed_when: false
+      register: c
+      failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
+
     - name: URI | Check ping
-      uri:
+      ansible.builtin.uri:
         url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
       when: php_fpm_poold.0.ping_path is defined
 
     - name: URI | Check status
-      uri:
+      ansible.builtin.uri:
         url: "http://localhost{{ php_fpm_poold.0.status_path }}"
       when: php_fpm_poold.0.status_path is defined
+
+    - name: Debian extra checks
+      when: ansible_os_family == 'Debian'
+      block:
+
+        - name: SHELL | Check if we installed multiple PHP versions
+          ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
+          args:
+            executable: /bin/bash
+          failed_when: false
+          changed_when: false
+          register: check_multiple_php
+
+
+        - name: FAIL | If we have multiple PHP version
+          ansible.builtin.fail:
+            msg: "Multiple PHP versions detected"
+          when: check_multiple_php.stdout != '1'

vars/Debian-bookworm.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '8.2'

vars/Debian-bullseye.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.4'

vars/Debian-buster.yml

@@ -1 +1,3 @@
+---
+
 php_default_version: '7.3'

vars/Debian-stretch.yml

@@ -1 +0,0 @@
-php_default_version: '7.0'

vars/FreeBSD-11.yml

@@ -1 +1,3 @@
+---
+
 php_default_version: '7.2'

vars/FreeBSD-12.yml

@@ -1 +1,3 @@
+---
+
 php_default_version: '7.2'

vars/OS_Family_Debian.yml

@@ -7,7 +7,8 @@ php_packages:
   - '{{ php_package_prefix }}mysql'
   - '{{ php_package_prefix }}intl'
 
-php_xdebug_package: 'php-xdebug'
+php_xdebug_package: '{% if multiple_php.rc == 0 %}{{ php_package_prefix }}{% else %}php-{% endif %}xdebug'
+php_apcu_package: '{% if multiple_php.rc == 0 %}{{ php_package_prefix }}{% else %}php-{% endif %}apcu'
 
 php_package_prefix: 'php{{ php_version }}-'
 

vars/Ubuntu-bionic.yml

@@ -1 +1,3 @@
+---
+
 php_default_version: '7.2'

vars/Ubuntu-focal.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.4'

vars/Ubuntu-jammy.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '8.1'

vars/Ubuntu-xenial.yml

@@ -1 +1,3 @@
+---
+
 php_default_version: '7.0'