Merge pull request #21 from HanXHX/improvements/misc

Many improvements

.github/workflows/ci.yml

@@ -0,0 +1,43 @@
+---
+
+name: ci
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+
+  yaml-lint:
+    name: YAML Lint
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Fetch code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  ansible-lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint-action@v6.15.0

.github/workflows/galaxy.yml

@@ -0,0 +1,17 @@
+---
+
+name: Deploy on Ansible Galaxy
+
+'on':
+  - push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: galaxy
+        uses: robertdebock/galaxy-action@1.2.0
+        with:
+          galaxy_api_key: ${{ secrets.galaxy_api_key }}

.github/workflows/molecule.yml

@@ -0,0 +1,35 @@
+---
+name: Molecule
+
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        scenario:
+          - debian-10
+          - debian-11
+          - debian-12
+          - ubuntu-18.04
+          - ubuntu-20.04
+          - ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: "${{ github.repository }}"
+
+      - name: Molecule
+        uses: gofrolist/molecule-action@v2.3.19
+        with:
+          molecule_options: --base-config molecule/_shared/base.yml
+          molecule_args: --scenario-name ${{ matrix.scenario }}
+          molecule_working_dir: "HanXHX/ansible-php"

.gitignore

@@ -4,3 +4,4 @@
 *.log
 /filter_plugins/*.pyc
 /filter_plugins/__pycache__
+/.idea

.travis.yml

@@ -1,55 +0,0 @@
----
-
-env:
-  global:
-    - VAGRANT_VERSION='2.2.18'
-  jobs:
-    - PLATFORM='docker-debian-stretch-php70'  ANSIBLE_VERSION='>=2.11,<2.12'
-    - PLATFORM='docker-debian-stretch-php74'  ANSIBLE_VERSION='>=2.11,<2.12'
-    - PLATFORM='docker-debian-buster-php73'   ANSIBLE_VERSION='>=2.11,<2.12'
-    - PLATFORM='docker-debian-bullseye-php74' ANSIBLE_VERSION='>=2.11,<2.12'
-    - PLATFORM='docker-debian-bullseye-php80' ANSIBLE_VERSION='>=2.11,<2.12'
-    - PLATFORM='docker-debian-buster-php74'   ANSIBLE_VERSION='>=2.11,<2.12'
-    - PLATFORM='docker-ubuntu-bionic-php72'   ANSIBLE_VERSION='>=2.11,<2.12'
-
-os:
-  - linux
-dist: focal
-
-language: python
-python:
-  - 3.8
-
-services:
-  - docker
-
-before_install:
-  - sudo apt-get -q update
-  - sudo apt-get install -y yamllint
-  - sudo wget -nv https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb
-  - sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb
-
-install:
-  - sudo pip install "ansible-core$ANSIBLE_VERSION"
-  - sudo pip install ansible-lint
-  - ansible-galaxy collection install community.general
-
-script:
-  - VAGRANT_DEFAULT_PROVIDER=docker vagrant up $PLATFORM
-  - >
-    VAGRANT_DEFAULT_PROVIDER=docker vagrant provision $PLATFORM
-    | grep -q 'changed=0.*failed=0'
-    && (echo 'Idempotence test: pass' && exit 0)
-    || (echo 'Idempotence test: fail' && exit 1)
-  - VAGRANT_DEFAULT_PROVIDER=docker vagrant status
-  - >
-    yamllint .
-    && (echo 'YAML lint test: pass' && exit 0)
-    || (echo 'YAML lint test: fail' && exit 1)
-  - >
-    ansible-lint -v tests/test.yml
-    && (echo 'Ansible lint test: pass' && exit 0)
-    || (echo 'Ansible lint test: fail' && exit 1)
-
-notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/

README.md

@@ -1,14 +1,14 @@
 Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD
 =====================================================
 
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.php-blue.svg)](https://galaxy.ansible.com/HanXHX/php) [![Build Status](https://app.travis-ci.com/HanXHX/ansible-php.svg?branch=master)](https://app.travis-ci.com/HanXHX/ansible-php)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) ![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-php/molecule.yml?branch=master)
 
 Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug.
 
 Managed OS / Versions
 ---------------------
 
-On all Debian versions, you can install all PHP versions (from PHP 5.6 to 8.1 beta) by using [Sury's APT repository](https://deb.sury.org/).
+On all Debian versions, you can install all PHP versions by using [Sury's APT repository](https://deb.sury.org/).
 
 Other cases:
 
@@ -161,14 +161,14 @@ Example Playbook
 
     - hosts: servers
       roles:
-         - { role: HanXHX.php }
+         - { role: hanxhx.php }
 
 ### Debian Bullseye with PHP 8.0 CLI (no FPM)
 
     - hosts: servers
       roles:
          - { role: HanXHX.sury }
-         - { role: HanXHX.php, php_version: '8.0', php_install_fpm: false }
+         - { role: hanxhx.php, php_version: '8.0', php_install_fpm: false }
 
 License
 -------

Vagrantfile

@@ -6,8 +6,6 @@
 Vagrant.configure("2") do |config|
 
   vms_debian = [
-    { :name => "debian-stretch-php70",  :box => "debian/stretch64",  :vars => { }},
-    { :name => "debian-stretch-php74",  :box => "debian/stretch64",  :vars => { "php_version": '7.4' }},
     { :name => "debian-buster-php73",   :box => "debian/buster64",   :vars => { }},
     { :name => "debian-buster-php74",   :box => "debian/buster64",   :vars => { "php_version": '7.4' }},
     { :name => "debian-bullseye-php74", :box => "debian/bullseye64", :vars => { }},
@@ -21,8 +19,6 @@ Vagrant.configure("2") do |config|
   ]
 
   conts = [
-    { :name => "docker-debian-stretch-php70",  :docker => "hanxhx/vagrant-ansible:debian9",     :vars => { }},
-    { :name => "docker-debian-stretch-php74",  :docker => "hanxhx/vagrant-ansible:debian9",     :vars => { "php_version": '7.4' }},
     { :name => "docker-debian-buster-php73",   :docker => "hanxhx/vagrant-ansible:debian10",    :vars => { }},
     { :name => "docker-debian-buster-php74",   :docker => "hanxhx/vagrant-ansible:debian10",    :vars => { "php_version": '7.4' }},
     { :name => "docker-debian-bullseye-php74", :docker => "hanxhx/vagrant-ansible:debian11",    :vars => { }},

handlers/main.yml

@@ -1,14 +1,12 @@
 ---
 
-- name: restart php-fpm
+- name: Restart php-fpm
   ansible.builtin.service:
     name: '{{ php_fpm_service }}'
     state: restarted
   when: php_install_fpm
-  notify: docker restart php-fpm
+  notify: Docker restart php-fpm
 
-- name: docker restart php-fpm
+- name: Docker restart php-fpm  # noqa: command-instead-of-module no-changed-when
   ansible.builtin.command: 'service {{ php_fpm_service }} restart'
-  args:
-    warn: false
   when: ansible_virtualization_type == 'docker'

meta/argument_specs.yml

@@ -0,0 +1,6 @@
+---
+
+argument_specs:
+  main:
+    short_description: Main entry point
+    options: {}

meta/main.yml

@@ -1,24 +1,26 @@
 ---
 galaxy_info:
   author: Emilien Mantel
-  description: Install and configure PHP 7.0/7.1/7.2/7.3/7.4/8.0
-  company:
+  role_name: php
+  namespace: hanxhx
+  description: Install and configure PHP 7.x/8.x
+  company: TripleStack
   license: GPLv2
-  min_ansible_version: 2.11
+  min_ansible_version: '2.11'
   platforms:
     - name: Debian
       versions:
-        - stretch
         - buster
         - bullseye
+        - bookworm
     - name: Ubuntu
       versions:
         - bionic
     - name: FreeBSD
       versions:
-        - 11.0
-        - 11.1
-        - 12.0
+        - '11.0'
+        - '11.1'
+        - '12.0'
   galaxy_tags:
     - development
     - web
@@ -29,4 +31,5 @@ galaxy_info:
     - debian
     - ubuntu
     - freebsd
+
 dependencies: []

molecule/_shared/Dockerfile.j2

@@ -0,0 +1,19 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN apt-get update && \
+	apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
+	&& apt-get clean

molecule/_shared/base.yml

@@ -0,0 +1,36 @@
+---
+
+scenario:
+  test_sequence:
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - destroy
+dependency:
+  name: galaxy
+  options:
+    requirements-file: ../../requirements.yml
+driver:
+  name: docker
+role_name_check: 1
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      deprecation_warnings: false
+      callback_whitelist: timer,profile_tasks
+      fact_caching: jsonfile
+      fact_caching_connection: ./cache
+      forks: 100
+    connection:
+      pipelining: true
+  playbooks:
+    converge: ../_shared/converge.yml
+    prepare: ../_shared/prepare.yml
+    verify: ../_shared/verify.yml
+verifier:
+  name: ansible

molecule/_shared/converge.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Converge
+  hosts: all
+  gather_facts: true
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: "hanxhx.php"
+  post_tasks:
+    - name: TEMPLATE | Nginx site config
+      ansible.builtin.template:
+        src: "../../tests/templates/nginx.conf.j2"
+        dest: "{{ __nginx_conf }}"
+        mode: 0644
+        owner: root
+        group: root
+      notify: Reload nginx
+  vars_files:
+    - vars/misc.yml

molecule/_shared/prepare.yml

@@ -0,0 +1,67 @@
+---
+
+- name: Prepare
+  hosts: all
+  gather_facts: true
+  vars_files:
+    - vars/misc.yml
+
+  handlers:
+    - name: Reload nginx
+      ansible.builtin.service:
+        name: nginx
+        state: reloaded
+
+  tasks:
+
+    - name: INCLUDE_TASKS | Pre tasks related to OS
+      ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml"
+
+    - name: USER | Create PHP user
+      ansible.builtin.user:
+        name: 'foo'
+        system: true
+        create_home: false
+        shell: '/usr/sbin/nologin'
+
+    - name: COMMAND | Fix nginx config
+      ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
+      args:
+        creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: LINEINFILE | Fix nginx config (second step)
+      ansible.builtin.lineinfile:
+        regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
+        line: "fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;"
+        dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
+      notify: Reload nginx
+
+    - name: SERVICE | Ensure nginx is started
+      ansible.builtin.service:
+        name: nginx
+        state: started
+
+    - name: FILE | Create /var/www
+      ansible.builtin.file:
+        dest: /var/www
+        state: directory
+        owner: root
+        group: root
+        mode: 0755
+
+    - name: COPY | Add phpinfo
+      ansible.builtin.copy:
+        dest: /var/www/phpinfo.php
+        content: '<?php phpinfo();'
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: COPY | Add ini test file
+      ansible.builtin.copy:
+        dest: /var/www/ini.php
+        content: '<?php echo ini_get("memory_limit") . "\n";'
+        owner: root
+        group: root
+        mode: 0644

molecule/_shared/vars/misc.yml

@@ -0,0 +1,36 @@
+---
+
+# Force SysVinit, since systemd won't work in a Docker container
+ansible_service_mgr: "sysvinit"
+
+# ----------------------------------------
+# Copied from {role_dir}/tests/test.yml
+# ----------------------------------------
+vhost: 'test.local'
+php_extra_packages:
+  - '{{ php_package_prefix }}pgsql'
+php_install_xdebug: true
+php_autoremove_default_pool: true
+php_ini_fpm:
+  display_errors: 'Off'
+php_ini_cli:
+  error_reporting: 'E_ALL'
+php_fpm_poold:
+  - pool_name: 'test_ansible'
+    listen: '/run/php/php-ansible1.sock'
+    pm: 'dynamic'
+    pm_max_children: 250
+    pm_start_servers: 10
+    pm_min_spare_servers: 10
+    pm_max_spare_servers: 20
+    status_path: '/status'
+    ping_path: '/ping'
+    ping_response: 'ok'
+  - name: 'test_ansible2'
+    user: 'foo'
+    php_env:
+      foo: bar
+    php_value:
+      display_errors: 'Off'
+    php_admin_value:
+      memory_limit: '98M'

molecule/_shared/verify.yml

@@ -0,0 +1,74 @@
+---
+
+- name: Verify
+  hosts: all
+  gather_facts: true
+  vars_files:
+    - vars/misc.yml
+  tasks:
+
+    - name: COMMAND | Test php-cli
+      ansible.builtin.command: php -v
+      changed_when: false
+
+    - name: SHELL | Check vhost
+      ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep 'PHP Version'"
+      args:
+        executable: /bin/bash
+      changed_when: false
+      register: c
+      failed_when: c.stdout == ''
+
+    - name: BLOCK | Test explicit version
+      when: php_version is defined
+      block:
+
+        - name: SHELL | Test php-cli (explicit version)
+          ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
+          changed_when: false
+          register: p
+          failed_when: p.stdout == ''
+          args:
+            executable: /bin/bash
+
+        - name: SHELL | Check vhost
+          ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
+          args:
+            executable: /bin/bash
+          changed_when: false
+          register: c
+          failed_when: c.stdout == ''
+
+    - name: SHELL | Check custom php value  # noqa: command-instead-of-module
+      ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
+      changed_when: false
+      register: c
+      failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
+
+    - name: URI | Check ping
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
+      when: php_fpm_poold.0.ping_path is defined
+
+    - name: URI | Check status
+      ansible.builtin.uri:
+        url: "http://localhost{{ php_fpm_poold.0.status_path }}"
+      when: php_fpm_poold.0.status_path is defined
+
+    - name: Debian extra checks
+      when: ansible_os_family == 'Debian'
+      block:
+
+        - name: SHELL | Check if we installed multiple PHP versions
+          ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
+          args:
+            executable: /bin/bash
+          failed_when: false
+          changed_when: false
+          register: check_multiple_php
+
+
+        - name: FAIL | If we have multiple PHP version
+          ansible.builtin.fail:
+            msg: "Multiple PHP versions detected"
+          when: check_multiple_php.stdout != '1'

molecule/debian-10/molecule.yml

@@ -0,0 +1,32 @@
+---
+
+platforms:
+  - name: debian-10
+    image: dokken/debian-10
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+  - name: debian-10-php-7.4
+    image: dokken/debian-10
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf
+    host_vars:
+      debian-10-php-7.4:
+        php_version: '7.4'

molecule/debian-11/molecule.yml

@@ -0,0 +1,32 @@
+---
+
+platforms:
+  - name: debian-11
+    image: dokken/debian-11
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+  - name: debian-11-php-8.0
+    image: dokken/debian-11
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf
+    host_vars:
+      debian-11-php-8.0:
+        php_version: '8.0'

molecule/debian-12/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: debian-12
+    image: dokken/debian-12
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-18.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-18.04
+    image: dokken/ubuntu-18.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-20.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-20.04
+    image: dokken/ubuntu-20.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

molecule/ubuntu-22.04/molecule.yml

@@ -0,0 +1,19 @@
+---
+
+platforms:
+  - name: ubuntu-22.04
+    image: dokken/ubuntu-22.04
+    command: /lib/systemd/systemd
+    dockerfile: ../_shared/Dockerfile.j2
+    capabilities:
+      - SYS_ADMIN
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+
+provisioner:
+  inventory:
+    group_vars:
+      all:
+        __nginx_conf: /etc/nginx/nginx.conf

requirements.yml

@@ -0,0 +1,4 @@
+---
+
+collections:
+  - community.general

tasks/fpm.yml

@@ -22,7 +22,8 @@
     group: root
     mode: 0644
   loop: "{{ php_ini | combine(php_ini_fpm) | dict2items }}"
-  notify: restart php-fpm
+  when: php_install_fpm | bool
+  notify: Restart php-fpm
 
 - name: TEMPLATE | Deploy pool configuration
   ansible.builtin.template:
@@ -32,11 +33,14 @@
     group: root
     mode: 0644
   loop: "{{ ansible_local.hanxhx_php.fpm_pool }}"
-  notify: restart php-fpm
+  when: php_install_fpm | bool
+  notify: Restart php-fpm
 
 - name: FILE | Delete default pool if necessary
   ansible.builtin.file:
     path: "{{ php_fpm_pool_dir }}/www.conf"
     state: absent
-  when: '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool'
-  notify: restart php-fpm
+  when:
+    - '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool'
+    - php_install_fpm | bool
+  notify: Restart php-fpm

tasks/main.yml

@@ -29,10 +29,11 @@
           listen: "{{ p.listen | default(php_version | php_socket(p.name | default(p.pool_name))) }}",
           user: "{{ p.user | default(php_default_user_group) }}",
           group: "{% if p.user is defined %}{{ p.group | default(p.user) }}{% else %}{{ p.group | default(php_default_user_group) }}{% endif %}",
+          php_env: {% if p.php_env is defined %}{{ p.php_env | to_nice_json }}{% else %}{}{% endif %},
           php_value: {% if p.php_value is defined %}{{ p.php_value | to_nice_json }}{% else %}{}{% endif %},
           php_admin_value: {% if p.php_admin_value is defined %}{{ p.php_admin_value | to_nice_json }}{% else %}{}{% endif %},
           {% for k, v in p.items() | list %}
-          {% if k not in ['name', 'pool_name', 'listen', 'user', 'group', 'php_value', 'php_admin_value'] %}
+          {% if k not in ['name', 'pool_name', 'listen', 'user', 'group', 'php_env', 'php_value', 'php_admin_value'] %}
           {{ k }}: "{{ v }}"{% if not loop.last %},{% endif %}
           {% endif %}
           {% endfor %}
@@ -60,6 +61,8 @@
     group: root
     mode: 0644
   register: f
+  tags:
+    - skip_ansible_lint
 
 - name: SETUP | Gathers new facts
   ansible.builtin.setup:
@@ -76,13 +79,13 @@
     install_recommends: false
   vars:
     pkgs: "{{ php_packages + php_extra_packages | flatten }}"
-  notify: restart php-fpm
+  notify: Restart php-fpm
   when: ansible_os_family == 'Debian'
 
 - name: PKGNG | Install PHP packages
   community.general.pkgng:
     name: "{{ php_packages + php_extra_packages | flatten | join(',') }}"
-  notify: restart php-fpm
+  notify: Restart php-fpm
   when: ansible_os_family == 'FreeBSD'
 
 - name: IMPORT_TASKS | PHP-FPM
@@ -107,20 +110,16 @@
     state: started
   when: php_install_fpm and ansible_virtualization_type != 'docker'
 
-- block:
+- name: BLOCK | Ensure PHP-FPM is started if running on Docker
+  when: php_install_fpm and ansible_virtualization_type == 'docker'
+  block:
 
-    - name: COMMAND | Check if PHP-FPM is started (Docker)
+    - name: COMMAND | Check if PHP-FPM is started (Docker)  # noqa: command-instead-of-module
       ansible.builtin.command: 'service {{ php_fpm_service }} status'
-      args:
-        warn: false
       register: dps
       changed_when: false
       failed_when: false
 
-    - name: COMMAND | Ensure PHP-FPM is started (Docker)
+    - name: COMMAND | Ensure PHP-FPM is started (Docker)  # noqa: command-instead-of-module no-changed-when
       ansible.builtin.command: 'service {{ php_fpm_service }} start'
-      args:
-        warn: false
       when: dps.stdout.find('is not running') != -1
-
-  when: php_install_fpm and ansible_virtualization_type == 'docker'

tasks/opcache.yml

@@ -1,6 +1,8 @@
 ---
 
-- block:
+- name: Install opcache/apcu on Debian
+  when: ansible_os_family == 'Debian'
+  block:
 
     - name: APT | Install APCu
       ansible.builtin.apt:
@@ -12,9 +14,10 @@
         pkg: "{{ php_package_prefix }}opcache"
         install_recommends: false
 
-  when: ansible_os_family == 'Debian'
 
-- block:
+- name: Install opcache/apcu on FreeBSD
+  when: ansible_os_family == 'FreeBSD'
+  block:
 
     - name: PKGNG | Install APCu
       community.general.pkgng:
@@ -24,8 +27,6 @@
       community.general.pkgng:
         name: "{{ php_package_prefix }}opcache"
 
-  when: ansible_os_family == 'FreeBSD'
-
 - name: TEMPLATE | Configure Opcache
   ansible.builtin.template:
     src: "etc/__php__/mods-available/opcache.ini.j2"
@@ -33,7 +34,7 @@
     owner: root
     group: root
     mode: 0644
-  notify: restart php-fpm
+  notify: Restart php-fpm
 
 - name: TEMPLATE | Configure APCu
   ansible.builtin.template:
@@ -42,4 +43,4 @@
     owner: root
     group: root
     mode: 0644
-  notify: restart php-fpm
+  notify: Restart php-fpm

tasks/xdebug.yml

@@ -1,6 +1,8 @@
 ---
 
-- block:
+- name: BLOCK | Uninstall xdebug
+  when: php_install_xdebug
+  block:
 
     - name: APT | Install xdebug
       ansible.builtin.apt:
@@ -22,11 +24,12 @@
         dest: "{{ php_mods_dir }}/xdebug.ini"
         owner: root
         mode: 0644
-      notify: restart php-fpm
+      notify: Restart php-fpm
 
-  when: php_install_xdebug
 
-- block:
+- name: BLOCK | Uninstall xdebug
+  when: not php_install_xdebug
+  block:
 
     - name: APT | Uninstall xdebug
       ansible.builtin.apt:
@@ -39,5 +42,3 @@
         name: "{{ php_xdebug_package }}"
         state: absent
       when: ansible_os_family == 'FreeBSD'
-
-  when: not php_install_xdebug

templates/etc/__php__/fpm/pool.d/pool.conf.j2

@@ -421,10 +421,19 @@ catch_workers_output = {{ item.catch_workers_output | default('no') }}
 ;php_admin_value[error_log] = /var/log/fpm-php.www.log
 ;php_admin_flag[log_errors] = on
 ;php_admin_value[memory_limit] = 32M
+{% if item.php_env is defined %}
+{% for k, v in item.php_env.items() | list %}
+env[{{ k }}] = {{ v }}
+{% endfor %}
+{% endif %}
+{% if item.php_value is defined %}
 {% for k, v in item.php_value.items() | list %}
 php_value[{{ k }}] = {{ v }}
 {% endfor %}
+{% endif %}
+{% if item.php_admin_value is defined %}
 {% for k, v in item.php_admin_value.items() | list %}
 php_admin_value[{{ k }}] = {{ v }}
 {% endfor %}
+{% endif %}
 ; vim:filetype=dosini

tests/includes/pre_Debian.yml

@@ -19,6 +19,6 @@
       - nginx
       - vim
 
-- name: INCLUDE_TASKS | Sury
+- name: INCLUDE_TASKS | Sury (only if a specific php_version is defined)
   ansible.builtin.include_tasks: Debian/sury.yml
-  when: php_version != php_default_version
+  when: php_version is defined

tests/templates/nginx.conf.j2

@@ -2,7 +2,7 @@ events {
     worker_connections  1024;
 }
 
-user {{ php_default_user_group }};
+user root;
 
 http {
     include       mime.types;

tests/test.yml

@@ -1,6 +1,7 @@
 ---
 
 - hosts: all
+  name: Test all
   vars:
     vhost: 'test.local'
     php_extra_packages:
@@ -24,6 +25,8 @@
         ping_response: 'ok'
       - name: 'test_ansible2'
         user: 'foo'
+        php_env:
+          foo: bar
         php_value:
           display_errors: 'Off'
         php_admin_value:
@@ -46,24 +49,24 @@
     - name: TEMPLATE | Nginx site config
       ansible.builtin.template:
         src: "templates/nginx.conf.j2"
-        dest: "{{ __nginx_conf  }}"
+        dest: "{{ __nginx_conf }}"
         mode: 0644
         owner: root
         group: root
-      notify: reload nginx
+      notify: Reload nginx
 
     - name: COMMAND | Fix nginx config
       ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
       args:
         creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
-      notify: reload nginx
+      notify: Reload nginx
 
     - name: LINEINFILE | Fix nginx config (second step)
       ansible.builtin.lineinfile:
         regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
         line: "fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;"
         dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
-      notify: reload nginx
+      notify: Reload nginx
 
     - name: SERVICE | Ensure nginx is started
       ansible.builtin.service:
@@ -71,37 +74,31 @@
         state: started
       when: ansible_virtualization_type != 'docker'
 
-    - block:
+    - name: Start nginx if testing with Docker
+      when: ansible_virtualization_type == 'docker'
+      block:
 
-        - name: COMMAND | Docker nginx status
+        - name: COMMAND | Docker nginx status  # noqa: command-instead-of-module
           ansible.builtin.command: service nginx status
-          args:
-            warn: false
           changed_when: false
           failed_when: false
           register: ngs
 
-        - name: COMMAND | Docker start nginx
+        - name: COMMAND | Docker start nginx  # noqa: command-instead-of-module no-changed-when
           ansible.builtin.command: service nginx start
-          args:
-            warn: false
           when: ngs.stdout.find('nginx is not running') != -1
 
-      when: ansible_virtualization_type == 'docker'
-
   handlers:
 
-    - name: reload nginx
+    - name: Reload nginx
       ansible.builtin.service:
         name: nginx
         state: reloaded
-      notify: docker reload nginx
+      notify: Docker reload nginx
 
-    - name: docker reload nginx
+    - name: Docker reload nginx  # noqa: command-instead-of-module no-changed-when
       ansible.builtin.command: service nginx reload
-      args:
-        warn: false
-      notify: docker reload nginx
+      notify: Docker reload nginx
       when: ansible_virtualization_type == 'docker'
 
   roles:
@@ -144,16 +141,13 @@
     - name: SHELL | Check vhost
       ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
       args:
-        warn: false
         executable: /bin/bash
       changed_when: false
       register: c
       failed_when: c.stdout == ''
 
-    - name: SHELL | Check custom php value
+    - name: SHELL | Check custom php value  # noqa: command-instead-of-module
       ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
-      args:
-        warn: false
       changed_when: false
       register: c
       failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
@@ -168,7 +162,9 @@
         url: "http://localhost{{ php_fpm_poold.0.status_path }}"
       when: php_fpm_poold.0.status_path is defined
 
-    - block:
+    - name: Debian extra checks
+      when: ansible_os_family == 'Debian'
+      block:
 
         - name: SHELL | Check if we installed multiple PHP versions
           ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
@@ -183,5 +179,3 @@
           ansible.builtin.fail:
             msg: "Multiple PHP versions detected"
           when: check_multiple_php.stdout != '1'
-
-      when: ansible_os_family == 'Debian'

vars/Debian-bookworm.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '8.2'

vars/Debian-stretch.yml

@@ -1,3 +0,0 @@
----
-
-php_default_version: '7.0'

vars/Ubuntu-focal.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '7.4'

vars/Ubuntu-jammy.yml

@@ -0,0 +1,3 @@
+---
+
+php_default_version: '8.1'