radityo
/
ansible-php
mirror of https://github.com/HanXHX/ansible-php.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: radityo:f6652efe778a977fb9595ec0c7b5ee67c8eaf231
Branches Tags
radityo:master
radityo:modernize
radityo:improvements/misc
radityo:fix_lint
radityo:new_release
radityo:improve
radityo:freebsd
radityo:2.8.0
radityo:2.7.0
radityo:2.6.3
radityo:2.6.2
radityo:2.6.1
radityo:2.6.0
radityo:2.5.1
radityo:2.5.0
radityo:2.4.0
radityo:2.3
radityo:2.3.0
radityo:2.2
radityo:2.1
radityo:2.0.2
radityo:2.0.1
radityo:2.0
radityo:1.0
...
compare: radityo:2723adf57407efd85f6a6d9fdc4b6c54ffbbbd14
Branches Tags
radityo:master
radityo:modernize
radityo:improvements/misc
radityo:fix_lint
radityo:new_release
radityo:improve
radityo:freebsd
radityo:2.8.0
radityo:2.7.0
radityo:2.6.3
radityo:2.6.2
radityo:2.6.1
radityo:2.6.0
radityo:2.5.1
radityo:2.5.0
radityo:2.4.0
radityo:2.3
radityo:2.3.0
radityo:2.2
radityo:2.1
radityo:2.0.2
radityo:2.0.1
radityo:2.0
radityo:1.0

5 Commits
f6652efe77 ... 2723adf574

Author SHA1 Message Date
Emilien Mantel 2723adf574 🔧 Change namespace name 2025-06-02 13:02:51 +02:00
Emilien Mantel 4aeea704d5 🎨 Fix warnings in Ansible Galaxy 2025-06-02 13:01:43 +02:00
Emilien M 4615168559
Merge pull request #22 from HanXHX/modernize 
Modernize and add CI
 2025-06-02 12:43:00 +02:00
Emilien Mantel 1e4edc9ed4 Merge branch 'master' into modernize 2025-06-02 12:28:43 +02:00
Emilien Mantel b0834f9a1a ⚗️ Modernize and add CI 2025-06-02 12:09:08 +02:00
43 changed files with 292 additions and 691 deletions
Show Stats Expand all files Collapse all files

8
.ansible-lint
View File

@ -1,8 +0,0 @@
---
# TODO: enable later
enable_list:
- fqcn-builtins
skip_list:
- role-name

12
.config/ansible-lint.yml 100644
View File

@ -0,0 +1,12 @@
---
profile: production
warn_list: []
skip_list: []
exclude_paths:
- .github/
- .venv/
- venv/

0
.github/workflows/galaxy.yml → .github/workflows/ansible-galaxy.yml vendored
View File

10
.github/workflows/ci.yml vendored
View File

@ -31,13 +31,9 @@ jobs:
ansible-lint:
name: Ansible Lint
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- name: Fetch code
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint-action@v6.15.0
uses: ansible/ansible-lint@main

16
.github/workflows/molecule.yml vendored
View File

@ -1,4 +1,5 @@
---
name: Molecule
'on':
@ -14,12 +15,16 @@ jobs:
fail-fast: false
matrix:
scenario:
- debian-10
- debian-11
- debian-12
- ubuntu-18.04
- ubuntu-20.04
- ubuntu-22.04
- ubuntu-24.04
allowed-to-fail:
- false
include:
- scenario: debian-13
allowed-to-fail: true
steps:
- name: Checkout
@ -28,8 +33,11 @@ jobs:
path: "${{ github.repository }}"
- name: Molecule
uses: gofrolist/molecule-action@v2.3.19
uses: gofrolist/molecule-action@v2.7.62
with:
molecule_options: --base-config molecule/_shared/base.yml
molecule_args: --scenario-name ${{ matrix.scenario }}
molecule_working_dir: "HanXHX/ansible-php"
continue-on-error: ${{ matrix.allowed-to-fail }}
- name: Fake command
run: echo "End of job"

4
.gitignore vendored
View File

@ -1,7 +1,9 @@
.vagrant*
*.swp
*.retry
*.log
/filter_plugins/*.pyc
/filter_plugins/__pycache__
/.idea
/.venv
/venv
/.ansible

2
.yamllint.yml
View File

@ -4,3 +4,5 @@ extends: default
rules:
line-length: disable
ignore-from-file: .gitignore

45
README.md
View File

@ -1,22 +1,14 @@
Ansible PHP (+FPM) role for Debian / Ubuntu / FreeBSD
=====================================================
Ansible PHP (+FPM) role for Debian / Ubuntu
===========================================
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-hanxhx.php-blue.svg)](https://galaxy.ansible.com/hanxhx.php) ![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-php/molecule.yml?branch=master)
Install PHP on Debian / Ubuntu / FreeBSD. Manage PHP-FPM, APCu, Opcache and Xdebug.
Install PHP on Debian / Ubuntu. Manage PHP-FPM, APCu, Opcache and Xdebug.
Managed OS / Versions
---------------------
On all Debian versions, you can install all PHP versions by using [Sury's APT repository](https://deb.sury.org/).
Other cases:
| OS | PHP 7.0 | PHP 7.1 | PHP 7.2 | PHP 7.3 | PHP >= 7.4 |
|:---------------------:|:-------------------:|:--------------------:|:--------------------:|:--------------------:|:--------------------:
| Ubuntu Bionic (18.04) | :x: | :x: | :heavy_check_mark: | :x: | :x: |
| FreeBSD 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Need tests... |
| FreeBSD 12 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | Need tests... |
On all Debian versions, you can install all PHP versions (from PHP 5.6 to latest version) by using [Sury's APT repository](https://deb.sury.org/).
Links:
- [Sury](https://deb.sury.org/)
@ -28,13 +20,6 @@ Requirements
- Collections: [community.general](https://galaxy.ansible.com/community/general)
- If you need PHP-FPM, you must install a webserver with FastCGI support. You can use my [nginx role](https://github.com/HanXHX/ansible-nginx).
FreeBSD limitations
-------------------
- It doesn't split ini file for FPM/CLI. It's hardcoded as `/usr/local/etc/php.ini`.
- It can't manage multiple PHP versions at the time (like legacy Debian versions)
- You must explicitely set xdebug package name (use `pkg search xdebug` to find the good one)
Role Variables
--------------
@ -42,7 +27,7 @@ You should look at [default vars](defaults/main.yml).
### Writable vars
- `php_version`: 7.3, 7.4... depending OS (see above)
- `php_version`: 7.3, 7.4... depending on OS
- `php_install_fpm`: boolean, install and manage php-fpm (default is true)
- `php_install_xdebug`: boolean, install [Xdebug](http://xdebug.org)
- `php_extra_packages`: additional php packages to install (default is an empty list).
@ -159,16 +144,20 @@ Example Playbook
### Simple Playbook
- hosts: servers
roles:
- { role: hanxhx.php }
```yaml
- hosts: servers
roles:
- { role: HanXHX.php }
```
### Debian Bullseye with PHP 8.0 CLI (no FPM)
- hosts: servers
roles:
- { role: HanXHX.sury }
- { role: hanxhx.php, php_version: '8.0', php_install_fpm: false }
```yaml
- hosts: servers
roles:
- { role: HanXHX.sury }
- { role: HanXHX.php, php_version: '8.0', php_install_fpm: false }
```
License
-------
@ -185,7 +174,7 @@ If this code helped you, or if youve used them for your projects, feel free t
- Litecoin: `LeNDw34zQLX84VvhCGADNvHMEgb5QyFXyD`
- Monero: `45wbf7VdQAZS5EWUrPhen7Wo4hy7Pa7c7ZBdaWQSRowtd3CZ5vpVw5nTPphTuqVQrnYZC72FXDYyfP31uJmfSQ6qRXFy3bQ`
No crypto-currency? :star: the project is also a way of saying thank you! :sunglasses:
No cryptocurrency? :star: the project is also a way of saying thank you! :sunglasses:
Author Information
------------------

87
Vagrantfile vendored
View File

@ -1,87 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# vi: set tabstop=2 :
# vi: set shiftwidth=2 :
Vagrant.configure("2") do |config|
vms_debian = [
{ :name => "debian-buster-php73", :box => "debian/buster64", :vars => { }},
{ :name => "debian-buster-php74", :box => "debian/buster64", :vars => { "php_version": '7.4' }},
{ :name => "debian-bullseye-php74", :box => "debian/bullseye64", :vars => { }},
{ :name => "debian-bullseye-php80", :box => "debian/bullseye64", :vars => { "php_version": '8.0' }},
{ :name => "ubuntu-bionic-php72", :box => "ubuntu/bionic64", :vars => { }},
]
vms_freebsd = [
{ :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE", :vars => {} },
{ :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} }
]
conts = [
{ :name => "docker-debian-buster-php73", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { }},
{ :name => "docker-debian-buster-php74", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { "php_version": '7.4' }},
{ :name => "docker-debian-bullseye-php74", :docker => "hanxhx/vagrant-ansible:debian11", :vars => { }},
{ :name => "docker-debian-bullseye-php80", :docker => "hanxhx/vagrant-ansible:debian11", :vars => { "php_version": '8.0' }},
{ :name => "docker-ubuntu-bionic-php72", :docker => "hanxhx/vagrant-ansible:ubuntu18.04", :vars => { }},
]
config.vm.network "private_network", type: "dhcp"
conts.each do |opts|
config.vm.define opts[:name] do |m|
m.vm.provider "docker" do |d|
d.image = opts[:docker]
d.remains_running = true
d.has_ssh = true
end
#m.vm.provision "shell", inline: "apt-get update && apt-get install -y python python-apt"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars]
end
end
end
vms_debian.each do |opts|
config.vm.define opts[:name] do |m|
m.vm.box = opts[:box]
m.vm.provider "virtualbox" do |v|
v.cpus = 1
v.memory = 256
end
m.vm.provision "shell", inline: "apt-get update && apt-get install -y ifupdown python"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars]
end
end
end
vms_freebsd.each do |opts|
config.vm.synced_folder ".", "/vagrant", disabled: true
config.vm.base_mac = "080027D14C66"
config.vm.define opts[:name] do |m|
m.vm.box = opts[:box]
m.vm.provider "virtualbox" do |v, override|
override.ssh.shell = "csh"
v.cpus = 2
v.memory = 512
end
m.vm.provision "shell", inline: "pkg install -y python bash"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
ansible.become = true
ansible.extra_vars = opts[:vars].merge({ "ansible_python_interpreter": '/usr/local/bin/python' })
end
end
end
end

5
handlers/main.yml
View File

@ -5,8 +5,3 @@
name: '{{ php_fpm_service }}'
state: restarted
when: php_install_fpm
notify: Docker restart php-fpm
- name: Docker restart php-fpm # noqa: command-instead-of-module no-changed-when
ansible.builtin.command: 'service {{ php_fpm_service }} restart'
when: ansible_virtualization_type == 'docker'

17
meta/main.yml
View File

@ -1,26 +1,23 @@
---
galaxy_info:
author: Emilien Mantel
namespace: HanXHX
role_name: php
namespace: hanxhx
description: Install and configure PHP 7.x/8.x
company: TripleStack
license: GPLv2
min_ansible_version: '2.11'
min_ansible_version: "2.18"
platforms:
- name: Debian
versions:
- buster
- bullseye
- bookworm
- trixie
- name: Ubuntu
versions:
- bionic
- name: FreeBSD
versions:
- '11.0'
- '11.1'
- '12.0'
- focal
- jammy
- noble
galaxy_tags:
- development
- web
@ -30,6 +27,4 @@ galaxy_info:
- php8
- debian
- ubuntu
- freebsd
dependencies: []

8
molecule/_shared/base.yml
View File

@ -13,12 +13,15 @@ scenario:
dependency:
name: galaxy
options:
requirements-file: ../../requirements.yml
requirements-file: ./molecule/_shared/requirements.yml
role-file: ./molecule/_shared/requirements.yml
driver:
name: docker
role_name_check: 1
provisioner:
name: ansible
env:
ANSIBLE_FILTER_PLUGINS: "../../filter_plugins"
config_options:
defaults:
deprecation_warnings: false
@ -32,5 +35,8 @@ provisioner:
converge: ../_shared/converge.yml
prepare: ../_shared/prepare.yml
verify: ../_shared/verify.yml
inventory:
links:
group_vars: ../_shared/group_vars
verifier:
name: ansible

34
molecule/_shared/converge.yml
View File

@ -1,25 +1,41 @@
---
- name: Converge
- name: Converge # noqa: role-name[path]
hosts: all
gather_facts: true
roles:
- ../../../
handlers:
- name: Reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
tasks:
- name: Include role
ansible.builtin.include_role:
name: "hanxhx.php"
vars:
__nginx_conf: /etc/nginx/nginx.conf
post_tasks:
- name: TEMPLATE | Nginx site config
ansible.builtin.template:
src: "../../tests/templates/nginx.conf.j2"
src: "templates/nginx.conf.j2"
dest: "{{ __nginx_conf }}"
mode: 0644
mode: "0644"
owner: root
group: root
notify: Reload nginx
vars_files:
- vars/misc.yml
- name: COMMAND | Fix nginx config
ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
args:
creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: LINEINFILE | Fix nginx config (second step)
ansible.builtin.lineinfile:
regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;"
dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: SERVICE | Ensure Nginx is started
ansible.builtin.service:
name: nginx
state: started

16
molecule/_shared/vars/misc.yml → molecule/_shared/group_vars/all/main.yml
View File

@ -1,20 +1,21 @@
---
# Force SysVinit, since systemd won't work in a Docker container
ansible_service_mgr: "sysvinit"
# ----------------------------------------
# Copied from {role_dir}/tests/test.yml
# ----------------------------------------
vhost: 'test.local'
php_version: null
php_extra_packages:
- '{{ php_package_prefix }}pgsql'
php_install_xdebug: true
php_autoremove_default_pool: true
php_ini_fpm:
display_errors: 'Off'
php_ini_cli:
error_reporting: 'E_ALL'
php_fpm_poold:
- pool_name: 'test_ansible'
listen: '/run/php/php-ansible1.sock'
@ -26,10 +27,9 @@ php_fpm_poold:
status_path: '/status'
ping_path: '/ping'
ping_response: 'ok'
- name: 'test_ansible2'
user: 'foo'
php_env:
foo: bar
php_value:
display_errors: 'Off'
php_admin_value:

80
molecule/_shared/prepare.yml
View File

@ -3,19 +3,35 @@
- name: Prepare
hosts: all
gather_facts: true
vars_files:
- vars/misc.yml
handlers:
- name: Reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
tasks:
- name: APT | Install packages
ansible.builtin.apt:
pkg: "{{ p }}"
update_cache: true
cache_valid_time: 3600
vars:
p:
- apt-transport-https
- ca-certificates
- curl
- gpg
- lsb-release
- nginx
- vim
- name: INCLUDE_TASKS | Pre tasks related to OS
ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml"
- name: BLOCK | Setup Sury on Debian
when:
- php_version is not none
- php_version != php_default_version
- ansible_distribution == 'Debian'
block:
- name: APT | Install Sury key
ansible.builtin.apt_key:
url: 'https://packages.sury.org/php/apt.gpg'
- name: APT_REPOSITORY | Add Sury repository
ansible.builtin.apt_repository:
repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
- name: USER | Create PHP user
ansible.builtin.user:
@ -23,45 +39,3 @@
system: true
create_home: false
shell: '/usr/sbin/nologin'
- name: COMMAND | Fix nginx config
ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
args:
creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: LINEINFILE | Fix nginx config (second step)
ansible.builtin.lineinfile:
regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;"
dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: SERVICE | Ensure nginx is started
ansible.builtin.service:
name: nginx
state: started
- name: FILE | Create /var/www
ansible.builtin.file:
dest: /var/www
state: directory
owner: root
group: root
mode: 0755
- name: COPY | Add phpinfo
ansible.builtin.copy:
dest: /var/www/phpinfo.php
content: '<?php phpinfo();'
owner: root
group: root
mode: 0644
- name: COPY | Add ini test file
ansible.builtin.copy:
dest: /var/www/ini.php
content: '<?php echo ini_get("memory_limit") . "\n";'
owner: root
group: root
mode: 0644

4
molecule/_shared/requirements.yml 100644
View File

@ -0,0 +1,4 @@
---
collections:
- community.general

16
molecule/_shared/templates/custom_template.conf.j2 100644
View File

@ -0,0 +1,16 @@
# {{ ansible_managed }} - custom template
server {
listen 80;
listen 8888 http2;
listen 9999 http2 proxy_protocol;
server_name {{ item.name }};
index index.html index.htm;
root {{ item.root }};
location / {
try_files $uri $uri/ =404;
}
}

8
tests/templates/nginx.conf.j2 → molecule/_shared/templates/nginx.conf.j2
View File

@ -1,8 +1,12 @@
events {
worker_connections 1024;
worker_connections 512;
multi_accept on;
use epoll;
}
user root;
user www-data;
worker_processes 1;
pid /run/nginx.pid;
http {
include mime.types;

86
molecule/_shared/verify.yml
View File

@ -3,42 +3,49 @@
- name: Verify
hosts: all
gather_facts: true
vars_files:
- vars/misc.yml
vars:
nginx_root: "/srv/www"
tasks:
- name: COMMAND | Test php-cli
ansible.builtin.command: php -v
- name: SHELL | Test php-cli
ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ ansible_local.hanxhx_php.php_version }}' | head -n 1
changed_when: false
register: p
failed_when: p.stdout == ''
args:
executable: /bin/bash
- name: FILE | Create /var/www
ansible.builtin.file:
dest: /var/www
state: directory
owner: root
group: root
mode: "0755"
- name: COPY | Add phpinfo
ansible.builtin.copy:
dest: /var/www/phpinfo.php
content: '<?php phpinfo();'
owner: root
group: root
mode: "0644"
- name: COPY | Add ini test file
ansible.builtin.copy:
dest: /var/www/ini.php
content: '<?php echo ini_get("memory_limit") . "\n";'
owner: root
group: root
mode: "0644"
- name: SHELL | Check vhost
ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep 'PHP Version'"
ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ ansible_local.hanxhx_php.php_version }}' | sed -r 's/<//g'"
args:
executable: /bin/bash
changed_when: false
register: c
failed_when: c.stdout == ''
- name: BLOCK | Test explicit version
when: php_version is defined
block:
- name: SHELL | Test php-cli (explicit version)
ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
changed_when: false
register: p
failed_when: p.stdout == ''
args:
executable: /bin/bash
- name: SHELL | Check vhost
ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
args:
executable: /bin/bash
changed_when: false
register: c
failed_when: c.stdout == ''
- name: SHELL | Check custom php value # noqa: command-instead-of-module
ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
changed_when: false
@ -55,20 +62,15 @@
url: "http://localhost{{ php_fpm_poold.0.status_path }}"
when: php_fpm_poold.0.status_path is defined
- name: Debian extra checks
when: ansible_os_family == 'Debian'
block:
- name: SHELL | Check if we installed multiple PHP versions
ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
args:
executable: /bin/bash
failed_when: false
changed_when: false
register: check_multiple_php
- name: SHELL | Check if we installed multiple PHP versions
ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
args:
executable: /bin/bash
failed_when: false
changed_when: false
register: check_multiple_php
- name: FAIL | If we have multiple PHP version
ansible.builtin.fail:
msg: "Multiple PHP versions detected"
when: check_multiple_php.stdout != '1'
- name: FAIL | If we have multiple PHP version
ansible.builtin.fail:
msg: "Multiple PHP versions detected"
when: check_multiple_php.stdout != '1'

32
molecule/debian-10/molecule.yml
View File

@ -1,32 +0,0 @@
---
platforms:
- name: debian-10
image: dokken/debian-10
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true
- name: debian-10-php-7.4
image: dokken/debian-10
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true
provisioner:
inventory:
group_vars:
all:
__nginx_conf: /etc/nginx/nginx.conf
host_vars:
debian-10-php-7.4:
php_version: '7.4'

19
molecule/debian-11/molecule.yml
View File

@ -11,22 +11,3 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true
- name: debian-11-php-8.0
image: dokken/debian-11
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true
provisioner:
inventory:
group_vars:
all:
__nginx_conf: /etc/nginx/nginx.conf
host_vars:
debian-11-php-8.0:
php_version: '8.0'

6
molecule/debian-12/molecule.yml
View File

@ -11,9 +11,3 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true
provisioner:
inventory:
group_vars:
all:
__nginx_conf: /etc/nginx/nginx.conf

10
molecule/ubuntu-18.04/molecule.yml → molecule/debian-13/molecule.yml
View File

@ -1,8 +1,8 @@
---
platforms:
- name: ubuntu-18.04
image: dokken/ubuntu-18.04
- name: debian-12
image: dokken/debian-13
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
@ -11,9 +11,3 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true
provisioner:
inventory:
group_vars:
all:
__nginx_conf: /etc/nginx/nginx.conf

6
molecule/ubuntu-20.04/molecule.yml
View File

@ -11,9 +11,3 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true
provisioner:
inventory:
group_vars:
all:
__nginx_conf: /etc/nginx/nginx.conf

6
molecule/ubuntu-22.04/molecule.yml
View File

@ -11,9 +11,3 @@ platforms:
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true
provisioner:
inventory:
group_vars:
all:
__nginx_conf: /etc/nginx/nginx.conf

13
molecule/ubuntu-24.04/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-24.04
image: dokken/ubuntu-24.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

49
requirements.txt 100644
View File

@ -0,0 +1,49 @@
ansible==11.6.0
ansible-compat==25.5.0
ansible-core==2.18.6
ansible-lint==25.5.0
attrs==25.3.0
black==25.1.0
bracex==2.5.post1
certifi==2025.4.26
cffi==1.17.1
charset-normalizer==3.4.2
click==8.2.1
click-help-colors==0.9.4
cryptography==45.0.3
distro==1.9.0
docker==7.1.0
enrich==1.2.7
filelock==3.18.0
idna==3.10
importlib-metadata==8.7.0
jinja2==3.1.6
jsonschema==4.24.0
jsonschema-specifications==2025.4.1
markdown-it-py==3.0.0
markupsafe==3.0.2
mdurl==0.1.2
molecule==25.5.0
molecule-plugins==23.7.0
mypy-extensions==1.1.0
packaging==25.0
pathspec==0.12.1
platformdirs==4.3.8
pluggy==1.6.0
pycparser==2.22
pygments==2.19.1
pyyaml==6.0.2
referencing==0.36.2
requests==2.32.3
resolvelib==1.0.1
rich==14.0.0
rpds-py==0.25.1
ruamel-yaml==0.18.12
ruamel-yaml-clib==0.2.12
selinux==0.3.0
subprocess-tee==0.4.2
typing-extensions==4.13.2
urllib3==2.4.0
wcmatch==10.0
yamllint==1.37.1
zipp==3.22.0

16
tasks/fpm.yml
View File

@ -6,12 +6,6 @@
state: "{{ 'present' if php_install_fpm else 'absent' }}"
when: ansible_os_family == 'Debian'
- name: SERVICE | Enable service on FreeBSD
ansible.builtin.service:
name: "{{ php_fpm_service }}"
enabled: "{{ 'true' if php_install_fpm else 'false' }}"
when: ansible_os_family == 'FreeBSD'
- name: LINEINFILE | PHP configuration
ansible.builtin.lineinfile:
dest: '{{ php_fpm_ini }}'
@ -20,9 +14,8 @@
create: true
owner: root
group: root
mode: 0644
mode: "0644"
loop: "{{ php_ini | combine(php_ini_fpm) | dict2items }}"
when: php_install_fpm | bool
notify: Restart php-fpm
- name: TEMPLATE | Deploy pool configuration
@ -31,16 +24,13 @@
dest: '{{ php_fpm_pool_dir }}/{{ item.name }}.conf'
owner: root
group: root
mode: 0644
mode: "0644"
loop: "{{ ansible_local.hanxhx_php.fpm_pool }}"
when: php_install_fpm | bool
notify: Restart php-fpm
- name: FILE | Delete default pool if necessary
ansible.builtin.file:
path: "{{ php_fpm_pool_dir }}/www.conf"
state: absent
when:
- '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool'
- php_install_fpm | bool
when: '"www" not in (ansible_local.hanxhx_php.fpm_pool | map(attribute="name") | list) and php_autoremove_default_pool'
notify: Restart php-fpm

37
tasks/main.yml
View File

@ -19,6 +19,11 @@
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- name: SET_FACT | Prepare PHP version if not defined
ansible.builtin.set_fact:
php_version: "{{ php_default_version }}"
when: php_version is none or php_version == '' or php_version is not defined
- name: SET_FACT | Transform data
ansible.builtin.set_fact:
__php_fpm_full_pool: |
@ -51,15 +56,15 @@
state: directory
owner: root
group: root
mode: 0755
mode: "0755"
- name: COPY | Manage facts
ansible.builtin.copy:
content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }} }"
content: "{ \"fpm_pool\": {{ php_fpm_full_pool | to_nice_json }}, \"php_version\": \"{{ php_version }}\" }"
dest: /etc/ansible/facts.d/hanxhx_php.fact
owner: root
group: root
mode: 0644
mode: "0644"
register: f
tags:
- skip_ansible_lint
@ -80,13 +85,6 @@
vars:
pkgs: "{{ php_packages + php_extra_packages | flatten }}"
notify: Restart php-fpm
when: ansible_os_family == 'Debian'
- name: PKGNG | Install PHP packages
community.general.pkgng:
name: "{{ php_packages + php_extra_packages | flatten | join(',') }}"
notify: Restart php-fpm
when: ansible_os_family == 'FreeBSD'
- name: IMPORT_TASKS | PHP-FPM
ansible.builtin.import_tasks: fpm.yml
@ -104,22 +102,9 @@
- name: APT | Install and configure opcache
ansible.builtin.import_tasks: opcache.yml
- name: SERVICE | Ensure PHP-FPM is started
- name: SERVICE | Ensure PHP-FPM is started and enabled
when: php_install_fpm
ansible.builtin.service:
name: '{{ php_fpm_service }}'
state: started
when: php_install_fpm and ansible_virtualization_type != 'docker'
- name: BLOCK | Ensure PHP-FPM is started if running on Docker
when: php_install_fpm and ansible_virtualization_type == 'docker'
block:
- name: COMMAND | Check if PHP-FPM is started (Docker) # noqa: command-instead-of-module
ansible.builtin.command: 'service {{ php_fpm_service }} status'
register: dps
changed_when: false
failed_when: false
- name: COMMAND | Ensure PHP-FPM is started (Docker) # noqa: command-instead-of-module no-changed-when
ansible.builtin.command: 'service {{ php_fpm_service }} start'
when: dps.stdout.find('is not running') != -1
enabled: true

37
tasks/opcache.yml
View File

@ -1,31 +1,14 @@
---
- name: Install opcache/apcu on Debian
when: ansible_os_family == 'Debian'
block:
- name: APT | Install APCu
ansible.builtin.apt:
pkg: "{{ php_apcu_package }}"
install_recommends: false
- name: APT | Install APCu
ansible.builtin.apt:
pkg: "{{ php_apcu_package }}"
install_recommends: false
- name: APT | Install Opcache
ansible.builtin.apt:
pkg: "{{ php_package_prefix }}opcache"
install_recommends: false
- name: Install opcache/apcu on FreeBSD
when: ansible_os_family == 'FreeBSD'
block:
- name: PKGNG | Install APCu
community.general.pkgng:
name: "php{{ php_version | replace('.', '') }}-pecl-APCu"
- name: PKGNG | Install Opcache
community.general.pkgng:
name: "{{ php_package_prefix }}opcache"
- name: APT | Install Opcache
ansible.builtin.apt:
pkg: "{{ php_package_prefix }}opcache"
install_recommends: false
- name: TEMPLATE | Configure Opcache
ansible.builtin.template:
@ -33,7 +16,7 @@
dest: "{{ php_mods_dir }}/opcache.ini"
owner: root
group: root
mode: 0644
mode: "0644"
notify: Restart php-fpm
- name: TEMPLATE | Configure APCu
@ -42,5 +25,5 @@
dest: "{{ php_mods_dir }}/apcu.ini"
owner: root
group: root
mode: 0644
mode: "0644"
notify: Restart php-fpm

29
tasks/xdebug.yml
View File

@ -1,9 +1,8 @@
---
- name: BLOCK | Uninstall xdebug
- name: BLOCK | Install Xdebug
when: php_install_xdebug
block:
- name: APT | Install xdebug
ansible.builtin.apt:
pkg: "{{ php_xdebug_package }}"
@ -13,32 +12,16 @@
install_recommends: false
when: ansible_os_family == 'Debian'
- name: PKGNG | Install xdebug
community.general.pkgng:
name: "{{ php_xdebug_package }}"
when: ansible_os_family == 'FreeBSD' and php_xdebug_package is defined
- name: TEMPLATE | Deploy module configurations
ansible.builtin.template:
src: "etc/__php__/mods-available/xdebug.ini.j2"
dest: "{{ php_mods_dir }}/xdebug.ini"
owner: root
mode: 0644
mode: "0644"
notify: Restart php-fpm
- name: BLOCK | Uninstall xdebug
- name: APT | Uninstall xdebug
ansible.builtin.apt:
pkg: "{{ php_xdebug_package }}"
state: absent
when: not php_install_xdebug
block:
- name: APT | Uninstall xdebug
ansible.builtin.apt:
pkg: "{{ php_xdebug_package }}"
state: absent
when: ansible_os_family == 'Debian'
- name: PKGNG | Uninstall xdebug
community.general.pkgng:
name: "{{ php_xdebug_package }}"
state: absent
when: ansible_os_family == 'FreeBSD'

9
tests/includes/Debian/sury.yml
View File

@ -1,9 +0,0 @@
---
- name: APT | Install Sury key
ansible.builtin.apt_key:
url: 'https://packages.sury.org/php/apt.gpg'
- name: APT_REPOSITORY | Add Sury repository
ansible.builtin.apt_repository:
repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'

24
tests/includes/pre_Debian.yml
View File

@ -1,24 +0,0 @@
---
- name: SET_FACT | Prepare test vars
ansible.builtin.set_fact:
__nginx_conf: /etc/nginx/nginx.conf
- name: APT | Install packages
ansible.builtin.apt:
pkg: "{{ p }}"
update_cache: true
cache_valid_time: 3600
vars:
p:
- apt-transport-https
- ca-certificates
- curl
- gpg
- lsb-release
- nginx
- vim
- name: INCLUDE_TASKS | Sury (only if a specific php_version is defined)
ansible.builtin.include_tasks: Debian/sury.yml
when: php_version is defined

10
tests/includes/pre_FreeBSD.yml
View File

@ -1,10 +0,0 @@
---
- name: SET_FACT | Prepare test vars
ansible.builtin.set_fact:
__nginx_conf: /usr/local/etc/nginx/nginx.conf
php_xdebug_package: 'php72-pecl-xdebug-2.6.1'
- name: PKGNG | Install packages
community.general.pkgng:
name: ['curl', 'nginx']

181
tests/test.yml
View File

@ -1,181 +0,0 @@
---
- hosts: all
name: Test all
vars:
vhost: 'test.local'
php_extra_packages:
- '{{ php_package_prefix }}pgsql'
php_install_xdebug: true
php_autoremove_default_pool: true
php_ini_fpm:
display_errors: 'Off'
php_ini_cli:
error_reporting: 'E_ALL'
php_fpm_poold:
- pool_name: 'test_ansible'
listen: '/run/php/php-ansible1.sock'
pm: 'dynamic'
pm_max_children: 250
pm_start_servers: 10
pm_min_spare_servers: 10
pm_max_spare_servers: 20
status_path: '/status'
ping_path: '/ping'
ping_response: 'ok'
- name: 'test_ansible2'
user: 'foo'
php_env:
foo: bar
php_value:
display_errors: 'Off'
php_admin_value:
memory_limit: '98M'
pre_tasks:
- name: INCLUDE_TASKS | Pre tasks related to OS
ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml"
- name: USER | Create PHP user
ansible.builtin.user:
name: 'foo'
system: true
create_home: false
shell: '/usr/sbin/nologin'
tasks:
- name: TEMPLATE | Nginx site config
ansible.builtin.template:
src: "templates/nginx.conf.j2"
dest: "{{ __nginx_conf }}"
mode: 0644
owner: root
group: root
notify: Reload nginx
- name: COMMAND | Fix nginx config
ansible.builtin.command: "cp {{ __nginx_conf | dirname }}/fastcgi_params {{ __nginx_conf | dirname }}/fastcgi.conf"
args:
creates: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: LINEINFILE | Fix nginx config (second step)
ansible.builtin.lineinfile:
regexp: '^fastcgi_param\s+SCRIPT_FILENAME'
line: "fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;"
dest: "{{ __nginx_conf | dirname }}/fastcgi.conf"
notify: Reload nginx
- name: SERVICE | Ensure nginx is started
ansible.builtin.service:
name: nginx
state: started
when: ansible_virtualization_type != 'docker'
- name: Start nginx if testing with Docker
when: ansible_virtualization_type == 'docker'
block:
- name: COMMAND | Docker nginx status # noqa: command-instead-of-module
ansible.builtin.command: service nginx status
changed_when: false
failed_when: false
register: ngs
- name: COMMAND | Docker start nginx # noqa: command-instead-of-module no-changed-when
ansible.builtin.command: service nginx start
when: ngs.stdout.find('nginx is not running') != -1
handlers:
- name: Reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
notify: Docker reload nginx
- name: Docker reload nginx # noqa: command-instead-of-module no-changed-when
ansible.builtin.command: service nginx reload
notify: Docker reload nginx
when: ansible_virtualization_type == 'docker'
roles:
- ../../
post_tasks:
- name: SHELL | Test php-cli
ansible.builtin.shell: set -o pipefail && php -i | grep '^PHP Version => {{ php_version }}' | head -n 1
changed_when: false
register: p
failed_when: p.stdout == ''
args:
executable: /bin/bash
- name: FILE | Create /var/www
ansible.builtin.file:
dest: /var/www
state: directory
owner: root
group: root
mode: 0755
- name: COPY | Add phpinfo
ansible.builtin.copy:
dest: /var/www/phpinfo.php
content: '<?php phpinfo();'
owner: root
group: root
mode: 0644
- name: COPY | Add ini test file
ansible.builtin.copy:
dest: /var/www/ini.php
content: '<?php echo ini_get("memory_limit") . "\n";'
owner: root
group: root
mode: 0644
- name: SHELL | Check vhost
ansible.builtin.shell: "set -o pipefail && curl -v -H 'Host: {{ vhost }}' http://127.0.0.1/phpinfo.php 2> /dev/null | grep h1 | grep -o 'PHP Version {{ php_version }}' | sed -r 's/<//g'"
args:
executable: /bin/bash
changed_when: false
register: c
failed_when: c.stdout == ''
- name: SHELL | Check custom php value # noqa: command-instead-of-module
ansible.builtin.shell: "curl -H 'Host: {{ vhost }}' http://127.0.0.1/ini.php 2> /dev/null"
changed_when: false
register: c
failed_when: 'php_fpm_poold.1.php_admin_value.memory_limit not in c.stdout'
- name: URI | Check ping
ansible.builtin.uri:
url: "http://localhost{{ php_fpm_poold.0.ping_path }}"
when: php_fpm_poold.0.ping_path is defined
- name: URI | Check status
ansible.builtin.uri:
url: "http://localhost{{ php_fpm_poold.0.status_path }}"
when: php_fpm_poold.0.status_path is defined
- name: Debian extra checks
when: ansible_os_family == 'Debian'
block:
- name: SHELL | Check if we installed multiple PHP versions
ansible.builtin.shell: set -o pipefail && (dpkg -l | grep 'php[[:digit:]].*common' | wc -l)
args:
executable: /bin/bash
failed_when: false
changed_when: false
register: check_multiple_php
- name: FAIL | If we have multiple PHP version
ansible.builtin.fail:
msg: "Multiple PHP versions detected"
when: check_multiple_php.stdout != '1'

3
vars/Debian-buster.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.3'

3
vars/Debian-trixie.yml 100644
View File

@ -0,0 +1,3 @@
---
php_default_version: '8.4'

3
vars/FreeBSD-11.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.2'

3
vars/FreeBSD-12.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.2'

20
vars/OS_Family_FreeBSD.yml
View File

@ -1,20 +0,0 @@
---
php_packages:
- '{{ php_package_prefix }}curl'
- '{{ php_package_prefix }}gd'
- '{{ php_package_prefix }}mysqli'
- '{{ php_package_prefix }}intl'
php_package_prefix: 'php{{ php_version | replace(".", "") }}-'
php_mods_dir: '/usr/local/etc/php'
php_fpm_pool_dir: '/usr/local/etc/php-fpm.d'
php_fpm_service: 'php-fpm'
php_default_fpm_sock: '/var/run/php-fpm.sock'
php_cli_ini: '/usr/local/etc/php.ini'
php_fpm_ini: '/usr/local/etc/php.ini'
php_default_user_group: 'www'

3
vars/Ubuntu-bionic.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.2'

3
vars/Ubuntu-noble.yml 100644
View File

@ -0,0 +1,3 @@
---
php_default_version: '8.3'

3
vars/Ubuntu-xenial.yml
View File

@ -1,3 +0,0 @@
---
php_default_version: '7.0'