From 315d58d5b10ebe88987ade76f57f7419b22f6010 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Tue, 21 Feb 2023 15:46:53 +0000
Subject: [PATCH] include .conf files and file BOF and EOF lines
---
defaults/main.yml | 95 +++++++++++++++++++++++++++++++----
tasks/conf.yml | 4 +-
tasks/file_edited.yml | 29 ++++++++---
tasks/file_section_edited.yml | 2 +-
templates/php.j2 | 4 +-
5 files changed, 115 insertions(+), 19 deletions(-)
diff --git a/defaults/main.yml b/defaults/main.yml
index 4e0bece..b7db209 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -93,12 +93,24 @@ php_config:
upload_max_filesize: "512M"
Session:
"session.save_path": "${TMPDIR}"
- - name: PHP 8.0 configuration
- version: "8.0"
+ - name: PHP 8.2 FPM www pool configuration
+ path: /etc/php/8.2/fpm/pool.d/www.conf
+ state: edited
+ conf:
+ www:
+ pm: dynamic
+ "pm.max_children": "4"
+ "pm.max_requests": "1000"
+ "pm.max_spare_servers": "1"
+ "pm.min_spare_servers": "1"
+ "pm.process_idle_timeout": "10s"
+ "pm.start_servers": "1"
+ - name: PHP 8.1 configuration
+ version: "8.1"
state: present
files:
- - name: PHP 8.0 FPM configuration
- path: /etc/php/8.0/fpm/php.ini
+ - name: PHP 8.1 FPM configuration
+ path: /etc/php/8.1/fpm/php.ini
state: edited
conf:
apc:
@@ -134,18 +146,71 @@ php_config:
upload_max_filesize: "512M"
Session:
"session.save_path": "${TMPDIR}"
- - name: PHP 8.1 configuration
- version: "8.1"
+ - name: PHP 8.1 FPM www pool configuration
+ path: /etc/php/8.1/fpm/pool.d/www.conf
+ state: edited
+ conf:
+ www:
+ pm: dynamic
+ "pm.max_children": "4"
+ "pm.max_requests": "1000"
+ "pm.max_spare_servers": "1"
+ "pm.min_spare_servers": "1"
+ "pm.process_idle_timeout": "10s"
+ "pm.start_servers": "1"
+ - name: PHP 8.0 configuration
+ version: "8.0"
state: present
files:
- - name: PHP 8.1 FPM configuration
- path: /etc/php/8.1/fpm/php.ini
+ - name: PHP 8.0 FPM configuration
+ path: /etc/php/8.0/fpm/php.ini
state: edited
conf:
+ apc:
+ "apc.enabled": "1"
+ "apc.shm_size": "32M"
+ Date:
+ "date.timezone": "Europe/London"
+ MySQLi:
+ "mysqli.allow_local_infile": "Off"
+ opcache:
+ "opcache.enable": "1"
+ "opcache.interned_strings_buffer": "32"
+ "opcache.max_accelerated_files": "100000"
+ "opcache.memory_consumption": "1024"
+ "opcache.revalidate_freq": "2"
+ "opcache.use_cwd": "1"
+ "opcache.validate_permission": "1"
+ "opcache.validate_root": "1"
+ "opcache.validate_timestamps": "1"
PHP:
- max_execution_time: "120"
+ allow_url_include: "Off"
+ default_socket_timeout: "600"
+ disable_functions: "chgrp,chown,dl,exec,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,popen,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,show_source,socket_create,symlink,system,system_exec"
+ max_file_uploads: "60"
+ max_execution_time: "600"
+ max_input_nesting_level: "512"
max_input_time: "600"
+ max_input_vars: "100000"
memory_limit: "512M"
+ output_buffering: "4096"
+ post_max_size: "512M"
+ short_open_tag: "Off"
+ upload_max_filesize: "512M"
+ Session:
+ "session.save_path": "${TMPDIR}"
+ - name: PHP 8.0 FPM www pool configuration
+ path: /etc/php/8.0/fpm/pool.d/www.conf
+ state: edited
+ conf:
+ www:
+ pm: dynamic
+ "pm.max_children": "4"
+ "pm.max_requests": "1000"
+ "pm.max_spare_servers": "1"
+ "pm.min_spare_servers": "1"
+ "pm.process_idle_timeout": "10s"
+ "pm.start_servers": "1"
- name: PHP 7.4 configuration
version: "7.4"
state: present
@@ -187,6 +252,18 @@ php_config:
upload_max_filesize: "512M"
Session:
"session.save_path": "${TMPDIR}"
+ - name: PHP 7.4 FPM www pool configuration
+ path: /etc/php/7.4/fpm/pool.d/www.conf
+ state: edited
+ conf:
+ www:
+ pm: dynamic
+ "pm.max_children": "4"
+ "pm.max_requests": "1000"
+ "pm.max_spare_servers": "1"
+ "pm.min_spare_servers": "1"
+ "pm.process_idle_timeout": "10s"
+ "pm.start_servers": "1"
# - name: PHP 7.3 configuration
# version: "7.3"
# state: present
diff --git a/tasks/conf.yml b/tasks/conf.yml
index 8a28b04..68a50d6 100644
--- a/tasks/conf.yml
+++ b/tasks/conf.yml
@@ -51,7 +51,9 @@
paths: /etc/php
file_type: file
recurse: true
- patterns: '*.ini'
+ patterns:
+ - '*.conf'
+ - '*.ini'
register: php_etc_php_find_files
- name: Debug existing PHP configuration files
diff --git a/tasks/file_edited.yml b/tasks/file_edited.yml
index 6040d12..95b3cb6 100644
--- a/tasks/file_edited.yml
+++ b/tasks/file_edited.yml
@@ -78,14 +78,11 @@
src: "{{ php_conf_file }}"
dest: "{{ php_conf_file_backup }}"
remote_src: true
- mode: 0644
+ mode: "0644"
owner: root
group: root
changed_when: false
- # TODO Use the community.general.dependent lookup to replace the looped include and the loop in the included file...
- # https://docs.ansible.com/ansible/latest/collections/community/general/dependent_lookup.html
-
- name: Include the PHP configuration file section edited tasks
ansible.builtin.include_tasks: file_section_edited.yml
loop: "{{ php_conf_file_proposed_vars | dict2items }}"
@@ -93,6 +90,26 @@
loop_var: php_conf_section
when: php_conf_file_proposed_vars.keys() | length != 0
+ - name: Ansible managed comment present at the top of the file
+ ansible.builtin.lineinfile:
+ path: "{{ php_conf_file }}"
+ line: "; Ansible managed"
+ state: present
+ insertbefore: BOF
+ mode: "0644"
+ owner: root
+ group: root
+
+ - name: Vim syntaxhighlighting modeline present at the end of the file
+ ansible.builtin.lineinfile:
+ path: "{{ php_conf_file }}"
+ line: "; vim: syntax=dosini"
+ state: present
+ insertafter: EOF
+ mode: "0644"
+ owner: root
+ group: root
+
- name: Test and reload PHP configuration file when file is in a FPM directory
block:
@@ -115,7 +132,7 @@
src: "{{ php_conf_file }}"
dest: "{{ php_conf_file_backup }}.broken"
remote_src: true
- mode: 0644
+ mode: "0644"
owner: root
group: root
@@ -124,7 +141,7 @@
src: "{{ php_conf_file_backup }}"
dest: "{{ php_conf_file }}"
remote_src: true
- mode: 0644
+ mode: "0644"
owner: root
group: root
diff --git a/tasks/file_section_edited.yml b/tasks/file_section_edited.yml
index 78f7bbd..85ecd71 100644
--- a/tasks/file_section_edited.yml
+++ b/tasks/file_section_edited.yml
@@ -46,7 +46,7 @@
loop_var: php_conf_variable_pair
register: php_conf_file_comments_edited
- - name: Systemd unit file edited
+ - name: PHP configuration file edited
community.general.ini_file:
path: "{{ php_conf_file }}"
section: "{{ php_conf_section.key }}"
diff --git a/templates/php.j2 b/templates/php.j2
index f5e1df0..d4ddb3a 100644
--- a/templates/php.j2
+++ b/templates/php.j2
@@ -1,4 +1,4 @@
-# {{ ansible_managed }}
+; {{ ansible_managed }}
{% for php_section in php_conf_file_proposed_vars | dict2items %}
[{{ php_section.key }}]
@@ -7,4 +7,4 @@
{% endfor %}
{% endfor %}
-# vim: ft=systemd:
+; vim: syntax=dosini
--
GitLab