From 33a07e643866d478b81a9f52df8624648f6fc558 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Tue, 31 Jan 2023 16:07:44 +0000
Subject: [PATCH] WIP
---
defaults/main.yml | 8 ++++----
tasks/apt.yml | 1 +
tasks/checks.yml | 36 +++++++++++++++++++++++----------
tasks/conf.yml | 36 ++++++++++++++++++++++-----------
tasks/file_edited.yml | 16 ++++++++-------
tasks/main.yml | 47 ++++++++++++++++++++++++++++++++++++++++---
tasks/pkg.yml | 34 ++++++++++++++++---------------
vars/main.yml | 4 ++++
8 files changed, 129 insertions(+), 53 deletions(-)
diff --git a/defaults/main.yml b/defaults/main.yml
index 8280953..a0c46e0 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -103,13 +103,13 @@ php_versions:
- php8.2-opcache
- php8.2-readline
- php8.2-sqlite3
+ - php8.2-soap
- php8.2-uploadprogress
- php8.2-xml
- php8.2-xmlrpc
- php8.2-xsl
- php8.2-zip
- php-pear
- - php-soap
- name: PHP 8.1 packages
version: "8.1"
state: present
@@ -135,13 +135,13 @@ php_versions:
- php8.1-opcache
- php8.1-readline
- php8.1-sqlite3
+ - php8.1-soap
- php8.1-uploadprogress
- php8.1-xml
- php8.1-xmlrpc
- php8.1-xsl
- php8.1-zip
- php-pear
- - php-soap
- name: PHP 8.0 packages
version: "8.0"
state: present
@@ -167,13 +167,13 @@ php_versions:
- php8.0-opcache
- php8.0-readline
- php8.0-sqlite3
+ - php8.0-soap
- php8.0-uploadprogress
- php8.0-xml
- php8.0-xmlrpc
- php8.0-xsl
- php8.0-zip
- php-pear
- - php-soap
- name: PHP 7.4 packages
version: "7.4"
state: present
@@ -200,6 +200,7 @@ php_versions:
- php7.4-mysql
- php7.4-opcache
- php7.4-sqlite3
+ - php7.4-soap
- php7.4-readline
- php7.4-uploadprogress
- php7.4-xml
@@ -207,7 +208,6 @@ php_versions:
- php7.4-xsl
- php7.4-zip
- php-pear
- - php-soap
- name: PHP 7.3 packages
version: "7.3"
state: absent
diff --git a/tasks/apt.yml b/tasks/apt.yml
index f7b8f7c..c144de9 100644
--- a/tasks/apt.yml
+++ b/tasks/apt.yml
@@ -51,6 +51,7 @@
that:
- php_gpg_fingerprints_found | difference(php_gpg_fingerprints) | length == 0
- php_gpg_fingerprints | difference(php_gpg_fingerprints_found) | length == 0
+ quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
when: ( php_gpg_file.stat.exists | bool )
diff --git a/tasks/checks.yml b/tasks/checks.yml
index 7e60420..87c6c65 100644
--- a/tasks/checks.yml
+++ b/tasks/checks.yml
@@ -70,20 +70,34 @@
quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
fail_msg: "The Linux distro {{ ansible_distribution }} {{ ansible_distribution_release }} is not supported by this role"
- - name: Check the PHP versions installed
- ansible.builtin.command: /usr/sbin/phpquery -V
- check_mode: false
- changed_when: false
- register: php_phpquery_versions
+ - name: Debug PHP versions and config due to be present and absent
+ ansible.builtin.debug:
+ msg:
+ - "PHP pkgs set to be present: {% for php_v in php_ver_present %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+ - "PHP pkgs set to be absent: {% for php_v in php_ver_absent %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+ - "PHP conf set to be present: {% for php_v in php_conf_ver_present %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+ - "PHP conf set to be absent: {% for php_v in php_conf_ver_absent %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+ verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
- - name: Set a fact for the PHP versions installed
- ansible.builtin.set_fact:
- php_ver_installed: "{{ php_phpquery_versions.stdout_lines }}"
+ - name: Check that PHP packages that are set to be present match the config that is set to be present
+ ansible.builtin.debug:
+ msg: "Note that PHP pkgs set to be present: {% for php_v in php_ver_present %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} doesn't not match the PHP cfg set to be present: {% for php_v in php_conf_ver_present %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+ when: php_ver_present != php_conf_ver_present
- - name: Debug PHP versions installed
+ - name: Check that PHP packages that are set to be absent match the config that is set to be absent
ansible.builtin.debug:
- var: php_ver_installed
- verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+ msg: "Note that PHP pkgs set to be absent: {% for php_v in php_ver_absent %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} doesn't not match the PHP cfg set to be absent: {% for php_v in php_conf_ver_absent %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+ when: php_ver_absent != php_conf_ver_absent
+
+ - name: PHP config should not be removed when the packages are set to be present
+ ansible.builtin.fail:
+ msg: "PHP conf are set to be absent for {% for php_v in php_conf_ver_absent | ansible.builtin.intersect(php_ver_present) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} but the pkgs are set to be present."
+ when: php_conf_ver_absent | ansible.builtin.intersect(php_ver_present) != []
+
+ - name: PHP versions should not be configured when the packages are set to be absent
+ ansible.builtin.fail:
+ msg: "PHP conf are set to be present for {% for php_v in php_conf_ver_present | ansible.builtin.intersect(php_ver_absent) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} but the pkgs are set to be absent."
+ when: php_conf_ver_present | ansible.builtin.intersect(php_ver_absent) != []
tags:
- php
diff --git a/tasks/conf.yml b/tasks/conf.yml
index 2355451..f45228f 100644
--- a/tasks/conf.yml
+++ b/tasks/conf.yml
@@ -68,6 +68,30 @@
var: php_conf_files_existing
verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+ - name: Debug PHP configuration files set to be edited
+ ansible.builtin.debug:
+ var: php_conf_files_edited
+ verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+ - name: All files that are set to be edited need to already exist
+ ansible.builtin.debug:
+ msg: >-
+ Note that {% if ansible_check_mode | bool %}since Ansible is being run in check mode, please run with
+ '-t php_apt' install packages and then '-t php_cfg --check' to check the configiguration.{% else %}
+ the state for files that don't exist needs to be 'present' or 'templated', not 'edited'.{% endif %}
+ The following PHP conf files are set to be edited when they don't exist
+ {% for php_v in php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}.
+ when: php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) | length != 0
+
+ - name: Ensure that all files that are set to be edited already exist
+ ansible.builtin.assert:
+ that:
+ - php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) | length == 0
+ quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
+ fail_msg: >-
+ PHP configurations files that don't exist can't be edited
+ {% for php_v in php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}.
+
- name: Debug PHP configuration files which should be absent
ansible.builtin.debug:
var: php_conf_files_absent
@@ -132,18 +156,6 @@
- php_conf_dirs_create is defined
- php_conf_dirs_create != []
- - name: Debug PHP configuration files set to be edited
- ansible.builtin.debug:
- var: php_conf_files_edited
- verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
-
- - name: Ensure that all files that are set to be edited already exist
- ansible.builtin.assert:
- that:
- - php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) | length == 0
- quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
- fail_msg: "PHP configurations files that don't exist can't be edited: {{ php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) }}"
-
- name: Debug PHP configuration files set to be present
ansible.builtin.debug:
var: php_conf_files_present
diff --git a/tasks/file_edited.yml b/tasks/file_edited.yml
index 6e89054..7730eaf 100644
--- a/tasks/file_edited.yml
+++ b/tasks/file_edited.yml
@@ -94,13 +94,6 @@
loop_var: php_conf_section
when: php_conf_file_proposed_vars.keys() | length != 0
- - name: File backup absent when the PHP configuration file is unchanged
- ansible.builtin.file:
- path: "{{ php_conf_file_backup }}"
- state: absent
- changed_when: false
- when: not php_conf_file_changed | bool
-
- name: Test and reload PHP configuration file when file is in a FPM directory
block:
@@ -150,9 +143,18 @@
state: reloaded
when:
+ - php_conf_file_version in php_ver_installed
+ - php_conf_file_changed | bool
- php_conf_file_sapi is defined
- php_conf_file_sapi == "fpm"
+ - name: File backup absent when the PHP configuration file is unchanged
+ ansible.builtin.file:
+ path: "{{ php_conf_file_backup }}"
+ state: absent
+ changed_when: false
+ when: not php_conf_file_changed | bool
+
tags:
- php
- php_cfg
diff --git a/tasks/main.yml b/tasks/main.yml
index aef3e56..7c37c71 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -40,9 +40,50 @@
tags:
- php_pkg
- - name: Include PHP configuration tasks
- ansible.builtin.include_tasks: conf.yml
- when: php_config is defined
+ - name: Configure PHP
+ block:
+
+ - name: Check the PHP versions installed
+ ansible.builtin.command: /usr/sbin/phpquery -V
+ check_mode: false
+ changed_when: false
+ register: php_phpquery_versions
+
+ - name: Set a fact for the PHP versions installed
+ ansible.builtin.set_fact:
+ php_ver_installed: "{{ php_phpquery_versions.stdout_lines | sort }}"
+
+ - name: Debug PHP versions that are to be installed
+ ansible.builtin.debug:
+ var: php_ver_present
+ verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+ - name: Debug PHP versions that are installed
+ ansible.builtin.debug:
+ var: php_ver_installed
+ verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+ - name: Debug PHP versions that are to be configured
+ ansible.builtin.debug:
+ var: php_conf_ver_present
+ verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+ - name: PHP versions that are not installed cannot be configured unless in check mode
+ ansible.builtin.fail:
+ msg: "PHP versions {% for php_v in php_conf_ver_present | difference(php_ver_installed) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} cannot be configured when they are not present."
+ when:
+ - not ansible_check_mode | bool
+ - php_conf_ver_present | difference(php_ver_installed) != []
+
+ - name: Include PHP configuration tasks when versions are present or when running in check mode
+ ansible.builtin.include_tasks: conf.yml
+ when: >-
+ ( ansible_check_mode | bool ) or
+ ( php_conf_ver_present | difference(php_ver_installed) == [] )
+
+ when:
+ - ( php_config is defined )
+ - ( php_conf_ver_present != [] ) or ( php_conf_ver_absent != [] )
tags:
- php_cfg
- php_conf
diff --git a/tasks/pkg.yml b/tasks/pkg.yml
index 1818972..cfdb22a 100644
--- a/tasks/pkg.yml
+++ b/tasks/pkg.yml
@@ -14,21 +14,21 @@
- name: Debug PHP packages names listed as absent
ansible.builtin.debug:
var: php_pkg_absent
- verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+ verbosity: "{% if ansible_check_mode | bool and php_pkg_absent != [] %}1{% elif php_pkg_absent != [] %}2{% else %}3{% endif %}"
- - name: Set a fact for installed PHP packages that are listed as absent
+ - name: Set a fact for installed PHP packages that are to be removed
ansible.builtin.set_fact:
php_pkg_remove: "{{ ansible_local.dpkg.installed | ansible.builtin.intersect(php_pkg_absent) | default ([]) }}"
- - name: Debug installed PHP packages that are listed as absent
+ - name: Debug installed PHP packages that are to be removed
ansible.builtin.debug:
var: php_pkg_remove
- verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+ verbosity: "{% if ansible_check_mode | bool and php_pkg_remove != [] %}0{% elif php_pkg_remove != [] %}1{% else %}2{% endif %}"
- name: Debug PHP versions absent
ansible.builtin.debug:
var: php_ver_absent
- verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+ verbosity: "{% if ansible_check_mode | bool and php_ver_absent != [] %}1{% elif php_ver_absent != [] %}2{% else %}3{% endif %}"
- name: Debug PHP versions absent regex
ansible.builtin.debug:
@@ -45,7 +45,7 @@
- name: Debug installed PHP packages to remove due to their version
ansible.builtin.debug:
var: php_ver_pkg_remove
- verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+ verbosity: "{% if ansible_check_mode | bool and php_ver_pkg_remove != [] %}0{% elif php_ver_pkg_remove != [] %}1{% else %}2{% endif %}"
- name: Set a fact for all installed PHP packages that should be removed
ansible.builtin.set_fact:
@@ -54,19 +54,13 @@
- name: Debug all installed PHP packages to be removed
ansible.builtin.debug:
var: php_pkg_rm
- verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
-
- - name: PHP packages absent
- ansible.builtin.apt:
- pkg: "{{ php_pkg_rm }}"
- state: absent
- register: php_packages_removed
- when: php_pkg_rm != []
+ verbosity: "{% if ansible_check_mode | bool or php_pkg_rm != [] %}0{% else %}1{% endif %}"
+ when: php_pkg_rm != php_pkg_remove
- name: Debug PHP packages present
ansible.builtin.debug:
var: php_pkg_present
- verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+ verbosity: "{% if ansible_check_mode | bool and php_pkg_present != [] %}1{% elif php_pkg_present != [] %}2{% else %}3{% endif %}"
- name: Set a fact for PHP packages that should be installed
ansible.builtin.set_fact:
@@ -75,7 +69,15 @@
- name: Debug PHP packages to install
ansible.builtin.debug:
var: php_pkg_install
- verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+ verbosity: "{% if ansible_check_mode | bool and php_pkg_install != [] %}0{% elif php_pkg_install != [] %}1{% else %}2{% endif %}"
+
+ - name: PHP packages purged
+ ansible.builtin.apt:
+ pkg: "{{ php_pkg_rm }}"
+ purge: true
+ state: absent
+ register: php_packages_removed
+ when: php_pkg_rm != []
- name: PHP packages present
ansible.builtin.apt:
diff --git a/vars/main.yml b/vars/main.yml
index 458cdcf..97802ec 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -31,6 +31,10 @@ php_pkg_present: "{{ php_versions | ansible.builtin.json_query('[?state==`presen
# cat defaults/main.yml | yq -o=json | jp "php_config[?state=='absent'].version"
php_conf_ver_absent: "{{ php_config | ansible.builtin.json_query('[?state==`absent`].version') | sort }}"
+# PHP versions configuration present
+# cat defaults/main.yml | yq -o=json | jp "php_config[?state=='present'].version"
+php_conf_ver_present: "{{ php_config | ansible.builtin.json_query('[?state==`present`].version') | sort }}"
+
# PHP versions configuration directories absent
php_conf_dirs_absent: "{{ php_config | ansible.builtin.json_query('[?state==`absent`].version') | sort | map('regex_replace', '^', '/etc/php/') }}"
--
GitLab