WIP

33a07e64 · Chris Croome · b536a275 · 33a07e64 · 33a07e64 · 33a07e64
Commit 33a07e64 authored 2 years ago by Chris Croome
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -103,13 +103,13 @@ php_versions:
      - php8.2-opcache
      - php8.2-readline
      - php8.2-sqlite3
+      - php8.2-soap
      - php8.2-uploadprogress
      - php8.2-xml
      - php8.2-xmlrpc
      - php8.2-xsl
      - php8.2-zip
      - php-pear
-      - php-soap
  - name: PHP 8.1 packages
    version: "8.1"
    state: present
@@ -135,13 +135,13 @@ php_versions:
      - php8.1-opcache
      - php8.1-readline
      - php8.1-sqlite3
+      - php8.1-soap
      - php8.1-uploadprogress
      - php8.1-xml
      - php8.1-xmlrpc
      - php8.1-xsl
      - php8.1-zip
      - php-pear
-      - php-soap
  - name: PHP 8.0 packages
    version: "8.0"
    state: present
@@ -167,13 +167,13 @@ php_versions:
      - php8.0-opcache
      - php8.0-readline
      - php8.0-sqlite3
+      - php8.0-soap
      - php8.0-uploadprogress
      - php8.0-xml
      - php8.0-xmlrpc
      - php8.0-xsl
      - php8.0-zip
      - php-pear
-      - php-soap
  - name: PHP 7.4 packages
    version: "7.4"
    state: present
@@ -200,6 +200,7 @@ php_versions:
      - php7.4-mysql
      - php7.4-opcache
      - php7.4-sqlite3
+      - php7.4-soap
      - php7.4-readline
      - php7.4-uploadprogress
      - php7.4-xml
@@ -207,7 +208,6 @@ php_versions:
      - php7.4-xsl
      - php7.4-zip
      - php-pear
-      - php-soap
  - name: PHP 7.3 packages
    version: "7.3"
    state: absent

--- a/tasks/apt.yml
+++ b/tasks/apt.yml
@@ -51,6 +51,7 @@
            that:
              - php_gpg_fingerprints_found | difference(php_gpg_fingerprints) | length == 0
              - php_gpg_fingerprints | difference(php_gpg_fingerprints_found) | length == 0
+            quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"

      when: ( php_gpg_file.stat.exists | bool )


--- a/tasks/checks.yml
+++ b/tasks/checks.yml
@@ -70,20 +70,34 @@
        quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
        fail_msg: "The Linux distro {{ ansible_distribution }} {{ ansible_distribution_release }} is not supported by this role"

-    - name: Check the PHP versions installed
-      ansible.builtin.command: /usr/sbin/phpquery -V
-      check_mode: false
-      changed_when: false
-      register: php_phpquery_versions
+    - name: Debug PHP versions and config due to be present and absent
+      ansible.builtin.debug:
+        msg:
+          - "PHP pkgs set to be present: {% for php_v in php_ver_present %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+          - "PHP pkgs set to be absent: {% for php_v in php_ver_absent %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+          - "PHP conf set to be present: {% for php_v in php_conf_ver_present %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+          - "PHP conf set to be absent: {% for php_v in php_conf_ver_absent %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"

-    - name: Set a fact for the PHP versions installed
-      ansible.builtin.set_fact:
-        php_ver_installed: "{{ php_phpquery_versions.stdout_lines }}"
+    - name: Check that PHP packages that are set to be present match the config that is set to be present
+      ansible.builtin.debug:
+        msg: "Note that PHP pkgs set to be present: {% for php_v in php_ver_present %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} doesn't not match the PHP cfg set to be present: {% for php_v in php_conf_ver_present %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+      when: php_ver_present != php_conf_ver_present

-    - name: Debug PHP versions installed
+    - name: Check that PHP packages that are set to be absent match the config that is set to be absent
      ansible.builtin.debug:
-        var: php_ver_installed
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+        msg: "Note that PHP pkgs set to be absent: {% for php_v in php_ver_absent %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} doesn't not match the PHP cfg set to be absent: {% for php_v in php_conf_ver_absent %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}"
+      when: php_ver_absent != php_conf_ver_absent
+
+    - name: PHP config should not be removed when the packages are set to be present
+      ansible.builtin.fail:
+        msg: "PHP conf are set to be absent for {% for php_v in php_conf_ver_absent | ansible.builtin.intersect(php_ver_present) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} but the pkgs are set to be present."
+      when: php_conf_ver_absent | ansible.builtin.intersect(php_ver_present) != []
+
+    - name: PHP versions should not be configured when the packages are set to be absent
+      ansible.builtin.fail:
+        msg: "PHP conf are set to be present for {% for php_v in php_conf_ver_present | ansible.builtin.intersect(php_ver_absent) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} but the pkgs are set to be absent."
+      when: php_conf_ver_present | ansible.builtin.intersect(php_ver_absent) != []

  tags:
    - php

--- a/tasks/conf.yml
+++ b/tasks/conf.yml
@@ -68,6 +68,30 @@
        var: php_conf_files_existing
        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"

+    - name: Debug PHP configuration files set to be edited
+      ansible.builtin.debug:
+        var: php_conf_files_edited
+        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+    - name: All files that are set to be edited need to already exist
+      ansible.builtin.debug:
+        msg: >-
+          Note that {% if ansible_check_mode | bool %}since Ansible is being run in check mode, please run with
+          '-t php_apt' install packages and then '-t php_cfg --check' to check the configiguration.{% else %}
+          the state for files that don't exist needs to be 'present' or 'templated', not 'edited'.{% endif %}
+          The following PHP conf files are set to be edited when they don't exist
+          {% for php_v in php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}.
+      when: php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) | length != 0
+
+    - name: Ensure that all files that are set to be edited already exist
+      ansible.builtin.assert:
+        that:
+          - php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) | length == 0
+        quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
+        fail_msg: >-
+          PHP configurations files that don't exist can't be edited
+          {% for php_v in php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %}.
+
    - name: Debug PHP configuration files which should be absent
      ansible.builtin.debug:
        var: php_conf_files_absent
@@ -132,18 +156,6 @@
        - php_conf_dirs_create is defined
        - php_conf_dirs_create != []

-    - name: Debug PHP configuration files set to be edited
-      ansible.builtin.debug:
-        var: php_conf_files_edited
-        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
-
-    - name: Ensure that all files that are set to be edited already exist
-      ansible.builtin.assert:
-        that:
-          - php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) | length == 0
-        quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
-        fail_msg: "PHP configurations files that don't exist can't be edited: {{ php_conf_files_edited | ansible.builtin.difference(php_conf_files_existing) }}"
-
    - name: Debug PHP configuration files set to be present
      ansible.builtin.debug:
        var: php_conf_files_present

--- a/tasks/file_edited.yml
+++ b/tasks/file_edited.yml
@@ -94,13 +94,6 @@
        loop_var: php_conf_section
      when: php_conf_file_proposed_vars.keys() | length != 0

-    - name: File backup absent when the PHP configuration file is unchanged
-      ansible.builtin.file:
-        path: "{{ php_conf_file_backup }}"
-        state: absent
-      changed_when: false
-      when: not php_conf_file_changed | bool
-
    - name: Test and reload PHP configuration file when file is in a FPM directory
      block:

@@ -150,9 +143,18 @@
            state: reloaded

      when:
+        - php_conf_file_version in php_ver_installed
+        - php_conf_file_changed | bool
        - php_conf_file_sapi is defined
        - php_conf_file_sapi == "fpm"

+    - name: File backup absent when the PHP configuration file is unchanged
+      ansible.builtin.file:
+        path: "{{ php_conf_file_backup }}"
+        state: absent
+      changed_when: false
+      when: not php_conf_file_changed | bool
+
  tags:
    - php
    - php_cfg

--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -40,9 +40,50 @@
      tags:
        - php_pkg

-    - name: Include PHP configuration tasks
-      ansible.builtin.include_tasks: conf.yml
-      when: php_config is defined
+    - name: Configure PHP
+      block:
+
+        - name: Check the PHP versions installed
+          ansible.builtin.command: /usr/sbin/phpquery -V
+          check_mode: false
+          changed_when: false
+          register: php_phpquery_versions
+
+        - name: Set a fact for the PHP versions installed
+          ansible.builtin.set_fact:
+            php_ver_installed: "{{ php_phpquery_versions.stdout_lines | sort }}"
+
+        - name: Debug PHP versions that are to be installed
+          ansible.builtin.debug:
+            var: php_ver_present
+            verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+        - name: Debug PHP versions that are installed
+          ansible.builtin.debug:
+            var: php_ver_installed
+            verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+        - name: Debug PHP versions that are to be configured
+          ansible.builtin.debug:
+            var: php_conf_ver_present
+            verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+        - name: PHP versions that are not installed cannot be configured unless in check mode
+          ansible.builtin.fail:
+            msg: "PHP versions {% for php_v in php_conf_ver_present | difference(php_ver_installed) %}{{ php_v }}{{ ', ' if not loop.last }}{% endfor %} cannot be configured when they are not present."
+          when:
+            - not ansible_check_mode | bool
+            - php_conf_ver_present | difference(php_ver_installed) != []
+
+        - name: Include PHP configuration tasks when versions are present or when running in check mode
+          ansible.builtin.include_tasks: conf.yml
+          when: >-
+            ( ansible_check_mode | bool ) or
+            ( php_conf_ver_present | difference(php_ver_installed) == [] )
+
+      when:
+        - ( php_config is defined )
+        - ( php_conf_ver_present != [] ) or ( php_conf_ver_absent != [] )
      tags:
        - php_cfg
        - php_conf

--- a/tasks/pkg.yml
+++ b/tasks/pkg.yml
@@ -14,21 +14,21 @@
    - name: Debug PHP packages names listed as absent
      ansible.builtin.debug:
        var: php_pkg_absent
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+        verbosity: "{% if ansible_check_mode | bool and php_pkg_absent != [] %}1{% elif php_pkg_absent != [] %}2{% else %}3{% endif %}"

-    - name: Set a fact for installed PHP packages that are listed as absent
+    - name: Set a fact for installed PHP packages that are to be removed
      ansible.builtin.set_fact:
        php_pkg_remove: "{{ ansible_local.dpkg.installed | ansible.builtin.intersect(php_pkg_absent) | default ([]) }}"

-    - name: Debug installed PHP packages that are listed as absent
+    - name: Debug installed PHP packages that are to be removed
      ansible.builtin.debug:
        var: php_pkg_remove
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+        verbosity: "{% if ansible_check_mode | bool and php_pkg_remove != [] %}0{% elif php_pkg_remove != [] %}1{% else %}2{% endif %}"

    - name: Debug PHP versions absent
      ansible.builtin.debug:
        var: php_ver_absent
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+        verbosity: "{% if ansible_check_mode | bool and php_ver_absent != [] %}1{% elif php_ver_absent != [] %}2{% else %}3{% endif %}"

    - name: Debug PHP versions absent regex
      ansible.builtin.debug:
@@ -45,7 +45,7 @@
    - name: Debug installed PHP packages to remove due to their version
      ansible.builtin.debug:
        var: php_ver_pkg_remove
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+        verbosity: "{% if ansible_check_mode | bool and php_ver_pkg_remove != [] %}0{% elif php_ver_pkg_remove != [] %}1{% else %}2{% endif %}"

    - name: Set a fact for all installed PHP packages that should be removed
      ansible.builtin.set_fact:
@@ -54,19 +54,13 @@
    - name: Debug all installed PHP packages to be removed
      ansible.builtin.debug:
        var: php_pkg_rm
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
-
-    - name: PHP packages absent
-      ansible.builtin.apt:
-        pkg: "{{ php_pkg_rm }}"
-        state: absent
-      register: php_packages_removed
-      when: php_pkg_rm != []
+        verbosity: "{% if ansible_check_mode | bool or php_pkg_rm != [] %}0{% else %}1{% endif %}"
+      when: php_pkg_rm != php_pkg_remove

    - name: Debug PHP packages present
      ansible.builtin.debug:
        var: php_pkg_present
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+        verbosity: "{% if ansible_check_mode | bool and php_pkg_present != [] %}1{% elif php_pkg_present != [] %}2{% else %}3{% endif %}"

    - name: Set a fact for PHP packages that should be installed
      ansible.builtin.set_fact:
@@ -75,7 +69,15 @@
    - name: Debug PHP packages to install
      ansible.builtin.debug:
        var: php_pkg_install
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
+        verbosity: "{% if ansible_check_mode | bool and php_pkg_install != [] %}0{% elif php_pkg_install != [] %}1{% else %}2{% endif %}"
+
+    - name: PHP packages purged
+      ansible.builtin.apt:
+        pkg: "{{ php_pkg_rm }}"
+        purge: true
+        state: absent
+      register: php_packages_removed
+      when: php_pkg_rm != []

    - name: PHP packages present
      ansible.builtin.apt:

--- a/vars/main.yml
+++ b/vars/main.yml
@@ -31,6 +31,10 @@ php_pkg_present: "{{ php_versions | ansible.builtin.json_query('[?state==`presen
 # cat defaults/main.yml | yq -o=json | jp "php_config[?state=='absent'].version"
 php_conf_ver_absent: "{{ php_config | ansible.builtin.json_query('[?state==`absent`].version') | sort }}"

+# PHP versions configuration present
+# cat defaults/main.yml | yq -o=json | jp "php_config[?state=='present'].version"
+php_conf_ver_present: "{{ php_config | ansible.builtin.json_query('[?state==`present`].version') | sort }}"
+
 # PHP versions configuration directories absent
 php_conf_dirs_absent: "{{ php_config | ansible.builtin.json_query('[?state==`absent`].version') | sort | map('regex_replace', '^', '/etc/php/') }}"