From 4ffaf63560165a5f1ec601a4c21eed8fc4db8e45 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Sun, 19 Feb 2023 18:39:00 +0000
Subject: [PATCH] WIP

---
 tasks/conf.yml           |  16 ++---
 tasks/file_edited.yml    |   3 +-
 tasks/file_templated.yml | 128 ++++++++++++++++++++++++++++++++++++---
 templates/php.j2         |  12 ++++
 4 files changed, 142 insertions(+), 17 deletions(-)
 create mode 100644 templates/php.j2

diff --git a/tasks/conf.yml b/tasks/conf.yml
index f45228f..3061ea8 100644
--- a/tasks/conf.yml
+++ b/tasks/conf.yml
@@ -193,14 +193,14 @@
         var: php_conf_files_template
         verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
 
-#    - name: Include PHP configuration file templated tasks
-#      ansible.builtin.include_tasks: file_templated.yml
-#      loop: "{{ php_conf_files_template }}"
-#      loop_control:
-#        loop_var: php_conf_file
-#      when:
-#        - php_conf_files_template is defined
-#        - php_conf_files_template != []
+    - name: Include PHP configuration file templated tasks
+      ansible.builtin.include_tasks: file_templated.yml
+      loop: "{{ php_conf_files_template }}"
+      loop_control:
+        loop_var: php_conf_file
+      when:
+        - php_conf_files_template is defined
+        - php_conf_files_template != []
 
   tags:
     - php
diff --git a/tasks/file_edited.yml b/tasks/file_edited.yml
index 7730eaf..6040d12 100644
--- a/tasks/file_edited.yml
+++ b/tasks/file_edited.yml
@@ -33,7 +33,6 @@
     - name: Set a fact for the proposed PHP configuration file variables
       ansible.builtin.set_fact:
         php_conf_file_proposed_vars: "{{ php_config | ansible.builtin.json_query(php_conf_file_proposed_vars_json_query) }}"
-        verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
       vars:
         php_conf_file_proposed_vars_json_query: "[?state=='present'].files[]|[?path=='{{ php_conf_file }}'].conf|[0]"
 
@@ -47,7 +46,7 @@
         var: php_conf_file_proposed_vars.keys()
         verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
 
-    - name: Set fact for PHP configuration file
+    - name: Set facts for the PHP configuration file
       ansible.builtin.set_fact:
         php_conf_file_backup: "{{ php_conf_file | ansible.builtin.dirname }}/.{{ php_conf_file | ansible.builtin.basename }}.{{ ansible_date_time.iso8601_basic_short }}.bak"
         php_conf_file_changed: false
diff --git a/tasks/file_templated.yml b/tasks/file_templated.yml
index eafb230..651a56b 100644
--- a/tasks/file_templated.yml
+++ b/tasks/file_templated.yml
@@ -8,11 +8,125 @@
 #
 # You should have received a copy of the GNU General Public License along with the Webarchitects PHP Ansible role. If not, see <https://www.gnu.org/licenses/>.
 ---
-# - name: PHP configuration file templated
-#   block:
-#
-#   tags:
-#     - php
-#     - php_cfg
-#     - php_conf
+- name: PHP configuration file templated
+  block:
+
+    - name: Set facts for the PHP configuration file
+      ansible.builtin.set_fact:
+        php_conf_file_backup: "{{ php_conf_file | ansible.builtin.dirname }}/.{{ php_conf_file | ansible.builtin.basename }}.{{ ansible_date_time.iso8601_basic_short }}.bak"
+        php_conf_file_proposed_vars: "{{ php_config | ansible.builtin.json_query(php_conf_file_proposed_vars_json_query) }}"
+        php_conf_file_sapi: "{{ php_conf_file | ansible.builtin.split(php_file_path_separator) | ansible.builtin.json_query('[4]') }}"
+        php_conf_file_version: "{{ php_conf_file | ansible.builtin.split(php_file_path_separator) | ansible.builtin.json_query('[3]') }}"
+      vars:
+        php_conf_file_proposed_vars_json_query: "[?state=='present'].files[]|[?path=='{{ php_conf_file }}'].conf|[0]"
+
+    - name: Debug the PHP configuration file backup path
+      ansible.builtin.debug:
+        var: php_conf_file_backup
+        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+    - name: Debug the PHP configuration file PHP SAPI
+      ansible.builtin.debug:
+        var: php_conf_file_sapi
+        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+    - name: Debug the PHP configuration file PHP version
+      ansible.builtin.debug:
+        var: php_conf_file_version
+        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+    - name: Debug the proposed PHP configuration file variables
+      ansible.builtin.debug:
+        var: php_conf_file_proposed_vars
+        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+    - name: Debug the proposed PHP configuration file sections
+      ansible.builtin.debug:
+        var: php_conf_file_proposed_vars.keys()
+        verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
+
+    - name: File backup present
+      ansible.builtin.copy:
+        src: "{{ php_conf_file }}"
+        dest: "{{ php_conf_file_backup }}"
+        remote_src: true
+        mode: 0644
+        owner: root
+        group: root
+      when: php_conf_file in php_conf_files_existing
+
+    - name: File templated
+      ansible.builtin.template:
+        src: php.j2
+        dest: "{{ php_conf_file }}"
+        mode: 0644
+        owner: root
+        group: root
+      register: php_conf_file_templated
+
+    - name: Test and reload PHP configuration file when file is in a FPM directory
+      block:
+
+        - name: Test PHP configuration
+          block:
+
+            - name: PHP FPM configtest
+              ansible.builtin.command: "php-fpm{{ php_conf_file_version }} --test"
+              check_mode: false
+              changed_when: false
+              register: php_fpm_test
+              failed_when: >-
+                ( php_fpm_test.rc != 0 ) or
+                ( "Failed" in php_fpm_test.stderr )
+
+          rescue:
+
+            - name: Copy broken PHP configuration file
+              ansible.builtin.copy:
+                src: "{{ php_conf_file }}"
+                dest: "{{ php_conf_file_backup }}.broken"
+                remote_src: true
+                mode: 0644
+                owner: root
+                group: root
+
+            - name: Copy backup file over edited file as the configuration test failed
+              ansible.builtin.copy:
+                src: "{{ php_conf_file_backup }}"
+                dest: "{{ php_conf_file }}"
+                remote_src: true
+                mode: 0644
+                owner: root
+                group: root
+
+            - name: Debug PHP configuration file test failure
+              ansible.builtin.debug:
+                var: php_fpm_test.stderr_lines
+
+            - name: Fail as there was a problem with the updated configuration file
+              ansible.builtin.fail:
+                msg: "The original configuration has been restored and the broken file is available at {{ php_conf_file_backup }}.broken"
+
+        - name: PHP FPM reloaded
+          ansible.builtin.service:
+            name: "php{{ php_conf_file_version }}-fpm"
+            state: reloaded
+
+      when:
+        - php_conf_file_version in php_ver_installed
+        - php_conf_file_templated.changed | bool
+        - php_conf_file_sapi is defined
+        - php_conf_file_sapi == "fpm"
+
+    - name: File backup absent when the PHP configuration file is unchanged
+      ansible.builtin.file:
+        path: "{{ php_conf_file_backup }}"
+        state: absent
+      changed_when: false
+      when: not php_conf_file_templated.changed | bool
+
+  tags:
+    - php
+    - php_cfg
+    - php_conf
 ...
diff --git a/templates/php.j2 b/templates/php.j2
new file mode 100644
index 0000000..97836bf
--- /dev/null
+++ b/templates/php.j2
@@ -0,0 +1,12 @@
+# {{ systemd_ansible_managed }}
+
+{% for php_section in | dict2items %}
+
+[{{ php_section.key }}]
+{% for php_variable_pair in php_section.value | dict2items %}
+{{ php_variable_pair.key }} = {{ php_variable_pair.value }}
+
+{% endfor %}
+{% endfor %}
+
+# vim: ft=systemd:
-- 
GitLab