Skip to content
Snippets Groups Projects
Commit a739b9c8 authored by Chris Croome's avatar Chris Croome
Browse files

WIP

parent cada74b9
No related branches found
No related tags found
1 merge request!1Merge Sury
Pipeline #25785 passed
Stage: lint
Hide whitespace changes
Inline Side-by-side
defaults/main.yml
+ 20
0
View file @ a739b9c8
......@@ -11,11 +11,14 @@
php: true
# php_alternatives:
# cat /etc/php/8.1/fpm/php.ini | jc --ini -yp
php_check_legacy_variables: true
php_config:
- name: PHP 8.1 configuration
version: "8.1"
state: present
files:
- path: /etc/php/8.1/apache2/php.ini
state: absent
- name: PHP 8.1 FPM configuration
path: /etc/php/8.1/fpm/php.ini
state: edited
......@@ -27,6 +30,8 @@ php_config:
version: "7.4"
state: present
files:
- path: /etc/php/7.4/apache2/php.ini
state: absent
- name: PHP 8.1 FPM configuration
path: /etc/php/7.4/fpm/php.ini
state: edited
......@@ -34,6 +39,21 @@ php_config:
PHP:
max_input_time: "600"
memory_limit: "512M"
- name: PHP 7.3 configuration
version: "7.3"
state: absent
- name: PHP 7.2 configuration
version: "7.2"
state: absent
- name: PHP 7.1 configuration
version: "7.1"
state: absent
- name: PHP 7.0 configuration
version: "7.0"
state: absent
- name: PHP 5.6 configuration
version: "5.6"
state: absent
php_sury: true
php_versions:
- name: PHP 8.2 packages
......
meta/argument_specs.yml
+ 20
0
View file @ a739b9c8
......@@ -70,6 +70,16 @@ argument_specs:
type: str
required: true
description: The PHP version number.
choices:
- "8.2"
- "8.1"
- "8.0"
- "7.4"
- "7.3"
- "7.2"
- "7.1"
- "7.0"
- "5.6"
php_sury:
type: bool
required: false
......@@ -105,4 +115,14 @@ argument_specs:
type: str
required: true
description: The PHP version number.
choices:
- "8.2"
- "8.1"
- "8.0"
- "7.4"
- "7.3"
- "7.2"
- "7.1"
- "7.0"
- "5.6"
...
tasks/checks.yml
+ 58
135
View file @ a739b9c8
......@@ -2,22 +2,56 @@
- name: PHP checks
block:
- name: Check that depreciated variables are not used
- name: Check that depreciated variables are not defined
ansible.builtin.assert:
that:
- php_allow_local_infile is not defined
quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
- name: Check that variables are booleans
ansible.builtin.assert:
that:
- php_allow_url_include | type_debug == "bool"
- php_mysqli_allow_local_infile | type_debug == "bool"
- phpcli_allow_local_infile | type_debug == "bool"
- php_opcache_enable | type_debug == "bool"
- php_opcache_validate_permission | type_debug == "bool"
- php_opcache_validate_root | type_debug == "bool"
- php_allow_url_include is not defined
- php_apc_shm_size is not defined
- phpcli_allow_local_infile is not defined
- php_date_timezone is not defined
- php_default_socket_timeout is not defined
- php_disable_functions is not defined
- php_dpkg is not defined
- php_log is not defined
- php_log_grep is not defined
- php_max_execution_time is not defined
- php_max_file_uploads is not defined
- php_max_input_nesting_level is not defined
- php_max_input_time is not defined
- php_max_input_vars is not defined
- php_memory_limit is not defined
- php_mysqli_allow_local_infile is not defined
- php_opcache_enable is not defined
- php_opcache_interned_strings_buffer is not defined
- php_opcache_max_accelerated_files is not defined
- php_opcache_memory_consumption is not defined
- php_opcache_revalidate_freq is not defined
- php_opcache_use_cwd is not defined
- php_opcache_validate_permission is not defined
- php_opcache_validate_root is not defined
- php_opcache_validate_timestamps is not defined
- php_output_buffering is not defined
- php_packages is not defined
- php_phpquery is not defined
- php_post_max_size is not defined
- php_session_save_path is not defined
- php_short_open_tag is not defined
- php_upload_max_filesize is not defined
- php_versioned_packages is not defined
- php_www_pool_enabled is not defined
- php_www_pool_ping_path is not defined
- php_www_pool_pm is not defined
- php_www_pool_pm_max_children is not defined
- php_www_pool_pm_max_requests is not defined
- php_www_pool_pm_max_spare_servers is not defined
- php_www_pool_pm_min_spare_servers is not defined
- php_www_pool_pm_process_idle_timeout is not defined
- php_www_pool_pm_start_servers is not defined
- php_www_pool_pm_status_path is not defined
quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
when:
- php_check_legacy_variables is defined
- php_check_legacy_variables | bool
- name: Check that the distro is Debian Bullseye or Buster
ansible.builtin.assert:
......@@ -27,131 +61,20 @@
quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
fail_msg: "The Linux distro {{ ansible_distribution }} {{ ansible_distribution_release }} is not supported by this role"
- name: Generate an array of existing PHP versions
ansible.builtin.set_fact:
php_versions_existing: "{{ php_versions_existing | default([]) }} + [ '{{ existing_version.key }}' ]"
loop: "{{ ansible_local.phpquery.versions | dict2items }}"
loop_control:
loop_var: existing_version
label: "{{ existing_version.key }}"
when:
- ansible_local.phpquery.versions is defined
- existing_version.value.state == "present"
- name: Debug php_versions_existing array
ansible.builtin.debug:
var: php_versions_existing
verbosity: 2
when: php_versions_existing is defined
- name: Generate an array of proposed PHP versions
ansible.builtin.set_fact:
php_versions_proposed: "{{ php_versions_proposed | default([]) }} + [ '{{ proposed_version.key }}' ]"
loop: "{{ php_versions | dict2items }}"
loop_control:
loop_var: proposed_version
label: "{{ proposed_version.key }}"
when:
- php_versions is defined
- proposed_version.value.state == "present"
- name: Proposed PHP versions checks
block:
- name: Debug php_versions_proposed array
ansible.builtin.debug:
var: php_versions_proposed
verbosity: 2
- name: Check the PHP versions installed
ansible.builtin.command: /usr/sbin/phpquery -V
check_mode: false
changed_when: false
register: php_phpquery_versions
- name: Check that for each proposed version of PHP there are not packages due to be present and absent at the same time
ansible.builtin.include_tasks: pkg_checks.yml
loop: "{{ php_versions_proposed }}"
loop_control:
loop_var: version
label: "{{ version }}"
- name: Debug defined SAPIs for proposed PHP versions
ansible.builtin.debug:
msg: "SAPI {{ php_versions[version].sapis }} is defined for PHP {{ version }}"
verbosity: 3
loop: "{{ php_versions_proposed }}"
loop_control:
loop_var: version
label: "{{ version }}"
when: php_versions[version].sapis is defined
- name: Include SAPI checks for proposed PHP versions
ansible.builtin.include_tasks: sapi_checks.yml
loop: "{{ php_versions_proposed }}"
loop_control:
loop_var: version
label: "{{ version }}"
when: php_versions[version].sapis is defined
- name: Generate an array of PHP versions to remove
ansible.builtin.set_fact:
php_versions_remove: "{{ php_versions_existing | difference(php_versions_proposed) }}"
when:
- ( php_versions_existing is defined ) and ( php_versions_existing != [] )
- ( php_versions_proposed is defined ) and ( php_versions_proposed != [] )
- name: Checks for PHP versions due to be removed
block:
- name: Debug php_versions_remove array
ansible.builtin.debug:
var: php_versions_remove
verbosity: 2
- name: Include SAPI checks for PHP versions due to be removed
ansible.builtin.include_tasks: sapi_absent_checks.yml
loop: "{{ php_versions_remove }}"
loop_control:
loop_var: version
label: "{{ version }}"
when: php_versions[version].sapis is defined
when: ( php_versions_remove is defined ) and ( php_versions_remove != [] )
when: ( php_versions_proposed is defined ) and ( php_versions_proposed != [] )
- name: Generate an array of absent PHP versions
- name: Set a fact for the PHP versions installed
ansible.builtin.set_fact:
php_versions_absent: "{{ php_versions_absent | default([]) }} + [ '{{ absent_version.key }}' ]"
loop: "{{ php_versions | dict2items }}"
loop_control:
loop_var: absent_version
label: "{{ absent_version.key }}"
when: absent_version.value.state == "absent"
- name: Absent PHP versions checks
block:
- name: Debug php_versions_absent array
ansible.builtin.debug:
var: php_versions_absent
verbosity: 2
php_ver_installed: "{{ php_phpquery_versions.stdout_lines }}"
- name: Include SAPI checks for PHP versions due to be absent
ansible.builtin.include_tasks: sapi_absent_checks.yml
loop: "{{ php_versions_absent }}"
loop_control:
loop_var: version
label: "{{ version }}"
when: php_versions[version].sapis is defined
when: ( php_versions_absent is defined ) and ( php_versions_absent != [] )
# - name: Include www pool server variable checks
# ansible.builtin.include_tasks: pool_check.yml
# when: php_www_pool_pm == "dynamic"
# vars:
# php_pm: "{{ php_www_pool_pm }}"
# php_pm_max_children: "{{ php_www_pool_pm_max_children }}"
# php_pm_start_servers: "{{ php_www_pool_pm_start_servers }}"
# php_pm_min_spare_servers: "{{ php_www_pool_pm_min_spare_servers }}"
# php_pm_max_spare_servers: "{{ php_www_pool_pm_max_spare_servers }}"
# when: ( php_www_pool_enabled is not defined ) or ( php_www_pool_enabled is defined and php_www_pool_enabled )
- name: Debug PHP versions installed
ansible.builtin.debug:
var: php_ver_installed
verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
tags:
- php
......
tasks/conf.yml 0 → 100644
+ 106
0
View file @ a739b9c8
# Copyright 2019-2023 Chris Croome
#
# This file is part of the Webarchitects PHP Ansible role.
#
# The Webarchitects PHP Ansible role is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
#
# The Webarchitects PHP Ansible role is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with the Webarchitects PHP Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
- name: PHP configuration
block:
- name: Find the existing PHP versions directories
ansible.builtin.find:
paths: /etc/php
file_type: directory
recurse: false
register: php_etc_php_find_dirs
- name: Debug the existing PHP versions directories found
ansible.builtin.debug:
var: php_etc_php_find_dirs
verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
- name: Set a fact for the existing PHP version directories
ansible.builtin.set_fact:
php_conf_dirs_existing: "{{ php_etc_php_find_dirs | community.general.json_query('files[].path') }}"
- name: Debug existing PHP versions directories
ansible.builtin.debug:
var: php_conf_dirs_existing
verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
- name: Debug PHP version configuration directories which should be absent
ansible.builtin.debug:
var: php_conf_dirs_absent
verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
- name: Set a fact for existing PHP version configuration directories which should be absent
ansible.builtin.set_fact:
php_conf_dirs_remove: "{{ php_conf_dirs_existing | ansible.builtin.intersect(php_conf_dirs_absent) }}"
- name: Debug existing PHP versions configuration directories to be deleted
ansible.builtin.debug:
var: php_conf_dirs_remove
verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
- name: Find the existing PHP configuration files
ansible.builtin.find:
paths: /etc/php
file_type: file
recurse: true
patterns: '*.ini'
register: php_etc_php_find_files
- name: Debug existing PHP configuration files
ansible.builtin.debug:
var: php_etc_php_find_files
verbosity: "{% if ansible_check_mode | bool %}1{% else %}2{% endif %}"
- name: Set a fact for the existing PHP configuration files
ansible.builtin.set_fact:
php_conf_files_existing: "{{ php_etc_php_find_files | community.general.json_query('files[].path') }}"
- name: Debug existing PHP configuration files
ansible.builtin.debug:
var: php_conf_files_existing
verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
- name: Debug PHP configuration files which should be absent
ansible.builtin.debug:
var: php_conf_files_absent
verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
- name: Set a fact for existing PHP configuration files that should be absent
ansible.builtin.set_fact:
php_conf_files_remove: "{{ php_conf_files_existing | ansible.builtin.intersect(php_conf_files_absent) }}"
- name: Debug existing PHP configuration files to be deleted
ansible.builtin.debug:
var: php_conf_files_remove
verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
- name: Set a fact for existing PHP configuration files and directories to be deleted
ansible.builtin.set_fact:
php_conf_rm: "{{ php_conf_dirs_remove + php_conf_files_remove }}"
- name: Debug PHP configuration paths to be deleted
ansible.builtin.debug:
var: php_conf_rm
verbosity: "{% if ansible_check_mode | bool %}0{% else %}1{% endif %}"
- name: PHP configuration paths absent
ansible.builtin.file:
path: "{{ php_conf_rm }}"
state: absent
register: php_conf_removed
when:
- php_conf_rm is defined
- php_conf_rm != []
tags:
- php
- php_conf
...
tasks/main.yml
+ 21
5
View file @ a739b9c8
# Copyright 2019-2023 Chris Croome
#
# This file is part of the Webarchitects PHP Ansible role.
#
# The Webarchitects PHP Ansible role is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
#
# The Webarchitects PHP Ansible role is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with the Webarchitects PHP Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
- name: PHP
block:
......@@ -10,6 +19,13 @@
( ansible_local.dpkg.arch is not defined ) or
( ansible_local.gpg.version is not defined ) or
( ansible_local.bash.path is not defined )
tags:
- php_apt
- name: Include PHP check tasks
ansible.builtin.include_tasks: checks.yml
tags:
- php_conf
- name: Include Sury PHP apt repo tasks
ansible.builtin.include_tasks: apt.yml
......@@ -23,11 +39,11 @@
tags:
- php_pkg
# - name: Include PHP config tasks
# ansible.builtin.include_tasks: conf.yml
# when: php_config is defined
# tags:
# - php_config
- name: Include PHP configuration tasks
ansible.builtin.include_tasks: conf.yml
when: php_config is defined
tags:
- php_conf
# - name: Install and configure PHP
# block:
......
vars/main.yml
+ 15
0
View file @ a739b9c8
......@@ -25,6 +25,21 @@ php_pkg_absent: "{{ php_versions | ansible.builtin.json_query('[?state==`present
# cat defaults/main.yml | yq -o=json | jp "php_versions[?state=='present'].pkg_present[]" | sort -u
php_pkg_present: "{{ php_versions | ansible.builtin.json_query('[?state==`present`].pkg_present[]') | ansible.builtin.unique | sort }}"
# PHP versions configuration absent
# cat defaults/main.yml | yq -o=json | jp "php_config[?state=='absent'].version"
php_conf_ver_absent: "{{ php_config | ansible.builtin.json_query('[?state==`absent`].version') | sort }}"
# PHP versions configuration directories absent
php_conf_dirs_absent: "{{ php_config | ansible.builtin.json_query('[?state==`absent`].version') | map('regex_replace', '^', '/etc/php/') | sort }}"
# PHP versions configuration directories present
# cat defaults/main.yml | yq -o=json | jp "php_config[?state=='present'].version"
php_conf_dirs_present: "{{ php_config | ansible.builtin.json_query('[?state==`present`].version') | sort }}"
# PHP versions present files absent
# cat defaults/main.yml | yq -o=json | jp "php_config[?state=='present'].files[]|[?state=='absent'].path"
php_conf_files_absent: "{{ php_config | ansible.builtin.json_query('[?state==`present`].files[]|[?state==`absent`].path') | sort }}"
# GPG public key URL linked from
# https://packages.sury.org/php/
php_gpg_url: https://packages.sury.org/php/apt.gpg
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Webarchitects | Forum | Status | SSH Fingerprints