From 0d99f1ee0441e5171114f5828e4f14fa8911350b Mon Sep 17 00:00:00 2001 From: Ivan Grynenko Date: Sat, 11 Jun 2016 10:25:11 +1000 Subject: [PATCH] Added php role, removed unused trees. --- lamp_centos7/site.retry | 1 - lamp_simple_rhel7/LICENSE.md | 4 - lamp_simple_rhel7/README.md | 32 --- lamp_simple_rhel7/group_vars/all | 6 - lamp_simple_rhel7/group_vars/dbservers | 9 - lamp_simple_rhel7/hosts | 7 - .../roles/common/handlers/main.yml | 6 - lamp_simple_rhel7/roles/common/tasks/main.yml | 15 -- .../roles/common/templates/ntp.conf.j2 | 12 - lamp_simple_rhel7/roles/db/handlers/main.yml | 5 - lamp_simple_rhel7/roles/db/tasks/main.yml | 36 --- .../roles/db/templates/my.cnf.j2 | 11 - .../roles/web/tasks/copy_code.yml | 9 - .../roles/web/tasks/install_httpd.yml | 21 -- lamp_simple_rhel7/roles/web/tasks/main.yml | 3 - .../roles/web/templates/index.php.j2 | 24 -- lamp_simple_rhel7/site.yml | 23 -- lemp-rhel7/group_vars/all | 9 + lemp-rhel7/roles/ansible-role-php/.travis.yml | 84 +++++++ lemp-rhel7/roles/ansible-role-php/README.md | 204 ++++++++++++++++ .../roles/ansible-role-php/defaults/main.yml | 115 +++++++++ .../roles/ansible-role-php/handlers/main.yml | 13 + .../roles/ansible-role-php/meta/main.yml | 23 ++ .../ansible-role-php/tasks/configure-apcu.yml | 37 +++ .../ansible-role-php/tasks/configure-fpm.yml | 72 ++++++ .../tasks/configure-opcache.yml | 37 +++ .../ansible-role-php/tasks/configure.yml | 20 ++ .../tasks/install-from-source.yml | 150 ++++++++++++ .../roles/ansible-role-php/tasks/main.yml | 61 +++++ .../ansible-role-php/tasks/setup-Debian.yml | 27 +++ .../ansible-role-php/tasks/setup-RedHat.yml | 8 + .../ansible-role-php/templates/apc.ini.j2 | 5 + .../ansible-role-php/templates/fpm-init.j2 | 170 +++++++++++++ .../ansible-role-php/templates/opcache.ini.j2 | 14 ++ .../templates/php-fpm.conf.j2 | 12 + .../ansible-role-php/templates/php.ini.j2 | 225 ++++++++++++++++++ .../ansible-role-php/templates/www.conf.j2 | 12 + .../tests/Dockerfile.centos-7 | 27 +++ .../tests/Dockerfile.ubuntu-12.04 | 11 + .../tests/Dockerfile.ubuntu-14.04 | 11 + .../roles/ansible-role-php/tests/inventory | 1 + .../ansible-role-php/tests/requirements.yml | 2 + .../ansible-role-php/tests/test-package.yml | 27 +++ .../ansible-role-php/tests/test-source.yml | 18 ++ .../tests/test-vars-ubuntu1204.yml | 23 ++ .../roles/ansible-role-php/vars/Debian.yml | 37 +++ .../roles/ansible-role-php/vars/RedHat.yml | 33 +++ 47 files changed, 1488 insertions(+), 224 deletions(-) delete mode 100644 lamp_centos7/site.retry delete mode 100644 lamp_simple_rhel7/LICENSE.md delete mode 100644 lamp_simple_rhel7/README.md delete mode 100644 lamp_simple_rhel7/group_vars/all delete mode 100644 lamp_simple_rhel7/group_vars/dbservers delete mode 100644 lamp_simple_rhel7/hosts delete mode 100644 lamp_simple_rhel7/roles/common/handlers/main.yml delete mode 100644 lamp_simple_rhel7/roles/common/tasks/main.yml delete mode 100644 lamp_simple_rhel7/roles/common/templates/ntp.conf.j2 delete mode 100644 lamp_simple_rhel7/roles/db/handlers/main.yml delete mode 100644 lamp_simple_rhel7/roles/db/tasks/main.yml delete mode 100644 lamp_simple_rhel7/roles/db/templates/my.cnf.j2 delete mode 100644 lamp_simple_rhel7/roles/web/tasks/copy_code.yml delete mode 100644 lamp_simple_rhel7/roles/web/tasks/install_httpd.yml delete mode 100644 lamp_simple_rhel7/roles/web/tasks/main.yml delete mode 100644 lamp_simple_rhel7/roles/web/templates/index.php.j2 delete mode 100644 lamp_simple_rhel7/site.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/.travis.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/README.md create mode 100755 lemp-rhel7/roles/ansible-role-php/defaults/main.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/handlers/main.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/meta/main.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tasks/configure-apcu.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tasks/configure-fpm.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tasks/configure-opcache.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tasks/configure.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tasks/install-from-source.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tasks/main.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tasks/setup-Debian.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tasks/setup-RedHat.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/templates/apc.ini.j2 create mode 100755 lemp-rhel7/roles/ansible-role-php/templates/fpm-init.j2 create mode 100755 lemp-rhel7/roles/ansible-role-php/templates/opcache.ini.j2 create mode 100755 lemp-rhel7/roles/ansible-role-php/templates/php-fpm.conf.j2 create mode 100755 lemp-rhel7/roles/ansible-role-php/templates/php.ini.j2 create mode 100755 lemp-rhel7/roles/ansible-role-php/templates/www.conf.j2 create mode 100755 lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.centos-7 create mode 100755 lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.ubuntu-12.04 create mode 100755 lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.ubuntu-14.04 create mode 100755 lemp-rhel7/roles/ansible-role-php/tests/inventory create mode 100755 lemp-rhel7/roles/ansible-role-php/tests/requirements.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tests/test-package.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tests/test-source.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/tests/test-vars-ubuntu1204.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/vars/Debian.yml create mode 100755 lemp-rhel7/roles/ansible-role-php/vars/RedHat.yml diff --git a/lamp_centos7/site.retry b/lamp_centos7/site.retry deleted file mode 100644 index 6ab996c..0000000 --- a/lamp_centos7/site.retry +++ /dev/null @@ -1 +0,0 @@ -122.129.219.67 diff --git a/lamp_simple_rhel7/LICENSE.md b/lamp_simple_rhel7/LICENSE.md deleted file mode 100644 index 9645651..0000000 --- a/lamp_simple_rhel7/LICENSE.md +++ /dev/null @@ -1,4 +0,0 @@ -Copyright (C) 2015 Eugene Varnavsky (varnavruz@gmail.com) - -This work is licensed under the Creative Commons Attribution 3.0 Unported License. -To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. diff --git a/lamp_simple_rhel7/README.md b/lamp_simple_rhel7/README.md deleted file mode 100644 index ae0ba9a..0000000 --- a/lamp_simple_rhel7/README.md +++ /dev/null @@ -1,32 +0,0 @@ -Building a simple LAMP stack and deploying Application using Ansible Playbooks. -------------------------------------------- - -These playbooks require Ansible 1.2. - -These playbooks are meant to be a reference and starter's guide to building -Ansible Playbooks. These playbooks were tested on CentOS 7.x so we recommend -that you use CentOS or RHEL to test these modules. - -RHEL7 version reflects changes in Red Hat Enterprise Linux and CentOS 7: -1. Network device naming scheme has changed -2. iptables is replaced with firewalld -3. MySQL is replaced with MariaDB - -This LAMP stack can be on a single node or multiple nodes. The inventory file -'hosts' defines the nodes in which the stacks should be configured. - - [webservers] - localhost - - [dbservers] - bensible - -Here the webserver would be configured on the local host and the dbserver on a -server called "bensible". The stack can be deployed using the following -command: - - ansible-playbook -i hosts site.yml - -Once done, you can check the results by browsing to http://localhost/index.php. -You should see a simple test page and a list of databases retrieved from the -database server. diff --git a/lamp_simple_rhel7/group_vars/all b/lamp_simple_rhel7/group_vars/all deleted file mode 100644 index 74ca458..0000000 --- a/lamp_simple_rhel7/group_vars/all +++ /dev/null @@ -1,6 +0,0 @@ ---- -# Variables listed here are applicable to all host groups - -httpd_port: 80 -ntpserver: 192.168.1.2 -repository: https://github.com/bennojoy/mywebapp.git diff --git a/lamp_simple_rhel7/group_vars/dbservers b/lamp_simple_rhel7/group_vars/dbservers deleted file mode 100644 index 027a32a..0000000 --- a/lamp_simple_rhel7/group_vars/dbservers +++ /dev/null @@ -1,9 +0,0 @@ ---- -# The variables file used by the playbooks in the dbservers group. -# These don't have to be explicitly imported by vars_files: they are autopopulated. - -mysqlservice: mysqld -mysql_port: 3306 -dbuser: foouser -dbname: foodb -upassword: abc diff --git a/lamp_simple_rhel7/hosts b/lamp_simple_rhel7/hosts deleted file mode 100644 index c9d945e..0000000 --- a/lamp_simple_rhel7/hosts +++ /dev/null @@ -1,7 +0,0 @@ -[webservers] -webserver.local - -[dbservers] -dbserver.local - - diff --git a/lamp_simple_rhel7/roles/common/handlers/main.yml b/lamp_simple_rhel7/roles/common/handlers/main.yml deleted file mode 100644 index 007bd67..0000000 --- a/lamp_simple_rhel7/roles/common/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# Handler to handle common notifications. Handlers are called by other plays. -# See http://docs.ansible.com/playbooks_intro.html for more information about handlers. - -- name: restart ntp - service: name=ntpd state=restarted diff --git a/lamp_simple_rhel7/roles/common/tasks/main.yml b/lamp_simple_rhel7/roles/common/tasks/main.yml deleted file mode 100644 index c73908d..0000000 --- a/lamp_simple_rhel7/roles/common/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This playbook contains common plays that will be run on all nodes. - -- name: Install ntp - yum: name=ntp state=present - tags: ntp - -- name: Configure ntp file - template: src=ntp.conf.j2 dest=/etc/ntp.conf - tags: ntp - notify: restart ntp - -- name: Start the ntp service - service: name=ntpd state=started enabled=yes - tags: ntp diff --git a/lamp_simple_rhel7/roles/common/templates/ntp.conf.j2 b/lamp_simple_rhel7/roles/common/templates/ntp.conf.j2 deleted file mode 100644 index 6336c2e..0000000 --- a/lamp_simple_rhel7/roles/common/templates/ntp.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ - -driftfile /var/lib/ntp/drift - -restrict 127.0.0.1 -restrict -6 ::1 - -server {{ ntpserver }} - -includefile /etc/ntp/crypto/pw - -keys /etc/ntp/keys - diff --git a/lamp_simple_rhel7/roles/db/handlers/main.yml b/lamp_simple_rhel7/roles/db/handlers/main.yml deleted file mode 100644 index 37c0683..0000000 --- a/lamp_simple_rhel7/roles/db/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# Handler to handle DB tier notifications - -- name: restart mariadb - service: name=mariadb state=restarted diff --git a/lamp_simple_rhel7/roles/db/tasks/main.yml b/lamp_simple_rhel7/roles/db/tasks/main.yml deleted file mode 100644 index b66a28a..0000000 --- a/lamp_simple_rhel7/roles/db/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# This playbook will install MariaDB and create db user and give permissions. - -- name: Install MariaDB package - yum: name={{ item }} state=installed - with_items: - - mariadb-server - - MySQL-python - - libselinux-python - - libsemanage-python - -- name: Configure SELinux to start mysql on any port - seboolean: name=mysql_connect_any state=true persistent=yes - -- name: Create Mysql configuration file - template: src=my.cnf.j2 dest=/etc/my.cnf - notify: - - restart mariadb - -- name: Create MariaDB log file - file: path=/var/log/mysqld.log state=touch owner=mysql group=mysql mode=0775 - -- name: Create MariaDB PID directory - file: path=/var/run/mysqld state=directory owner=mysql group=mysql mode=0775 - -- name: Start MariaDB Service - service: name=mariadb state=started enabled=yes - -- name: insert firewalld rule - firewalld: port={{ mysql_port }}/tcp permanent=true state=enabled immediate=yes - -- name: Create Application Database - mysql_db: name={{ dbname }} state=present - -- name: Create Application DB User - mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present diff --git a/lamp_simple_rhel7/roles/db/templates/my.cnf.j2 b/lamp_simple_rhel7/roles/db/templates/my.cnf.j2 deleted file mode 100644 index 3944d06..0000000 --- a/lamp_simple_rhel7/roles/db/templates/my.cnf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[mysqld] -datadir=/var/lib/mysql -socket=/var/lib/mysql/mysql.sock -user=mysql -# Disabling symbolic-links is recommended to prevent assorted security risks -symbolic-links=0 -port={{ mysql_port }} - -[mysqld_safe] -log-error=/var/log/mysqld.log -pid-file=/var/run/mysqld/mysqld.pid diff --git a/lamp_simple_rhel7/roles/web/tasks/copy_code.yml b/lamp_simple_rhel7/roles/web/tasks/copy_code.yml deleted file mode 100644 index c9d4781..0000000 --- a/lamp_simple_rhel7/roles/web/tasks/copy_code.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# These tasks are responsible for copying the latest dev/production code from -# the version control system. - -- name: Copy the code from repository - git: repo={{ repository }} dest=/var/www/html/ - -- name: Creates the index.php file - template: src=index.php.j2 dest=/var/www/html/index.php diff --git a/lamp_simple_rhel7/roles/web/tasks/install_httpd.yml b/lamp_simple_rhel7/roles/web/tasks/install_httpd.yml deleted file mode 100644 index a0fe65f..0000000 --- a/lamp_simple_rhel7/roles/web/tasks/install_httpd.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# These tasks install http and the php modules. - -- name: Install http and php etc - yum: name={{ item }} state=present - with_items: - - httpd - - php - - php-mysql - - git - - libsemanage-python - - libselinux-python - -- name: insert firewalld rule for httpd - firewalld: port={{ httpd_port }}/tcp permanent=true state=enabled immediate=yes - -- name: http service state - service: name=httpd state=started enabled=yes - -- name: Configure SELinux to allow httpd to connect to remote database - seboolean: name=httpd_can_network_connect_db state=true persistent=yes diff --git a/lamp_simple_rhel7/roles/web/tasks/main.yml b/lamp_simple_rhel7/roles/web/tasks/main.yml deleted file mode 100644 index 796842e..0000000 --- a/lamp_simple_rhel7/roles/web/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- include: install_httpd.yml -- include: copy_code.yml diff --git a/lamp_simple_rhel7/roles/web/templates/index.php.j2 b/lamp_simple_rhel7/roles/web/templates/index.php.j2 deleted file mode 100644 index 4d15afe..0000000 --- a/lamp_simple_rhel7/roles/web/templates/index.php.j2 +++ /dev/null @@ -1,24 +0,0 @@ - - - Ansible Application - - -
- Homepage -
-"; -echo "List of Databases:
"; - {% for host in groups['dbservers'] %} - $link = mysqli_connect('{{ hostvars[host].ansible_default_ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysqli_connect_error($link)); - {% endfor %} - $res = mysqli_query($link, "SHOW DATABASES;"); - while ($row = mysqli_fetch_assoc($res)) { - echo $row['Database'] . "\n"; - } -?> - - - diff --git a/lamp_simple_rhel7/site.yml b/lamp_simple_rhel7/site.yml deleted file mode 100644 index f395725..0000000 --- a/lamp_simple_rhel7/site.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# This playbook deploys the whole application stack in this site. - -- name: apply common configuration to all nodes - hosts: all - remote_user: root - - roles: - - common - -- name: configure and deploy the webservers and application code - hosts: webservers - remote_user: root - - roles: - - web - -- name: deploy MySQL and configure the databases - hosts: dbservers - remote_user: root - - roles: - - db diff --git a/lemp-rhel7/group_vars/all b/lemp-rhel7/group_vars/all index 748ce16..e07589c 100644 --- a/lemp-rhel7/group_vars/all +++ b/lemp-rhel7/group_vars/all @@ -26,3 +26,12 @@ auto_up_disable: false # false = Development, minor, and major updates are all disabled # minor = Minor updates are enabled, development, and major updates are disabled core_update_level: true + +# Defines PHP values +php_enablerepo: "remi-php70" + +# PHP-FPM configuration. +php_enable_php_fpm: fals + +php_apc_shm_size: "96M" +php_date_timezone: "Australia/Melbourne" diff --git a/lemp-rhel7/roles/ansible-role-php/.travis.yml b/lemp-rhel7/roles/ansible-role-php/.travis.yml new file mode 100755 index 0000000..0fe9aae --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/.travis.yml @@ -0,0 +1,84 @@ +--- +sudo: required + +env: + # Only test source install on latest supported OSes. + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + SITE: source + PHP_VERSION: 7.0.5 + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + SITE: source + PHP_VERSION: 7.0.5 + + # Test package install on all supported OSes. + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + SITE: package + PHP_VERSION: 7.0 + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + SITE: package + PHP_VERSION: 7.0 + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + SITE: package + PHP_VERSION: 5.6 + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + # Install dependencies. + - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml --syntax-check' + + # Test role. + - 'travis_wait 30 sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Ensure PHP is installed and at the right version. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm which php' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm test -x /usr/bin/php' + + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm php --version' + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm /usr/bin/php --version | grep -qF "PHP $PHP_VERSION"' + + # Ensure PHP configurations have taken effect. + - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm php -i | grep 'memory_limit.*192' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/lemp-rhel7/roles/ansible-role-php/README.md b/lemp-rhel7/roles/ansible-role-php/README.md new file mode 100755 index 0000000..9bdd4e3 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/README.md @@ -0,0 +1,204 @@ +# Ansible Role: PHP + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php) + +Installs PHP on RedHat/CentOS and Debian/Ubuntu servers. + +## Requirements + +If you're using an older LTS release of Ubuntu or RHEL, with an old/outdated version of PHP, you need to use a repo or PPA with a maintained PHP version, as this role only works with [PHP versions that are currently supported](http://php.net/supported-versions.php) by the PHP community. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + php_packages: [] + +A list of the PHP packages to install (OS-specific by default). You'll likely want to install common packages like `php`, `php-cli`, `php-devel` and `php-pdo`, and you can add in whatever other packages you'd like (for example, `php-gd` for image manipulation, or `php-ldap` if you need to connect to an LDAP server for authentication). + +_Note: If you're using Debian/Ubuntu, you also need to install `libapache2-mod-fastcgi` (for cgi/PHP-FPM) or `libapache2-mod-php7.0` (or a similar package depending on PHP version) if you want to use `mod_php` with Apache._ + + php_enable_webserver: true + +If your usage of PHP is tied to a web server (e.g. Apache or Nginx), leave this default value. If you are using PHP server-side or to run some small application, set this value to `false` so this role doesn't attempt to interact with a web server. + + php_webserver_daemon: "httpd" + +The default values for the HTTP server deamon are `httpd` (used by Apache) for RedHat/CentOS, or `apache2` (also used by Apache) for Debian/Ubuntu. If you are running another webserver (for example, `nginx`), change this value to the name of the daemon under which the webserver runs. + + php_enablerepo: "" + +(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi)), those repositories can be listed under this variable (e.g. `remi-php70,epel`). This can be handy, as an example, if you want to install the latest version of PHP 7.0, which is in the Remi repository. + + php_packages_state: "installed" + +If you have enabled any additional repositories such as [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to swap PHP versions on the fly. By default, this is set to 'installed'. You can now override this variable to 'latest'. Combined with php_enablerepo, a user now doesn't need to manually uninstall the existing PHP packages before installing them from a different repository. + + php_executable: "php" + +The executable to run when calling PHP from the command line. You should only change this if running `php` on your server doesn't target the correct executable, or if you're using software collections on RHEL/CentOS and need to target a different version of PHP. + +### PHP-FPM + +PHP-FPM is a simple and robust FastCGI Process Manager for PHP. It can dramatically ease scaling of PHP apps and is the normal way of running PHP-based sites and apps when using a webserver like Nginx (though it can be used with other webservers just as easily). + +When using this role with PHP running as `php-fpm` instead of as a process inside a webserver (e.g. Apache's `mod_php`), you need to set the following variable to `true`: + + php_enable_php_fpm: false + +If you're using Apache, you can easily get it configured to work with PHP-FPM using the [geerlingguy.apache-php-fpm](https://github.com/geerlingguy/ansible-role-apache-php-fpm) role. + + php_fpm_listen: "127.0.0.1:9000" + php_fpm_listen_allowed_clients: "127.0.0.1" + php_fpm_pm_max_children: 50 + php_fpm_pm_start_servers: 5 + php_fpm_pm_min_spare_servers: 5 + php_fpm_pm_max_spare_servers: 5 + +Specific settings inside the default `www.conf` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template or using `lineinfile` like this role does inside `tasks/configure.yml`. + +### php.ini settings + + php_use_managed_ini: true + +By default, all the extra defaults below are applied through the php.ini included with this role. You can self-manage your php.ini file (if you need more flexility in its configuration) by setting this to `false` (in which case all the below variables will be ignored). + + php_memory_limit: "256M" + php_max_execution_time: "60" + php_max_input_time: "60" + php_max_input_vars: "1000" + php_realpath_cache_size: "32K" + php_upload_max_filesize: "64M" + php_post_max_size: "32M" + php_date_timezone: "America/Chicago" + php_allow_url_fopen: "On" + php_sendmail_path: "/usr/sbin/sendmail -t -i" + php_output_buffering: "4096" + php_short_open_tag: false + php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" + php_display_errors: "Off" + php_display_startup_errors: "On" + php_expose_php: "On" + php_session_cookie_lifetime: 0 + php_session_gc_probability: 1 + php_session_gc_divisor: 1000 + php_session_gc_maxlifetime: 1440 + php_session_save_handler: files + php_session_save_path: '' + +Various defaults for PHP. Only used if `php_use_managed_ini` is set to `true`. + +### OpCache-related Variables + +The OpCache is included in PHP starting in version 5.5, and the following variables will only take effect if the version of PHP you have installed is 5.5 or greater. + + php_opcache_enable: "1" + php_opcache_enable_cli: "0" + php_opcache_memory_consumption: "96" + php_opcache_interned_strings_buffer: "16" + php_opcache_max_accelerated_files: "4096" + php_opcache_max_wasted_percentage: "5" + php_opcache_validate_timestamps: "1" + php_opcache_revalidate_path: "0" + php_opcache_revalidate_freq: "2" + php_opcache_max_file_size: "0" + +OpCache ini directives that are often customized on a system. Make sure you have enough memory and file slots allocated in the OpCache (`php_opcache_memory_consumption`, in MB, and `php_opcache_max_accelerated_files`) to contain all the PHP code you are running. If not, you may get less-than-optimal performance! + + php_opcache_conf_filename: [platform-specific] + +The platform-specific opcache configuration filename. Generally the default should work, but in some cases, you may need to override the filename. + +### APCu-related Variables + + php_enable_apc: true + +Whether to enable APCu. Other APCu variables will be ineffective if this is set to false. + + php_apc_shm_size: "96M" + php_apc_enable_cli: "0" + +APCu ini directives that are often customized on a system. Set the `php_apc_shm_size` so it will hold all cache entries in memory with a little overhead (fragmentation or APC running out of memory will slow down PHP *dramatically*). + + php_apc_conf_filename: [platform-specific] + +The platform-specific APC configuration filename. Generally the default should work, but in some cases, you may need to override the filename. + +#### Ensuring APC is installed + +If you use APC, you will need to make sure APC is installed (it is installed by default, but if you customize the `php_packages` list, you need to include APC in the list): + + - *On RHEL/CentOS systems*: Make sure `php-pecl-apcu` is in the list of `php_packages`. + - *On Debian/Ubuntu systems*: Make sure `php-apcu` is in the list of `php_packages`. + +### Installing from Source + +If you need a specific version of PHP, or would like to test the latest (e.g. master) version of PHP, there's a good chance there's no suitable package already available in your platform's package manager. In these cases, you may choose to install PHP from source by compiling it directly. + +Note that source compilation takes *much* longer than installing from packages (PHP HEAD takes 5+ minutes to compile on a modern quad-core computer, just as a point of reference). + + php_install_from_source: false + +Set this to `true` to install PHP from source instead of installing from packages. + + php_source_version: "master" + +The version of PHP to install from source (a git branch, tag, or commit hash). + + php_source_clone_dir: "~/php-src" + php_source_install_path: "/opt/php" + php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" + +Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific). + + php_source_make_command: "make" + +Set the `make` command to `make --jobs=X` where `X` is the number of cores present on the server where PHP is being compiled. Will speed up compilation times dramatically if you have multiple cores. + + php_source_configure_command: > + [...] + +The `./configure` command that will build the Makefile to be used for PHP compilation. Add in all the options you need for your particular environment. Using a folded scalar (`>`) allows you to define the variable over multiple lines, which is extremely helpful for legibility and source control! + +A few other notes/caveats for specific configurations: + + - **Apache with `mpm_prefork`**: If you're using Apache with prefork as a webserver for PHP, you will need to make sure `apxs2` is available on your system (e.g. by installing `apache2-prefork-dev` in Ubuntu), and you will need to make sure the option `--with-apxs2` is defined in `php_source_configure_command`. Finally, you will need to make sure the `mpm_prefork` module is loaded instead of `mpm_worker` or `mpm_event`, and likely add a `phpX.conf` (where `X` is the major version of PHP) configuration file to the Apache module config folder with contents like [`php7.conf`](https://gist.github.com/geerlingguy/5ae5445f28e71264e8c1). + - **Apache with `mpm_event` or `mpm_worker`**: If you're using Apache with event or worker as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. You'll also need to make sure Apache's support for CGI and event is installed (e.g. by installing `apache2-mpm-event` and `libapache2-mod-fastcgi`) and the `mpm_event` module is loaded. + - **Nginx**: If you're using Nginx as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.php } + +*Inside `vars/main.yml`*: + + php_memory_limit: "128M" + php_max_execution_time: "90" + php_upload_max_filesize: "256M" + php_packages: + - php + - php-cli + - php-common + - php-devel + - php-gd + - php-mbstring + - php-pdo + - php-pecl-apcu + - php-xml + ... + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/lemp-rhel7/roles/ansible-role-php/defaults/main.yml b/lemp-rhel7/roles/ansible-role-php/defaults/main.yml new file mode 100755 index 0000000..d236638 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/defaults/main.yml @@ -0,0 +1,115 @@ +--- +# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). +php_enablerepo: "" + +# State that the system package installer should use for PHP the enabled repo (e.g. "installed,latest") +php_packages_state: installed + +# Set this to false if you're not using PHP with Apache/Nginx/etc. +php_enable_webserver: true + +# PHP-FPM configuration. +php_enable_php_fpm: false +php_fpm_listen: "127.0.0.1:9000" +php_fpm_listen_allowed_clients: "127.0.0.1" +php_fpm_pm_max_children: 50 +php_fpm_pm_start_servers: 5 +php_fpm_pm_min_spare_servers: 5 +php_fpm_pm_max_spare_servers: 5 + +# The executable to run when calling PHP from the command line. +php_executable: "php" + +# OpCache settings (useful for PHP >=5.5). +php_opcache_enable: "1" +php_opcache_enable_cli: "0" +php_opcache_memory_consumption: "96" +php_opcache_interned_strings_buffer: "16" +php_opcache_max_accelerated_files: "4096" +php_opcache_max_wasted_percentage: "5" +php_opcache_validate_timestamps: "1" +php_opcache_revalidate_path: "0" +php_opcache_revalidate_freq: "2" +php_opcache_max_file_size: "0" +php_opcache_blacklist_filename: "" + +# APCu settings. +php_enable_apc: true +php_apc_shm_size: "96M" +php_apc_enable_cli: "0" + +# If this is set to false, none of the following options will have any effect. +# Any and all changes to /etc/php.ini will be your responsibility. +php_use_managed_ini: true + +php_expose_php: "On" +php_memory_limit: "256M" +php_max_execution_time: "60" +php_max_input_time: "60" +php_max_input_vars: "1000" +php_realpath_cache_size: "32K" +php_upload_max_filesize: "64M" +php_post_max_size: "32M" +php_date_timezone: "America/Chicago" +php_allow_url_fopen: "On" + +php_sendmail_path: "/usr/sbin/sendmail -t -i" +php_output_buffering: "4096" +php_short_open_tag: false + +php_session_cookie_lifetime: 0 +php_session_gc_probability: 1 +php_session_gc_divisor: 1000 +php_session_gc_maxlifetime: 1440 +php_session_save_handler: files +php_session_save_path: '' + +php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" +php_display_errors: "Off" +php_display_startup_errors: "Off" + +# Install PHP from source (instead of using a package manager) with these vars. +php_install_from_source: false +php_source_version: "master" +php_source_clone_dir: "~/php-src" +php_source_install_path: "/opt/php" +php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" +# For faster compile time: "make --jobs=X" where X is # of cores present. +php_source_make_command: "make" +php_source_configure_command: > + ./configure + --prefix={{ php_source_install_path }} + --with-config-file-path={{ php_conf_paths | first }} + --enable-mbstring + --enable-zip + --enable-bcmath + --enable-pcntl + --enable-ftp + --enable-exif + --enable-calendar + --enable-opcache + --enable-pdo + --enable-sysvmsg + --enable-sysvsem + --enable-sysvshm + --enable-wddx + --with-curl + --with-mcrypt + --with-iconv + --with-gmp + --with-pspell + --with-gd + --with-jpeg-dir=/usr + --with-png-dir=/usr + --with-zlib-dir=/usr + --with-xpm-dir=/usr + --with-freetype-dir=/usr + --enable-gd-native-ttf + --enable-gd-jis-conv + --with-openssl + --with-pdo-mysql=/usr + --with-gettext=/usr + --with-zlib=/usr + --with-bz2=/usr + --with-recode=/usr + --with-mysqli=/usr/bin/mysql_config diff --git a/lemp-rhel7/roles/ansible-role-php/handlers/main.yml b/lemp-rhel7/roles/ansible-role-php/handlers/main.yml new file mode 100755 index 0000000..454476d --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: restart webserver + service: + name: "{{ php_webserver_daemon }}" + state: restarted + notify: restart php-fpm + when: php_enable_webserver + +- name: restart php-fpm + service: + name: "{{ php_fpm_daemon }}" + state: restarted + when: php_enable_php_fpm diff --git a/lemp-rhel7/roles/ansible-role-php/meta/main.yml b/lemp-rhel7/roles/ansible-role-php/meta/main.yml new file mode 100755 index 0000000..0778cae --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/meta/main.yml @@ -0,0 +1,23 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: PHP for RedHat/CentOS/Debian/Ubuntu. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - development + - web diff --git a/lemp-rhel7/roles/ansible-role-php/tasks/configure-apcu.yml b/lemp-rhel7/roles/ansible-role-php/tasks/configure-apcu.yml new file mode 100755 index 0000000..5a3badb --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tasks/configure-apcu.yml @@ -0,0 +1,37 @@ +--- +- name: Check for existing APCu config files. + find: + paths: "{{ item }}" + contains: 'extension(\s+)?=(\s+)?apc[u]?\.so' + register: php_installed_apc_confs + with_items: "{{ php_extension_conf_paths }}" + +- name: Remove any non-role-supplied APCu config files. + file: + path: "{{ item.1.path }}" + state: absent + when: php_apc_conf_filename != (item.1.path.split('/') | last) + with_subelements: + - "{{ php_installed_apc_confs.results }}" + - files + notify: restart webserver + +- name: Ensure APCu config file is present. + template: + src: apc.ini.j2 + dest: "{{ item }}/{{ php_apc_conf_filename }}" + owner: root + group: root + force: yes + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + when: php_enable_apc + notify: restart webserver + +- name: Remove APCu config file if APC is disabled. + file: + path: "{{ item }}/{{ php_apc_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: not php_enable_apc + notify: restart webserver diff --git a/lemp-rhel7/roles/ansible-role-php/tasks/configure-fpm.yml b/lemp-rhel7/roles/ansible-role-php/tasks/configure-fpm.yml new file mode 100755 index 0000000..e2e360f --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tasks/configure-fpm.yml @@ -0,0 +1,72 @@ +--- +- name: Define php_fpm_daemon. + set_fact: + php_fpm_daemon: "{{ __php_fpm_daemon }}" + when: php_fpm_daemon is not defined + +- name: Define php_fpm_pool_conf_path. + set_fact: + php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}" + when: php_fpm_pool_conf_path is not defined + +- name: Define php_fpm_pool_user. + set_fact: + php_fpm_pool_user: "{{ __php_fpm_pool_user }}" + when: php_fpm_pool_user is not defined + +- name: Define php_fpm_pool_group. + set_fact: + php_fpm_pool_group: "{{ __php_fpm_pool_group }}" + when: php_fpm_pool_group is not defined + +- name: Stat php_fpm_pool_conf_path + stat: + path: "{{ php_fpm_pool_conf_path | dirname }}" + register: php_fpm_pool_conf_path_dir_stat + +- name: Ensure the default pool directory exists. + file: + path: "{{ php_fpm_pool_conf_path | dirname }}" + state: directory + owner: root + group: root + mode: 0755 + when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined + +- name: Ensure the default pool exists. + template: + src: www.conf.j2 + dest: "{{ php_fpm_pool_conf_path }}" + owner: root + group: root + mode: 0644 + force: no + +- name: Configure php-fpm pool (if enabled). + lineinfile: + dest: "{{ php_fpm_pool_conf_path }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: + - regexp: "^listen.?=.+$" + line: "listen = {{ php_fpm_listen }}" + - regexp: '^listen\.allowed_clients.?=.+$' + line: "listen.allowed_clients = {{ php_fpm_listen_allowed_clients }}" + - regexp: '^pm\.max_children.?=.+$' + line: "pm.max_children = {{ php_fpm_pm_max_children }}" + - regexp: '^pm\.start_servers.?=.+$' + line: "pm.start_servers = {{ php_fpm_pm_start_servers }}" + - regexp: '^pm\.min_spare_servers.?=.+$' + line: "pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }}" + - regexp: '^pm\.max_spare_servers.?=.+$' + line: "pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }}" + when: php_enable_php_fpm + notify: restart php-fpm + +- name: Ensure php-fpm is started and enabled at boot (if configured). + service: + name: "{{ php_fpm_daemon }}" + state: started + enabled: yes + when: php_enable_php_fpm diff --git a/lemp-rhel7/roles/ansible-role-php/tasks/configure-opcache.yml b/lemp-rhel7/roles/ansible-role-php/tasks/configure-opcache.yml new file mode 100755 index 0000000..cd02e3f --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tasks/configure-opcache.yml @@ -0,0 +1,37 @@ +--- +- name: Check for existing OpCache config files. + find: + paths: "{{ item }}" + contains: 'zend_extension(\s+)?=(\s+)?opcache\.so' + register: php_installed_opcache_confs + with_items: "{{ php_extension_conf_paths }}" + +- name: Remove any non-role-supplied OpCache config files. + file: + path: "{{ item.1.path }}" + state: absent + when: php_opcache_conf_filename != (item.1.path.split('/') | last) + with_subelements: + - "{{ php_installed_opcache_confs.results }}" + - files + notify: restart webserver + +- name: Ensure OpCache config file is present. + template: + src: opcache.ini.j2 + dest: "{{ item }}/{{ php_opcache_conf_filename }}" + owner: root + group: root + force: yes + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + when: php_opcache_enable + notify: restart webserver + +- name: Remove OpCache config file if OpCache is disabled. + file: + path: "{{ item }}/{{ php_opcache_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: not php_opcache_enable + notify: restart webserver diff --git a/lemp-rhel7/roles/ansible-role-php/tasks/configure.yml b/lemp-rhel7/roles/ansible-role-php/tasks/configure.yml new file mode 100755 index 0000000..f4fa94c --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tasks/configure.yml @@ -0,0 +1,20 @@ +--- +- name: Ensure configuration directories exist. + file: + path: "{{ item }}" + state: directory + follow: true + with_flattened: + - "{{ php_conf_paths }}" + - "{{ php_extension_conf_paths }}" + +- name: Place PHP configuration file in place. + template: + src: php.ini.j2 + dest: "{{ item }}/php.ini" + owner: root + group: root + mode: 0644 + with_items: "{{ php_conf_paths }}" + notify: restart webserver + when: php_use_managed_ini diff --git a/lemp-rhel7/roles/ansible-role-php/tasks/install-from-source.yml b/lemp-rhel7/roles/ansible-role-php/tasks/install-from-source.yml new file mode 100755 index 0000000..83a52a3 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tasks/install-from-source.yml @@ -0,0 +1,150 @@ +--- +- name: Ensure dependencies for building from source are installed (RedHat). + yum: "pkg={{ item }} state=installed" + with_items: + - autoconf + - automake + - libtool + - bison + - make + - curl-devel + - recode-devel + - aspell-devel + - libxml2-devel + - pkgconfig + - libmcrypt-devel + - t1lib-devel + - libXpm-devel + - libpng-devel + - libjpeg-turbo-devel + - bzip2-devel + - openssl-devel + - freetype-devel + - libicu-devel + - mariadb-devel + - gmp-devel + when: ansible_os_family == 'RedHat' + +- name: Update apt cache (Debian). + apt: update_cache=yes cache_valid_time=86400 + when: ansible_os_family == 'Debian' + +- name: Ensure dependencies for building from source are installed (Debian). + apt: "pkg={{ item }} state=installed" + with_items: + - build-essential + - autoconf + - automake + - libtool + - bison + - pkg-config + - re2c + - libxml2-dev + - libcurl4-openssl-dev + - libbz2-dev + - libjpeg-dev + - libpng12-dev + - libxpm-dev + - libfreetype6-dev + - libgmp3-dev + - libmcrypt-dev + - libmysqlclient-dev + - libpspell-dev + - librecode-dev + - libssl-dev + when: ansible_os_family == 'Debian' + +- name: Define php_fpm_daemon (if not defined already). + set_fact: + php_fpm_daemon: "php-fpm" + when: php_fpm_daemon is not defined + +- name: Check if gmp.h is already in a location accessible to gcc. + stat: path=/usr/include/gmp.h + register: gmp_file + +- name: Ensure gmp.h is symlinked into a location accessible to gcc. + file: + src: "{{ php_source_install_gmp_path }}" + dest: /usr/include/gmp.h + state: link + when: gmp_file.stat.exists == false + +- name: Check if PHP is installed. + command: which php + changed_when: false + failed_when: false + register: php_installed + +- name: Clone the PHP repository. + git: + repo: https://git.php.net/repository/php-src.git + dest: "{{ php_source_clone_dir }}" + version: "{{ php_source_version }}" + accept_hostkey: yes + depth: 1 + when: php_installed|failed + +- name: Ensure PHP installation path exists. + file: + path: "{{ php_source_install_path }}" + state: directory + mode: 0755 + when: php_installed|failed + +- name: Build configure script. + shell: > + ./buildconf --force + chdir={{ php_source_clone_dir }} + when: php_installed|failed + +- name: Run configure script. + shell: > + {{ php_source_configure_command }} + chdir={{ php_source_clone_dir }} + when: php_installed|failed + +- name: Make and install PHP. + shell: > + {{ item }} + chdir={{ php_source_clone_dir }} + with_items: + - "{{ php_source_make_command }}" + - make install + when: php_installed|failed + +- name: Ensure php executable is symlinked into a standard path. + file: + src: "{{ php_source_install_path }}/bin/php" + dest: /usr/bin/php + state: link + +# PHP FPM configuration. +- name: Ensure php-fpm executable is symlinked into a standard path. + file: + src: "{{ php_source_install_path }}/sbin/php-fpm" + dest: "/usr/sbin/{{ php_fpm_daemon }}" + state: link + when: "'--enable-fpm' in php_source_configure_command" + +- name: Ensure php-fpm init script is installed. + template: + src: fpm-init.j2 + dest: "/etc/init.d/{{ php_fpm_daemon }}" + mode: 0755 + when: "'--enable-fpm' in php_source_configure_command" + notify: restart php-fpm + +- name: Ensure php-fpm config directory exists. + file: + path: "{{ php_fpm_conf_path }}" + state: directory + when: "'--enable-fpm' in php_source_configure_command" + +- name: Ensure php-fpm config file is installed. + template: + src: php-fpm.conf.j2 + dest: "{{ php_fpm_conf_path }}/php-fpm.conf" + mode: 0644 + when: "'--enable-fpm' in php_source_configure_command" + notify: restart php-fpm diff --git a/lemp-rhel7/roles/ansible-role-php/tasks/main.yml b/lemp-rhel7/roles/ansible-role-php/tasks/main.yml new file mode 100755 index 0000000..1e82cee --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tasks/main.yml @@ -0,0 +1,61 @@ +--- +# Variable setup. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define php_packages. + set_fact: + php_packages: "{{ __php_packages | list }}" + when: php_packages is not defined + +- name: Define php_webserver_daemon. + set_fact: + php_webserver_daemon: "{{ __php_webserver_daemon }}" + when: php_webserver_daemon is not defined + +- name: Define php_conf_paths. + set_fact: + php_conf_paths: "{{ __php_conf_paths }}" + when: php_conf_paths is not defined + +- name: Define php_extension_conf_paths. + set_fact: + php_extension_conf_paths: "{{ __php_extension_conf_paths }}" + when: php_extension_conf_paths is not defined + +- name: Define php_apc_conf_filename. + set_fact: + php_apc_conf_filename: "{{ __php_apc_conf_filename }}" + when: php_apc_conf_filename is not defined + +- name: Define php_opcache_conf_filename (Ubuntu 16.04). + set_fact: + php_opcache_conf_filename: "10-opcache.ini" + when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04" + +- name: Define php_opcache_conf_filename. + set_fact: + php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}" + when: php_opcache_conf_filename is not defined + +- name: Define php_fpm_conf_path. + set_fact: + php_fpm_conf_path: "{{ __php_fpm_conf_path }}" + when: php_fpm_conf_path is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: (php_install_from_source == false) and (ansible_os_family == 'RedHat') + +- include: setup-Debian.yml + when: (php_install_from_source == false) and (ansible_os_family == 'Debian') + +# Install PHP from source when php_install_from_source is true. +- include: install-from-source.yml + when: php_install_from_source == true + +# Configure PHP. +- include: configure.yml +- include: configure-apcu.yml +- include: configure-opcache.yml +- include: configure-fpm.yml diff --git a/lemp-rhel7/roles/ansible-role-php/tasks/setup-Debian.yml b/lemp-rhel7/roles/ansible-role-php/tasks/setup-Debian.yml new file mode 100755 index 0000000..f77278a --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tasks/setup-Debian.yml @@ -0,0 +1,27 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Ensure PHP packages are installed. + apt: + name: "{{ item }}" + state: "{{ php_packages_state }}" + with_items: "{{ php_packages }}" + register: php_package_install + notify: restart webserver + +- name: Delete APCu configuration file if this role will provide one. + file: + path: "{{ item }}/{{ php_apc_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: php_enable_apc and php_package_install.changed + notify: restart webserver + +- name: Delete OpCache configuration file if this role will provide one. + file: + path: "{{ item }}/{{ php_opcache_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: php_opcache_enable and php_package_install.changed + notify: restart webserver diff --git a/lemp-rhel7/roles/ansible-role-php/tasks/setup-RedHat.yml b/lemp-rhel7/roles/ansible-role-php/tasks/setup-RedHat.yml new file mode 100755 index 0000000..6cfde8c --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tasks/setup-RedHat.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure PHP packages are installed. + yum: + name: "{{ item }}" + state: "{{ php_packages_state }}" + enablerepo: "{{ php_enablerepo }}" + with_items: "{{ php_packages }}" + notify: restart webserver diff --git a/lemp-rhel7/roles/ansible-role-php/templates/apc.ini.j2 b/lemp-rhel7/roles/ansible-role-php/templates/apc.ini.j2 new file mode 100755 index 0000000..1fec9b1 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/templates/apc.ini.j2 @@ -0,0 +1,5 @@ +extension=apcu.so +extension=apc.so +apc.shm_size={{ php_apc_shm_size }} +apc.enable_cli={{ php_apc_enable_cli }} +apc.rfc1867=1 diff --git a/lemp-rhel7/roles/ansible-role-php/templates/fpm-init.j2 b/lemp-rhel7/roles/ansible-role-php/templates/fpm-init.j2 new file mode 100755 index 0000000..4d6a6d5 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/templates/fpm-init.j2 @@ -0,0 +1,170 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: php-fpm {{ php_fpm_daemon }} +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts {{ php_fpm_daemon }} +# Description: Starts The PHP FastCGI Process Manager Daemon +### END INIT INFO + +# Author: Ondrej Sury + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="PHP FastCGI Process Manager" +NAME={{ php_fpm_daemon }} +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf" +PIDFILE=/var/run/{{ php_fpm_daemon }}.pid +TIMEOUT=2 +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Don't run if we are running upstart +if init_is_upstart; then + exit 1 +fi + +# +# Function to check the correctness of the config file +# +do_check() +{ + /usr/lib/php5/php5-fpm-checkconf || return 1 + return 0 +} + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS 2>/dev/null \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + check) + do_check yes + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + reopen-logs) + log_daemon_msg "Reopening $DESC logs" $NAME + if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ + --pidfile $PIDFILE --exec $DAEMON + then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +: diff --git a/lemp-rhel7/roles/ansible-role-php/templates/opcache.ini.j2 b/lemp-rhel7/roles/ansible-role-php/templates/opcache.ini.j2 new file mode 100755 index 0000000..f60fb89 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/templates/opcache.ini.j2 @@ -0,0 +1,14 @@ +zend_extension=opcache.so +opcache.enable={{ php_opcache_enable }} +opcache.enable_cli={{ php_opcache_enable_cli }} +opcache.memory_consumption={{ php_opcache_memory_consumption }} +opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }} +opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }} +opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }} +opcache.validate_timestamps={{ php_opcache_validate_timestamps }} +opcache.revalidate_path={{ php_opcache_revalidate_path }} +opcache.revalidate_freq={{ php_opcache_revalidate_freq }} +opcache.max_file_size={{ php_opcache_max_file_size }} +{% if php_opcache_blacklist_filename != '' %} +opcache.blacklist_filename={{ php_opcache_blacklist_filename }} +{% endif %} diff --git a/lemp-rhel7/roles/ansible-role-php/templates/php-fpm.conf.j2 b/lemp-rhel7/roles/ansible-role-php/templates/php-fpm.conf.j2 new file mode 100755 index 0000000..12b277f --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/templates/php-fpm.conf.j2 @@ -0,0 +1,12 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +include={{ php_fpm_conf_path }}/pool.d/*.conf + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +error_log = /var/log/php-fpm.log diff --git a/lemp-rhel7/roles/ansible-role-php/templates/php.ini.j2 b/lemp-rhel7/roles/ansible-role-php/templates/php.ini.j2 new file mode 100755 index 0000000..d6ad9df --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/templates/php.ini.j2 @@ -0,0 +1,225 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +engine = On +short_open_tag = {{ php_short_open_tag }} +asp_tags = Off +precision = 14 +output_buffering = {{ php_output_buffering }} + +zlib.output_compression = Off + +implicit_flush = Off +unserialize_callback_func = +serialize_precision = 17 +disable_functions = +disable_classes = + +zend.enable_gc = On + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +expose_php = {{ php_expose_php }} + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +max_execution_time = {{ php_max_execution_time }} +max_input_time = {{ php_max_input_time }} +max_input_vars = {{ php_max_input_vars }} +memory_limit = {{ php_memory_limit }} + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +error_reporting = {{ php_error_reporting }} +display_errors = {{ php_display_errors }} +display_startup_errors = {{ php_display_startup_errors }} +log_errors = On +log_errors_max_len = 1024 +ignore_repeated_errors = Off +ignore_repeated_source = Off +report_memleaks = On +track_errors = Off +html_errors = On + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +auto_globals_jit = On + +post_max_size = {{ php_post_max_size }} +auto_prepend_file = +auto_append_file = + +default_mimetype = "text/html" +always_populate_raw_post_data = -1 + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +doc_root = +user_dir = + +enable_dl = Off + +realpath_cache_size = {{ php_realpath_cache_size }} + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +file_uploads = On +upload_max_filesize = {{ php_upload_max_filesize }} +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +allow_url_fopen = {{ php_allow_url_fopen }} +allow_url_include = Off + +default_socket_timeout = 60 + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +cli_server.color = On + +[Date] +date.timezone = {{ php_date_timezone }} + +[Pdo_mysql] +pdo_mysql.cache_size = 2000 +pdo_mysql.default_socket= + +[mail function] +; For Win32 only. +SMTP = localhost +smtp_port = 25 + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +sendmail_path = {{ php_sendmail_path }} + +mail.add_x_header = On + +[SQL] +sql.safe_mode = Off + +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 + +[MySQL] +mysql.allow_local_infile = On +mysql.allow_persistent = On +mysql.cache_size = 2000 +mysql.max_persistent = -1 +mysql.max_links = -1 +mysql.default_port = +mysql.default_socket = +mysql.default_host = +mysql.default_user = +mysql.default_password = +mysql.connect_timeout = 60 +mysql.trace_mode = Off + +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.cache_size = 2000 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off + +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[Session] +session.save_handler = {{ php_session_save_handler }} +session.save_path = {{ php_session_save_path }} +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 + +session.cookie_lifetime = {{ php_session_cookie_lifetime }} +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = + +session.serialize_handler = php + +session.gc_probability = {{ php_session_gc_probability }} +session.gc_divisor = {{ php_session_gc_divisor }} +session.gc_maxlifetime = {{ php_session_gc_maxlifetime }} + +session.bug_compat_42 = Off +session.bug_compat_warn = Off +session.referer_check = + +session.cache_limiter = nocache +session.cache_expire = 180 + +session.use_trans_sid = 0 + +session.hash_function = 0 +session.hash_bits_per_character = 5 + +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +[MSSQL] +mssql.allow_persistent = On +mssql.max_persistent = -1 +mssql.max_links = -1 +mssql.min_error_severity = 10 +mssql.min_message_severity = 10 +mssql.compatability_mode = Off +mssql.secure_connection = Off + +[Tidy] +tidy.clean_output = Off + +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 + +[ldap] +ldap.max_links = -1 diff --git a/lemp-rhel7/roles/ansible-role-php/templates/www.conf.j2 b/lemp-rhel7/roles/ansible-role-php/templates/www.conf.j2 new file mode 100755 index 0000000..aaab17a --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/templates/www.conf.j2 @@ -0,0 +1,12 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = {{ php_fpm_pool_user }} +group = {{ php_fpm_pool_group }} + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 5 +pm.max_requests = 500 diff --git a/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.centos-7 b/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.centos-7 new file mode 100755 index 0000000..8aa0654 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.ubuntu-12.04 b/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.ubuntu-12.04 new file mode 100755 index 0000000..d0c130c --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.ubuntu-14.04 b/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.ubuntu-14.04 new file mode 100755 index 0000000..ca33287 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/lemp-rhel7/roles/ansible-role-php/tests/inventory b/lemp-rhel7/roles/ansible-role-php/tests/inventory new file mode 100755 index 0000000..2fbb50c --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/lemp-rhel7/roles/ansible-role-php/tests/requirements.yml b/lemp-rhel7/roles/ansible-role-php/tests/requirements.yml new file mode 100755 index 0000000..711227a --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tests/requirements.yml @@ -0,0 +1,2 @@ +--- +- src: geerlingguy.repo-remi diff --git a/lemp-rhel7/roles/ansible-role-php/tests/test-package.yml b/lemp-rhel7/roles/ansible-role-php/tests/test-package.yml new file mode 100755 index 0000000..8e749e8 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tests/test-package.yml @@ -0,0 +1,27 @@ +--- +- hosts: all + + vars: + php_enable_webserver: false + php_memory_limit: "192M" + php_enablerepo: "remi,remi-php70" + + pre_tasks: + - include_vars: test-vars-ubuntu1204.yml + when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '12.04' + + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + - name: Add repository for PHP 7. + apt_repository: repo='ppa:ondrej/php' + when: ansible_distribution == 'Ubuntu' and ansible_distribution_version != '12.04' + + - name: Add repository for PHP 5.6. + apt_repository: repo='ppa:ondrej/php5-5.6' + when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '12.04' + + roles: + - { role: geerlingguy.repo-remi, when: ansible_os_family == 'RedHat' } + - role_under_test diff --git a/lemp-rhel7/roles/ansible-role-php/tests/test-source.yml b/lemp-rhel7/roles/ansible-role-php/tests/test-source.yml new file mode 100755 index 0000000..cac5349 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tests/test-source.yml @@ -0,0 +1,18 @@ +--- +- hosts: all + + vars: + php_enable_webserver: false + php_install_from_source: true + php_source_clone_dir: /root/php-src + php_source_make_command: "make --jobs=2" + php_source_version: "php-7.0.5" + php_memory_limit: "192M" + + pre_tasks: + - name: Ensure build dependencies are installed (RedHat). + yum: name=which state=present + when: ansible_os_family == 'RedHat' + + roles: + - role_under_test diff --git a/lemp-rhel7/roles/ansible-role-php/tests/test-vars-ubuntu1204.yml b/lemp-rhel7/roles/ansible-role-php/tests/test-vars-ubuntu1204.yml new file mode 100755 index 0000000..9fabcac --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/tests/test-vars-ubuntu1204.yml @@ -0,0 +1,23 @@ +--- +php_version: "5.6" +php_packages: + - php5 + - php5-mcrypt + - php5-cli + - php5-common + - php5-curl + - php5-dev + - php5-fpm + - php5-gd + - php-pear + - libpcre3-dev +php_conf_paths: + - /etc/php5/fpm + - /etc/php5/apache2 + - /etc/php5/cli +php_extension_conf_paths: + - /etc/php5/fpm/conf.d + - /etc/php5/apache2/conf.d + - /etc/php5/cli/conf.d +php_fpm_daemon: php5-fpm +php_fpm_conf_path: "/etc/php5/fpm" diff --git a/lemp-rhel7/roles/ansible-role-php/vars/Debian.yml b/lemp-rhel7/roles/ansible-role-php/vars/Debian.yml new file mode 100755 index 0000000..ae927c2 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/vars/Debian.yml @@ -0,0 +1,37 @@ +--- +__php_packages: + - php7.0-common + - php7.0-cli + - php7.0-dev + - php7.0-fpm + - libpcre3-dev + - php7.0-gd + - php7.0-curl + - php7.0-imap + - php7.0-json + - php7.0-opcache + - php7.0-xml + - php7.0-mbstring + - php-sqlite3 + - php-apcu +__php_webserver_daemon: "apache2" + +# Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode. +__php_conf_paths: + - /etc/php/7.0/fpm + - /etc/php/7.0/apache2 + - /etc/php/7.0/cli + +__php_extension_conf_paths: + - /etc/php/7.0/fpm/conf.d + - /etc/php/7.0/apache2/conf.d + - /etc/php/7.0/cli/conf.d + +__php_apc_conf_filename: 20-apcu.ini +__php_opcache_conf_filename: 05-opcache.ini +__php_fpm_daemon: php7.0-fpm +__php_fpm_conf_path: "/etc/php/7.0/fpm" +__php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf" + +__php_fpm_pool_user: www-data +__php_fpm_pool_group: www-data diff --git a/lemp-rhel7/roles/ansible-role-php/vars/RedHat.yml b/lemp-rhel7/roles/ansible-role-php/vars/RedHat.yml new file mode 100755 index 0000000..f17b982 --- /dev/null +++ b/lemp-rhel7/roles/ansible-role-php/vars/RedHat.yml @@ -0,0 +1,33 @@ +--- +__php_packages: + - php + - php-cli + - php-common + - php-devel + - php-fpm + - php-gd + - php-imap + - php-ldap + - php-mbstring + - php-opcache + - php-pdo + - php-pear + - php-pecl-apcu + - php-xml + - php-xmlrpc +__php_webserver_daemon: "httpd" + +__php_conf_paths: + - /etc + +__php_extension_conf_paths: + - /etc/php.d + +__php_apc_conf_filename: 50-apc.ini +__php_opcache_conf_filename: 10-opcache.ini +__php_fpm_daemon: php-fpm +__php_fpm_conf_path: "/etc/fpm" +__php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf" + +__php_fpm_pool_user: apache +__php_fpm_pool_group: apache