commit 67bc36d1f928e826f66439f0307afb9d2109fc5b
parent c4a5573ba83e76f5d4d701bf46f5d971f469a435
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 23 Feb 2021 17:40:26 +0100
parent c4a5573ba83e76f5d4d701bf46f5d971f469a435
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 23 Feb 2021 17:40:26 +0100
roles/php-fpm: add role
9 files changed, 437 insertions(+), 0 deletions(-)
A
|
126
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
105
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/roles/php-fpm/handlers/main.yml b/roles/php-fpm/handlers/main.yml @@ -0,0 +1,52 @@ +--- + +- name: "[Alpine] Check php{{ services.php_fpm.version | default(7) }}-fpm config for errors" + shell: php{{ services.php_fpm.version | default(7) }}-fpm -t + changed_when: True + when: + - ansible_service_mgr == "openrc" + listen: "Restart php-fpm" + +- name: "[Archlinux] Check php7-fpm config for errors" + shell: php7-fpm -t + changed_when: True + when: + - ansible_service_mgr == "systemd" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + listen: "Restart php-fpm" + +- name: "[Archlinux] Check php-fpm config for errors" + shell: php-fpm -t + changed_when: True + when: + - ansible_service_mgr == "systemd" + - services.php_fpm.version == 8 + listen: "Restart php-fpm" + + +- name: "[OpenRC] Restart service: php{{ services.php_fpm.version | default(7) }}-fpm (to deploy config changes)" + service: + name: php{{ services.php_fpm.version | default(7) }}-fpm + state: restarted + when: + - ansible_service_mgr == "openrc" + listen: "Restart php-fpm" + + +- name: "[systemd] Restart service: php7-fpm (to deploy config changes)" + systemd: + name: php7-fpm + state: restarted + when: + - ansible_service_mgr == "systemd" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + listen: "Restart php-fpm" + +- name: "[systemd] Restart service: php-fpm (to deploy config changes)" + systemd: + name: php-fpm + state: restarted + when: + - ansible_service_mgr == "systemd" + - services.php_fpm.version == 8 + listen: "Restart php-fpm"
diff --git a/roles/php-fpm/tasks/checks.yml b/roles/php-fpm/tasks/checks.yml @@ -0,0 +1,5 @@ +--- + +- fail: msg="Option 'services.php_fpm.version' has to be 7 or 8!" + when: + - services.php_fpm.version is defined and (services.php_fpm.version > 8 or services.php_fpm.version < 7)
diff --git a/roles/php-fpm/tasks/configure.yml b/roles/php-fpm/tasks/configure.yml @@ -0,0 +1,125 @@ +--- + +# alpine +- name: "[Alpine] Generate php-fpm listener configs" + template: + src: php-fpm-listener.conf.j2 + dest: /etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d/{{item.key}}.conf + owner: root + group: root + mode: 0644 + loop: "{{ lookup('dict', services.php_fpm.listeners, wantlist=True) }}" + register: php_fpm_deployed_configs + notify: "Restart php-fpm" + when: + - ansible_distribution == "Alpine" + - services.php_fpm.listeners is defined + +- name: "[Alpine] Collect files in directory: /etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d" + find: + path: "/etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d" + hidden: yes + register: php_fpm_found_files + check_mode: no + changed_when: false + when: + - ansible_distribution == "Alpine" + - services.php_fpm.listeners is defined + +- name: "[Alpine] Remove unmanaged files in directory: /etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d" + file: + path: "/etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d/{{ item.path | basename }}" + state: absent + with_items: + - "{{ php_fpm_found_files.files }}" + notify: "Restart php-fpm" + when: + - ansible_distribution == "Alpine" + - services.php_fpm.listeners is defined + - (item.path) not in ( php_fpm_deployed_configs | json_query('results[].invocation.module_args.dest') | default([]) ) + + + +# archlinux (php7) +- name: "[Archlinux] Generate php7-fpm listener configs" + template: + src: php-fpm-listener.conf.j2 + dest: /etc/php7/php-fpm.d/{{item.key}}.conf + owner: root + group: root + mode: 0644 + loop: "{{ lookup('dict', services.php_fpm.listeners, wantlist=True) }}" + register: php_fpm_deployed_configs + notify: "Restart php-fpm" + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + - services.php_fpm.listeners is defined + +- name: "[Archlinux] Collect files in directory: /etc/php7/php-fpm.d" + find: + path: "/etc/php7/php-fpm.d" + hidden: yes + register: php_fpm_found_files + check_mode: no + changed_when: false + when: + - ansible_distribution == "Alpine" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + - services.php_fpm.listeners is defined + +- name: "[Alpine] Remove unmanaged files in directory: /etc/php7/php-fpm.d" + file: + path: "/etc/php7/php-fpm.d/{{ item.path | basename }}" + state: absent + with_items: + - "{{ php_fpm_found_files.files }}" + notify: "Restart php-fpm" + when: + - ansible_distribution == "Alpine" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + - services.php_fpm.listeners is defined + - (item.path) not in ( php_fpm_deployed_configs | json_query('results[].invocation.module_args.dest') | default([]) ) + + + +# archlinux (php8) +- name: "[Archlinux] Generate php8-fpm listener configs" + template: + src: php-fpm-listener.conf.j2 + dest: /etc/php/php-fpm.d/{{item.key}}.conf + owner: root + group: root + mode: 0644 + loop: "{{ lookup('dict', services.php_fpm.listeners, wantlist=True) }}" + register: php_fpm_deployed_configs + notify: "Restart php-fpm" + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version == 8 + - services.php_fpm.listeners is defined + +- name: "[Archlinux] Collect files in directory: /etc/php/php-fpm.d" + find: + path: "/etc/php/php-fpm.d" + hidden: yes + register: php_fpm_found_files + check_mode: no + changed_when: false + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version == 8 + - services.php_fpm.listeners is defined + +- name: "[Alpine] Remove unmanaged files in directory: /etc/php/php-fpm.d" + file: + path: "/etc/php/php-fpm.d/{{ item.path | basename }}" + state: absent + with_items: + - "{{ php_fpm_found_files.files }}" + notify: "Restart php-fpm" + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version == 8 + - services.php_fpm.listeners is defined + - (item.path) not in ( php_fpm_deployed_configs | json_query('results[].invocation.module_args.dest') | default([]) )+ \ No newline at end of file
diff --git a/roles/php-fpm/tasks/extraModules.yml b/roles/php-fpm/tasks/extraModules.yml @@ -0,0 +1,27 @@ +--- + +- name: "[Alpine] Install extra PHP{{ services.php_fpm.version | default(7) }} modules" + apk: + name: "php{{ services.php_fpm.version | default(7) }}-{{ item }}" + state: present + loop: "{{ query('list', services.php_fpm.extraModules)[0] }}" + when: + - ansible_distribution == "Alpine" + +- name: "[Archlinux] Install extra PHP7 modules" + pacman: + name: "php7-{{ item }}" + state: present + loop: "{{ query('list', services.php_fpm.extraModules)[0] }}" + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + +- name: "[Archlinux] Install extra PHP8 modules" + pacman: + name: "php-{{ item }}" + state: present + loop: "{{ query('list', services.php_fpm.extraModules)[0] }}" + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version == 8
diff --git a/roles/php-fpm/tasks/install.yml b/roles/php-fpm/tasks/install.yml @@ -0,0 +1,38 @@ +--- + +- name: "[Alpine] Install package: php7 php7-fpm" + apk: + name: "php7 php7-fpm" + state: present + when: + - ansible_distribution == "Alpine" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + +- name: "[Alpine] Install package: php8 php8-fpm" + apk: + name: "php8 php8-fpm" + state: present + when: + - ansible_distribution == "Alpine" + - services.php_fpm.version == 8 + + +- name: "[Archlinux] Install package: php7 php7-fpm" + pacman: + name: + - "php7" + - "php7-fpm" + state: present + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + +- name: "[Archlinux] Install package: php php-fpm" + pacman: + name: + - "php" + - "php-fpm" + state: present + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version == 8
diff --git a/roles/php-fpm/tasks/main.yml b/roles/php-fpm/tasks/main.yml @@ -0,0 +1,34 @@ +--- + +- include: checks.yml + when: + - services.php_fpm.enable is defined + - services.php_fpm.enable is true + +- include: install.yml + when: + - services.php_fpm.enable is defined + - services.php_fpm.enable is true + +- include: extraModules.yml + when: + - services.php_fpm.enable is defined + - services.php_fpm.enable is true + - services.php_fpm.extraModules is defined + +- include: configure.yml + when: + - services.php_fpm.enable is defined + - services.php_fpm.enable is true + +- include: start.yml + when: + - services.php_fpm.enable is defined + - services.php_fpm.enable is true + +- include: remove.yml + when: + - services.php_fpm.enable is defined + - services.php_fpm.enable is false + +- meta: flush_handlers
diff --git a/roles/php-fpm/tasks/remove.yml b/roles/php-fpm/tasks/remove.yml @@ -0,0 +1,104 @@ +--- + +- name: "[OpenRC] Enable and stop service: php{{ services.php_fpm.version | default(7) }}-fpm (to deploy config changes)" + service: + name: php{{ services.php_fpm.version | default(7) }}-fpm + enabled: no + state: stopped + when: + - ansible_service_mgr == "openrc" + +- name: "[systemd] Enable and start service: php7-fpm (to deploy config changes)" + systemd: + name: php7-fpm + enabled: no + state: stopped + when: + - ansible_service_mgr == "systemd" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + +- name: "[systemd] Enable and start service: php-fpm (to deploy config changes)" + systemd: + name: php-fpm + enabled: no + state: stopped + when: + - ansible_service_mgr == "systemd" + - services.php_fpm.version == 8 + + + +- name: "[Alpine] Remove extra PHP{{ services.php_fpm.version | default(7) }} modules" + apk: + name: "php{{ services.php_fpm.version | default(7) }}-{{ item }}" + state: absent + loop: "{{ query('list', services.php_fpm.extraModules)[0] }}" + when: + - ansible_distribution == "Alpine" + +- name: "[Archlinux] Remove extra PHP7 modules" + pacman: + name: "php7-{{ item }}" + state: absent + loop: "{{ query('list', services.php_fpm.extraModules)[0] }}" + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + +- name: "[Archlinux] Remove extra PHP8 modules" + pacman: + name: "php-{{ item }}" + state: absent + loop: "{{ query('list', services.php_fpm.extraModules)[0] }}" + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version == 8 + + + +- name: "[Alpine] Remove package: php7 php7-fpm" + apk: + name: "php7 php7-fpm" + state: ansent + when: + - ansible_distribution == "Alpine" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + +- name: "[Alpine] Remove package: php8 php8-fpm" + apk: + name: "php8 php8-fpm" + state: ansent + when: + - ansible_distribution == "Alpine" + - services.php_fpm.version == 8 + +- name: "[Archlinux] Remove package: php7 php7-fpm" + pacman: + name: + - "php7" + - "php7-fpm" + state: absent + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + +- name: "[Archlinux] Remove package: php php-fpm" + pacman: + name: + - "php" + - "php-fpm" + state: absent + when: + - ansible_distribution == "Archlinux" + - services.php_fpm.version == 8 + + + +- name: "Delete leftovers" + file: + path: "{{ item }}" + state: absent + with_items: + - /etc/php + - /etc/php7 + - /etc/php8+ \ No newline at end of file
diff --git a/roles/php-fpm/tasks/start.yml b/roles/php-fpm/tasks/start.yml @@ -0,0 +1,28 @@ +--- + +- name: "[OpenRC] Enable and start service: php{{ services.php_fpm.version | default(7) }}-fpm (to deploy config changes)" + service: + name: php{{ services.php_fpm.version | default(7) }}-fpm + enabled: yes + state: started + when: + - ansible_service_mgr == "openrc" + + +- name: "[systemd] Enable and start service: php7-fpm (to deploy config changes)" + systemd: + name: php7-fpm + enabled: yes + state: started + when: + - ansible_service_mgr == "systemd" + - services.php_fpm.version is not defined or services.php_fpm.version == 7 + +- name: "[systemd] Enable and start service: php-fpm (to deploy config changes)" + systemd: + name: php-fpm + enabled: yes + state: started + when: + - ansible_service_mgr == "systemd" + - services.php_fpm.version == 8
diff --git a/roles/php-fpm/templates/php-fpm-listener.conf.j2 b/roles/php-fpm/templates/php-fpm-listener.conf.j2 @@ -0,0 +1,21 @@ +; +; !!! This file is managed by Ansible !!! +; + +[{{ item.key }}] +user = {{ item.value.user }} +group = {{ item.value.group }} + +listen = {{ item.value.listenerPath | default("/run/php-fpm/php-fpm-{{ item.key }}.sock") }} +listen.owner = {{ item.value.listenerOwner | default("nginx") }} +listen.group = {{ item.value.listenerGroup | default("nginx") }} + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +{% if item.value.extraConfig is defined %} +{{ item.value.extraConfig }} +{% endif %}+ \ No newline at end of file