ctucx.git: ansible-configs

My personal ansible roles and playbooks

commit 67bc36d1f928e826f66439f0307afb9d2109fc5b
parent c4a5573ba83e76f5d4d701bf46f5d971f469a435
Author: Leah (ctucx) <leah@ctu.cx>
Date: Tue, 23 Feb 2021 17:40:26 +0100

roles/php-fpm: add role
9 files changed, 437 insertions(+), 0 deletions(-)
A
roles/php-fpm/handlers/main.yml
|
52
++++++++++++++++++++++++++++++++++++++++++++++++++++
A
roles/php-fpm/tasks/checks.yml
|
5
+++++
A
roles/php-fpm/tasks/configure.yml
|
126
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
roles/php-fpm/tasks/extraModules.yml
|
27
+++++++++++++++++++++++++++
A
roles/php-fpm/tasks/install.yml
|
38
++++++++++++++++++++++++++++++++++++++
A
roles/php-fpm/tasks/main.yml
|
34
++++++++++++++++++++++++++++++++++
A
roles/php-fpm/tasks/remove.yml
|
105
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
roles/php-fpm/tasks/start.yml
|
28
++++++++++++++++++++++++++++
A
roles/php-fpm/templates/php-fpm-listener.conf.j2
|
22
++++++++++++++++++++++
diff --git a/roles/php-fpm/handlers/main.yml b/roles/php-fpm/handlers/main.yml
@@ -0,0 +1,52 @@
+---
+
+- name: "[Alpine] Check php{{ services.php_fpm.version | default(7) }}-fpm config for errors"
+  shell: php{{ services.php_fpm.version | default(7) }}-fpm -t
+  changed_when: True
+  when:
+    - ansible_service_mgr == "openrc"
+  listen: "Restart php-fpm"
+
+- name: "[Archlinux] Check php7-fpm config for errors"
+  shell: php7-fpm -t
+  changed_when: True
+  when:
+    - ansible_service_mgr == "systemd"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+  listen: "Restart php-fpm"
+
+- name: "[Archlinux] Check php-fpm config for errors"
+  shell: php-fpm -t
+  changed_when: True
+  when:
+    - ansible_service_mgr == "systemd"
+    - services.php_fpm.version == 8
+  listen: "Restart php-fpm"
+
+
+- name: "[OpenRC] Restart service: php{{ services.php_fpm.version | default(7) }}-fpm (to deploy config changes)"
+  service:
+    name: php{{ services.php_fpm.version | default(7) }}-fpm
+    state: restarted
+  when:
+    - ansible_service_mgr == "openrc"
+  listen: "Restart php-fpm"
+
+
+- name: "[systemd] Restart service: php7-fpm (to deploy config changes)"
+  systemd:
+    name: php7-fpm
+    state: restarted
+  when:
+    - ansible_service_mgr == "systemd"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+  listen: "Restart php-fpm"
+
+- name: "[systemd] Restart service: php-fpm (to deploy config changes)"
+  systemd:
+    name: php-fpm
+    state: restarted
+  when:
+    - ansible_service_mgr == "systemd"
+    - services.php_fpm.version == 8
+  listen: "Restart php-fpm"
diff --git a/roles/php-fpm/tasks/checks.yml b/roles/php-fpm/tasks/checks.yml
@@ -0,0 +1,5 @@
+---
+
+- fail: msg="Option 'services.php_fpm.version' has to be 7 or 8!"
+  when:
+    - services.php_fpm.version is defined and (services.php_fpm.version > 8 or services.php_fpm.version < 7)
diff --git a/roles/php-fpm/tasks/configure.yml b/roles/php-fpm/tasks/configure.yml
@@ -0,0 +1,125 @@
+---
+
+# alpine
+- name: "[Alpine] Generate php-fpm listener configs"
+  template:
+    src: php-fpm-listener.conf.j2
+    dest: /etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d/{{item.key}}.conf
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ lookup('dict', services.php_fpm.listeners, wantlist=True) }}"
+  register: php_fpm_deployed_configs
+  notify: "Restart php-fpm"
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.listeners is defined
+
+- name: "[Alpine] Collect files in directory: /etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d"
+  find:
+    path: "/etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d"
+    hidden: yes
+  register: php_fpm_found_files
+  check_mode: no
+  changed_when: false
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.listeners is defined
+
+- name: "[Alpine] Remove unmanaged files in directory: /etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d"
+  file:
+    path: "/etc/php{{ services.php_fpm.version | default(7) }}/php-fpm.d/{{ item.path | basename }}"
+    state: absent
+  with_items:
+    - "{{ php_fpm_found_files.files }}"
+  notify: "Restart php-fpm"
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.listeners is defined
+    - (item.path) not in ( php_fpm_deployed_configs | json_query('results[].invocation.module_args.dest') | default([]) )
+
+
+
+# archlinux (php7)
+- name: "[Archlinux] Generate php7-fpm listener configs"
+  template:
+    src: php-fpm-listener.conf.j2
+    dest: /etc/php7/php-fpm.d/{{item.key}}.conf
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ lookup('dict', services.php_fpm.listeners, wantlist=True) }}"
+  register: php_fpm_deployed_configs
+  notify: "Restart php-fpm"
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+    - services.php_fpm.listeners is defined
+
+- name: "[Archlinux] Collect files in directory: /etc/php7/php-fpm.d"
+  find:
+    path: "/etc/php7/php-fpm.d"
+    hidden: yes
+  register: php_fpm_found_files
+  check_mode: no
+  changed_when: false
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+    - services.php_fpm.listeners is defined
+
+- name: "[Alpine] Remove unmanaged files in directory: /etc/php7/php-fpm.d"
+  file:
+    path: "/etc/php7/php-fpm.d/{{ item.path | basename }}"
+    state: absent
+  with_items:
+    - "{{ php_fpm_found_files.files }}"
+  notify: "Restart php-fpm"
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+    - services.php_fpm.listeners is defined
+    - (item.path) not in ( php_fpm_deployed_configs | json_query('results[].invocation.module_args.dest') | default([]) )
+
+
+
+# archlinux (php8)
+- name: "[Archlinux] Generate php8-fpm listener configs"
+  template:
+    src: php-fpm-listener.conf.j2
+    dest: /etc/php/php-fpm.d/{{item.key}}.conf
+    owner: root
+    group: root
+    mode: 0644
+  loop: "{{ lookup('dict', services.php_fpm.listeners, wantlist=True) }}"
+  register: php_fpm_deployed_configs
+  notify: "Restart php-fpm"
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version == 8
+    - services.php_fpm.listeners is defined
+
+- name: "[Archlinux] Collect files in directory: /etc/php/php-fpm.d"
+  find:
+    path: "/etc/php/php-fpm.d"
+    hidden: yes
+  register: php_fpm_found_files
+  check_mode: no
+  changed_when: false
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version == 8
+    - services.php_fpm.listeners is defined
+
+- name: "[Alpine] Remove unmanaged files in directory: /etc/php/php-fpm.d"
+  file:
+    path: "/etc/php/php-fpm.d/{{ item.path | basename }}"
+    state: absent
+  with_items:
+    - "{{ php_fpm_found_files.files }}"
+  notify: "Restart php-fpm"
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version == 8
+    - services.php_fpm.listeners is defined
+    - (item.path) not in ( php_fpm_deployed_configs | json_query('results[].invocation.module_args.dest') | default([]) )+
\ No newline at end of file
diff --git a/roles/php-fpm/tasks/extraModules.yml b/roles/php-fpm/tasks/extraModules.yml
@@ -0,0 +1,27 @@
+---
+
+- name: "[Alpine] Install extra PHP{{ services.php_fpm.version | default(7) }} modules" 
+  apk:
+    name: "php{{ services.php_fpm.version | default(7) }}-{{ item }}"
+    state: present
+  loop: "{{ query('list', services.php_fpm.extraModules)[0] }}"
+  when:
+    - ansible_distribution == "Alpine"
+
+- name: "[Archlinux] Install extra PHP7 modules" 
+  pacman:
+    name: "php7-{{ item }}"
+    state: present
+  loop: "{{ query('list', services.php_fpm.extraModules)[0] }}"
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+
+- name: "[Archlinux] Install extra PHP8 modules" 
+  pacman:
+    name: "php-{{ item }}"
+    state: present
+  loop: "{{ query('list', services.php_fpm.extraModules)[0] }}"
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version == 8
diff --git a/roles/php-fpm/tasks/install.yml b/roles/php-fpm/tasks/install.yml
@@ -0,0 +1,38 @@
+---
+
+- name: "[Alpine] Install package: php7 php7-fpm" 
+  apk:
+    name: "php7 php7-fpm"
+    state: present
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+
+- name: "[Alpine] Install package: php8 php8-fpm" 
+  apk:
+    name: "php8 php8-fpm"
+    state: present
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.version == 8
+
+
+- name: "[Archlinux] Install package: php7 php7-fpm" 
+  pacman:
+    name:
+      - "php7"
+      - "php7-fpm"
+    state: present
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+
+- name: "[Archlinux] Install package: php php-fpm" 
+  pacman:
+    name:
+      - "php"
+      - "php-fpm"
+    state: present
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version == 8
diff --git a/roles/php-fpm/tasks/main.yml b/roles/php-fpm/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+
+- include: checks.yml
+  when:
+    - services.php_fpm.enable is defined
+    - services.php_fpm.enable is true
+
+- include: install.yml
+  when:
+    - services.php_fpm.enable is defined
+    - services.php_fpm.enable is true
+
+- include: extraModules.yml
+  when:
+    - services.php_fpm.enable is defined
+    - services.php_fpm.enable is true
+    - services.php_fpm.extraModules is defined
+
+- include: configure.yml
+  when:
+    - services.php_fpm.enable is defined
+    - services.php_fpm.enable is true
+
+- include: start.yml
+  when:
+    - services.php_fpm.enable is defined
+    - services.php_fpm.enable is true
+
+- include: remove.yml
+  when:
+    - services.php_fpm.enable is defined
+    - services.php_fpm.enable is false
+
+- meta: flush_handlers
diff --git a/roles/php-fpm/tasks/remove.yml b/roles/php-fpm/tasks/remove.yml
@@ -0,0 +1,104 @@
+---
+
+- name: "[OpenRC] Enable and stop service: php{{ services.php_fpm.version | default(7) }}-fpm (to deploy config changes)"
+  service:
+    name: php{{ services.php_fpm.version | default(7) }}-fpm
+    enabled: no
+    state: stopped
+  when:
+    - ansible_service_mgr == "openrc"
+
+- name: "[systemd] Enable and start service: php7-fpm (to deploy config changes)"
+  systemd:
+    name: php7-fpm
+    enabled: no
+    state: stopped
+  when:
+    - ansible_service_mgr == "systemd"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+
+- name: "[systemd] Enable and start service: php-fpm (to deploy config changes)"
+  systemd:
+    name: php-fpm
+    enabled: no
+    state: stopped
+  when:
+    - ansible_service_mgr == "systemd"
+    - services.php_fpm.version == 8
+
+
+
+- name: "[Alpine] Remove extra PHP{{ services.php_fpm.version | default(7) }} modules" 
+  apk:
+    name: "php{{ services.php_fpm.version | default(7) }}-{{ item }}"
+    state: absent
+  loop: "{{ query('list', services.php_fpm.extraModules)[0] }}"
+  when:
+    - ansible_distribution == "Alpine"
+
+- name: "[Archlinux] Remove extra PHP7 modules" 
+  pacman:
+    name: "php7-{{ item }}"
+    state: absent
+  loop: "{{ query('list', services.php_fpm.extraModules)[0] }}"
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+
+- name: "[Archlinux] Remove extra PHP8 modules" 
+  pacman:
+    name: "php-{{ item }}"
+    state: absent
+  loop: "{{ query('list', services.php_fpm.extraModules)[0] }}"
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version == 8
+
+
+
+- name: "[Alpine] Remove package: php7 php7-fpm" 
+  apk:
+    name: "php7 php7-fpm"
+    state: ansent
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+
+- name: "[Alpine] Remove package: php8 php8-fpm" 
+  apk:
+    name: "php8 php8-fpm"
+    state: ansent
+  when:
+    - ansible_distribution == "Alpine"
+    - services.php_fpm.version == 8
+
+- name: "[Archlinux] Remove package: php7 php7-fpm" 
+  pacman:
+    name:
+      - "php7"
+      - "php7-fpm"
+    state: absent
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+
+- name: "[Archlinux] Remove package: php php-fpm" 
+  pacman:
+    name:
+      - "php"
+      - "php-fpm"
+    state: absent
+  when:
+    - ansible_distribution == "Archlinux"
+    - services.php_fpm.version == 8
+
+
+
+- name: "Delete leftovers"
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/php
+    - /etc/php7
+    - /etc/php8+
\ No newline at end of file
diff --git a/roles/php-fpm/tasks/start.yml b/roles/php-fpm/tasks/start.yml
@@ -0,0 +1,28 @@
+---
+
+- name: "[OpenRC] Enable and start service: php{{ services.php_fpm.version | default(7) }}-fpm (to deploy config changes)"
+  service:
+    name: php{{ services.php_fpm.version | default(7) }}-fpm
+    enabled: yes
+    state: started
+  when:
+    - ansible_service_mgr == "openrc"
+
+
+- name: "[systemd] Enable and start service: php7-fpm (to deploy config changes)"
+  systemd:
+    name: php7-fpm
+    enabled: yes
+    state: started
+  when:
+    - ansible_service_mgr == "systemd"
+    - services.php_fpm.version is not defined or services.php_fpm.version == 7
+
+- name: "[systemd] Enable and start service: php-fpm (to deploy config changes)"
+  systemd:
+    name: php-fpm
+    enabled: yes
+    state: started
+  when:
+    - ansible_service_mgr == "systemd"
+    - services.php_fpm.version == 8
diff --git a/roles/php-fpm/templates/php-fpm-listener.conf.j2 b/roles/php-fpm/templates/php-fpm-listener.conf.j2
@@ -0,0 +1,21 @@
+;
+; !!! This file is managed by Ansible !!!
+;
+
+[{{ item.key }}]
+user = {{ item.value.user }}
+group = {{ item.value.group }}
+
+listen = {{ item.value.listenerPath | default("/run/php-fpm/php-fpm-{{ item.key }}.sock") }}
+listen.owner = {{ item.value.listenerOwner | default("nginx") }}
+listen.group = {{ item.value.listenerGroup | default("nginx") }}
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+{% if item.value.extraConfig is defined %}
+{{ item.value.extraConfig }}
+{% endif %}+
\ No newline at end of file