From f2506c4203367cb1bf3e294e96a2817666302d3e Mon Sep 17 00:00:00 2001 From: decentral1se Date: Mon, 30 May 2022 09:34:37 +0200 Subject: [PATCH] init --- LICENSE | 15 +++++++++ README.md | 1 + defaults/main.yml | 60 +++++++++++++++++++++++++++++++++++ handlers/main.yml | 6 ++++ meta/main.yml | 16 ++++++++++ molecule/default/converge.yml | 11 +++++++ molecule/default/molecule.yml | 15 +++++++++ tasks/composer.yml | 36 +++++++++++++++++++++ tasks/main.yml | 7 ++++ tasks/php.yml | 43 +++++++++++++++++++++++++ templates/php.ini.j2 | 42 ++++++++++++++++++++++++ 11 files changed, 252 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 tasks/composer.yml create mode 100644 tasks/main.yml create mode 100644 tasks/php.yml create mode 100644 templates/php.ini.j2 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..40f721a --- /dev/null +++ b/LICENSE @@ -0,0 +1,15 @@ +autonomic.php: Installs a specific version of PHP +Copyright (C) 2022 Autonomic Co-operative + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . diff --git a/README.md b/README.md new file mode 100644 index 0000000..da72213 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# autonomic.php diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..44feffd --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,60 @@ +--- +php_ver: 7.3 + +php_composer_version: "2.0.11" +php_composer_install: false +php_composer_update: false +php_composer_install_file: /tmp/composer-installer.php +php_composer_checksum: sha384:756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3 + +php_extensions_default: + - { "name": "php{{ php_ver }}-cli", "state": "present" } + - { "name": "php{{ php_ver }}-common", "state": "present" } + - { "name": "php{{ php_ver }}-curl", "state": "present" } + - { "name": "php{{ php_ver }}-dev", "state": "present" } + - { "name": "php{{ php_ver }}-fpm", "state": "present" } + - { "name": "php{{ php_ver }}-gd", "state": "present" } + - { "name": "php{{ php_ver }}-mbstring", "state": "present" } + - { "name": "php{{ php_ver }}-mysql", "state": "present" } + - { "name": "php{{ php_ver }}-opcache", "state": "present" } + - { "name": "php{{ php_ver }}-xml", "state": "present" } + - { "name": "php{{ php_ver }}-xmlrpc", "state": "present" } + - { "name": "php{{ php_ver }}-zip", "state": "present" } + +php_extensions_custom: [] + +php_extensions: "{{ php_extensions_default + php_extensions_custom }}" + +php_short_open_tag: "Off" +php_output_buffering: 4096 +php_disable_functions: > + pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited, + pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus, + pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler, + pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask, + pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority, + pcntl_setpriority,pcntl_async_signals +php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" +php_log_errors: "Off" +php_error_log: "" +php_display_errors: "Off" +php_display_startup_errors: "Off" +php_max_execution_time: 30 +php_max_input_time: 300 +php_max_input_vars: 1000 +php_memory_limit: 128M +php_mysqlnd_collect_memory_statistics: "Off" +php_post_max_size: 25M +php_session_cookie_httponly: "On" +php_session_cookie_secure: "Off" +php_upload_max_filesize: 25M +php_track_errors: "Off" +php_timezone: '{{ ntp_timezone | default("Etc/UTC") }}' + +php_opcache_enable: 1 +php_opcache_enable_cli: 1 +php_opcache_fast_shutdown: 1 +php_opcache_interned_strings_buffer: 8 +php_opcache_max_accelerated_files: 4000 +php_opcache_memory_consumption: 128 +php_opcache_revalidate_freq: 60 diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..fd643e7 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: Reload php-fpm + service: + name: "php{{ php_ver }}-fpm" + state: reloaded diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..0cea177 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,16 @@ +--- + +dependencies: [] + +galaxy_info: + author: autonomic + description: | + Installs a specific version of PHP using the popular and reliable + deb.sury.org repositories. See https://deb.sury.org/ for more. + company: Autonomic + license: GPLv3 + min_ansible_version: 2.8 + platforms: + - name: Debian + versions: + - stretch diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..504fffe --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,11 @@ +--- +- name: Converge + hosts: all + vars: + - php_ver: "7.3" + - php_debian_distro: buster + - php_composer_install: true + tasks: + - name: "Include autonomic.php" + include_role: + name: "autonomic.php" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..20aa8dd --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,15 @@ +--- +dependency: + name: galaxy +driver: + name: hetznercloud +platforms: + - name: "autonomic.php-${INSTANCE_UUID}" + server_type: "cx11" + image: "debian-10" +provisioner: + name: ansible +lint: | + set -e + yamllint -c ../../.yamllint.yml . + ansible-lint -c ../../.ansible-lint.yml . diff --git a/tasks/composer.yml b/tasks/composer.yml new file mode 100644 index 0000000..3d983a5 --- /dev/null +++ b/tasks/composer.yml @@ -0,0 +1,36 @@ +--- + +- name: Check if Composer is installed + tags: composer + stat: + path: /usr/local/bin/composer + register: composer_bin + +- block: + - name: Download Composer into tmp directory + get_url: + url: https://getcomposer.org/installer + dest: "{{ php_composer_install_file }}" + checksum: "{{ php_composer_checksum }}" + + - name: Run Composer installer + command: " + php {{ php_composer_install_file }} + --install-dir=/usr/local/bin + --filename=composer + --version={{ php_composer_version }} + " + + - name: Delete composer installer + file: + path: "{{ php_composer_install_file }}" + state: absent + tags: composer + when: not composer_bin.stat.exists + +- name: Update composer if necessary + tags: composer + shell: composer selfupdate + register: composer_update_output + changed_when: "'Updating to version' in composer_update_output.stdout" + when: php_composer_update | bool diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..cf5f0d3 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: php.yml + +- import_tasks: composer.yml + when: php_composer_install | bool + tags: php-composer diff --git a/tasks/php.yml b/tasks/php.yml new file mode 100644 index 0000000..0e75c0c --- /dev/null +++ b/tasks/php.yml @@ -0,0 +1,43 @@ +--- + +- name: Install APT HTTPS support + package: + name: apt-transport-https + state: present + +- name: Install signed GPG key for sury.org PHP packages + apt_key: + url: https://packages.sury.org/php/apt.gpg + id: 15058500A0235D97F5D10063B188E2B695BD4743 + state: present + +- name: Install APT repository for sury.org PHP packages + apt_repository: + repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main" + state: present + +- name: Refresh the APT cache + apt: + update_cache: true + retries: 3 + delay: 10 + tags: + - molecule-idempotence-notest + +- name: "Install PHP {{ php_ver }}" + apt: + name: "{{ item.name }}" + state: "{{ item.state }}" + with_items: "{{ php_extensions }}" + +- name: "Start php{{ php_ver }}-fpm service" + service: + name: "php{{ php_ver }}-fpm" + state: started + enabled: true + +- name: Install PHP configuration file + template: + src: php.ini.j2 + dest: "/etc/php/{{ php_ver }}/fpm/php.ini" + notify: Reload php-fpm diff --git a/templates/php.ini.j2 b/templates/php.ini.j2 new file mode 100644 index 0000000..c875ee2 --- /dev/null +++ b/templates/php.ini.j2 @@ -0,0 +1,42 @@ +; {{ ansible_managed }} + +[PHP] +short_open_tag = {{ php_short_open_tag }} +output_buffering = {{ php_output_buffering }} +disable_functions = {{ php_disable_functions }} +expose_php = Off +max_execution_time = {{ php_max_execution_time }} +max_input_time = {{ php_max_input_time }} +max_input_vars = {{ php_max_input_vars }} +memory_limit = {{ php_memory_limit }} +error_reporting = {{ php_error_reporting }} +display_errors = {{ php_display_errors }} +display_startup_errors = {{ php_display_startup_errors }} +log_errors = {{ php_log_errors }} +log_errors_max_len = 1024 +error_log = {{ php_error_log }} +track_errors = {{ php_track_errors }} +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +post_max_size = {{ php_post_max_size }} +enable_dl = Off +upload_max_filesize = {{ php_upload_max_filesize }} +session.cookie_httponly = {{ php_session_cookie_httponly }} +session.cookie_secure = {{ php_session_cookie_secure }} +date.timezone = {{ php_timezone }} +{% if php_sendmail_path is defined %} +sendmail_path = {{ php_sendmail_path }} +{% endif %} + +[mysqlnd] +mysqlnd.collect_memory_statistics = {{ php_mysqlnd_collect_memory_statistics }} + +[opcache] +opcache.enable = {{ php_opcache_enable }} +opcache.enable_cli = {{ php_opcache_enable_cli }} +opcache.memory_consumption = {{ php_opcache_memory_consumption }} +opcache.interned_strings_buffer = {{ php_opcache_interned_strings_buffer }} +opcache.max_accelerated_files = {{ php_opcache_max_accelerated_files }} +opcache.revalidate_freq = {{ php_opcache_revalidate_freq }} +opcache.fast_shutdown = {{ php_opcache_fast_shutdown }}