From 34c974c515bad6df55788d7f6b56e9fe44fe6334 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 12:21:10 -0400 Subject: [PATCH 01/12] Adding verify shell script for easy ansible-playbook. --- composer.json | 5 ++++- scripts/verify | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 scripts/verify diff --git a/composer.json b/composer.json index b902389..e36f223 100644 --- a/composer.json +++ b/composer.json @@ -9,5 +9,8 @@ } ], "homepage": "https://github.com/operations-project/site-runner", - "require": {} + "require": {}, + "bin": [ + "scripts/verify" + ] } diff --git a/scripts/verify b/scripts/verify new file mode 100644 index 0000000..a21590e --- /dev/null +++ b/scripts/verify @@ -0,0 +1,16 @@ +#!/usr/bin/bash + +# +# This generic script lets a server run the playbook limited to itself. +# +# Setup +# 1. Run a server/container with a FQDN hostname. eg. operations.local.computer +# 2. Add that host to the ansible inventory. +# 3. Run this script on the server you want to configure and it will use the variables from the operations.local.computer ansible host automatically + +set -e +echo "" +echo "> Running playbook for host $(hostname -f) ..." + +set -x +ansible-playbook vendor/operations/site-runner/playbook.yml --limit $(hostname -f) --connection local From 053f5635af783322962194cc064fe84ec35e3bc8 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 12:21:43 -0400 Subject: [PATCH 02/12] Adding verify shell script for easy ansible-playbook. --- composer.json | 2 +- scripts/{verify => server-verify-self} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename scripts/{verify => server-verify-self} (100%) diff --git a/composer.json b/composer.json index e36f223..249bb90 100644 --- a/composer.json +++ b/composer.json @@ -11,6 +11,6 @@ "homepage": "https://github.com/operations-project/site-runner", "require": {}, "bin": [ - "scripts/verify" + "scripts/server-verify-self" ] } diff --git a/scripts/verify b/scripts/server-verify-self similarity index 100% rename from scripts/verify rename to scripts/server-verify-self From d0c89442c208c0e8ac6ff8d1c6ce5574b1381eda Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 13:11:07 -0400 Subject: [PATCH 03/12] Add sites via inventory and install a runner for each of them. --- ansible.cfg | 10 ++++++ ansible/hosts.example | 1 + playbook.yml | 36 +++++++++++++------- roles/operations.runner/defaults/main.yml | 40 +++++++++++++++-------- roles/operations.runner/tasks/main.yml | 39 +++++++++++++++++----- 5 files changed, 94 insertions(+), 32 deletions(-) create mode 100644 ansible.cfg diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..d0c75cd --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,10 @@ + +# This config file should be in the operations-dashboard root. +# It can be a symlink to this file, or you can copy it to customize it for your needs. +# ln -s vendor/operations/site-runner/ansible.cfg +[defaults] +stdout_callback = yaml +force_color = True +inventory=ansible/inventory.yml +roles_path=vendor/operations/site-runner/roles +deprecation_warnings=False diff --git a/ansible/hosts.example b/ansible/hosts.example index 8cf08d7..bbf95da 100644 --- a/ansible/hosts.example +++ b/ansible/hosts.example @@ -5,3 +5,4 @@ [operations_host_ddev] localhost ansible_connection=local + \ No newline at end of file diff --git a/playbook.yml b/playbook.yml index 5cc20cf..8e53443 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,36 +1,50 @@ --- - name: Configure Server - hosts: all + hosts: servers become: true roles: - role: geerlingguy.security - tags: system + tags: + - system + - security vars: security_sudoers_passwordless: "{{ [operations_control_user|default('control')] + operations_admin_users|default([]) }}" security_ssh_allowed_users: "{{ [operations_control_user|default('control')] + [operations_platform_user|default('platform')] + operations_admin_users|default([]) }}" - role: geerlingguy.github-users - tags: system + tags: + - system + - security vars: github_users: "{{ operations_admin_users | default([]) }}" -- name: "Configure Hosting: DDEV" - hosts: operations_host_ddev +- name: Configure Runner Server + hosts: runners become: true roles: - role: geerlingguy.docker - tags: system + tags: + - system + - docker - role: operations.users - tags: operations + tags: + - system + - users + - operations - role: operations.ddev - tags: operations, ddev + tags: + - system + - ddev + - operations + +- name: Setup Sites + hosts: sites + become: true + roles: - role: operations.runner - tags: - - operations - - runner diff --git a/roles/operations.runner/defaults/main.yml b/roles/operations.runner/defaults/main.yml index e71fd16..2dc3b60 100644 --- a/roles/operations.runner/defaults/main.yml +++ b/roles/operations.runner/defaults/main.yml @@ -1,16 +1,30 @@ -# Global runner path. github.yml will copy this dir instead of downloading. -operations_github_runner_path: /usr/share/github-runner +# A location to download the runner software to +github_runner_download_version: "2.314.1" +github_runner_download_filename: "actions-runner-linux-x64-{{ github_runner_download_version }}.tar.gz" -# Set here to apply to all runners. -operations_runner_repo_default: operations-project/site-runner +github_runner_repo: operations-project/operations-dashboard +github_runner_user: "platform" +github_runner_path: "/var/{{ github_runner_user }}/Runners/{{ github_runner_repo }}" +github_runner_site_symlink_directory: "/var/{{ github_runner_user }}/Sites/{{ github_runner_repo }}" +github_runner_site_symlink_file: "{{ github_runner_site_symlink_directory }}/{{ inventory_hostname }}" -operations_github_api_token: DefaultApiToken -operations_github_runners: - - runner_repo: operations-project/site-runner - # repo_host: https://github.com - # runner_name: "{{ inventory_hostname }}" - # runner_path: "runner" - # api_token: "{{ operations_github_api_token }}" - # runner_labels: "{{ inventory_hostname }}" - # runner_user: platform +github_runner_api_token: + +# +# +## Global runner path. github.yml will copy this dir instead of downloading. +#operations_github_runner_path: /usr/share/github-runner +# +## Set here to apply to all runners. +#operations_runner_repo_default: operations-project/site-runner +# +#operations_github_api_token: DefaultApiToken +#operations_github_runners: +# - runner_repo: operations-project/site-runner +# # repo_host: https://github.com +# # runner_name: "{{ inventory_hostname }}" +# # runner_path: "runner" +# # api_token: "{{ operations_github_api_token }}" +# # runner_labels: "{{ inventory_hostname }}" +# # runner_user: platform diff --git a/roles/operations.runner/tasks/main.yml b/roles/operations.runner/tasks/main.yml index 0df8275..e0dc299 100644 --- a/roles/operations.runner/tasks/main.yml +++ b/roles/operations.runner/tasks/main.yml @@ -4,13 +4,36 @@ - name: Download the Runner shell: cmd: | - cd {{ operations_github_runner_path }} - mkdir {{ operations_github_runner_path }} -p - curl -o {{ operations_github_runner_path }}/actions-runner-linux-x64-2.314.1.tar.gz -L https://github.com/actions/runner/releases/download/v2.314.1/actions-runner-linux-x64-2.314.1.tar.gz - tar xzf {{ operations_github_runner_path }}/actions-runner-linux-x64-2.314.1.tar.gz + mkdir {{ github_runner_path }} -p + cd {{ github_runner_path }} + curl -o {{ github_runner_path }}/{{ github_runner_download_filename }} -L https://github.com/actions/runner/releases/download/{{ github_runner_download_version }}/{{ github_runner_download_filename }} + tar xzf {{ github_runner_path }}/{{ github_runner_download_filename }} ./bin/installdependencies.sh - creates: "{{ operations_github_runner_path }}/config.sh" + chown {{ github_runner_user }}:{{ github_runner_user }} . -R + creates: "{{ github_runner_path }}/config.sh" -- name: Configure GitHub Runners - include_tasks: github.yml - with_items: "{{ operations_github_runners }}" +- name: Verify runner + file: + path: "{{ github_runner_path }}" + state: directory + owner: "{{ github_runner_user }}" + group: "{{ github_runner_user }}" + +- name: Create Sites directory + file: + state: directory + dest: "{{ github_runner_site_symlink_directory }}" + force: yes + +- name: Create site symlink + file: + state: link + dest: "{{ github_runner_site_symlink_directory }}" + src: "{{ github_runner_path }}/_work/{{ github_runner_repo }}" + force: yes + + +# +#- name: Configure GitHub Runners +# include_tasks: github.yml +# with_items: "{{ operations_github_runners }}" From b68c5735971b4b68424ca24cd276ab3bffe811c1 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 13:54:58 -0400 Subject: [PATCH 04/12] Fix download of runner, use env var for token, and fix runner path and symlink --- roles/operations.runner/defaults/main.yml | 8 ++++++-- roles/operations.runner/tasks/github.yml | 22 +++++++++++----------- roles/operations.runner/tasks/main.yml | 20 +++++++++++++++++--- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/roles/operations.runner/defaults/main.yml b/roles/operations.runner/defaults/main.yml index 2dc3b60..aa390e5 100644 --- a/roles/operations.runner/defaults/main.yml +++ b/roles/operations.runner/defaults/main.yml @@ -2,14 +2,18 @@ # A location to download the runner software to github_runner_download_version: "2.314.1" github_runner_download_filename: "actions-runner-linux-x64-{{ github_runner_download_version }}.tar.gz" +github_runner_download_url: "https://github.com/actions/runner/releases/download/v{{ github_runner_download_version }}/{{ github_runner_download_filename }}" github_runner_repo: operations-project/operations-dashboard github_runner_user: "platform" -github_runner_path: "/var/{{ github_runner_user }}/Runners/{{ github_runner_repo }}" +github_runner_path: "/var/{{ github_runner_user }}/Runners/{{ github_runner_repo }}/{{ inventory_hostname }}" github_runner_site_symlink_directory: "/var/{{ github_runner_user }}/Sites/{{ github_runner_repo }}" github_runner_site_symlink_file: "{{ github_runner_site_symlink_directory }}/{{ inventory_hostname }}" -github_runner_api_token: +# To create runners, you need an API token with "admin" permissions. +# Don't set this variable in yaml files. Set it in CI using --extra-vars. +# ansible-playbook --extra-vars github_runner_api_token=${{ secrets.OPERATIONS_GITHUB_RUNNER_TOKEN }} +github_runner_api_token: "{{ lookup('ansible.builtin.env', 'OPERATIONS_GITHUB_RUNNER_TOKEN') }}" # # diff --git a/roles/operations.runner/tasks/github.yml b/roles/operations.runner/tasks/github.yml index 4f6e2ab..e41f25f 100644 --- a/roles/operations.runner/tasks/github.yml +++ b/roles/operations.runner/tasks/github.yml @@ -10,22 +10,22 @@ become_user: "{{ item.runner_user | default(operations_platform_user) | default('platform')}}" set_fact: # @TODO: Is there a better way to set defaults in a list of maps? - item_runner_path: "{{ user_facts.home }}/{{ item.runner_path | default('runner')}}" + item_runner_path: "{{ item.runner_path }}" item_runner_user: "{{ item.runner_user | default(operations_platform_user) | default('platform')}}" item_runner_name: "{{ item.runner_user | default(operations_platform_user) }}@{{ item.runner_name | default(inventory_hostname) }}" item_runner_repo: "{{ item.runner_repo | default(operations_runner_repo_default) }}" item_runner_labels: "{{ item.runner_user | default(operations_platform_user) }}@{{ item.runner_name | default(inventory_hostname) }},user/{{ item.runner_user | default(operations_platform_user) | default('platform') }},{{ item.runner_labels | default('') }}" item_runner_api_token: "{{ item.api_token | default(operations_github_api_token) }}" - -- name: Copy GitHub Runner - # It will fail if a job is running. - ignore_errors: true - copy: - src: "{{ operations_github_runner_path }}/" - dest: "{{ item_runner_path }}" - owner: "{{ item_runner_user }}" - group: "{{ item_runner_user }}" - remote_src: yes +# +#- name: Copy GitHub Runner +# # It will fail if a job is running. +# ignore_errors: true +# copy: +# src: "{{ operations_github_runner_path }}/" +# dest: "{{ item_runner_path }}" +# owner: "{{ item_runner_user }}" +# group: "{{ item_runner_user }}" +# remote_src: yes # See https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-configuration-for-a-just-in-time-runner-for-an-organization--fine-grained-access-tokens - name: "{{ item_runner_repo }} | Get GitHub Runner Token" diff --git a/roles/operations.runner/tasks/main.yml b/roles/operations.runner/tasks/main.yml index e0dc299..e2b7828 100644 --- a/roles/operations.runner/tasks/main.yml +++ b/roles/operations.runner/tasks/main.yml @@ -6,8 +6,8 @@ cmd: | mkdir {{ github_runner_path }} -p cd {{ github_runner_path }} - curl -o {{ github_runner_path }}/{{ github_runner_download_filename }} -L https://github.com/actions/runner/releases/download/{{ github_runner_download_version }}/{{ github_runner_download_filename }} - tar xzf {{ github_runner_path }}/{{ github_runner_download_filename }} + curl --fail -o {{ github_runner_path }}/{{ github_runner_download_filename }} -L {{ github_runner_download_url }} + tar xzf {{ github_runner_download_filename }} ./bin/installdependencies.sh chown {{ github_runner_user }}:{{ github_runner_user }} . -R creates: "{{ github_runner_path }}/config.sh" @@ -24,13 +24,27 @@ state: directory dest: "{{ github_runner_site_symlink_directory }}" force: yes + owner: "{{ github_runner_user }}" + group: "{{ github_runner_user }}" - name: Create site symlink file: state: link dest: "{{ github_runner_site_symlink_directory }}" - src: "{{ github_runner_path }}/_work/{{ github_runner_repo }}" + src: "{{ github_runner_path }}/_work/{{ github_runner_repo | split('/') | last }}/{{ github_runner_repo | split('/') | last }}" force: yes + owner: "{{ github_runner_user }}" + group: "{{ github_runner_user }}" + +- name: Configure GitHub Runner + include_tasks: github.yml + with_items: + - runner_repo: "{{ github_runner_repo }}" + runner_user: "{{ github_runner_user }}" + runner_name: "{{ inventory_hostname }}" + runner_path: "{{ github_runner_path }}" + api_token: "{{ github_runner_api_token }}" +# runner_labels: "{{ inventory_hostname }}" # From 4730f17c3c1cf70606cb0b9dd64e806e3966cd5a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 14:03:37 -0400 Subject: [PATCH 05/12] Only install site runners on the host they want to be on. --- playbook.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/playbook.yml b/playbook.yml index 8e53443..1fcfee3 100644 --- a/playbook.yml +++ b/playbook.yml @@ -48,3 +48,6 @@ become: true roles: - role: operations.runner + when: + - lookup('ansible.builtin.env', 'HOSTNAME') == github_runner_host | default(true) + - github_runner_host in hostvars From a3817718c572d2fe1f5c1f626969146615377400 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 14:12:22 -0400 Subject: [PATCH 06/12] comment out symlink creation. --- roles/operations.runner/tasks/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/operations.runner/tasks/main.yml b/roles/operations.runner/tasks/main.yml index e2b7828..1b53609 100644 --- a/roles/operations.runner/tasks/main.yml +++ b/roles/operations.runner/tasks/main.yml @@ -26,15 +26,15 @@ force: yes owner: "{{ github_runner_user }}" group: "{{ github_runner_user }}" - -- name: Create site symlink - file: - state: link - dest: "{{ github_runner_site_symlink_directory }}" - src: "{{ github_runner_path }}/_work/{{ github_runner_repo | split('/') | last }}/{{ github_runner_repo | split('/') | last }}" - force: yes - owner: "{{ github_runner_user }}" - group: "{{ github_runner_user }}" +# +#- name: Create site symlink +# file: +# state: link +# dest: "{{ github_runner_site_symlink_directory }}" +# src: "{{ github_runner_path }}/_work/{{ github_runner_repo | split('/') | last }}/{{ github_runner_repo | split('/') | last }}" +# force: yes +# owner: "{{ github_runner_user }}" +# group: "{{ github_runner_user }}" - name: Configure GitHub Runner include_tasks: github.yml From b74de3b140cbab9051287076ce943c34d3565681 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 14:13:11 -0400 Subject: [PATCH 07/12] executable --- scripts/server-verify-self | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/server-verify-self diff --git a/scripts/server-verify-self b/scripts/server-verify-self old mode 100644 new mode 100755 From 92faeb065cd0f7cec4196e84c2132d8c1f7a6b31 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 15:16:59 -0400 Subject: [PATCH 08/12] We need composer if we are going to use operations-project/operations-dashboard. --- roles/geerlingguy.composer/.ansible-lint | 3 + .../geerlingguy.composer/.github/FUNDING.yml | 4 + roles/geerlingguy.composer/.github/stale.yml | 57 ++++ .../.github/workflows/ci.yml | 67 +++++ .../.github/workflows/release.yml | 40 +++ roles/geerlingguy.composer/.gitignore | 5 + roles/geerlingguy.composer/.yamllint | 11 + roles/geerlingguy.composer/LICENSE | 20 ++ roles/geerlingguy.composer/README.md | 87 ++++++ roles/geerlingguy.composer/defaults/main.yml | 25 ++ .../meta/.galaxy_install_info | 2 + roles/geerlingguy.composer/meta/main.yml | 44 ++++ .../molecule/default/converge.yml | 41 +++ .../molecule/default/molecule.yml | 17 ++ .../molecule/default/requirements.yml | 5 + .../tasks/global-require.yml | 18 ++ roles/geerlingguy.composer/tasks/main.yml | 76 ++++++ .../tasks/project-bin.yml | 6 + .../templates/auth.json.j2 | 5 + .../templates/composer-project.sh.j2 | 1 + .../templates/composer.sh.j2 | 1 + roles/geerlingguy.php/.ansible-lint | 5 + roles/geerlingguy.php/.github/FUNDING.yml | 4 + roles/geerlingguy.php/.github/stale.yml | 57 ++++ .../geerlingguy.php/.github/workflows/ci.yml | 81 ++++++ .../.github/workflows/release.yml | 40 +++ roles/geerlingguy.php/.gitignore | 5 + roles/geerlingguy.php/.yamllint | 11 + roles/geerlingguy.php/LICENSE | 20 ++ roles/geerlingguy.php/README.md | 248 ++++++++++++++++++ roles/geerlingguy.php/defaults/main.yml | 156 +++++++++++ roles/geerlingguy.php/handlers/main.yml | 16 ++ .../geerlingguy.php/meta/.galaxy_install_info | 2 + roles/geerlingguy.php/meta/main.yml | 30 +++ .../molecule/default/converge.yml | 72 +++++ .../molecule/default/molecule.yml | 19 ++ .../molecule/default/requirements.yml | 3 + .../molecule/default/source-install.yml | 32 +++ .../geerlingguy.php/tasks/configure-apcu.yml | 37 +++ roles/geerlingguy.php/tasks/configure-fpm.yml | 56 ++++ .../tasks/configure-opcache.yml | 37 +++ roles/geerlingguy.php/tasks/configure.yml | 21 ++ .../tasks/install-from-source.yml | 158 +++++++++++ roles/geerlingguy.php/tasks/main.yml | 87 ++++++ roles/geerlingguy.php/tasks/setup-Debian.yml | 27 ++ roles/geerlingguy.php/tasks/setup-RedHat.yml | 7 + roles/geerlingguy.php/templates/apc.ini.j2 | 4 + roles/geerlingguy.php/templates/fpm-init.j2 | 170 ++++++++++++ .../geerlingguy.php/templates/opcache.ini.j2 | 14 + .../geerlingguy.php/templates/php-fpm.conf.j2 | 12 + roles/geerlingguy.php/templates/php.ini.j2 | 221 ++++++++++++++++ roles/geerlingguy.php/templates/www.conf.j2 | 20 ++ roles/geerlingguy.php/vars/Debian-10.yml | 2 + roles/geerlingguy.php/vars/Debian-11.yml | 2 + roles/geerlingguy.php/vars/Debian-12.yml | 2 + roles/geerlingguy.php/vars/Debian.yml | 38 +++ roles/geerlingguy.php/vars/RedHat.yml | 32 +++ roles/geerlingguy.php/vars/Ubuntu-18.yml | 2 + roles/geerlingguy.php/vars/Ubuntu-20.yml | 2 + roles/geerlingguy.php/vars/Ubuntu-22.yml | 2 + 60 files changed, 2289 insertions(+) create mode 100644 roles/geerlingguy.composer/.ansible-lint create mode 100644 roles/geerlingguy.composer/.github/FUNDING.yml create mode 100644 roles/geerlingguy.composer/.github/stale.yml create mode 100644 roles/geerlingguy.composer/.github/workflows/ci.yml create mode 100644 roles/geerlingguy.composer/.github/workflows/release.yml create mode 100644 roles/geerlingguy.composer/.gitignore create mode 100644 roles/geerlingguy.composer/.yamllint create mode 100644 roles/geerlingguy.composer/LICENSE create mode 100644 roles/geerlingguy.composer/README.md create mode 100644 roles/geerlingguy.composer/defaults/main.yml create mode 100644 roles/geerlingguy.composer/meta/.galaxy_install_info create mode 100644 roles/geerlingguy.composer/meta/main.yml create mode 100644 roles/geerlingguy.composer/molecule/default/converge.yml create mode 100644 roles/geerlingguy.composer/molecule/default/molecule.yml create mode 100644 roles/geerlingguy.composer/molecule/default/requirements.yml create mode 100644 roles/geerlingguy.composer/tasks/global-require.yml create mode 100644 roles/geerlingguy.composer/tasks/main.yml create mode 100644 roles/geerlingguy.composer/tasks/project-bin.yml create mode 100644 roles/geerlingguy.composer/templates/auth.json.j2 create mode 100644 roles/geerlingguy.composer/templates/composer-project.sh.j2 create mode 100644 roles/geerlingguy.composer/templates/composer.sh.j2 create mode 100644 roles/geerlingguy.php/.ansible-lint create mode 100644 roles/geerlingguy.php/.github/FUNDING.yml create mode 100644 roles/geerlingguy.php/.github/stale.yml create mode 100644 roles/geerlingguy.php/.github/workflows/ci.yml create mode 100644 roles/geerlingguy.php/.github/workflows/release.yml create mode 100644 roles/geerlingguy.php/.gitignore create mode 100644 roles/geerlingguy.php/.yamllint create mode 100644 roles/geerlingguy.php/LICENSE create mode 100644 roles/geerlingguy.php/README.md create mode 100644 roles/geerlingguy.php/defaults/main.yml create mode 100644 roles/geerlingguy.php/handlers/main.yml create mode 100644 roles/geerlingguy.php/meta/.galaxy_install_info create mode 100644 roles/geerlingguy.php/meta/main.yml create mode 100644 roles/geerlingguy.php/molecule/default/converge.yml create mode 100644 roles/geerlingguy.php/molecule/default/molecule.yml create mode 100644 roles/geerlingguy.php/molecule/default/requirements.yml create mode 100644 roles/geerlingguy.php/molecule/default/source-install.yml create mode 100644 roles/geerlingguy.php/tasks/configure-apcu.yml create mode 100644 roles/geerlingguy.php/tasks/configure-fpm.yml create mode 100644 roles/geerlingguy.php/tasks/configure-opcache.yml create mode 100644 roles/geerlingguy.php/tasks/configure.yml create mode 100644 roles/geerlingguy.php/tasks/install-from-source.yml create mode 100644 roles/geerlingguy.php/tasks/main.yml create mode 100644 roles/geerlingguy.php/tasks/setup-Debian.yml create mode 100644 roles/geerlingguy.php/tasks/setup-RedHat.yml create mode 100644 roles/geerlingguy.php/templates/apc.ini.j2 create mode 100644 roles/geerlingguy.php/templates/fpm-init.j2 create mode 100644 roles/geerlingguy.php/templates/opcache.ini.j2 create mode 100644 roles/geerlingguy.php/templates/php-fpm.conf.j2 create mode 100644 roles/geerlingguy.php/templates/php.ini.j2 create mode 100644 roles/geerlingguy.php/templates/www.conf.j2 create mode 100644 roles/geerlingguy.php/vars/Debian-10.yml create mode 100644 roles/geerlingguy.php/vars/Debian-11.yml create mode 100644 roles/geerlingguy.php/vars/Debian-12.yml create mode 100644 roles/geerlingguy.php/vars/Debian.yml create mode 100644 roles/geerlingguy.php/vars/RedHat.yml create mode 100644 roles/geerlingguy.php/vars/Ubuntu-18.yml create mode 100644 roles/geerlingguy.php/vars/Ubuntu-20.yml create mode 100644 roles/geerlingguy.php/vars/Ubuntu-22.yml diff --git a/roles/geerlingguy.composer/.ansible-lint b/roles/geerlingguy.composer/.ansible-lint new file mode 100644 index 0000000..acc8255 --- /dev/null +++ b/roles/geerlingguy.composer/.ansible-lint @@ -0,0 +1,3 @@ +skip_list: + - 'yaml' + - 'role-name' diff --git a/roles/geerlingguy.composer/.github/FUNDING.yml b/roles/geerlingguy.composer/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/roles/geerlingguy.composer/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/roles/geerlingguy.composer/.github/stale.yml b/roles/geerlingguy.composer/.github/stale.yml new file mode 100644 index 0000000..3cc6ec3 --- /dev/null +++ b/roles/geerlingguy.composer/.github/stale.yml @@ -0,0 +1,57 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - bug + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.composer/.github/workflows/ci.yml b/roles/geerlingguy.composer/.github/workflows/ci.yml new file mode 100644 index 0000000..3c3ca67 --- /dev/null +++ b/roles/geerlingguy.composer/.github/workflows/ci.yml @@ -0,0 +1,67 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "0 6 * * 0" + +defaults: + run: + working-directory: 'geerlingguy.composer' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.composer' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + distro: + - centos7 + - ubuntu2004 + - debian11 + + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.composer' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/roles/geerlingguy.composer/.github/workflows/release.yml b/roles/geerlingguy.composer/.github/workflows/release.yml new file mode 100644 index 0000000..b81575f --- /dev/null +++ b/roles/geerlingguy.composer/.github/workflows/release.yml @@ -0,0 +1,40 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.composer' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.composer' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-core + + - name: Trigger a new import on Galaxy. + run: >- + ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} + $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/geerlingguy.composer/.gitignore b/roles/geerlingguy.composer/.gitignore new file mode 100644 index 0000000..8840c8f --- /dev/null +++ b/roles/geerlingguy.composer/.gitignore @@ -0,0 +1,5 @@ +*.retry +*/__pycache__ +*.pyc +.cache + diff --git a/roles/geerlingguy.composer/.yamllint b/roles/geerlingguy.composer/.yamllint new file mode 100644 index 0000000..7107275 --- /dev/null +++ b/roles/geerlingguy.composer/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 140 + level: warning + +ignore: | + .github/stale.yml + .travis.ci diff --git a/roles/geerlingguy.composer/LICENSE b/roles/geerlingguy.composer/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/roles/geerlingguy.composer/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.composer/README.md b/roles/geerlingguy.composer/README.md new file mode 100644 index 0000000..7b5bbb1 --- /dev/null +++ b/roles/geerlingguy.composer/README.md @@ -0,0 +1,87 @@ +# Ansible Role: Composer + +[![CI](https://github.com/geerlingguy/ansible-role-composer/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-composer/actions?query=workflow%3ACI) + +Installs Composer, the PHP Dependency Manager, on any Linux or UNIX system. + +## Requirements + + - `php` (version 5.4+) should be installed and working (you can use the `geerlingguy.php` role to install). + - `git` should be installed and working (you can use the `geerlingguy.git` role to install). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + composer_path: /usr/local/bin/composer + +The path where composer will be installed and available to your system. Should be in your user's `$PATH` so you can run commands simply with `composer` instead of the full path. + + composer_keep_updated: false + +Set this to `true` to update Composer to the latest release every time the playbook is run. + + composer_home_path: '~/.composer' + composer_home_owner: root + composer_home_group: root + +The `COMPOSER_HOME` path and directory ownership; this is the directory where global packages will be installed. + + composer_version: '' + +You can install a specific release of Composer, e.g. `composer_version: '1.0.0-alpha11'`. If left empty the latest development version will be installed. Note that `composer_keep_updated` will override this variable, as it will always install the latest development version. + + composer_version_branch: '--2' + +You can choose which major branch of composer you wish to use. Default is `--2`. Note that `composer_keep_updated` will update the latest version available for this branch. + + composer_global_packages: [] + +A list of packages to install globally (using `composer global require`). If you want to install any packages globally, add a list item with a dictionary with the `name` of the package and a `release`, e.g. `- { name: phpunit/phpunit, release: "4.7.*" }`. The 'release' is optional, and defaults to `@stable`. + + composer_add_to_path: true + +If `true`, and if there are any configured `composer_global_packages`, the `vendor/bin` directory inside `composer_home_path` will be added to the system's default `$PATH` (for all users). + + composer_project_path: /path/to/project + +Path to a composer project. + + composer_add_project_to_path: false + +If `true`, and if you have configured a `composer_project_path`, the `vendor/bin` directory inside `composer_project_path` will be added to the system's default `$PATH` (for all users). + + composer_github_oauth_token: '' + +GitHub OAuth token, used to avoid GitHub API rate limiting errors when building and rebuilding applications using Composer. Follow GitHub's directions to [Create a personal access token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) if you run into these rate limit errors. + + php_executable: php + +The executable name or full path to the PHP executable. This is defaulted to `php` if you don't override the variable. + +### Staying on Composer 1 + +While projects are upgrading to support Composer 2, it may be helpful to run Composer 1 instead. To do that, set these variables: + + composer_version_branch: '' + composer_version: '1.10.12' + +## Dependencies + +None (but make sure you've installed PHP; the `geerlingguy.php` role is recommended). + +## Example Playbook + + - hosts: servers + roles: + - geerlingguy.composer + +After the playbook runs, `composer` will be placed in `/usr/local/bin/composer` (this location is configurable), and will be accessible via normal system accounts. + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.composer/defaults/main.yml b/roles/geerlingguy.composer/defaults/main.yml new file mode 100644 index 0000000..3cd45a7 --- /dev/null +++ b/roles/geerlingguy.composer/defaults/main.yml @@ -0,0 +1,25 @@ +--- +composer_path: /usr/local/bin/composer +composer_keep_updated: false +composer_version: '' +composer_version_branch: '--2' + +# The directory where global packages will be installed. +composer_home_path: '~/.composer' +composer_home_owner: root +composer_home_group: root + +# A list of packages to install globally. See commented examples below for +# usage; the 'release' is optional, and defaults to '@stable'. +composer_global_packages: [] +# - { name: phpunit/phpunit, release: "4.7.x" } +# - { name: phpunit/phpunit, release: "@stable" } + +composer_add_to_path: true + +# Add a project vendor/bin directory to the PATH +composer_add_project_to_path: false +# composer_project_path: /path/to/project/vendor/bin + +# GitHub OAuth token (used to help overcome API rate limits). +composer_github_oauth_token: '' diff --git a/roles/geerlingguy.composer/meta/.galaxy_install_info b/roles/geerlingguy.composer/meta/.galaxy_install_info new file mode 100644 index 0000000..52a1027 --- /dev/null +++ b/roles/geerlingguy.composer/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: 'Thu 23 May 2024 07:16:28 PM ' +version: 1.9.2 diff --git a/roles/geerlingguy.composer/meta/main.yml b/roles/geerlingguy.composer/meta/main.yml new file mode 100644 index 0000000..0b3da10 --- /dev/null +++ b/roles/geerlingguy.composer/meta/main.yml @@ -0,0 +1,44 @@ +--- +dependencies: [] + +galaxy_info: + role_name: composer + author: geerlingguy + description: Composer PHP Dependency Manager + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - all + - name: GenericUNIX + versions: + - all + - name: Fedora + versions: + - all + - name: opensuse + versions: + - all + - name: GenericBSD + versions: + - all + - name: FreeBSD + versions: + - all + - name: Ubuntu + versions: + - all + - name: SLES + versions: + - all + - name: GenericLinux + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - packaging + - web diff --git a/roles/geerlingguy.composer/molecule/default/converge.yml b/roles/geerlingguy.composer/molecule/default/converge.yml new file mode 100644 index 0000000..2ea00e7 --- /dev/null +++ b/roles/geerlingguy.composer/molecule/default/converge.yml @@ -0,0 +1,41 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + php_enablerepo: "remi,remi-php70" + php_enable_webserver: false + + # Test a global requirement. + composer_global_packages: + - name: phpunit/phpunit + release: "@stable" + + pre_tasks: + - name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_distribution == 'Ubuntu' + + - name: Set php_packages for Fedora install. + set_fact: + php_packages: + - php + - php-cli + - php-common + - php-devel + - php-mbstring + - php-opcache + - php-pecl-apcu + - php-xml + - php-json + when: ansible_distribution == 'Fedora' + + roles: + - role: geerlingguy.repo-remi + when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' + - role: geerlingguy.repo-dotdeb + when: ansible_distribution == 'Debian' + - role: geerlingguy.git + - role: geerlingguy.php + - role: geerlingguy.composer diff --git a/roles/geerlingguy.composer/molecule/default/molecule.yml b/roles/geerlingguy.composer/molecule/default/molecule.yml new file mode 100644 index 0000000..7490710 --- /dev/null +++ b/roles/geerlingguy.composer/molecule/default/molecule.yml @@ -0,0 +1,17 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.composer/molecule/default/requirements.yml b/roles/geerlingguy.composer/molecule/default/requirements.yml new file mode 100644 index 0000000..8263a0c --- /dev/null +++ b/roles/geerlingguy.composer/molecule/default/requirements.yml @@ -0,0 +1,5 @@ +--- +- src: geerlingguy.repo-remi +- src: geerlingguy.repo-dotdeb +- src: geerlingguy.git +- src: geerlingguy.php diff --git a/roles/geerlingguy.composer/tasks/global-require.yml b/roles/geerlingguy.composer/tasks/global-require.yml new file mode 100644 index 0000000..d9f3b0d --- /dev/null +++ b/roles/geerlingguy.composer/tasks/global-require.yml @@ -0,0 +1,18 @@ +--- +- name: Install configured globally-required packages. + command: > + {{ composer_path }} global require {{ item.name }}:{{ item.release | default('@stable') }} --no-progress --no-interaction + creates={{ composer_home_path }}/vendor/{{ item.name }} + environment: + COMPOSER_HOME: "{{ composer_home_path }}" + become: true + become_user: "{{ composer_home_owner }}" + register: composer_global_require_result + with_items: "{{ composer_global_packages }}" + +- name: Add composer_home_path bin directory to global $PATH. + template: + src: composer.sh.j2 + dest: /etc/profile.d/composer.sh + mode: 0644 + when: composer_add_to_path | bool diff --git a/roles/geerlingguy.composer/tasks/main.yml b/roles/geerlingguy.composer/tasks/main.yml new file mode 100644 index 0000000..b19c253 --- /dev/null +++ b/roles/geerlingguy.composer/tasks/main.yml @@ -0,0 +1,76 @@ +--- +- name: Check if requested version parameters are valid + fail: + msg: You cannot request a specific version AND keep the composer up to date. + Set either composer_version or composer_keep_updated, but not both. + when: composer_version != '' and composer_keep_updated + +- name: Set php_executable variable to a default if not defined. + set_fact: + php_executable: php + when: php_executable is not defined + +- name: Check if Composer is installed. + stat: "path={{ composer_path }}" + register: composer_bin + +- name: Get Composer installer signature. + uri: + url: https://composer.github.io/installer.sig + return_content: true + register: composer_installer_signature + when: not composer_bin.stat.exists + +- name: Download Composer installer. + get_url: + url: https://getcomposer.org/installer + dest: /tmp/composer-installer.php + mode: 0755 + checksum: "sha384:{{ composer_installer_signature.content }}" + when: not composer_bin.stat.exists + +- name: Run Composer installer. + command: > + {{ php_executable }} composer-installer.php {% if composer_version_branch %} {{ composer_version_branch }}{% elif composer_version %} --version={{ composer_version }}{% endif %} + chdir=/tmp + when: not composer_bin.stat.exists + +- name: Move Composer into globally-accessible location. + command: > + mv /tmp/composer.phar {{ composer_path }} + creates={{ composer_path }} + when: not composer_bin.stat.exists + +- name: Update Composer to latest version (if configured). + command: > + {{ php_executable }} {{ composer_path }} self-update {{ composer_version_branch }} + register: composer_update + changed_when: "'Updating to version' in composer_update.stdout" + when: composer_keep_updated | bool + +- name: Ensure composer directory exists. + become: true + become_user: "{{ composer_home_owner }}" + file: + path: "{{ composer_home_path }}" + owner: "{{ composer_home_owner }}" + group: "{{ composer_home_group }}" + state: directory + mode: 0755 + +- name: Add GitHub OAuth token for Composer (if configured). + become: true + become_user: "{{ composer_home_owner }}" + template: + src: "auth.json.j2" + dest: "{{ composer_home_path }}/auth.json" + owner: "{{ composer_home_owner }}" + group: "{{ composer_home_group }}" + mode: 0644 + when: composer_github_oauth_token | length > 0 + +- include_tasks: global-require.yml + when: composer_global_packages | length > 0 + +- include_tasks: project-bin.yml + when: composer_add_project_to_path | bool diff --git a/roles/geerlingguy.composer/tasks/project-bin.yml b/roles/geerlingguy.composer/tasks/project-bin.yml new file mode 100644 index 0000000..3f9112e --- /dev/null +++ b/roles/geerlingguy.composer/tasks/project-bin.yml @@ -0,0 +1,6 @@ +--- +- name: Add composer_project_path bin directory to global $PATH. + template: + src: composer-project.sh.j2 + dest: /etc/profile.d/composer-project.sh + mode: 0644 diff --git a/roles/geerlingguy.composer/templates/auth.json.j2 b/roles/geerlingguy.composer/templates/auth.json.j2 new file mode 100644 index 0000000..a41c214 --- /dev/null +++ b/roles/geerlingguy.composer/templates/auth.json.j2 @@ -0,0 +1,5 @@ +{ + "github-oauth": { + "github.com": "{{ composer_github_oauth_token }}" + } +} diff --git a/roles/geerlingguy.composer/templates/composer-project.sh.j2 b/roles/geerlingguy.composer/templates/composer-project.sh.j2 new file mode 100644 index 0000000..9c77dbe --- /dev/null +++ b/roles/geerlingguy.composer/templates/composer-project.sh.j2 @@ -0,0 +1 @@ +export PATH={{ composer_project_path }}:$PATH diff --git a/roles/geerlingguy.composer/templates/composer.sh.j2 b/roles/geerlingguy.composer/templates/composer.sh.j2 new file mode 100644 index 0000000..3e6cd7a --- /dev/null +++ b/roles/geerlingguy.composer/templates/composer.sh.j2 @@ -0,0 +1 @@ +export PATH=$PATH:{{ composer_home_path }}/vendor/bin diff --git a/roles/geerlingguy.php/.ansible-lint b/roles/geerlingguy.php/.ansible-lint new file mode 100644 index 0000000..8d58b47 --- /dev/null +++ b/roles/geerlingguy.php/.ansible-lint @@ -0,0 +1,5 @@ +skip_list: + - 'yaml' + - 'risky-shell-pipe' + - 'no-handler' + - 'role-name' diff --git a/roles/geerlingguy.php/.github/FUNDING.yml b/roles/geerlingguy.php/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/roles/geerlingguy.php/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/roles/geerlingguy.php/.github/stale.yml b/roles/geerlingguy.php/.github/stale.yml new file mode 100644 index 0000000..3cc6ec3 --- /dev/null +++ b/roles/geerlingguy.php/.github/stale.yml @@ -0,0 +1,57 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - bug + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.php/.github/workflows/ci.yml b/roles/geerlingguy.php/.github/workflows/ci.yml new file mode 100644 index 0000000..a96836a --- /dev/null +++ b/roles/geerlingguy.php/.github/workflows/ci.yml @@ -0,0 +1,81 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "0 4 * * 4" + +defaults: + run: + working-directory: 'geerlingguy.php' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + include: + - distro: rockylinux8 + playbook: converge.yml + - distro: ubuntu2204 + playbook: converge.yml + - distro: ubuntu2004 + playbook: converge.yml + - distro: ubuntu1804 + playbook: converge.yml + - distro: debian12 + playbook: converge.yml + - distro: debian11 + playbook: converge.yml + + # Had some trouble, might fix later. + # - distro: debian11 + # playbook: source-install.yml + + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule molecule-plugins[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} + MOLECULE_PLAYBOOK: ${{ matrix.playbook }} diff --git a/roles/geerlingguy.php/.github/workflows/release.yml b/roles/geerlingguy.php/.github/workflows/release.yml new file mode 100644 index 0000000..36cb2b5 --- /dev/null +++ b/roles/geerlingguy.php/.github/workflows/release.yml @@ -0,0 +1,40 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.php' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-core + + - name: Trigger a new import on Galaxy. + run: >- + ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} + $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/geerlingguy.php/.gitignore b/roles/geerlingguy.php/.gitignore new file mode 100644 index 0000000..8840c8f --- /dev/null +++ b/roles/geerlingguy.php/.gitignore @@ -0,0 +1,5 @@ +*.retry +*/__pycache__ +*.pyc +.cache + diff --git a/roles/geerlingguy.php/.yamllint b/roles/geerlingguy.php/.yamllint new file mode 100644 index 0000000..f2033dd --- /dev/null +++ b/roles/geerlingguy.php/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 120 + level: warning + +ignore: | + .github/stale.yml + .travis.yml diff --git a/roles/geerlingguy.php/LICENSE b/roles/geerlingguy.php/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/roles/geerlingguy.php/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.php/README.md b/roles/geerlingguy.php/README.md new file mode 100644 index 0000000..3f0b9c4 --- /dev/null +++ b/roles/geerlingguy.php/README.md @@ -0,0 +1,248 @@ +# Ansible Role: PHP + +[![CI](https://github.com/geerlingguy/ansible-role-php/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-php/actions?query=workflow%3ACI) + +Installs PHP on RedHat/CentOS and Debian/Ubuntu servers. + +## Requirements + +If you're using an older LTS release of Ubuntu or RHEL, with an old/outdated version of PHP, you need to use a repo or PPA with a maintained PHP version, as this role only works with [PHP versions that are currently supported](http://php.net/supported-versions.php) by the PHP community. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + php_packages: [] + +A list of the PHP packages to install (OS-specific by default). You'll likely want to install common packages like `php`, `php-cli`, `php-devel` and `php-pdo`, and you can add in whatever other packages you'd like (for example, `php-gd` for image manipulation, or `php-ldap` if you need to connect to an LDAP server for authentication). + +_Note: If you're using Debian/Ubuntu, you also need to install `libapache2-mod-fastcgi` (for cgi/PHP-FPM) or `libapache2-mod-php7.0` (or a similar package depending on PHP version) if you want to use `mod_php` with Apache._ + + php_packages_extra: [] + +A list of extra PHP packages to install without overriding the default list. + + php_enable_webserver: true + +If your usage of PHP is tied to a web server (e.g. Apache or Nginx), leave this default value. If you are using PHP server-side or to run some small application, set this value to `false` so this role doesn't attempt to interact with a web server. + + php_webserver_daemon: "httpd" + +The default values for the HTTP server deamon are `httpd` (used by Apache) for RedHat/CentOS, or `apache2` (also used by Apache) for Debian/Ubuntu. If you are running another webserver (for example, `nginx`), change this value to the name of the daemon under which the webserver runs. + + php_enablerepo: "" + +(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi)), those repositories can be listed under this variable (e.g. `remi-php70,epel`). This can be handy, as an example, if you want to install the latest version of PHP 7.0, which is in the Remi repository. + + php_default_version_debian: "" + +(Debian/Ubuntu only) The default version of PHP in the given OS version repositories. The specific version is set per distro and per version, but you can override it by providing a value here, like `"7.4"`. + +**If you'd like to be able to switch PHP versions easily, or use a version that's not available in system packages**: You can use the [`geerlingguy.php-versions`](https://galaxy.ansible.com/geerlingguy/php-versions/) role to more easily switch between major PHP versions (e.g. 5.6, 7.1, 7.2). + + php_packages_state: "present" + +If you have enabled any additional repositories such as [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to swap PHP versions on the fly. By default, this is set to `"present"`. You can override this variable to `"latest"` to upgrade to the latest available version. Combined with `php_enablerepo`, a user now doesn't need to manually uninstall the existing PHP packages before installing them from a different repository. + + php_install_recommends: true + +(Debian/Ubuntu only) Whether to install recommended packages when installing `php_packages`; you might want to set this to `no` explicitly if you're installing a PPA that recommends certain packages you don't want (e.g. Ondrej's `php` PPA will install `php7.0-cli` if you install `php-pear` alongside `php5.6-cli`... which is often not desired!). + + php_executable: "php" + +The executable to run when calling PHP from the command line. You should only change this if running `php` on your server doesn't target the correct executable, or if you're using software collections on RHEL/CentOS and need to target a different version of PHP. + +### PHP-FPM + +PHP-FPM is a simple and robust FastCGI Process Manager for PHP. It can dramatically ease scaling of PHP apps and is the normal way of running PHP-based sites and apps when using a webserver like Nginx (though it can be used with other webservers just as easily). + +When using this role with PHP running as `php-fpm` instead of as a process inside a webserver (e.g. Apache's `mod_php`), you need to set the following variable to `true`: + + php_enable_php_fpm: false + +If you're using Apache, you can easily get it configured to work with PHP-FPM using the [geerlingguy.apache-php-fpm](https://github.com/geerlingguy/ansible-role-apache-php-fpm) role. + + php_fpm_state: started + php_fpm_enabled_on_boot: true + +Control over the fpm daemon's state; set these to `stopped` and `false` if you want FPM to be installed and configured, but not running (e.g. when installing in a container). + + php_fpm_handler_state: restarted + +The handler restarts PHP-FPM by default. Setting the value to `reloaded` will reload the service, intead of restarting it. + + + php_fpm_pools: + - pool_name: www + pool_template: www.conf.j2 + pool_listen: "127.0.0.1:9000" + pool_listen_allowed_clients: "127.0.0.1" + pool_pm: dynamic + pool_pm_max_children: 5 + pool_pm_start_servers: 2 + pool_pm_min_spare_servers: 1 + pool_pm_max_spare_servers: 3 + pool_pm_max_requests: 500 + pool_pm_status_path: /status + +List of PHP-FPM pool to create. By default, www pool is created. To setup a new pool, add an item to php_fpm_pools list. + +Specific settings inside the default `www.conf.j2` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template using `pool_template`. + +### php.ini settings + + php_use_managed_ini: true + +By default, all the extra defaults below are applied through the php.ini included with this role. You can self-manage your php.ini file (if you need more flexility in its configuration) by setting this to `false` (in which case all the below variables will be ignored). + + php_fpm_pool_user: "[apache|nginx|other]" # default varies by OS + php_fpm_pool_group: "[apache|nginx|other]" # default varies by OS + php_memory_limit: "256M" + php_max_execution_time: "60" + php_max_input_time: "60" + php_max_input_vars: "1000" + php_realpath_cache_size: "32K" + php_file_uploads: "On" + php_upload_max_filesize: "64M" + php_max_file_uploads: "20" + php_post_max_size: "32M" + php_date_timezone: "America/Chicago" + php_allow_url_fopen: "On" + php_sendmail_path: "/usr/sbin/sendmail -t -i" + php_output_buffering: "4096" + php_short_open_tag: false + php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" + php_display_errors: "Off" + php_display_startup_errors: "On" + php_expose_php: "On" + php_session_cookie_lifetime: 0 + php_session_gc_probability: 1 + php_session_gc_divisor: 1000 + php_session_gc_maxlifetime: 1440 + php_session_save_handler: files + php_session_save_path: '' + php_disable_functions: [] + php_precision: 14 + php_serialize_precision: "-1" + +Various defaults for PHP. Only used if `php_use_managed_ini` is set to `true`. + +### OpCache-related Variables + +The OpCache is included in PHP starting in version 5.5, and the following variables will only take effect if the version of PHP you have installed is 5.5 or greater. + + php_opcache_zend_extension: "opcache.so" + php_opcache_enable: "1" + php_opcache_enable_cli: "0" + php_opcache_memory_consumption: "96" + php_opcache_interned_strings_buffer: "16" + php_opcache_max_accelerated_files: "4096" + php_opcache_max_wasted_percentage: "5" + php_opcache_validate_timestamps: "1" + php_opcache_revalidate_path: "0" + php_opcache_revalidate_freq: "2" + php_opcache_max_file_size: "0" + +OpCache ini directives that are often customized on a system. Make sure you have enough memory and file slots allocated in the OpCache (`php_opcache_memory_consumption`, in MB, and `php_opcache_max_accelerated_files`) to contain all the PHP code you are running. If not, you may get less-than-optimal performance! + +For custom opcache.so location provide full path with `php_opcache_zend_extension`. + + php_opcache_conf_filename: [platform-specific] + +The platform-specific opcache configuration filename. Generally the default should work, but in some cases, you may need to override the filename. + +### APCu-related Variables + + php_enable_apc: true + +Whether to enable APCu. Other APCu variables will be ineffective if this is set to false. + + php_apc_shm_size: "96M" + php_apc_enable_cli: "0" + +APCu ini directives that are often customized on a system. Set the `php_apc_shm_size` so it will hold all cache entries in memory with a little overhead (fragmentation or APC running out of memory will slow down PHP *dramatically*). + + php_apc_conf_filename: [platform-specific] + +The platform-specific APC configuration filename. Generally the default should work, but in some cases, you may need to override the filename. + +#### Ensuring APC is installed + +If you use APC, you will need to make sure APC is installed (it is installed by default, but if you customize the `php_packages` list, you need to include APC in the list): + + - *On RHEL/CentOS systems*: Make sure `php-pecl-apcu` is in the list of `php_packages`. + - *On Debian/Ubuntu systems*: Make sure `php-apcu` is in the list of `php_packages`. + +### Installing from Source + +If you need a specific version of PHP, or would like to test the latest (e.g. master) version of PHP, there's a good chance there's no suitable package already available in your platform's package manager. In these cases, you may choose to install PHP from source by compiling it directly. + +Note that source compilation takes *much* longer than installing from packages (PHP HEAD takes 5+ minutes to compile on a modern quad-core computer, just as a point of reference). + + php_install_from_source: false + +Set this to `true` to install PHP from source instead of installing from packages. + + php_source_version: "master" + +The version of PHP to install from source (a git branch, tag, or commit hash). + + php_source_clone_dir: "~/php-src" + php_source_clone_depth: 1 + php_source_install_path: "/opt/php" + php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" + php_source_mysql_config: "/usr/bin/mysql_config" + +Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific), and `mysql_config` binary (this may be `mariadb_config` in newer operating system versions). + + php_source_make_command: "make" + +Set the `make` command to `make --jobs=X` where `X` is the number of cores present on the server where PHP is being compiled. Will speed up compilation times dramatically if you have multiple cores. + + php_source_configure_command: > + [...] + +The `./configure` command that will build the Makefile to be used for PHP compilation. Add in all the options you need for your particular environment. Using a folded scalar (`>`) allows you to define the variable over multiple lines, which is extremely helpful for legibility and source control! + +A few other notes/caveats for specific configurations: + + - **Apache with `mpm_prefork`**: If you're using Apache with prefork as a webserver for PHP, you will need to make sure `apxs2` is available on your system (e.g. by installing `apache2-prefork-dev` in Ubuntu), and you will need to make sure the option `--with-apxs2` is defined in `php_source_configure_command`. Finally, you will need to make sure the `mpm_prefork` module is loaded instead of `mpm_worker` or `mpm_event`, and likely add a `phpX.conf` (where `X` is the major version of PHP) configuration file to the Apache module config folder with contents like [`php7.conf`](https://gist.github.com/geerlingguy/5ae5445f28e71264e8c1). + - **Apache with `mpm_event` or `mpm_worker`**: If you're using Apache with event or worker as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. You'll also need to make sure Apache's support for CGI and event is installed (e.g. by installing `apache2-mpm-event` and `libapache2-mod-fastcgi`) and the `mpm_event` module is loaded. + - **Nginx**: If you're using Nginx as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.php } + +*Inside `vars/main.yml`*: + + php_memory_limit: "128M" + php_max_execution_time: "90" + php_upload_max_filesize: "256M" + php_packages: + - php + - php-cli + - php-common + - php-devel + - php-gd + - php-mbstring + - php-pdo + - php-pecl-apcu + - php-xml + ... + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.php/defaults/main.yml b/roles/geerlingguy.php/defaults/main.yml new file mode 100644 index 0000000..2f7e9b6 --- /dev/null +++ b/roles/geerlingguy.php/defaults/main.yml @@ -0,0 +1,156 @@ +--- +# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only +# for RHEL/CentOS. +php_enablerepo: "" + +# Extra packages to install (in addition to distro-specific default lists). +php_packages_extra: [] + +# Default PHP version to install on Debian-based OSes (OS-specific). +# php_default_version_debian: "" + +# PHP package state; use 'present' to make sure it's installed, or 'latest' if +# you want to upgrade or switch versions using a new repo. +php_packages_state: present + +# Whether to install recommended packages. Used only for Debian/Ubuntu. +php_install_recommends: true + +# Set this to false if you're not using PHP with Apache/Nginx/etc. +php_enable_webserver: true + +# PHP-FPM configuration. +php_enable_php_fpm: false +php_fpm_state: started +php_fpm_handler_state: restarted +php_fpm_enabled_on_boot: true +php_fpm_listen: "127.0.0.1:9000" +php_fpm_listen_allowed_clients: "127.0.0.1" +php_fpm_pm_max_children: 50 +php_fpm_pm_start_servers: 5 +php_fpm_pm_min_spare_servers: 5 +php_fpm_pm_max_spare_servers: 5 +php_fpm_pm_max_requests: 0 +php_fpm_pm_status_path: "" + +# PHP-FPM pool configuration. +php_fpm_pools: + - pool_name: www + pool_template: www.conf.j2 + pool_listen: "{{ php_fpm_listen }}" + pool_listen_allowed_clients: "{{ php_fpm_listen_allowed_clients }}" + pool_pm: dynamic + pool_pm_max_children: "{{ php_fpm_pm_max_children }}" + pool_pm_start_servers: "{{ php_fpm_pm_start_servers }}" + pool_pm_min_spare_servers: "{{ php_fpm_pm_min_spare_servers }}" + pool_pm_max_spare_servers: "{{ php_fpm_pm_max_spare_servers }}" + pool_pm_max_requests: "{{ php_fpm_pm_max_requests }}" + pool_pm_status_path: "{{ php_fpm_pm_status_path }}" + +# The executable to run when calling PHP from the command line. +php_executable: "php" + +# OpCache settings. +php_opcache_zend_extension: "opcache.so" +php_opcache_enable: "1" +php_opcache_enable_cli: "0" +php_opcache_memory_consumption: "96" +php_opcache_interned_strings_buffer: "16" +php_opcache_max_accelerated_files: "4096" +php_opcache_max_wasted_percentage: "5" +php_opcache_validate_timestamps: "1" +php_opcache_revalidate_path: "0" +php_opcache_revalidate_freq: "2" +php_opcache_max_file_size: "0" +php_opcache_blacklist_filename: "" + +# APCu settings. +php_enable_apc: true +php_apc_shm_size: "96M" +php_apc_enable_cli: "0" + +# If this is set to false, none of the following options will have any effect. +# Any and all changes to /etc/php.ini will be your responsibility. +php_use_managed_ini: true + +php_expose_php: "On" +php_memory_limit: "256M" +php_max_execution_time: "60" +php_max_input_time: "60" +php_max_input_vars: "1000" +php_realpath_cache_size: "32K" + +php_file_uploads: "On" +php_upload_max_filesize: "64M" +php_max_file_uploads: "20" + +php_post_max_size: "32M" +php_date_timezone: "America/Chicago" +php_allow_url_fopen: "On" + +php_sendmail_path: "/usr/sbin/sendmail -t -i" +php_output_buffering: "4096" +php_short_open_tag: "Off" +php_disable_functions: [] +php_precision: 14 +php_serialize_precision: "-1" + +php_session_cookie_lifetime: 0 +php_session_gc_probability: 1 +php_session_gc_divisor: 1000 +php_session_gc_maxlifetime: 1440 +php_session_save_handler: files +php_session_save_path: '' + +php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" +php_display_errors: "Off" +php_display_startup_errors: "Off" + +# Install PHP from source (instead of using a package manager) with these vars. +php_install_from_source: false +php_source_repo: "https://github.com/php/php-src.git" +php_source_version: "master" +php_source_clone_dir: "~/php-src" +php_source_clone_depth: 1 +php_source_install_path: "/opt/php" +php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" +php_source_mysql_config: "/usr/bin/mysql_config" +# For faster compile time: "make --jobs=X" where X is # of cores present. +php_source_make_command: "make" +php_source_configure_command: > + ./configure + --prefix={{ php_source_install_path }} + --with-config-file-path={{ php_conf_paths | first }} + --enable-mbstring + --enable-zip + --enable-bcmath + --enable-pcntl + --enable-ftp + --enable-exif + --enable-calendar + --enable-opcache + --enable-pdo + --enable-sysvmsg + --enable-sysvsem + --enable-sysvshm + --enable-wddx + --with-curl + --with-mcrypt + --with-iconv + --with-gmp + --with-pspell + --with-gd + --with-jpeg-dir=/usr + --with-png-dir=/usr + --with-zlib-dir=/usr + --with-xpm-dir=/usr + --with-freetype-dir=/usr + --enable-gd-native-ttf + --enable-gd-jis-conv + --with-openssl + --with-pdo-mysql=/usr + --with-gettext=/usr + --with-zlib=/usr + --with-bz2=/usr + --with-recode=/usr + --with-mysqli={{ php_source_mysql_config }} diff --git a/roles/geerlingguy.php/handlers/main.yml b/roles/geerlingguy.php/handlers/main.yml new file mode 100644 index 0000000..b6f2513 --- /dev/null +++ b/roles/geerlingguy.php/handlers/main.yml @@ -0,0 +1,16 @@ +--- +- name: restart webserver + service: + name: "{{ php_webserver_daemon }}" + state: restarted + notify: restart php-fpm + when: php_enable_webserver + +- name: restart php-fpm + service: + name: "{{ php_fpm_daemon }}" + state: "{{ php_fpm_handler_state }}" + when: + - php_enable_php_fpm + - php_fpm_state == 'started' + - not ansible_check_mode diff --git a/roles/geerlingguy.php/meta/.galaxy_install_info b/roles/geerlingguy.php/meta/.galaxy_install_info new file mode 100644 index 0000000..c8b97f7 --- /dev/null +++ b/roles/geerlingguy.php/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: 'Thu 23 May 2024 07:16:28 PM ' +version: 5.0.1 diff --git a/roles/geerlingguy.php/meta/main.yml b/roles/geerlingguy.php/meta/main.yml new file mode 100644 index 0000000..9ed6d9e --- /dev/null +++ b/roles/geerlingguy.php/meta/main.yml @@ -0,0 +1,30 @@ +--- +dependencies: [] + +galaxy_info: + role_name: php + author: geerlingguy + description: PHP for RedHat/CentOS/Fedora/Debian/Ubuntu. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.10 + platforms: + - name: Fedora + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - development + - web + - php + - language + - fpm + - drupal + - wordpress + - joomla + - magento diff --git a/roles/geerlingguy.php/molecule/default/converge.yml b/roles/geerlingguy.php/molecule/default/converge.yml new file mode 100644 index 0000000..9fd340f --- /dev/null +++ b/roles/geerlingguy.php/molecule/default/converge.yml @@ -0,0 +1,72 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + php_enable_webserver: false + php_enable_php_fpm: true + php_memory_limit: "192M" + php_enablerepo: "remi,remi-php82" + php_install_recommends: false + + handlers: + - name: update apt cache + apt: update_cache=true + when: ansible_os_family == 'Debian' + + pre_tasks: + - name: Update apt cache. + apt: + update_cache: true + cache_valid_time: 600 + when: ansible_os_family == 'Debian' + changed_when: false + + - name: Ensure dirmngr is installed (gnupg dependency). + apt: + name: dirmngr + state: present + when: ansible_os_family == 'Debian' + + # Debian-specific tasks. + - name: Add dependencies for PHP versions (Debian). + apt: + name: + - apt-transport-https + - ca-certificates + - gnupg2 + state: present + when: ansible_distribution == "Debian" + + - name: Add Ondrej Sury's repo for PHP 8 (Ubuntu). + apt_repository: + repo: 'ppa:ondrej/php' + when: ansible_distribution == 'Ubuntu' + + - name: Add Ondrej Sury's apt key (Debian). + apt_key: + url: https://packages.sury.org/php/apt.gpg + state: present + when: ansible_distribution == "Debian" + + - name: Add Ondrej Sury's repo (Debian). + apt_repository: + repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main" + state: present + when: ansible_distribution == "Debian" + notify: update apt cache + + - meta: flush_handlers + + roles: + - role: geerlingguy.repo-remi + when: + - ansible_os_family == 'RedHat' + - ansible_distribution != 'Fedora' + - role: geerlingguy.php + + post_tasks: + - name: Confirm PHP configuration is correct. + shell: php -i | grep 'memory_limit.*192' + changed_when: false diff --git a/roles/geerlingguy.php/molecule/default/molecule.yml b/roles/geerlingguy.php/molecule/default/molecule.yml new file mode 100644 index 0000000..d291e5b --- /dev/null +++ b/roles/geerlingguy.php/molecule/default/molecule.yml @@ -0,0 +1,19 @@ +--- +role_name_check: 1 +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.php/molecule/default/requirements.yml b/roles/geerlingguy.php/molecule/default/requirements.yml new file mode 100644 index 0000000..809b89b --- /dev/null +++ b/roles/geerlingguy.php/molecule/default/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: geerlingguy.repo-remi +- src: geerlingguy.git diff --git a/roles/geerlingguy.php/molecule/default/source-install.yml b/roles/geerlingguy.php/molecule/default/source-install.yml new file mode 100644 index 0000000..d9ad0f9 --- /dev/null +++ b/roles/geerlingguy.php/molecule/default/source-install.yml @@ -0,0 +1,32 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + php_enable_webserver: false + php_install_from_source: true + php_source_clone_dir: /root/php-src + php_source_make_command: "make --jobs=2" + php_version: "7.4.8" + php_source_version: "php-{{ php_version }}" + php_memory_limit: "192M" + + pre_tasks: + - name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + + roles: + - role: geerlingguy.git + - role: geerlingguy.php + + post_tasks: + - name: Confirm PHP configuration is correct. + shell: php -i | grep 'memory_limit.*192' + changed_when: false + + - name: Check the installed PHP version. + shell: '/usr/bin/php --version | grep -qF "PHP {{ php_version }}"' + changed_when: false diff --git a/roles/geerlingguy.php/tasks/configure-apcu.yml b/roles/geerlingguy.php/tasks/configure-apcu.yml new file mode 100644 index 0000000..a29f8d6 --- /dev/null +++ b/roles/geerlingguy.php/tasks/configure-apcu.yml @@ -0,0 +1,37 @@ +--- +- name: Check for existing APCu config files. + find: + paths: "{{ item }}" + contains: 'extension(\s+)?=(\s+)?apc[u]?\.so' + register: php_installed_apc_confs + with_items: "{{ php_extension_conf_paths }}" + +- name: Remove any non-role-supplied APCu config files. + file: + path: "{{ item.1.path }}" + state: absent + when: php_apc_conf_filename != (item.1.path.split('/') | last) + with_subelements: + - "{{ php_installed_apc_confs.results }}" + - files + notify: restart webserver + +- name: Ensure APCu config file is present. + template: + src: apc.ini.j2 + dest: "{{ item }}/{{ php_apc_conf_filename }}" + owner: root + group: root + force: true + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + when: php_enable_apc + notify: restart webserver + +- name: Remove APCu config file if APC is disabled. + file: + path: "{{ item }}/{{ php_apc_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: not php_enable_apc + notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/configure-fpm.yml b/roles/geerlingguy.php/tasks/configure-fpm.yml new file mode 100644 index 0000000..0187778 --- /dev/null +++ b/roles/geerlingguy.php/tasks/configure-fpm.yml @@ -0,0 +1,56 @@ +--- +- name: Define php_fpm_daemon. + set_fact: + php_fpm_daemon: "{{ __php_fpm_daemon }}" + when: php_fpm_daemon is not defined + +- name: Define php_fpm_pool_conf_path. + set_fact: + php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}" + when: php_fpm_pool_conf_path is not defined + +- name: Define php_fpm_pool_user. + set_fact: + php_fpm_pool_user: "{{ __php_fpm_pool_user }}" + when: php_fpm_pool_user is not defined + +- name: Define php_fpm_pool_group. + set_fact: + php_fpm_pool_group: "{{ __php_fpm_pool_group }}" + when: php_fpm_pool_group is not defined + +- name: Stat php_fpm_pool_conf_path + stat: + path: "{{ php_fpm_pool_conf_path | dirname }}" + register: php_fpm_pool_conf_path_dir_stat + +- name: Ensure the default pool directory exists. + file: + path: "{{ php_fpm_pool_conf_path | dirname }}" + state: directory + owner: root + group: root + mode: 0755 + when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined + +- name: Create fpm pools. + template: + src: "{{ item.pool_template | default('www.conf.j2', true) }}" + dest: "{{ php_fpm_pool_conf_path | dirname }}/{{ item.pool_name }}.conf" + owner: root + group: root + mode: 0644 + force: true + loop: "{{ php_fpm_pools | default([], true) }}" + when: php_enable_php_fpm + notify: restart php-fpm + +- name: Ensure php-fpm is started and enabled at boot (if configured). + service: + name: "{{ php_fpm_daemon }}" + state: "{{ php_fpm_state }}" + enabled: "{{ php_fpm_enabled_on_boot }}" + when: + - php_enable_php_fpm + - ansible_distribution != "Debian" + - not ansible_check_mode diff --git a/roles/geerlingguy.php/tasks/configure-opcache.yml b/roles/geerlingguy.php/tasks/configure-opcache.yml new file mode 100644 index 0000000..fc043d0 --- /dev/null +++ b/roles/geerlingguy.php/tasks/configure-opcache.yml @@ -0,0 +1,37 @@ +--- +- name: Check for existing OpCache config files. + find: + paths: "{{ item }}" + contains: 'zend_extension(\s+)?=(\s+)?opcache\.so' + register: php_installed_opcache_confs + with_items: "{{ php_extension_conf_paths }}" + +- name: Remove any non-role-supplied OpCache config files. + file: + path: "{{ item.1.path }}" + state: absent + when: php_opcache_conf_filename != (item.1.path.split('/') | last) + with_subelements: + - "{{ php_installed_opcache_confs.results }}" + - files + notify: restart webserver + +- name: Ensure OpCache config file is present. + template: + src: opcache.ini.j2 + dest: "{{ item }}/{{ php_opcache_conf_filename }}" + owner: root + group: root + force: true + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + when: php_opcache_enable | bool + notify: restart webserver + +- name: Remove OpCache config file if OpCache is disabled. + file: + path: "{{ item }}/{{ php_opcache_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: not php_opcache_enable | bool + notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/configure.yml b/roles/geerlingguy.php/tasks/configure.yml new file mode 100644 index 0000000..68eafa0 --- /dev/null +++ b/roles/geerlingguy.php/tasks/configure.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure configuration directories exist. + ansible.builtin.file: + path: "{{ item }}" + state: directory + follow: true + mode: 0755 + with_items: + - "{{ php_conf_paths | flatten }}" + - "{{ php_extension_conf_paths | flatten }}" + +- name: Place PHP configuration file in place. + ansible.builtin.template: + src: php.ini.j2 + dest: "{{ item }}/php.ini" + owner: root + group: root + mode: 0644 + with_items: "{{ php_conf_paths }}" + notify: restart webserver + when: php_use_managed_ini diff --git a/roles/geerlingguy.php/tasks/install-from-source.yml b/roles/geerlingguy.php/tasks/install-from-source.yml new file mode 100644 index 0000000..035d2b3 --- /dev/null +++ b/roles/geerlingguy.php/tasks/install-from-source.yml @@ -0,0 +1,158 @@ +--- +- name: Ensure dependencies for building from source are installed (RedHat). + package: + name: + - autoconf + - automake + - libtool + - bison + - make + - re2c + - sqlite-devel + - oniguruma-devel + - curl-devel + - recode-devel + - aspell-devel + - libxml2-devel + - pkgconfig + - libmcrypt-devel + - t1lib-devel + - libXpm-devel + - libpng-devel + - libjpeg-turbo-devel + - bzip2-devel + - openssl-devel + - freetype-devel + - libicu-devel + - mariadb-devel + - gmp-devel + state: present + when: ansible_os_family == 'RedHat' + +- name: Update apt cache (Debian). + apt: update_cache=yes cache_valid_time=86400 + when: ansible_os_family == 'Debian' + +- name: Ensure dependencies for building from source are installed (Debian). + apt: + name: + - build-essential + - autoconf + - automake + - libtool + - bison + - pkg-config + - re2c + - libsqlite3-dev + - libonig-dev + - libxml2-dev + - libcurl4-openssl-dev + - libbz2-dev + - libjpeg-dev + - libpng-dev + - libxpm-dev + - libfreetype6-dev + - libgmp3-dev + - libmcrypt-dev + - libmariadb-dev + - libpspell-dev + - librecode-dev + - libssl-dev + state: present + when: ansible_os_family == 'Debian' + +- name: Define php_fpm_daemon (if not defined already). + set_fact: + php_fpm_daemon: "php-fpm" + when: php_fpm_daemon is not defined + +- name: Check if gmp.h is already in a location accessible to gcc. + stat: path=/usr/include/gmp.h + register: gmp_file + +- name: Ensure gmp.h is symlinked into a location accessible to gcc. + file: # noqa 208 + src: "{{ php_source_install_gmp_path }}" + dest: /usr/include/gmp.h + state: link + when: not gmp_file.stat.exists + +- name: Check if PHP is installed. + command: which php + changed_when: false + failed_when: false + register: php_installed + +- name: Clone the PHP repository. + git: + repo: "{{ php_source_repo }}" + dest: "{{ php_source_clone_dir }}" + version: "{{ php_source_version }}" + accept_hostkey: true + depth: "{{ php_source_clone_depth }}" + when: php_installed.rc != 0 + +- name: Ensure PHP installation path exists. + file: + path: "{{ php_source_install_path }}" + state: directory + mode: 0755 + when: php_installed.rc != 0 + +- name: Build configure script. + command: > + ./buildconf --force + chdir={{ php_source_clone_dir }} + when: php_installed.rc != 0 + +- name: Run configure script. + command: > + {{ php_source_configure_command }} + chdir={{ php_source_clone_dir }} + when: php_installed.rc != 0 + +- name: Make and install PHP. + command: > + {{ item }} + chdir={{ php_source_clone_dir }} + with_items: + - "{{ php_source_make_command }}" + - make install + when: php_installed.rc != 0 + +- name: Ensure php executable is symlinked into a standard path. + file: # noqa 208 + src: "{{ php_source_install_path }}/bin/php" + dest: /usr/bin/php + state: link + +# PHP FPM configuration. +- name: Ensure php-fpm executable is symlinked into a standard path. + file: # noqa 208 + src: "{{ php_source_install_path }}/sbin/php-fpm" + dest: "/usr/sbin/{{ php_fpm_daemon }}" + state: link + when: "'--enable-fpm' in php_source_configure_command" + +- name: Ensure php-fpm init script is installed. + template: + src: fpm-init.j2 + dest: "/etc/init.d/{{ php_fpm_daemon }}" + mode: 0755 + when: "'--enable-fpm' in php_source_configure_command" + notify: restart php-fpm + +- name: Ensure php-fpm config directory exists. + file: + path: "{{ php_fpm_conf_path }}" + state: directory + mode: 0755 + when: "'--enable-fpm' in php_source_configure_command" + +- name: Ensure php-fpm config file is installed. + template: + src: php-fpm.conf.j2 + dest: "{{ php_fpm_conf_path }}/php-fpm.conf" + mode: 0644 + when: "'--enable-fpm' in php_source_configure_command" + notify: restart php-fpm diff --git a/roles/geerlingguy.php/tasks/main.yml b/roles/geerlingguy.php/tasks/main.yml new file mode 100644 index 0000000..9d04cfc --- /dev/null +++ b/roles/geerlingguy.php/tasks/main.yml @@ -0,0 +1,87 @@ +--- +# Variable setup. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Include distribution and version-specific vars. + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + skip: true + +- name: Set the default PHP version for Debian-based OSes. + set_fact: + php_default_version_debian: "{{ __php_default_version_debian }}" + when: php_default_version_debian is not defined and ansible_os_family == 'Debian' + +- name: Define the name of the JSON extension package on Debian for PHP <8. + set_fact: + __php_json_package_debian: "{{ 'php' + php_default_version_debian + '-json' }}" + when: ansible_os_family == 'Debian' and php_default_version_debian is version('8.0', '<') + +- name: Add the JSON extension on Debian for PHP <8. + set_fact: + __php_packages: "{{ __php_packages + [__php_json_package_debian] }}" + when: __php_json_package_debian is defined and __php_json_package_debian not in __php_packages + +- name: Define php_packages. + set_fact: + php_packages: "{{ __php_packages | list }}" + when: php_packages is not defined + +- name: Define php_webserver_daemon. + set_fact: + php_webserver_daemon: "{{ __php_webserver_daemon }}" + when: php_webserver_daemon is not defined + +- name: Define php_conf_paths. + set_fact: + php_conf_paths: "{{ __php_conf_paths }}" + when: php_conf_paths is not defined + +- name: Define php_extension_conf_paths. + set_fact: + php_extension_conf_paths: "{{ __php_extension_conf_paths }}" + when: php_extension_conf_paths is not defined + +- name: Define php_apc_conf_filename. + set_fact: + php_apc_conf_filename: "{{ __php_apc_conf_filename }}" + when: php_apc_conf_filename is not defined + +- name: Define php_opcache_conf_filename (Ubuntu 16.04). + set_fact: + php_opcache_conf_filename: "10-opcache.ini" + when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04" + +- name: Define php_opcache_conf_filename. + set_fact: + php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}" + when: php_opcache_conf_filename is not defined + +- name: Define php_fpm_conf_path. + set_fact: + php_fpm_conf_path: "{{ __php_fpm_conf_path }}" + when: php_fpm_conf_path is not defined + +# Setup/install tasks. +- include_tasks: setup-RedHat.yml + when: + - not php_install_from_source + - ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: + - not php_install_from_source + - ansible_os_family == 'Debian' + +# Install PHP from source when php_install_from_source is true. +- include_tasks: install-from-source.yml + when: php_install_from_source + +# Configure PHP. +- include_tasks: configure.yml +- include_tasks: configure-apcu.yml +- include_tasks: configure-opcache.yml +- include_tasks: configure-fpm.yml diff --git a/roles/geerlingguy.php/tasks/setup-Debian.yml b/roles/geerlingguy.php/tasks/setup-Debian.yml new file mode 100644 index 0000000..a6657be --- /dev/null +++ b/roles/geerlingguy.php/tasks/setup-Debian.yml @@ -0,0 +1,27 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Ensure PHP packages are installed. + apt: + name: "{{ php_packages + php_packages_extra }}" + state: "{{ php_packages_state }}" + install_recommends: "{{ php_install_recommends }}" + register: php_package_install + notify: restart webserver + +- name: Delete APCu configuration file if this role will provide one. + file: + path: "{{ item }}/{{ php_apc_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: php_enable_apc and php_package_install.changed + notify: restart webserver + +- name: Delete OpCache configuration file if this role will provide one. + file: + path: "{{ item }}/{{ php_opcache_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: php_opcache_enable | bool and php_package_install.changed + notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/setup-RedHat.yml b/roles/geerlingguy.php/tasks/setup-RedHat.yml new file mode 100644 index 0000000..1d76b33 --- /dev/null +++ b/roles/geerlingguy.php/tasks/setup-RedHat.yml @@ -0,0 +1,7 @@ +--- +- name: Ensure PHP packages are installed. + package: + name: "{{ php_packages + php_packages_extra }}" + state: "{{ php_packages_state }}" + enablerepo: "{{ php_enablerepo | default(omit, true) }}" + notify: restart webserver diff --git a/roles/geerlingguy.php/templates/apc.ini.j2 b/roles/geerlingguy.php/templates/apc.ini.j2 new file mode 100644 index 0000000..bfd5706 --- /dev/null +++ b/roles/geerlingguy.php/templates/apc.ini.j2 @@ -0,0 +1,4 @@ +extension=apcu.so +apc.shm_size={{ php_apc_shm_size }} +apc.enable_cli={{ php_apc_enable_cli }} +apc.rfc1867=1 diff --git a/roles/geerlingguy.php/templates/fpm-init.j2 b/roles/geerlingguy.php/templates/fpm-init.j2 new file mode 100644 index 0000000..4d6a6d5 --- /dev/null +++ b/roles/geerlingguy.php/templates/fpm-init.j2 @@ -0,0 +1,170 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: php-fpm {{ php_fpm_daemon }} +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts {{ php_fpm_daemon }} +# Description: Starts The PHP FastCGI Process Manager Daemon +### END INIT INFO + +# Author: Ondrej Sury + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="PHP FastCGI Process Manager" +NAME={{ php_fpm_daemon }} +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf" +PIDFILE=/var/run/{{ php_fpm_daemon }}.pid +TIMEOUT=2 +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Don't run if we are running upstart +if init_is_upstart; then + exit 1 +fi + +# +# Function to check the correctness of the config file +# +do_check() +{ + /usr/lib/php5/php5-fpm-checkconf || return 1 + return 0 +} + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS 2>/dev/null \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + check) + do_check yes + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + reopen-logs) + log_daemon_msg "Reopening $DESC logs" $NAME + if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ + --pidfile $PIDFILE --exec $DAEMON + then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +: diff --git a/roles/geerlingguy.php/templates/opcache.ini.j2 b/roles/geerlingguy.php/templates/opcache.ini.j2 new file mode 100644 index 0000000..6146453 --- /dev/null +++ b/roles/geerlingguy.php/templates/opcache.ini.j2 @@ -0,0 +1,14 @@ +zend_extension={{ php_opcache_zend_extension }} +opcache.enable={{ php_opcache_enable }} +opcache.enable_cli={{ php_opcache_enable_cli }} +opcache.memory_consumption={{ php_opcache_memory_consumption }} +opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }} +opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }} +opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }} +opcache.validate_timestamps={{ php_opcache_validate_timestamps }} +opcache.revalidate_path={{ php_opcache_revalidate_path }} +opcache.revalidate_freq={{ php_opcache_revalidate_freq }} +opcache.max_file_size={{ php_opcache_max_file_size }} +{% if php_opcache_blacklist_filename != '' %} +opcache.blacklist_filename={{ php_opcache_blacklist_filename }} +{% endif %} diff --git a/roles/geerlingguy.php/templates/php-fpm.conf.j2 b/roles/geerlingguy.php/templates/php-fpm.conf.j2 new file mode 100644 index 0000000..12b277f --- /dev/null +++ b/roles/geerlingguy.php/templates/php-fpm.conf.j2 @@ -0,0 +1,12 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +include={{ php_fpm_conf_path }}/pool.d/*.conf + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +error_log = /var/log/php-fpm.log diff --git a/roles/geerlingguy.php/templates/php.ini.j2 b/roles/geerlingguy.php/templates/php.ini.j2 new file mode 100644 index 0000000..14b7eeb --- /dev/null +++ b/roles/geerlingguy.php/templates/php.ini.j2 @@ -0,0 +1,221 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +engine = On +short_open_tag = {{ php_short_open_tag }} +precision = {{ php_precision }} +output_buffering = {{ php_output_buffering }} + +zlib.output_compression = Off + +implicit_flush = Off +unserialize_callback_func = +serialize_precision = {{ php_serialize_precision }} +disable_functions = {{ php_disable_functions|join(",") }} +disable_classes = + +zend.enable_gc = On + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +expose_php = {{ php_expose_php }} + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +max_execution_time = {{ php_max_execution_time }} +max_input_time = {{ php_max_input_time }} +max_input_vars = {{ php_max_input_vars }} +memory_limit = {{ php_memory_limit }} + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +error_reporting = {{ php_error_reporting }} +display_errors = {{ php_display_errors }} +display_startup_errors = {{ php_display_startup_errors }} +log_errors = On +log_errors_max_len = 1024 +ignore_repeated_errors = Off +ignore_repeated_source = Off +report_memleaks = On +track_errors = Off +html_errors = On + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +auto_globals_jit = On + +post_max_size = {{ php_post_max_size }} +auto_prepend_file = +auto_append_file = + +default_mimetype = "text/html" + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +doc_root = +user_dir = + +enable_dl = Off + +realpath_cache_size = {{ php_realpath_cache_size }} + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +file_uploads = {{ php_file_uploads }} +upload_max_filesize = {{ php_upload_max_filesize }} +max_file_uploads = {{ php_max_file_uploads }} + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +allow_url_fopen = {{ php_allow_url_fopen }} +allow_url_include = Off + +default_socket_timeout = 60 + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +cli_server.color = On + +[Date] +date.timezone = {{ php_date_timezone }} + +[Pdo_mysql] +pdo_mysql.cache_size = 2000 +pdo_mysql.default_socket= + +[mail function] +; For Win32 only. +SMTP = localhost +smtp_port = 25 + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +sendmail_path = {{ php_sendmail_path }} + +mail.add_x_header = On + +[SQL] +sql.safe_mode = Off + +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 + +[MySQL] +mysql.allow_local_infile = On +mysql.allow_persistent = On +mysql.cache_size = 2000 +mysql.max_persistent = -1 +mysql.max_links = -1 +mysql.default_port = +mysql.default_socket = +mysql.default_host = +mysql.default_user = +mysql.default_password = +mysql.connect_timeout = 60 +mysql.trace_mode = Off + +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.cache_size = 2000 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off + +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[Session] +session.save_handler = {{ php_session_save_handler }} +session.save_path = {{ php_session_save_path }} +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 + +session.cookie_lifetime = {{ php_session_cookie_lifetime }} +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = + +session.serialize_handler = php + +session.gc_probability = {{ php_session_gc_probability }} +session.gc_divisor = {{ php_session_gc_divisor }} +session.gc_maxlifetime = {{ php_session_gc_maxlifetime }} + +session.referer_check = + +session.cache_limiter = nocache +session.cache_expire = 180 + +session.use_trans_sid = 0 + +session.hash_function = 0 +session.hash_bits_per_character = 5 + +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +[MSSQL] +mssql.allow_persistent = On +mssql.max_persistent = -1 +mssql.max_links = -1 +mssql.min_error_severity = 10 +mssql.min_message_severity = 10 +mssql.compatability_mode = Off +mssql.secure_connection = Off + +[Tidy] +tidy.clean_output = Off + +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 + +[ldap] +ldap.max_links = -1 diff --git a/roles/geerlingguy.php/templates/www.conf.j2 b/roles/geerlingguy.php/templates/www.conf.j2 new file mode 100644 index 0000000..efcb6d8 --- /dev/null +++ b/roles/geerlingguy.php/templates/www.conf.j2 @@ -0,0 +1,20 @@ +{{ ansible_managed | comment(decoration='; ') }} + +[{{ item.pool_name | mandatory }}] +listen = {{ item.pool_listen | mandatory }} +listen.allowed_clients = {{ item.pool_listen_allowed_clients | default('127.0.0.1', true) }} +user = {{ php_fpm_pool_user }} +group = {{ php_fpm_pool_group }} + +listen.owner = {{ php_fpm_pool_user }} +listen.group = {{ php_fpm_pool_group }} + +pm = {{ item.pool_pm | default('dynamic', true) }} +pm.max_children = {{ item.pool_pm_max_children | default(50, true) }} +pm.start_servers = {{ item.pool_pm_start_servers | default(5, true) }} +pm.min_spare_servers = {{ item.pool_pm_min_spare_servers | default(5, true) }} +pm.max_spare_servers = {{ item.pool_pm_max_spare_servers | default(5, true) }} +pm.max_requests = {{ item.pool_pm_max_requests | default(500, true) }} +{% if item.pool_pm_status_path|length %} +pm.status_path = {{ item.pool_pm_status_path }} +{% endif %} diff --git a/roles/geerlingguy.php/vars/Debian-10.yml b/roles/geerlingguy.php/vars/Debian-10.yml new file mode 100644 index 0000000..ec895ae --- /dev/null +++ b/roles/geerlingguy.php/vars/Debian-10.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.3" diff --git a/roles/geerlingguy.php/vars/Debian-11.yml b/roles/geerlingguy.php/vars/Debian-11.yml new file mode 100644 index 0000000..a16b99b --- /dev/null +++ b/roles/geerlingguy.php/vars/Debian-11.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.4" diff --git a/roles/geerlingguy.php/vars/Debian-12.yml b/roles/geerlingguy.php/vars/Debian-12.yml new file mode 100644 index 0000000..b545b36 --- /dev/null +++ b/roles/geerlingguy.php/vars/Debian-12.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "8.2" diff --git a/roles/geerlingguy.php/vars/Debian.yml b/roles/geerlingguy.php/vars/Debian.yml new file mode 100644 index 0000000..d03d1f9 --- /dev/null +++ b/roles/geerlingguy.php/vars/Debian.yml @@ -0,0 +1,38 @@ +--- +__php_default_version_debian: "7.0" +__php_packages: + - php{{ php_default_version_debian }}-common + - php{{ php_default_version_debian }}-cli + - php{{ php_default_version_debian }}-dev + - php{{ php_default_version_debian }}-fpm + - libpcre3-dev + - php{{ php_default_version_debian }}-gd + - php{{ php_default_version_debian }}-curl + - php{{ php_default_version_debian }}-imap + - php{{ php_default_version_debian }}-opcache + - php{{ php_default_version_debian }}-xml + - php{{ php_default_version_debian }}-mbstring + - php{{ php_default_version_debian }}-apcu + - php{{ php_default_version_debian }}-sqlite3 + +__php_webserver_daemon: "apache2" + +# Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode. +__php_conf_paths: + - /etc/php/{{ php_default_version_debian }}/fpm + - /etc/php/{{ php_default_version_debian }}/apache2 + - /etc/php/{{ php_default_version_debian }}/cli + +__php_extension_conf_paths: + - /etc/php/{{ php_default_version_debian }}/fpm/conf.d + - /etc/php/{{ php_default_version_debian }}/apache2/conf.d + - /etc/php/{{ php_default_version_debian }}/cli/conf.d + +__php_apc_conf_filename: 20-apcu.ini +__php_opcache_conf_filename: 10-opcache.ini +__php_fpm_daemon: php{{ php_default_version_debian }}-fpm +__php_fpm_conf_path: "/etc/php/{{ php_default_version_debian }}/fpm" +__php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf" + +__php_fpm_pool_user: www-data +__php_fpm_pool_group: www-data diff --git a/roles/geerlingguy.php/vars/RedHat.yml b/roles/geerlingguy.php/vars/RedHat.yml new file mode 100644 index 0000000..e1e4458 --- /dev/null +++ b/roles/geerlingguy.php/vars/RedHat.yml @@ -0,0 +1,32 @@ +--- +__php_packages: + - php + - php-cli + - php-common + - php-devel + - php-fpm + - php-gd + - php-ldap + - php-mbstring + - php-opcache + - php-pdo + - php-pear + - php-pecl-apcu + - php-xml + - php-xmlrpc +__php_webserver_daemon: "httpd" + +__php_conf_paths: + - /etc + +__php_extension_conf_paths: + - /etc/php.d + +__php_apc_conf_filename: 50-apc.ini +__php_opcache_conf_filename: 10-opcache.ini +__php_fpm_daemon: php-fpm +__php_fpm_conf_path: "/etc/fpm" +__php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf" + +__php_fpm_pool_user: apache +__php_fpm_pool_group: apache diff --git a/roles/geerlingguy.php/vars/Ubuntu-18.yml b/roles/geerlingguy.php/vars/Ubuntu-18.yml new file mode 100644 index 0000000..82230bc --- /dev/null +++ b/roles/geerlingguy.php/vars/Ubuntu-18.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.2" diff --git a/roles/geerlingguy.php/vars/Ubuntu-20.yml b/roles/geerlingguy.php/vars/Ubuntu-20.yml new file mode 100644 index 0000000..a16b99b --- /dev/null +++ b/roles/geerlingguy.php/vars/Ubuntu-20.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.4" diff --git a/roles/geerlingguy.php/vars/Ubuntu-22.yml b/roles/geerlingguy.php/vars/Ubuntu-22.yml new file mode 100644 index 0000000..833addf --- /dev/null +++ b/roles/geerlingguy.php/vars/Ubuntu-22.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "8.1" From 10f3f20e8d7e4ac62e2ac614f64b3ff5013004ab Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 23 May 2024 15:17:58 -0400 Subject: [PATCH 09/12] put back composer install --- playbook.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/playbook.yml b/playbook.yml index 1fcfee3..93bd6b1 100644 --- a/playbook.yml +++ b/playbook.yml @@ -36,6 +36,11 @@ - users - operations + - role: geerlingguy.composer + tags: + - system + - composer + - role: operations.ddev tags: - system From b21f4f3bfdc45864ef913b14330d113741e2c401 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 10 Jul 2025 06:38:44 -0400 Subject: [PATCH 10/12] remove roles --- roles/geerlingguy.composer/.ansible-lint | 3 - .../geerlingguy.composer/.github/FUNDING.yml | 4 - roles/geerlingguy.composer/.github/stale.yml | 57 ---- .../.github/workflows/ci.yml | 67 ----- .../.github/workflows/release.yml | 40 --- roles/geerlingguy.composer/.gitignore | 5 - roles/geerlingguy.composer/.yamllint | 11 - roles/geerlingguy.composer/LICENSE | 20 -- roles/geerlingguy.composer/README.md | 87 ------ roles/geerlingguy.composer/defaults/main.yml | 25 -- .../meta/.galaxy_install_info | 2 - roles/geerlingguy.composer/meta/main.yml | 44 ---- .../molecule/default/converge.yml | 41 --- .../molecule/default/molecule.yml | 17 -- .../molecule/default/requirements.yml | 5 - .../tasks/global-require.yml | 18 -- roles/geerlingguy.composer/tasks/main.yml | 76 ------ .../tasks/project-bin.yml | 6 - .../templates/auth.json.j2 | 5 - .../templates/composer-project.sh.j2 | 1 - .../templates/composer.sh.j2 | 1 - roles/geerlingguy.php/.ansible-lint | 5 - roles/geerlingguy.php/.github/FUNDING.yml | 4 - roles/geerlingguy.php/.github/stale.yml | 57 ---- .../geerlingguy.php/.github/workflows/ci.yml | 81 ------ .../.github/workflows/release.yml | 40 --- roles/geerlingguy.php/.gitignore | 5 - roles/geerlingguy.php/.yamllint | 11 - roles/geerlingguy.php/LICENSE | 20 -- roles/geerlingguy.php/README.md | 248 ------------------ roles/geerlingguy.php/defaults/main.yml | 156 ----------- roles/geerlingguy.php/handlers/main.yml | 16 -- .../geerlingguy.php/meta/.galaxy_install_info | 2 - roles/geerlingguy.php/meta/main.yml | 30 --- .../molecule/default/converge.yml | 72 ----- .../molecule/default/molecule.yml | 19 -- .../molecule/default/requirements.yml | 3 - .../molecule/default/source-install.yml | 32 --- .../geerlingguy.php/tasks/configure-apcu.yml | 37 --- roles/geerlingguy.php/tasks/configure-fpm.yml | 56 ---- .../tasks/configure-opcache.yml | 37 --- roles/geerlingguy.php/tasks/configure.yml | 21 -- .../tasks/install-from-source.yml | 158 ----------- roles/geerlingguy.php/tasks/main.yml | 87 ------ roles/geerlingguy.php/tasks/setup-Debian.yml | 27 -- roles/geerlingguy.php/tasks/setup-RedHat.yml | 7 - roles/geerlingguy.php/templates/apc.ini.j2 | 4 - roles/geerlingguy.php/templates/fpm-init.j2 | 170 ------------ .../geerlingguy.php/templates/opcache.ini.j2 | 14 - .../geerlingguy.php/templates/php-fpm.conf.j2 | 12 - roles/geerlingguy.php/templates/php.ini.j2 | 221 ---------------- roles/geerlingguy.php/templates/www.conf.j2 | 20 -- roles/geerlingguy.php/vars/Debian-10.yml | 2 - roles/geerlingguy.php/vars/Debian-11.yml | 2 - roles/geerlingguy.php/vars/Debian-12.yml | 2 - roles/geerlingguy.php/vars/Debian.yml | 38 --- roles/geerlingguy.php/vars/RedHat.yml | 32 --- roles/geerlingguy.php/vars/Ubuntu-18.yml | 2 - roles/geerlingguy.php/vars/Ubuntu-20.yml | 2 - roles/geerlingguy.php/vars/Ubuntu-22.yml | 2 - 60 files changed, 2289 deletions(-) delete mode 100644 roles/geerlingguy.composer/.ansible-lint delete mode 100644 roles/geerlingguy.composer/.github/FUNDING.yml delete mode 100644 roles/geerlingguy.composer/.github/stale.yml delete mode 100644 roles/geerlingguy.composer/.github/workflows/ci.yml delete mode 100644 roles/geerlingguy.composer/.github/workflows/release.yml delete mode 100644 roles/geerlingguy.composer/.gitignore delete mode 100644 roles/geerlingguy.composer/.yamllint delete mode 100644 roles/geerlingguy.composer/LICENSE delete mode 100644 roles/geerlingguy.composer/README.md delete mode 100644 roles/geerlingguy.composer/defaults/main.yml delete mode 100644 roles/geerlingguy.composer/meta/.galaxy_install_info delete mode 100644 roles/geerlingguy.composer/meta/main.yml delete mode 100644 roles/geerlingguy.composer/molecule/default/converge.yml delete mode 100644 roles/geerlingguy.composer/molecule/default/molecule.yml delete mode 100644 roles/geerlingguy.composer/molecule/default/requirements.yml delete mode 100644 roles/geerlingguy.composer/tasks/global-require.yml delete mode 100644 roles/geerlingguy.composer/tasks/main.yml delete mode 100644 roles/geerlingguy.composer/tasks/project-bin.yml delete mode 100644 roles/geerlingguy.composer/templates/auth.json.j2 delete mode 100644 roles/geerlingguy.composer/templates/composer-project.sh.j2 delete mode 100644 roles/geerlingguy.composer/templates/composer.sh.j2 delete mode 100644 roles/geerlingguy.php/.ansible-lint delete mode 100644 roles/geerlingguy.php/.github/FUNDING.yml delete mode 100644 roles/geerlingguy.php/.github/stale.yml delete mode 100644 roles/geerlingguy.php/.github/workflows/ci.yml delete mode 100644 roles/geerlingguy.php/.github/workflows/release.yml delete mode 100644 roles/geerlingguy.php/.gitignore delete mode 100644 roles/geerlingguy.php/.yamllint delete mode 100644 roles/geerlingguy.php/LICENSE delete mode 100644 roles/geerlingguy.php/README.md delete mode 100644 roles/geerlingguy.php/defaults/main.yml delete mode 100644 roles/geerlingguy.php/handlers/main.yml delete mode 100644 roles/geerlingguy.php/meta/.galaxy_install_info delete mode 100644 roles/geerlingguy.php/meta/main.yml delete mode 100644 roles/geerlingguy.php/molecule/default/converge.yml delete mode 100644 roles/geerlingguy.php/molecule/default/molecule.yml delete mode 100644 roles/geerlingguy.php/molecule/default/requirements.yml delete mode 100644 roles/geerlingguy.php/molecule/default/source-install.yml delete mode 100644 roles/geerlingguy.php/tasks/configure-apcu.yml delete mode 100644 roles/geerlingguy.php/tasks/configure-fpm.yml delete mode 100644 roles/geerlingguy.php/tasks/configure-opcache.yml delete mode 100644 roles/geerlingguy.php/tasks/configure.yml delete mode 100644 roles/geerlingguy.php/tasks/install-from-source.yml delete mode 100644 roles/geerlingguy.php/tasks/main.yml delete mode 100644 roles/geerlingguy.php/tasks/setup-Debian.yml delete mode 100644 roles/geerlingguy.php/tasks/setup-RedHat.yml delete mode 100644 roles/geerlingguy.php/templates/apc.ini.j2 delete mode 100644 roles/geerlingguy.php/templates/fpm-init.j2 delete mode 100644 roles/geerlingguy.php/templates/opcache.ini.j2 delete mode 100644 roles/geerlingguy.php/templates/php-fpm.conf.j2 delete mode 100644 roles/geerlingguy.php/templates/php.ini.j2 delete mode 100644 roles/geerlingguy.php/templates/www.conf.j2 delete mode 100644 roles/geerlingguy.php/vars/Debian-10.yml delete mode 100644 roles/geerlingguy.php/vars/Debian-11.yml delete mode 100644 roles/geerlingguy.php/vars/Debian-12.yml delete mode 100644 roles/geerlingguy.php/vars/Debian.yml delete mode 100644 roles/geerlingguy.php/vars/RedHat.yml delete mode 100644 roles/geerlingguy.php/vars/Ubuntu-18.yml delete mode 100644 roles/geerlingguy.php/vars/Ubuntu-20.yml delete mode 100644 roles/geerlingguy.php/vars/Ubuntu-22.yml diff --git a/roles/geerlingguy.composer/.ansible-lint b/roles/geerlingguy.composer/.ansible-lint deleted file mode 100644 index acc8255..0000000 --- a/roles/geerlingguy.composer/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -skip_list: - - 'yaml' - - 'role-name' diff --git a/roles/geerlingguy.composer/.github/FUNDING.yml b/roles/geerlingguy.composer/.github/FUNDING.yml deleted file mode 100644 index 96b4938..0000000 --- a/roles/geerlingguy.composer/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/geerlingguy.composer/.github/stale.yml b/roles/geerlingguy.composer/.github/stale.yml deleted file mode 100644 index 3cc6ec3..0000000 --- a/roles/geerlingguy.composer/.github/stale.yml +++ /dev/null @@ -1,57 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - bug - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.composer/.github/workflows/ci.yml b/roles/geerlingguy.composer/.github/workflows/ci.yml deleted file mode 100644 index 3c3ca67..0000000 --- a/roles/geerlingguy.composer/.github/workflows/ci.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -name: CI -'on': - pull_request: - push: - branches: - - master - schedule: - - cron: "0 6 * * 0" - -defaults: - run: - working-directory: 'geerlingguy.composer' - -jobs: - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.composer' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install yamllint - - - name: Lint code. - run: | - yamllint . - - molecule: - name: Molecule - runs-on: ubuntu-latest - strategy: - matrix: - distro: - - centos7 - - ubuntu2004 - - debian11 - - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.composer' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install ansible molecule[docker] docker - - - name: Run Molecule tests. - run: molecule test - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/roles/geerlingguy.composer/.github/workflows/release.yml b/roles/geerlingguy.composer/.github/workflows/release.yml deleted file mode 100644 index b81575f..0000000 --- a/roles/geerlingguy.composer/.github/workflows/release.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# This workflow requires a GALAXY_API_KEY secret present in the GitHub -# repository or organization. -# -# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy -# See: https://github.com/ansible/galaxy/issues/46 - -name: Release -'on': - push: - tags: - - '*' - -defaults: - run: - working-directory: 'geerlingguy.composer' - -jobs: - - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.composer' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install Ansible. - run: pip3 install ansible-core - - - name: Trigger a new import on Galaxy. - run: >- - ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} - $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/geerlingguy.composer/.gitignore b/roles/geerlingguy.composer/.gitignore deleted file mode 100644 index 8840c8f..0000000 --- a/roles/geerlingguy.composer/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -*.retry -*/__pycache__ -*.pyc -.cache - diff --git a/roles/geerlingguy.composer/.yamllint b/roles/geerlingguy.composer/.yamllint deleted file mode 100644 index 7107275..0000000 --- a/roles/geerlingguy.composer/.yamllint +++ /dev/null @@ -1,11 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 140 - level: warning - -ignore: | - .github/stale.yml - .travis.ci diff --git a/roles/geerlingguy.composer/LICENSE b/roles/geerlingguy.composer/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/geerlingguy.composer/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.composer/README.md b/roles/geerlingguy.composer/README.md deleted file mode 100644 index 7b5bbb1..0000000 --- a/roles/geerlingguy.composer/README.md +++ /dev/null @@ -1,87 +0,0 @@ -# Ansible Role: Composer - -[![CI](https://github.com/geerlingguy/ansible-role-composer/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-composer/actions?query=workflow%3ACI) - -Installs Composer, the PHP Dependency Manager, on any Linux or UNIX system. - -## Requirements - - - `php` (version 5.4+) should be installed and working (you can use the `geerlingguy.php` role to install). - - `git` should be installed and working (you can use the `geerlingguy.git` role to install). - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - composer_path: /usr/local/bin/composer - -The path where composer will be installed and available to your system. Should be in your user's `$PATH` so you can run commands simply with `composer` instead of the full path. - - composer_keep_updated: false - -Set this to `true` to update Composer to the latest release every time the playbook is run. - - composer_home_path: '~/.composer' - composer_home_owner: root - composer_home_group: root - -The `COMPOSER_HOME` path and directory ownership; this is the directory where global packages will be installed. - - composer_version: '' - -You can install a specific release of Composer, e.g. `composer_version: '1.0.0-alpha11'`. If left empty the latest development version will be installed. Note that `composer_keep_updated` will override this variable, as it will always install the latest development version. - - composer_version_branch: '--2' - -You can choose which major branch of composer you wish to use. Default is `--2`. Note that `composer_keep_updated` will update the latest version available for this branch. - - composer_global_packages: [] - -A list of packages to install globally (using `composer global require`). If you want to install any packages globally, add a list item with a dictionary with the `name` of the package and a `release`, e.g. `- { name: phpunit/phpunit, release: "4.7.*" }`. The 'release' is optional, and defaults to `@stable`. - - composer_add_to_path: true - -If `true`, and if there are any configured `composer_global_packages`, the `vendor/bin` directory inside `composer_home_path` will be added to the system's default `$PATH` (for all users). - - composer_project_path: /path/to/project - -Path to a composer project. - - composer_add_project_to_path: false - -If `true`, and if you have configured a `composer_project_path`, the `vendor/bin` directory inside `composer_project_path` will be added to the system's default `$PATH` (for all users). - - composer_github_oauth_token: '' - -GitHub OAuth token, used to avoid GitHub API rate limiting errors when building and rebuilding applications using Composer. Follow GitHub's directions to [Create a personal access token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) if you run into these rate limit errors. - - php_executable: php - -The executable name or full path to the PHP executable. This is defaulted to `php` if you don't override the variable. - -### Staying on Composer 1 - -While projects are upgrading to support Composer 2, it may be helpful to run Composer 1 instead. To do that, set these variables: - - composer_version_branch: '' - composer_version: '1.10.12' - -## Dependencies - -None (but make sure you've installed PHP; the `geerlingguy.php` role is recommended). - -## Example Playbook - - - hosts: servers - roles: - - geerlingguy.composer - -After the playbook runs, `composer` will be placed in `/usr/local/bin/composer` (this location is configurable), and will be accessible via normal system accounts. - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.composer/defaults/main.yml b/roles/geerlingguy.composer/defaults/main.yml deleted file mode 100644 index 3cd45a7..0000000 --- a/roles/geerlingguy.composer/defaults/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -composer_path: /usr/local/bin/composer -composer_keep_updated: false -composer_version: '' -composer_version_branch: '--2' - -# The directory where global packages will be installed. -composer_home_path: '~/.composer' -composer_home_owner: root -composer_home_group: root - -# A list of packages to install globally. See commented examples below for -# usage; the 'release' is optional, and defaults to '@stable'. -composer_global_packages: [] -# - { name: phpunit/phpunit, release: "4.7.x" } -# - { name: phpunit/phpunit, release: "@stable" } - -composer_add_to_path: true - -# Add a project vendor/bin directory to the PATH -composer_add_project_to_path: false -# composer_project_path: /path/to/project/vendor/bin - -# GitHub OAuth token (used to help overcome API rate limits). -composer_github_oauth_token: '' diff --git a/roles/geerlingguy.composer/meta/.galaxy_install_info b/roles/geerlingguy.composer/meta/.galaxy_install_info deleted file mode 100644 index 52a1027..0000000 --- a/roles/geerlingguy.composer/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: 'Thu 23 May 2024 07:16:28 PM ' -version: 1.9.2 diff --git a/roles/geerlingguy.composer/meta/main.yml b/roles/geerlingguy.composer/meta/main.yml deleted file mode 100644 index 0b3da10..0000000 --- a/roles/geerlingguy.composer/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: composer - author: geerlingguy - description: Composer PHP Dependency Manager - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - all - - name: GenericUNIX - versions: - - all - - name: Fedora - versions: - - all - - name: opensuse - versions: - - all - - name: GenericBSD - versions: - - all - - name: FreeBSD - versions: - - all - - name: Ubuntu - versions: - - all - - name: SLES - versions: - - all - - name: GenericLinux - versions: - - all - - name: Debian - versions: - - all - galaxy_tags: - - packaging - - web diff --git a/roles/geerlingguy.composer/molecule/default/converge.yml b/roles/geerlingguy.composer/molecule/default/converge.yml deleted file mode 100644 index 2ea00e7..0000000 --- a/roles/geerlingguy.composer/molecule/default/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - php_enablerepo: "remi,remi-php70" - php_enable_webserver: false - - # Test a global requirement. - composer_global_packages: - - name: phpunit/phpunit - release: "@stable" - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_distribution == 'Ubuntu' - - - name: Set php_packages for Fedora install. - set_fact: - php_packages: - - php - - php-cli - - php-common - - php-devel - - php-mbstring - - php-opcache - - php-pecl-apcu - - php-xml - - php-json - when: ansible_distribution == 'Fedora' - - roles: - - role: geerlingguy.repo-remi - when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' - - role: geerlingguy.repo-dotdeb - when: ansible_distribution == 'Debian' - - role: geerlingguy.git - - role: geerlingguy.php - - role: geerlingguy.composer diff --git a/roles/geerlingguy.composer/molecule/default/molecule.yml b/roles/geerlingguy.composer/molecule/default/molecule.yml deleted file mode 100644 index 7490710..0000000 --- a/roles/geerlingguy.composer/molecule/default/molecule.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.composer/molecule/default/requirements.yml b/roles/geerlingguy.composer/molecule/default/requirements.yml deleted file mode 100644 index 8263a0c..0000000 --- a/roles/geerlingguy.composer/molecule/default/requirements.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- src: geerlingguy.repo-remi -- src: geerlingguy.repo-dotdeb -- src: geerlingguy.git -- src: geerlingguy.php diff --git a/roles/geerlingguy.composer/tasks/global-require.yml b/roles/geerlingguy.composer/tasks/global-require.yml deleted file mode 100644 index d9f3b0d..0000000 --- a/roles/geerlingguy.composer/tasks/global-require.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Install configured globally-required packages. - command: > - {{ composer_path }} global require {{ item.name }}:{{ item.release | default('@stable') }} --no-progress --no-interaction - creates={{ composer_home_path }}/vendor/{{ item.name }} - environment: - COMPOSER_HOME: "{{ composer_home_path }}" - become: true - become_user: "{{ composer_home_owner }}" - register: composer_global_require_result - with_items: "{{ composer_global_packages }}" - -- name: Add composer_home_path bin directory to global $PATH. - template: - src: composer.sh.j2 - dest: /etc/profile.d/composer.sh - mode: 0644 - when: composer_add_to_path | bool diff --git a/roles/geerlingguy.composer/tasks/main.yml b/roles/geerlingguy.composer/tasks/main.yml deleted file mode 100644 index b19c253..0000000 --- a/roles/geerlingguy.composer/tasks/main.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -- name: Check if requested version parameters are valid - fail: - msg: You cannot request a specific version AND keep the composer up to date. - Set either composer_version or composer_keep_updated, but not both. - when: composer_version != '' and composer_keep_updated - -- name: Set php_executable variable to a default if not defined. - set_fact: - php_executable: php - when: php_executable is not defined - -- name: Check if Composer is installed. - stat: "path={{ composer_path }}" - register: composer_bin - -- name: Get Composer installer signature. - uri: - url: https://composer.github.io/installer.sig - return_content: true - register: composer_installer_signature - when: not composer_bin.stat.exists - -- name: Download Composer installer. - get_url: - url: https://getcomposer.org/installer - dest: /tmp/composer-installer.php - mode: 0755 - checksum: "sha384:{{ composer_installer_signature.content }}" - when: not composer_bin.stat.exists - -- name: Run Composer installer. - command: > - {{ php_executable }} composer-installer.php {% if composer_version_branch %} {{ composer_version_branch }}{% elif composer_version %} --version={{ composer_version }}{% endif %} - chdir=/tmp - when: not composer_bin.stat.exists - -- name: Move Composer into globally-accessible location. - command: > - mv /tmp/composer.phar {{ composer_path }} - creates={{ composer_path }} - when: not composer_bin.stat.exists - -- name: Update Composer to latest version (if configured). - command: > - {{ php_executable }} {{ composer_path }} self-update {{ composer_version_branch }} - register: composer_update - changed_when: "'Updating to version' in composer_update.stdout" - when: composer_keep_updated | bool - -- name: Ensure composer directory exists. - become: true - become_user: "{{ composer_home_owner }}" - file: - path: "{{ composer_home_path }}" - owner: "{{ composer_home_owner }}" - group: "{{ composer_home_group }}" - state: directory - mode: 0755 - -- name: Add GitHub OAuth token for Composer (if configured). - become: true - become_user: "{{ composer_home_owner }}" - template: - src: "auth.json.j2" - dest: "{{ composer_home_path }}/auth.json" - owner: "{{ composer_home_owner }}" - group: "{{ composer_home_group }}" - mode: 0644 - when: composer_github_oauth_token | length > 0 - -- include_tasks: global-require.yml - when: composer_global_packages | length > 0 - -- include_tasks: project-bin.yml - when: composer_add_project_to_path | bool diff --git a/roles/geerlingguy.composer/tasks/project-bin.yml b/roles/geerlingguy.composer/tasks/project-bin.yml deleted file mode 100644 index 3f9112e..0000000 --- a/roles/geerlingguy.composer/tasks/project-bin.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Add composer_project_path bin directory to global $PATH. - template: - src: composer-project.sh.j2 - dest: /etc/profile.d/composer-project.sh - mode: 0644 diff --git a/roles/geerlingguy.composer/templates/auth.json.j2 b/roles/geerlingguy.composer/templates/auth.json.j2 deleted file mode 100644 index a41c214..0000000 --- a/roles/geerlingguy.composer/templates/auth.json.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "github-oauth": { - "github.com": "{{ composer_github_oauth_token }}" - } -} diff --git a/roles/geerlingguy.composer/templates/composer-project.sh.j2 b/roles/geerlingguy.composer/templates/composer-project.sh.j2 deleted file mode 100644 index 9c77dbe..0000000 --- a/roles/geerlingguy.composer/templates/composer-project.sh.j2 +++ /dev/null @@ -1 +0,0 @@ -export PATH={{ composer_project_path }}:$PATH diff --git a/roles/geerlingguy.composer/templates/composer.sh.j2 b/roles/geerlingguy.composer/templates/composer.sh.j2 deleted file mode 100644 index 3e6cd7a..0000000 --- a/roles/geerlingguy.composer/templates/composer.sh.j2 +++ /dev/null @@ -1 +0,0 @@ -export PATH=$PATH:{{ composer_home_path }}/vendor/bin diff --git a/roles/geerlingguy.php/.ansible-lint b/roles/geerlingguy.php/.ansible-lint deleted file mode 100644 index 8d58b47..0000000 --- a/roles/geerlingguy.php/.ansible-lint +++ /dev/null @@ -1,5 +0,0 @@ -skip_list: - - 'yaml' - - 'risky-shell-pipe' - - 'no-handler' - - 'role-name' diff --git a/roles/geerlingguy.php/.github/FUNDING.yml b/roles/geerlingguy.php/.github/FUNDING.yml deleted file mode 100644 index 96b4938..0000000 --- a/roles/geerlingguy.php/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/geerlingguy.php/.github/stale.yml b/roles/geerlingguy.php/.github/stale.yml deleted file mode 100644 index 3cc6ec3..0000000 --- a/roles/geerlingguy.php/.github/stale.yml +++ /dev/null @@ -1,57 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - bug - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.php/.github/workflows/ci.yml b/roles/geerlingguy.php/.github/workflows/ci.yml deleted file mode 100644 index a96836a..0000000 --- a/roles/geerlingguy.php/.github/workflows/ci.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -name: CI -'on': - pull_request: - push: - branches: - - master - schedule: - - cron: "0 4 * * 4" - -defaults: - run: - working-directory: 'geerlingguy.php' - -jobs: - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.php' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install yamllint - - - name: Lint code. - run: | - yamllint . - - molecule: - name: Molecule - runs-on: ubuntu-latest - strategy: - matrix: - include: - - distro: rockylinux8 - playbook: converge.yml - - distro: ubuntu2204 - playbook: converge.yml - - distro: ubuntu2004 - playbook: converge.yml - - distro: ubuntu1804 - playbook: converge.yml - - distro: debian12 - playbook: converge.yml - - distro: debian11 - playbook: converge.yml - - # Had some trouble, might fix later. - # - distro: debian11 - # playbook: source-install.yml - - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.php' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install ansible molecule molecule-plugins[docker] docker - - - name: Run Molecule tests. - run: molecule test - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_DISTRO: ${{ matrix.distro }} - MOLECULE_PLAYBOOK: ${{ matrix.playbook }} diff --git a/roles/geerlingguy.php/.github/workflows/release.yml b/roles/geerlingguy.php/.github/workflows/release.yml deleted file mode 100644 index 36cb2b5..0000000 --- a/roles/geerlingguy.php/.github/workflows/release.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# This workflow requires a GALAXY_API_KEY secret present in the GitHub -# repository or organization. -# -# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy -# See: https://github.com/ansible/galaxy/issues/46 - -name: Release -'on': - push: - tags: - - '*' - -defaults: - run: - working-directory: 'geerlingguy.php' - -jobs: - - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.php' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install Ansible. - run: pip3 install ansible-core - - - name: Trigger a new import on Galaxy. - run: >- - ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} - $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/geerlingguy.php/.gitignore b/roles/geerlingguy.php/.gitignore deleted file mode 100644 index 8840c8f..0000000 --- a/roles/geerlingguy.php/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -*.retry -*/__pycache__ -*.pyc -.cache - diff --git a/roles/geerlingguy.php/.yamllint b/roles/geerlingguy.php/.yamllint deleted file mode 100644 index f2033dd..0000000 --- a/roles/geerlingguy.php/.yamllint +++ /dev/null @@ -1,11 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 120 - level: warning - -ignore: | - .github/stale.yml - .travis.yml diff --git a/roles/geerlingguy.php/LICENSE b/roles/geerlingguy.php/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/geerlingguy.php/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.php/README.md b/roles/geerlingguy.php/README.md deleted file mode 100644 index 3f0b9c4..0000000 --- a/roles/geerlingguy.php/README.md +++ /dev/null @@ -1,248 +0,0 @@ -# Ansible Role: PHP - -[![CI](https://github.com/geerlingguy/ansible-role-php/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-php/actions?query=workflow%3ACI) - -Installs PHP on RedHat/CentOS and Debian/Ubuntu servers. - -## Requirements - -If you're using an older LTS release of Ubuntu or RHEL, with an old/outdated version of PHP, you need to use a repo or PPA with a maintained PHP version, as this role only works with [PHP versions that are currently supported](http://php.net/supported-versions.php) by the PHP community. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - php_packages: [] - -A list of the PHP packages to install (OS-specific by default). You'll likely want to install common packages like `php`, `php-cli`, `php-devel` and `php-pdo`, and you can add in whatever other packages you'd like (for example, `php-gd` for image manipulation, or `php-ldap` if you need to connect to an LDAP server for authentication). - -_Note: If you're using Debian/Ubuntu, you also need to install `libapache2-mod-fastcgi` (for cgi/PHP-FPM) or `libapache2-mod-php7.0` (or a similar package depending on PHP version) if you want to use `mod_php` with Apache._ - - php_packages_extra: [] - -A list of extra PHP packages to install without overriding the default list. - - php_enable_webserver: true - -If your usage of PHP is tied to a web server (e.g. Apache or Nginx), leave this default value. If you are using PHP server-side or to run some small application, set this value to `false` so this role doesn't attempt to interact with a web server. - - php_webserver_daemon: "httpd" - -The default values for the HTTP server deamon are `httpd` (used by Apache) for RedHat/CentOS, or `apache2` (also used by Apache) for Debian/Ubuntu. If you are running another webserver (for example, `nginx`), change this value to the name of the daemon under which the webserver runs. - - php_enablerepo: "" - -(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi)), those repositories can be listed under this variable (e.g. `remi-php70,epel`). This can be handy, as an example, if you want to install the latest version of PHP 7.0, which is in the Remi repository. - - php_default_version_debian: "" - -(Debian/Ubuntu only) The default version of PHP in the given OS version repositories. The specific version is set per distro and per version, but you can override it by providing a value here, like `"7.4"`. - -**If you'd like to be able to switch PHP versions easily, or use a version that's not available in system packages**: You can use the [`geerlingguy.php-versions`](https://galaxy.ansible.com/geerlingguy/php-versions/) role to more easily switch between major PHP versions (e.g. 5.6, 7.1, 7.2). - - php_packages_state: "present" - -If you have enabled any additional repositories such as [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to swap PHP versions on the fly. By default, this is set to `"present"`. You can override this variable to `"latest"` to upgrade to the latest available version. Combined with `php_enablerepo`, a user now doesn't need to manually uninstall the existing PHP packages before installing them from a different repository. - - php_install_recommends: true - -(Debian/Ubuntu only) Whether to install recommended packages when installing `php_packages`; you might want to set this to `no` explicitly if you're installing a PPA that recommends certain packages you don't want (e.g. Ondrej's `php` PPA will install `php7.0-cli` if you install `php-pear` alongside `php5.6-cli`... which is often not desired!). - - php_executable: "php" - -The executable to run when calling PHP from the command line. You should only change this if running `php` on your server doesn't target the correct executable, or if you're using software collections on RHEL/CentOS and need to target a different version of PHP. - -### PHP-FPM - -PHP-FPM is a simple and robust FastCGI Process Manager for PHP. It can dramatically ease scaling of PHP apps and is the normal way of running PHP-based sites and apps when using a webserver like Nginx (though it can be used with other webservers just as easily). - -When using this role with PHP running as `php-fpm` instead of as a process inside a webserver (e.g. Apache's `mod_php`), you need to set the following variable to `true`: - - php_enable_php_fpm: false - -If you're using Apache, you can easily get it configured to work with PHP-FPM using the [geerlingguy.apache-php-fpm](https://github.com/geerlingguy/ansible-role-apache-php-fpm) role. - - php_fpm_state: started - php_fpm_enabled_on_boot: true - -Control over the fpm daemon's state; set these to `stopped` and `false` if you want FPM to be installed and configured, but not running (e.g. when installing in a container). - - php_fpm_handler_state: restarted - -The handler restarts PHP-FPM by default. Setting the value to `reloaded` will reload the service, intead of restarting it. - - - php_fpm_pools: - - pool_name: www - pool_template: www.conf.j2 - pool_listen: "127.0.0.1:9000" - pool_listen_allowed_clients: "127.0.0.1" - pool_pm: dynamic - pool_pm_max_children: 5 - pool_pm_start_servers: 2 - pool_pm_min_spare_servers: 1 - pool_pm_max_spare_servers: 3 - pool_pm_max_requests: 500 - pool_pm_status_path: /status - -List of PHP-FPM pool to create. By default, www pool is created. To setup a new pool, add an item to php_fpm_pools list. - -Specific settings inside the default `www.conf.j2` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template using `pool_template`. - -### php.ini settings - - php_use_managed_ini: true - -By default, all the extra defaults below are applied through the php.ini included with this role. You can self-manage your php.ini file (if you need more flexility in its configuration) by setting this to `false` (in which case all the below variables will be ignored). - - php_fpm_pool_user: "[apache|nginx|other]" # default varies by OS - php_fpm_pool_group: "[apache|nginx|other]" # default varies by OS - php_memory_limit: "256M" - php_max_execution_time: "60" - php_max_input_time: "60" - php_max_input_vars: "1000" - php_realpath_cache_size: "32K" - php_file_uploads: "On" - php_upload_max_filesize: "64M" - php_max_file_uploads: "20" - php_post_max_size: "32M" - php_date_timezone: "America/Chicago" - php_allow_url_fopen: "On" - php_sendmail_path: "/usr/sbin/sendmail -t -i" - php_output_buffering: "4096" - php_short_open_tag: false - php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" - php_display_errors: "Off" - php_display_startup_errors: "On" - php_expose_php: "On" - php_session_cookie_lifetime: 0 - php_session_gc_probability: 1 - php_session_gc_divisor: 1000 - php_session_gc_maxlifetime: 1440 - php_session_save_handler: files - php_session_save_path: '' - php_disable_functions: [] - php_precision: 14 - php_serialize_precision: "-1" - -Various defaults for PHP. Only used if `php_use_managed_ini` is set to `true`. - -### OpCache-related Variables - -The OpCache is included in PHP starting in version 5.5, and the following variables will only take effect if the version of PHP you have installed is 5.5 or greater. - - php_opcache_zend_extension: "opcache.so" - php_opcache_enable: "1" - php_opcache_enable_cli: "0" - php_opcache_memory_consumption: "96" - php_opcache_interned_strings_buffer: "16" - php_opcache_max_accelerated_files: "4096" - php_opcache_max_wasted_percentage: "5" - php_opcache_validate_timestamps: "1" - php_opcache_revalidate_path: "0" - php_opcache_revalidate_freq: "2" - php_opcache_max_file_size: "0" - -OpCache ini directives that are often customized on a system. Make sure you have enough memory and file slots allocated in the OpCache (`php_opcache_memory_consumption`, in MB, and `php_opcache_max_accelerated_files`) to contain all the PHP code you are running. If not, you may get less-than-optimal performance! - -For custom opcache.so location provide full path with `php_opcache_zend_extension`. - - php_opcache_conf_filename: [platform-specific] - -The platform-specific opcache configuration filename. Generally the default should work, but in some cases, you may need to override the filename. - -### APCu-related Variables - - php_enable_apc: true - -Whether to enable APCu. Other APCu variables will be ineffective if this is set to false. - - php_apc_shm_size: "96M" - php_apc_enable_cli: "0" - -APCu ini directives that are often customized on a system. Set the `php_apc_shm_size` so it will hold all cache entries in memory with a little overhead (fragmentation or APC running out of memory will slow down PHP *dramatically*). - - php_apc_conf_filename: [platform-specific] - -The platform-specific APC configuration filename. Generally the default should work, but in some cases, you may need to override the filename. - -#### Ensuring APC is installed - -If you use APC, you will need to make sure APC is installed (it is installed by default, but if you customize the `php_packages` list, you need to include APC in the list): - - - *On RHEL/CentOS systems*: Make sure `php-pecl-apcu` is in the list of `php_packages`. - - *On Debian/Ubuntu systems*: Make sure `php-apcu` is in the list of `php_packages`. - -### Installing from Source - -If you need a specific version of PHP, or would like to test the latest (e.g. master) version of PHP, there's a good chance there's no suitable package already available in your platform's package manager. In these cases, you may choose to install PHP from source by compiling it directly. - -Note that source compilation takes *much* longer than installing from packages (PHP HEAD takes 5+ minutes to compile on a modern quad-core computer, just as a point of reference). - - php_install_from_source: false - -Set this to `true` to install PHP from source instead of installing from packages. - - php_source_version: "master" - -The version of PHP to install from source (a git branch, tag, or commit hash). - - php_source_clone_dir: "~/php-src" - php_source_clone_depth: 1 - php_source_install_path: "/opt/php" - php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" - php_source_mysql_config: "/usr/bin/mysql_config" - -Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific), and `mysql_config` binary (this may be `mariadb_config` in newer operating system versions). - - php_source_make_command: "make" - -Set the `make` command to `make --jobs=X` where `X` is the number of cores present on the server where PHP is being compiled. Will speed up compilation times dramatically if you have multiple cores. - - php_source_configure_command: > - [...] - -The `./configure` command that will build the Makefile to be used for PHP compilation. Add in all the options you need for your particular environment. Using a folded scalar (`>`) allows you to define the variable over multiple lines, which is extremely helpful for legibility and source control! - -A few other notes/caveats for specific configurations: - - - **Apache with `mpm_prefork`**: If you're using Apache with prefork as a webserver for PHP, you will need to make sure `apxs2` is available on your system (e.g. by installing `apache2-prefork-dev` in Ubuntu), and you will need to make sure the option `--with-apxs2` is defined in `php_source_configure_command`. Finally, you will need to make sure the `mpm_prefork` module is loaded instead of `mpm_worker` or `mpm_event`, and likely add a `phpX.conf` (where `X` is the major version of PHP) configuration file to the Apache module config folder with contents like [`php7.conf`](https://gist.github.com/geerlingguy/5ae5445f28e71264e8c1). - - **Apache with `mpm_event` or `mpm_worker`**: If you're using Apache with event or worker as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. You'll also need to make sure Apache's support for CGI and event is installed (e.g. by installing `apache2-mpm-event` and `libapache2-mod-fastcgi`) and the `mpm_event` module is loaded. - - **Nginx**: If you're using Nginx as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. - -## Dependencies - -None. - -## Example Playbook - - - hosts: webservers - vars_files: - - vars/main.yml - roles: - - { role: geerlingguy.php } - -*Inside `vars/main.yml`*: - - php_memory_limit: "128M" - php_max_execution_time: "90" - php_upload_max_filesize: "256M" - php_packages: - - php - - php-cli - - php-common - - php-devel - - php-gd - - php-mbstring - - php-pdo - - php-pecl-apcu - - php-xml - ... - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.php/defaults/main.yml b/roles/geerlingguy.php/defaults/main.yml deleted file mode 100644 index 2f7e9b6..0000000 --- a/roles/geerlingguy.php/defaults/main.yml +++ /dev/null @@ -1,156 +0,0 @@ ---- -# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only -# for RHEL/CentOS. -php_enablerepo: "" - -# Extra packages to install (in addition to distro-specific default lists). -php_packages_extra: [] - -# Default PHP version to install on Debian-based OSes (OS-specific). -# php_default_version_debian: "" - -# PHP package state; use 'present' to make sure it's installed, or 'latest' if -# you want to upgrade or switch versions using a new repo. -php_packages_state: present - -# Whether to install recommended packages. Used only for Debian/Ubuntu. -php_install_recommends: true - -# Set this to false if you're not using PHP with Apache/Nginx/etc. -php_enable_webserver: true - -# PHP-FPM configuration. -php_enable_php_fpm: false -php_fpm_state: started -php_fpm_handler_state: restarted -php_fpm_enabled_on_boot: true -php_fpm_listen: "127.0.0.1:9000" -php_fpm_listen_allowed_clients: "127.0.0.1" -php_fpm_pm_max_children: 50 -php_fpm_pm_start_servers: 5 -php_fpm_pm_min_spare_servers: 5 -php_fpm_pm_max_spare_servers: 5 -php_fpm_pm_max_requests: 0 -php_fpm_pm_status_path: "" - -# PHP-FPM pool configuration. -php_fpm_pools: - - pool_name: www - pool_template: www.conf.j2 - pool_listen: "{{ php_fpm_listen }}" - pool_listen_allowed_clients: "{{ php_fpm_listen_allowed_clients }}" - pool_pm: dynamic - pool_pm_max_children: "{{ php_fpm_pm_max_children }}" - pool_pm_start_servers: "{{ php_fpm_pm_start_servers }}" - pool_pm_min_spare_servers: "{{ php_fpm_pm_min_spare_servers }}" - pool_pm_max_spare_servers: "{{ php_fpm_pm_max_spare_servers }}" - pool_pm_max_requests: "{{ php_fpm_pm_max_requests }}" - pool_pm_status_path: "{{ php_fpm_pm_status_path }}" - -# The executable to run when calling PHP from the command line. -php_executable: "php" - -# OpCache settings. -php_opcache_zend_extension: "opcache.so" -php_opcache_enable: "1" -php_opcache_enable_cli: "0" -php_opcache_memory_consumption: "96" -php_opcache_interned_strings_buffer: "16" -php_opcache_max_accelerated_files: "4096" -php_opcache_max_wasted_percentage: "5" -php_opcache_validate_timestamps: "1" -php_opcache_revalidate_path: "0" -php_opcache_revalidate_freq: "2" -php_opcache_max_file_size: "0" -php_opcache_blacklist_filename: "" - -# APCu settings. -php_enable_apc: true -php_apc_shm_size: "96M" -php_apc_enable_cli: "0" - -# If this is set to false, none of the following options will have any effect. -# Any and all changes to /etc/php.ini will be your responsibility. -php_use_managed_ini: true - -php_expose_php: "On" -php_memory_limit: "256M" -php_max_execution_time: "60" -php_max_input_time: "60" -php_max_input_vars: "1000" -php_realpath_cache_size: "32K" - -php_file_uploads: "On" -php_upload_max_filesize: "64M" -php_max_file_uploads: "20" - -php_post_max_size: "32M" -php_date_timezone: "America/Chicago" -php_allow_url_fopen: "On" - -php_sendmail_path: "/usr/sbin/sendmail -t -i" -php_output_buffering: "4096" -php_short_open_tag: "Off" -php_disable_functions: [] -php_precision: 14 -php_serialize_precision: "-1" - -php_session_cookie_lifetime: 0 -php_session_gc_probability: 1 -php_session_gc_divisor: 1000 -php_session_gc_maxlifetime: 1440 -php_session_save_handler: files -php_session_save_path: '' - -php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" -php_display_errors: "Off" -php_display_startup_errors: "Off" - -# Install PHP from source (instead of using a package manager) with these vars. -php_install_from_source: false -php_source_repo: "https://github.com/php/php-src.git" -php_source_version: "master" -php_source_clone_dir: "~/php-src" -php_source_clone_depth: 1 -php_source_install_path: "/opt/php" -php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" -php_source_mysql_config: "/usr/bin/mysql_config" -# For faster compile time: "make --jobs=X" where X is # of cores present. -php_source_make_command: "make" -php_source_configure_command: > - ./configure - --prefix={{ php_source_install_path }} - --with-config-file-path={{ php_conf_paths | first }} - --enable-mbstring - --enable-zip - --enable-bcmath - --enable-pcntl - --enable-ftp - --enable-exif - --enable-calendar - --enable-opcache - --enable-pdo - --enable-sysvmsg - --enable-sysvsem - --enable-sysvshm - --enable-wddx - --with-curl - --with-mcrypt - --with-iconv - --with-gmp - --with-pspell - --with-gd - --with-jpeg-dir=/usr - --with-png-dir=/usr - --with-zlib-dir=/usr - --with-xpm-dir=/usr - --with-freetype-dir=/usr - --enable-gd-native-ttf - --enable-gd-jis-conv - --with-openssl - --with-pdo-mysql=/usr - --with-gettext=/usr - --with-zlib=/usr - --with-bz2=/usr - --with-recode=/usr - --with-mysqli={{ php_source_mysql_config }} diff --git a/roles/geerlingguy.php/handlers/main.yml b/roles/geerlingguy.php/handlers/main.yml deleted file mode 100644 index b6f2513..0000000 --- a/roles/geerlingguy.php/handlers/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: restart webserver - service: - name: "{{ php_webserver_daemon }}" - state: restarted - notify: restart php-fpm - when: php_enable_webserver - -- name: restart php-fpm - service: - name: "{{ php_fpm_daemon }}" - state: "{{ php_fpm_handler_state }}" - when: - - php_enable_php_fpm - - php_fpm_state == 'started' - - not ansible_check_mode diff --git a/roles/geerlingguy.php/meta/.galaxy_install_info b/roles/geerlingguy.php/meta/.galaxy_install_info deleted file mode 100644 index c8b97f7..0000000 --- a/roles/geerlingguy.php/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: 'Thu 23 May 2024 07:16:28 PM ' -version: 5.0.1 diff --git a/roles/geerlingguy.php/meta/main.yml b/roles/geerlingguy.php/meta/main.yml deleted file mode 100644 index 9ed6d9e..0000000 --- a/roles/geerlingguy.php/meta/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: php - author: geerlingguy - description: PHP for RedHat/CentOS/Fedora/Debian/Ubuntu. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.10 - platforms: - - name: Fedora - versions: - - all - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - all - galaxy_tags: - - development - - web - - php - - language - - fpm - - drupal - - wordpress - - joomla - - magento diff --git a/roles/geerlingguy.php/molecule/default/converge.yml b/roles/geerlingguy.php/molecule/default/converge.yml deleted file mode 100644 index 9fd340f..0000000 --- a/roles/geerlingguy.php/molecule/default/converge.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - php_enable_webserver: false - php_enable_php_fpm: true - php_memory_limit: "192M" - php_enablerepo: "remi,remi-php82" - php_install_recommends: false - - handlers: - - name: update apt cache - apt: update_cache=true - when: ansible_os_family == 'Debian' - - pre_tasks: - - name: Update apt cache. - apt: - update_cache: true - cache_valid_time: 600 - when: ansible_os_family == 'Debian' - changed_when: false - - - name: Ensure dirmngr is installed (gnupg dependency). - apt: - name: dirmngr - state: present - when: ansible_os_family == 'Debian' - - # Debian-specific tasks. - - name: Add dependencies for PHP versions (Debian). - apt: - name: - - apt-transport-https - - ca-certificates - - gnupg2 - state: present - when: ansible_distribution == "Debian" - - - name: Add Ondrej Sury's repo for PHP 8 (Ubuntu). - apt_repository: - repo: 'ppa:ondrej/php' - when: ansible_distribution == 'Ubuntu' - - - name: Add Ondrej Sury's apt key (Debian). - apt_key: - url: https://packages.sury.org/php/apt.gpg - state: present - when: ansible_distribution == "Debian" - - - name: Add Ondrej Sury's repo (Debian). - apt_repository: - repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main" - state: present - when: ansible_distribution == "Debian" - notify: update apt cache - - - meta: flush_handlers - - roles: - - role: geerlingguy.repo-remi - when: - - ansible_os_family == 'RedHat' - - ansible_distribution != 'Fedora' - - role: geerlingguy.php - - post_tasks: - - name: Confirm PHP configuration is correct. - shell: php -i | grep 'memory_limit.*192' - changed_when: false diff --git a/roles/geerlingguy.php/molecule/default/molecule.yml b/roles/geerlingguy.php/molecule/default/molecule.yml deleted file mode 100644 index d291e5b..0000000 --- a/roles/geerlingguy.php/molecule/default/molecule.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -role_name_check: 1 -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.php/molecule/default/requirements.yml b/roles/geerlingguy.php/molecule/default/requirements.yml deleted file mode 100644 index 809b89b..0000000 --- a/roles/geerlingguy.php/molecule/default/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- src: geerlingguy.repo-remi -- src: geerlingguy.git diff --git a/roles/geerlingguy.php/molecule/default/source-install.yml b/roles/geerlingguy.php/molecule/default/source-install.yml deleted file mode 100644 index d9ad0f9..0000000 --- a/roles/geerlingguy.php/molecule/default/source-install.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - php_enable_webserver: false - php_install_from_source: true - php_source_clone_dir: /root/php-src - php_source_make_command: "make --jobs=2" - php_version: "7.4.8" - php_source_version: "php-{{ php_version }}" - php_memory_limit: "192M" - - pre_tasks: - - name: Update apt cache. - apt: update_cache=true cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - roles: - - role: geerlingguy.git - - role: geerlingguy.php - - post_tasks: - - name: Confirm PHP configuration is correct. - shell: php -i | grep 'memory_limit.*192' - changed_when: false - - - name: Check the installed PHP version. - shell: '/usr/bin/php --version | grep -qF "PHP {{ php_version }}"' - changed_when: false diff --git a/roles/geerlingguy.php/tasks/configure-apcu.yml b/roles/geerlingguy.php/tasks/configure-apcu.yml deleted file mode 100644 index a29f8d6..0000000 --- a/roles/geerlingguy.php/tasks/configure-apcu.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Check for existing APCu config files. - find: - paths: "{{ item }}" - contains: 'extension(\s+)?=(\s+)?apc[u]?\.so' - register: php_installed_apc_confs - with_items: "{{ php_extension_conf_paths }}" - -- name: Remove any non-role-supplied APCu config files. - file: - path: "{{ item.1.path }}" - state: absent - when: php_apc_conf_filename != (item.1.path.split('/') | last) - with_subelements: - - "{{ php_installed_apc_confs.results }}" - - files - notify: restart webserver - -- name: Ensure APCu config file is present. - template: - src: apc.ini.j2 - dest: "{{ item }}/{{ php_apc_conf_filename }}" - owner: root - group: root - force: true - mode: 0644 - with_items: "{{ php_extension_conf_paths }}" - when: php_enable_apc - notify: restart webserver - -- name: Remove APCu config file if APC is disabled. - file: - path: "{{ item }}/{{ php_apc_conf_filename }}" - state: absent - with_items: "{{ php_extension_conf_paths }}" - when: not php_enable_apc - notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/configure-fpm.yml b/roles/geerlingguy.php/tasks/configure-fpm.yml deleted file mode 100644 index 0187778..0000000 --- a/roles/geerlingguy.php/tasks/configure-fpm.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Define php_fpm_daemon. - set_fact: - php_fpm_daemon: "{{ __php_fpm_daemon }}" - when: php_fpm_daemon is not defined - -- name: Define php_fpm_pool_conf_path. - set_fact: - php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}" - when: php_fpm_pool_conf_path is not defined - -- name: Define php_fpm_pool_user. - set_fact: - php_fpm_pool_user: "{{ __php_fpm_pool_user }}" - when: php_fpm_pool_user is not defined - -- name: Define php_fpm_pool_group. - set_fact: - php_fpm_pool_group: "{{ __php_fpm_pool_group }}" - when: php_fpm_pool_group is not defined - -- name: Stat php_fpm_pool_conf_path - stat: - path: "{{ php_fpm_pool_conf_path | dirname }}" - register: php_fpm_pool_conf_path_dir_stat - -- name: Ensure the default pool directory exists. - file: - path: "{{ php_fpm_pool_conf_path | dirname }}" - state: directory - owner: root - group: root - mode: 0755 - when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined - -- name: Create fpm pools. - template: - src: "{{ item.pool_template | default('www.conf.j2', true) }}" - dest: "{{ php_fpm_pool_conf_path | dirname }}/{{ item.pool_name }}.conf" - owner: root - group: root - mode: 0644 - force: true - loop: "{{ php_fpm_pools | default([], true) }}" - when: php_enable_php_fpm - notify: restart php-fpm - -- name: Ensure php-fpm is started and enabled at boot (if configured). - service: - name: "{{ php_fpm_daemon }}" - state: "{{ php_fpm_state }}" - enabled: "{{ php_fpm_enabled_on_boot }}" - when: - - php_enable_php_fpm - - ansible_distribution != "Debian" - - not ansible_check_mode diff --git a/roles/geerlingguy.php/tasks/configure-opcache.yml b/roles/geerlingguy.php/tasks/configure-opcache.yml deleted file mode 100644 index fc043d0..0000000 --- a/roles/geerlingguy.php/tasks/configure-opcache.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Check for existing OpCache config files. - find: - paths: "{{ item }}" - contains: 'zend_extension(\s+)?=(\s+)?opcache\.so' - register: php_installed_opcache_confs - with_items: "{{ php_extension_conf_paths }}" - -- name: Remove any non-role-supplied OpCache config files. - file: - path: "{{ item.1.path }}" - state: absent - when: php_opcache_conf_filename != (item.1.path.split('/') | last) - with_subelements: - - "{{ php_installed_opcache_confs.results }}" - - files - notify: restart webserver - -- name: Ensure OpCache config file is present. - template: - src: opcache.ini.j2 - dest: "{{ item }}/{{ php_opcache_conf_filename }}" - owner: root - group: root - force: true - mode: 0644 - with_items: "{{ php_extension_conf_paths }}" - when: php_opcache_enable | bool - notify: restart webserver - -- name: Remove OpCache config file if OpCache is disabled. - file: - path: "{{ item }}/{{ php_opcache_conf_filename }}" - state: absent - with_items: "{{ php_extension_conf_paths }}" - when: not php_opcache_enable | bool - notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/configure.yml b/roles/geerlingguy.php/tasks/configure.yml deleted file mode 100644 index 68eafa0..0000000 --- a/roles/geerlingguy.php/tasks/configure.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Ensure configuration directories exist. - ansible.builtin.file: - path: "{{ item }}" - state: directory - follow: true - mode: 0755 - with_items: - - "{{ php_conf_paths | flatten }}" - - "{{ php_extension_conf_paths | flatten }}" - -- name: Place PHP configuration file in place. - ansible.builtin.template: - src: php.ini.j2 - dest: "{{ item }}/php.ini" - owner: root - group: root - mode: 0644 - with_items: "{{ php_conf_paths }}" - notify: restart webserver - when: php_use_managed_ini diff --git a/roles/geerlingguy.php/tasks/install-from-source.yml b/roles/geerlingguy.php/tasks/install-from-source.yml deleted file mode 100644 index 035d2b3..0000000 --- a/roles/geerlingguy.php/tasks/install-from-source.yml +++ /dev/null @@ -1,158 +0,0 @@ ---- -- name: Ensure dependencies for building from source are installed (RedHat). - package: - name: - - autoconf - - automake - - libtool - - bison - - make - - re2c - - sqlite-devel - - oniguruma-devel - - curl-devel - - recode-devel - - aspell-devel - - libxml2-devel - - pkgconfig - - libmcrypt-devel - - t1lib-devel - - libXpm-devel - - libpng-devel - - libjpeg-turbo-devel - - bzip2-devel - - openssl-devel - - freetype-devel - - libicu-devel - - mariadb-devel - - gmp-devel - state: present - when: ansible_os_family == 'RedHat' - -- name: Update apt cache (Debian). - apt: update_cache=yes cache_valid_time=86400 - when: ansible_os_family == 'Debian' - -- name: Ensure dependencies for building from source are installed (Debian). - apt: - name: - - build-essential - - autoconf - - automake - - libtool - - bison - - pkg-config - - re2c - - libsqlite3-dev - - libonig-dev - - libxml2-dev - - libcurl4-openssl-dev - - libbz2-dev - - libjpeg-dev - - libpng-dev - - libxpm-dev - - libfreetype6-dev - - libgmp3-dev - - libmcrypt-dev - - libmariadb-dev - - libpspell-dev - - librecode-dev - - libssl-dev - state: present - when: ansible_os_family == 'Debian' - -- name: Define php_fpm_daemon (if not defined already). - set_fact: - php_fpm_daemon: "php-fpm" - when: php_fpm_daemon is not defined - -- name: Check if gmp.h is already in a location accessible to gcc. - stat: path=/usr/include/gmp.h - register: gmp_file - -- name: Ensure gmp.h is symlinked into a location accessible to gcc. - file: # noqa 208 - src: "{{ php_source_install_gmp_path }}" - dest: /usr/include/gmp.h - state: link - when: not gmp_file.stat.exists - -- name: Check if PHP is installed. - command: which php - changed_when: false - failed_when: false - register: php_installed - -- name: Clone the PHP repository. - git: - repo: "{{ php_source_repo }}" - dest: "{{ php_source_clone_dir }}" - version: "{{ php_source_version }}" - accept_hostkey: true - depth: "{{ php_source_clone_depth }}" - when: php_installed.rc != 0 - -- name: Ensure PHP installation path exists. - file: - path: "{{ php_source_install_path }}" - state: directory - mode: 0755 - when: php_installed.rc != 0 - -- name: Build configure script. - command: > - ./buildconf --force - chdir={{ php_source_clone_dir }} - when: php_installed.rc != 0 - -- name: Run configure script. - command: > - {{ php_source_configure_command }} - chdir={{ php_source_clone_dir }} - when: php_installed.rc != 0 - -- name: Make and install PHP. - command: > - {{ item }} - chdir={{ php_source_clone_dir }} - with_items: - - "{{ php_source_make_command }}" - - make install - when: php_installed.rc != 0 - -- name: Ensure php executable is symlinked into a standard path. - file: # noqa 208 - src: "{{ php_source_install_path }}/bin/php" - dest: /usr/bin/php - state: link - -# PHP FPM configuration. -- name: Ensure php-fpm executable is symlinked into a standard path. - file: # noqa 208 - src: "{{ php_source_install_path }}/sbin/php-fpm" - dest: "/usr/sbin/{{ php_fpm_daemon }}" - state: link - when: "'--enable-fpm' in php_source_configure_command" - -- name: Ensure php-fpm init script is installed. - template: - src: fpm-init.j2 - dest: "/etc/init.d/{{ php_fpm_daemon }}" - mode: 0755 - when: "'--enable-fpm' in php_source_configure_command" - notify: restart php-fpm - -- name: Ensure php-fpm config directory exists. - file: - path: "{{ php_fpm_conf_path }}" - state: directory - mode: 0755 - when: "'--enable-fpm' in php_source_configure_command" - -- name: Ensure php-fpm config file is installed. - template: - src: php-fpm.conf.j2 - dest: "{{ php_fpm_conf_path }}/php-fpm.conf" - mode: 0644 - when: "'--enable-fpm' in php_source_configure_command" - notify: restart php-fpm diff --git a/roles/geerlingguy.php/tasks/main.yml b/roles/geerlingguy.php/tasks/main.yml deleted file mode 100644 index 9d04cfc..0000000 --- a/roles/geerlingguy.php/tasks/main.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -# Variable setup. -- name: Include OS-specific variables. - include_vars: "{{ ansible_os_family }}.yml" - -- name: Include distribution and version-specific vars. - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - skip: true - -- name: Set the default PHP version for Debian-based OSes. - set_fact: - php_default_version_debian: "{{ __php_default_version_debian }}" - when: php_default_version_debian is not defined and ansible_os_family == 'Debian' - -- name: Define the name of the JSON extension package on Debian for PHP <8. - set_fact: - __php_json_package_debian: "{{ 'php' + php_default_version_debian + '-json' }}" - when: ansible_os_family == 'Debian' and php_default_version_debian is version('8.0', '<') - -- name: Add the JSON extension on Debian for PHP <8. - set_fact: - __php_packages: "{{ __php_packages + [__php_json_package_debian] }}" - when: __php_json_package_debian is defined and __php_json_package_debian not in __php_packages - -- name: Define php_packages. - set_fact: - php_packages: "{{ __php_packages | list }}" - when: php_packages is not defined - -- name: Define php_webserver_daemon. - set_fact: - php_webserver_daemon: "{{ __php_webserver_daemon }}" - when: php_webserver_daemon is not defined - -- name: Define php_conf_paths. - set_fact: - php_conf_paths: "{{ __php_conf_paths }}" - when: php_conf_paths is not defined - -- name: Define php_extension_conf_paths. - set_fact: - php_extension_conf_paths: "{{ __php_extension_conf_paths }}" - when: php_extension_conf_paths is not defined - -- name: Define php_apc_conf_filename. - set_fact: - php_apc_conf_filename: "{{ __php_apc_conf_filename }}" - when: php_apc_conf_filename is not defined - -- name: Define php_opcache_conf_filename (Ubuntu 16.04). - set_fact: - php_opcache_conf_filename: "10-opcache.ini" - when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04" - -- name: Define php_opcache_conf_filename. - set_fact: - php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}" - when: php_opcache_conf_filename is not defined - -- name: Define php_fpm_conf_path. - set_fact: - php_fpm_conf_path: "{{ __php_fpm_conf_path }}" - when: php_fpm_conf_path is not defined - -# Setup/install tasks. -- include_tasks: setup-RedHat.yml - when: - - not php_install_from_source - - ansible_os_family == 'RedHat' - -- include_tasks: setup-Debian.yml - when: - - not php_install_from_source - - ansible_os_family == 'Debian' - -# Install PHP from source when php_install_from_source is true. -- include_tasks: install-from-source.yml - when: php_install_from_source - -# Configure PHP. -- include_tasks: configure.yml -- include_tasks: configure-apcu.yml -- include_tasks: configure-opcache.yml -- include_tasks: configure-fpm.yml diff --git a/roles/geerlingguy.php/tasks/setup-Debian.yml b/roles/geerlingguy.php/tasks/setup-Debian.yml deleted file mode 100644 index a6657be..0000000 --- a/roles/geerlingguy.php/tasks/setup-Debian.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Update apt cache. - apt: update_cache=yes cache_valid_time=86400 - -- name: Ensure PHP packages are installed. - apt: - name: "{{ php_packages + php_packages_extra }}" - state: "{{ php_packages_state }}" - install_recommends: "{{ php_install_recommends }}" - register: php_package_install - notify: restart webserver - -- name: Delete APCu configuration file if this role will provide one. - file: - path: "{{ item }}/{{ php_apc_conf_filename }}" - state: absent - with_items: "{{ php_extension_conf_paths }}" - when: php_enable_apc and php_package_install.changed - notify: restart webserver - -- name: Delete OpCache configuration file if this role will provide one. - file: - path: "{{ item }}/{{ php_opcache_conf_filename }}" - state: absent - with_items: "{{ php_extension_conf_paths }}" - when: php_opcache_enable | bool and php_package_install.changed - notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/setup-RedHat.yml b/roles/geerlingguy.php/tasks/setup-RedHat.yml deleted file mode 100644 index 1d76b33..0000000 --- a/roles/geerlingguy.php/tasks/setup-RedHat.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Ensure PHP packages are installed. - package: - name: "{{ php_packages + php_packages_extra }}" - state: "{{ php_packages_state }}" - enablerepo: "{{ php_enablerepo | default(omit, true) }}" - notify: restart webserver diff --git a/roles/geerlingguy.php/templates/apc.ini.j2 b/roles/geerlingguy.php/templates/apc.ini.j2 deleted file mode 100644 index bfd5706..0000000 --- a/roles/geerlingguy.php/templates/apc.ini.j2 +++ /dev/null @@ -1,4 +0,0 @@ -extension=apcu.so -apc.shm_size={{ php_apc_shm_size }} -apc.enable_cli={{ php_apc_enable_cli }} -apc.rfc1867=1 diff --git a/roles/geerlingguy.php/templates/fpm-init.j2 b/roles/geerlingguy.php/templates/fpm-init.j2 deleted file mode 100644 index 4d6a6d5..0000000 --- a/roles/geerlingguy.php/templates/fpm-init.j2 +++ /dev/null @@ -1,170 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: php-fpm {{ php_fpm_daemon }} -# Required-Start: $remote_fs $network -# Required-Stop: $remote_fs $network -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: starts {{ php_fpm_daemon }} -# Description: Starts The PHP FastCGI Process Manager Daemon -### END INIT INFO - -# Author: Ondrej Sury - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="PHP FastCGI Process Manager" -NAME={{ php_fpm_daemon }} -DAEMON=/usr/sbin/$NAME -DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf" -PIDFILE=/var/run/{{ php_fpm_daemon }}.pid -TIMEOUT=2 -SCRIPTNAME=/etc/init.d/$NAME - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# Don't run if we are running upstart -if init_is_upstart; then - exit 1 -fi - -# -# Function to check the correctness of the config file -# -do_check() -{ - /usr/lib/php5/php5-fpm-checkconf || return 1 - return 0 -} - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS 2>/dev/null \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - check) - do_check yes - ;; - reload|force-reload) - log_daemon_msg "Reloading $DESC" "$NAME" - do_reload - log_end_msg $? - ;; - reopen-logs) - log_daemon_msg "Reopening $DESC logs" $NAME - if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ - --pidfile $PIDFILE --exec $DAEMON - then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - restart) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 - exit 1 - ;; -esac - -: diff --git a/roles/geerlingguy.php/templates/opcache.ini.j2 b/roles/geerlingguy.php/templates/opcache.ini.j2 deleted file mode 100644 index 6146453..0000000 --- a/roles/geerlingguy.php/templates/opcache.ini.j2 +++ /dev/null @@ -1,14 +0,0 @@ -zend_extension={{ php_opcache_zend_extension }} -opcache.enable={{ php_opcache_enable }} -opcache.enable_cli={{ php_opcache_enable_cli }} -opcache.memory_consumption={{ php_opcache_memory_consumption }} -opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }} -opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }} -opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }} -opcache.validate_timestamps={{ php_opcache_validate_timestamps }} -opcache.revalidate_path={{ php_opcache_revalidate_path }} -opcache.revalidate_freq={{ php_opcache_revalidate_freq }} -opcache.max_file_size={{ php_opcache_max_file_size }} -{% if php_opcache_blacklist_filename != '' %} -opcache.blacklist_filename={{ php_opcache_blacklist_filename }} -{% endif %} diff --git a/roles/geerlingguy.php/templates/php-fpm.conf.j2 b/roles/geerlingguy.php/templates/php-fpm.conf.j2 deleted file mode 100644 index 12b277f..0000000 --- a/roles/geerlingguy.php/templates/php-fpm.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;; -; FPM Configuration ; -;;;;;;;;;;;;;;;;;;;;; - -include={{ php_fpm_conf_path }}/pool.d/*.conf - -;;;;;;;;;;;;;;;;;; -; Global Options ; -;;;;;;;;;;;;;;;;;; - -[global] -error_log = /var/log/php-fpm.log diff --git a/roles/geerlingguy.php/templates/php.ini.j2 b/roles/geerlingguy.php/templates/php.ini.j2 deleted file mode 100644 index 14b7eeb..0000000 --- a/roles/geerlingguy.php/templates/php.ini.j2 +++ /dev/null @@ -1,221 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -engine = On -short_open_tag = {{ php_short_open_tag }} -precision = {{ php_precision }} -output_buffering = {{ php_output_buffering }} - -zlib.output_compression = Off - -implicit_flush = Off -unserialize_callback_func = -serialize_precision = {{ php_serialize_precision }} -disable_functions = {{ php_disable_functions|join(",") }} -disable_classes = - -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -expose_php = {{ php_expose_php }} - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -max_execution_time = {{ php_max_execution_time }} -max_input_time = {{ php_max_input_time }} -max_input_vars = {{ php_max_input_vars }} -memory_limit = {{ php_memory_limit }} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = {{ php_error_reporting }} -display_errors = {{ php_display_errors }} -display_startup_errors = {{ php_display_startup_errors }} -log_errors = On -log_errors_max_len = 1024 -ignore_repeated_errors = Off -ignore_repeated_source = Off -report_memleaks = On -track_errors = Off -html_errors = On - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -variables_order = "GPCS" -request_order = "GP" -register_argc_argv = Off -auto_globals_jit = On - -post_max_size = {{ php_post_max_size }} -auto_prepend_file = -auto_append_file = - -default_mimetype = "text/html" - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -doc_root = -user_dir = - -enable_dl = Off - -realpath_cache_size = {{ php_realpath_cache_size }} - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -file_uploads = {{ php_file_uploads }} -upload_max_filesize = {{ php_upload_max_filesize }} -max_file_uploads = {{ php_max_file_uploads }} - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -allow_url_fopen = {{ php_allow_url_fopen }} -allow_url_include = Off - -default_socket_timeout = 60 - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -cli_server.color = On - -[Date] -date.timezone = {{ php_date_timezone }} - -[Pdo_mysql] -pdo_mysql.cache_size = 2000 -pdo_mysql.default_socket= - -[mail function] -; For Win32 only. -SMTP = localhost -smtp_port = 25 - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -sendmail_path = {{ php_sendmail_path }} - -mail.add_x_header = On - -[SQL] -sql.safe_mode = Off - -[ODBC] -odbc.allow_persistent = On -odbc.check_persistent = On -odbc.max_persistent = -1 -odbc.max_links = -1 -odbc.defaultlrl = 4096 -odbc.defaultbinmode = 1 - -[MySQL] -mysql.allow_local_infile = On -mysql.allow_persistent = On -mysql.cache_size = 2000 -mysql.max_persistent = -1 -mysql.max_links = -1 -mysql.default_port = -mysql.default_socket = -mysql.default_host = -mysql.default_user = -mysql.default_password = -mysql.connect_timeout = 60 -mysql.trace_mode = Off - -[MySQLi] -mysqli.max_persistent = -1 -mysqli.allow_persistent = On -mysqli.max_links = -1 -mysqli.cache_size = 2000 -mysqli.default_port = 3306 -mysqli.default_socket = -mysqli.default_host = -mysqli.default_user = -mysqli.default_pw = -mysqli.reconnect = Off - -[mysqlnd] -mysqlnd.collect_statistics = On -mysqlnd.collect_memory_statistics = Off - -[PostgreSQL] -pgsql.allow_persistent = On -pgsql.auto_reset_persistent = Off -pgsql.max_persistent = -1 -pgsql.max_links = -1 -pgsql.ignore_notice = 0 -pgsql.log_notice = 0 - -[bcmath] -bcmath.scale = 0 - -[Session] -session.save_handler = {{ php_session_save_handler }} -session.save_path = {{ php_session_save_path }} -session.use_cookies = 1 -session.use_only_cookies = 1 -session.name = PHPSESSID -session.auto_start = 0 - -session.cookie_lifetime = {{ php_session_cookie_lifetime }} -session.cookie_path = / -session.cookie_domain = -session.cookie_httponly = - -session.serialize_handler = php - -session.gc_probability = {{ php_session_gc_probability }} -session.gc_divisor = {{ php_session_gc_divisor }} -session.gc_maxlifetime = {{ php_session_gc_maxlifetime }} - -session.referer_check = - -session.cache_limiter = nocache -session.cache_expire = 180 - -session.use_trans_sid = 0 - -session.hash_function = 0 -session.hash_bits_per_character = 5 - -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" - -[MSSQL] -mssql.allow_persistent = On -mssql.max_persistent = -1 -mssql.max_links = -1 -mssql.min_error_severity = 10 -mssql.min_message_severity = 10 -mssql.compatability_mode = Off -mssql.secure_connection = Off - -[Tidy] -tidy.clean_output = Off - -[soap] -soap.wsdl_cache_enabled=1 -soap.wsdl_cache_dir="/tmp" -soap.wsdl_cache_ttl=86400 -soap.wsdl_cache_limit = 5 - -[ldap] -ldap.max_links = -1 diff --git a/roles/geerlingguy.php/templates/www.conf.j2 b/roles/geerlingguy.php/templates/www.conf.j2 deleted file mode 100644 index efcb6d8..0000000 --- a/roles/geerlingguy.php/templates/www.conf.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{{ ansible_managed | comment(decoration='; ') }} - -[{{ item.pool_name | mandatory }}] -listen = {{ item.pool_listen | mandatory }} -listen.allowed_clients = {{ item.pool_listen_allowed_clients | default('127.0.0.1', true) }} -user = {{ php_fpm_pool_user }} -group = {{ php_fpm_pool_group }} - -listen.owner = {{ php_fpm_pool_user }} -listen.group = {{ php_fpm_pool_group }} - -pm = {{ item.pool_pm | default('dynamic', true) }} -pm.max_children = {{ item.pool_pm_max_children | default(50, true) }} -pm.start_servers = {{ item.pool_pm_start_servers | default(5, true) }} -pm.min_spare_servers = {{ item.pool_pm_min_spare_servers | default(5, true) }} -pm.max_spare_servers = {{ item.pool_pm_max_spare_servers | default(5, true) }} -pm.max_requests = {{ item.pool_pm_max_requests | default(500, true) }} -{% if item.pool_pm_status_path|length %} -pm.status_path = {{ item.pool_pm_status_path }} -{% endif %} diff --git a/roles/geerlingguy.php/vars/Debian-10.yml b/roles/geerlingguy.php/vars/Debian-10.yml deleted file mode 100644 index ec895ae..0000000 --- a/roles/geerlingguy.php/vars/Debian-10.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.3" diff --git a/roles/geerlingguy.php/vars/Debian-11.yml b/roles/geerlingguy.php/vars/Debian-11.yml deleted file mode 100644 index a16b99b..0000000 --- a/roles/geerlingguy.php/vars/Debian-11.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.4" diff --git a/roles/geerlingguy.php/vars/Debian-12.yml b/roles/geerlingguy.php/vars/Debian-12.yml deleted file mode 100644 index b545b36..0000000 --- a/roles/geerlingguy.php/vars/Debian-12.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "8.2" diff --git a/roles/geerlingguy.php/vars/Debian.yml b/roles/geerlingguy.php/vars/Debian.yml deleted file mode 100644 index d03d1f9..0000000 --- a/roles/geerlingguy.php/vars/Debian.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -__php_default_version_debian: "7.0" -__php_packages: - - php{{ php_default_version_debian }}-common - - php{{ php_default_version_debian }}-cli - - php{{ php_default_version_debian }}-dev - - php{{ php_default_version_debian }}-fpm - - libpcre3-dev - - php{{ php_default_version_debian }}-gd - - php{{ php_default_version_debian }}-curl - - php{{ php_default_version_debian }}-imap - - php{{ php_default_version_debian }}-opcache - - php{{ php_default_version_debian }}-xml - - php{{ php_default_version_debian }}-mbstring - - php{{ php_default_version_debian }}-apcu - - php{{ php_default_version_debian }}-sqlite3 - -__php_webserver_daemon: "apache2" - -# Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode. -__php_conf_paths: - - /etc/php/{{ php_default_version_debian }}/fpm - - /etc/php/{{ php_default_version_debian }}/apache2 - - /etc/php/{{ php_default_version_debian }}/cli - -__php_extension_conf_paths: - - /etc/php/{{ php_default_version_debian }}/fpm/conf.d - - /etc/php/{{ php_default_version_debian }}/apache2/conf.d - - /etc/php/{{ php_default_version_debian }}/cli/conf.d - -__php_apc_conf_filename: 20-apcu.ini -__php_opcache_conf_filename: 10-opcache.ini -__php_fpm_daemon: php{{ php_default_version_debian }}-fpm -__php_fpm_conf_path: "/etc/php/{{ php_default_version_debian }}/fpm" -__php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf" - -__php_fpm_pool_user: www-data -__php_fpm_pool_group: www-data diff --git a/roles/geerlingguy.php/vars/RedHat.yml b/roles/geerlingguy.php/vars/RedHat.yml deleted file mode 100644 index e1e4458..0000000 --- a/roles/geerlingguy.php/vars/RedHat.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -__php_packages: - - php - - php-cli - - php-common - - php-devel - - php-fpm - - php-gd - - php-ldap - - php-mbstring - - php-opcache - - php-pdo - - php-pear - - php-pecl-apcu - - php-xml - - php-xmlrpc -__php_webserver_daemon: "httpd" - -__php_conf_paths: - - /etc - -__php_extension_conf_paths: - - /etc/php.d - -__php_apc_conf_filename: 50-apc.ini -__php_opcache_conf_filename: 10-opcache.ini -__php_fpm_daemon: php-fpm -__php_fpm_conf_path: "/etc/fpm" -__php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf" - -__php_fpm_pool_user: apache -__php_fpm_pool_group: apache diff --git a/roles/geerlingguy.php/vars/Ubuntu-18.yml b/roles/geerlingguy.php/vars/Ubuntu-18.yml deleted file mode 100644 index 82230bc..0000000 --- a/roles/geerlingguy.php/vars/Ubuntu-18.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.2" diff --git a/roles/geerlingguy.php/vars/Ubuntu-20.yml b/roles/geerlingguy.php/vars/Ubuntu-20.yml deleted file mode 100644 index a16b99b..0000000 --- a/roles/geerlingguy.php/vars/Ubuntu-20.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.4" diff --git a/roles/geerlingguy.php/vars/Ubuntu-22.yml b/roles/geerlingguy.php/vars/Ubuntu-22.yml deleted file mode 100644 index 833addf..0000000 --- a/roles/geerlingguy.php/vars/Ubuntu-22.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "8.1" From 5cb73e4e534a6dd17755687690250bbb542da597 Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 10 Jul 2025 06:40:26 -0400 Subject: [PATCH 11/12] Update github.yml --- roles/operations.runner/tasks/github.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/operations.runner/tasks/github.yml b/roles/operations.runner/tasks/github.yml index 86e0976..58273a1 100644 --- a/roles/operations.runner/tasks/github.yml +++ b/roles/operations.runner/tasks/github.yml @@ -10,7 +10,7 @@ become_user: "{{ item.runner_user | default(operations_platform_user) | default('platform')}}" set_fact: # @TODO: Is there a better way to set defaults in a list of maps? - item_runner_path: "{{ item.runner_path }}" + item_runner_path: "{{ user_facts.home }}/{{ item.runner_path | default('runner')}}" item_runner_user: "{{ item.runner_user | default(operations_platform_user) | default('platform')}}" item_runner_name: "{{ item.runner_user | default(operations_platform_user) }}@{{ item.runner_name | default(inventory_hostname) }}" item_runner_repo: "{{ item.runner_repo | default(operations_runner_repo_default) }}" From 078f2154c55d630c71be04a36a1e7fdf02344c7a Mon Sep 17 00:00:00 2001 From: Jon Pugh Date: Thu, 10 Jul 2025 06:40:57 -0400 Subject: [PATCH 12/12] Delete ansible.cfg --- ansible.cfg | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 ansible.cfg diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index d0c75cd..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,10 +0,0 @@ - -# This config file should be in the operations-dashboard root. -# It can be a symlink to this file, or you can copy it to customize it for your needs. -# ln -s vendor/operations/site-runner/ansible.cfg -[defaults] -stdout_callback = yaml -force_color = True -inventory=ansible/inventory.yml -roles_path=vendor/operations/site-runner/roles -deprecation_warnings=False