From ac585b4726cc392a2b5dcd81c6f8bfb2280accc3 Mon Sep 17 00:00:00 2001 From: Viktor Berke Date: Sat, 18 Nov 2023 03:13:25 +0100 Subject: [PATCH] Install and configure PHP automatically Fixes #3 --- handlers/main.yml | 5 +++ tasks/main.yml | 8 ++++- tasks/{install.yml => nginx.yml} | 0 tasks/php.yml | 60 ++++++++++++++++++++++++++++++++ tasks/wordpress.yml | 17 +++++++++ templates/nginx.conf.j2 | 2 +- templates/php.conf.j2 | 2 +- tests/main.yml | 2 ++ tests/php.yml | 55 +++++++++++++++++++++++++++++ vars/main.yml | 2 ++ 10 files changed, 150 insertions(+), 3 deletions(-) rename tasks/{install.yml => nginx.yml} (100%) create mode 100644 tasks/php.yml create mode 100644 tasks/wordpress.yml create mode 100644 tests/php.yml diff --git a/handlers/main.yml b/handlers/main.yml index 970f2b3..ed2e825 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,3 +2,8 @@ - name: Reload nginx # noqa no-changed-when shell: cmd: nginx -t && systemctl restart nginx.service + +- name: Reload PHP + systemd_service: + name: "{{ noobient_nginx_php_unit }}" + state: restarted diff --git a/tasks/main.yml b/tasks/main.yml index 98172d5..6e1b52a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,11 @@ --- -- include_tasks: install.yml +- include_tasks: wordpress.yml + when: (noobient_nginx_wp_installed is not defined) and (mode == 'wordpress') + +- include_tasks: php.yml + when: (noobient_nginx_php_installed is not defined) and (mode == 'php' or mode == 'wordpress') + +- include_tasks: nginx.yml when: noobient_nginx_installed is not defined - include_tasks: config.yml diff --git a/tasks/install.yml b/tasks/nginx.yml similarity index 100% rename from tasks/install.yml rename to tasks/nginx.yml diff --git a/tasks/php.yml b/tasks/php.yml new file mode 100644 index 0000000..cf471eb --- /dev/null +++ b/tasks/php.yml @@ -0,0 +1,60 @@ +--- +- name: Install PHP + package: + name: php-fpm + state: latest + +# Ubuntu applies versioning to their PHP-FPM service names, because brain damage +- name: Determine PHP-FPM unit name + shell: + cmd: "update-alternatives --query php | grep '^Best' | awk '{print $2}' | xargs basename | sed 's/php//'" + changed_when: false + register: noobient_nginx_php_check + when: ansible_pkg_mgr == 'apt' + +- set_fact: + noobient_nginx_php_ver: "{{ noobient_nginx_php_check.stdout_lines[0] }}" + when: ansible_pkg_mgr == 'apt' + +- set_fact: + noobient_nginx_php_unit: "php{% if ansible_pkg_mgr == 'apt' %}{{ noobient_nginx_php_ver }}{% endif %}-fpm.service" + noobient_nginx_php_ini: "{% if ansible_pkg_mgr == 'dnf' %}/etc/php.ini{% else %}/etc/php/{{ noobient_nginx_php_ver }}/fpm/php.ini{% endif %}" + noobient_nginx_fpm_conf: "{% if ansible_pkg_mgr == 'dnf' %}/etc/php-fpm.d/{% else %}/etc/php/{{ noobient_nginx_php_ver }}/fpm/pool.d/{% endif %}www.conf" + noobient_nginx_fpm_sock: "{% if ansible_pkg_mgr == 'dnf' %}/run/php-fpm/www.sock{% else %}/run/php/php{{ noobient_nginx_php_ver }}-fpm.sock{% endif %}" + +- name: Set PHP options + ini_file: + path: "{{ noobient_nginx_php_ini }}" + section: PHP + option: "{{ item.option }}" + value: "{{ item.value }}" + mode: '0644' + backup: true + loop: + - { option: 'post_max_size', value: '32M' } + - { option: 'upload_max_filesize', value: '32M' } + notify: Reload PHP + +- name: Set PHP-FPM options + ini_file: + path: "{{ noobient_nginx_fpm_conf }}" + section: www + option: "{{ item.option }}" + value: "{{ item.value }}" + mode: '0644' + backup: true + loop: + - { option: 'user', value: "{{ nginx_account }}" } + - { option: 'group', value: "{{ nginx_account }}" } + - { option: 'pm', value: 'ondemand' } + - { option: 'pm.process_idle_timeout', value: '10s' } + #- { option: 'pm.max_requests', value: '' } + #- { option: 'pm.max_children', value: '' } + notify: Reload PHP + +- name: Enable PHP service + systemd_service: + name: "{{ noobient_nginx_php_unit }}" + enabled: true + state: started + register: noobient_nginx_php_installed diff --git a/tasks/wordpress.yml b/tasks/wordpress.yml new file mode 100644 index 0000000..03e1a69 --- /dev/null +++ b/tasks/wordpress.yml @@ -0,0 +1,17 @@ +--- +- name: Install PHP packages for WordPress + package: + name: "{{ packages }}" + state: latest + vars: + packages: + - php-pdo + - php-gd + - php-opcache + - php-mysqlnd + - php-json + - php-mbstring + - "php{% if ansible_pkg_mgr == 'apt' %}{{ noobient_nginx_php_ver }}{% endif %}-intl" + - "php{% if ansible_pkg_mgr == 'dnf' %}-pecl{% else %}{{ noobient_nginx_php_ver }}{% endif %}-imagick" + - "php{% if ansible_pkg_mgr == 'dnf' %}-pecl{% else %}{{ noobient_nginx_php_ver }}{% endif %}-zip" + register: noobient_nginx_wp_installed diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 63b788d..35c1ff9 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -1,5 +1,5 @@ # avoid root, it's unnecessary -user {% if ansible_pkg_mgr == 'dnf' %}nginx{% else %}www-data{% endif %}; +user {{ nginx_account }}; # start processes according to the number of cores worker_processes auto; diff --git a/templates/php.conf.j2 b/templates/php.conf.j2 index 656e36d..8e2bbe2 100644 --- a/templates/php.conf.j2 +++ b/templates/php.conf.j2 @@ -3,7 +3,7 @@ index index.php; location ~ \.php$ { try_files $uri =404; - fastcgi_pass unix:/run/php-fpm/www.sock; + fastcgi_pass unix:{{ noobient_nginx_fpm_sock }}; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; diff --git a/tests/main.yml b/tests/main.yml index 4281807..98b38dd 100644 --- a/tests/main.yml +++ b/tests/main.yml @@ -1,6 +1,8 @@ --- - hosts: 127.0.0.1 tasks: + - include_tasks: php.yml + - include_role: name: "{{ playbook_dir.split('/')[:-1] | last }}" vars: diff --git a/tests/php.yml b/tests/php.yml new file mode 100644 index 0000000..c3e7644 --- /dev/null +++ b/tests/php.yml @@ -0,0 +1,55 @@ +--- +- include_role: + name: "{{ playbook_dir.split('/')[:-1] | last }}" + vars: + domain: foo0.com + ssl_disabled: true + mode: php + +# lineinfile fails for whatever reason +- name: Redirect foo0.com requests to localhost # noqa no-changed-when + shell: + cmd: echo '127.0.0.1 foo0.com' >> /etc/hosts + +# for nginx_account +- include_vars: + file: ../vars/main.yml + +- name: Create document root + file: + path: /var/www/html/foo0.com + state: directory + recurse: true + owner: "{{ nginx_account }}" + group: "{{ nginx_account }}" + mode: '0755' + +- name: Set up index with phpinfo() # noqa risky-file-permissions + copy: + dest: /var/www/html/foo0.com/index.php + content: | + + +# TODO On EL, cURL is installed by default. On top of that, on AlmaLinux 9, curl +# is broken, and on Fedora, curl-minimal is broken. So just skip it altogether. +# https://bugs.launchpad.net/tripleo/+bug/1953156 +- name: Install cURL + package: + name: curl + state: latest + register: installed_curl + when: installed_curl is not defined and ansible_os_family != 'RedHat' + +# gotta trigger manually, since nginx is only started via reload handler +- meta: flush_handlers + +- name: Check phpinfo # noqa command-instead-of-module + shell: + cmd: curl --silent http://foo0.com | grep -A7 '>System <' | sed 's@ @{{ ":" }} @' | sed -e 's/<[^>]*>//g' + changed_when: false + register: curl_phpinfo_content + +- debug: + msg: "{{ curl_phpinfo_content.stdout_lines }}" diff --git a/vars/main.yml b/vars/main.yml index 48bcf2f..183046f 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,5 +1,7 @@ --- nginx_root: /etc/nginx +nginx_account: "{% if ansible_pkg_mgr == 'dnf' %}nginx{% else %}www-data{% endif %}" + eff_www_mode: "{% if www_mode is defined and www_mode | length %}{{ www_mode }}{% else %}redirect{% endif %}" eff_path: "{% if path is defined and path | length %}{{ path }}{% else %}/var/www/html/{{ domain }}{% endif %}" eff_ssl_disabled: "{% if ssl_disabled is defined and ssl_disabled | string | length %}{{ ssl_disabled }}{% else %}false{% endif %}"