Pull roles into repo

This solves my issues with ansible-pull and -galaxy along with giving me a copy of the repos in case geerlingguy's stuff goes down or I need it for offline use
This commit is contained in:
Salt 2020-10-29 01:53:06 -05:00
parent 912bdad794
commit e9e1936b50
104 changed files with 3258 additions and 8 deletions

8
roles/.gitignore vendored
View File

@ -1,8 +0,0 @@
# Match everything in this directory
/*
# Except for obvious important stuff:
!.gitignore
!requirements.yml
# And local roles:
!ansible-pull/
!common/

3
roles/geerlingguy.apache/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

View File

@ -0,0 +1,33 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: apache
matrix:
- MOLECULE_DISTRO: ubi8
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: centos6
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: ubuntu1604
- MOLECULE_DISTRO: ubuntu1404
- MOLECULE_DISTRO: debian10
- MOLECULE_DISTRO: debian9
install:
# Install test dependencies.
- pip install molecule docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

View File

@ -0,0 +1,156 @@
# Ansible Role: Apache 2.x
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache)
An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris.
## Requirements
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
apache_enablerepo: ""
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHosts.
apache_remove_default_vhost: false
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file.
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
# Add other global settings on subsequent lines.
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration.
apache_vhosts:
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `allow_override` (optional: defaults to the value of `apache_allow_override`), `options` (optional: defaults to the value of `apache_options`), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:
- servername: "www.local.dev"
serveralias: "local.dev"
documentroot: "/var/www/html"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.
apache_vhosts_ssl: []
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example:
apache_vhosts_ssl:
- servername: "local.dev"
documentroot: "/var/www/html"
certificate_file: "/home/vagrant/example.crt"
certificate_key_file: "/home/vagrant/example.key"
certificate_chain_file: "/path/to/certificate_chain.crt"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Other SSL directives can be managed with other SSL-related role variables.
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.
apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"
The default values for the `AllowOverride` and `Options` directives for the `documentroot` directory of each vhost. A vhost can overwrite these values by specifying `allow_override` or `options`.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods.
apache_packages:
- [platform-specific]
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values).
apache_state: started
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
apache_packages_state: present
If you have enabled any additional repositories such as _ondrej/apache2_, [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel), or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to upgrade versions. You can set this to `latest` (combined with `apache_enablerepo` on RHEL) and can directly upgrade to a different Apache version from a different repo (instead of uninstalling and reinstalling Apache).
apache_ignore_missing_ssl_certificate: true
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Lets Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
## .htaccess-based Basic Authorization
If you require Basic Auth support, you can add it either through a custom template, or by adding `extra_parameters` to a VirtualHost configuration, like so:
extra_parameters: |
<Directory "/var/www/password-protected-directory">
Require valid-user
AuthType Basic
AuthName "Please authenticate"
AuthUserFile /var/www/password-protected-directory/.htpasswd
</Directory>
To password protect everything within a VirtualHost directive, use the `Location` block instead of `Directory`:
<Location "/">
Require valid-user
....
</Location>
You would need to generate/upload your own `.htpasswd` file in your own playbook. There may be other roles that support this functionality in a more integrated way.
## Dependencies
None.
## Example Playbook
- hosts: webservers
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.apache }
*Inside `vars/main.yml`*:
apache_listen_port: 8080
apache_vhosts:
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

View File

@ -0,0 +1,58 @@
---
apache_enablerepo: ""
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"
# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
# Set this to `true` to remove that default.
apache_remove_default_vhost: false
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
apache_vhosts:
# Additional properties:
# 'serveradmin, serveralias, allow_override, options, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"
apache_vhosts_ssl: []
# Additional properties:
# 'serveradmin, serveralias, allow_override, options, extra_parameters'.
# - servername: "local.dev",
# documentroot: "/var/www/html",
# certificate_file: "/path/to/certificate.crt",
# certificate_key_file: "/path/to/certificate.key",
# # Optional.
# certificate_chain_file: "/path/to/certificate_chain.crt"
apache_ignore_missing_ssl_certificate: true
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
# Only used on Debian/Ubuntu.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
# Set initial apache state. Recommended values: `started` or `stopped`
apache_state: started
# Set apache state when configuration changes are made. Recommended values:
# `restarted` or `reloaded`
apache_restart_state: restarted
# Apache package state; use `present` to make sure it's installed, or `latest`
# if you want to upgrade or switch versions using a new repo.
apache_packages_state: present

View File

@ -0,0 +1,5 @@
---
- name: restart apache
service:
name: "{{ apache_service }}"
state: "{{ apache_restart_state }}"

View File

@ -0,0 +1,2 @@
install_date: Thu Oct 29 02:41:52 2020
version: 3.1.0

View File

@ -0,0 +1,38 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Apache 2.x for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all
- name: Amazon
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- trusty
- xenial
- bionic
- name: Solaris
versions:
- 11.3
galaxy_tags:
- web
- apache
- webserver
- html
- httpd
allow_duplicates: true

View File

@ -0,0 +1,29 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-file: molecule/default/yaml-lint.yml
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
lint:
name: ansible-lint
playbooks:
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
scenario:
name: default
verifier:
name: testinfra
lint:
name: flake8

View File

@ -0,0 +1,21 @@
---
- name: Converge
hosts: all
become: true
vars:
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts:
- servername: "example.com"
documentroot: "/var/www/vhosts/example_com"
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
roles:
- role: geerlingguy.apache

View File

@ -0,0 +1,6 @@
---
extends: default
rules:
line-length:
max: 120
level: warning

View File

@ -0,0 +1,54 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/ports.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Enable Apache mods.
file:
src: "{{ apache_server_root }}/mods-available/{{ item }}"
dest: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: link
with_items: "{{ apache_mods_enabled }}"
notify: restart apache
- name: Disable Apache mods.
file:
path: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: absent
with_items: "{{ apache_mods_disabled }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: "path={{ item.certificate_file }}"
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool
- name: Add vhost symlink in sites-enabled.
file:
src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}"
state: link
notify: restart apache
when: apache_create_vhosts | bool
- name: Remove default vhost in sites-enabled.
file:
path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}"
state: absent
notify: restart apache
when: apache_remove_default_vhost

View File

@ -0,0 +1,36 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool
- name: Check if localhost cert exists (RHEL 8 and later).
stat:
path: /etc/pki/tls/certs/localhost.crt
register: localhost_cert
when: ansible_distribution_major_version | int >= 8
- name: Ensure httpd certs are installed (RHEL 8 and later).
command: /usr/libexec/httpd-ssl-gencerts
when:
- ansible_distribution_major_version | int >= 8
- not localhost_cert.stat.exists

View File

@ -0,0 +1,19 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool

View File

@ -0,0 +1,24 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/listen.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool

View File

@ -0,0 +1,47 @@
---
# Include variables and define needed variables.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Include variables for Amazon Linux.
include_vars: "AmazonLinux.yml"
when:
- ansible_distribution == "Amazon"
- ansible_distribution_major_version == "NA"
- name: Define apache_packages.
set_fact:
apache_packages: "{{ __apache_packages | list }}"
when: apache_packages is not defined
# Setup/install tasks.
- include_tasks: "setup-{{ ansible_os_family }}.yml"
# Figure out what version of Apache is installed.
- name: Get installed version of Apache.
command: "{{ apache_daemon_path }}{{ apache_daemon }} -v"
changed_when: false
check_mode: false
register: _apache_version
- name: Create apache_version variable.
set_fact:
apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}"
- name: Include Apache 2.2 variables.
include_vars: apache-22.yml
when: "apache_version.split('.')[1] == '2'"
- name: Include Apache 2.4 variables.
include_vars: apache-24.yml
when: "apache_version.split('.')[1] == '4'"
# Configure Apache.
- name: Configure Apache.
include_tasks: "configure-{{ ansible_os_family }}.yml"
- name: Ensure Apache has selected state and enabled on boot.
service:
name: "{{ apache_service }}"
state: "{{ apache_state }}"
enabled: true

View File

@ -0,0 +1,6 @@
---
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=3600
- name: Ensure Apache is installed on Debian.
apt: "name={{ apache_packages }} state={{ apache_packages_state }}"

View File

@ -0,0 +1,6 @@
---
- name: Ensure Apache is installed on RHEL.
package:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"
enablerepo: "{{ apache_enablerepo | default(omit, true) }}"

View File

@ -0,0 +1,5 @@
---
- name: Ensure Apache is installed on Solaris.
pkg5:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"

View File

@ -0,0 +1,5 @@
---
- name: Ensure Apache is installed on Suse.
zypper:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"

View File

@ -0,0 +1,82 @@
{{ apache_global_vhost_settings }}
{# Set up VirtualHosts #}
{% for vhost in apache_vhosts %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
Options {{ vhost.options | default(apache_options) }}
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
</VirtualHost>
{% endfor %}
{# Set up SSL VirtualHosts #}
{% for vhost in apache_vhosts_ssl %}
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
SSLEngine on
SSLCipherSuite {{ apache_ssl_cipher_suite }}
SSLProtocol {{ apache_ssl_protocol }}
SSLHonorCipherOrder On
{% if apache_vhosts_version == "2.4" %}
SSLCompression off
{% endif %}
SSLCertificateFile {{ vhost.certificate_file }}
SSLCertificateKeyFile {{ vhost.certificate_key_file }}
{% if vhost.certificate_chain_file is defined %}
SSLCertificateChainFile {{ vhost.certificate_chain_file }}
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
Options {{ vhost.options | default(apache_options) }}
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
</VirtualHost>
{% endif %}
{% endfor %}

View File

@ -0,0 +1,18 @@
---
apache_service: httpd
apache_daemon: httpd
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/httpd
apache_conf_path: /etc/httpd/conf.d
apache_vhosts_version: "2.4"
__apache_packages:
- httpd24
- httpd24-devel
- mod24_ssl
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"

View File

@ -0,0 +1,14 @@
---
apache_service: apache2
apache_daemon: apache2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2
__apache_packages:
- apache2
- apache2-utils
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"

View File

@ -0,0 +1,20 @@
---
apache_service: httpd
apache_daemon: httpd
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/httpd
apache_conf_path: /etc/httpd/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- httpd
- httpd-devel
- mod_ssl
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

View File

@ -0,0 +1,19 @@
---
apache_service: apache24
apache_daemon: httpd
apache_daemon_path: /usr/apache2/2.4/bin/
apache_server_root: /etc/apache2/2.4/
apache_conf_path: /etc/apache2/2.4/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- web/server/apache-24
- web/server/apache-24/module/apache-ssl
- web/server/apache-24/module/apache-security
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

View File

@ -0,0 +1,18 @@
---
apache_service: apache2
apache_daemon: httpd2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- apache2
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

View File

@ -0,0 +1,12 @@
---
apache_vhosts_version: "2.2"
apache_default_vhost_filename: 000-default
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}
- {
regexp: "^#?NameVirtualHost ",
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
}

View File

@ -0,0 +1,8 @@
---
apache_vhosts_version: "2.4"
apache_default_vhost_filename: 000-default.conf
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}

View File

@ -0,0 +1,5 @@
skip_list:
- '306'
- '405'
- '503'
- '106'

View File

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/geerlingguy.php/.github/stale.yml vendored Normal file
View File

@ -0,0 +1,56 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

3
roles/geerlingguy.php/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

View File

@ -0,0 +1,38 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: php
matrix:
- MOLECULE_DISTRO: centos8
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: ubuntu2004
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: debian10
- MOLECULE_DISTRO: debian9
- MOLECULE_DISTRO: centos7
MOLECULE_PLAYBOOK: playbook-source.yml
before_install:
# Upgrade Docker to work with docker-py.
- curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash
install:
# Install test dependencies.
- pip install molecule[docker] yamllint ansible-lint docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -0,0 +1,11 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/stale.yml
.travis.yml

View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

View File

@ -0,0 +1,239 @@
# Ansible Role: PHP
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php)
Installs PHP on RedHat/CentOS and Debian/Ubuntu servers.
## Requirements
If you're using an older LTS release of Ubuntu or RHEL, with an old/outdated version of PHP, you need to use a repo or PPA with a maintained PHP version, as this role only works with [PHP versions that are currently supported](http://php.net/supported-versions.php) by the PHP community.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
php_packages: []
A list of the PHP packages to install (OS-specific by default). You'll likely want to install common packages like `php`, `php-cli`, `php-devel` and `php-pdo`, and you can add in whatever other packages you'd like (for example, `php-gd` for image manipulation, or `php-ldap` if you need to connect to an LDAP server for authentication).
_Note: If you're using Debian/Ubuntu, you also need to install `libapache2-mod-fastcgi` (for cgi/PHP-FPM) or `libapache2-mod-php7.0` (or a similar package depending on PHP version) if you want to use `mod_php` with Apache._
php_packages_extra: []
A list of extra PHP packages to install without overriding the default list.
php_enable_webserver: true
If your usage of PHP is tied to a web server (e.g. Apache or Nginx), leave this default value. If you are using PHP server-side or to run some small application, set this value to `false` so this role doesn't attempt to interact with a web server.
php_webserver_daemon: "httpd"
The default values for the HTTP server deamon are `httpd` (used by Apache) for RedHat/CentOS, or `apache2` (also used by Apache) for Debian/Ubuntu. If you are running another webserver (for example, `nginx`), change this value to the name of the daemon under which the webserver runs.
php_enablerepo: ""
(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi)), those repositories can be listed under this variable (e.g. `remi-php70,epel`). This can be handy, as an example, if you want to install the latest version of PHP 7.0, which is in the Remi repository.
php_default_version_debian: ""
(Debian/Ubuntu only) The default version of PHP in the given OS version repositories. The specific version is set per distro and per version, but you can override it by providing a value here, like `"7.4"`.
**If you'd like to be able to switch PHP versions easily, or use a version that's not available in system packages**: You can use the [`geerlingguy.php-versions`](https://galaxy.ansible.com/geerlingguy/php-versions/) role to more easily switch between major PHP versions (e.g. 5.6, 7.1, 7.2).
php_packages_state: "present"
If you have enabled any additional repositories such as [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to swap PHP versions on the fly. By default, this is set to `"present"`. You can override this variable to `"latest"` to upgrade to the latest available version. Combined with `php_enablerepo`, a user now doesn't need to manually uninstall the existing PHP packages before installing them from a different repository.
php_install_recommends: true
(Debian/Ubuntu only) Whether to install recommended packages when installing `php_packages`; you might want to set this to `no` explicitly if you're installing a PPA that recommends certain packages you don't want (e.g. Ondrej's `php` PPA will install `php7.0-cli` if you install `php-pear` alongside `php5.6-cli`... which is often not desired!).
php_executable: "php"
The executable to run when calling PHP from the command line. You should only change this if running `php` on your server doesn't target the correct executable, or if you're using software collections on RHEL/CentOS and need to target a different version of PHP.
### PHP-FPM
PHP-FPM is a simple and robust FastCGI Process Manager for PHP. It can dramatically ease scaling of PHP apps and is the normal way of running PHP-based sites and apps when using a webserver like Nginx (though it can be used with other webservers just as easily).
When using this role with PHP running as `php-fpm` instead of as a process inside a webserver (e.g. Apache's `mod_php`), you need to set the following variable to `true`:
php_enable_php_fpm: false
If you're using Apache, you can easily get it configured to work with PHP-FPM using the [geerlingguy.apache-php-fpm](https://github.com/geerlingguy/ansible-role-apache-php-fpm) role.
php_fpm_state: started
php_fpm_enabled_on_boot: true
Control over the fpm daemon's state; set these to `stopped` and `false` if you want FPM to be installed and configured, but not running (e.g. when installing in a container).
php_fpm_handler_state: restarted
The handler restarts PHP-FPM by default. Setting the value to `reloaded` will reload the service, intead of restarting it.
php_fpm_listen: "127.0.0.1:9000"
php_fpm_listen_allowed_clients: "127.0.0.1"
php_fpm_pm_max_children: 50
php_fpm_pm_start_servers: 5
php_fpm_pm_min_spare_servers: 5
php_fpm_pm_max_spare_servers: 5
Specific settings inside the default `www.conf` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template or using `lineinfile` like this role does inside `tasks/configure-fpm.yml`.
### php.ini settings
php_use_managed_ini: true
By default, all the extra defaults below are applied through the php.ini included with this role. You can self-manage your php.ini file (if you need more flexility in its configuration) by setting this to `false` (in which case all the below variables will be ignored).
php_fpm_pool_user: "[apache|nginx|other]" # default varies by OS
php_fpm_pool_group: "[apache|nginx|other]" # default varies by OS
php_memory_limit: "256M"
php_max_execution_time: "60"
php_max_input_time: "60"
php_max_input_vars: "1000"
php_realpath_cache_size: "32K"
php_file_uploads: "On"
php_upload_max_filesize: "64M"
php_max_file_uploads: "20"
php_post_max_size: "32M"
php_date_timezone: "America/Chicago"
php_allow_url_fopen: "On"
php_sendmail_path: "/usr/sbin/sendmail -t -i"
php_output_buffering: "4096"
php_short_open_tag: false
php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT"
php_display_errors: "Off"
php_display_startup_errors: "On"
php_expose_php: "On"
php_session_cookie_lifetime: 0
php_session_gc_probability: 1
php_session_gc_divisor: 1000
php_session_gc_maxlifetime: 1440
php_session_save_handler: files
php_session_save_path: ''
php_disable_functions: []
php_precision: 14
php_serialize_precision: "-1"
Various defaults for PHP. Only used if `php_use_managed_ini` is set to `true`.
### OpCache-related Variables
The OpCache is included in PHP starting in version 5.5, and the following variables will only take effect if the version of PHP you have installed is 5.5 or greater.
php_opcache_zend_extension: "opcache.so"
php_opcache_enable: "1"
php_opcache_enable_cli: "0"
php_opcache_memory_consumption: "96"
php_opcache_interned_strings_buffer: "16"
php_opcache_max_accelerated_files: "4096"
php_opcache_max_wasted_percentage: "5"
php_opcache_validate_timestamps: "1"
php_opcache_revalidate_path: "0"
php_opcache_revalidate_freq: "2"
php_opcache_max_file_size: "0"
OpCache ini directives that are often customized on a system. Make sure you have enough memory and file slots allocated in the OpCache (`php_opcache_memory_consumption`, in MB, and `php_opcache_max_accelerated_files`) to contain all the PHP code you are running. If not, you may get less-than-optimal performance!
For custom opcache.so location provide full path with `php_opcache_zend_extension`.
php_opcache_conf_filename: [platform-specific]
The platform-specific opcache configuration filename. Generally the default should work, but in some cases, you may need to override the filename.
### APCu-related Variables
php_enable_apc: true
Whether to enable APCu. Other APCu variables will be ineffective if this is set to false.
php_apc_shm_size: "96M"
php_apc_enable_cli: "0"
APCu ini directives that are often customized on a system. Set the `php_apc_shm_size` so it will hold all cache entries in memory with a little overhead (fragmentation or APC running out of memory will slow down PHP *dramatically*).
php_apc_conf_filename: [platform-specific]
The platform-specific APC configuration filename. Generally the default should work, but in some cases, you may need to override the filename.
#### Ensuring APC is installed
If you use APC, you will need to make sure APC is installed (it is installed by default, but if you customize the `php_packages` list, you need to include APC in the list):
- *On RHEL/CentOS systems*: Make sure `php-pecl-apcu` is in the list of `php_packages`.
- *On Debian/Ubuntu systems*: Make sure `php-apcu` is in the list of `php_packages`.
### Installing from Source
If you need a specific version of PHP, or would like to test the latest (e.g. master) version of PHP, there's a good chance there's no suitable package already available in your platform's package manager. In these cases, you may choose to install PHP from source by compiling it directly.
Note that source compilation takes *much* longer than installing from packages (PHP HEAD takes 5+ minutes to compile on a modern quad-core computer, just as a point of reference).
php_install_from_source: false
Set this to `true` to install PHP from source instead of installing from packages.
php_source_version: "master"
The version of PHP to install from source (a git branch, tag, or commit hash).
php_source_clone_dir: "~/php-src"
php_source_clone_depth: 1
php_source_install_path: "/opt/php"
php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h"
php_source_mysql_config: "/usr/bin/mysql_config"
Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific), and `mysql_config` binary (this may be `mariadb_config` in newer operating system versions).
php_source_make_command: "make"
Set the `make` command to `make --jobs=X` where `X` is the number of cores present on the server where PHP is being compiled. Will speed up compilation times dramatically if you have multiple cores.
php_source_configure_command: >
[...]
The `./configure` command that will build the Makefile to be used for PHP compilation. Add in all the options you need for your particular environment. Using a folded scalar (`>`) allows you to define the variable over multiple lines, which is extremely helpful for legibility and source control!
A few other notes/caveats for specific configurations:
- **Apache with `mpm_prefork`**: If you're using Apache with prefork as a webserver for PHP, you will need to make sure `apxs2` is available on your system (e.g. by installing `apache2-prefork-dev` in Ubuntu), and you will need to make sure the option `--with-apxs2` is defined in `php_source_configure_command`. Finally, you will need to make sure the `mpm_prefork` module is loaded instead of `mpm_worker` or `mpm_event`, and likely add a `phpX.conf` (where `X` is the major version of PHP) configuration file to the Apache module config folder with contents like [`php7.conf`](https://gist.github.com/geerlingguy/5ae5445f28e71264e8c1).
- **Apache with `mpm_event` or `mpm_worker`**: If you're using Apache with event or worker as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. You'll also need to make sure Apache's support for CGI and event is installed (e.g. by installing `apache2-mpm-event` and `libapache2-mod-fastcgi`) and the `mpm_event` module is loaded.
- **Nginx**: If you're using Nginx as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`.
## Dependencies
None.
## Example Playbook
- hosts: webservers
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.php }
*Inside `vars/main.yml`*:
php_memory_limit: "128M"
php_max_execution_time: "90"
php_upload_max_filesize: "256M"
php_packages:
- php
- php-cli
- php-common
- php-devel
- php-gd
- php-mbstring
- php-pdo
- php-pecl-apcu
- php-xml
...
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

View File

@ -0,0 +1,140 @@
---
# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only
# for RHEL/CentOS.
php_enablerepo: ""
# Extra packages to install (in addition to distro-specific default lists).
php_packages_extra: []
# Default PHP version to install on Debian-based OSes (OS-specific).
# php_default_version_debian: ""
# PHP package state; use 'present' to make sure it's installed, or 'latest' if
# you want to upgrade or switch versions using a new repo.
php_packages_state: present
# Whether to install recommended packages. Used only for Debian/Ubuntu.
php_install_recommends: true
# Set this to false if you're not using PHP with Apache/Nginx/etc.
php_enable_webserver: true
# PHP-FPM configuration.
php_enable_php_fpm: false
php_fpm_state: started
php_fpm_handler_state: restarted
php_fpm_enabled_on_boot: true
php_fpm_listen: "127.0.0.1:9000"
php_fpm_listen_allowed_clients: "127.0.0.1"
php_fpm_pm_max_children: 50
php_fpm_pm_start_servers: 5
php_fpm_pm_min_spare_servers: 5
php_fpm_pm_max_spare_servers: 5
# The executable to run when calling PHP from the command line.
php_executable: "php"
# OpCache settings.
php_opcache_zend_extension: "opcache.so"
php_opcache_enable: "1"
php_opcache_enable_cli: "0"
php_opcache_memory_consumption: "96"
php_opcache_interned_strings_buffer: "16"
php_opcache_max_accelerated_files: "4096"
php_opcache_max_wasted_percentage: "5"
php_opcache_validate_timestamps: "1"
php_opcache_revalidate_path: "0"
php_opcache_revalidate_freq: "2"
php_opcache_max_file_size: "0"
php_opcache_blacklist_filename: ""
# APCu settings.
php_enable_apc: true
php_apc_shm_size: "96M"
php_apc_enable_cli: "0"
# If this is set to false, none of the following options will have any effect.
# Any and all changes to /etc/php.ini will be your responsibility.
php_use_managed_ini: true
php_expose_php: "On"
php_memory_limit: "256M"
php_max_execution_time: "60"
php_max_input_time: "60"
php_max_input_vars: "1000"
php_realpath_cache_size: "32K"
php_file_uploads: "On"
php_upload_max_filesize: "64M"
php_max_file_uploads: "20"
php_post_max_size: "32M"
php_date_timezone: "America/Chicago"
php_allow_url_fopen: "On"
php_sendmail_path: "/usr/sbin/sendmail -t -i"
php_output_buffering: "4096"
php_short_open_tag: "Off"
php_disable_functions: []
php_precision: 14
php_serialize_precision: "-1"
php_session_cookie_lifetime: 0
php_session_gc_probability: 1
php_session_gc_divisor: 1000
php_session_gc_maxlifetime: 1440
php_session_save_handler: files
php_session_save_path: ''
php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT"
php_display_errors: "Off"
php_display_startup_errors: "Off"
# Install PHP from source (instead of using a package manager) with these vars.
php_install_from_source: false
php_source_repo: "https://git.php.net/repository/php-src.git"
php_source_version: "master"
php_source_clone_dir: "~/php-src"
php_source_clone_depth: 1
php_source_install_path: "/opt/php"
php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h"
php_source_mysql_config: "/usr/bin/mysql_config"
# For faster compile time: "make --jobs=X" where X is # of cores present.
php_source_make_command: "make"
php_source_configure_command: >
./configure
--prefix={{ php_source_install_path }}
--with-config-file-path={{ php_conf_paths | first }}
--enable-mbstring
--enable-zip
--enable-bcmath
--enable-pcntl
--enable-ftp
--enable-exif
--enable-calendar
--enable-opcache
--enable-pdo
--enable-sysvmsg
--enable-sysvsem
--enable-sysvshm
--enable-wddx
--with-curl
--with-mcrypt
--with-iconv
--with-gmp
--with-pspell
--with-gd
--with-jpeg-dir=/usr
--with-png-dir=/usr
--with-zlib-dir=/usr
--with-xpm-dir=/usr
--with-freetype-dir=/usr
--enable-gd-native-ttf
--enable-gd-jis-conv
--with-openssl
--with-pdo-mysql=/usr
--with-gettext=/usr
--with-zlib=/usr
--with-bz2=/usr
--with-recode=/usr
--with-mysqli={{ php_source_mysql_config }}

View File

@ -0,0 +1,15 @@
---
- name: restart webserver
service:
name: "{{ php_webserver_daemon }}"
state: restarted
notify: restart php-fpm
when: php_enable_webserver
- name: restart php-fpm
service:
name: "{{ php_fpm_daemon }}"
state: "{{ php_fpm_handler_state }}"
when:
- php_enable_php_fpm
- php_fpm_state == 'started'

View File

@ -0,0 +1,2 @@
install_date: Thu Oct 29 02:55:11 2020
version: 4.5.1

View File

@ -0,0 +1,37 @@
---
dependencies: []
galaxy_info:
role_name: php
author: geerlingguy
description: PHP for RedHat/CentOS/Fedora/Debian/Ubuntu.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.8
platforms:
- name: EL
versions:
- 6
- 7
- 8
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- trusty
- xenial
- bionic
galaxy_tags:
- development
- web
- php
- language
- fpm
- drupal
- wordpress
- joomla
- magento

View File

@ -0,0 +1,70 @@
---
- name: Converge
hosts: all
become: true
vars:
php_enable_webserver: false
php_enable_php_fpm: true
php_memory_limit: "192M"
php_enablerepo: "remi,remi-php70"
php_install_recommends: false
handlers:
- name: update apt cache
apt: update_cache=true
when: ansible_os_family == 'Debian'
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
# Ubuntu-specific tasks.
- name: Ensure dirmngr is installed (gnupg dependency).
apt:
name: dirmngr
state: present
when: ansible_os_family == 'Debian'
- name: Add repository for PHP 7.
apt_repository: repo='ppa:ondrej/php'
when: ansible_distribution == 'Ubuntu'
# Debian-specific tasks.
- name: Add dependencies for PHP versions (Debian).
apt:
name:
- apt-transport-https
- ca-certificates
- gnupg2
state: present
when: ansible_distribution == "Debian"
- name: Add Ondrej Sury's apt key (Debian).
apt_key:
url: https://packages.sury.org/php/apt.gpg
state: present
when: ansible_distribution == "Debian"
- name: Add Ondrej Sury's repo (Debian).
apt_repository:
repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
state: present
when: ansible_distribution == "Debian"
notify: update apt cache
- meta: flush_handlers
roles:
- role: geerlingguy.repo-remi
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
- role: geerlingguy.php
post_tasks:
- name: Confirm PHP configuration is correct.
shell: php -i | grep 'memory_limit.*192'
changed_when: false

View File

@ -0,0 +1,21 @@
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

View File

@ -0,0 +1,32 @@
---
- name: Converge
hosts: all
become: true
vars:
php_enable_webserver: false
php_install_from_source: true
php_source_clone_dir: /root/php-src
php_source_make_command: "make --jobs=2"
php_version: "7.4.8"
php_source_version: "php-{{ php_version }}"
php_memory_limit: "192M"
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
roles:
- role: geerlingguy.git
- role: geerlingguy.php
post_tasks:
- name: Confirm PHP configuration is correct.
shell: php -i | grep 'memory_limit.*192'
changed_when: false
- name: Check the installed PHP version.
shell: '/usr/bin/php --version | grep -qF "PHP {{ php_version }}"'
changed_when: false

View File

@ -0,0 +1,3 @@
---
- src: geerlingguy.repo-remi
- src: geerlingguy.git

View File

@ -0,0 +1,37 @@
---
- name: Check for existing APCu config files.
find:
paths: "{{ item }}"
contains: 'extension(\s+)?=(\s+)?apc[u]?\.so'
register: php_installed_apc_confs
with_items: "{{ php_extension_conf_paths }}"
- name: Remove any non-role-supplied APCu config files.
file:
path: "{{ item.1.path }}"
state: absent
when: php_apc_conf_filename != (item.1.path.split('/') | last)
with_subelements:
- "{{ php_installed_apc_confs.results }}"
- files
notify: restart webserver
- name: Ensure APCu config file is present.
template:
src: apc.ini.j2
dest: "{{ item }}/{{ php_apc_conf_filename }}"
owner: root
group: root
force: true
mode: 0644
with_items: "{{ php_extension_conf_paths }}"
when: php_enable_apc
notify: restart webserver
- name: Remove APCu config file if APC is disabled.
file:
path: "{{ item }}/{{ php_apc_conf_filename }}"
state: absent
with_items: "{{ php_extension_conf_paths }}"
when: not php_enable_apc
notify: restart webserver

View File

@ -0,0 +1,78 @@
---
- name: Define php_fpm_daemon.
set_fact:
php_fpm_daemon: "{{ __php_fpm_daemon }}"
when: php_fpm_daemon is not defined
- name: Define php_fpm_pool_conf_path.
set_fact:
php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}"
when: php_fpm_pool_conf_path is not defined
- name: Define php_fpm_pool_user.
set_fact:
php_fpm_pool_user: "{{ __php_fpm_pool_user }}"
when: php_fpm_pool_user is not defined
- name: Define php_fpm_pool_group.
set_fact:
php_fpm_pool_group: "{{ __php_fpm_pool_group }}"
when: php_fpm_pool_group is not defined
- name: Stat php_fpm_pool_conf_path
stat:
path: "{{ php_fpm_pool_conf_path | dirname }}"
register: php_fpm_pool_conf_path_dir_stat
- name: Ensure the default pool directory exists.
file:
path: "{{ php_fpm_pool_conf_path | dirname }}"
state: directory
owner: root
group: root
mode: 0755
when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined
- name: Ensure the default pool exists.
template:
src: www.conf.j2
dest: "{{ php_fpm_pool_conf_path }}"
owner: root
group: root
mode: 0644
force: false
when: php_enable_php_fpm
- name: Configure php-fpm pool (if enabled).
lineinfile:
dest: "{{ php_fpm_pool_conf_path }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
mode: 0644
with_items:
- regexp: "^user.?=.+$"
line: "user = {{ php_fpm_pool_user }}"
- regexp: "^group.?=.+$"
line: "group = {{ php_fpm_pool_group }}"
- regexp: "^listen.?=.+$"
line: "listen = {{ php_fpm_listen }}"
- regexp: '^listen\.allowed_clients.?=.+$'
line: "listen.allowed_clients = {{ php_fpm_listen_allowed_clients }}"
- regexp: '^pm\.max_children.?=.+$'
line: "pm.max_children = {{ php_fpm_pm_max_children }}"
- regexp: '^pm\.start_servers.?=.+$'
line: "pm.start_servers = {{ php_fpm_pm_start_servers }}"
- regexp: '^pm\.min_spare_servers.?=.+$'
line: "pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }}"
- regexp: '^pm\.max_spare_servers.?=.+$'
line: "pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }}"
when: php_enable_php_fpm
notify: restart php-fpm
- name: Ensure php-fpm is started and enabled at boot (if configured).
service:
name: "{{ php_fpm_daemon }}"
state: "{{ php_fpm_state }}"
enabled: "{{ php_fpm_enabled_on_boot }}"
when: php_enable_php_fpm and ansible_distribution != "Debian"

View File

@ -0,0 +1,37 @@
---
- name: Check for existing OpCache config files.
find:
paths: "{{ item }}"
contains: 'zend_extension(\s+)?=(\s+)?opcache\.so'
register: php_installed_opcache_confs
with_items: "{{ php_extension_conf_paths }}"
- name: Remove any non-role-supplied OpCache config files.
file:
path: "{{ item.1.path }}"
state: absent
when: php_opcache_conf_filename != (item.1.path.split('/') | last)
with_subelements:
- "{{ php_installed_opcache_confs.results }}"
- files
notify: restart webserver
- name: Ensure OpCache config file is present.
template:
src: opcache.ini.j2
dest: "{{ item }}/{{ php_opcache_conf_filename }}"
owner: root
group: root
force: true
mode: 0644
with_items: "{{ php_extension_conf_paths }}"
when: php_opcache_enable | bool
notify: restart webserver
- name: Remove OpCache config file if OpCache is disabled.
file:
path: "{{ item }}/{{ php_opcache_conf_filename }}"
state: absent
with_items: "{{ php_extension_conf_paths }}"
when: not php_opcache_enable | bool
notify: restart webserver

View File

@ -0,0 +1,21 @@
---
- name: Ensure configuration directories exist.
file:
path: "{{ item }}"
state: directory
follow: true
mode: 0755
with_flattened:
- "{{ php_conf_paths }}"
- "{{ php_extension_conf_paths }}"
- name: Place PHP configuration file in place.
template:
src: php.ini.j2
dest: "{{ item }}/php.ini"
owner: root
group: root
mode: 0644
with_items: "{{ php_conf_paths }}"
notify: restart webserver
when: php_use_managed_ini

View File

@ -0,0 +1,158 @@
---
- name: Ensure dependencies for building from source are installed (RedHat).
package:
name:
- autoconf
- automake
- libtool
- bison
- make
- re2c
- sqlite-devel
- oniguruma-devel
- curl-devel
- recode-devel
- aspell-devel
- libxml2-devel
- pkgconfig
- libmcrypt-devel
- t1lib-devel
- libXpm-devel
- libpng-devel
- libjpeg-turbo-devel
- bzip2-devel
- openssl-devel
- freetype-devel
- libicu-devel
- mariadb-devel
- gmp-devel
state: present
when: ansible_os_family == 'RedHat'
- name: Update apt cache (Debian).
apt: update_cache=yes cache_valid_time=86400
when: ansible_os_family == 'Debian'
- name: Ensure dependencies for building from source are installed (Debian).
apt:
name:
- build-essential
- autoconf
- automake
- libtool
- bison
- pkg-config
- re2c
- libsqlite3-dev
- libonig-dev
- libxml2-dev
- libcurl4-openssl-dev
- libbz2-dev
- libjpeg-dev
- libpng-dev
- libxpm-dev
- libfreetype6-dev
- libgmp3-dev
- libmcrypt-dev
- libmariadbclient-dev
- libpspell-dev
- librecode-dev
- libssl-dev
state: present
when: ansible_os_family == 'Debian'
- name: Define php_fpm_daemon (if not defined already).
set_fact:
php_fpm_daemon: "php-fpm"
when: php_fpm_daemon is not defined
- name: Check if gmp.h is already in a location accessible to gcc.
stat: path=/usr/include/gmp.h
register: gmp_file
- name: Ensure gmp.h is symlinked into a location accessible to gcc.
file: # noqa 208
src: "{{ php_source_install_gmp_path }}"
dest: /usr/include/gmp.h
state: link
when: not gmp_file.stat.exists
- name: Check if PHP is installed.
command: which php
changed_when: false
failed_when: false
register: php_installed
- name: Clone the PHP repository.
git:
repo: "{{ php_source_repo }}"
dest: "{{ php_source_clone_dir }}"
version: "{{ php_source_version }}"
accept_hostkey: true
depth: "{{ php_source_clone_depth }}"
when: php_installed.rc != 0
- name: Ensure PHP installation path exists.
file:
path: "{{ php_source_install_path }}"
state: directory
mode: 0755
when: php_installed.rc != 0
- name: Build configure script.
command: >
./buildconf --force
chdir={{ php_source_clone_dir }}
when: php_installed.rc != 0
- name: Run configure script.
command: >
{{ php_source_configure_command }}
chdir={{ php_source_clone_dir }}
when: php_installed.rc != 0
- name: Make and install PHP.
command: >
{{ item }}
chdir={{ php_source_clone_dir }}
with_items:
- "{{ php_source_make_command }}"
- make install
when: php_installed.rc != 0
- name: Ensure php executable is symlinked into a standard path.
file: # noqa 208
src: "{{ php_source_install_path }}/bin/php"
dest: /usr/bin/php
state: link
# PHP FPM configuration.
- name: Ensure php-fpm executable is symlinked into a standard path.
file: # noqa 208
src: "{{ php_source_install_path }}/sbin/php-fpm"
dest: "/usr/sbin/{{ php_fpm_daemon }}"
state: link
when: "'--enable-fpm' in php_source_configure_command"
- name: Ensure php-fpm init script is installed.
template:
src: fpm-init.j2
dest: "/etc/init.d/{{ php_fpm_daemon }}"
mode: 0755
when: "'--enable-fpm' in php_source_configure_command"
notify: restart php-fpm
- name: Ensure php-fpm config directory exists.
file:
path: "{{ php_fpm_conf_path }}"
state: directory
mode: 0755
when: "'--enable-fpm' in php_source_configure_command"
- name: Ensure php-fpm config file is installed.
template:
src: php-fpm.conf.j2
dest: "{{ php_fpm_conf_path }}/php-fpm.conf"
mode: 0644
when: "'--enable-fpm' in php_source_configure_command"
notify: restart php-fpm

View File

@ -0,0 +1,77 @@
---
# Variable setup.
- name: Include distribution and version-specific vars.
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
skip: true
- name: Set the default PHP version for Debian-based OSes.
set_fact:
php_default_version_debian: "{{ __php_default_version_debian }}"
when: php_default_version_debian is not defined and ansible_os_family == 'Debian'
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Define php_packages.
set_fact:
php_packages: "{{ __php_packages | list }}"
when: php_packages is not defined
- name: Define php_webserver_daemon.
set_fact:
php_webserver_daemon: "{{ __php_webserver_daemon }}"
when: php_webserver_daemon is not defined
- name: Define php_conf_paths.
set_fact:
php_conf_paths: "{{ __php_conf_paths }}"
when: php_conf_paths is not defined
- name: Define php_extension_conf_paths.
set_fact:
php_extension_conf_paths: "{{ __php_extension_conf_paths }}"
when: php_extension_conf_paths is not defined
- name: Define php_apc_conf_filename.
set_fact:
php_apc_conf_filename: "{{ __php_apc_conf_filename }}"
when: php_apc_conf_filename is not defined
- name: Define php_opcache_conf_filename (Ubuntu 16.04).
set_fact:
php_opcache_conf_filename: "10-opcache.ini"
when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04"
- name: Define php_opcache_conf_filename.
set_fact:
php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}"
when: php_opcache_conf_filename is not defined
- name: Define php_fpm_conf_path.
set_fact:
php_fpm_conf_path: "{{ __php_fpm_conf_path }}"
when: php_fpm_conf_path is not defined
# Setup/install tasks.
- include_tasks: setup-RedHat.yml
when:
- not php_install_from_source
- ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when:
- not php_install_from_source
- ansible_os_family == 'Debian'
# Install PHP from source when php_install_from_source is true.
- include_tasks: install-from-source.yml
when: php_install_from_source
# Configure PHP.
- include_tasks: configure.yml
- include_tasks: configure-apcu.yml
- include_tasks: configure-opcache.yml
- include_tasks: configure-fpm.yml

View File

@ -0,0 +1,27 @@
---
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=86400
- name: Ensure PHP packages are installed.
apt:
name: "{{ php_packages + php_packages_extra }}"
state: "{{ php_packages_state }}"
install_recommends: "{{ php_install_recommends }}"
register: php_package_install
notify: restart webserver
- name: Delete APCu configuration file if this role will provide one.
file:
path: "{{ item }}/{{ php_apc_conf_filename }}"
state: absent
with_items: "{{ php_extension_conf_paths }}"
when: php_enable_apc and php_package_install.changed
notify: restart webserver
- name: Delete OpCache configuration file if this role will provide one.
file:
path: "{{ item }}/{{ php_opcache_conf_filename }}"
state: absent
with_items: "{{ php_extension_conf_paths }}"
when: php_opcache_enable | bool and php_package_install.changed
notify: restart webserver

View File

@ -0,0 +1,7 @@
---
- name: Ensure PHP packages are installed.
package:
name: "{{ php_packages + php_packages_extra }}"
state: "{{ php_packages_state }}"
enablerepo: "{{ php_enablerepo | default(omit, true) }}"
notify: restart webserver

View File

@ -0,0 +1,4 @@
extension=apcu.so
apc.shm_size={{ php_apc_shm_size }}
apc.enable_cli={{ php_apc_enable_cli }}
apc.rfc1867=1

View File

@ -0,0 +1,170 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: php-fpm {{ php_fpm_daemon }}
# Required-Start: $remote_fs $network
# Required-Stop: $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts {{ php_fpm_daemon }}
# Description: Starts The PHP FastCGI Process Manager Daemon
### END INIT INFO
# Author: Ondrej Sury <ondrej@debian.org>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="PHP FastCGI Process Manager"
NAME={{ php_fpm_daemon }}
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf"
PIDFILE=/var/run/{{ php_fpm_daemon }}.pid
TIMEOUT=2
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
# Don't run if we are running upstart
if init_is_upstart; then
exit 1
fi
#
# Function to check the correctness of the config file
#
do_check()
{
/usr/lib/php5/php5-fpm-checkconf || return 1
return 0
}
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS 2>/dev/null \
|| return 2
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
# on this one. As a last resort, sleep for some time.
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME
return 0
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
check)
do_check yes
;;
reload|force-reload)
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
log_end_msg $?
;;
reopen-logs)
log_daemon_msg "Reopening $DESC logs" $NAME
if start-stop-daemon --stop --signal USR1 --oknodo --quiet \
--pidfile $PIDFILE --exec $DAEMON
then
log_end_msg 0
else
log_end_msg 1
fi
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
exit 1
;;
esac
:

View File

@ -0,0 +1,14 @@
zend_extension={{ php_opcache_zend_extension }}
opcache.enable={{ php_opcache_enable }}
opcache.enable_cli={{ php_opcache_enable_cli }}
opcache.memory_consumption={{ php_opcache_memory_consumption }}
opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }}
opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }}
opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }}
opcache.validate_timestamps={{ php_opcache_validate_timestamps }}
opcache.revalidate_path={{ php_opcache_revalidate_path }}
opcache.revalidate_freq={{ php_opcache_revalidate_freq }}
opcache.max_file_size={{ php_opcache_max_file_size }}
{% if php_opcache_blacklist_filename != '' %}
opcache.blacklist_filename={{ php_opcache_blacklist_filename }}
{% endif %}

View File

@ -0,0 +1,12 @@
;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;
include={{ php_fpm_conf_path }}/pool.d/*.conf
;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;
[global]
error_log = /var/log/php-fpm.log

View File

@ -0,0 +1,221 @@
[PHP]
;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;
engine = On
short_open_tag = {{ php_short_open_tag }}
precision = {{ php_precision }}
output_buffering = {{ php_output_buffering }}
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = {{ php_serialize_precision }}
disable_functions = {{ php_disable_functions|join(",") }}
disable_classes =
zend.enable_gc = On
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
expose_php = {{ php_expose_php }}
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
max_execution_time = {{ php_max_execution_time }}
max_input_time = {{ php_max_input_time }}
max_input_vars = {{ php_max_input_vars }}
memory_limit = {{ php_memory_limit }}
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
error_reporting = {{ php_error_reporting }}
display_errors = {{ php_display_errors }}
display_startup_errors = {{ php_display_startup_errors }}
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = {{ php_post_max_size }}
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
doc_root =
user_dir =
enable_dl = Off
realpath_cache_size = {{ php_realpath_cache_size }}
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
file_uploads = {{ php_file_uploads }}
upload_max_filesize = {{ php_upload_max_filesize }}
max_file_uploads = {{ php_max_file_uploads }}
;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
allow_url_fopen = {{ php_allow_url_fopen }}
allow_url_include = Off
default_socket_timeout = 60
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
[CLI Server]
cli_server.color = On
[Date]
date.timezone = {{ php_date_timezone }}
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[mail function]
; For Win32 only.
SMTP = localhost
smtp_port = 25
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
sendmail_path = {{ php_sendmail_path }}
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[Session]
session.save_handler = {{ php_session_save_handler }}
session.save_path = {{ php_session_save_path }}
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = {{ php_session_cookie_lifetime }}
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = {{ php_session_gc_probability }}
session.gc_divisor = {{ php_session_gc_divisor }}
session.gc_maxlifetime = {{ php_session_gc_maxlifetime }}
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatability_mode = Off
mssql.secure_connection = Off
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[ldap]
ldap.max_links = -1

View File

@ -0,0 +1,15 @@
[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = {{ php_fpm_pool_user }}
group = {{ php_fpm_pool_group }}
listen.owner = {{ php_fpm_pool_user }}
listen.group = {{ php_fpm_pool_group }}
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 5
pm.max_requests = 500

View File

@ -0,0 +1,2 @@
---
__php_default_version_debian: "7.3"

View File

@ -0,0 +1,2 @@
---
__php_default_version_debian: "7.0"

View File

@ -0,0 +1,39 @@
---
__php_default_version_debian: "7.0"
__php_packages:
- php{{ php_default_version_debian }}-common
- php{{ php_default_version_debian }}-cli
- php{{ php_default_version_debian }}-dev
- php{{ php_default_version_debian }}-fpm
- libpcre3-dev
- php{{ php_default_version_debian }}-gd
- php{{ php_default_version_debian }}-curl
- php{{ php_default_version_debian }}-imap
- php{{ php_default_version_debian }}-json
- php{{ php_default_version_debian }}-opcache
- php{{ php_default_version_debian }}-xml
- php{{ php_default_version_debian }}-mbstring
- php-sqlite3
- php-apcu
__php_webserver_daemon: "apache2"
# Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode.
__php_conf_paths:
- /etc/php/{{ php_default_version_debian }}/fpm
- /etc/php/{{ php_default_version_debian }}/apache2
- /etc/php/{{ php_default_version_debian }}/cli
__php_extension_conf_paths:
- /etc/php/{{ php_default_version_debian }}/fpm/conf.d
- /etc/php/{{ php_default_version_debian }}/apache2/conf.d
- /etc/php/{{ php_default_version_debian }}/cli/conf.d
__php_apc_conf_filename: 20-apcu.ini
__php_opcache_conf_filename: 10-opcache.ini
__php_fpm_daemon: php{{ php_default_version_debian }}-fpm
__php_fpm_conf_path: "/etc/php/{{ php_default_version_debian }}/fpm"
__php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf"
__php_fpm_pool_user: www-data
__php_fpm_pool_group: www-data

View File

@ -0,0 +1,32 @@
---
__php_packages:
- php
- php-cli
- php-common
- php-devel
- php-fpm
- php-gd
- php-ldap
- php-mbstring
- php-opcache
- php-pdo
- php-pear
- php-pecl-apcu
- php-xml
- php-xmlrpc
__php_webserver_daemon: "httpd"
__php_conf_paths:
- /etc
__php_extension_conf_paths:
- /etc/php.d
__php_apc_conf_filename: 50-apc.ini
__php_opcache_conf_filename: 10-opcache.ini
__php_fpm_daemon: php-fpm
__php_fpm_conf_path: "/etc/fpm"
__php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf"
__php_fpm_pool_user: apache
__php_fpm_pool_group: apache

View File

@ -0,0 +1,2 @@
---
__php_default_version_debian: "7.0"

View File

@ -0,0 +1,2 @@
---
__php_default_version_debian: "7.2"

View File

@ -0,0 +1,2 @@
---
__php_default_version_debian: "7.4"

View File

@ -0,0 +1,3 @@
skip_list:
- '405'
- '503'

View File

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

View File

@ -0,0 +1,56 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

View File

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

View File

@ -0,0 +1,31 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: postgresql
matrix:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: centos8
- MOLECULE_DISTRO: fedora32
- MOLECULE_DISTRO: ubuntu2004
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: debian10
install:
# Install test dependencies.
- pip install molecule yamllint ansible-lint docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -0,0 +1,9 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/stale.yml

View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

View File

@ -0,0 +1,149 @@
# Ansible Role: PostgreSQL
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-postgresql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-postgresql)
Installs and configures PostgreSQL server on RHEL/CentOS or Debian/Ubuntu servers.
## Requirements
No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like:
- hosts: database
roles:
- role: geerlingguy.postgresql
become: yes
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
postgresql_enablerepo: ""
(RHEL/CentOS only) You can set a repo to use for the PostgreSQL installation by passing it in here.
postgresql_restarted_state: "restarted"
Set the state of the service when configuration changes are made. Recommended values are `restarted` or `reloaded`.
postgresql_python_library: python-psycopg2
Library used by Ansible to communicate with PostgreSQL. If you are using Python 3 (e.g. set via `ansible_python_interpreter`), you should change this to `python3-psycopg2`.
postgresql_user: postgres
postgresql_group: postgres
The user and group under which PostgreSQL will run.
postgresql_unix_socket_directories:
- /var/run/postgresql
The directories (usually one, but can be multiple) where PostgreSQL's socket will be created.
postgresql_service_state: started
postgresql_service_enabled: true
Control the state of the postgresql service and whether it should start at boot time.
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
postgresql_hba_entries:
- { type: local, database: all, user: postgres, auth_method: peer }
- { type: local, database: all, user: all, auth_method: peer }
- { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
- { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
- `type` (required)
- `database` (required)
- `user` (required)
- `address` (one of this or the following two are required)
- `ip_address`
- `ip_mask`
- `auth_method` (required)
- `auth_options` (optional)
If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
postgresql_locales:
- 'en_US.UTF-8'
(Debian/Ubuntu only) Used to generate the locales used by PostgreSQL databases.
postgresql_databases:
- name: exampledb # required; the rest are optional
lc_collate: # defaults to 'en_US.UTF-8'
lc_ctype: # defaults to 'en_US.UTF-8'
encoding: # defaults to 'UTF-8'
template: # defaults to 'template0'
login_host: # defaults to 'localhost'
login_password: # defaults to not set
login_user: # defaults to 'postgresql_user'
login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
port: # defaults to not set
owner: # defaults to postgresql_user
state: # defaults to 'present'
A list of databases to ensure exist on the server. Only the `name` is required; all other properties are optional.
postgresql_users:
- name: jdoe #required; the rest are optional
password: # defaults to not set
encrypted: # defaults to not set
priv: # defaults to not set
role_attr_flags: # defaults to not set
db: # defaults to not set
login_host: # defaults to 'localhost'
login_password: # defaults to not set
login_user: # defaults to '{{ postgresql_user }}'
login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
port: # defaults to not set
state: # defaults to 'present'
A list of users to ensure exist on the server. Only the `name` is required; all other properties are optional.
postgres_users_no_log: true
Whether to output user data (which may contain sensitive information, like passwords) when managing users.
postgresql_version: [OS-specific]
postgresql_data_dir: [OS-specific]
postgresql_bin_path: [OS-specific]
postgresql_config_path: [OS-specific]
postgresql_daemon: [OS-specific]
postgresql_packages: [OS-specific]
OS-specific variables that are set by include files in this role's `vars` directory. These shouldn't be overridden unless you're using a version of PostgreSQL that wasn't installed using system packages.
## Dependencies
None.
## Example Playbook
- hosts: database
become: yes
vars_files:
- vars/main.yml
roles:
- geerlingguy.postgresql
*Inside `vars/main.yml`*:
postgresql_databases:
- name: example_db
postgresql_users:
- name: example_user
password: supersecure
## License
MIT / BSD
## Author Information
This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

View File

@ -0,0 +1,67 @@
---
# RHEL/CentOS only. Set a repository to use for PostgreSQL installation.
postgresql_enablerepo: ""
# Set postgresql state when configuration changes are made. Recommended values:
# `restarted` or `reloaded`
postgresql_restarted_state: "restarted"
postgresql_python_library: python-psycopg2
postgresql_user: postgres
postgresql_group: postgres
postgresql_unix_socket_directories:
- /var/run/postgresql
postgresql_service_state: started
postgresql_service_enabled: true
# Global configuration options that will be set in postgresql.conf.
postgresql_global_config_options:
- option: unix_socket_directories
value: '{{ postgresql_unix_socket_directories | join(",") }}'
# Host based authentication (hba) entries to be added to the pg_hba.conf. This
# variable's defaults reflect the defaults that come with a fresh installation.
postgresql_hba_entries:
- {type: local, database: all, user: postgres, auth_method: peer}
- {type: local, database: all, user: all, auth_method: peer}
- {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
# Debian only. Used to generate the locales used by PostgreSQL databases.
postgresql_locales:
- 'en_US.UTF-8'
# Databases to ensure exist.
postgresql_databases: []
# - name: exampledb # required; the rest are optional
# lc_collate: # defaults to 'en_US.UTF-8'
# lc_ctype: # defaults to 'en_US.UTF-8'
# encoding: # defaults to 'UTF-8'
# template: # defaults to 'template0'
# login_host: # defaults to 'localhost'
# login_password: # defaults to not set
# login_user: # defaults to '{{ postgresql_user }}'
# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
# port: # defaults to not set
# owner: # defaults to postgresql_user
# state: # defaults to 'present'
# Users to ensure exist.
postgresql_users: []
# - name: jdoe #required; the rest are optional
# password: # defaults to not set
# encrypted: # defaults to not set
# priv: # defaults to not set
# role_attr_flags: # defaults to not set
# db: # defaults to not set
# login_host: # defaults to 'localhost'
# login_password: # defaults to not set
# login_user: # defaults to '{{ postgresql_user }}'
# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
# port: # defaults to not set
# state: # defaults to 'present'
# Whether to output user data when managing users.
postgres_users_no_log: true

View File

@ -0,0 +1,6 @@
---
- name: restart postgresql
service:
name: "{{ postgresql_daemon }}"
state: "{{ postgresql_restarted_state }}"
sleep: 5

View File

@ -0,0 +1,2 @@
install_date: Thu Oct 29 02:33:33 2020
version: 2.2.1

View File

@ -0,0 +1,38 @@
---
dependencies: []
galaxy_info:
role_name: postgresql
author: geerlingguy
description: PostgreSQL server for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.8
platforms:
- name: EL
versions:
- 6
- 7
- 8
- name: Fedora
versions:
- 29
- 30
- 31
- 32
- name: Ubuntu
versions:
- xenial
- bionic
- focal
- name: Debian
versions:
- wheezy
- jessie
- stretch
- buster
galaxy_tags:
- database
- postgresql
- postgres
- rdbms

View File

@ -0,0 +1,47 @@
---
- name: Converge
hosts: all
become: true
vars:
postgresql_databases:
- name: example
postgresql_users:
- name: jdoe
pre_tasks:
# The Fedora 30+ container images have only C.UTF-8 installed
- name: Set database locale if using Fedora 30+ or RedHat 8+
set_fact:
postgresql_databases:
- name: example
lc_collate: 'C.UTF-8'
lc_ctype: 'C.UTF-8'
when:
- ( ansible_distribution == 'Fedora' and ansible_distribution_major_version >= '30') or
( ansible_os_family == 'RedHat' and ansible_distribution_major_version == '8')
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
changed_when: false
when: ansible_os_family == 'Debian'
- name: Set custom variables for old CentOS 6 PostgreSQL install.
set_fact:
postgresql_hba_entries: []
postgresql_global_config_options:
- option: unix_socket_directory
value: '{{ postgresql_unix_socket_directories[0] }}'
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_version.split('.')[0] == '6'
roles:
- role: geerlingguy.postgresql
post_tasks:
- name: Verify postgres is running.
command: "{{ postgresql_bin_path }}/pg_ctl -D {{ postgresql_data_dir }} status"
changed_when: false
become: true
become_user: postgres

View File

@ -0,0 +1,21 @@
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

View File

@ -0,0 +1,28 @@
---
- name: Configure global settings.
lineinfile:
dest: "{{ postgresql_config_path }}/postgresql.conf"
regexp: "^#?{{ item.option }}.+$"
line: "{{ item.option }} = '{{ item.value }}'"
state: "{{ item.state | default('present') }}"
with_items: "{{ postgresql_global_config_options }}"
notify: restart postgresql
- name: Configure host based authentication (if entries are configured).
template:
src: "pg_hba.conf.j2"
dest: "{{ postgresql_config_path }}/pg_hba.conf"
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
mode: 0600
notify: restart postgresql
when: postgresql_hba_entries | length > 0
- name: Ensure PostgreSQL unix socket dirs exist.
file:
path: "{{ item }}"
state: directory
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
mode: "{{ postgresql_unix_socket_directories_mode }}"
with_items: "{{ postgresql_unix_socket_directories }}"

View File

@ -0,0 +1,21 @@
---
- name: Ensure PostgreSQL databases are present.
postgresql_db:
name: "{{ item.name }}"
lc_collate: "{{ item.lc_collate | default('en_US.UTF-8') }}"
lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}"
encoding: "{{ item.encoding | default('UTF-8') }}"
template: "{{ item.template | default('template0') }}"
login_host: "{{ item.login_host | default('localhost') }}"
login_password: "{{ item.login_password | default(omit) }}"
login_user: "{{ item.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
port: "{{ item.port | default(omit) }}"
owner: "{{ item.owner | default(postgresql_user) }}"
state: "{{ item.state | default('present') }}"
with_items: "{{ postgresql_databases }}"
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true

View File

@ -0,0 +1,29 @@
---
- name: Set PostgreSQL environment variables.
template:
src: postgres.sh.j2
dest: /etc/profile.d/postgres.sh
mode: 0644
notify: restart postgresql
- name: Ensure PostgreSQL data directory exists.
file:
path: "{{ postgresql_data_dir }}"
owner: "{{ postgresql_user }}"
group: "{{ postgresql_group }}"
state: directory
mode: 0700
- name: Check if PostgreSQL database is initialized.
stat:
path: "{{ postgresql_data_dir }}/PG_VERSION"
register: pgdata_dir_version
- name: Ensure PostgreSQL database is initialized.
command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}"
when: not pgdata_dir_version.stat.exists
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true

View File

@ -0,0 +1,23 @@
---
# Variable configuration.
- include_tasks: variables.yml
# Setup/install tasks.
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- include_tasks: initialize.yml
- include_tasks: configure.yml
- name: Ensure PostgreSQL is started and enabled on boot.
service:
name: "{{ postgresql_daemon }}"
state: "{{ postgresql_service_state }}"
enabled: "{{ postgresql_service_enabled }}"
# Configure PostgreSQL.
- import_tasks: users.yml
- import_tasks: databases.yml

View File

@ -0,0 +1,21 @@
---
- name: Ensure PostgreSQL Python libraries are installed.
apt:
name: "{{ postgresql_python_library }}"
state: present
- name: Ensure PostgreSQL packages are installed.
apt:
name: "{{ postgresql_packages }}"
state: present
- name: Ensure all configured locales are present.
locale_gen: "name={{ item }} state=present"
with_items: "{{ postgresql_locales }}"
register: locale_gen_result
- name: Force-restart PostgreSQL after new locales are generated.
service:
name: "{{ postgresql_daemon }}"
state: restarted
when: locale_gen_result.changed

View File

@ -0,0 +1,16 @@
---
- name: Ensure PostgreSQL packages are installed.
yum:
name: "{{ postgresql_packages }}"
state: present
enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"
# Don't let postgresql-contrib cause the /usr/bin/python symlink
# to be installed, which breaks later Ansible runs on Fedora 30,
# and affects system behavior in multiple ways.
exclude: python-unversioned-command
- name: Ensure PostgreSQL Python libraries are installed.
yum:
name: "{{ postgresql_python_library }}"
state: present
enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"

View File

@ -0,0 +1,22 @@
---
- name: Ensure PostgreSQL users are present.
postgresql_user:
name: "{{ item.name }}"
password: "{{ item.password | default(omit) }}"
encrypted: "{{ item.encrypted | default(omit) }}"
priv: "{{ item.priv | default(omit) }}"
role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
db: "{{ item.db | default(omit) }}"
login_host: "{{ item.login_host | default('localhost') }}"
login_password: "{{ item.login_password | default(omit) }}"
login_user: "{{ item.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
port: "{{ item.port | default(omit) }}"
state: "{{ item.state | default('present') }}"
with_items: "{{ postgresql_users }}"
no_log: "{{ postgres_users_no_log }}"
become: true
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true

View File

@ -0,0 +1,51 @@
---
# Variable configuration.
- name: Include OS-specific variables (Debian).
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_os_family == 'Debian'
- name: Include OS-specific variables (RedHat).
include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
- name: Include OS-specific variables (Fedora).
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_distribution == 'Fedora'
- name: Define postgresql_packages.
set_fact:
postgresql_packages: "{{ __postgresql_packages | list }}"
when: postgresql_packages is not defined
- name: Define postgresql_version.
set_fact:
postgresql_version: "{{ __postgresql_version }}"
when: postgresql_version is not defined
- name: Define postgresql_daemon.
set_fact:
postgresql_daemon: "{{ __postgresql_daemon }}"
when: postgresql_daemon is not defined
- name: Define postgresql_data_dir.
set_fact:
postgresql_data_dir: "{{ __postgresql_data_dir }}"
when: postgresql_data_dir is not defined
- name: Define postgresql_bin_path.
set_fact:
postgresql_bin_path: "{{ __postgresql_bin_path }}"
when: postgresql_bin_path is not defined
- name: Define postgresql_config_path.
set_fact:
postgresql_config_path: "{{ __postgresql_config_path }}"
when: postgresql_config_path is not defined
- name: Define postgresql_unix_socket_directories_mode.
set_fact:
postgresql_unix_socket_directories_mode: >-
{{ __postgresql_unix_socket_directories_mode | default('02775') }}
when: postgresql_unix_socket_directories_mode is not defined

View File

@ -0,0 +1,9 @@
{{ ansible_managed | comment }}
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
{% for client in postgresql_hba_entries %}
{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
{% endfor %}

View File

@ -0,0 +1,2 @@
export PGDATA={{ postgresql_data_dir }}
export PATH=$PATH:{{ postgresql_bin_path }}

View File

@ -0,0 +1,12 @@
---
__postgresql_version: "11"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev
# Debian 10 uses Python 3 by default.
postgresql_python_library: python3-psycopg2

View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.1"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.4"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

View File

@ -0,0 +1,10 @@
---
__postgresql_version: "9.6"
__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
__postgresql_packages:
- postgresql
- postgresql-contrib
- libpq-dev

View File

@ -0,0 +1,12 @@
---
__postgresql_version: "10.5"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
postgresql_python_library: python2-psycopg2

View File

@ -0,0 +1,13 @@
---
__postgresql_version: "11.2"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
# Fedora 30 containers only have python3 by default
postgresql_python_library: python3-psycopg2

View File

@ -0,0 +1,14 @@
---
__postgresql_version: "11.5"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
__postgresql_unix_socket_directories_mode: '0755'
# Fedora 31 containers only have python3 by default
postgresql_python_library: python3-psycopg2

View File

@ -0,0 +1,14 @@
---
__postgresql_version: "12.2"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
__postgresql_unix_socket_directories_mode: '0755'
# Fedora 32 containers only have python3 by default
postgresql_python_library: python3-psycopg2

View File

@ -0,0 +1,11 @@
---
__postgresql_version: "8.4"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs

View File

@ -0,0 +1,11 @@
---
__postgresql_version: "9.2"
__postgresql_data_dir: "/var/lib/pgsql/data"
__postgresql_bin_path: "/usr/bin"
__postgresql_config_path: "/var/lib/pgsql/data"
__postgresql_daemon: postgresql
__postgresql_packages:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs

Some files were not shown because too many files have changed in this diff Show More