From e9e1936b50c4e5acb4459a9bd1fda4748a9439c7 Mon Sep 17 00:00:00 2001 From: Salt Date: Thu, 29 Oct 2020 01:53:06 -0500 Subject: [PATCH] Pull roles into repo This solves my issues with ansible-pull and -galaxy along with giving me a copy of the repos in case geerlingguy's stuff goes down or I need it for offline use --- roles/.gitignore | 8 - roles/geerlingguy.apache/.gitignore | 3 + roles/geerlingguy.apache/.travis.yml | 33 +++ roles/geerlingguy.apache/LICENSE | 20 ++ roles/geerlingguy.apache/README.md | 156 ++++++++++++ roles/geerlingguy.apache/defaults/main.yml | 58 +++++ roles/geerlingguy.apache/handlers/main.yml | 5 + .../meta/.galaxy_install_info | 2 + roles/geerlingguy.apache/meta/main.yml | 38 +++ .../molecule/default/molecule.yml | 29 +++ .../molecule/default/playbook.yml | 21 ++ .../molecule/default/yaml-lint.yml | 6 + .../tasks/configure-Debian.yml | 54 ++++ .../tasks/configure-RedHat.yml | 36 +++ .../tasks/configure-Solaris.yml | 19 ++ .../tasks/configure-Suse.yml | 24 ++ roles/geerlingguy.apache/tasks/main.yml | 47 ++++ .../geerlingguy.apache/tasks/setup-Debian.yml | 6 + .../geerlingguy.apache/tasks/setup-RedHat.yml | 6 + .../tasks/setup-Solaris.yml | 5 + roles/geerlingguy.apache/tasks/setup-Suse.yml | 5 + .../templates/vhosts.conf.j2 | 82 ++++++ roles/geerlingguy.apache/vars/AmazonLinux.yml | 18 ++ roles/geerlingguy.apache/vars/Debian.yml | 14 + roles/geerlingguy.apache/vars/RedHat.yml | 20 ++ roles/geerlingguy.apache/vars/Solaris.yml | 19 ++ roles/geerlingguy.apache/vars/Suse.yml | 18 ++ roles/geerlingguy.apache/vars/apache-22.yml | 12 + roles/geerlingguy.apache/vars/apache-24.yml | 8 + roles/geerlingguy.php/.ansible-lint | 5 + roles/geerlingguy.php/.github/FUNDING.yml | 4 + roles/geerlingguy.php/.github/stale.yml | 56 ++++ roles/geerlingguy.php/.gitignore | 3 + roles/geerlingguy.php/.travis.yml | 38 +++ roles/geerlingguy.php/.yamllint | 11 + roles/geerlingguy.php/LICENSE | 20 ++ roles/geerlingguy.php/README.md | 239 ++++++++++++++++++ roles/geerlingguy.php/defaults/main.yml | 140 ++++++++++ roles/geerlingguy.php/handlers/main.yml | 15 ++ .../geerlingguy.php/meta/.galaxy_install_info | 2 + roles/geerlingguy.php/meta/main.yml | 37 +++ .../molecule/default/converge.yml | 70 +++++ .../molecule/default/molecule.yml | 21 ++ .../molecule/default/playbook-source.yml | 32 +++ .../molecule/default/requirements.yml | 3 + .../geerlingguy.php/tasks/configure-apcu.yml | 37 +++ roles/geerlingguy.php/tasks/configure-fpm.yml | 78 ++++++ .../tasks/configure-opcache.yml | 37 +++ roles/geerlingguy.php/tasks/configure.yml | 21 ++ .../tasks/install-from-source.yml | 158 ++++++++++++ roles/geerlingguy.php/tasks/main.yml | 77 ++++++ roles/geerlingguy.php/tasks/setup-Debian.yml | 27 ++ roles/geerlingguy.php/tasks/setup-RedHat.yml | 7 + roles/geerlingguy.php/templates/apc.ini.j2 | 4 + roles/geerlingguy.php/templates/fpm-init.j2 | 170 +++++++++++++ .../geerlingguy.php/templates/opcache.ini.j2 | 14 + .../geerlingguy.php/templates/php-fpm.conf.j2 | 12 + roles/geerlingguy.php/templates/php.ini.j2 | 221 ++++++++++++++++ roles/geerlingguy.php/templates/www.conf.j2 | 15 ++ roles/geerlingguy.php/vars/Debian-10.yml | 2 + roles/geerlingguy.php/vars/Debian-9.yml | 2 + roles/geerlingguy.php/vars/Debian.yml | 39 +++ roles/geerlingguy.php/vars/RedHat.yml | 32 +++ roles/geerlingguy.php/vars/Ubuntu-16.yml | 2 + roles/geerlingguy.php/vars/Ubuntu-18.yml | 2 + roles/geerlingguy.php/vars/Ubuntu-20.yml | 2 + roles/geerlingguy.postgresql/.ansible-lint | 3 + .../.github/FUNDING.yml | 4 + .../geerlingguy.postgresql/.github/stale.yml | 56 ++++ roles/geerlingguy.postgresql/.gitignore | 3 + roles/geerlingguy.postgresql/.travis.yml | 31 +++ roles/geerlingguy.postgresql/.yamllint | 9 + roles/geerlingguy.postgresql/LICENSE | 20 ++ roles/geerlingguy.postgresql/README.md | 149 +++++++++++ .../geerlingguy.postgresql/defaults/main.yml | 67 +++++ .../geerlingguy.postgresql/handlers/main.yml | 6 + .../meta/.galaxy_install_info | 2 + roles/geerlingguy.postgresql/meta/main.yml | 38 +++ .../molecule/default/converge.yml | 47 ++++ .../molecule/default/molecule.yml | 21 ++ .../tasks/configure.yml | 28 ++ .../tasks/databases.yml | 21 ++ .../tasks/initialize.yml | 29 +++ roles/geerlingguy.postgresql/tasks/main.yml | 23 ++ .../tasks/setup-Debian.yml | 21 ++ .../tasks/setup-RedHat.yml | 16 ++ roles/geerlingguy.postgresql/tasks/users.yml | 22 ++ .../tasks/variables.yml | 51 ++++ .../templates/pg_hba.conf.j2 | 9 + .../templates/postgres.sh.j2 | 2 + .../geerlingguy.postgresql/vars/Debian-10.yml | 12 + .../geerlingguy.postgresql/vars/Debian-7.yml | 10 + .../geerlingguy.postgresql/vars/Debian-8.yml | 10 + .../geerlingguy.postgresql/vars/Debian-9.yml | 10 + .../geerlingguy.postgresql/vars/Fedora-29.yml | 12 + .../geerlingguy.postgresql/vars/Fedora-30.yml | 13 + .../geerlingguy.postgresql/vars/Fedora-31.yml | 14 + .../geerlingguy.postgresql/vars/Fedora-32.yml | 14 + .../geerlingguy.postgresql/vars/RedHat-6.yml | 11 + .../geerlingguy.postgresql/vars/RedHat-7.yml | 11 + .../geerlingguy.postgresql/vars/RedHat-8.yml | 12 + .../geerlingguy.postgresql/vars/Ubuntu-16.yml | 10 + .../geerlingguy.postgresql/vars/Ubuntu-18.yml | 11 + .../geerlingguy.postgresql/vars/Ubuntu-20.yml | 11 + 104 files changed, 3258 insertions(+), 8 deletions(-) delete mode 100644 roles/.gitignore create mode 100644 roles/geerlingguy.apache/.gitignore create mode 100644 roles/geerlingguy.apache/.travis.yml create mode 100644 roles/geerlingguy.apache/LICENSE create mode 100644 roles/geerlingguy.apache/README.md create mode 100644 roles/geerlingguy.apache/defaults/main.yml create mode 100644 roles/geerlingguy.apache/handlers/main.yml create mode 100644 roles/geerlingguy.apache/meta/.galaxy_install_info create mode 100644 roles/geerlingguy.apache/meta/main.yml create mode 100644 roles/geerlingguy.apache/molecule/default/molecule.yml create mode 100644 roles/geerlingguy.apache/molecule/default/playbook.yml create mode 100644 roles/geerlingguy.apache/molecule/default/yaml-lint.yml create mode 100644 roles/geerlingguy.apache/tasks/configure-Debian.yml create mode 100644 roles/geerlingguy.apache/tasks/configure-RedHat.yml create mode 100644 roles/geerlingguy.apache/tasks/configure-Solaris.yml create mode 100644 roles/geerlingguy.apache/tasks/configure-Suse.yml create mode 100644 roles/geerlingguy.apache/tasks/main.yml create mode 100644 roles/geerlingguy.apache/tasks/setup-Debian.yml create mode 100644 roles/geerlingguy.apache/tasks/setup-RedHat.yml create mode 100644 roles/geerlingguy.apache/tasks/setup-Solaris.yml create mode 100644 roles/geerlingguy.apache/tasks/setup-Suse.yml create mode 100644 roles/geerlingguy.apache/templates/vhosts.conf.j2 create mode 100644 roles/geerlingguy.apache/vars/AmazonLinux.yml create mode 100644 roles/geerlingguy.apache/vars/Debian.yml create mode 100644 roles/geerlingguy.apache/vars/RedHat.yml create mode 100644 roles/geerlingguy.apache/vars/Solaris.yml create mode 100644 roles/geerlingguy.apache/vars/Suse.yml create mode 100644 roles/geerlingguy.apache/vars/apache-22.yml create mode 100644 roles/geerlingguy.apache/vars/apache-24.yml create mode 100644 roles/geerlingguy.php/.ansible-lint create mode 100644 roles/geerlingguy.php/.github/FUNDING.yml create mode 100644 roles/geerlingguy.php/.github/stale.yml create mode 100644 roles/geerlingguy.php/.gitignore create mode 100644 roles/geerlingguy.php/.travis.yml create mode 100644 roles/geerlingguy.php/.yamllint create mode 100644 roles/geerlingguy.php/LICENSE create mode 100644 roles/geerlingguy.php/README.md create mode 100644 roles/geerlingguy.php/defaults/main.yml create mode 100644 roles/geerlingguy.php/handlers/main.yml create mode 100644 roles/geerlingguy.php/meta/.galaxy_install_info create mode 100644 roles/geerlingguy.php/meta/main.yml create mode 100644 roles/geerlingguy.php/molecule/default/converge.yml create mode 100644 roles/geerlingguy.php/molecule/default/molecule.yml create mode 100644 roles/geerlingguy.php/molecule/default/playbook-source.yml create mode 100644 roles/geerlingguy.php/molecule/default/requirements.yml create mode 100644 roles/geerlingguy.php/tasks/configure-apcu.yml create mode 100644 roles/geerlingguy.php/tasks/configure-fpm.yml create mode 100644 roles/geerlingguy.php/tasks/configure-opcache.yml create mode 100644 roles/geerlingguy.php/tasks/configure.yml create mode 100644 roles/geerlingguy.php/tasks/install-from-source.yml create mode 100644 roles/geerlingguy.php/tasks/main.yml create mode 100644 roles/geerlingguy.php/tasks/setup-Debian.yml create mode 100644 roles/geerlingguy.php/tasks/setup-RedHat.yml create mode 100644 roles/geerlingguy.php/templates/apc.ini.j2 create mode 100644 roles/geerlingguy.php/templates/fpm-init.j2 create mode 100644 roles/geerlingguy.php/templates/opcache.ini.j2 create mode 100644 roles/geerlingguy.php/templates/php-fpm.conf.j2 create mode 100644 roles/geerlingguy.php/templates/php.ini.j2 create mode 100644 roles/geerlingguy.php/templates/www.conf.j2 create mode 100644 roles/geerlingguy.php/vars/Debian-10.yml create mode 100644 roles/geerlingguy.php/vars/Debian-9.yml create mode 100644 roles/geerlingguy.php/vars/Debian.yml create mode 100644 roles/geerlingguy.php/vars/RedHat.yml create mode 100644 roles/geerlingguy.php/vars/Ubuntu-16.yml create mode 100644 roles/geerlingguy.php/vars/Ubuntu-18.yml create mode 100644 roles/geerlingguy.php/vars/Ubuntu-20.yml create mode 100644 roles/geerlingguy.postgresql/.ansible-lint create mode 100644 roles/geerlingguy.postgresql/.github/FUNDING.yml create mode 100644 roles/geerlingguy.postgresql/.github/stale.yml create mode 100644 roles/geerlingguy.postgresql/.gitignore create mode 100644 roles/geerlingguy.postgresql/.travis.yml create mode 100644 roles/geerlingguy.postgresql/.yamllint create mode 100644 roles/geerlingguy.postgresql/LICENSE create mode 100644 roles/geerlingguy.postgresql/README.md create mode 100644 roles/geerlingguy.postgresql/defaults/main.yml create mode 100644 roles/geerlingguy.postgresql/handlers/main.yml create mode 100644 roles/geerlingguy.postgresql/meta/.galaxy_install_info create mode 100644 roles/geerlingguy.postgresql/meta/main.yml create mode 100644 roles/geerlingguy.postgresql/molecule/default/converge.yml create mode 100644 roles/geerlingguy.postgresql/molecule/default/molecule.yml create mode 100644 roles/geerlingguy.postgresql/tasks/configure.yml create mode 100644 roles/geerlingguy.postgresql/tasks/databases.yml create mode 100644 roles/geerlingguy.postgresql/tasks/initialize.yml create mode 100644 roles/geerlingguy.postgresql/tasks/main.yml create mode 100644 roles/geerlingguy.postgresql/tasks/setup-Debian.yml create mode 100644 roles/geerlingguy.postgresql/tasks/setup-RedHat.yml create mode 100644 roles/geerlingguy.postgresql/tasks/users.yml create mode 100644 roles/geerlingguy.postgresql/tasks/variables.yml create mode 100644 roles/geerlingguy.postgresql/templates/pg_hba.conf.j2 create mode 100644 roles/geerlingguy.postgresql/templates/postgres.sh.j2 create mode 100644 roles/geerlingguy.postgresql/vars/Debian-10.yml create mode 100644 roles/geerlingguy.postgresql/vars/Debian-7.yml create mode 100644 roles/geerlingguy.postgresql/vars/Debian-8.yml create mode 100644 roles/geerlingguy.postgresql/vars/Debian-9.yml create mode 100644 roles/geerlingguy.postgresql/vars/Fedora-29.yml create mode 100644 roles/geerlingguy.postgresql/vars/Fedora-30.yml create mode 100644 roles/geerlingguy.postgresql/vars/Fedora-31.yml create mode 100644 roles/geerlingguy.postgresql/vars/Fedora-32.yml create mode 100644 roles/geerlingguy.postgresql/vars/RedHat-6.yml create mode 100644 roles/geerlingguy.postgresql/vars/RedHat-7.yml create mode 100644 roles/geerlingguy.postgresql/vars/RedHat-8.yml create mode 100644 roles/geerlingguy.postgresql/vars/Ubuntu-16.yml create mode 100644 roles/geerlingguy.postgresql/vars/Ubuntu-18.yml create mode 100644 roles/geerlingguy.postgresql/vars/Ubuntu-20.yml diff --git a/roles/.gitignore b/roles/.gitignore deleted file mode 100644 index cedb995..0000000 --- a/roles/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -# Match everything in this directory -/* -# Except for obvious important stuff: -!.gitignore -!requirements.yml -# And local roles: -!ansible-pull/ -!common/ diff --git a/roles/geerlingguy.apache/.gitignore b/roles/geerlingguy.apache/.gitignore new file mode 100644 index 0000000..f56f5b5 --- /dev/null +++ b/roles/geerlingguy.apache/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/roles/geerlingguy.apache/.travis.yml b/roles/geerlingguy.apache/.travis.yml new file mode 100644 index 0000000..57deda1 --- /dev/null +++ b/roles/geerlingguy.apache/.travis.yml @@ -0,0 +1,33 @@ +--- +language: python +services: docker + +env: + global: + - ROLE_NAME: apache + matrix: + - MOLECULE_DISTRO: ubi8 + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: centos6 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: ubuntu1604 + - MOLECULE_DISTRO: ubuntu1404 + - MOLECULE_DISTRO: debian10 + - MOLECULE_DISTRO: debian9 + +install: + # Install test dependencies. + - pip install molecule docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME + +script: + # Run tests. + - molecule test + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.apache/LICENSE b/roles/geerlingguy.apache/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/roles/geerlingguy.apache/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.apache/README.md b/roles/geerlingguy.apache/README.md new file mode 100644 index 0000000..b4f52ec --- /dev/null +++ b/roles/geerlingguy.apache/README.md @@ -0,0 +1,156 @@ +# Ansible Role: Apache 2.x + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) + +An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. + +## Requirements + +If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. + +If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + apache_enablerepo: "" + +The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). + + apache_listen_ip: "*" + apache_listen_port: 80 + apache_listen_port_ssl: 443 + +The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. + + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + apache_vhosts_template: "vhosts.conf.j2" + +If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHosts. + + apache_remove_default_vhost: false + +On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. + + apache_global_vhost_settings: | + DirectoryIndex index.php index.html + # Add other global settings on subsequent lines. + +You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration. + + apache_vhosts: + # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. + - servername: "local.dev" + documentroot: "/var/www/html" + +Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `allow_override` (optional: defaults to the value of `apache_allow_override`), `options` (optional: defaults to the value of `apache_options`), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here). + +Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site: + + - servername: "www.local.dev" + serveralias: "local.dev" + documentroot: "/var/www/html" + extra_parameters: | + RewriteCond %{HTTP_HOST} !^www\. [NC] + RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + +The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output. + + apache_vhosts_ssl: [] + +No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example: + + apache_vhosts_ssl: + - servername: "local.dev" + documentroot: "/var/www/html" + certificate_file: "/home/vagrant/example.crt" + certificate_key_file: "/home/vagrant/example.key" + certificate_chain_file: "/path/to/certificate_chain.crt" + extra_parameters: | + RewriteCond %{HTTP_HOST} !^www\. [NC] + RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + +Other SSL directives can be managed with other SSL-related role variables. + + apache_ssl_protocol: "All -SSLv2 -SSLv3" + apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. + + apache_allow_override: "All" + apache_options: "-Indexes +FollowSymLinks" + +The default values for the `AllowOverride` and `Options` directives for the `documentroot` directory of each vhost. A vhost can overwrite these values by specifying `allow_override` or `options`. + + apache_mods_enabled: + - rewrite.load + - ssl.load + apache_mods_disabled: [] + +(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. + + apache_packages: + - [platform-specific] + +The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values). + + apache_state: started + +Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. + + apache_packages_state: present + +If you have enabled any additional repositories such as _ondrej/apache2_, [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel), or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to upgrade versions. You can set this to `latest` (combined with `apache_enablerepo` on RHEL) and can directly upgrade to a different Apache version from a different repo (instead of uninstalling and reinstalling Apache). + + apache_ignore_missing_ssl_certificate: true + +If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates). + +## .htaccess-based Basic Authorization + +If you require Basic Auth support, you can add it either through a custom template, or by adding `extra_parameters` to a VirtualHost configuration, like so: + + extra_parameters: | + + Require valid-user + AuthType Basic + AuthName "Please authenticate" + AuthUserFile /var/www/password-protected-directory/.htpasswd + + +To password protect everything within a VirtualHost directive, use the `Location` block instead of `Directory`: + + + Require valid-user + .... + + +You would need to generate/upload your own `.htpasswd` file in your own playbook. There may be other roles that support this functionality in a more integrated way. + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.apache } + +*Inside `vars/main.yml`*: + + apache_listen_port: 8080 + apache_vhosts: + - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.apache/defaults/main.yml b/roles/geerlingguy.apache/defaults/main.yml new file mode 100644 index 0000000..941a57c --- /dev/null +++ b/roles/geerlingguy.apache/defaults/main.yml @@ -0,0 +1,58 @@ +--- +apache_enablerepo: "" + +apache_listen_ip: "*" +apache_listen_port: 80 +apache_listen_port_ssl: 443 + +apache_create_vhosts: true +apache_vhosts_filename: "vhosts.conf" +apache_vhosts_template: "vhosts.conf.j2" + +# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. +# Set this to `true` to remove that default. +apache_remove_default_vhost: false + +apache_global_vhost_settings: | + DirectoryIndex index.php index.html + +apache_vhosts: + # Additional properties: + # 'serveradmin, serveralias, allow_override, options, extra_parameters'. + - servername: "local.dev" + documentroot: "/var/www/html" + +apache_allow_override: "All" +apache_options: "-Indexes +FollowSymLinks" + +apache_vhosts_ssl: [] +# Additional properties: +# 'serveradmin, serveralias, allow_override, options, extra_parameters'. +# - servername: "local.dev", +# documentroot: "/var/www/html", +# certificate_file: "/path/to/certificate.crt", +# certificate_key_file: "/path/to/certificate.key", +# # Optional. +# certificate_chain_file: "/path/to/certificate_chain.crt" + +apache_ignore_missing_ssl_certificate: true + +apache_ssl_protocol: "All -SSLv2 -SSLv3" +apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +# Only used on Debian/Ubuntu. +apache_mods_enabled: + - rewrite.load + - ssl.load +apache_mods_disabled: [] + +# Set initial apache state. Recommended values: `started` or `stopped` +apache_state: started + +# Set apache state when configuration changes are made. Recommended values: +# `restarted` or `reloaded` +apache_restart_state: restarted + +# Apache package state; use `present` to make sure it's installed, or `latest` +# if you want to upgrade or switch versions using a new repo. +apache_packages_state: present diff --git a/roles/geerlingguy.apache/handlers/main.yml b/roles/geerlingguy.apache/handlers/main.yml new file mode 100644 index 0000000..53abffb --- /dev/null +++ b/roles/geerlingguy.apache/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart apache + service: + name: "{{ apache_service }}" + state: "{{ apache_restart_state }}" diff --git a/roles/geerlingguy.apache/meta/.galaxy_install_info b/roles/geerlingguy.apache/meta/.galaxy_install_info new file mode 100644 index 0000000..9b6a6d7 --- /dev/null +++ b/roles/geerlingguy.apache/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Thu Oct 29 02:41:52 2020 +version: 3.1.0 diff --git a/roles/geerlingguy.apache/meta/main.yml b/roles/geerlingguy.apache/meta/main.yml new file mode 100644 index 0000000..16cc210 --- /dev/null +++ b/roles/geerlingguy.apache/meta/main.yml @@ -0,0 +1,38 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Apache 2.x for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - all + - name: Fedora + versions: + - all + - name: Amazon + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - trusty + - xenial + - bionic + - name: Solaris + versions: + - 11.3 + galaxy_tags: + - web + - apache + - webserver + - html + - httpd + +allow_duplicates: true diff --git a/roles/geerlingguy.apache/molecule/default/molecule.yml b/roles/geerlingguy.apache/molecule/default/molecule.yml new file mode 100644 index 0000000..2ca6fea --- /dev/null +++ b/roles/geerlingguy.apache/molecule/default/molecule.yml @@ -0,0 +1,29 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-file: molecule/default/yaml-lint.yml +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + lint: + name: ansible-lint + playbooks: + converge: ${MOLECULE_PLAYBOOK:-playbook.yml} +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/geerlingguy.apache/molecule/default/playbook.yml b/roles/geerlingguy.apache/molecule/default/playbook.yml new file mode 100644 index 0000000..416a2b9 --- /dev/null +++ b/roles/geerlingguy.apache/molecule/default/playbook.yml @@ -0,0 +1,21 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + apache_listen_port_ssl: 443 + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + apache_vhosts: + - servername: "example.com" + documentroot: "/var/www/vhosts/example_com" + + pre_tasks: + - name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + + roles: + - role: geerlingguy.apache diff --git a/roles/geerlingguy.apache/molecule/default/yaml-lint.yml b/roles/geerlingguy.apache/molecule/default/yaml-lint.yml new file mode 100644 index 0000000..a3dbc38 --- /dev/null +++ b/roles/geerlingguy.apache/molecule/default/yaml-lint.yml @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 120 + level: warning diff --git a/roles/geerlingguy.apache/tasks/configure-Debian.yml b/roles/geerlingguy.apache/tasks/configure-Debian.yml new file mode 100644 index 0000000..e115e61 --- /dev/null +++ b/roles/geerlingguy.apache/tasks/configure-Debian.yml @@ -0,0 +1,54 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/ports.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Enable Apache mods. + file: + src: "{{ apache_server_root }}/mods-available/{{ item }}" + dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: link + with_items: "{{ apache_mods_enabled }}" + notify: restart apache + +- name: Disable Apache mods. + file: + path: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: absent + with_items: "{{ apache_mods_disabled }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: "path={{ item.certificate_file }}" + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "{{ apache_vhosts_template }}" + dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts | bool + +- name: Add vhost symlink in sites-enabled. + file: + src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" + state: link + notify: restart apache + when: apache_create_vhosts | bool + +- name: Remove default vhost in sites-enabled. + file: + path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" + state: absent + notify: restart apache + when: apache_remove_default_vhost diff --git a/roles/geerlingguy.apache/tasks/configure-RedHat.yml b/roles/geerlingguy.apache/tasks/configure-RedHat.yml new file mode 100644 index 0000000..95675e4 --- /dev/null +++ b/roles/geerlingguy.apache/tasks/configure-RedHat.yml @@ -0,0 +1,36 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "{{ apache_vhosts_template }}" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts | bool + +- name: Check if localhost cert exists (RHEL 8 and later). + stat: + path: /etc/pki/tls/certs/localhost.crt + register: localhost_cert + when: ansible_distribution_major_version | int >= 8 + +- name: Ensure httpd certs are installed (RHEL 8 and later). + command: /usr/libexec/httpd-ssl-gencerts + when: + - ansible_distribution_major_version | int >= 8 + - not localhost_cert.stat.exists diff --git a/roles/geerlingguy.apache/tasks/configure-Solaris.yml b/roles/geerlingguy.apache/tasks/configure-Solaris.yml new file mode 100644 index 0000000..b6c121b --- /dev/null +++ b/roles/geerlingguy.apache/tasks/configure-Solaris.yml @@ -0,0 +1,19 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Add apache vhosts configuration. + template: + src: "{{ apache_vhosts_template }}" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts | bool diff --git a/roles/geerlingguy.apache/tasks/configure-Suse.yml b/roles/geerlingguy.apache/tasks/configure-Suse.yml new file mode 100644 index 0000000..54d4d1c --- /dev/null +++ b/roles/geerlingguy.apache/tasks/configure-Suse.yml @@ -0,0 +1,24 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/listen.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "{{ apache_vhosts_template }}" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts | bool diff --git a/roles/geerlingguy.apache/tasks/main.yml b/roles/geerlingguy.apache/tasks/main.yml new file mode 100644 index 0000000..cdbcb63 --- /dev/null +++ b/roles/geerlingguy.apache/tasks/main.yml @@ -0,0 +1,47 @@ +--- +# Include variables and define needed variables. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Include variables for Amazon Linux. + include_vars: "AmazonLinux.yml" + when: + - ansible_distribution == "Amazon" + - ansible_distribution_major_version == "NA" + +- name: Define apache_packages. + set_fact: + apache_packages: "{{ __apache_packages | list }}" + when: apache_packages is not defined + +# Setup/install tasks. +- include_tasks: "setup-{{ ansible_os_family }}.yml" + +# Figure out what version of Apache is installed. +- name: Get installed version of Apache. + command: "{{ apache_daemon_path }}{{ apache_daemon }} -v" + changed_when: false + check_mode: false + register: _apache_version + +- name: Create apache_version variable. + set_fact: + apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}" + +- name: Include Apache 2.2 variables. + include_vars: apache-22.yml + when: "apache_version.split('.')[1] == '2'" + +- name: Include Apache 2.4 variables. + include_vars: apache-24.yml + when: "apache_version.split('.')[1] == '4'" + +# Configure Apache. +- name: Configure Apache. + include_tasks: "configure-{{ ansible_os_family }}.yml" + +- name: Ensure Apache has selected state and enabled on boot. + service: + name: "{{ apache_service }}" + state: "{{ apache_state }}" + enabled: true diff --git a/roles/geerlingguy.apache/tasks/setup-Debian.yml b/roles/geerlingguy.apache/tasks/setup-Debian.yml new file mode 100644 index 0000000..b5d1412 --- /dev/null +++ b/roles/geerlingguy.apache/tasks/setup-Debian.yml @@ -0,0 +1,6 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=3600 + +- name: Ensure Apache is installed on Debian. + apt: "name={{ apache_packages }} state={{ apache_packages_state }}" diff --git a/roles/geerlingguy.apache/tasks/setup-RedHat.yml b/roles/geerlingguy.apache/tasks/setup-RedHat.yml new file mode 100644 index 0000000..dfc9016 --- /dev/null +++ b/roles/geerlingguy.apache/tasks/setup-RedHat.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed on RHEL. + package: + name: "{{ apache_packages }}" + state: "{{ apache_packages_state }}" + enablerepo: "{{ apache_enablerepo | default(omit, true) }}" diff --git a/roles/geerlingguy.apache/tasks/setup-Solaris.yml b/roles/geerlingguy.apache/tasks/setup-Solaris.yml new file mode 100644 index 0000000..a4ae450 --- /dev/null +++ b/roles/geerlingguy.apache/tasks/setup-Solaris.yml @@ -0,0 +1,5 @@ +--- +- name: Ensure Apache is installed on Solaris. + pkg5: + name: "{{ apache_packages }}" + state: "{{ apache_packages_state }}" diff --git a/roles/geerlingguy.apache/tasks/setup-Suse.yml b/roles/geerlingguy.apache/tasks/setup-Suse.yml new file mode 100644 index 0000000..725266b --- /dev/null +++ b/roles/geerlingguy.apache/tasks/setup-Suse.yml @@ -0,0 +1,5 @@ +--- +- name: Ensure Apache is installed on Suse. + zypper: + name: "{{ apache_packages }}" + state: "{{ apache_packages_state }}" diff --git a/roles/geerlingguy.apache/templates/vhosts.conf.j2 b/roles/geerlingguy.apache/templates/vhosts.conf.j2 new file mode 100644 index 0000000..8b7af90 --- /dev/null +++ b/roles/geerlingguy.apache/templates/vhosts.conf.j2 @@ -0,0 +1,82 @@ +{{ apache_global_vhost_settings }} + +{# Set up VirtualHosts #} +{% for vhost in apache_vhosts %} + + ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} +{% if vhost.documentroot is defined %} + DocumentRoot "{{ vhost.documentroot }}" +{% endif %} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} +{% if vhost.documentroot is defined %} + + AllowOverride {{ vhost.allow_override | default(apache_allow_override) }} + Options {{ vhost.options | default(apache_options) }} +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + +{% endif %} +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endfor %} + +{# Set up SSL VirtualHosts #} +{% for vhost in apache_vhosts_ssl %} +{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} + + ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} +{% if vhost.documentroot is defined %} + DocumentRoot "{{ vhost.documentroot }}" +{% endif %} + + SSLEngine on + SSLCipherSuite {{ apache_ssl_cipher_suite }} + SSLProtocol {{ apache_ssl_protocol }} + SSLHonorCipherOrder On +{% if apache_vhosts_version == "2.4" %} + SSLCompression off +{% endif %} + SSLCertificateFile {{ vhost.certificate_file }} + SSLCertificateKeyFile {{ vhost.certificate_key_file }} +{% if vhost.certificate_chain_file is defined %} + SSLCertificateChainFile {{ vhost.certificate_chain_file }} +{% endif %} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} +{% if vhost.documentroot is defined %} + + AllowOverride {{ vhost.allow_override | default(apache_allow_override) }} + Options {{ vhost.options | default(apache_options) }} +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + +{% endif %} +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endif %} +{% endfor %} diff --git a/roles/geerlingguy.apache/vars/AmazonLinux.yml b/roles/geerlingguy.apache/vars/AmazonLinux.yml new file mode 100644 index 0000000..165f65d --- /dev/null +++ b/roles/geerlingguy.apache/vars/AmazonLinux.yml @@ -0,0 +1,18 @@ +--- +apache_service: httpd +apache_daemon: httpd +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/httpd +apache_conf_path: /etc/httpd/conf.d + +apache_vhosts_version: "2.4" + +__apache_packages: + - httpd24 + - httpd24-devel + - mod24_ssl + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" diff --git a/roles/geerlingguy.apache/vars/Debian.yml b/roles/geerlingguy.apache/vars/Debian.yml new file mode 100644 index 0000000..7ff09c5 --- /dev/null +++ b/roles/geerlingguy.apache/vars/Debian.yml @@ -0,0 +1,14 @@ +--- +apache_service: apache2 +apache_daemon: apache2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2 + +__apache_packages: + - apache2 + - apache2-utils + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" diff --git a/roles/geerlingguy.apache/vars/RedHat.yml b/roles/geerlingguy.apache/vars/RedHat.yml new file mode 100644 index 0000000..d79fa5a --- /dev/null +++ b/roles/geerlingguy.apache/vars/RedHat.yml @@ -0,0 +1,20 @@ +--- +apache_service: httpd +apache_daemon: httpd +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/httpd +apache_conf_path: /etc/httpd/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - httpd + - httpd-devel + - mod_ssl + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/roles/geerlingguy.apache/vars/Solaris.yml b/roles/geerlingguy.apache/vars/Solaris.yml new file mode 100644 index 0000000..576291e --- /dev/null +++ b/roles/geerlingguy.apache/vars/Solaris.yml @@ -0,0 +1,19 @@ +--- +apache_service: apache24 +apache_daemon: httpd +apache_daemon_path: /usr/apache2/2.4/bin/ +apache_server_root: /etc/apache2/2.4/ +apache_conf_path: /etc/apache2/2.4/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - web/server/apache-24 + - web/server/apache-24/module/apache-ssl + - web/server/apache-24/module/apache-security + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/roles/geerlingguy.apache/vars/Suse.yml b/roles/geerlingguy.apache/vars/Suse.yml new file mode 100644 index 0000000..27703f3 --- /dev/null +++ b/roles/geerlingguy.apache/vars/Suse.yml @@ -0,0 +1,18 @@ +--- +apache_service: apache2 +apache_daemon: httpd2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - apache2 + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/roles/geerlingguy.apache/vars/apache-22.yml b/roles/geerlingguy.apache/vars/apache-22.yml new file mode 100644 index 0000000..c932f93 --- /dev/null +++ b/roles/geerlingguy.apache/vars/apache-22.yml @@ -0,0 +1,12 @@ +--- +apache_vhosts_version: "2.2" +apache_default_vhost_filename: 000-default +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^#?NameVirtualHost ", + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" + } diff --git a/roles/geerlingguy.apache/vars/apache-24.yml b/roles/geerlingguy.apache/vars/apache-24.yml new file mode 100644 index 0000000..449a444 --- /dev/null +++ b/roles/geerlingguy.apache/vars/apache-24.yml @@ -0,0 +1,8 @@ +--- +apache_vhosts_version: "2.4" +apache_default_vhost_filename: 000-default.conf +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } diff --git a/roles/geerlingguy.php/.ansible-lint b/roles/geerlingguy.php/.ansible-lint new file mode 100644 index 0000000..9034f22 --- /dev/null +++ b/roles/geerlingguy.php/.ansible-lint @@ -0,0 +1,5 @@ +skip_list: + - '306' + - '405' + - '503' + - '106' diff --git a/roles/geerlingguy.php/.github/FUNDING.yml b/roles/geerlingguy.php/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/roles/geerlingguy.php/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/roles/geerlingguy.php/.github/stale.yml b/roles/geerlingguy.php/.github/stale.yml new file mode 100644 index 0000000..c7ff127 --- /dev/null +++ b/roles/geerlingguy.php/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.php/.gitignore b/roles/geerlingguy.php/.gitignore new file mode 100644 index 0000000..f56f5b5 --- /dev/null +++ b/roles/geerlingguy.php/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/roles/geerlingguy.php/.travis.yml b/roles/geerlingguy.php/.travis.yml new file mode 100644 index 0000000..f13e273 --- /dev/null +++ b/roles/geerlingguy.php/.travis.yml @@ -0,0 +1,38 @@ +--- +language: python +services: docker + +env: + global: + - ROLE_NAME: php + matrix: + - MOLECULE_DISTRO: centos8 + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: ubuntu2004 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: debian10 + - MOLECULE_DISTRO: debian9 + + - MOLECULE_DISTRO: centos7 + MOLECULE_PLAYBOOK: playbook-source.yml + +before_install: + # Upgrade Docker to work with docker-py. + - curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash + +install: + # Install test dependencies. + - pip install molecule[docker] yamllint ansible-lint docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME + +script: + # Run tests. + - molecule test + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.php/.yamllint b/roles/geerlingguy.php/.yamllint new file mode 100644 index 0000000..f2033dd --- /dev/null +++ b/roles/geerlingguy.php/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 120 + level: warning + +ignore: | + .github/stale.yml + .travis.yml diff --git a/roles/geerlingguy.php/LICENSE b/roles/geerlingguy.php/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/roles/geerlingguy.php/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.php/README.md b/roles/geerlingguy.php/README.md new file mode 100644 index 0000000..c56dea7 --- /dev/null +++ b/roles/geerlingguy.php/README.md @@ -0,0 +1,239 @@ +# Ansible Role: PHP + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php) + +Installs PHP on RedHat/CentOS and Debian/Ubuntu servers. + +## Requirements + +If you're using an older LTS release of Ubuntu or RHEL, with an old/outdated version of PHP, you need to use a repo or PPA with a maintained PHP version, as this role only works with [PHP versions that are currently supported](http://php.net/supported-versions.php) by the PHP community. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + php_packages: [] + +A list of the PHP packages to install (OS-specific by default). You'll likely want to install common packages like `php`, `php-cli`, `php-devel` and `php-pdo`, and you can add in whatever other packages you'd like (for example, `php-gd` for image manipulation, or `php-ldap` if you need to connect to an LDAP server for authentication). + +_Note: If you're using Debian/Ubuntu, you also need to install `libapache2-mod-fastcgi` (for cgi/PHP-FPM) or `libapache2-mod-php7.0` (or a similar package depending on PHP version) if you want to use `mod_php` with Apache._ + + php_packages_extra: [] + +A list of extra PHP packages to install without overriding the default list. + + php_enable_webserver: true + +If your usage of PHP is tied to a web server (e.g. Apache or Nginx), leave this default value. If you are using PHP server-side or to run some small application, set this value to `false` so this role doesn't attempt to interact with a web server. + + php_webserver_daemon: "httpd" + +The default values for the HTTP server deamon are `httpd` (used by Apache) for RedHat/CentOS, or `apache2` (also used by Apache) for Debian/Ubuntu. If you are running another webserver (for example, `nginx`), change this value to the name of the daemon under which the webserver runs. + + php_enablerepo: "" + +(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi)), those repositories can be listed under this variable (e.g. `remi-php70,epel`). This can be handy, as an example, if you want to install the latest version of PHP 7.0, which is in the Remi repository. + + php_default_version_debian: "" + +(Debian/Ubuntu only) The default version of PHP in the given OS version repositories. The specific version is set per distro and per version, but you can override it by providing a value here, like `"7.4"`. + +**If you'd like to be able to switch PHP versions easily, or use a version that's not available in system packages**: You can use the [`geerlingguy.php-versions`](https://galaxy.ansible.com/geerlingguy/php-versions/) role to more easily switch between major PHP versions (e.g. 5.6, 7.1, 7.2). + + php_packages_state: "present" + +If you have enabled any additional repositories such as [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to swap PHP versions on the fly. By default, this is set to `"present"`. You can override this variable to `"latest"` to upgrade to the latest available version. Combined with `php_enablerepo`, a user now doesn't need to manually uninstall the existing PHP packages before installing them from a different repository. + + php_install_recommends: true + +(Debian/Ubuntu only) Whether to install recommended packages when installing `php_packages`; you might want to set this to `no` explicitly if you're installing a PPA that recommends certain packages you don't want (e.g. Ondrej's `php` PPA will install `php7.0-cli` if you install `php-pear` alongside `php5.6-cli`... which is often not desired!). + + php_executable: "php" + +The executable to run when calling PHP from the command line. You should only change this if running `php` on your server doesn't target the correct executable, or if you're using software collections on RHEL/CentOS and need to target a different version of PHP. + +### PHP-FPM + +PHP-FPM is a simple and robust FastCGI Process Manager for PHP. It can dramatically ease scaling of PHP apps and is the normal way of running PHP-based sites and apps when using a webserver like Nginx (though it can be used with other webservers just as easily). + +When using this role with PHP running as `php-fpm` instead of as a process inside a webserver (e.g. Apache's `mod_php`), you need to set the following variable to `true`: + + php_enable_php_fpm: false + +If you're using Apache, you can easily get it configured to work with PHP-FPM using the [geerlingguy.apache-php-fpm](https://github.com/geerlingguy/ansible-role-apache-php-fpm) role. + + php_fpm_state: started + php_fpm_enabled_on_boot: true + +Control over the fpm daemon's state; set these to `stopped` and `false` if you want FPM to be installed and configured, but not running (e.g. when installing in a container). + + php_fpm_handler_state: restarted + +The handler restarts PHP-FPM by default. Setting the value to `reloaded` will reload the service, intead of restarting it. + + php_fpm_listen: "127.0.0.1:9000" + php_fpm_listen_allowed_clients: "127.0.0.1" + php_fpm_pm_max_children: 50 + php_fpm_pm_start_servers: 5 + php_fpm_pm_min_spare_servers: 5 + php_fpm_pm_max_spare_servers: 5 + +Specific settings inside the default `www.conf` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template or using `lineinfile` like this role does inside `tasks/configure-fpm.yml`. + +### php.ini settings + + php_use_managed_ini: true + +By default, all the extra defaults below are applied through the php.ini included with this role. You can self-manage your php.ini file (if you need more flexility in its configuration) by setting this to `false` (in which case all the below variables will be ignored). + + php_fpm_pool_user: "[apache|nginx|other]" # default varies by OS + php_fpm_pool_group: "[apache|nginx|other]" # default varies by OS + php_memory_limit: "256M" + php_max_execution_time: "60" + php_max_input_time: "60" + php_max_input_vars: "1000" + php_realpath_cache_size: "32K" + php_file_uploads: "On" + php_upload_max_filesize: "64M" + php_max_file_uploads: "20" + php_post_max_size: "32M" + php_date_timezone: "America/Chicago" + php_allow_url_fopen: "On" + php_sendmail_path: "/usr/sbin/sendmail -t -i" + php_output_buffering: "4096" + php_short_open_tag: false + php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" + php_display_errors: "Off" + php_display_startup_errors: "On" + php_expose_php: "On" + php_session_cookie_lifetime: 0 + php_session_gc_probability: 1 + php_session_gc_divisor: 1000 + php_session_gc_maxlifetime: 1440 + php_session_save_handler: files + php_session_save_path: '' + php_disable_functions: [] + php_precision: 14 + php_serialize_precision: "-1" + +Various defaults for PHP. Only used if `php_use_managed_ini` is set to `true`. + +### OpCache-related Variables + +The OpCache is included in PHP starting in version 5.5, and the following variables will only take effect if the version of PHP you have installed is 5.5 or greater. + + php_opcache_zend_extension: "opcache.so" + php_opcache_enable: "1" + php_opcache_enable_cli: "0" + php_opcache_memory_consumption: "96" + php_opcache_interned_strings_buffer: "16" + php_opcache_max_accelerated_files: "4096" + php_opcache_max_wasted_percentage: "5" + php_opcache_validate_timestamps: "1" + php_opcache_revalidate_path: "0" + php_opcache_revalidate_freq: "2" + php_opcache_max_file_size: "0" + +OpCache ini directives that are often customized on a system. Make sure you have enough memory and file slots allocated in the OpCache (`php_opcache_memory_consumption`, in MB, and `php_opcache_max_accelerated_files`) to contain all the PHP code you are running. If not, you may get less-than-optimal performance! + +For custom opcache.so location provide full path with `php_opcache_zend_extension`. + + php_opcache_conf_filename: [platform-specific] + +The platform-specific opcache configuration filename. Generally the default should work, but in some cases, you may need to override the filename. + +### APCu-related Variables + + php_enable_apc: true + +Whether to enable APCu. Other APCu variables will be ineffective if this is set to false. + + php_apc_shm_size: "96M" + php_apc_enable_cli: "0" + +APCu ini directives that are often customized on a system. Set the `php_apc_shm_size` so it will hold all cache entries in memory with a little overhead (fragmentation or APC running out of memory will slow down PHP *dramatically*). + + php_apc_conf_filename: [platform-specific] + +The platform-specific APC configuration filename. Generally the default should work, but in some cases, you may need to override the filename. + +#### Ensuring APC is installed + +If you use APC, you will need to make sure APC is installed (it is installed by default, but if you customize the `php_packages` list, you need to include APC in the list): + + - *On RHEL/CentOS systems*: Make sure `php-pecl-apcu` is in the list of `php_packages`. + - *On Debian/Ubuntu systems*: Make sure `php-apcu` is in the list of `php_packages`. + +### Installing from Source + +If you need a specific version of PHP, or would like to test the latest (e.g. master) version of PHP, there's a good chance there's no suitable package already available in your platform's package manager. In these cases, you may choose to install PHP from source by compiling it directly. + +Note that source compilation takes *much* longer than installing from packages (PHP HEAD takes 5+ minutes to compile on a modern quad-core computer, just as a point of reference). + + php_install_from_source: false + +Set this to `true` to install PHP from source instead of installing from packages. + + php_source_version: "master" + +The version of PHP to install from source (a git branch, tag, or commit hash). + + php_source_clone_dir: "~/php-src" + php_source_clone_depth: 1 + php_source_install_path: "/opt/php" + php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" + php_source_mysql_config: "/usr/bin/mysql_config" + +Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific), and `mysql_config` binary (this may be `mariadb_config` in newer operating system versions). + + php_source_make_command: "make" + +Set the `make` command to `make --jobs=X` where `X` is the number of cores present on the server where PHP is being compiled. Will speed up compilation times dramatically if you have multiple cores. + + php_source_configure_command: > + [...] + +The `./configure` command that will build the Makefile to be used for PHP compilation. Add in all the options you need for your particular environment. Using a folded scalar (`>`) allows you to define the variable over multiple lines, which is extremely helpful for legibility and source control! + +A few other notes/caveats for specific configurations: + + - **Apache with `mpm_prefork`**: If you're using Apache with prefork as a webserver for PHP, you will need to make sure `apxs2` is available on your system (e.g. by installing `apache2-prefork-dev` in Ubuntu), and you will need to make sure the option `--with-apxs2` is defined in `php_source_configure_command`. Finally, you will need to make sure the `mpm_prefork` module is loaded instead of `mpm_worker` or `mpm_event`, and likely add a `phpX.conf` (where `X` is the major version of PHP) configuration file to the Apache module config folder with contents like [`php7.conf`](https://gist.github.com/geerlingguy/5ae5445f28e71264e8c1). + - **Apache with `mpm_event` or `mpm_worker`**: If you're using Apache with event or worker as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. You'll also need to make sure Apache's support for CGI and event is installed (e.g. by installing `apache2-mpm-event` and `libapache2-mod-fastcgi`) and the `mpm_event` module is loaded. + - **Nginx**: If you're using Nginx as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.php } + +*Inside `vars/main.yml`*: + + php_memory_limit: "128M" + php_max_execution_time: "90" + php_upload_max_filesize: "256M" + php_packages: + - php + - php-cli + - php-common + - php-devel + - php-gd + - php-mbstring + - php-pdo + - php-pecl-apcu + - php-xml + ... + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.php/defaults/main.yml b/roles/geerlingguy.php/defaults/main.yml new file mode 100644 index 0000000..e716d59 --- /dev/null +++ b/roles/geerlingguy.php/defaults/main.yml @@ -0,0 +1,140 @@ +--- +# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only +# for RHEL/CentOS. +php_enablerepo: "" + +# Extra packages to install (in addition to distro-specific default lists). +php_packages_extra: [] + +# Default PHP version to install on Debian-based OSes (OS-specific). +# php_default_version_debian: "" + +# PHP package state; use 'present' to make sure it's installed, or 'latest' if +# you want to upgrade or switch versions using a new repo. +php_packages_state: present + +# Whether to install recommended packages. Used only for Debian/Ubuntu. +php_install_recommends: true + +# Set this to false if you're not using PHP with Apache/Nginx/etc. +php_enable_webserver: true + +# PHP-FPM configuration. +php_enable_php_fpm: false +php_fpm_state: started +php_fpm_handler_state: restarted +php_fpm_enabled_on_boot: true +php_fpm_listen: "127.0.0.1:9000" +php_fpm_listen_allowed_clients: "127.0.0.1" +php_fpm_pm_max_children: 50 +php_fpm_pm_start_servers: 5 +php_fpm_pm_min_spare_servers: 5 +php_fpm_pm_max_spare_servers: 5 + +# The executable to run when calling PHP from the command line. +php_executable: "php" + +# OpCache settings. +php_opcache_zend_extension: "opcache.so" +php_opcache_enable: "1" +php_opcache_enable_cli: "0" +php_opcache_memory_consumption: "96" +php_opcache_interned_strings_buffer: "16" +php_opcache_max_accelerated_files: "4096" +php_opcache_max_wasted_percentage: "5" +php_opcache_validate_timestamps: "1" +php_opcache_revalidate_path: "0" +php_opcache_revalidate_freq: "2" +php_opcache_max_file_size: "0" +php_opcache_blacklist_filename: "" + +# APCu settings. +php_enable_apc: true +php_apc_shm_size: "96M" +php_apc_enable_cli: "0" + +# If this is set to false, none of the following options will have any effect. +# Any and all changes to /etc/php.ini will be your responsibility. +php_use_managed_ini: true + +php_expose_php: "On" +php_memory_limit: "256M" +php_max_execution_time: "60" +php_max_input_time: "60" +php_max_input_vars: "1000" +php_realpath_cache_size: "32K" + +php_file_uploads: "On" +php_upload_max_filesize: "64M" +php_max_file_uploads: "20" + +php_post_max_size: "32M" +php_date_timezone: "America/Chicago" +php_allow_url_fopen: "On" + +php_sendmail_path: "/usr/sbin/sendmail -t -i" +php_output_buffering: "4096" +php_short_open_tag: "Off" +php_disable_functions: [] +php_precision: 14 +php_serialize_precision: "-1" + +php_session_cookie_lifetime: 0 +php_session_gc_probability: 1 +php_session_gc_divisor: 1000 +php_session_gc_maxlifetime: 1440 +php_session_save_handler: files +php_session_save_path: '' + +php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" +php_display_errors: "Off" +php_display_startup_errors: "Off" + +# Install PHP from source (instead of using a package manager) with these vars. +php_install_from_source: false +php_source_repo: "https://git.php.net/repository/php-src.git" +php_source_version: "master" +php_source_clone_dir: "~/php-src" +php_source_clone_depth: 1 +php_source_install_path: "/opt/php" +php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" +php_source_mysql_config: "/usr/bin/mysql_config" +# For faster compile time: "make --jobs=X" where X is # of cores present. +php_source_make_command: "make" +php_source_configure_command: > + ./configure + --prefix={{ php_source_install_path }} + --with-config-file-path={{ php_conf_paths | first }} + --enable-mbstring + --enable-zip + --enable-bcmath + --enable-pcntl + --enable-ftp + --enable-exif + --enable-calendar + --enable-opcache + --enable-pdo + --enable-sysvmsg + --enable-sysvsem + --enable-sysvshm + --enable-wddx + --with-curl + --with-mcrypt + --with-iconv + --with-gmp + --with-pspell + --with-gd + --with-jpeg-dir=/usr + --with-png-dir=/usr + --with-zlib-dir=/usr + --with-xpm-dir=/usr + --with-freetype-dir=/usr + --enable-gd-native-ttf + --enable-gd-jis-conv + --with-openssl + --with-pdo-mysql=/usr + --with-gettext=/usr + --with-zlib=/usr + --with-bz2=/usr + --with-recode=/usr + --with-mysqli={{ php_source_mysql_config }} diff --git a/roles/geerlingguy.php/handlers/main.yml b/roles/geerlingguy.php/handlers/main.yml new file mode 100644 index 0000000..e0d0a29 --- /dev/null +++ b/roles/geerlingguy.php/handlers/main.yml @@ -0,0 +1,15 @@ +--- +- name: restart webserver + service: + name: "{{ php_webserver_daemon }}" + state: restarted + notify: restart php-fpm + when: php_enable_webserver + +- name: restart php-fpm + service: + name: "{{ php_fpm_daemon }}" + state: "{{ php_fpm_handler_state }}" + when: + - php_enable_php_fpm + - php_fpm_state == 'started' diff --git a/roles/geerlingguy.php/meta/.galaxy_install_info b/roles/geerlingguy.php/meta/.galaxy_install_info new file mode 100644 index 0000000..da32abd --- /dev/null +++ b/roles/geerlingguy.php/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Thu Oct 29 02:55:11 2020 +version: 4.5.1 diff --git a/roles/geerlingguy.php/meta/main.yml b/roles/geerlingguy.php/meta/main.yml new file mode 100644 index 0000000..821b973 --- /dev/null +++ b/roles/geerlingguy.php/meta/main.yml @@ -0,0 +1,37 @@ +--- +dependencies: [] + +galaxy_info: + role_name: php + author: geerlingguy + description: PHP for RedHat/CentOS/Fedora/Debian/Ubuntu. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - 8 + - name: Fedora + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - trusty + - xenial + - bionic + galaxy_tags: + - development + - web + - php + - language + - fpm + - drupal + - wordpress + - joomla + - magento diff --git a/roles/geerlingguy.php/molecule/default/converge.yml b/roles/geerlingguy.php/molecule/default/converge.yml new file mode 100644 index 0000000..41ae7c1 --- /dev/null +++ b/roles/geerlingguy.php/molecule/default/converge.yml @@ -0,0 +1,70 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + php_enable_webserver: false + php_enable_php_fpm: true + php_memory_limit: "192M" + php_enablerepo: "remi,remi-php70" + php_install_recommends: false + + handlers: + - name: update apt cache + apt: update_cache=true + when: ansible_os_family == 'Debian' + + pre_tasks: + - name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + + # Ubuntu-specific tasks. + - name: Ensure dirmngr is installed (gnupg dependency). + apt: + name: dirmngr + state: present + when: ansible_os_family == 'Debian' + + - name: Add repository for PHP 7. + apt_repository: repo='ppa:ondrej/php' + when: ansible_distribution == 'Ubuntu' + + # Debian-specific tasks. + - name: Add dependencies for PHP versions (Debian). + apt: + name: + - apt-transport-https + - ca-certificates + - gnupg2 + state: present + when: ansible_distribution == "Debian" + + - name: Add Ondrej Sury's apt key (Debian). + apt_key: + url: https://packages.sury.org/php/apt.gpg + state: present + when: ansible_distribution == "Debian" + + - name: Add Ondrej Sury's repo (Debian). + apt_repository: + repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main" + state: present + when: ansible_distribution == "Debian" + notify: update apt cache + + - meta: flush_handlers + + roles: + - role: geerlingguy.repo-remi + when: + - ansible_os_family == 'RedHat' + - ansible_distribution != 'Fedora' + - role: geerlingguy.php + + post_tasks: + - name: Confirm PHP configuration is correct. + shell: php -i | grep 'memory_limit.*192' + changed_when: false diff --git a/roles/geerlingguy.php/molecule/default/molecule.yml b/roles/geerlingguy.php/molecule/default/molecule.yml new file mode 100644 index 0000000..2da47dd --- /dev/null +++ b/roles/geerlingguy.php/molecule/default/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.php/molecule/default/playbook-source.yml b/roles/geerlingguy.php/molecule/default/playbook-source.yml new file mode 100644 index 0000000..d9ad0f9 --- /dev/null +++ b/roles/geerlingguy.php/molecule/default/playbook-source.yml @@ -0,0 +1,32 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + php_enable_webserver: false + php_install_from_source: true + php_source_clone_dir: /root/php-src + php_source_make_command: "make --jobs=2" + php_version: "7.4.8" + php_source_version: "php-{{ php_version }}" + php_memory_limit: "192M" + + pre_tasks: + - name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + + roles: + - role: geerlingguy.git + - role: geerlingguy.php + + post_tasks: + - name: Confirm PHP configuration is correct. + shell: php -i | grep 'memory_limit.*192' + changed_when: false + + - name: Check the installed PHP version. + shell: '/usr/bin/php --version | grep -qF "PHP {{ php_version }}"' + changed_when: false diff --git a/roles/geerlingguy.php/molecule/default/requirements.yml b/roles/geerlingguy.php/molecule/default/requirements.yml new file mode 100644 index 0000000..809b89b --- /dev/null +++ b/roles/geerlingguy.php/molecule/default/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: geerlingguy.repo-remi +- src: geerlingguy.git diff --git a/roles/geerlingguy.php/tasks/configure-apcu.yml b/roles/geerlingguy.php/tasks/configure-apcu.yml new file mode 100644 index 0000000..a29f8d6 --- /dev/null +++ b/roles/geerlingguy.php/tasks/configure-apcu.yml @@ -0,0 +1,37 @@ +--- +- name: Check for existing APCu config files. + find: + paths: "{{ item }}" + contains: 'extension(\s+)?=(\s+)?apc[u]?\.so' + register: php_installed_apc_confs + with_items: "{{ php_extension_conf_paths }}" + +- name: Remove any non-role-supplied APCu config files. + file: + path: "{{ item.1.path }}" + state: absent + when: php_apc_conf_filename != (item.1.path.split('/') | last) + with_subelements: + - "{{ php_installed_apc_confs.results }}" + - files + notify: restart webserver + +- name: Ensure APCu config file is present. + template: + src: apc.ini.j2 + dest: "{{ item }}/{{ php_apc_conf_filename }}" + owner: root + group: root + force: true + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + when: php_enable_apc + notify: restart webserver + +- name: Remove APCu config file if APC is disabled. + file: + path: "{{ item }}/{{ php_apc_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: not php_enable_apc + notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/configure-fpm.yml b/roles/geerlingguy.php/tasks/configure-fpm.yml new file mode 100644 index 0000000..dfebf0b --- /dev/null +++ b/roles/geerlingguy.php/tasks/configure-fpm.yml @@ -0,0 +1,78 @@ +--- +- name: Define php_fpm_daemon. + set_fact: + php_fpm_daemon: "{{ __php_fpm_daemon }}" + when: php_fpm_daemon is not defined + +- name: Define php_fpm_pool_conf_path. + set_fact: + php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}" + when: php_fpm_pool_conf_path is not defined + +- name: Define php_fpm_pool_user. + set_fact: + php_fpm_pool_user: "{{ __php_fpm_pool_user }}" + when: php_fpm_pool_user is not defined + +- name: Define php_fpm_pool_group. + set_fact: + php_fpm_pool_group: "{{ __php_fpm_pool_group }}" + when: php_fpm_pool_group is not defined + +- name: Stat php_fpm_pool_conf_path + stat: + path: "{{ php_fpm_pool_conf_path | dirname }}" + register: php_fpm_pool_conf_path_dir_stat + +- name: Ensure the default pool directory exists. + file: + path: "{{ php_fpm_pool_conf_path | dirname }}" + state: directory + owner: root + group: root + mode: 0755 + when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined + +- name: Ensure the default pool exists. + template: + src: www.conf.j2 + dest: "{{ php_fpm_pool_conf_path }}" + owner: root + group: root + mode: 0644 + force: false + when: php_enable_php_fpm + +- name: Configure php-fpm pool (if enabled). + lineinfile: + dest: "{{ php_fpm_pool_conf_path }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + mode: 0644 + with_items: + - regexp: "^user.?=.+$" + line: "user = {{ php_fpm_pool_user }}" + - regexp: "^group.?=.+$" + line: "group = {{ php_fpm_pool_group }}" + - regexp: "^listen.?=.+$" + line: "listen = {{ php_fpm_listen }}" + - regexp: '^listen\.allowed_clients.?=.+$' + line: "listen.allowed_clients = {{ php_fpm_listen_allowed_clients }}" + - regexp: '^pm\.max_children.?=.+$' + line: "pm.max_children = {{ php_fpm_pm_max_children }}" + - regexp: '^pm\.start_servers.?=.+$' + line: "pm.start_servers = {{ php_fpm_pm_start_servers }}" + - regexp: '^pm\.min_spare_servers.?=.+$' + line: "pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }}" + - regexp: '^pm\.max_spare_servers.?=.+$' + line: "pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }}" + when: php_enable_php_fpm + notify: restart php-fpm + +- name: Ensure php-fpm is started and enabled at boot (if configured). + service: + name: "{{ php_fpm_daemon }}" + state: "{{ php_fpm_state }}" + enabled: "{{ php_fpm_enabled_on_boot }}" + when: php_enable_php_fpm and ansible_distribution != "Debian" diff --git a/roles/geerlingguy.php/tasks/configure-opcache.yml b/roles/geerlingguy.php/tasks/configure-opcache.yml new file mode 100644 index 0000000..fc043d0 --- /dev/null +++ b/roles/geerlingguy.php/tasks/configure-opcache.yml @@ -0,0 +1,37 @@ +--- +- name: Check for existing OpCache config files. + find: + paths: "{{ item }}" + contains: 'zend_extension(\s+)?=(\s+)?opcache\.so' + register: php_installed_opcache_confs + with_items: "{{ php_extension_conf_paths }}" + +- name: Remove any non-role-supplied OpCache config files. + file: + path: "{{ item.1.path }}" + state: absent + when: php_opcache_conf_filename != (item.1.path.split('/') | last) + with_subelements: + - "{{ php_installed_opcache_confs.results }}" + - files + notify: restart webserver + +- name: Ensure OpCache config file is present. + template: + src: opcache.ini.j2 + dest: "{{ item }}/{{ php_opcache_conf_filename }}" + owner: root + group: root + force: true + mode: 0644 + with_items: "{{ php_extension_conf_paths }}" + when: php_opcache_enable | bool + notify: restart webserver + +- name: Remove OpCache config file if OpCache is disabled. + file: + path: "{{ item }}/{{ php_opcache_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: not php_opcache_enable | bool + notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/configure.yml b/roles/geerlingguy.php/tasks/configure.yml new file mode 100644 index 0000000..e0e1434 --- /dev/null +++ b/roles/geerlingguy.php/tasks/configure.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure configuration directories exist. + file: + path: "{{ item }}" + state: directory + follow: true + mode: 0755 + with_flattened: + - "{{ php_conf_paths }}" + - "{{ php_extension_conf_paths }}" + +- name: Place PHP configuration file in place. + template: + src: php.ini.j2 + dest: "{{ item }}/php.ini" + owner: root + group: root + mode: 0644 + with_items: "{{ php_conf_paths }}" + notify: restart webserver + when: php_use_managed_ini diff --git a/roles/geerlingguy.php/tasks/install-from-source.yml b/roles/geerlingguy.php/tasks/install-from-source.yml new file mode 100644 index 0000000..cd18daa --- /dev/null +++ b/roles/geerlingguy.php/tasks/install-from-source.yml @@ -0,0 +1,158 @@ +--- +- name: Ensure dependencies for building from source are installed (RedHat). + package: + name: + - autoconf + - automake + - libtool + - bison + - make + - re2c + - sqlite-devel + - oniguruma-devel + - curl-devel + - recode-devel + - aspell-devel + - libxml2-devel + - pkgconfig + - libmcrypt-devel + - t1lib-devel + - libXpm-devel + - libpng-devel + - libjpeg-turbo-devel + - bzip2-devel + - openssl-devel + - freetype-devel + - libicu-devel + - mariadb-devel + - gmp-devel + state: present + when: ansible_os_family == 'RedHat' + +- name: Update apt cache (Debian). + apt: update_cache=yes cache_valid_time=86400 + when: ansible_os_family == 'Debian' + +- name: Ensure dependencies for building from source are installed (Debian). + apt: + name: + - build-essential + - autoconf + - automake + - libtool + - bison + - pkg-config + - re2c + - libsqlite3-dev + - libonig-dev + - libxml2-dev + - libcurl4-openssl-dev + - libbz2-dev + - libjpeg-dev + - libpng-dev + - libxpm-dev + - libfreetype6-dev + - libgmp3-dev + - libmcrypt-dev + - libmariadbclient-dev + - libpspell-dev + - librecode-dev + - libssl-dev + state: present + when: ansible_os_family == 'Debian' + +- name: Define php_fpm_daemon (if not defined already). + set_fact: + php_fpm_daemon: "php-fpm" + when: php_fpm_daemon is not defined + +- name: Check if gmp.h is already in a location accessible to gcc. + stat: path=/usr/include/gmp.h + register: gmp_file + +- name: Ensure gmp.h is symlinked into a location accessible to gcc. + file: # noqa 208 + src: "{{ php_source_install_gmp_path }}" + dest: /usr/include/gmp.h + state: link + when: not gmp_file.stat.exists + +- name: Check if PHP is installed. + command: which php + changed_when: false + failed_when: false + register: php_installed + +- name: Clone the PHP repository. + git: + repo: "{{ php_source_repo }}" + dest: "{{ php_source_clone_dir }}" + version: "{{ php_source_version }}" + accept_hostkey: true + depth: "{{ php_source_clone_depth }}" + when: php_installed.rc != 0 + +- name: Ensure PHP installation path exists. + file: + path: "{{ php_source_install_path }}" + state: directory + mode: 0755 + when: php_installed.rc != 0 + +- name: Build configure script. + command: > + ./buildconf --force + chdir={{ php_source_clone_dir }} + when: php_installed.rc != 0 + +- name: Run configure script. + command: > + {{ php_source_configure_command }} + chdir={{ php_source_clone_dir }} + when: php_installed.rc != 0 + +- name: Make and install PHP. + command: > + {{ item }} + chdir={{ php_source_clone_dir }} + with_items: + - "{{ php_source_make_command }}" + - make install + when: php_installed.rc != 0 + +- name: Ensure php executable is symlinked into a standard path. + file: # noqa 208 + src: "{{ php_source_install_path }}/bin/php" + dest: /usr/bin/php + state: link + +# PHP FPM configuration. +- name: Ensure php-fpm executable is symlinked into a standard path. + file: # noqa 208 + src: "{{ php_source_install_path }}/sbin/php-fpm" + dest: "/usr/sbin/{{ php_fpm_daemon }}" + state: link + when: "'--enable-fpm' in php_source_configure_command" + +- name: Ensure php-fpm init script is installed. + template: + src: fpm-init.j2 + dest: "/etc/init.d/{{ php_fpm_daemon }}" + mode: 0755 + when: "'--enable-fpm' in php_source_configure_command" + notify: restart php-fpm + +- name: Ensure php-fpm config directory exists. + file: + path: "{{ php_fpm_conf_path }}" + state: directory + mode: 0755 + when: "'--enable-fpm' in php_source_configure_command" + +- name: Ensure php-fpm config file is installed. + template: + src: php-fpm.conf.j2 + dest: "{{ php_fpm_conf_path }}/php-fpm.conf" + mode: 0644 + when: "'--enable-fpm' in php_source_configure_command" + notify: restart php-fpm diff --git a/roles/geerlingguy.php/tasks/main.yml b/roles/geerlingguy.php/tasks/main.yml new file mode 100644 index 0000000..dbad765 --- /dev/null +++ b/roles/geerlingguy.php/tasks/main.yml @@ -0,0 +1,77 @@ +--- +# Variable setup. +- name: Include distribution and version-specific vars. + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + skip: true + +- name: Set the default PHP version for Debian-based OSes. + set_fact: + php_default_version_debian: "{{ __php_default_version_debian }}" + when: php_default_version_debian is not defined and ansible_os_family == 'Debian' + +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define php_packages. + set_fact: + php_packages: "{{ __php_packages | list }}" + when: php_packages is not defined + +- name: Define php_webserver_daemon. + set_fact: + php_webserver_daemon: "{{ __php_webserver_daemon }}" + when: php_webserver_daemon is not defined + +- name: Define php_conf_paths. + set_fact: + php_conf_paths: "{{ __php_conf_paths }}" + when: php_conf_paths is not defined + +- name: Define php_extension_conf_paths. + set_fact: + php_extension_conf_paths: "{{ __php_extension_conf_paths }}" + when: php_extension_conf_paths is not defined + +- name: Define php_apc_conf_filename. + set_fact: + php_apc_conf_filename: "{{ __php_apc_conf_filename }}" + when: php_apc_conf_filename is not defined + +- name: Define php_opcache_conf_filename (Ubuntu 16.04). + set_fact: + php_opcache_conf_filename: "10-opcache.ini" + when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04" + +- name: Define php_opcache_conf_filename. + set_fact: + php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}" + when: php_opcache_conf_filename is not defined + +- name: Define php_fpm_conf_path. + set_fact: + php_fpm_conf_path: "{{ __php_fpm_conf_path }}" + when: php_fpm_conf_path is not defined + +# Setup/install tasks. +- include_tasks: setup-RedHat.yml + when: + - not php_install_from_source + - ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: + - not php_install_from_source + - ansible_os_family == 'Debian' + +# Install PHP from source when php_install_from_source is true. +- include_tasks: install-from-source.yml + when: php_install_from_source + +# Configure PHP. +- include_tasks: configure.yml +- include_tasks: configure-apcu.yml +- include_tasks: configure-opcache.yml +- include_tasks: configure-fpm.yml diff --git a/roles/geerlingguy.php/tasks/setup-Debian.yml b/roles/geerlingguy.php/tasks/setup-Debian.yml new file mode 100644 index 0000000..a6657be --- /dev/null +++ b/roles/geerlingguy.php/tasks/setup-Debian.yml @@ -0,0 +1,27 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + +- name: Ensure PHP packages are installed. + apt: + name: "{{ php_packages + php_packages_extra }}" + state: "{{ php_packages_state }}" + install_recommends: "{{ php_install_recommends }}" + register: php_package_install + notify: restart webserver + +- name: Delete APCu configuration file if this role will provide one. + file: + path: "{{ item }}/{{ php_apc_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: php_enable_apc and php_package_install.changed + notify: restart webserver + +- name: Delete OpCache configuration file if this role will provide one. + file: + path: "{{ item }}/{{ php_opcache_conf_filename }}" + state: absent + with_items: "{{ php_extension_conf_paths }}" + when: php_opcache_enable | bool and php_package_install.changed + notify: restart webserver diff --git a/roles/geerlingguy.php/tasks/setup-RedHat.yml b/roles/geerlingguy.php/tasks/setup-RedHat.yml new file mode 100644 index 0000000..1d76b33 --- /dev/null +++ b/roles/geerlingguy.php/tasks/setup-RedHat.yml @@ -0,0 +1,7 @@ +--- +- name: Ensure PHP packages are installed. + package: + name: "{{ php_packages + php_packages_extra }}" + state: "{{ php_packages_state }}" + enablerepo: "{{ php_enablerepo | default(omit, true) }}" + notify: restart webserver diff --git a/roles/geerlingguy.php/templates/apc.ini.j2 b/roles/geerlingguy.php/templates/apc.ini.j2 new file mode 100644 index 0000000..bfd5706 --- /dev/null +++ b/roles/geerlingguy.php/templates/apc.ini.j2 @@ -0,0 +1,4 @@ +extension=apcu.so +apc.shm_size={{ php_apc_shm_size }} +apc.enable_cli={{ php_apc_enable_cli }} +apc.rfc1867=1 diff --git a/roles/geerlingguy.php/templates/fpm-init.j2 b/roles/geerlingguy.php/templates/fpm-init.j2 new file mode 100644 index 0000000..4d6a6d5 --- /dev/null +++ b/roles/geerlingguy.php/templates/fpm-init.j2 @@ -0,0 +1,170 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: php-fpm {{ php_fpm_daemon }} +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts {{ php_fpm_daemon }} +# Description: Starts The PHP FastCGI Process Manager Daemon +### END INIT INFO + +# Author: Ondrej Sury + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="PHP FastCGI Process Manager" +NAME={{ php_fpm_daemon }} +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf" +PIDFILE=/var/run/{{ php_fpm_daemon }}.pid +TIMEOUT=2 +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Don't run if we are running upstart +if init_is_upstart; then + exit 1 +fi + +# +# Function to check the correctness of the config file +# +do_check() +{ + /usr/lib/php5/php5-fpm-checkconf || return 1 + return 0 +} + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS 2>/dev/null \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + check) + do_check yes + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + reopen-logs) + log_daemon_msg "Reopening $DESC logs" $NAME + if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ + --pidfile $PIDFILE --exec $DAEMON + then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +: diff --git a/roles/geerlingguy.php/templates/opcache.ini.j2 b/roles/geerlingguy.php/templates/opcache.ini.j2 new file mode 100644 index 0000000..6146453 --- /dev/null +++ b/roles/geerlingguy.php/templates/opcache.ini.j2 @@ -0,0 +1,14 @@ +zend_extension={{ php_opcache_zend_extension }} +opcache.enable={{ php_opcache_enable }} +opcache.enable_cli={{ php_opcache_enable_cli }} +opcache.memory_consumption={{ php_opcache_memory_consumption }} +opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }} +opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }} +opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }} +opcache.validate_timestamps={{ php_opcache_validate_timestamps }} +opcache.revalidate_path={{ php_opcache_revalidate_path }} +opcache.revalidate_freq={{ php_opcache_revalidate_freq }} +opcache.max_file_size={{ php_opcache_max_file_size }} +{% if php_opcache_blacklist_filename != '' %} +opcache.blacklist_filename={{ php_opcache_blacklist_filename }} +{% endif %} diff --git a/roles/geerlingguy.php/templates/php-fpm.conf.j2 b/roles/geerlingguy.php/templates/php-fpm.conf.j2 new file mode 100644 index 0000000..12b277f --- /dev/null +++ b/roles/geerlingguy.php/templates/php-fpm.conf.j2 @@ -0,0 +1,12 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +include={{ php_fpm_conf_path }}/pool.d/*.conf + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +error_log = /var/log/php-fpm.log diff --git a/roles/geerlingguy.php/templates/php.ini.j2 b/roles/geerlingguy.php/templates/php.ini.j2 new file mode 100644 index 0000000..14b7eeb --- /dev/null +++ b/roles/geerlingguy.php/templates/php.ini.j2 @@ -0,0 +1,221 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +engine = On +short_open_tag = {{ php_short_open_tag }} +precision = {{ php_precision }} +output_buffering = {{ php_output_buffering }} + +zlib.output_compression = Off + +implicit_flush = Off +unserialize_callback_func = +serialize_precision = {{ php_serialize_precision }} +disable_functions = {{ php_disable_functions|join(",") }} +disable_classes = + +zend.enable_gc = On + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +expose_php = {{ php_expose_php }} + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +max_execution_time = {{ php_max_execution_time }} +max_input_time = {{ php_max_input_time }} +max_input_vars = {{ php_max_input_vars }} +memory_limit = {{ php_memory_limit }} + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +error_reporting = {{ php_error_reporting }} +display_errors = {{ php_display_errors }} +display_startup_errors = {{ php_display_startup_errors }} +log_errors = On +log_errors_max_len = 1024 +ignore_repeated_errors = Off +ignore_repeated_source = Off +report_memleaks = On +track_errors = Off +html_errors = On + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +auto_globals_jit = On + +post_max_size = {{ php_post_max_size }} +auto_prepend_file = +auto_append_file = + +default_mimetype = "text/html" + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +doc_root = +user_dir = + +enable_dl = Off + +realpath_cache_size = {{ php_realpath_cache_size }} + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +file_uploads = {{ php_file_uploads }} +upload_max_filesize = {{ php_upload_max_filesize }} +max_file_uploads = {{ php_max_file_uploads }} + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +allow_url_fopen = {{ php_allow_url_fopen }} +allow_url_include = Off + +default_socket_timeout = 60 + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +cli_server.color = On + +[Date] +date.timezone = {{ php_date_timezone }} + +[Pdo_mysql] +pdo_mysql.cache_size = 2000 +pdo_mysql.default_socket= + +[mail function] +; For Win32 only. +SMTP = localhost +smtp_port = 25 + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +sendmail_path = {{ php_sendmail_path }} + +mail.add_x_header = On + +[SQL] +sql.safe_mode = Off + +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 + +[MySQL] +mysql.allow_local_infile = On +mysql.allow_persistent = On +mysql.cache_size = 2000 +mysql.max_persistent = -1 +mysql.max_links = -1 +mysql.default_port = +mysql.default_socket = +mysql.default_host = +mysql.default_user = +mysql.default_password = +mysql.connect_timeout = 60 +mysql.trace_mode = Off + +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.cache_size = 2000 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off + +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[Session] +session.save_handler = {{ php_session_save_handler }} +session.save_path = {{ php_session_save_path }} +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 + +session.cookie_lifetime = {{ php_session_cookie_lifetime }} +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = + +session.serialize_handler = php + +session.gc_probability = {{ php_session_gc_probability }} +session.gc_divisor = {{ php_session_gc_divisor }} +session.gc_maxlifetime = {{ php_session_gc_maxlifetime }} + +session.referer_check = + +session.cache_limiter = nocache +session.cache_expire = 180 + +session.use_trans_sid = 0 + +session.hash_function = 0 +session.hash_bits_per_character = 5 + +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +[MSSQL] +mssql.allow_persistent = On +mssql.max_persistent = -1 +mssql.max_links = -1 +mssql.min_error_severity = 10 +mssql.min_message_severity = 10 +mssql.compatability_mode = Off +mssql.secure_connection = Off + +[Tidy] +tidy.clean_output = Off + +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 + +[ldap] +ldap.max_links = -1 diff --git a/roles/geerlingguy.php/templates/www.conf.j2 b/roles/geerlingguy.php/templates/www.conf.j2 new file mode 100644 index 0000000..da0921c --- /dev/null +++ b/roles/geerlingguy.php/templates/www.conf.j2 @@ -0,0 +1,15 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 +user = {{ php_fpm_pool_user }} +group = {{ php_fpm_pool_group }} + +listen.owner = {{ php_fpm_pool_user }} +listen.group = {{ php_fpm_pool_group }} + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 5 +pm.max_requests = 500 diff --git a/roles/geerlingguy.php/vars/Debian-10.yml b/roles/geerlingguy.php/vars/Debian-10.yml new file mode 100644 index 0000000..ec895ae --- /dev/null +++ b/roles/geerlingguy.php/vars/Debian-10.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.3" diff --git a/roles/geerlingguy.php/vars/Debian-9.yml b/roles/geerlingguy.php/vars/Debian-9.yml new file mode 100644 index 0000000..eb23ce3 --- /dev/null +++ b/roles/geerlingguy.php/vars/Debian-9.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.0" diff --git a/roles/geerlingguy.php/vars/Debian.yml b/roles/geerlingguy.php/vars/Debian.yml new file mode 100644 index 0000000..c487fd8 --- /dev/null +++ b/roles/geerlingguy.php/vars/Debian.yml @@ -0,0 +1,39 @@ +--- +__php_default_version_debian: "7.0" + +__php_packages: + - php{{ php_default_version_debian }}-common + - php{{ php_default_version_debian }}-cli + - php{{ php_default_version_debian }}-dev + - php{{ php_default_version_debian }}-fpm + - libpcre3-dev + - php{{ php_default_version_debian }}-gd + - php{{ php_default_version_debian }}-curl + - php{{ php_default_version_debian }}-imap + - php{{ php_default_version_debian }}-json + - php{{ php_default_version_debian }}-opcache + - php{{ php_default_version_debian }}-xml + - php{{ php_default_version_debian }}-mbstring + - php-sqlite3 + - php-apcu +__php_webserver_daemon: "apache2" + +# Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode. +__php_conf_paths: + - /etc/php/{{ php_default_version_debian }}/fpm + - /etc/php/{{ php_default_version_debian }}/apache2 + - /etc/php/{{ php_default_version_debian }}/cli + +__php_extension_conf_paths: + - /etc/php/{{ php_default_version_debian }}/fpm/conf.d + - /etc/php/{{ php_default_version_debian }}/apache2/conf.d + - /etc/php/{{ php_default_version_debian }}/cli/conf.d + +__php_apc_conf_filename: 20-apcu.ini +__php_opcache_conf_filename: 10-opcache.ini +__php_fpm_daemon: php{{ php_default_version_debian }}-fpm +__php_fpm_conf_path: "/etc/php/{{ php_default_version_debian }}/fpm" +__php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf" + +__php_fpm_pool_user: www-data +__php_fpm_pool_group: www-data diff --git a/roles/geerlingguy.php/vars/RedHat.yml b/roles/geerlingguy.php/vars/RedHat.yml new file mode 100644 index 0000000..e1e4458 --- /dev/null +++ b/roles/geerlingguy.php/vars/RedHat.yml @@ -0,0 +1,32 @@ +--- +__php_packages: + - php + - php-cli + - php-common + - php-devel + - php-fpm + - php-gd + - php-ldap + - php-mbstring + - php-opcache + - php-pdo + - php-pear + - php-pecl-apcu + - php-xml + - php-xmlrpc +__php_webserver_daemon: "httpd" + +__php_conf_paths: + - /etc + +__php_extension_conf_paths: + - /etc/php.d + +__php_apc_conf_filename: 50-apc.ini +__php_opcache_conf_filename: 10-opcache.ini +__php_fpm_daemon: php-fpm +__php_fpm_conf_path: "/etc/fpm" +__php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf" + +__php_fpm_pool_user: apache +__php_fpm_pool_group: apache diff --git a/roles/geerlingguy.php/vars/Ubuntu-16.yml b/roles/geerlingguy.php/vars/Ubuntu-16.yml new file mode 100644 index 0000000..eb23ce3 --- /dev/null +++ b/roles/geerlingguy.php/vars/Ubuntu-16.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.0" diff --git a/roles/geerlingguy.php/vars/Ubuntu-18.yml b/roles/geerlingguy.php/vars/Ubuntu-18.yml new file mode 100644 index 0000000..82230bc --- /dev/null +++ b/roles/geerlingguy.php/vars/Ubuntu-18.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.2" diff --git a/roles/geerlingguy.php/vars/Ubuntu-20.yml b/roles/geerlingguy.php/vars/Ubuntu-20.yml new file mode 100644 index 0000000..a16b99b --- /dev/null +++ b/roles/geerlingguy.php/vars/Ubuntu-20.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.4" diff --git a/roles/geerlingguy.postgresql/.ansible-lint b/roles/geerlingguy.postgresql/.ansible-lint new file mode 100644 index 0000000..f3c1090 --- /dev/null +++ b/roles/geerlingguy.postgresql/.ansible-lint @@ -0,0 +1,3 @@ +skip_list: + - '405' + - '503' diff --git a/roles/geerlingguy.postgresql/.github/FUNDING.yml b/roles/geerlingguy.postgresql/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/roles/geerlingguy.postgresql/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/roles/geerlingguy.postgresql/.github/stale.yml b/roles/geerlingguy.postgresql/.github/stale.yml new file mode 100644 index 0000000..c7ff127 --- /dev/null +++ b/roles/geerlingguy.postgresql/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.postgresql/.gitignore b/roles/geerlingguy.postgresql/.gitignore new file mode 100644 index 0000000..f56f5b5 --- /dev/null +++ b/roles/geerlingguy.postgresql/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/roles/geerlingguy.postgresql/.travis.yml b/roles/geerlingguy.postgresql/.travis.yml new file mode 100644 index 0000000..6f9a9ae --- /dev/null +++ b/roles/geerlingguy.postgresql/.travis.yml @@ -0,0 +1,31 @@ +--- +language: python +services: docker + +env: + global: + - ROLE_NAME: postgresql + matrix: + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: centos8 + - MOLECULE_DISTRO: fedora32 + - MOLECULE_DISTRO: ubuntu2004 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: debian10 + +install: + # Install test dependencies. + - pip install molecule yamllint ansible-lint docker + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME + +script: + # Run tests. + - molecule test + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.postgresql/.yamllint b/roles/geerlingguy.postgresql/.yamllint new file mode 100644 index 0000000..dff5082 --- /dev/null +++ b/roles/geerlingguy.postgresql/.yamllint @@ -0,0 +1,9 @@ +--- +extends: default +rules: + line-length: + max: 120 + level: warning + +ignore: | + .github/stale.yml diff --git a/roles/geerlingguy.postgresql/LICENSE b/roles/geerlingguy.postgresql/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/roles/geerlingguy.postgresql/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.postgresql/README.md b/roles/geerlingguy.postgresql/README.md new file mode 100644 index 0000000..d447a6e --- /dev/null +++ b/roles/geerlingguy.postgresql/README.md @@ -0,0 +1,149 @@ +# Ansible Role: PostgreSQL + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-postgresql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-postgresql) + +Installs and configures PostgreSQL server on RHEL/CentOS or Debian/Ubuntu servers. + +## Requirements + +No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like: + + - hosts: database + roles: + - role: geerlingguy.postgresql + become: yes + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + postgresql_enablerepo: "" + +(RHEL/CentOS only) You can set a repo to use for the PostgreSQL installation by passing it in here. + + postgresql_restarted_state: "restarted" + +Set the state of the service when configuration changes are made. Recommended values are `restarted` or `reloaded`. + + postgresql_python_library: python-psycopg2 + +Library used by Ansible to communicate with PostgreSQL. If you are using Python 3 (e.g. set via `ansible_python_interpreter`), you should change this to `python3-psycopg2`. + + postgresql_user: postgres + postgresql_group: postgres + +The user and group under which PostgreSQL will run. + + postgresql_unix_socket_directories: + - /var/run/postgresql + +The directories (usually one, but can be multiple) where PostgreSQL's socket will be created. + + postgresql_service_state: started + postgresql_service_enabled: true + +Control the state of the postgresql service and whether it should start at boot time. + + postgresql_global_config_options: + - option: unix_socket_directories + value: '{{ postgresql_unix_socket_directories | join(",") }}' + +Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`. + + postgresql_hba_entries: + - { type: local, database: all, user: postgres, auth_method: peer } + - { type: local, database: all, user: all, auth_method: peer } + - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } + - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } + +Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include: + + - `type` (required) + - `database` (required) + - `user` (required) + - `address` (one of this or the following two are required) + - `ip_address` + - `ip_mask` + - `auth_method` (required) + - `auth_options` (optional) + +If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries. + + postgresql_locales: + - 'en_US.UTF-8' + +(Debian/Ubuntu only) Used to generate the locales used by PostgreSQL databases. + + postgresql_databases: + - name: exampledb # required; the rest are optional + lc_collate: # defaults to 'en_US.UTF-8' + lc_ctype: # defaults to 'en_US.UTF-8' + encoding: # defaults to 'UTF-8' + template: # defaults to 'template0' + login_host: # defaults to 'localhost' + login_password: # defaults to not set + login_user: # defaults to 'postgresql_user' + login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories + port: # defaults to not set + owner: # defaults to postgresql_user + state: # defaults to 'present' + +A list of databases to ensure exist on the server. Only the `name` is required; all other properties are optional. + + postgresql_users: + - name: jdoe #required; the rest are optional + password: # defaults to not set + encrypted: # defaults to not set + priv: # defaults to not set + role_attr_flags: # defaults to not set + db: # defaults to not set + login_host: # defaults to 'localhost' + login_password: # defaults to not set + login_user: # defaults to '{{ postgresql_user }}' + login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories + port: # defaults to not set + state: # defaults to 'present' + +A list of users to ensure exist on the server. Only the `name` is required; all other properties are optional. + + postgres_users_no_log: true + +Whether to output user data (which may contain sensitive information, like passwords) when managing users. + + postgresql_version: [OS-specific] + postgresql_data_dir: [OS-specific] + postgresql_bin_path: [OS-specific] + postgresql_config_path: [OS-specific] + postgresql_daemon: [OS-specific] + postgresql_packages: [OS-specific] + +OS-specific variables that are set by include files in this role's `vars` directory. These shouldn't be overridden unless you're using a version of PostgreSQL that wasn't installed using system packages. + +## Dependencies + +None. + +## Example Playbook + + - hosts: database + become: yes + vars_files: + - vars/main.yml + roles: + - geerlingguy.postgresql + +*Inside `vars/main.yml`*: + + postgresql_databases: + - name: example_db + postgresql_users: + - name: example_user + password: supersecure + +## License + +MIT / BSD + +## Author Information + +This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.postgresql/defaults/main.yml b/roles/geerlingguy.postgresql/defaults/main.yml new file mode 100644 index 0000000..0e2d503 --- /dev/null +++ b/roles/geerlingguy.postgresql/defaults/main.yml @@ -0,0 +1,67 @@ +--- +# RHEL/CentOS only. Set a repository to use for PostgreSQL installation. +postgresql_enablerepo: "" + +# Set postgresql state when configuration changes are made. Recommended values: +# `restarted` or `reloaded` +postgresql_restarted_state: "restarted" + +postgresql_python_library: python-psycopg2 +postgresql_user: postgres +postgresql_group: postgres + +postgresql_unix_socket_directories: + - /var/run/postgresql + +postgresql_service_state: started +postgresql_service_enabled: true + +# Global configuration options that will be set in postgresql.conf. +postgresql_global_config_options: + - option: unix_socket_directories + value: '{{ postgresql_unix_socket_directories | join(",") }}' + +# Host based authentication (hba) entries to be added to the pg_hba.conf. This +# variable's defaults reflect the defaults that come with a fresh installation. +postgresql_hba_entries: + - {type: local, database: all, user: postgres, auth_method: peer} + - {type: local, database: all, user: all, auth_method: peer} + - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5} + - {type: host, database: all, user: all, address: '::1/128', auth_method: md5} + +# Debian only. Used to generate the locales used by PostgreSQL databases. +postgresql_locales: + - 'en_US.UTF-8' + +# Databases to ensure exist. +postgresql_databases: [] +# - name: exampledb # required; the rest are optional +# lc_collate: # defaults to 'en_US.UTF-8' +# lc_ctype: # defaults to 'en_US.UTF-8' +# encoding: # defaults to 'UTF-8' +# template: # defaults to 'template0' +# login_host: # defaults to 'localhost' +# login_password: # defaults to not set +# login_user: # defaults to '{{ postgresql_user }}' +# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories +# port: # defaults to not set +# owner: # defaults to postgresql_user +# state: # defaults to 'present' + +# Users to ensure exist. +postgresql_users: [] +# - name: jdoe #required; the rest are optional +# password: # defaults to not set +# encrypted: # defaults to not set +# priv: # defaults to not set +# role_attr_flags: # defaults to not set +# db: # defaults to not set +# login_host: # defaults to 'localhost' +# login_password: # defaults to not set +# login_user: # defaults to '{{ postgresql_user }}' +# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories +# port: # defaults to not set +# state: # defaults to 'present' + +# Whether to output user data when managing users. +postgres_users_no_log: true diff --git a/roles/geerlingguy.postgresql/handlers/main.yml b/roles/geerlingguy.postgresql/handlers/main.yml new file mode 100644 index 0000000..cce42b7 --- /dev/null +++ b/roles/geerlingguy.postgresql/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart postgresql + service: + name: "{{ postgresql_daemon }}" + state: "{{ postgresql_restarted_state }}" + sleep: 5 diff --git a/roles/geerlingguy.postgresql/meta/.galaxy_install_info b/roles/geerlingguy.postgresql/meta/.galaxy_install_info new file mode 100644 index 0000000..1c2ee11 --- /dev/null +++ b/roles/geerlingguy.postgresql/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Thu Oct 29 02:33:33 2020 +version: 2.2.1 diff --git a/roles/geerlingguy.postgresql/meta/main.yml b/roles/geerlingguy.postgresql/meta/main.yml new file mode 100644 index 0000000..8657722 --- /dev/null +++ b/roles/geerlingguy.postgresql/meta/main.yml @@ -0,0 +1,38 @@ +--- +dependencies: [] + +galaxy_info: + role_name: postgresql + author: geerlingguy + description: PostgreSQL server for Linux. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.8 + platforms: + - name: EL + versions: + - 6 + - 7 + - 8 + - name: Fedora + versions: + - 29 + - 30 + - 31 + - 32 + - name: Ubuntu + versions: + - xenial + - bionic + - focal + - name: Debian + versions: + - wheezy + - jessie + - stretch + - buster + galaxy_tags: + - database + - postgresql + - postgres + - rdbms diff --git a/roles/geerlingguy.postgresql/molecule/default/converge.yml b/roles/geerlingguy.postgresql/molecule/default/converge.yml new file mode 100644 index 0000000..bac2eb9 --- /dev/null +++ b/roles/geerlingguy.postgresql/molecule/default/converge.yml @@ -0,0 +1,47 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + postgresql_databases: + - name: example + postgresql_users: + - name: jdoe + + pre_tasks: + # The Fedora 30+ container images have only C.UTF-8 installed + - name: Set database locale if using Fedora 30+ or RedHat 8+ + set_fact: + postgresql_databases: + - name: example + lc_collate: 'C.UTF-8' + lc_ctype: 'C.UTF-8' + when: + - ( ansible_distribution == 'Fedora' and ansible_distribution_major_version >= '30') or + ( ansible_os_family == 'RedHat' and ansible_distribution_major_version == '8') + + - name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + changed_when: false + when: ansible_os_family == 'Debian' + + - name: Set custom variables for old CentOS 6 PostgreSQL install. + set_fact: + postgresql_hba_entries: [] + postgresql_global_config_options: + - option: unix_socket_directory + value: '{{ postgresql_unix_socket_directories[0] }}' + when: + - ansible_os_family == 'RedHat' + - ansible_distribution_version.split('.')[0] == '6' + + roles: + - role: geerlingguy.postgresql + + post_tasks: + - name: Verify postgres is running. + command: "{{ postgresql_bin_path }}/pg_ctl -D {{ postgresql_data_dir }} status" + changed_when: false + become: true + become_user: postgres diff --git a/roles/geerlingguy.postgresql/molecule/default/molecule.yml b/roles/geerlingguy.postgresql/molecule/default/molecule.yml new file mode 100644 index 0000000..2da47dd --- /dev/null +++ b/roles/geerlingguy.postgresql/molecule/default/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.postgresql/tasks/configure.yml b/roles/geerlingguy.postgresql/tasks/configure.yml new file mode 100644 index 0000000..bcbc0fb --- /dev/null +++ b/roles/geerlingguy.postgresql/tasks/configure.yml @@ -0,0 +1,28 @@ +--- +- name: Configure global settings. + lineinfile: + dest: "{{ postgresql_config_path }}/postgresql.conf" + regexp: "^#?{{ item.option }}.+$" + line: "{{ item.option }} = '{{ item.value }}'" + state: "{{ item.state | default('present') }}" + with_items: "{{ postgresql_global_config_options }}" + notify: restart postgresql + +- name: Configure host based authentication (if entries are configured). + template: + src: "pg_hba.conf.j2" + dest: "{{ postgresql_config_path }}/pg_hba.conf" + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + mode: 0600 + notify: restart postgresql + when: postgresql_hba_entries | length > 0 + +- name: Ensure PostgreSQL unix socket dirs exist. + file: + path: "{{ item }}" + state: directory + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + mode: "{{ postgresql_unix_socket_directories_mode }}" + with_items: "{{ postgresql_unix_socket_directories }}" diff --git a/roles/geerlingguy.postgresql/tasks/databases.yml b/roles/geerlingguy.postgresql/tasks/databases.yml new file mode 100644 index 0000000..e01d804 --- /dev/null +++ b/roles/geerlingguy.postgresql/tasks/databases.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure PostgreSQL databases are present. + postgresql_db: + name: "{{ item.name }}" + lc_collate: "{{ item.lc_collate | default('en_US.UTF-8') }}" + lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}" + encoding: "{{ item.encoding | default('UTF-8') }}" + template: "{{ item.template | default('template0') }}" + login_host: "{{ item.login_host | default('localhost') }}" + login_password: "{{ item.login_password | default(omit) }}" + login_user: "{{ item.login_user | default(postgresql_user) }}" + login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}" + port: "{{ item.port | default(omit) }}" + owner: "{{ item.owner | default(postgresql_user) }}" + state: "{{ item.state | default('present') }}" + with_items: "{{ postgresql_databases }}" + become: true + become_user: "{{ postgresql_user }}" + # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 + vars: + ansible_ssh_pipelining: true diff --git a/roles/geerlingguy.postgresql/tasks/initialize.yml b/roles/geerlingguy.postgresql/tasks/initialize.yml new file mode 100644 index 0000000..0183121 --- /dev/null +++ b/roles/geerlingguy.postgresql/tasks/initialize.yml @@ -0,0 +1,29 @@ +--- +- name: Set PostgreSQL environment variables. + template: + src: postgres.sh.j2 + dest: /etc/profile.d/postgres.sh + mode: 0644 + notify: restart postgresql + +- name: Ensure PostgreSQL data directory exists. + file: + path: "{{ postgresql_data_dir }}" + owner: "{{ postgresql_user }}" + group: "{{ postgresql_group }}" + state: directory + mode: 0700 + +- name: Check if PostgreSQL database is initialized. + stat: + path: "{{ postgresql_data_dir }}/PG_VERSION" + register: pgdata_dir_version + +- name: Ensure PostgreSQL database is initialized. + command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}" + when: not pgdata_dir_version.stat.exists + become: true + become_user: "{{ postgresql_user }}" + # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 + vars: + ansible_ssh_pipelining: true diff --git a/roles/geerlingguy.postgresql/tasks/main.yml b/roles/geerlingguy.postgresql/tasks/main.yml new file mode 100644 index 0000000..5d4f5fe --- /dev/null +++ b/roles/geerlingguy.postgresql/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# Variable configuration. +- include_tasks: variables.yml + +# Setup/install tasks. +- include_tasks: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- include_tasks: initialize.yml +- include_tasks: configure.yml + +- name: Ensure PostgreSQL is started and enabled on boot. + service: + name: "{{ postgresql_daemon }}" + state: "{{ postgresql_service_state }}" + enabled: "{{ postgresql_service_enabled }}" + +# Configure PostgreSQL. +- import_tasks: users.yml +- import_tasks: databases.yml diff --git a/roles/geerlingguy.postgresql/tasks/setup-Debian.yml b/roles/geerlingguy.postgresql/tasks/setup-Debian.yml new file mode 100644 index 0000000..1b54019 --- /dev/null +++ b/roles/geerlingguy.postgresql/tasks/setup-Debian.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure PostgreSQL Python libraries are installed. + apt: + name: "{{ postgresql_python_library }}" + state: present + +- name: Ensure PostgreSQL packages are installed. + apt: + name: "{{ postgresql_packages }}" + state: present + +- name: Ensure all configured locales are present. + locale_gen: "name={{ item }} state=present" + with_items: "{{ postgresql_locales }}" + register: locale_gen_result + +- name: Force-restart PostgreSQL after new locales are generated. + service: + name: "{{ postgresql_daemon }}" + state: restarted + when: locale_gen_result.changed diff --git a/roles/geerlingguy.postgresql/tasks/setup-RedHat.yml b/roles/geerlingguy.postgresql/tasks/setup-RedHat.yml new file mode 100644 index 0000000..d536bcb --- /dev/null +++ b/roles/geerlingguy.postgresql/tasks/setup-RedHat.yml @@ -0,0 +1,16 @@ +--- +- name: Ensure PostgreSQL packages are installed. + yum: + name: "{{ postgresql_packages }}" + state: present + enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}" + # Don't let postgresql-contrib cause the /usr/bin/python symlink + # to be installed, which breaks later Ansible runs on Fedora 30, + # and affects system behavior in multiple ways. + exclude: python-unversioned-command + +- name: Ensure PostgreSQL Python libraries are installed. + yum: + name: "{{ postgresql_python_library }}" + state: present + enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}" diff --git a/roles/geerlingguy.postgresql/tasks/users.yml b/roles/geerlingguy.postgresql/tasks/users.yml new file mode 100644 index 0000000..a1ae894 --- /dev/null +++ b/roles/geerlingguy.postgresql/tasks/users.yml @@ -0,0 +1,22 @@ +--- +- name: Ensure PostgreSQL users are present. + postgresql_user: + name: "{{ item.name }}" + password: "{{ item.password | default(omit) }}" + encrypted: "{{ item.encrypted | default(omit) }}" + priv: "{{ item.priv | default(omit) }}" + role_attr_flags: "{{ item.role_attr_flags | default(omit) }}" + db: "{{ item.db | default(omit) }}" + login_host: "{{ item.login_host | default('localhost') }}" + login_password: "{{ item.login_password | default(omit) }}" + login_user: "{{ item.login_user | default(postgresql_user) }}" + login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}" + port: "{{ item.port | default(omit) }}" + state: "{{ item.state | default('present') }}" + with_items: "{{ postgresql_users }}" + no_log: "{{ postgres_users_no_log }}" + become: true + become_user: "{{ postgresql_user }}" + # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 + vars: + ansible_ssh_pipelining: true diff --git a/roles/geerlingguy.postgresql/tasks/variables.yml b/roles/geerlingguy.postgresql/tasks/variables.yml new file mode 100644 index 0000000..5758972 --- /dev/null +++ b/roles/geerlingguy.postgresql/tasks/variables.yml @@ -0,0 +1,51 @@ +--- +# Variable configuration. +- name: Include OS-specific variables (Debian). + include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_os_family == 'Debian' + +- name: Include OS-specific variables (RedHat). + include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: + - ansible_os_family == 'RedHat' + - ansible_distribution != 'Fedora' + +- name: Include OS-specific variables (Fedora). + include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_distribution == 'Fedora' + +- name: Define postgresql_packages. + set_fact: + postgresql_packages: "{{ __postgresql_packages | list }}" + when: postgresql_packages is not defined + +- name: Define postgresql_version. + set_fact: + postgresql_version: "{{ __postgresql_version }}" + when: postgresql_version is not defined + +- name: Define postgresql_daemon. + set_fact: + postgresql_daemon: "{{ __postgresql_daemon }}" + when: postgresql_daemon is not defined + +- name: Define postgresql_data_dir. + set_fact: + postgresql_data_dir: "{{ __postgresql_data_dir }}" + when: postgresql_data_dir is not defined + +- name: Define postgresql_bin_path. + set_fact: + postgresql_bin_path: "{{ __postgresql_bin_path }}" + when: postgresql_bin_path is not defined + +- name: Define postgresql_config_path. + set_fact: + postgresql_config_path: "{{ __postgresql_config_path }}" + when: postgresql_config_path is not defined + +- name: Define postgresql_unix_socket_directories_mode. + set_fact: + postgresql_unix_socket_directories_mode: >- + {{ __postgresql_unix_socket_directories_mode | default('02775') }} + when: postgresql_unix_socket_directories_mode is not defined diff --git a/roles/geerlingguy.postgresql/templates/pg_hba.conf.j2 b/roles/geerlingguy.postgresql/templates/pg_hba.conf.j2 new file mode 100644 index 0000000..05cc8a0 --- /dev/null +++ b/roles/geerlingguy.postgresql/templates/pg_hba.conf.j2 @@ -0,0 +1,9 @@ +{{ ansible_managed | comment }} +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html + +{% for client in postgresql_hba_entries %} +{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }} +{% endfor %} diff --git a/roles/geerlingguy.postgresql/templates/postgres.sh.j2 b/roles/geerlingguy.postgresql/templates/postgres.sh.j2 new file mode 100644 index 0000000..7264064 --- /dev/null +++ b/roles/geerlingguy.postgresql/templates/postgres.sh.j2 @@ -0,0 +1,2 @@ +export PGDATA={{ postgresql_data_dir }} +export PATH=$PATH:{{ postgresql_bin_path }} diff --git a/roles/geerlingguy.postgresql/vars/Debian-10.yml b/roles/geerlingguy.postgresql/vars/Debian-10.yml new file mode 100644 index 0000000..d8b5103 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Debian-10.yml @@ -0,0 +1,12 @@ +--- +__postgresql_version: "11" +__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" +__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" +__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" +__postgresql_daemon: "postgresql@{{ postgresql_version }}-main" +__postgresql_packages: + - postgresql + - postgresql-contrib + - libpq-dev +# Debian 10 uses Python 3 by default. +postgresql_python_library: python3-psycopg2 diff --git a/roles/geerlingguy.postgresql/vars/Debian-7.yml b/roles/geerlingguy.postgresql/vars/Debian-7.yml new file mode 100644 index 0000000..6b933bb --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Debian-7.yml @@ -0,0 +1,10 @@ +--- +__postgresql_version: "9.1" +__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" +__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" +__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-contrib + - libpq-dev diff --git a/roles/geerlingguy.postgresql/vars/Debian-8.yml b/roles/geerlingguy.postgresql/vars/Debian-8.yml new file mode 100644 index 0000000..ec86f93 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Debian-8.yml @@ -0,0 +1,10 @@ +--- +__postgresql_version: "9.4" +__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" +__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" +__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" +__postgresql_daemon: "postgresql@{{ postgresql_version }}-main" +__postgresql_packages: + - postgresql + - postgresql-contrib + - libpq-dev diff --git a/roles/geerlingguy.postgresql/vars/Debian-9.yml b/roles/geerlingguy.postgresql/vars/Debian-9.yml new file mode 100644 index 0000000..2afb9f4 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Debian-9.yml @@ -0,0 +1,10 @@ +--- +__postgresql_version: "9.6" +__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" +__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" +__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" +__postgresql_daemon: "postgresql@{{ postgresql_version }}-main" +__postgresql_packages: + - postgresql + - postgresql-contrib + - libpq-dev diff --git a/roles/geerlingguy.postgresql/vars/Fedora-29.yml b/roles/geerlingguy.postgresql/vars/Fedora-29.yml new file mode 100644 index 0000000..4e09932 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Fedora-29.yml @@ -0,0 +1,12 @@ +--- +__postgresql_version: "10.5" +__postgresql_data_dir: "/var/lib/pgsql/data" +__postgresql_bin_path: "/usr/bin" +__postgresql_config_path: "/var/lib/pgsql/data" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-server + - postgresql-contrib + - postgresql-libs +postgresql_python_library: python2-psycopg2 diff --git a/roles/geerlingguy.postgresql/vars/Fedora-30.yml b/roles/geerlingguy.postgresql/vars/Fedora-30.yml new file mode 100644 index 0000000..d07f14b --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Fedora-30.yml @@ -0,0 +1,13 @@ +--- +__postgresql_version: "11.2" +__postgresql_data_dir: "/var/lib/pgsql/data" +__postgresql_bin_path: "/usr/bin" +__postgresql_config_path: "/var/lib/pgsql/data" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-server + - postgresql-contrib + - postgresql-libs +# Fedora 30 containers only have python3 by default +postgresql_python_library: python3-psycopg2 diff --git a/roles/geerlingguy.postgresql/vars/Fedora-31.yml b/roles/geerlingguy.postgresql/vars/Fedora-31.yml new file mode 100644 index 0000000..27a023e --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Fedora-31.yml @@ -0,0 +1,14 @@ +--- +__postgresql_version: "11.5" +__postgresql_data_dir: "/var/lib/pgsql/data" +__postgresql_bin_path: "/usr/bin" +__postgresql_config_path: "/var/lib/pgsql/data" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-server + - postgresql-contrib + - postgresql-libs +__postgresql_unix_socket_directories_mode: '0755' +# Fedora 31 containers only have python3 by default +postgresql_python_library: python3-psycopg2 diff --git a/roles/geerlingguy.postgresql/vars/Fedora-32.yml b/roles/geerlingguy.postgresql/vars/Fedora-32.yml new file mode 100644 index 0000000..6ce9d9b --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Fedora-32.yml @@ -0,0 +1,14 @@ +--- +__postgresql_version: "12.2" +__postgresql_data_dir: "/var/lib/pgsql/data" +__postgresql_bin_path: "/usr/bin" +__postgresql_config_path: "/var/lib/pgsql/data" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-server + - postgresql-contrib + - postgresql-libs +__postgresql_unix_socket_directories_mode: '0755' +# Fedora 32 containers only have python3 by default +postgresql_python_library: python3-psycopg2 diff --git a/roles/geerlingguy.postgresql/vars/RedHat-6.yml b/roles/geerlingguy.postgresql/vars/RedHat-6.yml new file mode 100644 index 0000000..8923c50 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/RedHat-6.yml @@ -0,0 +1,11 @@ +--- +__postgresql_version: "8.4" +__postgresql_data_dir: "/var/lib/pgsql/data" +__postgresql_bin_path: "/usr/bin" +__postgresql_config_path: "/var/lib/pgsql/data" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-server + - postgresql-contrib + - postgresql-libs diff --git a/roles/geerlingguy.postgresql/vars/RedHat-7.yml b/roles/geerlingguy.postgresql/vars/RedHat-7.yml new file mode 100644 index 0000000..1d5c517 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/RedHat-7.yml @@ -0,0 +1,11 @@ +--- +__postgresql_version: "9.2" +__postgresql_data_dir: "/var/lib/pgsql/data" +__postgresql_bin_path: "/usr/bin" +__postgresql_config_path: "/var/lib/pgsql/data" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-server + - postgresql-contrib + - postgresql-libs diff --git a/roles/geerlingguy.postgresql/vars/RedHat-8.yml b/roles/geerlingguy.postgresql/vars/RedHat-8.yml new file mode 100644 index 0000000..e519ea9 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/RedHat-8.yml @@ -0,0 +1,12 @@ +--- +__postgresql_version: "10" +__postgresql_data_dir: "/var/lib/pgsql/data" +__postgresql_bin_path: "/usr/bin" +__postgresql_config_path: "/var/lib/pgsql/data" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-server + - postgresql-contrib +__postgresql_unix_socket_directories_mode: '0755' +postgresql_python_library: python3-psycopg2 diff --git a/roles/geerlingguy.postgresql/vars/Ubuntu-16.yml b/roles/geerlingguy.postgresql/vars/Ubuntu-16.yml new file mode 100644 index 0000000..cf2ebb8 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Ubuntu-16.yml @@ -0,0 +1,10 @@ +--- +__postgresql_version: "9.5" +__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" +__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" +__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-contrib + - libpq-dev diff --git a/roles/geerlingguy.postgresql/vars/Ubuntu-18.yml b/roles/geerlingguy.postgresql/vars/Ubuntu-18.yml new file mode 100644 index 0000000..8136224 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Ubuntu-18.yml @@ -0,0 +1,11 @@ +--- +__postgresql_version: "10" +__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" +__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" +__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-contrib + - libpq-dev +postgresql_python_library: python3-psycopg2 diff --git a/roles/geerlingguy.postgresql/vars/Ubuntu-20.yml b/roles/geerlingguy.postgresql/vars/Ubuntu-20.yml new file mode 100644 index 0000000..9a9a065 --- /dev/null +++ b/roles/geerlingguy.postgresql/vars/Ubuntu-20.yml @@ -0,0 +1,11 @@ +--- +__postgresql_version: "12" +__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" +__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" +__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" +__postgresql_daemon: postgresql +__postgresql_packages: + - postgresql + - postgresql-contrib + - libpq-dev +postgresql_python_library: python3-psycopg2