other/Puppet: modules/website/manifests/php.pp annotate

annotate modules/website/manifests/php.pp @ 131:0dd899a10ee1 puppet-3.6

Change all "latest" packages to "installed" Having Puppet update packages is dangerous and not correct sysadmin. We have a script for checking for updates. Let that run and let the sysadmin update when appropriate. This will prevent any potential issues from faulty service restarts in the middle of the night.

author	IBBoard <dev@ibboard.co.uk>
date	Wed, 26 Oct 2016 19:40:37 +0100
parents	b00eb9434938
children	af30a5eb468f

rev	line source
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 class website::php(
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 $suffix = '',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	3 $opcache = undef,
69 565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	4 $extras = [],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	5 ) {
3 ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	6 File {
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	7 notify => Service['httpd'],
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 22 diff changeset	8 tag => 'website',
3 ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	9 }
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	10 Package {
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	11 notify => Service['httpd'],
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 22 diff changeset	12 tag => 'website',
3 ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	13 }
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 22 diff changeset	14 Package <\| tag == 'website' \|> -> File <\| tag == 'website' \|>
69 565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	15 define website::php::extra_php ($pkg = $title) {
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	16 package { "php${website::php::suffix}-${pkg}":
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 120 diff changeset	17 ensure => installed,
69 565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	18 }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	19 }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	20
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	21 website::php::extra_php { $extras: }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	22
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 $packages = [ "php${suffix}", "php${suffix}-mcrypt", "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	24 package { $packages:
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 120 diff changeset	25 ensure => installed,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 file { '/etc/php.d/custom-lockdown.ini':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	28 ensure => present,
106 ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/ IBBoard <dev@ibboard.co.uk> parents: 94 diff changeset	29 content => 'allow_url_fopen = \'off\'
ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/ IBBoard <dev@ibboard.co.uk> parents: 94 diff changeset	30 expose_php = Off',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	31 }
17 5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains IBBoard <dev@ibboard.co.uk> parents: 3 diff changeset	32 file { '/etc/php.d/custom-php.ini':
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains IBBoard <dev@ibboard.co.uk> parents: 3 diff changeset	33 ensure => present,
120 b00eb9434938 Disable PCRE JIT to stop SELinux giving "denied execmem" for Apache IBBoard <dev@ibboard.co.uk> parents: 106 diff changeset	34 source => 'puppet:///modules/website/custom-php.ini',
17 5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains IBBoard <dev@ibboard.co.uk> parents: 3 diff changeset	35 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	36
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	37 if $opcache {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	38 package { "php${suffix}-${opcache}":
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 120 diff changeset	39 ensure => installed,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 notify => Service['httpd'],
22 ccca5d75111f Fix ordering of packages vs files so that config files go in afterwards IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	41 require => Package["php${suffix}"],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	42 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	43 file { '/etc/php.d/opcache.ini':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	44 ensure => present,
3 ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	45 content => 'zend_extension=/usr/lib64/php/modules/opcache.so
94 89a94c61e4d6 Reduce opcache memory usage because it doesn't use that much IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	46 opcache.memory_consumption=64',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	47 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	48 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	49 }

Mercurial > repos > other > Puppet

annotate modules/website/manifests/php.pp @ 131:0dd899a10ee1 puppet-3.6