Mercurial > repos > other > Puppet
annotate modules/website/manifests/php.pp @ 169:4efaba4fbe94 puppet-3.6
Expand PHP OpCache config in line with NextCloud recommendations
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Fri, 01 Sep 2017 11:36:16 +0100 |
| parents | af30a5eb468f |
| children | 89cd717361fd |
| rev | line source |
|---|---|
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 class website::php( |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 $suffix = '', |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 $opcache = undef, |
|
69
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
4 $extras = [], |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 ) { |
|
3
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
6 File { |
|
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
7 notify => Service['httpd'], |
|
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
22
diff
changeset
|
8 tag => 'website', |
|
3
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
9 } |
|
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
10 Package { |
|
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
11 notify => Service['httpd'], |
|
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
22
diff
changeset
|
12 tag => 'website', |
|
3
ea71652452e9
Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
13 } |
|
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
22
diff
changeset
|
14 Package <| tag == 'website' |> -> File <| tag == 'website' |> |
|
69
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
15 define website::php::extra_php ($pkg = $title) { |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
16 package { "php${website::php::suffix}-${pkg}": |
|
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
120
diff
changeset
|
17 ensure => installed, |
|
69
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
18 } |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
19 } |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
20 |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
21 website::php::extra_php { $extras: } |
|
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
22 |
|
149
af30a5eb468f
Remove now deprecated mcrypt extension - all scripts now use openssl
IBBoard <dev@ibboard.co.uk>
parents:
131
diff
changeset
|
23 $packages = [ "php${suffix}", "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ] |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 package { $packages: |
|
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
120
diff
changeset
|
25 ensure => installed, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 file { '/etc/php.d/custom-lockdown.ini': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 ensure => present, |
|
106
ef0926ee389a
Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents:
94
diff
changeset
|
29 content => 'allow_url_fopen = \'off\' |
|
ef0926ee389a
Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents:
94
diff
changeset
|
30 expose_php = Off', |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 } |
|
17
5ba2ddf53c29
Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents:
3
diff
changeset
|
32 file { '/etc/php.d/custom-php.ini': |
|
5ba2ddf53c29
Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents:
3
diff
changeset
|
33 ensure => present, |
|
120
b00eb9434938
Disable PCRE JIT to stop SELinux giving "denied execmem" for Apache
IBBoard <dev@ibboard.co.uk>
parents:
106
diff
changeset
|
34 source => 'puppet:///modules/website/custom-php.ini', |
|
17
5ba2ddf53c29
Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents:
3
diff
changeset
|
35 } |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
36 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 if $opcache { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 package { "php${suffix}-${opcache}": |
|
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
120
diff
changeset
|
39 ensure => installed, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 notify => Service['httpd'], |
|
22
ccca5d75111f
Fix ordering of packages vs files so that config files go in afterwards
IBBoard <dev@ibboard.co.uk>
parents:
17
diff
changeset
|
41 require => Package["php${suffix}"], |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 file { '/etc/php.d/opcache.ini': |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 ensure => present, |
|
169
4efaba4fbe94
Expand PHP OpCache config in line with NextCloud recommendations
IBBoard <dev@ibboard.co.uk>
parents:
149
diff
changeset
|
45 source => 'puppet:///modules/website/opcache.ini', |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 } |