other/Puppet: modules/website/manifests/php.pp annotate

annotate modules/website/manifests/php.pp @ 120:b00eb9434938 puppet-3.6

Disable PCRE JIT to stop SELinux giving "denied execmem" for Apache This probably hits performance slightly, but at least now we'll be able to see what happens in audit.log and it won't roll over every few hours!

author	IBBoard <dev@ibboard.co.uk>
date	Sat, 13 Aug 2016 13:44:01 +0100
parents	ef0926ee389a
children	0dd899a10ee1

rev	line source
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 class website::php(
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 $suffix = '',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	3 $opcache = undef,
69 565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	4 $extras = [],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	5 ) {
3 ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	6 File {
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	7 notify => Service['httpd'],
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 22 diff changeset	8 tag => 'website',
3 ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	9 }
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	10 Package {
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	11 notify => Service['httpd'],
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 22 diff changeset	12 tag => 'website',
3 ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	13 }
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 22 diff changeset	14 Package <\| tag == 'website' \|> -> File <\| tag == 'website' \|>
69 565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	15 define website::php::extra_php ($pkg = $title) {
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	16 package { "php${website::php::suffix}-${pkg}":
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	17 ensure => latest,
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	18 }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	19 }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	20
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	21 website::php::extra_php { $extras: }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	22
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 $packages = [ "php${suffix}", "php${suffix}-mcrypt", "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ]
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	24 package { $packages:
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	25 ensure => latest,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 file { '/etc/php.d/custom-lockdown.ini':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	28 ensure => present,
106 ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/ IBBoard <dev@ibboard.co.uk> parents: 94 diff changeset	29 content => 'allow_url_fopen = \'off\'
ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/ IBBoard <dev@ibboard.co.uk> parents: 94 diff changeset	30 expose_php = Off',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	31 }
17 5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains IBBoard <dev@ibboard.co.uk> parents: 3 diff changeset	32 file { '/etc/php.d/custom-php.ini':
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains IBBoard <dev@ibboard.co.uk> parents: 3 diff changeset	33 ensure => present,
120 b00eb9434938 Disable PCRE JIT to stop SELinux giving "denied execmem" for Apache IBBoard <dev@ibboard.co.uk> parents: 106 diff changeset	34 source => 'puppet:///modules/website/custom-php.ini',
17 5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains IBBoard <dev@ibboard.co.uk> parents: 3 diff changeset	35 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	36
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	37 if $opcache {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	38 package { "php${suffix}-${opcache}":
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	39 ensure => latest,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 notify => Service['httpd'],
22 ccca5d75111f Fix ordering of packages vs files so that config files go in afterwards IBBoard <dev@ibboard.co.uk> parents: 17 diff changeset	41 require => Package["php${suffix}"],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	42 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	43 file { '/etc/php.d/opcache.ini':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	44 ensure => present,
3 ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	45 content => 'zend_extension=/usr/lib64/php/modules/opcache.so
94 89a94c61e4d6 Reduce opcache memory usage because it doesn't use that much IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	46 opcache.memory_consumption=64',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	47 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	48 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	49 }

Mercurial > repos > other > Puppet

annotate modules/website/manifests/php.pp @ 120:b00eb9434938 puppet-3.6