Mercurial > repos > other > Puppet

annotate modules/website/manifests/php.pp @ 357:ff228d581972

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Reconfigure PHP-FPM to run from a Unix socket
author IBBoard <dev@ibboard.co.uk>
date Sat, 03 Oct 2020 19:33:11 +0100
parents aad5c00b0525
children df5ad1612af7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 class website::php(
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 $suffix = '',
320
99e3ca448d55 Fix Remi PHP on CentOS 8
IBBoard <dev@ibboard.co.uk>
parents: 246
diff changeset
3 $module = undef,
69
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
4 $extras = [],
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 ) {
354
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
6 Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['php-fpm'] ~> Service['httpd']
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
7
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
8 $php_core = ($module != undef) ? { true => "php", default => "php${suffix}" }
69
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
9
354
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
10 package { $php_core:
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
11 provider => ($module != undef) ? { true => 'dnfmodule', default => undef },
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
12 ensure => ($module != undef) ? { true => $module, default => installed },
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
13 tag => 'php-package',
179
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
14 }
89cd717361fd Swap to PHP 7.2, since 7.0 is EOL now
IBBoard <dev@ibboard.co.uk>
parents: 169
diff changeset
15
354
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
16 package { 'mod_fcgid':
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
17 ensure => installed,
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
18 }
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
19 class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:}
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
20
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
21 $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd", "php${suffix}-fpm" ]
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
22 package { $packages:
131
0dd899a10ee1 Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents: 120
diff changeset
23 ensure => installed,
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
24 tag => 'php-package',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25 }
343
0d263bcbbfe9 Make sure PHP-FPM service isn't running
IBBoard <dev@ibboard.co.uk>
parents: 321
diff changeset
26
0d263bcbbfe9 Make sure PHP-FPM service isn't running
IBBoard <dev@ibboard.co.uk>
parents: 321
diff changeset
27 service { 'php-fpm':
354
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
28 ensure => 'running',
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
29 enable => true,
343
0d263bcbbfe9 Make sure PHP-FPM service isn't running
IBBoard <dev@ibboard.co.uk>
parents: 321
diff changeset
30 }
354
aad5c00b0525 Switch to Apache "events" and PHP via FCGI
IBBoard <dev@ibboard.co.uk>
parents: 350
diff changeset
31
321
cd1bcc06f09c Actually install extra PHP packages
IBBoard <dev@ibboard.co.uk>
parents: 320
diff changeset
32 website::php::extra { $extras: }
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
33
357
ff228d581972 Reconfigure PHP-FPM to run from a Unix socket
IBBoard <dev@ibboard.co.uk>
parents: 354
diff changeset
34 file { '/etc/php-fpm.d/www.conf':
ff228d581972 Reconfigure PHP-FPM to run from a Unix socket
IBBoard <dev@ibboard.co.uk>
parents: 354
diff changeset
35 ensure => present,
ff228d581972 Reconfigure PHP-FPM to run from a Unix socket
IBBoard <dev@ibboard.co.uk>
parents: 354
diff changeset
36 source => 'puppet:///modules/website/php-fpm-www.conf',
ff228d581972 Reconfigure PHP-FPM to run from a Unix socket
IBBoard <dev@ibboard.co.uk>
parents: 354
diff changeset
37 tag => 'php-file',
ff228d581972 Reconfigure PHP-FPM to run from a Unix socket
IBBoard <dev@ibboard.co.uk>
parents: 354
diff changeset
38 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39 file { '/etc/php.d/custom-lockdown.ini':
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
40 ensure => present,
106
ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents: 94
diff changeset
41 content => 'allow_url_fopen = \'off\'
ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents: 94
diff changeset
42 expose_php = Off',
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
43 tag => 'php-file',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
44 }
17
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
45 file { '/etc/php.d/custom-php.ini':
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
46 ensure => present,
120
b00eb9434938 Disable PCRE JIT to stop SELinux giving "denied execmem" for Apache
IBBoard <dev@ibboard.co.uk>
parents: 106
diff changeset
47 source => 'puppet:///modules/website/custom-php.ini',
246
c3fa3d65aa83 Update configs for Puppet 6
IBBoard <dev@ibboard.co.uk>
parents: 240
diff changeset
48 tag => 'php-file',
17
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
49 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
50
350
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
51 package { "php${suffix}-opcache":
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
52 ensure => installed,
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
53 require => Package[$php_core],
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
54 tag => 'php-package',
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
55 }
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
56 # Use Remi's (and the OS's) naming convention
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
57 file { '/etc/php.d/opcache.ini':
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
58 ensure => absent,
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
59 }
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
60 file { '/etc/php.d/10-opcache.ini':
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
61 ensure => present,
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
62 source => "puppet:///modules/website/opcache.ini",
85d2c0079af9 Make opcache core and add APCu for object caching
IBBoard <dev@ibboard.co.uk>
parents: 344
diff changeset
63 tag => 'php-file',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
64 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
65 }