Mercurial > repos > other > Puppet
comparison modules/website/manifests/php.pp @ 390:df5ad1612af7
Adapt configs to support Ubuntu
This is prep for running a VPS on a Mythic Beasts Raspberry Pi
* Switch paths where necessary
* Add optional modules that only apply on some OSes
* Change usernames and groups
* Don't do RPM-based stuff in Ubuntu
* Switch to using some of the new modules
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Mon, 03 Jan 2022 18:37:16 +0000 |
parents | ff228d581972 |
children | 2c6065b5be5e |
comparison
equal
deleted
inserted
replaced
389:668df4711671 | 390:df5ad1612af7 |
---|---|
1 class website::php( | 1 class website::php( |
2 $suffix = '', | 2 $suffix = '', |
3 $module = undef, | 3 $module = undef, |
4 $extras = [], | 4 $extras = [], |
5 ) { | 5 ) { |
6 if $osfamily == 'RedHat' { | |
7 $listener_user = 'apache' | |
8 $listener_group = 'apache' | |
9 # Work around SELinux "denied execmem" warnings from preg_match JITing | |
10 $pcre_jit = 0 | |
11 } | |
12 else { | |
13 $listener_user = 'www-data' | |
14 $listener_group = 'www-data' | |
15 $pcre_jit = 1 | |
16 } | |
17 class { '::php': | |
18 ensure => present, | |
19 manage_repos => false, | |
20 fpm => true, | |
21 fpm_pools => { | |
22 'www' => { | |
23 'listen' => '/run/php-fpm/www.sock', | |
24 'listen_owner' => $listener_user, | |
25 'listen_group' => $listener_group, | |
26 'slowlog' => '/var/log/php-fpm/www-slow.log', | |
27 'security_limit_extensions' => ['.php', '.html'], | |
28 'php_admin_value' => { | |
29 'memory_limit' => '256M', | |
30 }, | |
31 'php_value' => { | |
32 # 'session.save_path' => '/var/lib/php/session' # Ubuntu uses plural, CentOS uses singular | |
33 }, | |
34 }, | |
35 }, | |
36 dev => false, | |
37 composer => false, | |
38 pear => false, | |
39 settings => { | |
40 'PHP/default_charset' => 'UTF-8', | |
41 'PHP/pcre.jit' => $pcre_jit, | |
42 # Space isn't scarce these days - increase default sizes | |
43 'PHP/upload_max_filesize' => "8M", | |
44 'PHP/post_max_size' => "8M", | |
45 'Data/date.timezone' => 'UTC', | |
46 }, | |
47 extensions => { | |
48 gd => {}, | |
49 mbstring => {}, | |
50 opcache => { | |
51 settings => { | |
52 'zend_extension' => 'opcache.so', | |
53 'opcache.enable' => 1, | |
54 'opcache.enable_cli' => 1, | |
55 'opcache.interned_strings_buffer' => 8, | |
56 'opcache.max_accelerated_files' => 10000, | |
57 'opcache.memory_consumption' => 128, | |
58 'opcache.save_comments' => 1, | |
59 'opcache.revalidate_freq' => 1, | |
60 } | |
61 }, | |
62 xml => {}, | |
63 }, | |
64 } | |
65 apache::custom_config { "php.conf": | |
66 ensure => present, | |
67 source => "puppet:///modules/website/php.conf" | |
68 } | |
69 class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:} | |
70 | |
71 $extras.each |String $extra| { | |
72 ::php::extension { $extra: | |
73 ensure => present | |
74 } | |
75 } | |
76 | |
77 if false { | |
6 Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['php-fpm'] ~> Service['httpd'] | 78 Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['php-fpm'] ~> Service['httpd'] |
7 | 79 |
8 $php_core = ($module != undef) ? { true => "php", default => "php${suffix}" } | 80 $php_core = ($module != undef) ? { true => "php", default => "php${suffix}" } |
9 | 81 |
10 package { $php_core: | 82 package { $php_core: |
11 provider => ($module != undef) ? { true => 'dnfmodule', default => undef }, | 83 provider => ($module != undef) ? { true => 'dnfmodule', default => undef }, |
12 ensure => ($module != undef) ? { true => $module, default => installed }, | 84 ensure => ($module != undef) ? { true => $module, default => installed }, |
13 tag => 'php-package', | 85 tag => 'php-package', |
14 } | 86 } |
15 | 87 |
16 package { 'mod_fcgid': | 88 if $osfamily == 'RedHat' { |
89 $php_conf_dir = '/etc/php.d/' | |
90 $php_fpm_conf_dir = '/etc/php-fpm.d/' | |
91 $mod_fcgid_package = 'mod_fcgid' | |
92 } | |
93 elsif $osfamily == 'Debian' { | |
94 # FIXME: This hard-codes the version number, which isn't great | |
95 $php_conf_dir = '/etc/php/7.4/fpm/conf.d/' | |
96 $php_fpm_conf_dir = $php_conf_dir | |
97 $mod_fcgid_package = 'libapache2-mod-fcgid' | |
98 } | |
99 | |
100 package { $mod_fcgid_package: | |
17 ensure => installed, | 101 ensure => installed, |
18 } | 102 } |
19 class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:} | 103 class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:} |
20 | 104 |
21 $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd", "php${suffix}-fpm" ] | 105 $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd", "php${suffix}-fpm" ] |
29 enable => true, | 113 enable => true, |
30 } | 114 } |
31 | 115 |
32 website::php::extra { $extras: } | 116 website::php::extra { $extras: } |
33 | 117 |
118 file { '/etc/php.d/datetime.ini': | |
119 ensure => present, | |
120 source => "puppet:///modules/website/datetime.ini", | |
121 require => Class['apache'], | |
122 notify => Service['httpd']; | |
123 } | |
34 file { '/etc/php-fpm.d/www.conf': | 124 file { '/etc/php-fpm.d/www.conf': |
35 ensure => present, | 125 ensure => present, |
36 source => 'puppet:///modules/website/php-fpm-www.conf', | 126 source => 'puppet:///modules/website/php-fpm-www.conf', |
37 tag => 'php-file', | 127 tag => 'php-file', |
38 } | 128 } |
61 ensure => present, | 151 ensure => present, |
62 source => "puppet:///modules/website/opcache.ini", | 152 source => "puppet:///modules/website/opcache.ini", |
63 tag => 'php-file', | 153 tag => 'php-file', |
64 } | 154 } |
65 } | 155 } |
156 } |