other/Puppet: modules/website/manifests/php.pp comparison

comparison modules/website/manifests/php.pp @ 390:df5ad1612af7

Adapt configs to support Ubuntu This is prep for running a VPS on a Mythic Beasts Raspberry Pi * Switch paths where necessary * Add optional modules that only apply on some OSes * Change usernames and groups * Don't do RPM-based stuff in Ubuntu * Switch to using some of the new modules

author	IBBoard <dev@ibboard.co.uk>
date	Mon, 03 Jan 2022 18:37:16 +0000
parents	ff228d581972
children	2c6065b5be5e

comparison

equal deleted inserted replaced

-:668df4711671
+:df5ad1612af7
 class website::php(
 $suffix = '',
 $module = undef,
 $extras = [],
 ) {
+if $osfamily == 'RedHat' {
+$listener_user = 'apache'
+$listener_group = 'apache'
+# Work around SELinux "denied execmem" warnings from preg_match JITing
+$pcre_jit = 0
+}
+else {
+$listener_user = 'www-data'
+$listener_group = 'www-data'
+$pcre_jit = 1
+}
+class { '::php':
+ensure => present,
+manage_repos => false,
+fpm => true,
+fpm_pools => {
+'www' => {
+'listen' => '/run/php-fpm/www.sock',
+'listen_owner' => $listener_user,
+'listen_group' => $listener_group,
+'slowlog' => '/var/log/php-fpm/www-slow.log',
+'security_limit_extensions' => ['.php', '.html'],
+'php_admin_value' => {
+'memory_limit' => '256M',
+},
+'php_value' => {
+#          'session.save_path' => '/var/lib/php/session' # Ubuntu uses plural, CentOS uses singular
+},
+},
+},
+dev => false,
+composer => false,
+pear => false,
+settings => {
+'PHP/default_charset' => 'UTF-8',
+'PHP/pcre.jit' => $pcre_jit,
+# Space isn't scarce these days - increase default sizes
+'PHP/upload_max_filesize' => "8M",
+'PHP/post_max_size' => "8M",
+'Data/date.timezone' => 'UTC',
+},
+extensions => {
+gd => {},
+mbstring => {},
+opcache => {
+settings => {
+'zend_extension' => 'opcache.so',
+'opcache.enable' => 1,
+'opcache.enable_cli' => 1,
+'opcache.interned_strings_buffer' => 8,
+'opcache.max_accelerated_files' => 10000,
+'opcache.memory_consumption' => 128,
+'opcache.save_comments' => 1,
+'opcache.revalidate_freq' => 1,
+}
+},
+xml => {},
+},
+}
+apache::custom_config { "php.conf":
+ensure => present,
+source => "puppet:///modules/website/php.conf"
+}
+class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:}
+$extras.each |String $extra| {
+::php::extension { $extra:
+ensure => present
+}
+}
+if false {
 Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['php-fpm'] ~> Service['httpd']
 $php_core = ($module != undef) ? { true => "php", default => "php${suffix}" }
 package { $php_core:
 provider => ($module != undef) ? { true => 'dnfmodule', default => undef },
 ensure => ($module != undef) ? { true => $module, default => installed },
 tag => 'php-package',
 }
-package { 'mod_fcgid':
+if $osfamily == 'RedHat' {
+$php_conf_dir = '/etc/php.d/'
+$php_fpm_conf_dir = '/etc/php-fpm.d/'
+$mod_fcgid_package = 'mod_fcgid'
+}
+elsif $osfamily == 'Debian' {
+# FIXME: This hard-codes the version number, which isn't great
+$php_conf_dir = '/etc/php/7.4/fpm/conf.d/'
+$php_fpm_conf_dir = $php_conf_dir
+$mod_fcgid_package = 'libapache2-mod-fcgid'
+}
+package { $mod_fcgid_package:
 ensure => installed,
 }
 class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:}
 $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd", "php${suffix}-fpm" ]
 enable => true,
 }
 website::php::extra { $extras: }
+file { '/etc/php.d/datetime.ini':
+ensure => present,
+source => "puppet:///modules/website/datetime.ini",
+require => Class['apache'],
+notify => Service['httpd'];
+}
 file { '/etc/php-fpm.d/www.conf':
 ensure => present,
 source => 'puppet:///modules/website/php-fpm-www.conf',
 tag => 'php-file',
 }
 ensure => present,
 source => "puppet:///modules/website/opcache.ini",
 tag => 'php-file',
 }
 }
+}

Mercurial > repos > other > Puppet

comparison modules/website/manifests/php.pp @ 390:df5ad1612af7