Mercurial > repos > other > Puppet

class website::php(
    $suffix = '',
    $module = undef,
    $extras = [],
    ) {
  if $osfamily == 'RedHat' {
    $listener_user = 'apache'
    $listener_group = 'apache'
    # Work around SELinux "denied execmem" warnings from preg_match JITing
    $pcre_jit = 0
  }
  else {
    $listener_user = 'www-data'
    $listener_group = 'www-data'
    $pcre_jit = 1
  }
  class { '::php':
    ensure => present,
    manage_repos => false,
    fpm => true,
    fpm_pools => {
      'www' => {
        'listen' => '/run/php-fpm/www.sock',
        'listen_owner' => $listener_user,
        'listen_group' => $listener_group,
        'slowlog' => '/var/log/php-fpm/www-slow.log',
        'security_limit_extensions' => ['.php', '.html'],
        'php_admin_value' => {
          'memory_limit' => '256M',
        },
        'php_value' => {
#          'session.save_path' => '/var/lib/php/session' # Ubuntu uses plural, CentOS uses singular
        },
      },
    },
    dev => false,
    composer => false,
    pear => false,
    settings => {
      'PHP/default_charset' => 'UTF-8',
      'PHP/pcre.jit' => $pcre_jit,
      # Space isn't scarce these days - increase default sizes
      'PHP/upload_max_filesize' => "8M",
      'PHP/post_max_size' => "8M",
      'Data/date.timezone' => 'UTC',
    },
    extensions => {
      gd => {},
      mbstring => {},
      opcache => {
        settings => {
          'zend_extension' => 'opcache.so',
          'opcache.enable' => 1,
          'opcache.enable_cli' => 1,
          'opcache.interned_strings_buffer' => 8,
          'opcache.max_accelerated_files' => 10000,
          'opcache.memory_consumption' => 128,
          'opcache.save_comments' => 1,
          'opcache.revalidate_freq' => 1,
        }
      },
      xml => {},
    },
  }
  apache::custom_config { "php.conf":
    ensure => present,
    source => "puppet:///modules/website/php.conf"
  }
  class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:}

  $extras.each |String $extra| {
    ::php::extension { $extra:
      ensure => present
    }
  }

if false {
  Package <| tag == 'php-package' |> -> File <| tag == 'php-file' |> ~> Service['php-fpm'] ~> Service['httpd']

  $php_core = ($module != undef) ? { true => "php", default => "php${suffix}" }

  package { $php_core:
    provider => ($module != undef) ? { true => 'dnfmodule', default => undef },
    ensure => ($module != undef) ? { true => $module, default => installed },
    tag => 'php-package',
  }

  if $osfamily == 'RedHat' {
    $php_conf_dir = '/etc/php.d/'
    $php_fpm_conf_dir = '/etc/php-fpm.d/'
    $mod_fcgid_package = 'mod_fcgid'
  }
  elsif $osfamily == 'Debian' {
    # FIXME: This hard-codes the version number, which isn't great
    $php_conf_dir = '/etc/php/7.4/fpm/conf.d/'
    $php_fpm_conf_dir = $php_conf_dir
    $mod_fcgid_package = 'libapache2-mod-fcgid'
  }

  package { $mod_fcgid_package:
    ensure => installed,
  }
  class { ['apache::mod::proxy', 'apache::mod::proxy_fcgi']:}

  $packages = [ "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd", "php${suffix}-fpm" ]
  package { $packages:
    ensure => installed,
    tag => 'php-package',
  }

  service { 'php-fpm':
    ensure => 'running',
    enable => true,
  }

  website::php::extra { $extras: }

  file { '/etc/php.d/datetime.ini':
    ensure => present,
    source => "puppet:///modules/website/datetime.ini",
    require => Class['apache'],
    notify => Service['httpd'];
  }
  file { '/etc/php-fpm.d/www.conf':
    ensure => present,
    source => 'puppet:///modules/website/php-fpm-www.conf',
    tag => 'php-file',
  }
  file { '/etc/php.d/custom-lockdown.ini':
    ensure => present,
    content => 'allow_url_fopen = \'off\'
    expose_php = Off',
    tag => 'php-file',
  }
  file { '/etc/php.d/custom-php.ini':
    ensure => present,
    source => 'puppet:///modules/website/custom-php.ini',
    tag => 'php-file',
  }

  package { "php${suffix}-opcache":
    ensure => installed,
    require => Package[$php_core],
    tag => 'php-package',
  }
  # Use Remi's (and the OS's) naming convention
  file { '/etc/php.d/opcache.ini':
    ensure => absent,
  }
  file { '/etc/php.d/10-opcache.ini':
    ensure => present,
    source => "puppet:///modules/website/opcache.ini",
    tag => 'php-file',
  }
}
}
author	IBBoard <dev@ibboard.co.uk>
date	Mon, 03 Jan 2022 18:37:16 +0000
parents	ff228d581972
children	2c6065b5be5e