Mercurial > repos > other > Puppet

view modules/website/manifests/php.pp @ 106:ef0926ee389a puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Lock down Apache headers for security, based on https://securityheaders.io/
author IBBoard <dev@ibboard.co.uk>
date Sat, 14 May 2016 17:10:10 +0100
parents 89a94c61e4d6
children b00eb9434938
line wrap: on
line source

class website::php(
    $suffix = '',
    $opcache = undef,
    $extras = [],
    ) {
  File {
      notify => Service['httpd'],
      tag => 'website',
  }
  Package {
      notify => Service['httpd'],
      tag => 'website',
  }
  Package <| tag == 'website' |> -> File <| tag == 'website' |>
  define website::php::extra_php ($pkg = $title) {
    package { "php${website::php::suffix}-${pkg}":
      ensure => latest,
    }
  }

  website::php::extra_php { $extras: }

  $packages = [ "php${suffix}", "php${suffix}-mcrypt", "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ]
  package { $packages:
    ensure => latest,
  }
  file { '/etc/php.d/custom-lockdown.ini':
    ensure => present,
    content => 'allow_url_fopen = \'off\'
    expose_php = Off',
  }
  file { '/etc/php.d/custom-php.ini':
    ensure => present,
    content => 'default_charset = \'UTF-8\'',
  }

  if $opcache {
    package { "php${suffix}-${opcache}":
      ensure => latest,
      notify => Service['httpd'],
      require => Package["php${suffix}"],
    }
    file { '/etc/php.d/opcache.ini':
      ensure => present,
      content => 'zend_extension=/usr/lib64/php/modules/opcache.so
opcache.memory_consumption=64',
    }
  }
}