Rewrite PHP configuration to be compatible with Debian Jessie

roles/webserver/defaults/main.yml

@@ -3,13 +3,15 @@
 #
 
 with_apache2: False
-with_apache2_modphp5: False
 
 with_nginx: False
 # nginx_workers ~= $(getconf _NPROCESSORS_ONLN)
 nginx_workers: 2
 nginx_ssl_strengthened: False
 
+
+with_modphp5: False
+
 with_fpm: False
 fpm_pool_count: 1
 fpm_user: 'www-data'
@@ -26,27 +28,18 @@ with_php_lt_54: False
 phpsyscheck_vhostname: sys.localhost
 
 php_config:
-  - key: 'date.timezone'
-    value: 'Europe/Paris'
-  - key: 'short_open_tag'
-    value: 'off'
-  - key: 'expose_php'
-    value: 'off'
+  date.timezone: 'Europe/Paris'
+  short_open_tag: 'off'
+  expose_php: 'off'
 
 php_config_web:
-  - key: 'display_errors'
-    value : 'off'
-  - key: 'display_startup_errors'
-    value: 'off'
-  - key: 'log_errors'
-    value: 'on'
-  - key: 'html_errors'
-    value: 'off'
-  - key: 'cgi.fix_pathinfo'
-    value: '0'
+  display_errors: 'off'
+  display_startup_errors: 'off'
+  log_errors: 'on'
+  html_errors: 'off'
+  cgi.fix_pathinfo: '0'
 # Set with /etc/default/php5-fpm (see https://bugs.php.net/bug.php?id=66239)
-#  - key: 'error_log'
-#    value: 'syslog'
+#  error_log: 'syslog'
 
 with_php_apc: False
 

roles/webserver/tasks/apache2.yml

@@ -8,10 +8,6 @@
     - Reload apache2
   when: with_apache2
 
-- name: Install mod_php5 packages for apache2
-  apt: pkg=libapache2-mod-php5 state=installed update_cache=yes
-  when: with_apache2 and with_apache2_modphp5
-
 - name: Create basic authentication file for admin (apache2)
   template: src=apache2/auth_admin.j2 dest=/etc/apache2/auth_admin owner=root group=www-data mode=0640
   when: with_apache2

roles/webserver/tasks/php.yml

@@ -22,9 +22,21 @@
       - Reload rsyslog for php
   when: with_php and with_fpm
 
-- name: Install local PHP configuration
-  template: src=php/php-config.ini.j2 dest=/etc/php5/conf.d/99-local-config.ini owner=root group=root mode=0644
-  when: with_php
+- name: Install local PHP configuration overrides for php5-cli (Debian >= 8)
+  template: src=php/php-config-cli.ini.j2 dest=/etc/php5/cli/conf.d/99-local-config.ini owner=root group=root mode=0644
+  when: with_php and ansible_lsb.major_release|int >= 8
+
+- name: Install mod_php5 packages for apache2
+  apt: pkg=libapache2-mod-php5 state=installed update_cache=yes
+  when: with_modphp5
+
+- name: Install local PHP configuration (Debian < 8)
+  template: src=php/php-config-web.ini.j2 dest=/etc/php5/conf.d/99-local-config.ini owner=root group=root mode=0644
+  when: with_modphp5 and ansible_lsb.major_release|int < 8
+
+- name: Install local PHP apache2 configuration (Debian >= 8)
+  template: src=php/php-config-web.ini.j2 dest=/etc/php5/apache2/conf.d/99-local-config.ini owner=root group=root mode=0644
+  when: with_modphp5 and ansible_lsb.major_release|int >= 8
 
 - name: Create system checks directory /etc/php5/syscheck.d
   file: path=/etc/php5/syscheck.d owner=root group=root mode=0755 state=directory
@@ -64,12 +76,28 @@
       - Restart php5-fpm
   when: with_fpm
 
-- name: Install php5-fpm configuration file
-  template: src=fpm/php-fpm-custom.conf.j2 dest=/etc/php5/fpm/php-fpm-custom.conf owner=root group=root mode=0644
+- name: Configure php5-fpm
+  lineinfile: dest=/etc/php5/fpm/php-fpm.conf regexp="^{{item.key}}\s*=.*$" line="{{item.key}} = {{item.value}}" insertafter="^;{{item.key}}"
+  with_items:
+    - { key: 'error_log', value: 'syslog' }
+    - { key: 'log_level', value: 'warning' }
+    - { key: 'emergency_restart_threshold', value: '100' }
+    - { key: 'emergency_restart_interval', value: '5s' }
+    - { key: 'rlimit_files', value: '262144' }
+    - { key: 'events.mechanism', value: 'epoll' }
+    - { key: 'include', value: '/etc/php5/fpm/pool.d/local-pool.cnf' }
+  when: with_fpm
+
+- name: Install php5-fpm pools configuration file
+  template: src=fpm/php-fpm-pools.conf.j2 dest=/etc/php5/fpm/pool.d/local-pool.cnf owner=root group=root mode=0644
   notify:
       - Restart php5-fpm
   when: with_fpm
 
+- name: Install local PHP configuration overrides for php5-fpm (Debian >= 8)
+  template: src=php/php-config-web.ini.j2 dest=/etc/php5/fpm/conf.d/99-local-config.ini owner=root group=root mode=0644
+  when: with_fpm and ansible_lsb.major_release|int >= 8
+
 - name: Install nginx config files for php5-fpm (fpm servers pool)
   template: src=fpm/nginx/fpm-pool.conf.j2 dest=/etc/nginx/conf.d/fpm-pool.conf owner=root group=root mode=0644
   notify:

roles/webserver/templates/fpm/default.j2

@@ -5,4 +5,4 @@
 #
 # fpm default file for php5-fpm init script
 #
-DAEMON_ARGS="--fpm-config /etc/php5/fpm/php-fpm-custom.conf --define error_log=syslog"
+DAEMON_ARGS="--fpm-config /etc/php5/fpm/php-fpm.conf --define error_log=syslog"

roles/webserver/templates/fpm/php-fpm-custom.conf.j2 → roles/webserver/templates/fpm/php-fpm-pools.conf.j2

@@ -2,105 +2,9 @@
 {% from 'templates/ansible/prolog.j2' import prolog with context %}
 {{ prolog() }}
 {% endif -%}
-;;;;;;;;;;;;;;;;;;;;;
-; FPM Configuration ;
-;;;;;;;;;;;;;;;;;;;;;
-
-; All relative paths in this configuration file are relative to PHP's install
-; prefix (/usr). This prefix can be dynamicaly changed by using the
-; '-p' argument from the command line.
-
-; Include one or more files. If glob(3) exists, it is used to include a bunch of
-; files from a glob(3) pattern. This directive can be used everywhere in the
-; file.
-; Relative path can also be used. They will be prefixed by:
-;  - the global prefix if it's been set (-p arguement)
-;  - /usr otherwise
-;include=/etc/php5/fpm/*.conf
-
-;;;;;;;;;;;;;;;;;;
-; Global Options ;
-;;;;;;;;;;;;;;;;;;
-
-[global]
-; Pid file
-; Note: the default prefix is /var
-; Default Value: none
-pid = /var/run/php5-fpm-custom.pid
-
-; Error log file
-; If it's set to "syslog", log is sent to syslogd instead of being written
-; in a local file.
-; Note: the default prefix is /var
-; Default Value: log/php-fpm.log
-error_log = syslog
-
-; syslog_facility is used to specify what type of program is logging the
-; message. This lets syslogd specify that messages from different facilities
-; will be handled differently.
-; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
-; Default Value: daemon
-;syslog.facility = daemon
-
-; syslog_ident is prepended to every message. If you have multiple FPM
-; instances running on the same server, you can change the default value
-; which must suit common needs.
-; Default Value: php-fpm
-;syslog.ident = php-fpm
-
-; Log level
-; Possible Values: alert, error, warning, notice, debug
-; Default Value: notice
-log_level = warning
-
-; If this number of child processes exit with SIGSEGV or SIGBUS within the time
-; interval set by emergency_restart_interval then FPM will restart. A value
-; of '0' means 'Off'.
-; Default Value: 0
-emergency_restart_threshold = 100
-
-; Interval of time used by emergency_restart_interval to determine when·
-; a graceful restart will be initiated.  This can be useful to work around
-; accidental corruptions in an accelerator's shared memory.
-; Available Units: s(econds), m(inutes), h(ours), or d(ays)
-; Default Unit: seconds
-; Default Value: 0
-emergency_restart_interval = 5s
-
-; Time limit for child processes to wait for a reaction on signals from master.
-; Available units: s(econds), m(inutes), h(ours), or d(ays)
-; Default Unit: seconds
-; Default Value: 0
-;process_control_timeout = 0
-
-; The maximum number of processes FPM will fork. This has been design to control
-; the global number of processes when using dynamic PM within a lot of pools.
-; Use it with caution.
-; Note: A value of 0 indicates no limit
-; Default Value: 0
-; process.max = 128
-
-; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
-; Default Value: yes
-;daemonize = yes
-
-; Set open file descriptor rlimit for the master process.
-; Default Value: system defined value
-rlimit_files = 262144
-
-; Specify the event mechanism FPM will use. The following is available:
-; - select     (any POSIX os)
-; - poll       (any POSIX os)
-; - epoll      (linux >= 2.5.44)
-; - kqueue     (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
-; - /dev/poll  (Solaris >= 7)
-; - port       (Solaris >= 10)
-; Default Value: not set (auto detection)
-events.mechanism = epoll
-
-;;;;;;;;;;;;;;;;;;;;
-; Pool Definitions ;·
-;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;
+; FPM Pool Definitions ;·
+;;;;;;;;;;;;;;;;;;;;;;;;
 
 ; Multiple pools of child processes may be started with different listening
 ; ports and different management options.  The name of the pool will be
@@ -494,21 +398,15 @@ catch_workers_output = yes
 ;php_admin_value[error_log] = /var/log/fpm-php.www.log
 ;php_admin_flag[log_errors] = on
 ;php_admin_value[memory_limit] = 32M
-{% if php_config_web is defined %}
-{% for param in php_config_web %}
-{% if param.value == "on" or param.value == "On" or param.value == "off" or param.value == "Off" %}
-php_admin_flag[{{ param.key }}] = {{ param.value }}
-{% else %}
-php_admin_value[{{ param.key }}] = {{ param.value }}
-{% endif %}
-{% endfor %}
-{% endif %}
+{% if ansible_lsb.major_release|int < 8 %}
 {% if php_local_config_web is defined %}
-{% for param in php_local_config_web %}
-{% if param.value == "on" or param.value == "On" or param.value == "off" or param.value == "Off" %}
-php_admin_flag[{{ param.key }}] = {{ param.value }}
+{% set _dummy = php_config_web.update(php_local_config_web) %}
+{% endif %}
+{% for key in php_config_web %}
+{% if php_config_web[key] == "on" or php_config_web[key] == "On" or php_config_web[key] == "off" or php_config_web[key] == "Off" %}
+php_admin_flag[{{ key }}] = {{ php_config_web[key] }}
 {% else %}
-php_admin_value[{{ param.key }}] = {{ param.value }}
+php_admin_value[{{ key }}] = {{ php_config_web[key] }}
 {% endif %}
 {% endfor %}
 {% endif %}

roles/webserver/templates/php/apc.php

@@ -5,5 +5,15 @@
 {% endif -%}
 
 define('USE_AUTHENTICATION', 0);
-require_once '/usr/share/doc/php-apc/apc.php';
+
+$files = array('/usr/share/doc/php5-apcu/apc.php', '/usr/share/doc/php-apc/apc.php');
+
+foreach($files as $file) {
+    if (file_exists($file)) {
+        require_once $file;
+        exit(0);
+    }
+}
+
+die("Unable to find APC control file");
 ?>

roles/webserver/templates/php/php-config-cli.ini.j2

@@ -0,0 +1,13 @@
+{% if ansible_prolog -%}
+{% from 'templates/ansible/prolog.j2' import prolog with context %}
+{{ prolog(';') }}
+{% endif -%}
+;
+; local PHP configuration overrides for php-cli
+;
+{% if php_local_config is defined %}
+{% set _dummy = php_config.update(php_local_config) %}
+{% endif %}
+{% for key in php_config %}
+{{ key }} = {{ php_config[key] }}
+{% endfor %}

roles/webserver/templates/php/php-config-web.ini.j2

@@ -0,0 +1,19 @@
+{% if ansible_prolog -%}
+{% from 'templates/ansible/prolog.j2' import prolog with context %}
+{{ prolog(';') }}
+{% endif -%}
+;
+; local PHP configuration override for apache2
+;
+{% if php_local_config is defined %}
+{% set _dummy = php_config.update(php_local_config) %}
+{% endif %}
+{% if php_config_web is defined %}
+{% set _dummy = php_config.update(php_config_web) %}
+{% endif %}
+{% if php_local_config_web is defined %}
+{% set _dummy = php_config.update(php_local_config_web) %}
+{% endif %}
+{% for key in php_config %}
+{{ key }} = {{ php_config[key] }}
+{% endfor %}