diff --git a/README.md b/README.md index f37e45f..20afd11 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,10 @@ This project includes a bash script "guest_ansible.sh" for executing development * npm-clean - Clean node_modules directory * npm-install - Execute npm install for analysis tools +## Upgrading external Ansible roles + +To upgrade the external Ansible roles used for installing PHP, MySQL, Apache, and RVM, run `ansible-galaxy install -r ansible/requirements.yml -p ansible/roles/ --force`. + ## NOTICE This project is not intended for production use at this time. *Please use this only for testing or development deployments*. diff --git a/Vagrantfile b/Vagrantfile index 32952df..0799faa 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -42,6 +42,8 @@ end Vagrant.configure(2) do |config| # config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'" + config.vbguest.installer_options = { allow_kernel_upgrade: true } + config.vm.box = "geerlingguy/centos7" config.vm.hostname = "suma-vagrant" config.vm.synced_folder ".", "/vagrant", type: "sshfs" diff --git a/ansible/demo.yml b/ansible/demo.yml index ad542ce..bd995f8 100644 --- a/ansible/demo.yml +++ b/ansible/demo.yml @@ -6,8 +6,10 @@ vars_files: - vars/main.yml pre_tasks: + - name: Update cert index + shell: yum -y update ca-certificates - yum: - state: present + state: latest update_cache: yes name: - mysql-devel @@ -30,4 +32,5 @@ - role: geerlingguy.php - role: suma-ansible - role: rvm.ruby + rvm1_gpg_key_server: 'hkp://keyserver.ubuntu.com' - role: development diff --git a/ansible/requirements.yml b/ansible/requirements.yml index f56d867..acf415f 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -3,12 +3,14 @@ - src: geerlingguy.mysql - src: geerlingguy.php - src: geerlingguy.apache + # Restrict version is avoid failure due to old jinja2 + version: "3.1.4" - src: geerlingguy.repo-remi - src: geerlingguy.php-versions # from github, overriding the name and specifying a specific tag - src: https://github.com/NCSU-Libraries-Ansible-Roles/basic-setup.git - version: "v1.3.0" + version: "v1.4.0" name: basic-setup - src: https://github.com/NCSU-Libraries-Ansible-Roles/dev-open-firewall.git diff --git a/ansible/roles/basic-setup/meta/.galaxy_install_info b/ansible/roles/basic-setup/meta/.galaxy_install_info index 12cc5e5..2f53c44 100644 --- a/ansible/roles/basic-setup/meta/.galaxy_install_info +++ b/ansible/roles/basic-setup/meta/.galaxy_install_info @@ -1 +1,2 @@ -{install_date: 'Tue Jan 15 18:33:39 2019', version: v1.3.0} +install_date: Wed Dec 15 16:05:35 2021 +version: v1.4.0 diff --git a/ansible/roles/basic-setup/tasks/main.yml b/ansible/roles/basic-setup/tasks/main.yml index df968ed..9b888a0 100644 --- a/ansible/roles/basic-setup/tasks/main.yml +++ b/ansible/roles/basic-setup/tasks/main.yml @@ -8,8 +8,6 @@ state: present update_cache: yes name: - - https://kojipkgs.fedoraproject.org//packages/http-parser/2.7.1/3.el7/x86_64/http-parser-2.7.1-3.el7.x86_64.rpm - - https://kojipkgs.fedoraproject.org//packages/http-parser/2.7.1/3.el7/x86_64/http-parser-devel-2.7.1-3.el7.x86_64.rpm - kernel-headers - kernel-devel - git diff --git a/ansible/roles/dev-open-firewall/meta/.galaxy_install_info b/ansible/roles/dev-open-firewall/meta/.galaxy_install_info index 058729f..d1b8faf 100644 --- a/ansible/roles/dev-open-firewall/meta/.galaxy_install_info +++ b/ansible/roles/dev-open-firewall/meta/.galaxy_install_info @@ -1 +1,2 @@ -{install_date: 'Tue Jan 15 18:33:39 2019', version: v1.1.0} +install_date: Wed Dec 15 16:05:35 2021 +version: v1.1.0 diff --git a/ansible/roles/geerlingguy.apache/.ansible-lint b/ansible/roles/geerlingguy.apache/.ansible-lint new file mode 100644 index 0000000..5557294 --- /dev/null +++ b/ansible/roles/geerlingguy.apache/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - '106' diff --git a/ansible/roles/geerlingguy.apache/.github/FUNDING.yml b/ansible/roles/geerlingguy.apache/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/ansible/roles/geerlingguy.apache/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/ansible/roles/geerlingguy.apache/.github/stale.yml b/ansible/roles/geerlingguy.apache/.github/stale.yml new file mode 100644 index 0000000..c7ff127 --- /dev/null +++ b/ansible/roles/geerlingguy.apache/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/ansible/roles/geerlingguy.apache/.github/workflows/ci.yml b/ansible/roles/geerlingguy.apache/.github/workflows/ci.yml new file mode 100644 index 0000000..c775c47 --- /dev/null +++ b/ansible/roles/geerlingguy.apache/.github/workflows/ci.yml @@ -0,0 +1,69 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "0 5 * * 0" + +defaults: + run: + working-directory: 'geerlingguy.apache' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.apache' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint ansible-lint + + - name: Lint code. + run: | + yamllint . + ansible-lint + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + distro: + - centos8 + - centos7 + - ubuntu2004 + - debian10 + + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.apache' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/ansible/roles/geerlingguy.apache/.github/workflows/release.yml b/ansible/roles/geerlingguy.apache/.github/workflows/release.yml new file mode 100644 index 0000000..06be705 --- /dev/null +++ b/ansible/roles/geerlingguy.apache/.github/workflows/release.yml @@ -0,0 +1,38 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.apache' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.apache' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-base + + - name: Trigger a new import on Galaxy. + run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/ansible/roles/geerlingguy.apache/.travis.yml b/ansible/roles/geerlingguy.apache/.travis.yml deleted file mode 100644 index 57deda1..0000000 --- a/ansible/roles/geerlingguy.apache/.travis.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: apache - matrix: - - MOLECULE_DISTRO: ubi8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: centos6 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: ubuntu1604 - - MOLECULE_DISTRO: ubuntu1404 - - MOLECULE_DISTRO: debian10 - - MOLECULE_DISTRO: debian9 - -install: - # Install test dependencies. - - pip install molecule docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/ansible/roles/geerlingguy.php/molecule/default/yaml-lint.yml b/ansible/roles/geerlingguy.apache/.yamllint similarity index 61% rename from ansible/roles/geerlingguy.php/molecule/default/yaml-lint.yml rename to ansible/roles/geerlingguy.apache/.yamllint index a3dbc38..f2033dd 100644 --- a/ansible/roles/geerlingguy.php/molecule/default/yaml-lint.yml +++ b/ansible/roles/geerlingguy.apache/.yamllint @@ -1,6 +1,11 @@ --- extends: default + rules: line-length: max: 120 level: warning + +ignore: | + .github/stale.yml + .travis.yml diff --git a/ansible/roles/geerlingguy.apache/README.md b/ansible/roles/geerlingguy.apache/README.md index b4f52ec..a0888c1 100644 --- a/ansible/roles/geerlingguy.apache/README.md +++ b/ansible/roles/geerlingguy.apache/README.md @@ -1,6 +1,6 @@ # Ansible Role: Apache 2.x -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) +[![CI](https://github.com/geerlingguy/ansible-role-apache/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-apache/actions?query=workflow%3ACI) An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. diff --git a/ansible/roles/geerlingguy.apache/meta/.galaxy_install_info b/ansible/roles/geerlingguy.apache/meta/.galaxy_install_info index b726c51..8e24c62 100644 --- a/ansible/roles/geerlingguy.apache/meta/.galaxy_install_info +++ b/ansible/roles/geerlingguy.apache/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Thu Jan 30 14:39:48 2020 -version: 3.1.0 +install_date: Wed Dec 15 16:05:32 2021 +version: 3.1.4 diff --git a/ansible/roles/geerlingguy.apache/meta/main.yml b/ansible/roles/geerlingguy.apache/meta/main.yml index 16cc210..5a28c05 100644 --- a/ansible/roles/geerlingguy.apache/meta/main.yml +++ b/ansible/roles/geerlingguy.apache/meta/main.yml @@ -2,6 +2,7 @@ dependencies: [] galaxy_info: + role_name: apache author: geerlingguy description: Apache 2.x for Linux. company: "Midwestern Mac, LLC" diff --git a/ansible/roles/geerlingguy.apache/molecule/default/playbook.yml b/ansible/roles/geerlingguy.apache/molecule/default/converge.yml similarity index 100% rename from ansible/roles/geerlingguy.apache/molecule/default/playbook.yml rename to ansible/roles/geerlingguy.apache/molecule/default/converge.yml diff --git a/ansible/roles/geerlingguy.apache/molecule/default/molecule.yml b/ansible/roles/geerlingguy.apache/molecule/default/molecule.yml index 2ca6fea..0714c43 100644 --- a/ansible/roles/geerlingguy.apache/molecule/default/molecule.yml +++ b/ansible/roles/geerlingguy.apache/molecule/default/molecule.yml @@ -3,10 +3,6 @@ dependency: name: galaxy driver: name: docker -lint: - name: yamllint - options: - config-file: molecule/default/yaml-lint.yml platforms: - name: instance image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" @@ -17,13 +13,6 @@ platforms: pre_build_image: true provisioner: name: ansible - lint: - name: ansible-lint + log: true playbooks: - converge: ${MOLECULE_PLAYBOOK:-playbook.yml} -scenario: - name: default -verifier: - name: testinfra - lint: - name: flake8 + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/ansible/roles/geerlingguy.apache/tasks/configure-Debian.yml b/ansible/roles/geerlingguy.apache/tasks/configure-Debian.yml index e115e61..e9b2ad4 100644 --- a/ansible/roles/geerlingguy.apache/tasks/configure-Debian.yml +++ b/ansible/roles/geerlingguy.apache/tasks/configure-Debian.yml @@ -5,6 +5,7 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present + mode: 0644 with_items: "{{ apache_ports_configuration_items }}" notify: restart apache @@ -13,6 +14,7 @@ src: "{{ apache_server_root }}/mods-available/{{ item }}" dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" state: link + mode: 0644 with_items: "{{ apache_mods_enabled }}" notify: restart apache @@ -43,6 +45,7 @@ src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" state: link + mode: 0644 notify: restart apache when: apache_create_vhosts | bool diff --git a/ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml b/ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml index 95675e4..8577461 100644 --- a/ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml +++ b/ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml @@ -5,6 +5,7 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present + mode: 0644 with_items: "{{ apache_ports_configuration_items }}" notify: restart apache diff --git a/ansible/roles/geerlingguy.apache/tasks/configure-Solaris.yml b/ansible/roles/geerlingguy.apache/tasks/configure-Solaris.yml index b6c121b..2fbf832 100644 --- a/ansible/roles/geerlingguy.apache/tasks/configure-Solaris.yml +++ b/ansible/roles/geerlingguy.apache/tasks/configure-Solaris.yml @@ -5,6 +5,7 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present + mode: 0644 with_items: "{{ apache_ports_configuration_items }}" notify: restart apache diff --git a/ansible/roles/geerlingguy.apache/tasks/configure-Suse.yml b/ansible/roles/geerlingguy.apache/tasks/configure-Suse.yml index 54d4d1c..9f084cf 100644 --- a/ansible/roles/geerlingguy.apache/tasks/configure-Suse.yml +++ b/ansible/roles/geerlingguy.apache/tasks/configure-Suse.yml @@ -5,6 +5,7 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present + mode: 0644 with_items: "{{ apache_ports_configuration_items }}" notify: restart apache diff --git a/ansible/roles/geerlingguy.mysql/.ansible-lint b/ansible/roles/geerlingguy.mysql/.ansible-lint index 5a3b624..acc8255 100644 --- a/ansible/roles/geerlingguy.mysql/.ansible-lint +++ b/ansible/roles/geerlingguy.mysql/.ansible-lint @@ -1,3 +1,3 @@ skip_list: - - '602' - - '204' + - 'yaml' + - 'role-name' diff --git a/ansible/roles/geerlingguy.mysql/.github/FUNDING.yml b/ansible/roles/geerlingguy.mysql/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/ansible/roles/geerlingguy.mysql/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/ansible/roles/geerlingguy.mysql/.github/stale.yml b/ansible/roles/geerlingguy.mysql/.github/stale.yml new file mode 100644 index 0000000..c7ff127 --- /dev/null +++ b/ansible/roles/geerlingguy.mysql/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/ansible/roles/geerlingguy.mysql/.github/workflows/ci.yml b/ansible/roles/geerlingguy.mysql/.github/workflows/ci.yml new file mode 100644 index 0000000..e956354 --- /dev/null +++ b/ansible/roles/geerlingguy.mysql/.github/workflows/ci.yml @@ -0,0 +1,77 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "0 1 * * 3" + +defaults: + run: + working-directory: 'geerlingguy.mysql' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.mysql' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + distro: + - centos8 + - centos7 + - ubuntu1804 + - debian10 + + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.mysql' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule[docker] docker + + # See: https://github.com/geerlingguy/ansible-role-mysql/issues/422 + - name: Disable AppArmor on Debian. + run: | + set -x + sudo apt-get install apparmor-profiles + sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/ + sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld + if: ${{ startsWith(matrix.distro, 'debian') }} + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/ansible/roles/geerlingguy.mysql/.github/workflows/release.yml b/ansible/roles/geerlingguy.mysql/.github/workflows/release.yml new file mode 100644 index 0000000..f92b7d8 --- /dev/null +++ b/ansible/roles/geerlingguy.mysql/.github/workflows/release.yml @@ -0,0 +1,38 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.mysql' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.mysql' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-base + + - name: Trigger a new import on Galaxy. + run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/ansible/roles/geerlingguy.mysql/.gitignore b/ansible/roles/geerlingguy.mysql/.gitignore index f56f5b5..554cc54 100644 --- a/ansible/roles/geerlingguy.mysql/.gitignore +++ b/ansible/roles/geerlingguy.mysql/.gitignore @@ -1,3 +1,4 @@ *.retry */__pycache__ *.pyc +.cache diff --git a/ansible/roles/geerlingguy.mysql/.travis.yml b/ansible/roles/geerlingguy.mysql/.travis.yml deleted file mode 100644 index db26840..0000000 --- a/ansible/roles/geerlingguy.mysql/.travis.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: mysql - matrix: - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: centos6 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: ubuntu1604 - - MOLECULE_DISTRO: debian10 - -install: - # Install test dependencies. - - pip install molecule docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/ansible/roles/geerlingguy.mysql/molecule/default/yaml-lint.yml b/ansible/roles/geerlingguy.mysql/.yamllint similarity index 70% rename from ansible/roles/geerlingguy.mysql/molecule/default/yaml-lint.yml rename to ansible/roles/geerlingguy.mysql/.yamllint index db22c42..2a66c05 100644 --- a/ansible/roles/geerlingguy.mysql/molecule/default/yaml-lint.yml +++ b/ansible/roles/geerlingguy.mysql/.yamllint @@ -1,6 +1,10 @@ --- extends: default + rules: line-length: max: 160 level: warning + +ignore: | + .github/stale.yml diff --git a/ansible/roles/geerlingguy.mysql/README.md b/ansible/roles/geerlingguy.mysql/README.md index 7436589..6a69c3b 100644 --- a/ansible/roles/geerlingguy.mysql/README.md +++ b/ansible/roles/geerlingguy.mysql/README.md @@ -1,6 +1,6 @@ # Ansible Role: MySQL -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-mysql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-mysql) +[![CI](https://github.com/geerlingguy/ansible-role-mysql/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-mysql/actions?query=workflow%3ACI) Installs and configures MySQL or MariaDB server on RHEL/CentOS or Debian/Ubuntu servers. @@ -84,6 +84,10 @@ The formats of these are the same as in the `mysql_user` module. (RedHat/CentOS only) If you have enabled any additional repositories (might I suggest geerlingguy.repo-epel or geerlingguy.repo-remi), those repositories can be listed under this variable (e.g. `remi,epel`). This can be handy, as an example, if you want to install later versions of MySQL. + mysql_python_package_debian: python3-mysqldb + +(Ubuntu/Debian only) If you need to explicitly override the MySQL Python package, you can set it here. Set this to `python-mysqldb` if using older distributions running Python 2. + mysql_port: "3306" mysql_bind_address: '0.0.0.0' mysql_datadir: /var/lib/mysql diff --git a/ansible/roles/geerlingguy.mysql/defaults/main.yml b/ansible/roles/geerlingguy.mysql/defaults/main.yml index f79f823..318b169 100644 --- a/ansible/roles/geerlingguy.mysql/defaults/main.yml +++ b/ansible/roles/geerlingguy.mysql/defaults/main.yml @@ -34,12 +34,14 @@ mysql_enablerepo: "" # - mysql-server # - MySQL-python +mysql_python_package_debian: python3-mysqldb + # MySQL connection settings. mysql_port: "3306" mysql_bind_address: '0.0.0.0' mysql_skip_name_resolve: false mysql_datadir: /var/lib/mysql -mysql_sql_mode: '' +mysql_sql_mode: ~ # The following variables have a default value depending on operating system. # mysql_pid_file: /var/run/mysqld/mysqld.pid # mysql_socket: /var/lib/mysql/mysql.sock diff --git a/ansible/roles/geerlingguy.mysql/meta/.galaxy_install_info b/ansible/roles/geerlingguy.mysql/meta/.galaxy_install_info index 741e711..bec8c99 100644 --- a/ansible/roles/geerlingguy.mysql/meta/.galaxy_install_info +++ b/ansible/roles/geerlingguy.mysql/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Thu Jan 30 14:39:56 2020 -version: 2.9.5 +install_date: Wed Dec 15 16:05:29 2021 +version: 3.3.2 diff --git a/ansible/roles/geerlingguy.mysql/meta/main.yml b/ansible/roles/geerlingguy.mysql/meta/main.yml index d95f6cc..a1bdc85 100644 --- a/ansible/roles/geerlingguy.mysql/meta/main.yml +++ b/ansible/roles/geerlingguy.mysql/meta/main.yml @@ -2,6 +2,7 @@ dependencies: [] galaxy_info: + role_name: mysql author: geerlingguy description: MySQL server for RHEL/CentOS and Debian/Ubuntu. company: "Midwestern Mac, LLC" @@ -10,8 +11,8 @@ galaxy_info: platforms: - name: EL versions: - - 6 - 7 + - 8 - name: Ubuntu versions: - all diff --git a/ansible/roles/geerlingguy.mysql/molecule/default/playbook.yml b/ansible/roles/geerlingguy.mysql/molecule/default/converge.yml similarity index 100% rename from ansible/roles/geerlingguy.mysql/molecule/default/playbook.yml rename to ansible/roles/geerlingguy.mysql/molecule/default/converge.yml diff --git a/ansible/roles/geerlingguy.mysql/molecule/default/molecule.yml b/ansible/roles/geerlingguy.mysql/molecule/default/molecule.yml index 2ca6fea..7490710 100644 --- a/ansible/roles/geerlingguy.mysql/molecule/default/molecule.yml +++ b/ansible/roles/geerlingguy.mysql/molecule/default/molecule.yml @@ -3,10 +3,6 @@ dependency: name: galaxy driver: name: docker -lint: - name: yamllint - options: - config-file: molecule/default/yaml-lint.yml platforms: - name: instance image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" @@ -17,13 +13,5 @@ platforms: pre_build_image: true provisioner: name: ansible - lint: - name: ansible-lint playbooks: - converge: ${MOLECULE_PLAYBOOK:-playbook.yml} -scenario: - name: default -verifier: - name: testinfra - lint: - name: flake8 + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/ansible/roles/geerlingguy.mysql/tasks/configure.yml b/ansible/roles/geerlingguy.mysql/tasks/configure.yml index 49cb7ad..b1f004f 100644 --- a/ansible/roles/geerlingguy.mysql/tasks/configure.yml +++ b/ansible/roles/geerlingguy.mysql/tasks/configure.yml @@ -66,8 +66,8 @@ creates: "{{ mysql_log_error }}" warn: false when: - - mysql_log == "" - - mysql_log_error != "" + - mysql_log | default(true) + - mysql_log_error | default(false) tags: ['skip_ansible_galaxy'] - name: Set ownership on error log file (if configured). @@ -78,8 +78,8 @@ group: "{{ mysql_log_file_group }}" mode: 0640 when: - - mysql_log == "" - - mysql_log_error != "" + - mysql_log | default(true) + - mysql_log_error | default(false) tags: ['skip_ansible_galaxy'] - name: Ensure MySQL is started and enabled on boot. diff --git a/ansible/roles/geerlingguy.mysql/tasks/replication.yml b/ansible/roles/geerlingguy.mysql/tasks/replication.yml index e1cbeb5..5110387 100644 --- a/ansible/roles/geerlingguy.mysql/tasks/replication.yml +++ b/ansible/roles/geerlingguy.mysql/tasks/replication.yml @@ -9,7 +9,7 @@ when: - mysql_replication_role == 'master' - mysql_replication_user.name is defined - - mysql_replication_master != '' + - (mysql_replication_master | length) > 0 tags: ['skip_ansible_galaxy'] - name: Check slave replication status. @@ -21,7 +21,7 @@ register: slave when: - mysql_replication_role == 'slave' - - mysql_replication_master != '' + - (mysql_replication_master | length) > 0 tags: ['skip_ansible_galaxy'] - name: Check master replication status. @@ -31,7 +31,7 @@ when: - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed) - mysql_replication_role == 'slave' - - mysql_replication_master != '' + - (mysql_replication_master | length) > 0 tags: ['skip_ansible_galaxy'] - name: Configure replication on the slave. @@ -47,12 +47,12 @@ - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed) - mysql_replication_role == 'slave' - mysql_replication_user.name is defined - - mysql_replication_master != '' + - (mysql_replication_master | length) > 0 - name: Start replication. mysql_replication: mode=startslave when: - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Slave is not defined and slave is failed) - mysql_replication_role == 'slave' - - mysql_replication_master != '' + - (mysql_replication_master | length) > 0 tags: ['skip_ansible_galaxy'] diff --git a/ansible/roles/geerlingguy.mysql/tasks/secure-installation.yml b/ansible/roles/geerlingguy.mysql/tasks/secure-installation.yml index 3e72512..d7a17b8 100644 --- a/ansible/roles/geerlingguy.mysql/tasks/secure-installation.yml +++ b/ansible/roles/geerlingguy.mysql/tasks/secure-installation.yml @@ -43,7 +43,7 @@ shell: > mysql -u root -NBe 'ALTER USER "{{ mysql_root_username }}"@"{{ item }}" - IDENTIFIED WITH mysql_native_password BY "{{ mysql_root_password }}";' + IDENTIFIED WITH mysql_native_password BY "{{ mysql_root_password }}"; FLUSH PRIVILEGES;' with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}" when: > ((mysql_install_packages | bool) or mysql_root_password_update) @@ -53,7 +53,7 @@ - name: Update MySQL root password for localhost root account (< 5.7.x). shell: > mysql -NBe - 'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");' + 'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}"); FLUSH PRIVILEGES;' with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}" when: > ((mysql_install_packages | bool) or mysql_root_password_update) diff --git a/ansible/roles/geerlingguy.mysql/tasks/setup-Debian.yml b/ansible/roles/geerlingguy.mysql/tasks/setup-Debian.yml index 325f25c..7145c90 100644 --- a/ansible/roles/geerlingguy.mysql/tasks/setup-Debian.yml +++ b/ansible/roles/geerlingguy.mysql/tasks/setup-Debian.yml @@ -7,13 +7,9 @@ apt: update_cache=yes when: not mysql_installed.stat.exists -- name: Determine required MySQL Python libraries. - set_fact: - deb_mysql_python_package: "{% if 'python3' in ansible_python_interpreter|default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}" - - name: Ensure MySQL Python libraries are installed. apt: - name: "{{ deb_mysql_python_package }}" + name: "{{ mysql_python_package_debian }}" state: present - name: Ensure MySQL packages are installed. diff --git a/ansible/roles/geerlingguy.mysql/tasks/setup-RedHat.yml b/ansible/roles/geerlingguy.mysql/tasks/setup-RedHat.yml index a80aae2..6835c0d 100644 --- a/ansible/roles/geerlingguy.mysql/tasks/setup-RedHat.yml +++ b/ansible/roles/geerlingguy.mysql/tasks/setup-RedHat.yml @@ -5,9 +5,3 @@ state: present enablerepo: "{{ mysql_enablerepo | default(omit, true) }}" register: rh_mysql_install_packages - -- name: Ensure MySQL Python libraries are installed. - yum: - name: MySQL-python - state: present - enablerepo: "{{ mysql_enablerepo | default(omit, true) }}" diff --git a/ansible/roles/geerlingguy.mysql/templates/my.cnf.j2 b/ansible/roles/geerlingguy.mysql/templates/my.cnf.j2 index 91962a3..78e4e91 100644 --- a/ansible/roles/geerlingguy.mysql/templates/my.cnf.j2 +++ b/ansible/roles/geerlingguy.mysql/templates/my.cnf.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} [client] #password = your_password @@ -14,7 +14,7 @@ pid-file = {{ mysql_pid_file }} {% if mysql_skip_name_resolve %} skip-name-resolve {% endif %} -{% if mysql_sql_mode %} +{% if mysql_sql_mode is not none %} sql_mode = {{ mysql_sql_mode }} {% endif %} diff --git a/ansible/roles/geerlingguy.mysql/templates/root-my.cnf.j2 b/ansible/roles/geerlingguy.mysql/templates/root-my.cnf.j2 index 5d2ab52..af13e81 100644 --- a/ansible/roles/geerlingguy.mysql/templates/root-my.cnf.j2 +++ b/ansible/roles/geerlingguy.mysql/templates/root-my.cnf.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} [client] user="{{ mysql_root_username }}" diff --git a/ansible/roles/geerlingguy.mysql/templates/user-my.cnf.j2 b/ansible/roles/geerlingguy.mysql/templates/user-my.cnf.j2 index 257a973..62e3692 100644 --- a/ansible/roles/geerlingguy.mysql/templates/user-my.cnf.j2 +++ b/ansible/roles/geerlingguy.mysql/templates/user-my.cnf.j2 @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +{{ ansible_managed | comment }} [client] user="{{ mysql_user_name }}" diff --git a/ansible/roles/geerlingguy.mysql/vars/Debian-10.yml b/ansible/roles/geerlingguy.mysql/vars/Debian-10.yml index a36993c..cb4935a 100644 --- a/ansible/roles/geerlingguy.mysql/vars/Debian-10.yml +++ b/ansible/roles/geerlingguy.mysql/vars/Debian-10.yml @@ -6,8 +6,8 @@ mysql_log_file_group: adm __mysql_slow_query_log_file: /var/log/mysql/mysql-slow.log __mysql_log_error: /var/log/mysql/mysql.log __mysql_syslog_tag: mariadb -__mysql_pid_file: /var/run/mysql/mysql.pid -__mysql_config_file: /etc/my.cnf -__mysql_config_include_dir: /etc/my.cnf.d -__mysql_socket: /var/lib/mysql/mysql.sock +__mysql_pid_file: /run/mysqld/mysqld.pid +__mysql_config_file: /etc/mysql/my.cnf +__mysql_config_include_dir: /etc/mysql/conf.d +__mysql_socket: /run/mysqld/mysqld.sock __mysql_supports_innodb_large_prefix: true diff --git a/ansible/roles/geerlingguy.mysql/vars/RedHat-6.yml b/ansible/roles/geerlingguy.mysql/vars/RedHat-6.yml deleted file mode 100644 index 96af1ff..0000000 --- a/ansible/roles/geerlingguy.mysql/vars/RedHat-6.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -__mysql_daemon: mysqld -__mysql_packages: - - mysql - - mysql-server -__mysql_slow_query_log_file: /var/log/mysql-slow.log -__mysql_log_error: /var/log/mysql.err -__mysql_syslog_tag: mysql -__mysql_pid_file: /var/run/mysqld/mysqld.pid -__mysql_config_file: /etc/my.cnf -__mysql_config_include_dir: /etc/my.cnf.d -__mysql_socket: /var/lib/mysql/mysql.sock -__mysql_supports_innodb_large_prefix: false diff --git a/ansible/roles/geerlingguy.mysql/vars/RedHat-8.yml b/ansible/roles/geerlingguy.mysql/vars/RedHat-8.yml new file mode 100644 index 0000000..12484af --- /dev/null +++ b/ansible/roles/geerlingguy.mysql/vars/RedHat-8.yml @@ -0,0 +1,18 @@ +--- +__mysql_daemon: mariadb +__mysql_packages: + - mariadb + - mariadb-server + - mariadb-connector-c + - python3-PyMySQL + - perl-DBD-MySQL +__mysql_slow_query_log_file: /var/log/mysql-slow.log +__mysql_log_error: /var/log/mariadb/mariadb.log +__mysql_syslog_tag: mariadb +__mysql_pid_file: /var/run/mariadb/mariadb.pid +__mysql_config_file: /etc/my.cnf +__mysql_config_include_dir: /etc/my.cnf.d +__mysql_socket: /var/lib/mysql/mysql.sock +# The entries controlled by this value should not be used with MariaDB >= 10.2.2 +# See https://github.com/frappe/bench/issues/681#issuecomment-398984706 +__mysql_supports_innodb_large_prefix: false diff --git a/ansible/roles/geerlingguy.php-versions/.ansible-lint b/ansible/roles/geerlingguy.php-versions/.ansible-lint index f7ae1c6..8d58b47 100644 --- a/ansible/roles/geerlingguy.php-versions/.ansible-lint +++ b/ansible/roles/geerlingguy.php-versions/.ansible-lint @@ -1,3 +1,5 @@ skip_list: - - '306' - - '503' + - 'yaml' + - 'risky-shell-pipe' + - 'no-handler' + - 'role-name' diff --git a/ansible/roles/geerlingguy.php-versions/.github/FUNDING.yml b/ansible/roles/geerlingguy.php-versions/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/ansible/roles/geerlingguy.php-versions/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/ansible/roles/geerlingguy.php-versions/.github/stale.yml b/ansible/roles/geerlingguy.php-versions/.github/stale.yml new file mode 100644 index 0000000..c7ff127 --- /dev/null +++ b/ansible/roles/geerlingguy.php-versions/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/ansible/roles/geerlingguy.php-versions/.github/workflows/ci.yml b/ansible/roles/geerlingguy.php-versions/.github/workflows/ci.yml new file mode 100644 index 0000000..24f8d52 --- /dev/null +++ b/ansible/roles/geerlingguy.php-versions/.github/workflows/ci.yml @@ -0,0 +1,90 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "30 6 * * 4" + +defaults: + run: + working-directory: 'geerlingguy.php-versions' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php-versions' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + include: + # Default PHP version (7.4). + - distro: centos8 + playbook: converge.yml + - distro: centos7 + playbook: converge.yml + - distro: ubuntu1804 + playbook: converge.yml + - distro: debian10 + playbook: converge.yml + + # PHP 8.0. + - distro: centos8 + playbook: 8.0.yml + - distro: ubuntu1804 + playbook: 8.0.yml + - distro: debian10 + playbook: 8.0.yml + + # PHP 7.3. + - distro: centos8 + playbook: 7.3.yml + - distro: ubuntu1804 + playbook: 7.3.yml + - distro: debian10 + playbook: 7.3.yml + + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php-versions' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} + MOLECULE_PLAYBOOK: ${{ matrix.playbook }} diff --git a/ansible/roles/geerlingguy.php-versions/.github/workflows/release.yml b/ansible/roles/geerlingguy.php-versions/.github/workflows/release.yml new file mode 100644 index 0000000..14cdf92 --- /dev/null +++ b/ansible/roles/geerlingguy.php-versions/.github/workflows/release.yml @@ -0,0 +1,38 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.php-versions' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php-versions' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-base + + - name: Trigger a new import on Galaxy. + run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/ansible/roles/geerlingguy.php-versions/.travis.yml b/ansible/roles/geerlingguy.php-versions/.travis.yml deleted file mode 100644 index 7a81580..0000000 --- a/ansible/roles/geerlingguy.php-versions/.travis.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: php-versions - matrix: - # Default PHP version (7.3). - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: ubuntu1604 - - MOLECULE_DISTRO: debian10 - - # PHP 7.4. - - MOLECULE_DISTRO: centos8 - MOLECULE_DOCKER_COMMAND: /usr/lib/systemd/systemd - MOLECULE_PLAYBOOK: playbook-7.4.yml - - MOLECULE_DISTRO: ubuntu1804 - MOLECULE_PLAYBOOK: playbook-7.4.yml - - MOLECULE_DISTRO: debian10 - MOLECULE_PLAYBOOK: playbook-7.4.yml - - # PHP 7.2. - - MOLECULE_DISTRO: centos8 - MOLECULE_PLAYBOOK: playbook-7.2.yml - - MOLECULE_DISTRO: ubuntu1804 - MOLECULE_PLAYBOOK: playbook-7.2.yml - -install: - # Install test dependencies. - - pip install molecule docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/ansible/roles/geerlingguy.php-versions/molecule/default/yaml-lint.yml b/ansible/roles/geerlingguy.php-versions/.yamllint similarity index 70% rename from ansible/roles/geerlingguy.php-versions/molecule/default/yaml-lint.yml rename to ansible/roles/geerlingguy.php-versions/.yamllint index a3dbc38..76a383c 100644 --- a/ansible/roles/geerlingguy.php-versions/molecule/default/yaml-lint.yml +++ b/ansible/roles/geerlingguy.php-versions/.yamllint @@ -1,6 +1,10 @@ --- extends: default + rules: line-length: max: 120 level: warning + +ignore: | + .github/stale.yml diff --git a/ansible/roles/geerlingguy.php-versions/README.md b/ansible/roles/geerlingguy.php-versions/README.md index c11d9b3..45274e4 100644 --- a/ansible/roles/geerlingguy.php-versions/README.md +++ b/ansible/roles/geerlingguy.php-versions/README.md @@ -1,6 +1,6 @@ # Ansible Role: PHP Versions -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php-versions.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php-versions) +[![CI](https://github.com/geerlingguy/ansible-role-php-versions/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-php-versions/actions?query=workflow%3ACI) Allows different PHP versions to be installed when using the `geerlingguy.php` role (or a similar role). This role was originally built for [Drupal VM](https://www.drupalvm.com) but was released more generically so others could use an easier mechanism for switching PHP versions. @@ -12,9 +12,9 @@ N/A Available variables are listed below, along with default values (see `defaults/main.yml`): - php_version: '7.3' + php_version: '7.4' -The PHP version to be installed. Any [currently-supported PHP major version](http://php.net/supported-versions.php) is a valid option (e.g. `7.2`, `7.3`, `7.4` etc.). +The PHP version to be installed. Any [currently-supported PHP major version](http://php.net/supported-versions.php) is a valid option (e.g. `7.3`, `7.4`, or `8.0`). php_versions_install_recommends: false @@ -28,12 +28,13 @@ The PHP version to be installed. Any [currently-supported PHP major version](htt ## Example Playbook - hosts: webservers + become: true vars: - php_version: '7.3' + php_version: '7.4' roles: - - role: geerlingguy.repo-remi + - name: geerlingguy.repo-remi when: ansible_os_family == 'RedHat' - geerlingguy.php-versions - geerlingguy.php diff --git a/ansible/roles/geerlingguy.php-versions/defaults/main.yml b/ansible/roles/geerlingguy.php-versions/defaults/main.yml index 289b1ba..14647c0 100644 --- a/ansible/roles/geerlingguy.php-versions/defaults/main.yml +++ b/ansible/roles/geerlingguy.php-versions/defaults/main.yml @@ -1,6 +1,6 @@ --- # The PHP version to be installed. -php_version: '7.3' +php_version: '7.4' # For Debian OSes only. php_versions_install_recommends: false diff --git a/ansible/roles/geerlingguy.php-versions/meta/.galaxy_install_info b/ansible/roles/geerlingguy.php-versions/meta/.galaxy_install_info index fd2eb3a..484d5e1 100644 --- a/ansible/roles/geerlingguy.php-versions/meta/.galaxy_install_info +++ b/ansible/roles/geerlingguy.php-versions/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Thu Jan 30 14:38:37 2020 -version: 4.0.2 +install_date: Wed Dec 15 16:05:34 2021 +version: 5.0.0 diff --git a/ansible/roles/geerlingguy.php-versions/meta/main.yml b/ansible/roles/geerlingguy.php-versions/meta/main.yml index 059eeeb..79132db 100644 --- a/ansible/roles/geerlingguy.php-versions/meta/main.yml +++ b/ansible/roles/geerlingguy.php-versions/meta/main.yml @@ -2,6 +2,7 @@ dependencies: [] galaxy_info: + role_name: php-versions author: geerlingguy description: Allows different PHP versions to be installed. company: "Midwestern Mac, LLC" diff --git a/ansible/roles/geerlingguy.php-versions/molecule/default/playbook-7.4.yml b/ansible/roles/geerlingguy.php-versions/molecule/default/7.3.yml similarity index 95% rename from ansible/roles/geerlingguy.php-versions/molecule/default/playbook-7.4.yml rename to ansible/roles/geerlingguy.php-versions/molecule/default/7.3.yml index f42e564..e6e55ca 100644 --- a/ansible/roles/geerlingguy.php-versions/molecule/default/playbook-7.4.yml +++ b/ansible/roles/geerlingguy.php-versions/molecule/default/7.3.yml @@ -5,7 +5,7 @@ vars: php_enable_webserver: false - php_version: '7.4' + php_version: '7.3' pre_tasks: - name: Update apt cache. diff --git a/ansible/roles/geerlingguy.php-versions/molecule/default/playbook-7.2.yml b/ansible/roles/geerlingguy.php-versions/molecule/default/8.0.yml similarity index 95% rename from ansible/roles/geerlingguy.php-versions/molecule/default/playbook-7.2.yml rename to ansible/roles/geerlingguy.php-versions/molecule/default/8.0.yml index 6ae3076..ca9c755 100644 --- a/ansible/roles/geerlingguy.php-versions/molecule/default/playbook-7.2.yml +++ b/ansible/roles/geerlingguy.php-versions/molecule/default/8.0.yml @@ -5,7 +5,7 @@ vars: php_enable_webserver: false - php_version: '7.2' + php_version: '8.0' pre_tasks: - name: Update apt cache. diff --git a/ansible/roles/geerlingguy.php-versions/molecule/default/playbook.yml b/ansible/roles/geerlingguy.php-versions/molecule/default/converge.yml similarity index 100% rename from ansible/roles/geerlingguy.php-versions/molecule/default/playbook.yml rename to ansible/roles/geerlingguy.php-versions/molecule/default/converge.yml diff --git a/ansible/roles/geerlingguy.php-versions/molecule/default/molecule.yml b/ansible/roles/geerlingguy.php-versions/molecule/default/molecule.yml index 2ca6fea..7490710 100644 --- a/ansible/roles/geerlingguy.php-versions/molecule/default/molecule.yml +++ b/ansible/roles/geerlingguy.php-versions/molecule/default/molecule.yml @@ -3,10 +3,6 @@ dependency: name: galaxy driver: name: docker -lint: - name: yamllint - options: - config-file: molecule/default/yaml-lint.yml platforms: - name: instance image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" @@ -17,13 +13,5 @@ platforms: pre_build_image: true provisioner: name: ansible - lint: - name: ansible-lint playbooks: - converge: ${MOLECULE_PLAYBOOK:-playbook.yml} -scenario: - name: default -verifier: - name: testinfra - lint: - name: flake8 + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/ansible/roles/geerlingguy.php-versions/tasks/main.yml b/ansible/roles/geerlingguy.php-versions/tasks/main.yml index 7820086..df5b84b 100644 --- a/ansible/roles/geerlingguy.php-versions/tasks/main.yml +++ b/ansible/roles/geerlingguy.php-versions/tasks/main.yml @@ -5,11 +5,18 @@ - "{{ role_path }}/vars/{{ ansible_os_family }}.yml" - "{{ role_path }}/vars/{{ ansible_os_family }}-php{{ php_version }}.yml" +- name: Remove missing JSON extension for PHP 8.0 (included by default) + set_fact: + __php_packages: "{{ __php_packages | reject('search','php' + php_version + '-json') | list }}" + when: + - __php_packages is defined + - php_version is version('8.0', '>=') + - name: Define PHP variables. set_fact: "{{ item.key }}={{ lookup('vars', item.value) }}" when: - - hostvars[inventory_hostname][item.key] is undefined - - hostvars[inventory_hostname][item.value] is defined + - vars[item.key] is undefined + - vars[item.value] is defined with_dict: php_conf_paths: __php_conf_paths php_extension_conf_paths: __php_extension_conf_paths diff --git a/ansible/roles/geerlingguy.php-versions/tasks/setup-Debian.yml b/ansible/roles/geerlingguy.php-versions/tasks/setup-Debian.yml index dda60bb..cfd093e 100644 --- a/ansible/roles/geerlingguy.php-versions/tasks/setup-Debian.yml +++ b/ansible/roles/geerlingguy.php-versions/tasks/setup-Debian.yml @@ -3,6 +3,11 @@ set_fact: php_opcache_conf_filename: "10-opcache.ini" +- name: Ensure dirmngr is installed (gnupg dependency). + apt: + name: dirmngr + state: present + - name: Add repository for PHP versions (Ubuntu). apt_repository: repo='ppa:ondrej/php' when: ansible_distribution == "Ubuntu" @@ -19,6 +24,7 @@ - name: Add Ondrej Sury's apt key (Debian). apt_key: url: https://packages.sury.org/php/apt.gpg + id: 15058500A0235D97F5D10063B188E2B695BD4743 state: present when: ansible_distribution == "Debian" diff --git a/ansible/roles/geerlingguy.php-versions/tasks/setup-RedHat.yml b/ansible/roles/geerlingguy.php-versions/tasks/setup-RedHat.yml index 714e24f..c20f002 100644 --- a/ansible/roles/geerlingguy.php-versions/tasks/setup-RedHat.yml +++ b/ansible/roles/geerlingguy.php-versions/tasks/setup-RedHat.yml @@ -1,4 +1,6 @@ --- +# TODO: PHP 7.2 support will be removed soon. This is only being left in here as +# a convenience for legacy PHP 7.2 users. - name: Enable remi repo for PHP 7.2. set_fact: php_enablerepo="remi,remi-php72" when: php_version == "7.2" @@ -11,6 +13,10 @@ set_fact: php_enablerepo="remi,remi-php74" when: php_version == "7.4" +- name: Enable remi repo for PHP 8.0. + set_fact: php_enablerepo="remi,remi-php80" + when: php_version == "8.0" + # See: https://github.com/ansible/ansible/issues/64852 - block: @@ -21,7 +27,7 @@ - name: Enable DNF module for CentOS 8+. shell: | - dnf config-manager --set-enabled PowerTools + dnf config-manager --set-enabled powertools dnf module enable -y php:remi-{{ php_version }} args: warn: false diff --git a/ansible/roles/geerlingguy.php-versions/vars/Debian.yml b/ansible/roles/geerlingguy.php-versions/vars/Debian.yml index 678b29c..bcaee60 100644 --- a/ansible/roles/geerlingguy.php-versions/vars/Debian.yml +++ b/ansible/roles/geerlingguy.php-versions/vars/Debian.yml @@ -39,5 +39,9 @@ __php_packages: - "php{{ php_version }}-yaml" php_versions_debian: + # TODO: PHP 7.2 support will be removed soon. This is only being left in here as + # a convenience for legacy PHP 7.2 users. - php7.2-common - php7.3-common + - php7.4-common + - php8.0-common diff --git a/ansible/roles/geerlingguy.php/.ansible-lint b/ansible/roles/geerlingguy.php/.ansible-lint new file mode 100644 index 0000000..8d58b47 --- /dev/null +++ b/ansible/roles/geerlingguy.php/.ansible-lint @@ -0,0 +1,5 @@ +skip_list: + - 'yaml' + - 'risky-shell-pipe' + - 'no-handler' + - 'role-name' diff --git a/ansible/roles/geerlingguy.php/.github/FUNDING.yml b/ansible/roles/geerlingguy.php/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/ansible/roles/geerlingguy.php/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/ansible/roles/geerlingguy.php/.github/stale.yml b/ansible/roles/geerlingguy.php/.github/stale.yml new file mode 100644 index 0000000..3cc6ec3 --- /dev/null +++ b/ansible/roles/geerlingguy.php/.github/stale.yml @@ -0,0 +1,57 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - bug + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/ansible/roles/geerlingguy.php/.github/workflows/ci.yml b/ansible/roles/geerlingguy.php/.github/workflows/ci.yml new file mode 100644 index 0000000..96a41a6 --- /dev/null +++ b/ansible/roles/geerlingguy.php/.github/workflows/ci.yml @@ -0,0 +1,82 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "0 4 * * 4" + +defaults: + run: + working-directory: 'geerlingguy.php' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + include: + - distro: centos8 + playbook: converge.yml + - distro: centos7 + playbook: converge.yml + - distro: ubuntu2004 + playbook: converge.yml + - distro: ubuntu1804 + playbook: converge.yml + - distro: debian11 + playbook: converge.yml + - distro: debian10 + playbook: converge.yml + - distro: debian9 + playbook: converge.yml + + - distro: centos7 + playbook: source-install.yml + + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} + MOLECULE_PLAYBOOK: ${{ matrix.playbook }} diff --git a/ansible/roles/geerlingguy.php/.github/workflows/release.yml b/ansible/roles/geerlingguy.php/.github/workflows/release.yml new file mode 100644 index 0000000..8335b8b --- /dev/null +++ b/ansible/roles/geerlingguy.php/.github/workflows/release.yml @@ -0,0 +1,38 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.php' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.php' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-base + + - name: Trigger a new import on Galaxy. + run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/ansible/roles/geerlingguy.php/.gitignore b/ansible/roles/geerlingguy.php/.gitignore index f56f5b5..8840c8f 100644 --- a/ansible/roles/geerlingguy.php/.gitignore +++ b/ansible/roles/geerlingguy.php/.gitignore @@ -1,3 +1,5 @@ *.retry */__pycache__ *.pyc +.cache + diff --git a/ansible/roles/geerlingguy.php/.travis.yml b/ansible/roles/geerlingguy.php/.travis.yml deleted file mode 100644 index 45999be..0000000 --- a/ansible/roles/geerlingguy.php/.travis.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: php - matrix: - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: ubuntu1604 - - MOLECULE_DISTRO: ubuntu1404 - - MOLECULE_DISTRO: debian9 - - - MOLECULE_DISTRO: centos7 - MOLECULE_PLAYBOOK: playbook-source.yml - -install: - # Install test dependencies. - - pip install molecule docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/ansible/roles/geerlingguy.php/.yamllint b/ansible/roles/geerlingguy.php/.yamllint new file mode 100644 index 0000000..f2033dd --- /dev/null +++ b/ansible/roles/geerlingguy.php/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 120 + level: warning + +ignore: | + .github/stale.yml + .travis.yml diff --git a/ansible/roles/geerlingguy.php/README.md b/ansible/roles/geerlingguy.php/README.md index 3922344..7e7707e 100644 --- a/ansible/roles/geerlingguy.php/README.md +++ b/ansible/roles/geerlingguy.php/README.md @@ -1,6 +1,6 @@ # Ansible Role: PHP -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php) +[![CI](https://github.com/geerlingguy/ansible-role-php/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-php/actions?query=workflow%3ACI) Installs PHP on RedHat/CentOS and Debian/Ubuntu servers. @@ -34,9 +34,9 @@ The default values for the HTTP server deamon are `httpd` (used by Apache) for R (RedHat/CentOS only) If you have enabled any additional repositories (might I suggest [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi)), those repositories can be listed under this variable (e.g. `remi-php70,epel`). This can be handy, as an example, if you want to install the latest version of PHP 7.0, which is in the Remi repository. - php_default_version_debian: "7.0" + php_default_version_debian: "" -(Debian/Ubuntu only) The default version of PHP in the given OS version repositories. Defaults to the latest Ubuntu LTS release. Ubuntu 18.04 needs this to be set to `"7.2"` since PHP 7.0 is not available in the default bionic packages. +(Debian/Ubuntu only) The default version of PHP in the given OS version repositories. The specific version is set per distro and per version, but you can override it by providing a value here, like `"7.4"`. **If you'd like to be able to switch PHP versions easily, or use a version that's not available in system packages**: You can use the [`geerlingguy.php-versions`](https://galaxy.ansible.com/geerlingguy/php-versions/) role to more easily switch between major PHP versions (e.g. 5.6, 7.1, 7.2). @@ -62,14 +62,31 @@ When using this role with PHP running as `php-fpm` instead of as a process insid If you're using Apache, you can easily get it configured to work with PHP-FPM using the [geerlingguy.apache-php-fpm](https://github.com/geerlingguy/ansible-role-apache-php-fpm) role. - php_fpm_listen: "127.0.0.1:9000" - php_fpm_listen_allowed_clients: "127.0.0.1" - php_fpm_pm_max_children: 50 - php_fpm_pm_start_servers: 5 - php_fpm_pm_min_spare_servers: 5 - php_fpm_pm_max_spare_servers: 5 + php_fpm_state: started + php_fpm_enabled_on_boot: true -Specific settings inside the default `www.conf` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template or using `lineinfile` like this role does inside `tasks/configure-fpm.yml`. +Control over the fpm daemon's state; set these to `stopped` and `false` if you want FPM to be installed and configured, but not running (e.g. when installing in a container). + + php_fpm_handler_state: restarted + +The handler restarts PHP-FPM by default. Setting the value to `reloaded` will reload the service, intead of restarting it. + + + php_fpm_pools: + - pool_name: www + pool_template: www.conf.j2 + pool_listen: "127.0.0.1:9000" + pool_listen_allowed_clients: "127.0.0.1" + pool_pm: dynamic + pool_pm_max_children: 5 + pool_pm_start_servers: 2 + pool_pm_min_spare_servers: 1 + pool_pm_max_spare_servers: 3 + pool_pm_max_requests: 500 + +List of PHP-FPM pool to create. By default, www pool is created. To setup a new pool, add an item to php_fpm_pools list. + +Specific settings inside the default `www.conf.j2` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template using `pool_template`. ### php.ini settings @@ -104,6 +121,8 @@ By default, all the extra defaults below are applied through the php.ini include php_session_save_handler: files php_session_save_path: '' php_disable_functions: [] + php_precision: 14 + php_serialize_precision: "-1" Various defaults for PHP. Only used if `php_use_managed_ini` is set to `true`. @@ -171,8 +190,9 @@ The version of PHP to install from source (a git branch, tag, or commit hash). php_source_clone_depth: 1 php_source_install_path: "/opt/php" php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" + php_source_mysql_config: "/usr/bin/mysql_config" -Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific). +Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific), and `mysql_config` binary (this may be `mariadb_config` in newer operating system versions). php_source_make_command: "make" diff --git a/ansible/roles/geerlingguy.php/defaults/main.yml b/ansible/roles/geerlingguy.php/defaults/main.yml index 8b04351..92550eb 100644 --- a/ansible/roles/geerlingguy.php/defaults/main.yml +++ b/ansible/roles/geerlingguy.php/defaults/main.yml @@ -3,8 +3,11 @@ # for RHEL/CentOS. php_enablerepo: "" -# Default PHP version to install on Debian-based OSes. -php_default_version_debian: "7.0" +# Extra packages to install (in addition to distro-specific default lists). +php_packages_extra: [] + +# Default PHP version to install on Debian-based OSes (OS-specific). +# php_default_version_debian: "" # PHP package state; use 'present' to make sure it's installed, or 'latest' if # you want to upgrade or switch versions using a new repo. @@ -18,12 +21,29 @@ php_enable_webserver: true # PHP-FPM configuration. php_enable_php_fpm: false +php_fpm_state: started +php_fpm_handler_state: restarted +php_fpm_enabled_on_boot: true php_fpm_listen: "127.0.0.1:9000" php_fpm_listen_allowed_clients: "127.0.0.1" php_fpm_pm_max_children: 50 php_fpm_pm_start_servers: 5 php_fpm_pm_min_spare_servers: 5 php_fpm_pm_max_spare_servers: 5 +php_fpm_pm_max_requests: 0 + +# PHP-FPM pool configuration. +php_fpm_pools: + - pool_name: www + pool_template: www.conf.j2 + pool_listen: "{{ php_fpm_listen }}" + pool_listen_allowed_clients: "{{ php_fpm_listen_allowed_clients }}" + pool_pm: dynamic + pool_pm_max_children: "{{ php_fpm_pm_max_children }}" + pool_pm_start_servers: "{{ php_fpm_pm_start_servers }}" + pool_pm_min_spare_servers: "{{ php_fpm_pm_min_spare_servers }}" + pool_pm_max_spare_servers: "{{ php_fpm_pm_max_spare_servers }}" + pool_php_fpm_pm_max_requests: "{{ php_fpm_pm_max_requests }}" # The executable to run when calling PHP from the command line. php_executable: "php" @@ -70,6 +90,8 @@ php_sendmail_path: "/usr/sbin/sendmail -t -i" php_output_buffering: "4096" php_short_open_tag: "Off" php_disable_functions: [] +php_precision: 14 +php_serialize_precision: "-1" php_session_cookie_lifetime: 0 php_session_gc_probability: 1 @@ -90,6 +112,7 @@ php_source_clone_dir: "~/php-src" php_source_clone_depth: 1 php_source_install_path: "/opt/php" php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" +php_source_mysql_config: "/usr/bin/mysql_config" # For faster compile time: "make --jobs=X" where X is # of cores present. php_source_make_command: "make" php_source_configure_command: > @@ -128,4 +151,4 @@ php_source_configure_command: > --with-zlib=/usr --with-bz2=/usr --with-recode=/usr - --with-mysqli=/usr/bin/mysql_config + --with-mysqli={{ php_source_mysql_config }} diff --git a/ansible/roles/geerlingguy.php/handlers/main.yml b/ansible/roles/geerlingguy.php/handlers/main.yml index 454476d..e0d0a29 100644 --- a/ansible/roles/geerlingguy.php/handlers/main.yml +++ b/ansible/roles/geerlingguy.php/handlers/main.yml @@ -9,5 +9,7 @@ - name: restart php-fpm service: name: "{{ php_fpm_daemon }}" - state: restarted - when: php_enable_php_fpm + state: "{{ php_fpm_handler_state }}" + when: + - php_enable_php_fpm + - php_fpm_state == 'started' diff --git a/ansible/roles/geerlingguy.php/meta/.galaxy_install_info b/ansible/roles/geerlingguy.php/meta/.galaxy_install_info index 781e49f..4421ddb 100644 --- a/ansible/roles/geerlingguy.php/meta/.galaxy_install_info +++ b/ansible/roles/geerlingguy.php/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Thu Jan 30 14:39:35 2020 -version: 3.7.0 +install_date: Wed Dec 15 16:05:31 2021 +version: 4.7.0 diff --git a/ansible/roles/geerlingguy.php/meta/main.yml b/ansible/roles/geerlingguy.php/meta/main.yml index 0baef25..e3ade6f 100644 --- a/ansible/roles/geerlingguy.php/meta/main.yml +++ b/ansible/roles/geerlingguy.php/meta/main.yml @@ -2,16 +2,17 @@ dependencies: [] galaxy_info: + role_name: php author: geerlingguy description: PHP for RedHat/CentOS/Fedora/Debian/Ubuntu. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" - min_ansible_version: 2.4 + min_ansible_version: 2.8 platforms: - name: EL versions: - - 6 - 7 + - 8 - name: Fedora versions: - all diff --git a/ansible/roles/geerlingguy.php/molecule/default/playbook.yml b/ansible/roles/geerlingguy.php/molecule/default/converge.yml similarity index 90% rename from ansible/roles/geerlingguy.php/molecule/default/playbook.yml rename to ansible/roles/geerlingguy.php/molecule/default/converge.yml index 9ca5021..41ae7c1 100644 --- a/ansible/roles/geerlingguy.php/molecule/default/playbook.yml +++ b/ansible/roles/geerlingguy.php/molecule/default/converge.yml @@ -22,6 +22,12 @@ changed_when: false # Ubuntu-specific tasks. + - name: Ensure dirmngr is installed (gnupg dependency). + apt: + name: dirmngr + state: present + when: ansible_os_family == 'Debian' + - name: Add repository for PHP 7. apt_repository: repo='ppa:ondrej/php' when: ansible_distribution == 'Ubuntu' @@ -32,6 +38,7 @@ name: - apt-transport-https - ca-certificates + - gnupg2 state: present when: ansible_distribution == "Debian" diff --git a/ansible/roles/geerlingguy.php/molecule/default/molecule.yml b/ansible/roles/geerlingguy.php/molecule/default/molecule.yml index 2ca6fea..7490710 100644 --- a/ansible/roles/geerlingguy.php/molecule/default/molecule.yml +++ b/ansible/roles/geerlingguy.php/molecule/default/molecule.yml @@ -3,10 +3,6 @@ dependency: name: galaxy driver: name: docker -lint: - name: yamllint - options: - config-file: molecule/default/yaml-lint.yml platforms: - name: instance image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" @@ -17,13 +13,5 @@ platforms: pre_build_image: true provisioner: name: ansible - lint: - name: ansible-lint playbooks: - converge: ${MOLECULE_PLAYBOOK:-playbook.yml} -scenario: - name: default -verifier: - name: testinfra - lint: - name: flake8 + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/ansible/roles/geerlingguy.php/molecule/default/playbook-source.yml b/ansible/roles/geerlingguy.php/molecule/default/source-install.yml similarity index 96% rename from ansible/roles/geerlingguy.php/molecule/default/playbook-source.yml rename to ansible/roles/geerlingguy.php/molecule/default/source-install.yml index 1cc193d..d9ad0f9 100644 --- a/ansible/roles/geerlingguy.php/molecule/default/playbook-source.yml +++ b/ansible/roles/geerlingguy.php/molecule/default/source-install.yml @@ -8,7 +8,7 @@ php_install_from_source: true php_source_clone_dir: /root/php-src php_source_make_command: "make --jobs=2" - php_version: "7.1.17" + php_version: "7.4.8" php_source_version: "php-{{ php_version }}" php_memory_limit: "192M" diff --git a/ansible/roles/geerlingguy.php/molecule/default/tests/test_default.py b/ansible/roles/geerlingguy.php/molecule/default/tests/test_default.py deleted file mode 100644 index eedd64a..0000000 --- a/ansible/roles/geerlingguy.php/molecule/default/tests/test_default.py +++ /dev/null @@ -1,14 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_hosts_file(host): - f = host.file('/etc/hosts') - - assert f.exists - assert f.user == 'root' - assert f.group == 'root' diff --git a/ansible/roles/geerlingguy.php/tasks/configure-fpm.yml b/ansible/roles/geerlingguy.php/tasks/configure-fpm.yml index 66db220..2813520 100644 --- a/ansible/roles/geerlingguy.php/tasks/configure-fpm.yml +++ b/ansible/roles/geerlingguy.php/tasks/configure-fpm.yml @@ -33,54 +33,21 @@ mode: 0755 when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined -- name: Ensure the default pool exists. +- name: Create fpm pools. template: - src: www.conf.j2 - dest: "{{ php_fpm_pool_conf_path }}" + src: "{{ item.pool_template | default('www.conf.j2', true) }}" + dest: "{{ php_fpm_pool_conf_path | dirname }}/{{ item.pool_name }}.conf" owner: root group: root mode: 0644 - force: false - when: php_enable_php_fpm - -- name: Configure php-fpm pool (if enabled). - lineinfile: - dest: "{{ php_fpm_pool_conf_path }}" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - with_items: - - regexp: "^user.?=.+$" - line: "user = {{ php_fpm_pool_user }}" - - regexp: "^group.?=.+$" - line: "group = {{ php_fpm_pool_group }}" - - regexp: "^listen.?=.+$" - line: "listen = {{ php_fpm_listen }}" - - regexp: '^listen\.allowed_clients.?=.+$' - line: "listen.allowed_clients = {{ php_fpm_listen_allowed_clients }}" - - regexp: '^pm\.max_children.?=.+$' - line: "pm.max_children = {{ php_fpm_pm_max_children }}" - - regexp: '^pm\.start_servers.?=.+$' - line: "pm.start_servers = {{ php_fpm_pm_start_servers }}" - - regexp: '^pm\.min_spare_servers.?=.+$' - line: "pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }}" - - regexp: '^pm\.max_spare_servers.?=.+$' - line: "pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }}" + force: true + loop: "{{ php_fpm_pools | default([], true) }}" when: php_enable_php_fpm notify: restart php-fpm - name: Ensure php-fpm is started and enabled at boot (if configured). service: name: "{{ php_fpm_daemon }}" - state: started - enabled: true + state: "{{ php_fpm_state }}" + enabled: "{{ php_fpm_enabled_on_boot }}" when: php_enable_php_fpm and ansible_distribution != "Debian" - -# See: https://github.com/ansible/ansible/issues/22303 -- name: Ensure php-fpm is started and enabled at boot (if configured, Debian). - service: - name: "{{ php_fpm_daemon }}" - state: started - enabled: true - use: service - when: php_enable_php_fpm and ansible_distribution == "Debian" diff --git a/ansible/roles/geerlingguy.php/tasks/configure-opcache.yml b/ansible/roles/geerlingguy.php/tasks/configure-opcache.yml index 4ed13ed..fc043d0 100644 --- a/ansible/roles/geerlingguy.php/tasks/configure-opcache.yml +++ b/ansible/roles/geerlingguy.php/tasks/configure-opcache.yml @@ -25,7 +25,7 @@ force: true mode: 0644 with_items: "{{ php_extension_conf_paths }}" - when: php_opcache_enable + when: php_opcache_enable | bool notify: restart webserver - name: Remove OpCache config file if OpCache is disabled. @@ -33,5 +33,5 @@ path: "{{ item }}/{{ php_opcache_conf_filename }}" state: absent with_items: "{{ php_extension_conf_paths }}" - when: not php_opcache_enable + when: not php_opcache_enable | bool notify: restart webserver diff --git a/ansible/roles/geerlingguy.php/tasks/configure.yml b/ansible/roles/geerlingguy.php/tasks/configure.yml index f4fa94c..e0e1434 100644 --- a/ansible/roles/geerlingguy.php/tasks/configure.yml +++ b/ansible/roles/geerlingguy.php/tasks/configure.yml @@ -4,6 +4,7 @@ path: "{{ item }}" state: directory follow: true + mode: 0755 with_flattened: - "{{ php_conf_paths }}" - "{{ php_extension_conf_paths }}" diff --git a/ansible/roles/geerlingguy.php/tasks/install-from-source.yml b/ansible/roles/geerlingguy.php/tasks/install-from-source.yml index e999ba0..cd18daa 100644 --- a/ansible/roles/geerlingguy.php/tasks/install-from-source.yml +++ b/ansible/roles/geerlingguy.php/tasks/install-from-source.yml @@ -7,6 +7,9 @@ - libtool - bison - make + - re2c + - sqlite-devel + - oniguruma-devel - curl-devel - recode-devel - aspell-devel @@ -40,6 +43,8 @@ - bison - pkg-config - re2c + - libsqlite3-dev + - libonig-dev - libxml2-dev - libcurl4-openssl-dev - libbz2-dev @@ -49,7 +54,7 @@ - libfreetype6-dev - libgmp3-dev - libmcrypt-dev - - libmysqlclient-dev + - libmariadbclient-dev - libpspell-dev - librecode-dev - libssl-dev @@ -66,11 +71,11 @@ register: gmp_file - name: Ensure gmp.h is symlinked into a location accessible to gcc. - file: + file: # noqa 208 src: "{{ php_source_install_gmp_path }}" dest: /usr/include/gmp.h state: link - when: gmp_file.stat.exists == false + when: not gmp_file.stat.exists - name: Check if PHP is installed. command: which php @@ -116,14 +121,14 @@ when: php_installed.rc != 0 - name: Ensure php executable is symlinked into a standard path. - file: + file: # noqa 208 src: "{{ php_source_install_path }}/bin/php" dest: /usr/bin/php state: link # PHP FPM configuration. - name: Ensure php-fpm executable is symlinked into a standard path. - file: + file: # noqa 208 src: "{{ php_source_install_path }}/sbin/php-fpm" dest: "/usr/sbin/{{ php_fpm_daemon }}" state: link @@ -141,6 +146,7 @@ file: path: "{{ php_fpm_conf_path }}" state: directory + mode: 0755 when: "'--enable-fpm' in php_source_configure_command" - name: Ensure php-fpm config file is installed. diff --git a/ansible/roles/geerlingguy.php/tasks/main.yml b/ansible/roles/geerlingguy.php/tasks/main.yml index 3d6e66c..dbad765 100644 --- a/ansible/roles/geerlingguy.php/tasks/main.yml +++ b/ansible/roles/geerlingguy.php/tasks/main.yml @@ -1,5 +1,17 @@ --- # Variable setup. +- name: Include distribution and version-specific vars. + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + skip: true + +- name: Set the default PHP version for Debian-based OSes. + set_fact: + php_default_version_debian: "{{ __php_default_version_debian }}" + when: php_default_version_debian is not defined and ansible_os_family == 'Debian' + - name: Include OS-specific variables. include_vars: "{{ ansible_os_family }}.yml" @@ -8,11 +20,6 @@ php_packages: "{{ __php_packages | list }}" when: php_packages is not defined -- name: Define extra php_packages. - set_fact: - php_packages: "{{ php_packages | list + php_packages_extra | list }}" - when: php_packages_extra is defined - - name: Define php_webserver_daemon. set_fact: php_webserver_daemon: "{{ __php_webserver_daemon }}" @@ -50,14 +57,18 @@ # Setup/install tasks. - include_tasks: setup-RedHat.yml - when: (php_install_from_source == false) and (ansible_os_family == 'RedHat') + when: + - not php_install_from_source + - ansible_os_family == 'RedHat' - include_tasks: setup-Debian.yml - when: (php_install_from_source == false) and (ansible_os_family == 'Debian') + when: + - not php_install_from_source + - ansible_os_family == 'Debian' # Install PHP from source when php_install_from_source is true. - include_tasks: install-from-source.yml - when: php_install_from_source == true + when: php_install_from_source # Configure PHP. - include_tasks: configure.yml diff --git a/ansible/roles/geerlingguy.php/tasks/setup-Debian.yml b/ansible/roles/geerlingguy.php/tasks/setup-Debian.yml index 1740204..a6657be 100644 --- a/ansible/roles/geerlingguy.php/tasks/setup-Debian.yml +++ b/ansible/roles/geerlingguy.php/tasks/setup-Debian.yml @@ -4,7 +4,7 @@ - name: Ensure PHP packages are installed. apt: - name: "{{ php_packages }}" + name: "{{ php_packages + php_packages_extra }}" state: "{{ php_packages_state }}" install_recommends: "{{ php_install_recommends }}" register: php_package_install @@ -23,5 +23,5 @@ path: "{{ item }}/{{ php_opcache_conf_filename }}" state: absent with_items: "{{ php_extension_conf_paths }}" - when: php_opcache_enable and php_package_install.changed + when: php_opcache_enable | bool and php_package_install.changed notify: restart webserver diff --git a/ansible/roles/geerlingguy.php/tasks/setup-RedHat.yml b/ansible/roles/geerlingguy.php/tasks/setup-RedHat.yml index 41db907..1d76b33 100644 --- a/ansible/roles/geerlingguy.php/tasks/setup-RedHat.yml +++ b/ansible/roles/geerlingguy.php/tasks/setup-RedHat.yml @@ -1,7 +1,7 @@ --- - name: Ensure PHP packages are installed. package: - name: "{{ php_packages }}" + name: "{{ php_packages + php_packages_extra }}" state: "{{ php_packages_state }}" enablerepo: "{{ php_enablerepo | default(omit, true) }}" notify: restart webserver diff --git a/ansible/roles/geerlingguy.php/templates/php.ini.j2 b/ansible/roles/geerlingguy.php/templates/php.ini.j2 index b157df1..14b7eeb 100644 --- a/ansible/roles/geerlingguy.php/templates/php.ini.j2 +++ b/ansible/roles/geerlingguy.php/templates/php.ini.j2 @@ -6,15 +6,14 @@ engine = On short_open_tag = {{ php_short_open_tag }} -asp_tags = Off -precision = 14 +precision = {{ php_precision }} output_buffering = {{ php_output_buffering }} zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = -serialize_precision = 17 +serialize_precision = {{ php_serialize_precision }} disable_functions = {{ php_disable_functions|join(",") }} disable_classes = @@ -64,7 +63,6 @@ auto_prepend_file = auto_append_file = default_mimetype = "text/html" -always_populate_raw_post_data = -1 ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; @@ -189,8 +187,6 @@ session.gc_probability = {{ php_session_gc_probability }} session.gc_divisor = {{ php_session_gc_divisor }} session.gc_maxlifetime = {{ php_session_gc_maxlifetime }} -session.bug_compat_42 = Off -session.bug_compat_warn = Off session.referer_check = session.cache_limiter = nocache diff --git a/ansible/roles/geerlingguy.php/templates/www.conf.j2 b/ansible/roles/geerlingguy.php/templates/www.conf.j2 index aaab17a..b206cce 100644 --- a/ansible/roles/geerlingguy.php/templates/www.conf.j2 +++ b/ansible/roles/geerlingguy.php/templates/www.conf.j2 @@ -1,12 +1,17 @@ -[www] -listen = 127.0.0.1:9000 -listen.allowed_clients = 127.0.0.1 +; {{ ansible_managed }} + +[{{ item.pool_name | mandatory }}] +listen = {{ item.pool_listen | mandatory }} +listen.allowed_clients = {{ item.pool_listen_allowed_clients | default('127.0.0.1', true) }} user = {{ php_fpm_pool_user }} group = {{ php_fpm_pool_group }} -pm = dynamic -pm.max_children = 50 -pm.start_servers = 5 -pm.min_spare_servers = 5 -pm.max_spare_servers = 5 -pm.max_requests = 500 +listen.owner = {{ php_fpm_pool_user }} +listen.group = {{ php_fpm_pool_group }} + +pm = {{ item.pool_pm | default('dynamic', true) }} +pm.max_children = {{ item.pool_pm_max_children | default(50, true) }} +pm.start_servers = {{ item.pool_pm_start_servers | default(5, true) }} +pm.min_spare_servers = {{ item.pool_pm_min_spare_servers | default(5, true) }} +pm.max_spare_servers = {{ item.pool_pm_max_spare_servers | default(5, true) }} +pm.max_requests = {{ item.pool_pm_max_requests | default(500, true) }} diff --git a/ansible/roles/geerlingguy.php/vars/Debian-10.yml b/ansible/roles/geerlingguy.php/vars/Debian-10.yml new file mode 100644 index 0000000..ec895ae --- /dev/null +++ b/ansible/roles/geerlingguy.php/vars/Debian-10.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.3" diff --git a/ansible/roles/geerlingguy.php/vars/Debian-11.yml b/ansible/roles/geerlingguy.php/vars/Debian-11.yml new file mode 100644 index 0000000..a16b99b --- /dev/null +++ b/ansible/roles/geerlingguy.php/vars/Debian-11.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.4" diff --git a/ansible/roles/geerlingguy.php/vars/Debian-9.yml b/ansible/roles/geerlingguy.php/vars/Debian-9.yml new file mode 100644 index 0000000..eb23ce3 --- /dev/null +++ b/ansible/roles/geerlingguy.php/vars/Debian-9.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.0" diff --git a/ansible/roles/geerlingguy.php/vars/Debian.yml b/ansible/roles/geerlingguy.php/vars/Debian.yml index c5f90b5..c487fd8 100644 --- a/ansible/roles/geerlingguy.php/vars/Debian.yml +++ b/ansible/roles/geerlingguy.php/vars/Debian.yml @@ -1,4 +1,6 @@ --- +__php_default_version_debian: "7.0" + __php_packages: - php{{ php_default_version_debian }}-common - php{{ php_default_version_debian }}-cli diff --git a/ansible/roles/geerlingguy.php/vars/RedHat.yml b/ansible/roles/geerlingguy.php/vars/RedHat.yml index f17b982..e1e4458 100644 --- a/ansible/roles/geerlingguy.php/vars/RedHat.yml +++ b/ansible/roles/geerlingguy.php/vars/RedHat.yml @@ -6,7 +6,6 @@ __php_packages: - php-devel - php-fpm - php-gd - - php-imap - php-ldap - php-mbstring - php-opcache diff --git a/ansible/roles/geerlingguy.php/vars/Ubuntu-16.yml b/ansible/roles/geerlingguy.php/vars/Ubuntu-16.yml new file mode 100644 index 0000000..eb23ce3 --- /dev/null +++ b/ansible/roles/geerlingguy.php/vars/Ubuntu-16.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.0" diff --git a/ansible/roles/geerlingguy.php/vars/Ubuntu-18.yml b/ansible/roles/geerlingguy.php/vars/Ubuntu-18.yml new file mode 100644 index 0000000..82230bc --- /dev/null +++ b/ansible/roles/geerlingguy.php/vars/Ubuntu-18.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.2" diff --git a/ansible/roles/geerlingguy.php/vars/Ubuntu-20.yml b/ansible/roles/geerlingguy.php/vars/Ubuntu-20.yml new file mode 100644 index 0000000..a16b99b --- /dev/null +++ b/ansible/roles/geerlingguy.php/vars/Ubuntu-20.yml @@ -0,0 +1,2 @@ +--- +__php_default_version_debian: "7.4" diff --git a/ansible/roles/geerlingguy.repo-remi/.ansible-lint b/ansible/roles/geerlingguy.repo-remi/.ansible-lint new file mode 100644 index 0000000..5557294 --- /dev/null +++ b/ansible/roles/geerlingguy.repo-remi/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - '106' diff --git a/ansible/roles/geerlingguy.repo-remi/.github/FUNDING.yml b/ansible/roles/geerlingguy.repo-remi/.github/FUNDING.yml new file mode 100644 index 0000000..96b4938 --- /dev/null +++ b/ansible/roles/geerlingguy.repo-remi/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/ansible/roles/geerlingguy.repo-remi/.github/stale.yml b/ansible/roles/geerlingguy.repo-remi/.github/stale.yml new file mode 100644 index 0000000..c7ff127 --- /dev/null +++ b/ansible/roles/geerlingguy.repo-remi/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/ansible/roles/geerlingguy.repo-remi/.gitignore b/ansible/roles/geerlingguy.repo-remi/.gitignore new file mode 100644 index 0000000..f56f5b5 --- /dev/null +++ b/ansible/roles/geerlingguy.repo-remi/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/ansible/roles/geerlingguy.repo-remi/.travis.yml b/ansible/roles/geerlingguy.repo-remi/.travis.yml index c96ecd0..a8d04d8 100644 --- a/ansible/roles/geerlingguy.repo-remi/.travis.yml +++ b/ansible/roles/geerlingguy.repo-remi/.travis.yml @@ -1,48 +1,33 @@ --- -sudo: required +language: python +services: docker env: - - distribution: centos - version: 6 - init: /sbin/init - run_opts: "" - - distribution: centos - version: 7 - init: /usr/lib/systemd/systemd - run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" - -services: - - docker + global: + - ROLE_NAME: repo-remi + matrix: + - MOLECULE_DISTRO: ubi8 + - MOLECULE_DISTRO: centos8 + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: centos6 before_install: - # Pull container - - 'sudo docker pull ${distribution}:${version}' - # Customize container - - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' - -script: - - container_id=$(mktemp) - # Run container in detached state - - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + # Upgrade Docker to work with docker-py. + - curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash - # Install dependencies. - - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' +install: + # Install test dependencies. + - pip install molecule yamllint ansible-lint docker - # Ansible syntax check. - - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - cd ../ + - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME + - cd geerlingguy.$ROLE_NAME - # Test role. - - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' - - # Test role idempotence. - - > - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - # Clean up - - 'sudo docker stop "$(cat ${container_id})"' +script: + # Run tests. + - molecule test notifications: webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/ansible/roles/geerlingguy.apache/molecule/default/yaml-lint.yml b/ansible/roles/geerlingguy.repo-remi/.yamllint similarity index 70% rename from ansible/roles/geerlingguy.apache/molecule/default/yaml-lint.yml rename to ansible/roles/geerlingguy.repo-remi/.yamllint index a3dbc38..76a383c 100644 --- a/ansible/roles/geerlingguy.apache/molecule/default/yaml-lint.yml +++ b/ansible/roles/geerlingguy.repo-remi/.yamllint @@ -1,6 +1,10 @@ --- extends: default + rules: line-length: max: 120 level: warning + +ignore: | + .github/stale.yml diff --git a/ansible/roles/geerlingguy.repo-remi/LICENSE b/ansible/roles/geerlingguy.repo-remi/LICENSE new file mode 100644 index 0000000..4275cf3 --- /dev/null +++ b/ansible/roles/geerlingguy.repo-remi/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/ansible/roles/geerlingguy.repo-remi/README.md b/ansible/roles/geerlingguy.repo-remi/README.md index c93ee15..739fe96 100644 --- a/ansible/roles/geerlingguy.repo-remi/README.md +++ b/ansible/roles/geerlingguy.repo-remi/README.md @@ -6,17 +6,17 @@ Installs [Remi's RPM repository](http://rpms.famillecollet.com/) for RHEL/CentOS ## Requirements -None. +On RHEL 8 or newer, you should make sure to install or enable the EPEL repository. I recommend using the `geerlingguy.repo-epel` repository. ## Role Variables Available variables are listed below, along with default values (see `defaults/main.yml`): - remi_repo_url: "http://rpms.famillecollet.com/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" + remi_repo_url: "https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" The URL from which the Remi repo `.rpm` will be downloaded and installed. - remi_repo_gpg_key_url: "http://rpms.remirepo.net/RPM-GPG-KEY-remi" + remi_repo_gpg_key_url: "https://rpms.remirepo.net/RPM-GPG-KEY-remi2018" Remi repo GPG key location. Can be set to a local file or to the URL from Remi's website. @@ -36,4 +36,4 @@ MIT / BSD ## Author Information -This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/ansible/roles/geerlingguy.repo-remi/defaults/main.yml b/ansible/roles/geerlingguy.repo-remi/defaults/main.yml index c4827c6..0dd05f1 100644 --- a/ansible/roles/geerlingguy.repo-remi/defaults/main.yml +++ b/ansible/roles/geerlingguy.repo-remi/defaults/main.yml @@ -1,3 +1,3 @@ --- -remi_repo_url: "http://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" -remi_repo_gpg_key_url: "http://rpms.remirepo.net/RPM-GPG-KEY-remi" +remi_repo_url: "https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" +remi_repo_gpg_key_url: "https://rpms.remirepo.net/RPM-GPG-KEY-remi2018" diff --git a/ansible/roles/geerlingguy.repo-remi/meta/.galaxy_install_info b/ansible/roles/geerlingguy.repo-remi/meta/.galaxy_install_info index ba7b4cc..0fe54a0 100644 --- a/ansible/roles/geerlingguy.repo-remi/meta/.galaxy_install_info +++ b/ansible/roles/geerlingguy.repo-remi/meta/.galaxy_install_info @@ -1,2 +1,2 @@ -install_date: Thu Jan 30 14:40:37 2020 -version: 1.2.0 +install_date: Wed Dec 15 16:05:33 2021 +version: 2.0.1 diff --git a/ansible/roles/geerlingguy.repo-remi/meta/main.yml b/ansible/roles/geerlingguy.repo-remi/meta/main.yml index 1f4e932..e3eb3b1 100644 --- a/ansible/roles/geerlingguy.repo-remi/meta/main.yml +++ b/ansible/roles/geerlingguy.repo-remi/meta/main.yml @@ -2,14 +2,24 @@ dependencies: [] galaxy_info: + # See: https://github.com/ansible/galaxy/issues/2393 + # role_name: repo-remi author: geerlingguy description: Remi's RPM repository for RHEL/CentOS. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" - min_ansible_version: 1.8 + min_ansible_version: 2.4 platforms: - name: EL versions: - - all + - all galaxy_tags: - packaging + - epel + - repository + - repo + - remi + - php + - redhat + - rhel + - centos diff --git a/ansible/roles/geerlingguy.repo-remi/molecule/default/converge.yml b/ansible/roles/geerlingguy.repo-remi/molecule/default/converge.yml new file mode 100644 index 0000000..b07c6ec --- /dev/null +++ b/ansible/roles/geerlingguy.repo-remi/molecule/default/converge.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: true + + roles: + - role: geerlingguy.repo-epel + - role: geerlingguy.repo-remi diff --git a/ansible/roles/geerlingguy.repo-remi/molecule/default/molecule.yml b/ansible/roles/geerlingguy.repo-remi/molecule/default/molecule.yml new file mode 100644 index 0000000..2da47dd --- /dev/null +++ b/ansible/roles/geerlingguy.repo-remi/molecule/default/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/ansible/roles/geerlingguy.repo-remi/molecule/default/requirements.yml b/ansible/roles/geerlingguy.repo-remi/molecule/default/requirements.yml new file mode 100644 index 0000000..1c344b3 --- /dev/null +++ b/ansible/roles/geerlingguy.repo-remi/molecule/default/requirements.yml @@ -0,0 +1,2 @@ +--- +- role: geerlingguy.repo-epel diff --git a/ansible/roles/geerlingguy.repo-remi/tasks/main.yml b/ansible/roles/geerlingguy.repo-remi/tasks/main.yml index b9c50b9..3adfb31 100644 --- a/ansible/roles/geerlingguy.repo-remi/tasks/main.yml +++ b/ansible/roles/geerlingguy.repo-remi/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: Install remi repo. - yum: - name: "{{ remi_repo_url }}" - state: present - - name: Import remi GPG key. rpm_key: key: "{{ remi_repo_gpg_key_url }}" state: present + +- name: Install remi repo. + yum: + name: "{{ remi_repo_url }}" + state: present diff --git a/ansible/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-6 b/ansible/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-6 deleted file mode 100644 index 7df05ff..0000000 --- a/ansible/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-6 +++ /dev/null @@ -1,19 +0,0 @@ -FROM centos:6 - -# Install Ansible -RUN yum -y update; yum clean all; -RUN yum -y install epel-release -RUN yum -y install git python-setuptools gcc sudo libffi-devel python-devel openssl-devel -RUN yum clean all -RUN easy_install pip -RUN pip install ansible - - -# Disable requiretty -RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers - -# Install Ansible inventory file -RUN mkdir - p /etc/ansible -RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts - -CMD ["/usr/sbin/init"] diff --git a/ansible/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-7 b/ansible/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-7 deleted file mode 100644 index ded17f1..0000000 --- a/ansible/roles/geerlingguy.repo-remi/tests/Dockerfile.centos-7 +++ /dev/null @@ -1,29 +0,0 @@ -FROM centos:7 - -# Install systemd -- See https://hub.docker.com/_/centos/ -RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs -RUN yum -y update; yum clean all; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*; \ -rm -f /etc/systemd/system/*.wants/*; \ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*; \ -rm -f /lib/systemd/system/anaconda.target.wants/*; - -# Install Ansible -RUN yum -y install git python-setuptools gcc sudo libffi-devel python-devel openssl-devel -RUN yum clean all -RUN easy_install pip -RUN pip install ansible - -# Disable requiretty -RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers - -# Install Ansible inventory file -RUN mkdir - p /etc/ansible -RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts - -VOLUME ["/sys/fs/cgroup"] -CMD ["/usr/sbin/init"] diff --git a/ansible/roles/geerlingguy.repo-remi/tests/requirements.yml b/ansible/roles/geerlingguy.repo-remi/tests/requirements.yml deleted file mode 100644 index 711227a..0000000 --- a/ansible/roles/geerlingguy.repo-remi/tests/requirements.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- src: geerlingguy.repo-remi diff --git a/ansible/roles/geerlingguy.repo-remi/tests/test.yml b/ansible/roles/geerlingguy.repo-remi/tests/test.yml deleted file mode 100644 index 3646ff4..0000000 --- a/ansible/roles/geerlingguy.repo-remi/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: all - - roles: - - role_under_test diff --git a/ansible/roles/rvm.ruby/meta/.galaxy_install_info b/ansible/roles/rvm.ruby/meta/.galaxy_install_info index e97bd0b..ce3dee5 100644 --- a/ansible/roles/rvm.ruby/meta/.galaxy_install_info +++ b/ansible/roles/rvm.ruby/meta/.galaxy_install_info @@ -1 +1,2 @@ -{install_date: 'Tue Jan 15 18:33:31 2019', version: v2.1.2} +install_date: Wed Dec 15 16:05:28 2021 +version: v2.1.2 diff --git a/ansible/vars/main.yml b/ansible/vars/main.yml index bbb9bb8..c0f004f 100644 --- a/ansible/vars/main.yml +++ b/ansible/vars/main.yml @@ -39,7 +39,7 @@ apache_vhosts: # PHP configs (geerlinguy.php) php_enablerepo: remi -php_version: "7.3" +php_version: "7.4" php_memory_limit: "128M" php_max_execution_time: "90" php_upload_max_filesize: "256M"