initial commit

8 files changed, 236 insertions, 0 deletions

diff --git a/roles/php/defaults/main.yml b/roles/php/defaults/main.yml
new file mode 100644
index 0000000..45c0138
--- /dev/null
+++ b/roles/php/defaults/main.yml
@@ -0,0 +1,17 @@
+php_post_max_size: 8M
+php_upload_max_filesize: 25M
+php_max_file_uploads: 20
+php_timezone: '{{ timezone }}'
+
+php_fpm_pool: www
+php_fpm_user: apache
+php_fpm_group: apache
+php_fpm_max_children: 50
+php_fpm_start_servers: 5
+php_fpm_min_spare_servers: 5
+php_fpm_max_spare_servers: 35
+php_fpm_flags: {}
+php_fpm_admin_flags: {}
+php_fpm_values: {}
+php_fpm_admin_values: {}
+php_fpm_environment: {}
diff --git a/roles/php/files/etc/systemd/system/php-fpm.service.d/override.conf b/roles/php/files/etc/systemd/system/php-fpm.service.d/override.conf
new file mode 100644
index 0000000..26c9ad8
--- /dev/null
+++ b/roles/php/files/etc/systemd/system/php-fpm.service.d/override.conf
@@ -0,0 +1,2 @@
+[Unit]
+After=gssproxy.service
diff --git a/roles/php/handlers/main.yml b/roles/php/handlers/main.yml
new file mode 100644
index 0000000..f644426
--- /dev/null
+++ b/roles/php/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart php-fpm
+  systemd:
+    name: php-fpm
+    state: restarted
diff --git a/roles/php/tasks/main.yml b/roles/php/tasks/main.yml
new file mode 100644
index 0000000..6505ec0
--- /dev/null
+++ b/roles/php/tasks/main.yml
@@ -0,0 +1,32 @@
+- name: install php
+  dnf:
+    name: '{{ php_packages[ansible_distribution_major_version] }}'
+    state: present
+
+# TODO: we should support multiple pools
+- name: generate php configuration
+  template:
+    src: '{{ item[1:] }}.j2'
+    dest: '{{ item }}'
+  loop:
+    - /etc/php.ini
+    - /etc/php-fpm.conf
+    - /etc/php-fpm.d/www.conf
+  notify: restart php-fpm
+
+- name: create systemd override directory
+  file:
+    path: /etc/systemd/system/php-fpm.service.d
+    state: directory
+
+- name: create systemd override file
+  copy:
+    src: etc/systemd/system/php-fpm.service.d/override.conf
+    dest: /etc/systemd/system/php-fpm.service.d/override.conf
+  notify: restart php-fpm
+  register: php_fpm_systemd_unit
+
+- name: reload systemd daemon
+  systemd:
+    daemon_reload: yes
+  when: php_fpm_systemd_unit.changed
diff --git a/roles/php/templates/etc/php-fpm.conf.j2 b/roles/php/templates/etc/php-fpm.conf.j2
new file mode 100644
index 0000000..c129708
--- /dev/null
+++ b/roles/php/templates/etc/php-fpm.conf.j2
@@ -0,0 +1,6 @@
+include=/etc/php-fpm.d/*.conf
+
+[global]
+pid = /run/php-fpm/php-fpm.pid
+error_log = syslog
+daemonize = yes
diff --git a/roles/php/templates/etc/php-fpm.d/www.conf.j2 b/roles/php/templates/etc/php-fpm.d/www.conf.j2
new file mode 100644
index 0000000..077bc7f
--- /dev/null
+++ b/roles/php/templates/etc/php-fpm.d/www.conf.j2
@@ -0,0 +1,40 @@
+[www]
+user = {{ php_fpm_user }}
+group = {{ php_fpm_group }}
+
+listen = /run/php-fpm/www.sock
+
+listen.acl_users = apache,nginx
+listen.allowed_clients = 127.0.0.1
+
+pm = dynamic
+
+pm.max_children = {{ php_fpm_max_children }}
+pm.start_servers = {{ php_fpm_start_servers }}
+pm.min_spare_servers = {{ php_fpm_min_spare_servers }}
+pm.max_spare_servers = {{ php_fpm_max_spare_servers }}
+
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
+php_value[opcache.file_cache]   = /var/lib/php/opcache
+
+{% for item in php_fpm_flags | dict2items %}
+php_flag[{{ item.key }}] = {{ item.value if item.value is string else ('on' if (item.value|bool) else 'off') }}
+{% endfor %}
+
+{% for item in php_fpm_admin_flags | dict2items %}
+php_admin_flag[{{ item.key }}] = {{ item.value if item.value is string else ('on' if (item.value|bool) else 'off') }}
+{% endfor %}
+
+{% for item in php_fpm_values | dict2items %}
+php_value[{{ item.key }}] = {{ item.value }}
+{% endfor %}
+
+{% for item in php_fpm_admin_values | dict2items %}
+php_admin_value[{{ item.key }}] = {{ item.value }}
+{% endfor %}
+
+{% for item in php_fpm_environment | dict2items %}
+env[{{ item.key }}] = {{ item.value }}
+{% endfor %}
diff --git a/roles/php/templates/etc/php.ini.j2 b/roles/php/templates/etc/php.ini.j2
new file mode 100644
index 0000000..62b9893
--- /dev/null
+++ b/roles/php/templates/etc/php.ini.j2
@@ -0,0 +1,130 @@
+[PHP]
+engine = On
+short_open_tag = Off
+precision = 14
+output_buffering = 4096
+implicit_flush = Off
+unserialize_callback_func =
+serialize_precision = -1
+disable_functions =
+disable_classes =
+zend.enable_gc = On
+zend.exception_ignore_args = On
+expose_php = On
+max_execution_time = 30
+max_input_time = 60
+memory_limit = 128M
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+display_errors = Off
+display_startup_errors = Off
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+error_log = syslog
+variables_order = "GPCS"
+request_order = "GP"
+register_argc_argv = Off
+auto_globals_jit = On
+post_max_size = {{ php_post_max_size }}
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+doc_root =
+user_dir =
+enable_dl = Off
+file_uploads = On
+upload_max_filesize = {{ php_upload_max_filesize }}
+max_file_uploads = {{ php_max_file_uploads }}
+allow_url_fopen = On
+allow_url_include = Off
+default_socket_timeout = 60
+
+[CLI Server]
+cli_server.color = On
+
+[Date]
+date.timezone = {{ php_timezone }}
+
+[Pcre]
+pcre.jit=0
+[Pdo_mysql]
+pdo_mysql.default_socket=
+[mail function]
+sendmail_path = /usr/sbin/sendmail -t -i
+mail.add_x_header = Off
+mail.log = syslog
+
+[ODBC]
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+
+[MySQLi]
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+
+[bcmath]
+bcmath.scale = 0
+
+[Session]
+session.save_handler = files
+session.use_strict_mode = 1
+session.use_cookies = 1
+session.cookie_secure = 1
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.cookie_samesite = Strict
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.sid_length = 26
+session.trans_sid_tags = "a=href,area=href,frame=src,form="
+session.sid_bits_per_character = 5
+
+[Assertion]
+zend.assertions = -1
+
+[Tidy]
+tidy.clean_output = Off
+
+[soap]
+soap.wsdl_cache_enabled=1
+soap.wsdl_cache_dir="/tmp"
+soap.wsdl_cache_ttl=86400
+soap.wsdl_cache_limit = 5
+
+[ldap]
+ldap.max_links = -1
diff --git a/roles/php/vars/main.yml b/roles/php/vars/main.yml
new file mode 100644
index 0000000..d2762ae
--- /dev/null
+++ b/roles/php/vars/main.yml
@@ -0,0 +1,5 @@
+php_packages:
+  '8':
+    - '@php:8.0'
+  '9':
+    - php