From 1082406c5ac17016904d8e166c3bfc09f56f399b Mon Sep 17 00:00:00 2001 From: Alexander Meindl Date: Thu, 1 Aug 2024 22:00:14 +0200 Subject: [PATCH] working on multiple php fpm pool support --- roles/ansible_node/tasks/instance.yml | 2 +- roles/cifs_mount/tasks/setup_instance.yml | 2 +- roles/drupal/tasks/instance.yml | 50 ++++++++++++++++--- .../etc/nginx/sites-available/drupal.j2 | 32 ++++++------ roles/matomo/tasks/setup.yml | 2 +- roles/matomo/tasks/setup_install.yml | 2 +- roles/matomo/tasks/setup_vhost.yml | 2 + .../templates/nginx/sites-available/matomo.j2 | 15 +++--- roles/matomo/vars/main.yml | 2 +- roles/memcached/tasks/setup.yml | 2 +- roles/mongodb/tasks/replication.yml | 2 +- roles/mysql/tasks/replication.yml | 6 +-- roles/mysql_client/tasks/repo.yml | 2 +- roles/nextcloud/templates/vhost.j2 | 2 +- roles/nodejs/tasks/setup.yml | 2 +- roles/php_fpm/defaults/main.yml | 13 ++--- roles/php_fpm/tasks/pool.yml | 27 ++++++++++ roles/php_fpm/tasks/pools.yml | 27 ---------- roles/php_fpm/tasks/setup.yml | 7 ++- roles/php_fpm/templates/php-fpm.j2 | 48 ++++++++++++------ roles/php_fpm/templates/pool.j2 | 16 +++--- roles/php_fpm/vars/Debian-bookworm.yml | 18 ++++--- roles/php_fpm/vars/Debian-bullseye.yml | 18 ++++--- roles/php_fpm/vars/Debian-buster.yml | 18 ++++--- roles/php_fpm/vars/Ubuntu-jammy.yml | 18 ++++--- roles/php_fpm/vars/Ubuntu-noble.yml | 18 ++++--- roles/rocketchat/defaults/main.yml | 2 +- roles/rvm/tasks/rvm.yml | 4 +- roles/wordpress/tasks/instance_install.yml | 2 +- 29 files changed, 212 insertions(+), 149 deletions(-) create mode 100644 roles/php_fpm/tasks/pool.yml delete mode 100644 roles/php_fpm/tasks/pools.yml diff --git a/roles/ansible_node/tasks/instance.yml b/roles/ansible_node/tasks/instance.yml index 29fdba0..7a57bba 100644 --- a/roles/ansible_node/tasks/instance.yml +++ b/roles/ansible_node/tasks/instance.yml @@ -11,7 +11,7 @@ - name: Set if playbook is required - {{ available_playbook_name }} ansible.builtin.set_fact: - required_playbook: "{{ true if ansible_node_timers[available_playbook_name] is not defined and available_playbook_name in ansible_node_playbooks | map(attribute='name') else false }}" + required_playbook: "{{ true if ansible_node_timers[available_playbook_name] is undefined and available_playbook_name in ansible_node_playbooks | map(attribute='name') else false }}" - name: Not required playbook when: not required_playbook diff --git a/roles/cifs_mount/tasks/setup_instance.yml b/roles/cifs_mount/tasks/setup_instance.yml index 8d408a6..3e3f7eb 100644 --- a/roles/cifs_mount/tasks/setup_instance.yml +++ b/roles/cifs_mount/tasks/setup_instance.yml @@ -36,7 +36,7 @@ ansible.builtin.file: path: '{{ credentials_file }}' state: absent - when: cifs_mount.credential_user is not defined or cifs_mount.credential_password is not defined + when: cifs_mount.credential_user is undefined or cifs_mount.credential_password is undefined - name: Set fstab entry ansible.builtin.lineinfile: diff --git a/roles/drupal/tasks/instance.yml b/roles/drupal/tasks/instance.yml index 3f0715f..677c50b 100644 --- a/roles/drupal/tasks/instance.yml +++ b/roles/drupal/tasks/instance.yml @@ -33,6 +33,45 @@ - instance.db_driver == 'pgsql' - instance.db_host is undefined or instance.db_host == 'localhost' or instance.db_host == '127.0.0.1' +- name: Set facts + ansible.builtin.set_fact: + file_private_path: "{{ instance.file_private_path | default(instance.dir + '/private_files') }}" + config_sync_directory: "{{ instance.config_sync_directory | default(instance.dir + '/config') }}" + sites_default_dir: "{{ instance.dir }}{{ instance.vhost_dir | default(drupal_vhost_dir) }}/sites/default" + +- name: Fix owner and permission for settings on checkout + when: instance.write_settings_file is defined and not instance.write_settings_file + block: + - name: Fix sites/default owner and permission + ansible.builtin.file: + path: "{{ sites_default_dir }}" + owner: "{{ instance.drupal_user | default('root') }}" + group: "{{ instance.drupal_group | default(nginx_group) | default('root') }}" + mode: '0755' + state: directory + + - name: Fix settings.php owner and permission + ansible.builtin.file: + path: "{{ sites_default_dir }}/settings.php" + owner: "{{ instance.drupal_user | default('root') }}" + group: "{{ instance.drupal_group | default(nginx_group) | default('root') }}" + mode: '0644' + state: file + + - name: Check for settings.prod.php + ansible.builtin.stat: + path: "{{ sites_default_dir }}/settings.prod.php" + register: prod_php + + - name: Fix settings.prod.php owner and permission + ansible.builtin.file: + path: "{{ prod_php.stat.path }}" + owner: "{{ instance.drupal_user | default('root') }}" + group: "{{ instance.drupal_group | default(nginx_group) | default('root') }}" + mode: '0644' + state: file + when: prod_php.stat.exists + - name: Install drupal - {{ instance.name }} ansible.builtin.git: repo: '{{ instance.repo }}' @@ -72,7 +111,7 @@ group: '{{ instance.drupal_group | default(nginx_group) }}' recurse: true loop: '{{ instance.write_permissions | default([]) }}' - when: drupal_user is not defined + when: drupal_user is undefined - name: Make sure tmp directory exists and permissions are correct - {{ instance.name }} ansible.builtin.file: @@ -83,11 +122,6 @@ recurse: true when: instance.tmp_dir is defined -- name: Set facts - ansible.builtin.set_fact: - file_private_path: "{{ instance.file_private_path | default(instance.dir + '/private_files') }}" - config_sync_directory: "{{ instance.config_sync_directory | default(instance.dir + '/config') }}" - - name: Check if private files directory exists - {{ instance.name }} ansible.builtin.file: path: '{{ file_private_path }}' @@ -111,13 +145,13 @@ - name: Update settings.php for Drupal - {{ instance.name }} ansible.builtin.template: src: default.settings.php.j2 - dest: "{{ instance.dir }}{{ instance.vhost_dir | default(drupal_vhost_dir) }}/sites/default/settings.php" + dest: "{{ sites_default_dir }}/settings.php" validate: 'php -l %s' owner: '{{ instance.drupal_user | default("root") }}' group: '{{ instance.drupal_group | default(nginx_group) }}' mode: '0640' when: - - instance.write_settings_file is not defined or instance.write_settings_file + - instance.write_settings_file is undefined or instance.write_settings_file - name: Update .env ansible.builtin.template: diff --git a/roles/drupal/templates/etc/nginx/sites-available/drupal.j2 b/roles/drupal/templates/etc/nginx/sites-available/drupal.j2 index 2daf6e1..1d4c84b 100644 --- a/roles/drupal/templates/etc/nginx/sites-available/drupal.j2 +++ b/roles/drupal/templates/etc/nginx/sites-available/drupal.j2 @@ -57,11 +57,11 @@ server { # Drupal 7 or higher generated image handling, i.e., imagecache in core. See: # https://drupal.org/node/371374. location ~* /files/(css|js|styles)/ { - {% if drupal_with_hotlink_protection %} +{% if drupal_with_hotlink_protection %} # Image hotlinking protection. If you want hotlinking # protection for your images uncomment the following line. include hotlinking_protection.conf; - {% endif %} +{% endif %} expires 1y; try_files $uri @drupal; } @@ -80,20 +80,20 @@ server { } location ~* /sites/.+/files/optimized/(css|js)/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - location ~* /sites/.*/files/optimized/css/.+\.css$ { - access_log off; - add_header Cache-Control "public, max-age=31536000, no-transform, immutable"; - try_files $uri @drupal; - } - location ~* /sites/.*/files/optimized/js/.+\.js$ { - access_log off; - add_header Cache-Control "public, max-age=31536000, no-transform, immutable"; - try_files $uri @drupal; - } + expires max; + add_header ETag ''; + add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; + add_header Accept-Ranges ''; + location ~* /sites/.*/files/optimized/css/.+\.css$ { + access_log off; + add_header Cache-Control "public, max-age=31536000, no-transform, immutable"; + try_files $uri @drupal; + } + location ~* /sites/.*/files/optimized/js/.+\.js$ { + access_log off; + add_header Cache-Control "public, max-age=31536000, no-transform, immutable"; + try_files $uri @drupal; + } } # PDFs and powerpoint files handling. diff --git a/roles/matomo/tasks/setup.yml b/roles/matomo/tasks/setup.yml index 416f629..931e399 100644 --- a/roles/matomo/tasks/setup.yml +++ b/roles/matomo/tasks/setup.yml @@ -171,7 +171,7 @@ ansible.builtin.file: path: '{{ matomo_config_file }}' owner: '{{ matomo_user }}' - group: '{{ matomo_user }}' + group: '{{ matomo_group }}' mode: '{{ matomo_config_file_mode }}' when: matomo_config_file_exists.stat.exists diff --git a/roles/matomo/tasks/setup_install.yml b/roles/matomo/tasks/setup_install.yml index 7d2b233..affaa40 100644 --- a/roles/matomo/tasks/setup_install.yml +++ b/roles/matomo/tasks/setup_install.yml @@ -28,7 +28,7 @@ src: '{{ playbook_dir }}/files/matomo/{{ group_names[0] }}.ini.php.j2' dest: '{{ matomo_config_file }}' owner: '{{ matomo_user }}' - group: '{{ matomo_user }}' + group: '{{ matomo_group }}' mode: '{{ matomo_config_file_mode }}' when: - matomo_multi_server_environment diff --git a/roles/matomo/tasks/setup_vhost.yml b/roles/matomo/tasks/setup_vhost.yml index f36e9f7..5c6d1c0 100644 --- a/roles/matomo/tasks/setup_vhost.yml +++ b/roles/matomo/tasks/setup_vhost.yml @@ -28,6 +28,8 @@ src: nginx/sites-available/matomo.j2 dest: /etc/nginx/sites-available/matomo.conf mode: '0644' + vars: + php_fpm_custom_listen: '{{ matomo_php_fpm_listen_name if matomo_php_fpm_listen_name is defined else php_fpm_listen }}' notify: Reload nginx - name: Ensure matomo vhost is enabled diff --git a/roles/matomo/templates/nginx/sites-available/matomo.j2 b/roles/matomo/templates/nginx/sites-available/matomo.j2 index d6946a9..daa6dee 100644 --- a/roles/matomo/templates/nginx/sites-available/matomo.j2 +++ b/roles/matomo/templates/nginx/sites-available/matomo.j2 @@ -42,17 +42,14 @@ server { try_files $uri $uri/ =404; } - {% if matomo_vhost_includes is defined -%} - {% for include in matomo_vhost_includes -%} +{% if matomo_vhost_includes is defined -%} +{% for include in matomo_vhost_includes -%} include {{ include }}.conf; - {% endfor %} - {% endif %} - - {% if not matomo_with_access_log -%} - +{% endfor %} +{% endif %} +{% if not matomo_with_access_log %} access_log off; - - {% endif -%} +{% endif %} location ~ \.(jpg|jpeg|gif|png|ico)$ { access_log off; diff --git a/roles/matomo/vars/main.yml b/roles/matomo/vars/main.yml index da0e431..6d1807a 100644 --- a/roles/matomo/vars/main.yml +++ b/roles/matomo/vars/main.yml @@ -12,7 +12,7 @@ matomo_available_plugins: use_git: false repo: https://github.com/matomo-org/plugin-QueuedTracking.git download: https://github.com/matomo-org/plugin-QueuedTracking/archive/%%version%%.tar.gz - version: 5.0.5 + version: 5.0.6 LoginLdap: use_git: true repo: https://github.com/matomo-org/plugin-LoginLdap.git diff --git a/roles/memcached/tasks/setup.yml b/roles/memcached/tasks/setup.yml index 9b073e9..4b47f83 100644 --- a/roles/memcached/tasks/setup.yml +++ b/roles/memcached/tasks/setup.yml @@ -2,7 +2,7 @@ - name: Define memcached_user. ansible.builtin.set_fact: memcached_user: "{{ __memcached_user }}" - when: memcached_user is not defined + when: memcached_user is undefined - name: Install Memcached. ansible.builtin.apt: diff --git a/roles/mongodb/tasks/replication.yml b/roles/mongodb/tasks/replication.yml index 4eeb4ac..8477296 100644 --- a/roles/mongodb/tasks/replication.yml +++ b/roles/mongodb/tasks/replication.yml @@ -51,6 +51,6 @@ votes: "{{ item.votes | default(omit) }}" ssl: "{{ True if mongodb_net_ssl_mode == 'requireSSL' else False }}" when: ( mongodb_security_authorization == 'disabled' - and ( mongodb_master is not defined or not mongodb_master) ) + and ( mongodb_master is undefined or not mongodb_master) ) with_items: - "{{ mongodb_replication_params | default([]) }}" diff --git a/roles/mysql/tasks/replication.yml b/roles/mysql/tasks/replication.yml index 2e07602..3cf3bd1 100644 --- a/roles/mysql/tasks/replication.yml +++ b/roles/mysql/tasks/replication.yml @@ -31,7 +31,7 @@ register: master when: - (mysql_replication_master_inventory_host | length) > 0 - - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Replica is defined and not slave.Is_Replica) or (slave.Is_Slave is not defined and slave.Is_Replica is not defined and slave is failed) + - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Replica is defined and not slave.Is_Replica) or (slave.Is_Slave is undefined and slave.Is_Replica is undefined and slave is failed) - mysql_replication_role == 'slave' - (mysql_replication_master | length) > 0 @@ -45,7 +45,7 @@ master_log_pos: "{{ master.Position }}" ignore_errors: true when: - - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Replica is defined and not slave.Is_Replica) or (slave.Is_Slave is not defined and slave.Is_Replica is not defined and slave is failed) + - (slave.Is_Slave is defined and not slave.Is_Slave) or (slave.Is_Replica is defined and not slave.Is_Replica) or (slave.Is_Slave is undefined and slave.Is_Replica is undefined and slave is failed) - mysql_replication_role == 'slave' - mysql_replication_user.name is defined - (mysql_replication_master | length) > 0 @@ -54,6 +54,6 @@ community.mysql.mysql_replication: mode: startreplica when: - - (slave.Is_Slave is defined and slave.Is_Slave) or (slave.Is_Replica is defined and slave.Is_Replica) or (slave.Is_Slave is not defined and slave.Is_Replica is not defined and slave is failed) + - (slave.Is_Slave is defined and slave.Is_Slave) or (slave.Is_Replica is defined and slave.Is_Replica) or (slave.Is_Slave is undefined and slave.Is_Replica is undefined and slave is failed) - mysql_replication_role == 'slave' - (mysql_replication_master | length) > 0 diff --git a/roles/mysql_client/tasks/repo.yml b/roles/mysql_client/tasks/repo.yml index 2cff294..fd8a90f 100644 --- a/roles/mysql_client/tasks/repo.yml +++ b/roles/mysql_client/tasks/repo.yml @@ -14,7 +14,7 @@ src: mysql.gpg dest: '{{ mysql_apt_repo_key_file }}' mode: '0644' - when: mysql_apt_key_url is not defined + when: mysql_apt_key_url is undefined - name: Remove old apt repository files ansible.builtin.file: diff --git a/roles/nextcloud/templates/vhost.j2 b/roles/nextcloud/templates/vhost.j2 index 80d1922..22ef957 100644 --- a/roles/nextcloud/templates/vhost.j2 +++ b/roles/nextcloud/templates/vhost.j2 @@ -2,7 +2,7 @@ # nginx nextcloud configuration upstream php-handler { - server unix:{{ php_fpm_listen_base + '-' + instance.with_fpm + '.sock' if instance is defined and instance.with_fpm is defined and instance.with_fpm != 'www' else php_fpm_listen | default('/run/php5-fpm.sock') }}; + server unix:{{ php_fpm_base + '-' + instance.with_fpm + '.sock' if instance is defined and instance.with_fpm is defined and instance.with_fpm != 'www' else php_fpm_listen | default('/run/php/php-fpm.sock') }}; } server { diff --git a/roles/nodejs/tasks/setup.yml b/roles/nodejs/tasks/setup.yml index 99d49ec..36c4c1a 100644 --- a/roles/nodejs/tasks/setup.yml +++ b/roles/nodejs/tasks/setup.yml @@ -3,7 +3,7 @@ - name: Define nodejs_install_npm_user ansible.builtin.set_fact: nodejs_install_npm_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" - when: nodejs_install_npm_user is not defined + when: nodejs_install_npm_user is undefined - name: Create npm global directory for {{ nodejs_install_npm_user }} ansible.builtin.file: diff --git a/roles/php_fpm/defaults/main.yml b/roles/php_fpm/defaults/main.yml index acd5967..7c859c8 100644 --- a/roles/php_fpm/defaults/main.yml +++ b/roles/php_fpm/defaults/main.yml @@ -1,8 +1,13 @@ # defaults file for php_fpm --- -# add additional pools -php_fpm_extra_pools: [] +# fpm pools (at least one pool have to exist) +php_fpm_pools: + - name: www + user: '{{ nginx_user }}' + group: '{{ nginx_group }}' + listen_name: '{{ php_fpm_listen }}' + skip_user_create: true php_fpm_listen_allowed_clients: 127.0.0.1 php_fpm_pm_max_children: 10 @@ -12,10 +17,6 @@ php_fpm_pm_max_spare_servers: 5 php_fpm_pm_status_path: /php_status php_fpm_ping_path: /php_ping -php_fpm_pool_name: www -php_fpm_pool_user: '{{ nginx_user }}' -php_fpm_pool_group: '{{ nginx_group }}' - php_fpm_pool_clear_env: false php_date_timezone: '{{ ntp_timezone }}' diff --git a/roles/php_fpm/tasks/pool.yml b/roles/php_fpm/tasks/pool.yml new file mode 100644 index 0000000..9437aeb --- /dev/null +++ b/roles/php_fpm/tasks/pool.yml @@ -0,0 +1,27 @@ +--- + +- name: Create group for pool {{ pool.name }} + ansible.builtin.group: + name: '{{ pool.group }}' + state: present + system: true + when: pool.group is defined + +- name: Create system account for pool {{ pool.name }} + ansible.builtin.user: + name: '{{ pool.user | default(pool.name) }}' + home: '{{ pool.home | default(omit) }}' + group: "{{ pool.group | default(nginx_group) }}" + groups: "{{ pool.groups | default(omit) }}" + append: "{{ pool.groups is defined }}" + system: true + when: pool.skip_user_create is undefined or not pool.skip_user_create + +- name: Setup fpm pool {{ pool.name }} + ansible.builtin.template: + src: pool.j2 + dest: '{{ php_fpm_pool_dir }}/{{ pool.name }}.conf' + mode: '0644' + owner: root + group: root + notify: Restart php-fpm diff --git a/roles/php_fpm/tasks/pools.yml b/roles/php_fpm/tasks/pools.yml deleted file mode 100644 index 7c757cc..0000000 --- a/roles/php_fpm/tasks/pools.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Setup fpm pool www (default) configuration - ansible.builtin.template: - src: pool.j2 - dest: '{{ php_fpm_pool_dir }}/{{ php_fpm_pool_conf }}' - mode: '0644' - owner: root - group: root - notify: Restart php-fpm - -- name: Create system account for additional fpm pools - ansible.builtin.user: - name: '{{ item.user | default(item.name) }}' - home: '{{ item.home | default(omit) }}' - groups: '{{ nginx_group }}' - append: true - system: true - loop: '{{ php_fpm_extra_pools | default([]) }}' - -- name: Setup additional fpm user pools - ansible.builtin.template: - src: pool.j2 - dest: '{{ php_fpm_pool_dir }}/{{ item.name }}.conf' - mode: '0644' - loop: '{{ php_fpm_extra_pools | default([]) }}' - notify: Restart php-fpm diff --git a/roles/php_fpm/tasks/setup.yml b/roles/php_fpm/tasks/setup.yml index 3270df3..e11f0ab 100644 --- a/roles/php_fpm/tasks/setup.yml +++ b/roles/php_fpm/tasks/setup.yml @@ -29,8 +29,11 @@ group: root notify: Restart php-fpm -- name: Include pools tasks - ansible.builtin.include_tasks: pools.yml +- name: Include pool tasks + ansible.builtin.include_tasks: pool.yml + loop: '{{ php_fpm_pools }}' + loop_control: + loop_var: pool - name: Start the php-fpm service ansible.builtin.systemd: diff --git a/roles/php_fpm/templates/php-fpm.j2 b/roles/php_fpm/templates/php-fpm.j2 index 170b5c1..d329796 100644 --- a/roles/php_fpm/templates/php-fpm.j2 +++ b/roles/php_fpm/templates/php-fpm.j2 @@ -6,14 +6,6 @@ ; prefix (/usr). This prefix can be dynamically changed by using the ; '-p' argument from the command line. -; Include one or more files. If glob(3) exists, it is used to include a bunch of -; files from a glob(3) pattern. This directive can be used everywhere in the -; file. -; Relative path can also be used. They will be prefixed by: -; - the global prefix if it's been set (-p argument) -; - /usr otherwise -;include=/etc/php5/fpm/*.conf - ;;;;;;;;;;;;;;;;;; ; Global Options ; ;;;;;;;;;;;;;;;;;; @@ -22,11 +14,13 @@ ; Pid file ; Note: the default prefix is /var ; Default Value: none +; Warning: if you change the value here, you need to modify systemd +; service PIDFile= setting to match the value here. pid = {{ php_fpm_pid }} ; Error log file ; If it's set to "syslog", log is sent to syslogd instead of being written -; in a local file. +; into a local file. ; Note: the default prefix is /var ; Default Value: log/php-fpm.log error_log = syslog @@ -49,6 +43,24 @@ error_log = syslog ; Default Value: notice ;log_level = notice +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentially improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + ; If this number of child processes exit with SIGSEGV or SIGBUS within the time ; interval set by emergency_restart_interval then FPM will restart. A value ; of '0' means 'Off'. @@ -69,7 +81,7 @@ error_log = syslog ; Default Value: 0 ;process_control_timeout = 0 -; The maximum number of processes FPM will fork. This has been design to control +; The maximum number of processes FPM will fork. This has been designed to control ; the global number of processes when using dynamic PM within a lot of pools. ; Use it with caution. ; Note: A value of 0 indicates no limit @@ -77,10 +89,10 @@ error_log = syslog ; process.max = 128 ; Specify the nice(2) priority to apply to the master process (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) +; The value can vary from -19 (highest priority) to 20 (lowest priority) ; Note: - It will only work if the FPM master process is launched as root ; - The pool process will inherit the master process priority -; unless it specified otherwise +; unless specified otherwise ; Default Value: no set ; process.priority = -19 @@ -107,8 +119,8 @@ error_log = syslog ; Default Value: not set (auto detection) ;events.mechanism = epoll -; When FPM is build with systemd integration, specify the interval, -; in second, between health report notification to systemd. +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. ; Set to 0 to disable. ; Available Units: s(econds), m(inutes), h(ours) ; Default Unit: seconds @@ -124,6 +136,10 @@ error_log = syslog ; used in logs and stats. There is no limitation on the number of pools which ; FPM can handle. Your system will tell you anyway :) -; To configure the pools it is recommended to have one .conf file per -; pool in the following directory: +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise include={{ php_fpm_pool_dir }}/*.conf diff --git a/roles/php_fpm/templates/pool.j2 b/roles/php_fpm/templates/pool.j2 index 72565e5..f85a1f2 100644 --- a/roles/php_fpm/templates/pool.j2 +++ b/roles/php_fpm/templates/pool.j2 @@ -2,7 +2,7 @@ ; Start a new pool named 'www'. ; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) -[{{ item.name if item is defined else php_fpm_pool_name }}] +[{{ pool.name }}] ; Per pool prefix ; It only applies on the following directives: @@ -21,8 +21,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = {{ item.user | default(item.name) if item is defined else php_fpm_pool_user }} -group = {{ item.user | default(item.name) if item is defined else php_fpm_pool_group }} +user = {{ pool.user | default(pool.name) }} +group = {{ pool.group | default(pool.user) | default(pool.name) }} ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -34,7 +34,7 @@ group = {{ item.user | default(item.name) if item is defined else php_fpm_pool_g ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = {{ php_fpm_listen_base + '-' + item.name + '.sock' if item is defined else php_fpm_listen }} +listen = {{ pool.listen_name if pool.listen_name is defined else php_fpm_listen }} ; Set listen(2) backlog. ; Default Value: 511 (-1 on FreeBSD and OpenBSD) @@ -111,22 +111,22 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = {{ php_fpm_pm_max_children }} +pm.max_children = {{ pool.pm_max_children | default(php_fpm_pm_max_children) }} ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = {{ php_fpm_pm_start_servers }} +pm.start_servers = {{ pool.pm_start_servers | default(php_fpm_pm_start_servers) }} ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }} +pm.min_spare_servers = {{ pool.pm_min_spare_servers | default(php_fpm_pm_min_spare_servers) }} ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }} +pm.max_spare_servers = {{ pool.pm_max_spare_servers | default(php_fpm_pm_max_spare_servers) }} ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' diff --git a/roles/php_fpm/vars/Debian-bookworm.yml b/roles/php_fpm/vars/Debian-bookworm.yml index 0358e7c..ec8d4b0 100644 --- a/roles/php_fpm/vars/Debian-bookworm.yml +++ b/roles/php_fpm/vars/Debian-bookworm.yml @@ -1,14 +1,16 @@ --- -php_fpm_listen_base: /run/php/php8.2-fpm -php_fpm_listen: '{{ php_fpm_listen_base }}.sock' -php_fpm_php_fpm_conf: /etc/php/8.2/fpm/php-fpm.conf -php_fpm_custom_php_ini: /etc/php/8.2/fpm/conf.d/custom.ini -php_fpm_pool_dir: /etc/php/8.2/fpm/pool.d -php_fpm_pool_conf: www.conf -php_fpm_service: php8.2-fpm -php_fpm_pid: /run/php/{{ php_fpm_service }}.pid +php_fpm_version: '8.2' + +php_fpm_service: php{{ php_fpm_version }}-fpm +php_fpm_php_fpm_conf: /etc/php/{{ php_fpm_version }}/fpm/php-fpm.conf +php_fpm_custom_php_ini: /etc/php/{{ php_fpm_version }}/fpm/conf.d/custom.ini +php_fpm_pool_dir: /etc/php/{{ php_fpm_version }}/fpm/pool.d __php_session_save_path: /var/lib/php/sessions +php_fpm_base: /run/php/{{ php_fpm_service }} +php_fpm_listen: '{{ php_fpm_base }}.sock' +php_fpm_pid: '{{ php_fpm_base }}.pid' + php_fpm_packages: - php8.2-fpm - php8.2-gd diff --git a/roles/php_fpm/vars/Debian-bullseye.yml b/roles/php_fpm/vars/Debian-bullseye.yml index 52fa268..b8f610d 100644 --- a/roles/php_fpm/vars/Debian-bullseye.yml +++ b/roles/php_fpm/vars/Debian-bullseye.yml @@ -1,14 +1,16 @@ --- -php_fpm_listen_base: /run/php/php7.4-fpm -php_fpm_listen: '{{ php_fpm_listen_base }}.sock' -php_fpm_php_fpm_conf: /etc/php/7.4/fpm/php-fpm.conf -php_fpm_custom_php_ini: /etc/php/7.4/fpm/conf.d/custom.ini -php_fpm_pool_dir: /etc/php/7.4/fpm/pool.d -php_fpm_pool_conf: www.conf -php_fpm_service: php7.4-fpm -php_fpm_pid: /run/php/{{ php_fpm_service }}.pid +php_fpm_version: '7.4' + +php_fpm_service: php{{ php_fpm_version }}-fpm +php_fpm_php_fpm_conf: /etc/php/{{ php_fpm_version }}/fpm/php-fpm.conf +php_fpm_custom_php_ini: /etc/php/{{ php_fpm_version }}/fpm/conf.d/custom.ini +php_fpm_pool_dir: /etc/php/{{ php_fpm_version }}/fpm/pool.d __php_session_save_path: /var/lib/php/sessions +php_fpm_base: /run/php/{{ php_fpm_service }} +php_fpm_listen: '{{ php_fpm_base }}.sock' +php_fpm_pid: '{{ php_fpm_base }}.pid' + php_fpm_packages: - php7.4-fpm - php7.4-gd diff --git a/roles/php_fpm/vars/Debian-buster.yml b/roles/php_fpm/vars/Debian-buster.yml index 85ec81c..8c05004 100644 --- a/roles/php_fpm/vars/Debian-buster.yml +++ b/roles/php_fpm/vars/Debian-buster.yml @@ -1,14 +1,16 @@ --- -php_fpm_listen_base: /run/php/php7.3-fpm -php_fpm_listen: '{{ php_fpm_listen_base }}.sock' -php_fpm_php_fpm_conf: /etc/php/7.3/fpm/php-fpm.conf -php_fpm_custom_php_ini: /etc/php/7.3/fpm/conf.d/custom.ini -php_fpm_pool_dir: /etc/php/7.3/fpm/pool.d -php_fpm_pool_conf: www.conf -php_fpm_service: php7.3-fpm -php_fpm_pid: /run/php/{{ php_fpm_service }}.pid +php_fpm_version: '7.3' + +php_fpm_service: php{{ php_fpm_version }}-fpm +php_fpm_php_fpm_conf: /etc/php/{{ php_fpm_version }}/fpm/php-fpm.conf +php_fpm_custom_php_ini: /etc/php/{{ php_fpm_version }}/fpm/conf.d/custom.ini +php_fpm_pool_dir: /etc/php/{{ php_fpm_version }}/fpm/pool.d __php_session_save_path: /var/lib/php/sessions +php_fpm_base: /run/php/{{ php_fpm_service }} +php_fpm_listen: '{{ php_fpm_base }}.sock' +php_fpm_pid: '{{ php_fpm_base }}.pid' + php_fpm_packages: - php7.3-fpm - php7.3-gd diff --git a/roles/php_fpm/vars/Ubuntu-jammy.yml b/roles/php_fpm/vars/Ubuntu-jammy.yml index 5904f5d..ff70de9 100644 --- a/roles/php_fpm/vars/Ubuntu-jammy.yml +++ b/roles/php_fpm/vars/Ubuntu-jammy.yml @@ -1,14 +1,16 @@ --- -php_fpm_listen_base: /run/php/php8.1-fpm -php_fpm_listen: '{{ php_fpm_listen_base }}.sock' -php_fpm_php_fpm_conf: /etc/php/8.1/fpm/php-fpm.conf -php_fpm_custom_php_ini: /etc/php/8.1/fpm/conf.d/custom.ini -php_fpm_pool_dir: /etc/php/8.1/fpm/pool.d -php_fpm_pool_conf: www.conf -php_fpm_service: php8.1-fpm -php_fpm_pid: /run/php/{{ php_fpm_service }}.pid +php_fpm_version: '8.1' + +php_fpm_service: php{{ php_fpm_version }}-fpm +php_fpm_php_fpm_conf: /etc/php/{{ php_fpm_version }}/fpm/php-fpm.conf +php_fpm_custom_php_ini: /etc/php/{{ php_fpm_version }}/fpm/conf.d/custom.ini +php_fpm_pool_dir: /etc/php/{{ php_fpm_version }}/fpm/pool.d __php_session_save_path: /var/lib/php/sessions +php_fpm_base: /run/php/{{ php_fpm_service }} +php_fpm_listen: '{{ php_fpm_base }}.sock' +php_fpm_pid: '{{ php_fpm_base }}.pid' + php_fpm_packages: - php8.1-fpm - php8.1-gd diff --git a/roles/php_fpm/vars/Ubuntu-noble.yml b/roles/php_fpm/vars/Ubuntu-noble.yml index ffbbade..97f4a8a 100644 --- a/roles/php_fpm/vars/Ubuntu-noble.yml +++ b/roles/php_fpm/vars/Ubuntu-noble.yml @@ -1,14 +1,16 @@ --- -php_fpm_listen_base: /run/php/php8.3-fpm -php_fpm_listen: '{{ php_fpm_listen_base }}.sock' -php_fpm_php_fpm_conf: /etc/php/8.3/fpm/php-fpm.conf -php_fpm_custom_php_ini: /etc/php/8.3/fpm/conf.d/custom.ini -php_fpm_pool_dir: /etc/php/8.3/fpm/pool.d -php_fpm_pool_conf: www.conf -php_fpm_service: php8.3-fpm -php_fpm_pid: /run/php/{{ php_fpm_service }}.pid +php_fpm_version: '8.3' + +php_fpm_service: php{{ php_fpm_version }}-fpm +php_fpm_php_fpm_conf: /etc/php/{{ php_fpm_version }}/fpm/php-fpm.conf +php_fpm_custom_php_ini: /etc/php/{{ php_fpm_version }}/fpm/conf.d/custom.ini +php_fpm_pool_dir: /etc/php/{{ php_fpm_version }}/fpm/pool.d __php_session_save_path: /var/lib/php/sessions +php_fpm_base: /run/php/{{ php_fpm_service }} +php_fpm_listen: '{{ php_fpm_base }}.sock' +php_fpm_pid: '{{ php_fpm_base }}.pid' + php_fpm_packages: - php8.3-fpm - php8.3-gd diff --git a/roles/rocketchat/defaults/main.yml b/roles/rocketchat/defaults/main.yml index b32229b..39de427 100644 --- a/roles/rocketchat/defaults/main.yml +++ b/roles/rocketchat/defaults/main.yml @@ -9,7 +9,7 @@ rocketchat_packages: rocketchat_dir: /srv/rocketchat rocketchat_application_path: '{{ rocketchat_dir }}/bundle' # "latest" implies latest stable here, can be "3.3.0", for example -rocketchat_version: 6.10.1 +rocketchat_version: 6.10.2 # rocketchat_tarball_remote: https://releases.rocket.chat/{{ rocketchat_version }}/download rocketchat_tarball_remote: https://cdn-download.rocket.chat/build/rocket.chat-{{ rocketchat_version }}.tgz rocketchat_tarball_fetch_timeout: 100 diff --git a/roles/rvm/tasks/rvm.yml b/roles/rvm/tasks/rvm.yml index 13787bc..308bfc8 100644 --- a/roles/rvm/tasks/rvm.yml +++ b/roles/rvm/tasks/rvm.yml @@ -29,7 +29,7 @@ check_mode: false with_items: '{{ rvm1_gpg_key_servers }}' register: gpg_import - when: not ansible_check_mode and rvm1_gpg_keys | length and (gpg_import is not defined or gpg_import.rc != 0) + when: not ansible_check_mode and rvm1_gpg_keys | length and (gpg_import is undefined or gpg_import.rc != 0) ignore_errors: true - name: Was GPG import from keyservers succesfull? @@ -45,7 +45,7 @@ with_items: - mpapis.asc - pkuczynski.asc - when: not ansible_check_mode and rvm1_gpg_keys | length and gpg_imported_from is not defined + when: not ansible_check_mode and rvm1_gpg_keys | length and gpg_imported_from is undefined - name: Install rvm ansible.builtin.shell: > diff --git a/roles/wordpress/tasks/instance_install.yml b/roles/wordpress/tasks/instance_install.yml index ee409b5..c3924f0 100644 --- a/roles/wordpress/tasks/instance_install.yml +++ b/roles/wordpress/tasks/instance_install.yml @@ -12,7 +12,7 @@ register: git_result - name: Without git - when: instance.repo is not defined + when: instance.repo is undefined block: - name: Check if WordPress already downloaded ansible.builtin.stat: