add some php limit value

get rid of phpfpm listen url in favor of socket

README.md

@@ -13,18 +13,19 @@ None
 
 Role Variables
 --------------
-php_poolname: default www (version will be appended)
-php_version: default 81
+php_pool_name: default {{ php_fpm_pool_user }}_{{ php_version_nodot }}
+php_fpm_listen_socket: NO DEFAULT
+php_fpm_create_pool: default false
+php_version: STRING default "8.2"
 php_fpm_pool_user: default apache
 php_fpm_pool_group: default apache
-php_fpm_listen_url: default 127.0.0.1:90{{ php_version }}
 php_pm: static
 php_pm_max_children: 1000
 php_pm_max_requests: 10000
 php_min_spare_servers: 5
 php_max_spare_servers: 35
 php_pm_status_url: /phpstatus
-php_packages: [ 'php{{ php_version }}-php-common' ]
+php_packages: [ 'php{{ php_version_nodot }}-php-common' ]
 php_use_phpmyadmin: default false
 pma_install_dir: /var/www/html
 pma_version: 5.2.1
@@ -44,30 +45,30 @@ Including an example of how to use your role (for instance, with variables passe
   roles:
   - role: tconstans.php-fpm
     vars:
-      php_poolname: pool1
+      php_pool_name: pool1
       php_fpm_listen_url: "/srv/pool1/php-fpm.sock"
-      php_version: 74
+      php_version_nodot: 74
       php_packages:
-      - php{{ php_version }}-php-mbstring
-      - php{{ php_version }}-php-mysqlnd
-      - php{{ php_version }}-php-pdo
-      - php{{ php_version }}-php-xml
-      - php{{ php_version }}-php-gd
-      - php{{ php_version }}-php-posix
-      - php{{ php_version }}-php-ldap
-      - php{{ php_version }}-php-curl
-      - php{{ php_version }}-php-iconv
-      - php{{ php_version }}-php-openssl
-      - php{{ php_version }}-php-zip
-      - php{{ php_version }}-php-zlib
-      - php{{ php_version }}-php-ctype
+      - php{{ php_version_nodot }}-php-mbstring
+      - php{{ php_version_nodot }}-php-mysqlnd
+      - php{{ php_version_nodot }}-php-pdo
+      - php{{ php_version_nodot }}-php-xml
+      - php{{ php_version_nodot }}-php-gd
+      - php{{ php_version_nodot }}-php-posix
+      - php{{ php_version_nodot }}-php-ldap
+      - php{{ php_version_nodot }}-php-curl
+      - php{{ php_version_nodot }}-php-iconv
+      - php{{ php_version_nodot }}-php-openssl
+      - php{{ php_version_nodot }}-php-zip
+      - php{{ php_version_nodot }}-php-zlib
+      - php{{ php_version_nodot }}-php-ctype
   - role: tconstans.php-fpm
     vars:
-      php_poolname: pool2
+      php_pool_name: pool2
       php_fpm_listen_url: "/srv/pool2/php-fpm.sock"
-      php_version: 80
+      php_version_nodot: 80
       php_packages:
-      - php{{ php_version }}-php-zip
+      - php{{ php_version_nodot }}-php-zip
 License
 -------
 

defaults/main.yml

@@ -1,15 +1,15 @@
 ---
 # defaults file for php-fpm
-php_poolname: www
-php_version: 81
-php_fpm_pool_user: apache
-php_fpm_pool_group: apache
-php_fpm_listen_url: 127.0.0.1:90{{ php_version }}
+php_version: "8.2"
+php_version_nodot: "{{php_version[0]}}{{php_version[2]}}"
+php_pool_name: "{{ php_fpm_pool_user }}_{{ php_version_nodot }}"
+php_fpm_create_pool: False
+php_fpm_pool_user: "{{ apache_user }}"
+php_fpm_pool_group: "{{ apache_group }}"
 php_pm: static
 php_pm_max_children: 100
 php_pm_max_requests: 10000
 php_pm_status_url: /phpstatus
-php_packages: [ 'php{{ php_version }}-php-common' ]
 php_min_spare_servers: 5
 php_max_spare_servers: 35
 php_use_phpmyadmin: false

handlers/main.yml

@@ -2,5 +2,5 @@
 # handlers file for php-fpm
 - name: restart php-fpm
   service:
-    name: php{{ php_version }}-php-fpm
+    name: "{{ php_service_name }}"
     state: restarted

tasks/php-fpm.yml

@@ -3,52 +3,103 @@
 #
 #
 
+- name: import os vars
+  tags: always
+  include_vars: "{{ ansible_os_family|lower }}.yml"
+
 - name: install repository definitions
-  package:
+  ansible.builtin.package:
     name:
     - "https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm"
     - epel-release
     - yum-utils
     state: present
+  when: ansible_os_family=='RedHat'
+
+- name: "setup  repository - debian"
+  block:
+  - name: Check if my_package is installed
+    command: dpkg-query -W debsuryorg-archive-keyring
+    register: my_package_check_deb
+    failed_when: my_package_check_deb.rc > 1
+    changed_when: my_package_check_deb.rc == 1
+    
+  - name: setup repo key
+    ansible.builtin.get_url:
+      url: https://packages.sury.org/debsuryorg-archive-keyring.deb
+      dest: /tmp/debsuryorg-archive-keyring.deb
+    when: my_package_check_deb.rc==1
+
+  - name: install key
+    ansible.builtin.apt:
+      state: present
+      deb: /tmp/debsuryorg-archive-keyring.deb
+    when: my_package_check_deb.rc==1
+
+
+  - name: setup source list
+    ansible.builtin.template:
+        src: php_sury_sources.list
+        dest: /etc/apt/sources.list.d/php_sury.sources.list
+    register: repo_setup
+
+  - name: update cache
+    ansible.builtin.apt:
+        update_cache: true
+    when: repo_setup.changed
+  when: ansible_os_family | lower == 'debian'
 
 - name: create socket directory if needed
-  file:
-    path: "{{ php_fpm_listen_url|dirname }}"
+  ansible.builtin.file:
+    path: "{{ php_fpm_listen_socket|dirname }}"
     state: directory
     owner: "{{ php_fpm_pool_user }}"
-  when: php_fpm_listen_url[0] == '/'
-
 
 - name: install php-fpm
-  yum:
-    name:
-    - php{{php_version}}-php-fpm
-    state: installed
+  ansible.builtin.package:
+    name: '{{ php_fpm_packages}}'
+    state: present
 
 - name: install php packages
-  yum:
+  ansible.builtin.package:
     name: "{{ php_packages }}"
     state: present
+  when: php_packages is defined
 
 - name: disable default pool
   copy:
     content: ""
-    dest: "/etc/opt/remi/php{{ php_version }}/php-fpm.d/www.conf"
-  notify: restart php-fpm
+    dest: "{{ php_fpm_pool_dir }}/www.conf"
 
 - name: configure php-fpm pool 2
   template:
     src: www.conf
-    dest: /etc/opt/remi/php{{ php_version }}/php-fpm.d/{{ php_poolname }}_{{ php_version }}.conf
+    dest: "{{ php_fpm_pool_dir }}/{{ php_pool_name }}.conf"
   notify: restart php-fpm
+  when: php_fpm_create_pool
 
-- name: start and enable service
+- name: setup apache config file
+  ansible.builtin.template:
+   src: php_apache_config.conf.jj
+   dest: /etc/apache2/php_fpm_{{ php_version }}_{{ php_pool_name }}.conf.inc
+   owner: root
+   group: root
+   mode: 0644
+
+- name: enable service
   service:
-    name: php{{php_version}}-php-fpm
+    name: "{{ php_service_name }}"
     enabled: yes
+
+- name: start service
+  service:
+    name: "{{ php_service_name }}"
     state: started
+  when: php_fpm_create_pool
 
 - name: configure logrotate
   template:
     src: logrotate.conf.jj
-    dest: /etc/logrotate.d/php-fpm.conf
+    dest: "/etc/logrotate.d/php-fpm-{{php_version }}.conf"
+    owner: root
+    group: root

templates/logrotate.conf.jj

@@ -1,11 +1,16 @@
-/var/opt/remi/php{{ php_version }}/log/php-fpm/*log {
+#{{ ansible_managed }}
+{{ php_fpm_log_dir }}/php_fpm*{{ php_version_nodot }}*.log {
    daily
    rotate 15
    missingok
    notifempty
    sharedscripts
 	postrotate
-      /bin/systemctl reload php{{ php_version }}-php-fpm
+		if [ -x /usr/lib/php/php{{ php_version }}-fpm-reopenlogs ]; then
+			/usr/lib/php/php{{ php_version }}-fpm-reopenlogs;
+      else
+         /bin/systemctl reload  {{ php_service_name }}
+		fi
 	endscript
 }
 

templates/php_apache_config.conf.jj

@@ -0,0 +1,4 @@
+"{{ ansible_managed }}"
+<FilesMatch \.php$>
+   SetHandler  "proxy:unix:{{ php_fpm_listen_socket }}|fcgi://localhost/"
+</FilesMatch>

templates/php_sury_sources.list

@@ -0,0 +1,2 @@
+#{{ ansible_managed }}
+deb [signed-by=/etc/apt/trusted.gpg.d/debsuryorg-archive.gpg] https://packages.sury.org/php/ {{ ansible_distribution_release }} main

templates/www.conf

@@ -1,7 +1,8 @@
-[{{ php_poolname}}_{{ php_version }}]
+;{{ ansible_managed }}
+[{{ php_pool_name }}]
 user = {{ php_fpm_pool_user }}
 group = {{ php_fpm_pool_group }}
-listen = {{ php_fpm_listen_url }}
+listen = {{ php_fpm_listen_socket }}
 listen.backlog = 511
 listen.mode =  0660
 listen.owner = {{ php_fpm_pool_user }}
@@ -15,9 +16,14 @@ pm.max_requests = {{ php_pm_max_requests }}
 pm.status_path = {{ php_pm_status_url }}
 ping.path = /ping
 access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
-access.log = /var/opt/remi/php{{ php_version }}/log/php-fpm/$pool.access.log
-slowlog = /var/opt/remi/php{{ php_version }}/log/php-fpm/$pool.slow.log
+access.log = {{ php_fpm_log_dir }}php_fpm_$pool.access.log
+slowlog = {{ php_fpm_log_dir }}php_fpm_$pool.slow.log
 request_slowlog_timeout = 5s
 php_value[session.save_handler] = files
-php_value[session.save_path]    = /var/opt/remi/php{{ php_version }}/lib/php/session
-php_value[soap.wsdl_cache_dir]  = /var/opt/remi/php{{ php_version }}/lib/php/wsdlcache
+php_value[session.save_path]    = {{ php_fpm_lib_dir }}/sessions
+php_value[soap.wsdl_cache_dir]  = {{ php_fpm_lib_dir }}/wsdlcache
+php_admin_value[upload_max_filesize] = 64M
+php_admin_value[post_max_size]=64M
+php_admin_value[max_execution_time]=300
+php_admin_value[memory_limit]=512M
+

vars/debian.yml

@@ -0,0 +1,10 @@
+#/home/tom/Documents/Opendoor/Technique/Ansible/roles/tco.php-fpm/vars/debian.yml
+php_fpm_pool_dir: /etc/php/{{ php_version }}/fpm/pool.d/
+php_fpm_log_dir: /var/log/
+php_service_name: php{{ php_version }}-fpm
+php_fpm_lib_dir: /var/lib/php/
+apache_user: www-data
+apache_group: www-data
+php_fpm_packages:
+- "php{{ php_version }}-fpm"
+- "php{{ php_version }}-common"

vars/redhat.yml

@@ -0,0 +1,11 @@
+#/home/tom/Documents/Opendoor/Technique/Ansible/roles/tco.php-fpm/vars/redhat.yml
+
+php_fpm_pool_dir: /etc/opt/remi/php{{ php_version_nodot }}/php-fpm.d/
+php_service_name: "php{{ php_version_nodot }}-php-fpm"
+php_fpm_log_dir: "/var/opt/remi/php{{ php_version_nodot }}/log/php-fpm/"
+php_fpm_lib_dir: "/var/opt/remi/php{{ php_version_nodot }}/lib/php/"
+apache_user: apache
+apache_group: apache
+php_fpm_packages:
+- "php{{ php_version_nodot }}-php-fpm"
+- "php{{ php_version_nodot }}-php-common"