diff --git a/docs/rolereference.rst b/docs/rolereference.rst index df01269b0247d96584224b33e9279233b59512de..bd050e1cef1bb5f0509447875d4fcfb4fc29ef64 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -1379,6 +1379,7 @@ Distribution compatibility Role is compatible with the following distributions: - Debian 8 (Jessie) +- Debian 9 (Stretch) Examples diff --git a/docs/usage.rst b/docs/usage.rst index ded3e0802a9c90089806673dc828ffca964c9a86..63f1a4fc4d79c7c2bb5af25bbff97799bd70bded 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -1290,7 +1290,7 @@ Before we start, here is a couple of useful pointers regarding the the name is also derived from the FQDN of website, for example ``admin-tbg_example_com``. Administrative user does not have a dedicated group, and instead belongs to same group as the application user. -* PHP applications are executed via FastCGI, using the ``php5-fpm`` package. +* PHP applications are executed via FastCGI, using *PHP-FPM*. * If you ever need to set some additional PHP FPM settings, this can easily be done via the ``additional_fpm_config`` role parameter. This particular example does not set any, though. @@ -1308,7 +1308,7 @@ Before we start, here is a couple of useful pointers regarding the application's group. In other words, all directories will have ``SGID`` bit set, allowing you to create files/directories that will have their group automatically set to the group of the parent directory. -* Files are served (both by *Nginx* and *php5-fpm*) from sub-directory called +* Files are served (both by *Nginx* and *PHP-FPM*) from sub-directory called ``htdocs`` (located in website directory). For example ``/var/www/tbg.example.com/htdocs/``. Normally, this can be a symlink to some other sub-directory within the website directory (useful for having multiple diff --git a/roles/web_server/defaults/main.yml b/roles/web_server/defaults/main.yml index 6fac5ce7fc05417885378b661cebdef2c117b2b9..c7a52e5edaabc3621683fd26e86fe035dc7c2332 100644 --- a/roles/web_server/defaults/main.yml +++ b/roles/web_server/defaults/main.yml @@ -10,3 +10,8 @@ web_server_tls_protocols: web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\ DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\ ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT" + +# Internal parameters +php_fpm_package_name: "{% if ansible_distribution_release == 'jessie' %}php5-fpm{% elif ansible_distribution_release == 'stretch' %}php-fpm{% endif %}" +php_fpm_service_name: "{% if ansible_distribution_release == 'jessie' %}php5-fpm{% elif ansible_distribution_release == 'stretch' %}php7.0-fpm{% endif %}" +php_base_config_dir: "{% if ansible_distribution_release == 'jessie' %}/etc/php5{% elif ansible_distribution_release == 'stretch' %}/etc/php/7.0{% endif %}" diff --git a/roles/web_server/files/php5_fpm_umask.conf b/roles/web_server/files/php_fpm_umask.conf similarity index 100% rename from roles/web_server/files/php5_fpm_umask.conf rename to roles/web_server/files/php_fpm_umask.conf diff --git a/roles/web_server/handlers/main.yml b/roles/web_server/handlers/main.yml index 48b3a2051eaaf069c2e4020e2e7fd1637c5c6fbd..432f944a4ed81c454115e19b63720d0dcb0bf7f0 100644 --- a/roles/web_server/handlers/main.yml +++ b/roles/web_server/handlers/main.yml @@ -5,7 +5,7 @@ name: nginx state: restarted -- name: Restart php5-fpm +- name: Restart PHP-FPM service: - name: php5-fpm + name: "{{ php_fpm_service_name }}" state: restarted diff --git a/roles/web_server/molecule/default/molecule.yml b/roles/web_server/molecule/default/molecule.yml index abf21de298d00c1dd9c0cc1827c943547db56a3a..94a6d9376a61237e44b886e336475d7b4f665ba5 100644 --- a/roles/web_server/molecule/default/molecule.yml +++ b/roles/web_server/molecule/default/molecule.yml @@ -14,9 +14,10 @@ lint: platforms: - - name: client1 + - name: client1-jessie groups: - client + - jessie box: debian/contrib-jessie64 memory: 256 cpus: 1 @@ -26,9 +27,23 @@ platforms: network_name: private_network type: static + - name: client1-stretch + groups: + - client + - stretch + box: debian/contrib-stretch64 + memory: 256 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.21 + network_name: private_network + type: static + - name: parameters-mandatory-jessie64 groups: - parameters-mandatory + - jessie box: debian/contrib-jessie64 memory: 512 cpus: 1 @@ -41,6 +56,7 @@ platforms: - name: parameters-optional-jessie64 groups: - parameters-optional + - jessie box: debian/contrib-jessie64 memory: 512 cpus: 1 @@ -50,6 +66,32 @@ platforms: network_name: private_network type: static + - name: parameters-mandatory-stretch64 + groups: + - parameters-mandatory + - stretch + box: debian/contrib-stretch64 + memory: 512 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.32 + network_name: private_network + type: static + + - name: parameters-optional-stretch64 + groups: + - parameters-optional + - stretch + box: debian/contrib-stretch64 + memory: 512 + cpus: 1 + interfaces: + - auto_config: true + ip: 10.31.127.33 + network_name: private_network + type: static + provisioner: name: ansible config_options: diff --git a/roles/web_server/molecule/default/prepare.yml b/roles/web_server/molecule/default/prepare.yml index dffe21c6d93ef33aa1ca1236319e311f826b9b26..a4bbf86fa46b522aaa9ee2fb3a26086a1ca49f06 100644 --- a/roles/web_server/molecule/default/prepare.yml +++ b/roles/web_server/molecule/default/prepare.yml @@ -18,7 +18,7 @@ update_cache: true changed_when: false -- hosts: all +- hosts: jessie become: true tasks: @@ -33,15 +33,38 @@ state: present with_dict: 10.31.127.20: "client1" - 10.31.127.30: "parameters-mandatory parameters-mandatory-jessie64" - 10.31.127.31: "parameters-optional parameters-optional-jessie64" + 10.31.127.30: "parameters-mandatory" + 10.31.127.31: "parameters-optional" + + - name: Install curl for testing redirects and webpage content + apt: + name: curl + state: present + +- hosts: stretch + become: true + tasks: + + - name: Set-up the hosts file + lineinfile: + path: /etc/hosts + regexp: "^{{ item.key }}" + line: "{{ item.key }} {{ item.value }}" + owner: root + group: root + mode: 0644 + state: present + with_dict: + 10.31.127.21: "client1" + 10.31.127.32: "parameters-mandatory" + 10.31.127.33: "parameters-optional" - name: Install curl for testing redirects and webpage content apt: name: curl state: present -- hosts: client1 +- hosts: client become: true tasks: diff --git a/roles/web_server/molecule/default/tests/conftest.py b/roles/web_server/molecule/default/tests/conftest.py new file mode 100644 index 0000000000000000000000000000000000000000..8c3a876b6cefd9026e01902f75dc1360e1d6addc --- /dev/null +++ b/roles/web_server/molecule/default/tests/conftest.py @@ -0,0 +1,36 @@ +from collections import namedtuple + +import pytest + + +@pytest.fixture +def php_info(host): + """ + Helper fixture used to define what the expected PHP-FPM package + name, PHP-FPM service name, and PHP base configuration directory + is based on Debian release. + + Currently supports Debian 8 (Jessie), and Debian 9 (Stretch). + + Resulting information can be accessed through returned named tuple + with the following properties: + + - fpm_package (name of the PHP-FPM package) + - fpm_service (name of the PHP-FPM system service) + - base_config_dir (base configuration directory for PHP) + """ + + + PHPInfo = namedtuple('PHPInfo', 'fpm_package fpm_service base_config_dir') + + ansible_facts = host.ansible("setup")["ansible_facts"] + ansible_distribution_release = ansible_facts['ansible_distribution_release'] + + if ansible_distribution_release == 'jessie': + info = PHPInfo(fpm_package='php5-fpm', fpm_service='php5-fpm', base_config_dir='/etc/php5') + elif ansible_distribution_release == 'stretch': + info = PHPInfo(fpm_package='php-fpm', fpm_service='php7.0-fpm', base_config_dir='/etc/php/7.0') + else: + raise Exception('The php_info pytest fixture does not support Debian release: %s' % ansible_distribution_release) + + return info diff --git a/roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.key b/roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.key new file mode 100644 index 0000000000000000000000000000000000000000..7ff97f129be270d3d8711d21ac562d86fbc6a46d --- /dev/null +++ b/roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.key @@ -0,0 +1,134 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Medium (2048 bits) + +modulus: + 00:c0:7c:c1:64:b5:42:b5:c1:38:e8:02:5e:88:40:a2 + c5:d3:de:7e:72:77:d4:d9:72:88:62:05:85:75:67:96 + 09:97:2c:9b:91:58:0f:83:ef:c7:64:1e:53:ed:0f:3c + 10:e2:97:a3:20:c3:aa:f8:16:22:55:d8:e9:0a:19:9f + e7:3b:81:76:79:27:eb:56:c5:13:9f:f1:18:0b:e4:94 + 1b:d8:91:1e:65:64:b4:8c:5c:8d:79:f4:4d:e2:0a:5d + a5:53:82:27:b0:a7:da:19:8a:0b:f2:e2:da:87:b9:4e + 98:47:1a:1c:b6:4a:15:52:40:e0:21:67:a1:3c:88:dd + e2:fb:37:53:9c:1d:69:17:a8:85:7a:03:a6:87:d4:c0 + ea:da:73:7c:d9:91:e6:5f:aa:3d:28:dd:3d:33:aa:76 + 82:88:a0:5b:26:67:72:11:b2:16:03:78:c7:5c:cf:11 + f3:66:17:53:6e:ac:01:c7:7f:7a:57:a7:9e:c0:4d:74 + 3e:f2:5a:89:bf:c4:16:8f:b9:7f:c1:bb:b7:8b:b1:96 + 9e:5f:ac:84:fa:01:66:57:ba:46:a5:7e:da:09:e8:bb + 4a:26:13:44:b9:44:31:b7:82:6f:a5:8e:6c:23:8b:ea + 0c:af:42:88:6c:a7:24:82:51:60:42:cf:b3:8d:54:f2 + 23: + +public exponent: + 01:00:01: + +private exponent: + 00:b5:dd:e9:d7:de:4f:3e:6d:66:f8:07:2d:0c:2d:8d + dd:be:75:ed:20:f8:49:ba:7e:35:8f:ef:c9:8e:09:26 + 40:bf:7e:1d:2a:71:7a:8f:5d:21:16:5e:75:4b:79:66 + 76:49:b1:9e:26:99:d9:52:f7:8e:cf:6f:d7:97:7c:68 + 91:d0:ae:5c:a2:d2:6d:d0:18:fa:96:d6:f3:b2:60:f0 + f3:72:66:82:c2:a8:28:d2:a9:ab:de:7b:4e:8e:f0:de + 54:13:97:d9:2a:57:1d:81:9d:e5:f6:42:12:d9:c3:e3 + 17:8b:ae:87:4c:50:a8:de:83:7f:80:f0:69:ee:49:1e + e2:ef:a8:f2:f7:b1:0f:a1:f8:64:0e:8d:6b:f8:e8:5e + 52:24:f5:44:8d:23:76:e0:90:a4:f6:3b:98:46:93:58 + 3f:52:b1:12:f2:6f:02:96:40:0e:18:4d:19:20:20:3a + 33:6c:cd:2e:05:c0:1a:bf:6c:74:c3:02:bb:9a:7f:e5 + 4e:bf:47:d6:c8:ee:71:43:d0:6f:f6:4f:72:65:ec:1a + 76:91:18:97:6f:e7:21:df:22:9d:02:97:83:5b:52:ca + 86:6f:07:74:67:70:80:85:d2:44:0c:b6:f6:b3:10:f2 + b8:45:e9:8c:d1:c2:e7:67:6d:00:78:0e:30:c7:76:0f + 31: + +prime1: + 00:cf:69:36:e8:83:17:46:22:20:ec:59:24:f7:16:4f + 8e:08:69:0d:29:32:24:9d:90:fb:8e:97:65:ba:3b:50 + 5e:ca:92:cd:9d:4f:fb:e3:7b:2b:41:58:6c:3a:e8:cd + 91:d9:14:b1:e0:22:d6:df:ec:c8:06:e4:85:f7:00:f0 + 53:a7:89:20:21:d8:ff:a9:3a:4d:59:06:30:04:fa:98 + fd:60:bf:6f:3c:79:c3:ad:79:91:1c:a6:94:00:44:be + e7:43:59:5c:21:ab:1f:aa:c7:5b:e4:ad:d7:00:4c:13 + 7d:63:89:af:4c:b6:ea:86:b2:59:1d:c8:f7:ee:94:1e + 7b: + +prime2: + 00:ed:94:8b:24:82:ab:89:6a:16:d9:75:4b:a6:0c:fa + 1f:84:13:0d:df:b6:33:6d:30:bc:a5:ee:f1:e3:3f:bf + fd:9e:c9:a8:21:1e:49:8b:a8:d1:d7:f2:49:24:a5:b7 + 89:00:13:e7:a8:83:e6:00:09:fa:85:f2:a4:93:06:9f + 22:fd:c2:b0:a7:42:ca:20:17:d0:c6:41:14:6b:f1:71 + aa:eb:81:b3:d9:b9:30:a8:0f:41:07:74:a2:0e:32:2a + 43:7f:f8:7b:c9:3e:34:fe:e1:b9:a2:4f:f5:7a:aa:9d + 96:92:dc:98:2b:63:2d:07:5d:75:55:fd:7f:5f:56:7e + 79: + +coefficient: + 60:71:c7:2c:4c:6e:e5:a5:38:ec:28:3f:54:9b:d7:4c + 97:be:78:99:51:75:43:38:9a:8b:7e:d6:5a:c6:97:cc + ae:3b:34:83:aa:fc:f3:51:1a:69:38:b4:88:2e:f4:63 + 66:2f:23:92:3b:29:16:e1:52:91:37:d0:b3:e7:aa:2e + b6:b1:00:0a:a5:64:82:b0:8e:2f:25:9b:6f:eb:9f:56 + 46:57:75:9f:e6:65:36:42:c2:c9:e0:1c:b9:5d:b9:eb + 94:86:29:36:87:fc:92:5d:9a:ac:d9:c7:f9:b4:28:24 + 43:f2:4a:51:20:3b:db:9b:7f:a4:8f:d8:e4:6f:6a:94 + + +exp1: + 57:09:c2:1f:04:94:09:bc:5c:b0:92:20:2f:08:4f:ce + 3c:bd:48:e6:96:c2:42:d5:0a:9b:a5:f0:ec:9b:e3:78 + 43:ee:23:16:f6:ef:af:60:8a:a0:5b:68:df:b7:be:3c + 8c:2a:61:12:bb:cc:0c:20:23:38:b1:41:7e:8c:08:4e + 32:aa:1a:af:d9:8e:40:07:d5:59:9c:7d:1e:39:c3:65 + e0:e9:b4:d6:5e:0a:bd:8b:9c:57:b7:97:b8:1d:21:37 + 8f:4d:ba:99:ee:63:d5:98:df:79:31:72:5e:0f:8e:c6 + 39:b5:17:b9:4b:b1:53:61:18:80:a5:4b:55:f5:16:6d + + +exp2: + 4c:59:51:41:e1:70:48:cf:bc:1a:14:14:c4:7f:25:1e + 5d:ae:55:e6:0f:c2:85:13:85:7c:79:c6:68:36:43:77 + b8:c0:ab:74:41:2c:77:62:40:55:7a:7a:40:f9:b4:7a + a5:78:c0:18:aa:92:8e:6e:a6:80:c7:52:56:21:69:a0 + b0:16:11:f9:1e:80:a0:41:a7:09:1f:3e:f5:d5:78:a6 + e9:da:1b:b7:1b:49:64:a8:ca:48:20:16:38:23:ac:eb + 56:43:bf:5c:13:ce:aa:1e:56:2e:b0:2d:7e:47:38:2f + 7c:70:c1:c2:27:b3:ff:ca:eb:fb:3f:64:e0:79:86:59 + + + +Public Key PIN: + pin-sha256:8WMSWb7fAo1Mu4r8Cib3aGoqGUoXIP093eQI/lKAJ3g= +Public Key ID: + sha256:f1631259bedf028d4cbb8afc0a26f7686a2a194a1720fd3ddde408fe52802778 + sha1:2eb1121201a8f84def83e27fec8c60323f488a23 + +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAwHzBZLVCtcE46AJeiECixdPefnJ31NlyiGIFhXVnlgmXLJuR +WA+D78dkHlPtDzwQ4pejIMOq+BYiVdjpChmf5zuBdnkn61bFE5/xGAvklBvYkR5l +ZLSMXI159E3iCl2lU4InsKfaGYoL8uLah7lOmEcaHLZKFVJA4CFnoTyI3eL7N1Oc +HWkXqIV6A6aH1MDq2nN82ZHmX6o9KN09M6p2goigWyZnchGyFgN4x1zPEfNmF1Nu +rAHHf3pXp57ATXQ+8lqJv8QWj7l/wbu3i7GWnl+shPoBZle6RqV+2gnou0omE0S5 +RDG3gm+ljmwji+oMr0KIbKckglFgQs+zjVTyIwIDAQABAoIBAQC13enX3k8+bWb4 +By0MLY3dvnXtIPhJun41j+/JjgkmQL9+HSpxeo9dIRZedUt5ZnZJsZ4mmdlS947P +b9eXfGiR0K5cotJt0Bj6ltbzsmDw83JmgsKoKNKpq957To7w3lQTl9kqVx2BneX2 +QhLZw+MXi66HTFCo3oN/gPBp7kke4u+o8vexD6H4ZA6Na/joXlIk9USNI3bgkKT2 +O5hGk1g/UrES8m8ClkAOGE0ZICA6M2zNLgXAGr9sdMMCu5p/5U6/R9bI7nFD0G/2 +T3Jl7Bp2kRiXb+ch3yKdApeDW1LKhm8HdGdwgIXSRAy29rMQ8rhF6YzRwudnbQB4 +DjDHdg8xAoGBAM9pNuiDF0YiIOxZJPcWT44IaQ0pMiSdkPuOl2W6O1BeypLNnU/7 +43srQVhsOujNkdkUseAi1t/syAbkhfcA8FOniSAh2P+pOk1ZBjAE+pj9YL9vPHnD +rXmRHKaUAES+50NZXCGrH6rHW+St1wBME31jia9MtuqGslkdyPfulB57AoGBAO2U +iySCq4lqFtl1S6YM+h+EEw3ftjNtMLyl7vHjP7/9nsmoIR5Ji6jR1/JJJKW3iQAT +56iD5gAJ+oXypJMGnyL9wrCnQsogF9DGQRRr8XGq64Gz2bkwqA9BB3SiDjIqQ3/4 +e8k+NP7huaJP9XqqnZaS3JgrYy0HXXVV/X9fVn55AoGAVwnCHwSUCbxcsJIgLwhP +zjy9SOaWwkLVCpul8Oyb43hD7iMW9u+vYIqgW2jft748jCphErvMDCAjOLFBfowI +TjKqGq/ZjkAH1VmcfR45w2Xg6bTWXgq9i5xXt5e4HSE3j026me5j1ZjfeTFyXg+O +xjm1F7lLsVNhGIClS1X1Fm0CgYBMWVFB4XBIz7waFBTEfyUeXa5V5g/ChROFfHnG +aDZDd7jAq3RBLHdiQFV6ekD5tHqleMAYqpKObqaAx1JWIWmgsBYR+R6AoEGnCR8+ +9dV4punaG7cbSWSoykggFjgjrOtWQ79cE86qHlYusC1+RzgvfHDBwiez/8rr+z9k +4HmGWQKBgGBxxyxMbuWlOOwoP1Sb10yXvniZUXVDOJqLftZaxpfMrjs0g6r881Ea +aTi0iC70Y2YvI5I7KRbhUpE30LPnqi62sQAKpWSCsI4vJZtv659WRld1n+ZlNkLC +yeAcuV2565SGKTaH/JJdmqzZx/m0KCRD8kpRIDvbm3+kj9jkb2qU +-----END RSA PRIVATE KEY----- diff --git a/roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.pem b/roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.pem new file mode 100644 index 0000000000000000000000000000000000000000..7f3d8cec073d531079baeaea6a4fa250b56e38b0 --- /dev/null +++ b/roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIELDCCApSgAwIBAgIMWWXRlyNKFAsg+sh2MA0GCSqGSIb3DQEBCwUAMEgxIjAg +BgNVBAMTGUV4YW1wbGUgSW5jLiBUZXN0IFNpdGUgQ0ExFTATBgNVBAoTDEV4YW1w +bGUgSW5jLjELMAkGA1UEBhMCU0UwHhcNMTcwNzEyMDczNjU1WhcNMjcwNzEwMDcz +NjU1WjBFMR8wHQYDVQQDExZFeGFtcGUgSW5jLiBXZWIgU2VydmVyMRUwEwYDVQQK +EwxFeGFtcGxlIEluYy4xCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAwHzBZLVCtcE46AJeiECixdPefnJ31NlyiGIFhXVnlgmXLJuR +WA+D78dkHlPtDzwQ4pejIMOq+BYiVdjpChmf5zuBdnkn61bFE5/xGAvklBvYkR5l +ZLSMXI159E3iCl2lU4InsKfaGYoL8uLah7lOmEcaHLZKFVJA4CFnoTyI3eL7N1Oc +HWkXqIV6A6aH1MDq2nN82ZHmX6o9KN09M6p2goigWyZnchGyFgN4x1zPEfNmF1Nu +rAHHf3pXp57ATXQ+8lqJv8QWj7l/wbu3i7GWnl+shPoBZle6RqV+2gnou0omE0S5 +RDG3gm+ljmwji+oMr0KIbKckglFgQs+zjVTyIwIDAQABo4GYMIGVMAwGA1UdEwEB +/wQCMAAwHwYDVR0RBBgwFoIUcGFyYW1ldGVycy1tYW5kYXRvcnkwEwYDVR0lBAww +CgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQULrESEgGo+E3v +g+J/7IxgMj9IiiMwHwYDVR0jBBgwFoAUN2vbkxxpfpJMa99zhfiEllmBT2swDQYJ +KoZIhvcNAQELBQADggGBAI1mG7d1wPpA40JmBYll2KasIH/ldLN2eu8rAdM00Rep +KPeMCwOEIoJp3LZL43fubQKP0okw1JstskQt6PPNbL53I8hIhUmKUQEEYXG3AIB8 +p7w2BSq+ROV3Te3Eu+aSCT+sXGnu7FPbioMoZb90tHdZWxMvDGGN/HNXFevM0h5j +8vf6O+HlBLXU5mClpyD95OR+ULvYwWWhFwWar6mM0l2ByffJzl21iRZT5pBnnEQY +7A9RhUwb7f++uByPlKl08OGAaf2fl9VQUIK2mbjRu3ARfFQWyB+8Mq3EqkYSxRA3 +dpe+thQ8u4dUddJnDdHT5L0/odkCWHfN7512+kCbV4fYq+iSWnIBF6yEa09WLLdq +a5PHo/GGcA8P2SBGh0Jay/NSKpaIGhrCYp5mxiXm60oAHMYPXHZW0U28vtlAXkJb +KeCCgR/4Wa0G0QnbiT29s5yDIYy3YgSL+3Ug3y0XGRKMaMzVNA4p4CBbJo1ybhVu +XMygMYr+69hXbaCoeWn2Bg== +-----END CERTIFICATE----- diff --git a/roles/web_server/molecule/default/tests/test_client.py b/roles/web_server/molecule/default/tests/test_client.py index 5d27e510f09fe2dacff48cf89dc4261d9c8acf98..368aec456d3572678d4960792ec1ef84dbc2972f 100644 --- a/roles/web_server/molecule/default/tests/test_client.py +++ b/roles/web_server/molecule/default/tests/test_client.py @@ -4,7 +4,7 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['clients']) + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client']) def test_connectivity(host): diff --git a/roles/web_server/molecule/default/tests/test_default.py b/roles/web_server/molecule/default/tests/test_default.py index 9d73ff4609ccab289fd7cd10a14b0e9f35f24db7..1323c4970927d172773a30ed824ed8abacef31c6 100644 --- a/roles/web_server/molecule/default/tests/test_default.py +++ b/roles/web_server/molecule/default/tests/test_default.py @@ -7,7 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory', 'parameters-optional']) -def test_installed_packages(host): +def test_installed_packages(host, php_info): """ Tests if the required packages have been installed. """ @@ -15,7 +15,7 @@ def test_installed_packages(host): assert host.package('nginx').is_installed assert host.package('virtualenv').is_installed assert host.package('virtualenvwrapper').is_installed - assert host.package('php5-fpm').is_installed + assert host.package(php_info.fpm_package).is_installed def test_nginx_user(host): @@ -138,7 +138,7 @@ def test_default_vhost_index_page_file(host): assert page.mode == 0o640 -def test_services(host): +def test_services(host, php_info): """ Tests if services are enabled at boot and running. """ @@ -147,7 +147,7 @@ def test_services(host): assert service.is_enabled assert service.is_running - service = host.service('php5-fpm') + service = host.service(php_info.fpm_service) assert service.is_enabled assert service.is_running @@ -161,7 +161,7 @@ def test_sockets(host): assert host.socket("tcp://443").is_listening -def test_socket_directories(host): +def test_socket_directories(host, php_info): """ Tests if directories containing sockets for WSGI and PHP apps are created correctly. @@ -173,7 +173,7 @@ def test_socket_directories(host): assert directory.group == 'www-data' assert directory.mode == 0o750 - directory = host.file('/run/php5-fpm') + directory = host.file('/run/%s' % php_info.fpm_service) assert directory.is_directory assert directory.user == 'root' assert directory.group == 'www-data' @@ -186,53 +186,53 @@ def test_socket_directories(host): assert config.mode == 0o644 assert 'd /run/wsgi/ 0750 root www-data - -' in config.content - config = host.file('/etc/tmpfiles.d/php5-fpm.conf') + config = host.file('/etc/tmpfiles.d/%s.conf' % php_info.fpm_service) assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 - assert 'd /run/php5-fpm/ 0750 root www-data - -' in config.content + assert 'd /run/%s/ 0750 root www-data - -' % php_info.fpm_service in config.content -def test_php5_fpm_service_overrides(host): +def test_php_fpm_service_overrides(host, php_info): """ - Tests if overrides for php5-fpm service are deployed correctly. + Tests if overrides for PHP-FPM service are deployed correctly. """ - directory = host.file('/etc/systemd/system/php5-fpm.service.d') + directory = host.file('/etc/systemd/system/%s.service.d' % php_info.fpm_service) assert directory.is_directory assert directory.user == 'root' assert directory.group == 'root' assert directory.mode == 0o755 - config = host.file('/etc/systemd/system/php5-fpm.service.d/umask.conf') + config = host.file('/etc/systemd/system/%s.service.d/umask.conf' % php_info.fpm_service) assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 -def test_php_timezone_configuration(host): +def test_php_timezone_configuration(host, php_info): """ Tests if PHP timezone configuration has been set correctly. """ - config = host.file('/etc/php5/cli/conf.d/30-timezone.ini') + config = host.file('%s/cli/conf.d/30-timezone.ini' % php_info.base_config_dir) assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 - config = host.file('/etc/php5/fpm/conf.d/30-timezone.ini') + config = host.file('%s/fpm/conf.d/30-timezone.ini' % php_info.base_config_dir) assert config.is_file assert config.user == 'root' assert config.group == 'root' assert config.mode == 0o644 - timezone = host.run("php --php-ini /etc/php5/cli/php.ini -r 'echo ini_get(\"date.timezone\");'") + timezone = host.run("php --php-ini %s -r %s", "%s/cli/php.ini" % php_info.base_config_dir, "echo ini_get('date.timezone');") assert timezone.rc == 0 assert timezone.stdout == "GMT+0" - timezone = host.run("php --php-ini /etc/php5/fpm/php.ini -r 'echo ini_get(\"date.timezone\");'") + timezone = host.run("php --php-ini %s -r %s", "%s/fpm/php.ini" % php_info.base_config_dir, "echo ini_get('date.timezone');") assert timezone.rc == 0 assert timezone.stdout == "GMT+0" diff --git a/roles/web_server/tasks/main.yml b/roles/web_server/tasks/main.yml index eef960fbd6586b5ba16e458de73175d366be3f32..f653362f7cf0fb4870a67edd5d893ca35e1f2821 100644 --- a/roles/web_server/tasks/main.yml +++ b/roles/web_server/tasks/main.yml @@ -144,7 +144,7 @@ mode: 0750 with_items: - "/run/wsgi/" - - "/run/php5-fpm/" + - "/run/{{ php_fpm_service_name }}/" - name: Create directories for storing per-site socket files on boot copy: @@ -155,36 +155,36 @@ mode: 0644 with_items: - wsgi - - php5-fpm + - "{{ php_fpm_service_name }}" - name: Install base packages for PHP web applications apt: name: "{{ item }}" state: present with_items: - - php5-fpm + - "{{ php_fpm_package_name }}" -- name: Create directory for storing PHP FPM service configuration overrides +- name: Create directory for storing PHP-FPM service configuration overrides file: - path: "/etc/systemd/system/php5-fpm.service.d/" + path: "/etc/systemd/system/{{ php_fpm_service_name }}.service.d/" state: directory owner: root group: root mode: 0755 -- name: Configure php5-fpm service to run with umask 0007 +- name: Configure PHP-FPM service to run with umask 0007 copy: - src: "php5_fpm_umask.conf" - dest: "/etc/systemd/system/php5-fpm.service.d/umask.conf" + src: "php_fpm_umask.conf" + dest: "/etc/systemd/system/{{ php_fpm_service_name }}.service.d/umask.conf" owner: root group: root mode: 0644 notify: - - Restart php5-fpm + - Restart PHP-FPM - name: Enable service used for running PHP web applications service: - name: "php5-fpm" + name: "{{ php_fpm_service_name }}" enabled: true state: started @@ -201,10 +201,10 @@ group: root mode: 0644 with_items: - - /etc/php5/cli/conf.d/ - - /etc/php5/fpm/conf.d/ + - "{{ php_base_config_dir }}/cli/conf.d/" + - "{{ php_base_config_dir }}/fpm/conf.d/" notify: - - Restart php5-fpm + - Restart PHP-FPM - name: Explicitly run all handlers include: ../handlers/main.yml