diff --git a/docs/rolereference.rst b/docs/rolereference.rst index bd050e1cef1bb5f0509447875d4fcfb4fc29ef64..81b8b98dbf92cf8856753ec1a79a35ddcaa83dd7 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -1576,6 +1576,7 @@ Distribution compatibility Role is compatible with the following distributions: - Debian 8 (Jessie) +- Debian 9 (Stretch) Examples diff --git a/roles/php_website/defaults/main.yml b/roles/php_website/defaults/main.yml index bfb5234bcb3764491ff92dcc25108e54e1b8b040..97d804a2e9811da9b786a8c8e9ce2b55f1474722 100644 --- a/roles/php_website/defaults/main.yml +++ b/roles/php_website/defaults/main.yml @@ -18,3 +18,7 @@ environment_indicator: null admin: "admin-{{ fqdn | replace('.', '_') }}" user: "web-{{ fqdn | replace('.', '_') }}" home: "/var/www/{{ fqdn }}" +php_fpm_pool_directory: "{% if ansible_distribution_release == 'jessie' %}/etc/php5/fpm/pool.d\ +{% elif ansible_distribution_release == 'stretch' %}/etc/php/7.0/fpm/pool.d{% endif %}" +php_fpm_binary: "{% if ansible_distribution_release == 'jessie' %}php5-fpm{% elif ansible_distribution_release == 'stretch' %}php-fpm7.0{% endif %}" +php_fpm_service_name: "{% if ansible_distribution_release == 'jessie' %}php5-fpm{% elif ansible_distribution_release == 'stretch' %}php7.0-fpm{% endif %}" diff --git a/roles/php_website/molecule/default/molecule.yml b/roles/php_website/molecule/default/molecule.yml index 2835667e34b268a8343abe4f6f4a8a821b4d3e85..932a64ae0e8da70811b828401eb7bf5555b9c83f 100644 --- a/roles/php_website/molecule/default/molecule.yml +++ b/roles/php_website/molecule/default/molecule.yml @@ -17,10 +17,21 @@ platforms: - name: php-website-jessie64 groups: - parameters-mandatory + - parameters-optional + - jessie box: debian/contrib-jessie64 memory: 512 cpus: 1 + - name: php-website-stretch64 + groups: + - parameters-mandatory + - parameters-optional + - stretch + box: debian/contrib-stretch64 + memory: 512 + cpus: 1 + provisioner: name: ansible config_options: diff --git a/roles/php_website/molecule/default/playbook.yml b/roles/php_website/molecule/default/playbook.yml index 3c1b0c5c182ea1c4502f691fa7ca62603263d2a0..b6bb3f529a367cb8ceca95103fc4efbbd6f374a8 100644 --- a/roles/php_website/molecule/default/playbook.yml +++ b/roles/php_website/molecule/default/playbook.yml @@ -46,9 +46,10 @@ - '^/rewrite_to_index1/(.*) /myindex.php last' - '^/rewrite_to_index2/(.*) /myindex.php last' packages: - - php5-ldap - - php5-json - - libmariadb-client-lgpl-dev-compat + - "{% if ansible_distribution_release == 'jessie' %}php5-ldap{% elif ansible_distribution_release == 'stretch' %}php-ldap{% endif %}" + - "{% if ansible_distribution_release == 'jessie' %}php5-json{% elif ansible_distribution_release == 'stretch' %}php-json{% endif %}" + - "{% if ansible_distribution_release == 'jessie' %}libmariadb-client-lgpl-dev-compat\ +{% elif ansible_distribution_release == 'stretch' %}libmariadbclient-dev-compat{% endif %}" uid: 5001 website_mail_recipients: user diff --git a/roles/php_website/molecule/default/prepare.yml b/roles/php_website/molecule/default/prepare.yml index 70666084c706b9fb686296155221f48a65dd9119..4b47547e8ff5e7ad4f4d0b1c861653b74e35737d 100644 --- a/roles/php_website/molecule/default/prepare.yml +++ b/roles/php_website/molecule/default/prepare.yml @@ -38,6 +38,32 @@ name: postfix state: present + - name: Install procmail for consistency with mail_server and mail_forwarder roles + apt: + name: procmail + state: present + + - name: Update Postfix configuration + lineinfile: + path: /etc/postfix/main.cf + regexp: "^{{ item.key }}" + line: "{{ item.value }}" + state: present + with_dict: + myhostname: "myhostname = {{ inventory_hostname }}" + mailbox_command: 'mailbox_command = procmail -a "$EXTENSION"' + notify: + - Restart Postfix + + - name: Direct all mails from the root account to vagrant (Stretch image does not do that by default) + lineinfile: + path: /etc/aliases + regexp: "^root" + line: "root: vagrant" + state: present + notify: + - Generate aliases database + - name: Set-up group for an additional user group: name: user @@ -48,3 +74,13 @@ name: user group: user shell: /bin/bash + + handlers: + + - name: Restart Postfix + service: + name: postfix + state: restarted + + - name: Generate aliases database + command: "/usr/bin/newaliases" diff --git a/roles/php_website/molecule/default/tests/test_parameters_mandatory.py b/roles/php_website/molecule/default/tests/test_parameters_mandatory.py index 9733e171a6d23812d2f17ef6804d6b5892c507ca..4ac19cef986f268672281e997424daf2ad6820f5 100644 --- a/roles/php_website/molecule/default/tests/test_parameters_mandatory.py +++ b/roles/php_website/molecule/default/tests/test_parameters_mandatory.py @@ -6,7 +6,7 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['all']) + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory']) def test_website_group(host): @@ -115,7 +115,7 @@ def test_mail_forwarding(host): send = host.run('swaks --suppress-data --to web-parameters-mandatory@localhost') assert send.rc == 0 - message_id = re.search('Ok: queued as (.*)', send.stdout).group(1) + original_queue_id = re.search('Ok: queued as (.*)', send.stdout).group(1) # Sleep for a couple of seconds so the mail can get delivered. time.sleep(5) @@ -124,22 +124,29 @@ def test_mail_forwarding(host): mail_log = host.file('/var/log/mail.log') # First extract message ID of forwarded mail. - pattern = "%s: to=.*status=sent \(forwarded as ([^)]*)\)" % message_id - message_id = re.search(pattern, mail_log.content).group(1) + pattern = "%s: to=.*status=sent \(forwarded as ([^)]*)\)" % original_queue_id + forward_queue_id = re.search(pattern, mail_log.content).group(1) # Now try to determine where the forward ended-up at. - pattern = "%s: to=, orig_to=.*status=sent" % (message_id, hostname) + pattern = "%s: to=, orig_to=.*status=sent" % (forward_queue_id, hostname) assert re.search(pattern, mail_log.content) is not None -def test_php5_fpm_configuration_file(host): +def test_php_fpm_configuration_file(host): """ Tests if PHP FPM configuration file has been correctly deployed. """ + ansible_facts = host.ansible("setup")["ansible_facts"] + + if ansible_facts['ansible_distribution_release'] == 'jessie': + config_file_path = '/etc/php5/fpm/pool.d/parameters-mandatory.conf' + elif ansible_facts['ansible_distribution_release'] == 'stretch': + config_file_path = '/etc/php/7.0/fpm/pool.d/parameters-mandatory.conf' + with host.sudo(): - config = host.file('/etc/php5/fpm/pool.d/parameters-mandatory.conf') + config = host.file(config_file_path) assert config.is_file assert config.user == 'root' assert config.group == 'root' diff --git a/roles/php_website/molecule/default/tests/test_parameters_optional.py b/roles/php_website/molecule/default/tests/test_parameters_optional.py index 34596bb746c8aec615f20cf703a91a1ea634babb..567c38a465afdd3265be655c075fc0821973f06a 100644 --- a/roles/php_website/molecule/default/tests/test_parameters_optional.py +++ b/roles/php_website/molecule/default/tests/test_parameters_optional.py @@ -6,7 +6,7 @@ import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['all']) + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional']) def test_website_group(host): @@ -137,20 +137,20 @@ def test_installed_packages(host): Tests if additional packages are installed. """ - assert host.package('php5-ldap').is_installed - assert host.package('php5-json').is_installed - assert host.package('libmariadb-client-lgpl-dev-compat').is_installed + ansible_facts = host.ansible("setup")["ansible_facts"] + if ansible_facts['ansible_distribution_release'] == 'jessie': + php_ldap_package = 'php5-ldap' + php_json_package = 'php5-json' + mariadb_compat_package = 'libmariadb-client-lgpl-dev-compat' + elif ansible_facts['ansible_distribution_release'] == 'stretch': + php_ldap_package = 'php-ldap' + php_json_package = 'php-json' + mariadb_compat_package = 'libmariadbclient-dev-compat' -def test_mariadb_compat_symlink(host): - """ - Tests if compatibility symlink is set-up for mysql_config binary if - libmariadb-client-lgpl-dev-compat is installed. - """ - - link = host.file('/usr/bin/mysql_config') - assert link.is_symlink - assert link.linked_to == "/usr/bin/mariadb_config" + assert host.package(php_ldap_package).is_installed + assert host.package(php_json_package).is_installed + assert host.package(mariadb_compat_package).is_installed def test_nginx_tls_files(host): diff --git a/roles/php_website/molecule/default/tests/test_parameters_optional_jessie.py b/roles/php_website/molecule/default/tests/test_parameters_optional_jessie.py new file mode 100644 index 0000000000000000000000000000000000000000..34f8a19d011f713f432a5a989e660afa09dfa29c --- /dev/null +++ b/roles/php_website/molecule/default/tests/test_parameters_optional_jessie.py @@ -0,0 +1,17 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['jessie']) + + +def test_mariadb_compat_symlink(host): + """ + Tests if compatibility symlink is set-up for mysql_config binary if + libmariadb-client-lgpl-dev-compat is installed. + """ + + link = host.file('/usr/bin/mysql_config') + assert link.is_symlink + assert link.linked_to == "/usr/bin/mariadb_config" diff --git a/roles/php_website/tasks/main.yml b/roles/php_website/tasks/main.yml index 6fa535ad41c4b3e7a29d546fb1127f9af7e897e0..8476322354df058771c92d522418896e6cec8074 100644 --- a/roles/php_website/tasks/main.yml +++ b/roles/php_website/tasks/main.yml @@ -34,6 +34,10 @@ createhome: false state: present home: "{{ home }}" + # This is a workaround for a rather stupid bug that Debian seems + # uninterested to backport - + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865762 + shell: /bin/sh - name: Add nginx user to website group user: @@ -59,23 +63,23 @@ state: present with_items: "{{ packages }}" -- name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996) +- name: Set-up MariaDB mysql_config symbolic link for compatibility on Jessie (workaround for Debian bug 766996) file: src: "/usr/bin/mariadb_config" dest: "/usr/bin/mysql_config" state: link - when: "'libmariadb-client-lgpl-dev-compat' in packages" + when: "'libmariadb-client-lgpl-dev-compat' in packages and ansible_distribution_release == 'jessie'" - name: Deploy PHP FPM configuration file for website template: src: "fpm_site.conf.j2" - dest: "/etc/php5/fpm/pool.d/{{ fqdn }}.conf" - validate: "php5-fpm -t -y %s" + dest: "{{ php_fpm_pool_directory }}/{{ fqdn }}.conf" + validate: "{{ php_fpm_binary }} -t -y %s" owner: root group: root mode: 0640 notify: - - Restart php5-fpm + - Restart PHP-FPM - name: Deploy nginx TLS private key for website copy: diff --git a/roles/php_website/templates/fpm_site.conf.j2 b/roles/php_website/templates/fpm_site.conf.j2 index e6c46c13b0b21bf533107af1d9ba362aade2d6cc..f584adcc7926ab9bd104202d298ec50607327842 100644 --- a/roles/php_website/templates/fpm_site.conf.j2 +++ b/roles/php_website/templates/fpm_site.conf.j2 @@ -6,7 +6,7 @@ user = {{ user }} group = {{ user }} ; Listen on a dedicated UNIX socket. -listen = /var/run/php5-fpm/{{ fqdn }}.sock +listen = /var/run/{{ php_fpm_service_name }}/{{ fqdn }}.sock ; Set-up UNIX socket permissions (allow web server to connect). listen.owner = www-data diff --git a/roles/php_website/templates/nginx_site.j2 b/roles/php_website/templates/nginx_site.j2 index 8c63e0a535bf02c0b689c07ae741ad8247060dfe..4bee58e8710aca2cc7e7a10f16df72fc366d3131 100644 --- a/roles/php_website/templates/nginx_site.j2 +++ b/roles/php_website/templates/nginx_site.j2 @@ -56,7 +56,7 @@ server { # Interpret PHP files via FastCGI. location ~ {{ php_file_regex }} { include snippets/fastcgi-php.conf; - fastcgi_pass unix:/var/run/php5-fpm/{{ fqdn }}.sock; + fastcgi_pass unix:/var/run/{{ php_fpm_service_name }}/{{ fqdn }}.sock; } # Serve the files.