From 423f330ec482f165c604165c5bdf2ac0accf0f73 2020-05-07 15:46:44
From: Branko Majic <branko@majic.rs>
Date: 2020-05-07 15:46:44
Subject: [PATCH] MAR-152: Switch to using /run/php for storing PHP-FPM unix socket files.

---

diff --git a/roles/web_server/molecule/default/tests/test_default.py b/roles/web_server/molecule/default/tests/test_default.py
index 9a9c78bb205896a39ef5b769fe51c39e410fdaea..66f2444fee7301eeacd95b866da3af9a51b3d89f 100644
--- a/roles/web_server/molecule/default/tests/test_default.py
+++ b/roles/web_server/molecule/default/tests/test_default.py
@@ -3,6 +3,7 @@ import os
 import testinfra.utils.ansible_runner
 
 
+import pytest
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')
 
@@ -163,37 +164,30 @@ def test_sockets(host):
     assert host.socket("tcp://443").is_listening
 
 
-def test_socket_directories(host, php_info):
+@pytest.mark.parametrize("application_type, tmpfiles_d_path",
+                         [("wsgi", "/etc/tmpfiles.d/wsgi.conf"),
+                          ("php", "/etc/tmpfiles.d/php7.0-fpm.conf")])
+def test_socket_directories(host, application_type, tmpfiles_d_path):
     """
     Tests if directories containing sockets for WSGI and PHP apps are created
     correctly.
     """
 
-    directory = host.file('/run/wsgi')
-    assert directory.is_directory
-    assert directory.user == 'root'
-    assert directory.group == 'www-data'
-    assert directory.mode == 0o750
+    socket_directory = "/run/%s" % application_type
+    tmpfiles_d_content = "d /run/%s/ 0750 root www-data - -" % application_type
 
-    directory = host.file('/run/%s' % php_info.fpm_service)
+    directory = host.file(socket_directory)
     assert directory.is_directory
     assert directory.user == 'root'
     assert directory.group == 'www-data'
     assert directory.mode == 0o750
 
-    config = host.file('/etc/tmpfiles.d/wsgi.conf')
-    assert config.is_file
-    assert config.user == 'root'
-    assert config.group == 'root'
-    assert config.mode == 0o644
-    assert 'd /run/wsgi/ 0750 root www-data - -' in config.content
-
-    config = host.file('/etc/tmpfiles.d/%s.conf' % php_info.fpm_service)
+    config = host.file(tmpfiles_d_path)
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-    assert 'd /run/%s/ 0750 root www-data - -' % php_info.fpm_service in config.content
+    assert config.content == tmpfiles_d_content
 
 
 def test_php_fpm_service_overrides(host, php_info):
diff --git a/roles/web_server/tasks/main.yml b/roles/web_server/tasks/main.yml
index f74c1629498239cafd7c6e5a1166e5b6c012cdba..2966ad4f7e69296e320aa5123ee29f7910aaf69b 100644
--- a/roles/web_server/tasks/main.yml
+++ b/roles/web_server/tasks/main.yml
@@ -138,25 +138,27 @@
 
 - name: Create directories for storing per-site socket files
   file:
-    path: "{{ item }}"
+    path: "/run/{{ item }}"
     state: directory
     owner: root
     group: www-data
     mode: 0750
   with_items:
-    - "/run/wsgi/"
-    - "/run/{{ php_fpm_service_name }}/"
+    - wsgi
+    - php
 
 - name: Create directories for storing per-site socket files on boot
   copy:
-    content: "d /run/{{ item }}/ 0750 root www-data - -"
-    dest: "/etc/tmpfiles.d/{{ item }}.conf"
+    content: "d /run/{{ item.socket_dir }}/ 0750 root www-data - -"
+    dest: "/etc/tmpfiles.d/{{ item.tmpfiles_d }}"
     owner: root
     group: root
     mode: 0644
   with_items:
-    - wsgi
-    - "{{ php_fpm_service_name }}"
+    - socket_dir: wsgi
+      tmpfiles_d: "wsgi.conf"
+    - socket_dir: php
+      tmpfiles_d: "{{ php_fpm_service_name }}.conf"
 
 - name: Install base packages for PHP web applications
   apt: