majic-ansible-roles Changeset

Changeset - 6f26ccefa724

Parent rev.

Child rev.

[Not reviewed]

0 7 0

Branko Majic (branko) - 5 years ago 2021-01-15 00:19:45
branko@majic.rs

MAR-151: Added support for Debian 10 Buster to php_website role:

- Updated role reference documentaiton.
- Updated role meta information.
- Updated tests.
- Refactor the code to take into account differences in PHP-related
paths between Debian Stretch and Debian Buster.
- Make the test for web application user less dependant on what the
actual UID number is in case of default value. By default user
should be created as system user, which means its UID number should
be less than 1000.
- Drop the installation of libmariadbclient-dev-compat library - the
test is good enough without it, and the actual package is
differently named under Debian Stretch and Debian Buster (which
would complicate the test without any benefits).

7 files changed with 35 insertions and 8 deletions:

docs/rolereference.rst

roles/php_website/defaults/main.yml

roles/php_website/meta/main.yml

roles/php_website/molecule/default/molecule.yml

roles/php_website/molecule/default/playbook.yml

roles/php_website/molecule/default/tests/test_parameters_mandatory.py

roles/php_website/molecule/default/tests/test_parameters_optional.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1659,24 +1659,25 @@ Parameters @@
 **website_mail_recipients** (string, optional, ``root``)
   Space-separated list of e-mails or local users to which the mails, sent to
   either the website admin or website user, should be forwarded to. Forwarding
   is configured via ``~/.forward`` configuration file.
 Distribution compatibility
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 Role is compatible with the following distributions:
 - Debian 9 (Stretch)
 - Debian 10 (Buster)
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up two (base) PHP websites (for
 running *ownCloud* and *The Bug Genie* applications):
 .. code-block:: yaml
     - role: php_website
       fqdn: cloud.example.com

roles/php_website/defaults/main.yml

➞

Show inline comments

@@ @@ -3,18 +3,30 @@ @@
 additional_nginx_config: {}
 deny_files_regex: []
 index: index.php
 packages: []
 php_file_regex: \.php$
 php_rewrite_urls: []
 rewrites: []
 additional_fpm_config: {}
 website_mail_recipients: "root"
 environment_indicator: null
 # Internal parameters.
 php_fpm_service_name_per_release:
   stretch: "php7.0-fpm"
   buster: "php7.3-fpm"
 php_fpm_binary_per_release:
   stretch: "php-fpm7.0"
   buster: "php-fpm7.3"
 php_fpm_pool_directory_per_release:
   stretch: "/etc/php/7.0/fpm/pool.d"
   buster: "/etc/php/7.3/fpm/pool.d"
 admin: "admin-{{ fqdn | replace('.', '_') }}"
 user: "web-{{ fqdn | replace('.', '_') }}"
 home: "/var/www/{{ fqdn }}"
 php_fpm_pool_directory: "/etc/php/7.0/fpm/pool.d"
 php_fpm_binary: "php-fpm7.0"
 php_fpm_service_name: "php7.0-fpm"
 php_fpm_pool_directory: "{{ php_fpm_pool_directory_per_release[ansible_distribution_release] }}"
 php_fpm_binary: "{{ php_fpm_binary_per_release[ansible_distribution_release] }}"
 php_fpm_service_name: "{{ php_fpm_service_name_per_release[ansible_distribution_release] }}"

roles/php_website/meta/main.yml

➞

Show inline comments

@@ @@ -5,14 +5,14 @@ allow_duplicates: true @@
 dependencies:
   - common
   - web_server
 galaxy_info:
   author: Branko Majic
   description: Sets-up a website powered by PHP application
   license: BSD
   min_ansible_version: 2.9
   platforms:
     - name: Debian
       versions:
         - 8
         - 9
         - 10

roles/php_website/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -14,24 +14,33 @@ lint: @@
 platforms:
   - name: php-website-stretch64
     groups:
       - parameters-mandatory
       - parameters-optional
       - stretch
     box: debian/contrib-stretch64
     memory: 512
     cpus: 1
   - name: php-website-buster64
     groups:
       - parameters-mandatory
       - parameters-optional
       - buster
     box: debian/contrib-buster64
     memory: 512
     cpus: 1
 provisioner:
   name: ansible
   playbooks:
     cleanup: cleanup.yml
   config_options:
     defaults:
       force_valid_group_names: "ignore"
       interpreter_python: "/usr/bin/python3"
     ssh_connection:
       pipelining: "True"
   lint:
     name: ansible-lint

roles/php_website/molecule/default/playbook.yml

➞

Show inline comments

@@ @@ -36,25 +36,24 @@ @@
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/parameters-optional_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/server/parameters-optional_https.key.pem') }}"
       php_file_regex: "\\.myphp$"
       php_rewrite_urls:
         - ^/rewrite1/(.*)$ /rewrite.myphp?url=$1 last
         - ^/rewrite2/(.*)$ /rewrite.myphp?url=$1 last
       rewrites:
         - '^/rewrite_to_index1/(.*) /myindex.php last'
         - '^/rewrite_to_index2/(.*) /myindex.php last'
       packages:
         - "php-ldap"
         - "php-json"
         - "libmariadbclient-dev-compat"
       uid: 5001
       website_mail_recipients: user
 - hosts: all
   become: true
   tasks:
     # parameters-mandatory application
     - name: Set-up directory where PHP files are hosted at
       file:
         path: /var/www/parameters-mandatory/htdocs
         state: directory
         owner: admin-parameters-mandatory

roles/php_website/molecule/default/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ @@ -62,25 +62,25 @@ def test_home_profile_directory(host): @@
         assert directory.group == 'web-parameters-mandatory'
         assert directory.mode == 0o750
 def test_website_application_user(host):
     """
     Tests if website application user has been created correctly.
     """
     user = host.user('web-parameters-mandatory')
     assert user.exists
-    assert user.uid == 999
+    assert user.uid < 1000
     assert user.group == 'web-parameters-mandatory'
     assert user.groups == ['web-parameters-mandatory']
     assert user.shell == '/bin/sh'
     assert user.home == '/var/www/parameters-mandatory'
     with host.sudo():
         umask = host.run("su -l web-parameters-mandatory -c 'bash -c umask'")
         assert umask.stdout == '0007\n'
 def test_nginx_user(host):
     """
@@ @@ -128,25 +128,32 @@ def test_mail_forwarding(host): @@
         forward_queue_id = re.search(pattern, mail_log.content_string).group(1)
         # Now try to determine where the forward ended-up at.
         pattern = "%s: to=<vagrant@%s>, orig_to=<web-parameters-mandatory@localhost>.*status=sent" % (forward_queue_id, hostname)
         assert re.search(pattern, mail_log.content_string) is not None
 def test_php_fpm_configuration_file(host):
     """
     Tests if PHP FPM configuration file has been correctly deployed.
     """
     config_file_path = '/etc/php/7.0/fpm/pool.d/parameters-mandatory.conf'
     distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
     if distribution_release == "stretch":
         config_file_path = '/etc/php/7.0/fpm/pool.d/parameters-mandatory.conf'
     elif distribution_release == "buster":
         config_file_path = '/etc/php/7.3/fpm/pool.d/parameters-mandatory.conf'
     else:
         raise Exception("Tried running test on unsupported distribution: %s" % distribution_release)
     with host.sudo():
         config = host.file(config_file_path)
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'root'
         assert config.mode == 0o640
 def test_certificate_validity_check_configuration(host):
     """

roles/php_website/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -130,25 +130,24 @@ def test_mail_forwarding(host): @@
         # Now try to determine where the forward ended-up at.
         pattern = "%s: to=<user@%s>, orig_to=<web-parameters-optional_local@localhost>.*status=sent" % (message_id, hostname)
         assert re.search(pattern, mail_log.content_string) is not None
 def test_installed_packages(host):
     """
     Tests if additional packages are installed.
     """
     assert host.package('php-ldap').is_installed
     assert host.package('php-json').is_installed
     assert host.package('libmariadbclient-dev-compat').is_installed
 def test_certificate_validity_check_configuration(host):
     """
     Tests if certificate validity check configuration file has been deployed
     correctly.
     """
     config = host.file('/etc/check_certificate/parameters-optional.local_https.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'

0 comments (0 inline, 0 general)