majic-ansible-roles Changeset

Changeset - a52f9fdabd0f

Parent rev.

Child rev.

[Not reviewed]

1 9 4

Branko Majic (branko) - 7 years ago 2018-08-03 17:29:42
branko@majic.rs

MAR-132: Added support for Debian 9 (Stretch) to web_server role:

- Introduced internal parameters for controlling differing package
names, service names, and paths for PHP FPM package.
- Added Debian 9 machines to Molecule configuration, including the
client machine.
- Restructured slightly preparaiton playbook to support both Jessie
and Stretch.
- Added custom pytest fixture for having a better way to determine
expected package names etc related to PHP.
- Created copy of private key/certificate pair used for testing of
mandatory parameters (to be used with Stretch machine).
- Fixed invalid specification for hosts on top of which the
connectivity test should be run.
- Updated a couple of task names (avoiding to reference PHP 5).
- Updated documentation.

13 files changed with 306 insertions and 40 deletions:

docs/rolereference.rst

docs/usage.rst

roles/web_server/defaults/main.yml

roles/web_server/files/php_fpm_umask.conf

rename

roles/web_server/handlers/main.yml

roles/web_server/molecule/default/molecule.yml

roles/web_server/molecule/default/prepare.yml

roles/web_server/molecule/default/tests/conftest.py

roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.key

134

roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.pem

roles/web_server/molecule/default/tests/test_client.py

roles/web_server/molecule/default/tests/test_default.py

roles/web_server/tasks/main.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1376,12 +1376,13 @@ Parameters @@
 Distribution compatibility
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 Role is compatible with the following distributions:
 - Debian 8 (Jessie)
 - Debian 9 (Stretch)
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up web server:

docs/usage.rst

➞

Show inline comments

   application is running).
 * An administrative user is created as well, and this user should be used when
   running maintenance and installation commands. Similar to application user,
   the name is also derived from the FQDN of website, for example
   ``admin-tbg_example_com``. Administrative user does not have a dedicated
   group, and instead belongs to same group as the application user.
-* PHP applications are executed via FastCGI, using the ``php5-fpm`` package.
+* PHP applications are executed via FastCGI, using *PHP-FPM*.
 * If you ever need to set some additional PHP FPM settings, this can easily be
   done via the ``additional_fpm_config`` role parameter. This particular example
   does not set any, though.
 * Mails delivered to local admin/application users are forwarded to ``root``
   account instead (this can be configured via ``website_mail_recipients`` role
   parameter.
 * Each web application gets distinct sub-directory under ``/var/www``, named
   after the FQDN. All sub-directories created under there are created with
   ``2750`` permissions, with ownership set to admin user, and group set to the
   application's group. In other words, all directories will have ``SGID`` bit
   set, allowing you to create files/directories that will have their group
   automatically set to the group of the parent directory.
-* Files are served (both by *Nginx* and *php5-fpm*) from sub-directory called
+* Files are served (both by *Nginx* and *PHP-FPM*) from sub-directory called
   ``htdocs`` (located in website directory). For example
   ``/var/www/tbg.example.com/htdocs/``. Normally, this can be a symlink to some
   other sub-directory within the website directory (useful for having multiple
   versions for easier downgrades etc).
 * Combination of admin user membership in application group, ``SGID``
   permission, and the way ownership of sub-directories is set-up usually means

roles/web_server/defaults/main.yml

➞

Show inline comments

@@ @@ -7,6 +7,11 @@ web_default_title: "Welcome" @@
 web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."
 web_server_tls_protocols:
   - "TLSv1.2"
 web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:\
 DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\
 ECDHE-RSA-AES256-SHA384:!aNULL:!MD5:!EXPORT"
 # Internal parameters
 php_fpm_package_name: "{% if ansible_distribution_release == 'jessie' %}php5-fpm{% elif ansible_distribution_release == 'stretch' %}php-fpm{% endif %}"
 php_fpm_service_name: "{% if ansible_distribution_release == 'jessie' %}php5-fpm{% elif ansible_distribution_release == 'stretch' %}php7.0-fpm{% endif %}"
 php_base_config_dir: "{% if ansible_distribution_release == 'jessie' %}/etc/php5{% elif ansible_distribution_release == 'stretch' %}/etc/php/7.0{% endif %}"

roles/web_server/files/php_fpm_umask.conf

➞

Show inline comments

file renamed from roles/web_server/files/php5_fpm_umask.conf to roles/web_server/files/php_fpm_umask.conf

roles/web_server/handlers/main.yml

➞

Show inline comments

@@ @@ -2,10 +2,10 @@ @@
 - name: Restart nginx
   service:
     name: nginx
     state: restarted
-- name: Restart php5-fpm
+- name: Restart PHP-FPM
   service:
-    name: php5-fpm
+    name: "{{ php_fpm_service_name }}"
     state: restarted

roles/web_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -11,48 +11,90 @@ lint: @@
   name: yamllint
   options:
     config-file: ../../.yamllint.yml
 platforms:
   - name: client1
+  - name: client1-jessie
     groups:
       - client
       - jessie
     box: debian/contrib-jessie64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.20
         network_name: private_network
         type: static
   - name: client1-stretch
     groups:
       - client
       - stretch
     box: debian/contrib-stretch64
     memory: 256
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.21
         network_name: private_network
         type: static
   - name: parameters-mandatory-jessie64
     groups:
       - parameters-mandatory
       - jessie
     box: debian/contrib-jessie64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.30
         network_name: private_network
         type: static
   - name: parameters-optional-jessie64
     groups:
       - parameters-optional
       - jessie
     box: debian/contrib-jessie64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.31
         network_name: private_network
         type: static
   - name: parameters-mandatory-stretch64
     groups:
       - parameters-mandatory
       - stretch
     box: debian/contrib-stretch64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.32
         network_name: private_network
         type: static
   - name: parameters-optional-stretch64
     groups:
       - parameters-optional
       - stretch
     box: debian/contrib-stretch64
     memory: 512
     cpus: 1
     interfaces:
       - auto_config: true
         ip: 10.31.127.33
         network_name: private_network
         type: static
 provisioner:
   name: ansible
   config_options:
     ssh_connection:
       pipelining: "True"
   lint:

roles/web_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -15,13 +15,13 @@ @@
     - name: Update all caches to avoid errors due to missing remote archives
       apt:
         update_cache: true
       changed_when: false
-- hosts: all
+- hosts: jessie
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
@@ @@ -30,21 +30,44 @@ @@
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.20: "client1"
 .31.127.30: "parameters-mandatory parameters-mandatory-jessie64"
 .31.127.31: "parameters-optional parameters-optional-jessie64"
 .31.127.30: "parameters-mandatory"
 .31.127.31: "parameters-optional"
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
         state: present
 - hosts: stretch
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
 .31.127.21: "client1"
 .31.127.32: "parameters-mandatory"
 .31.127.33: "parameters-optional"
     - name: Install curl for testing redirects and webpage content
       apt:
         name: curl
         state: present
-- hosts: client1
+- hosts: client
   become: true
   tasks:
     - name: Install tool for testing TCP connectivity
       apt:
         name: hping3

roles/web_server/molecule/default/tests/conftest.py

➞

Show inline comments

@@ new file 100644 @@
 from collections import namedtuple
 import pytest
 @pytest.fixture
 def php_info(host):
     """
     Helper fixture used to define what the expected PHP-FPM package
     name, PHP-FPM service name, and PHP base configuration directory
     is based on Debian release.
     Currently supports Debian 8 (Jessie), and Debian 9 (Stretch).
     Resulting information can be accessed through returned named tuple
     with the following properties:
     - fpm_package (name of the PHP-FPM package)
     - fpm_service (name of the PHP-FPM system service)
     - base_config_dir (base configuration directory for PHP)
     """
     PHPInfo = namedtuple('PHPInfo', 'fpm_package fpm_service base_config_dir')
     ansible_facts = host.ansible("setup")["ansible_facts"]
     ansible_distribution_release = ansible_facts['ansible_distribution_release']
     if ansible_distribution_release == 'jessie':
         info = PHPInfo(fpm_package='php5-fpm', fpm_service='php5-fpm', base_config_dir='/etc/php5')
     elif ansible_distribution_release == 'stretch':
         info = PHPInfo(fpm_package='php-fpm', fpm_service='php7.0-fpm', base_config_dir='/etc/php/7.0')
     else:
         raise Exception('The php_info pytest fixture does not support Debian release: %s' % ansible_distribution_release)
     return info

roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.key

➞

Show inline comments

@@ new file 100644 @@
 Public Key Info:
 	Public Key Algorithm: RSA
 	Key Security Level: Medium (2048 bits)
 modulus:
 :c0:7c:c1:64:b5:42:b5:c1:38:e8:02:5e:88:40:a2
 	c5:d3:de:7e:72:77:d4:d9:72:88:62:05:85:75:67:96
 :97:2c:9b:91:58:0f:83:ef:c7:64:1e:53:ed:0f:3c
 :e2:97:a3:20:c3:aa:f8:16:22:55:d8:e9:0a:19:9f
 	e7:3b:81:76:79:27:eb:56:c5:13:9f:f1:18:0b:e4:94
 b:d8:91:1e:65:64:b4:8c:5c:8d:79:f4:4d:e2:0a:5d
 	a5:53:82:27:b0:a7:da:19:8a:0b:f2:e2:da:87:b9:4e
 :47:1a:1c:b6:4a:15:52:40:e0:21:67:a1:3c:88:dd
 	e2:fb:37:53:9c:1d:69:17:a8:85:7a:03:a6:87:d4:c0
 	ea:da:73:7c:d9:91:e6:5f:aa:3d:28:dd:3d:33:aa:76
 :88:a0:5b:26:67:72:11:b2:16:03:78:c7:5c:cf:11
 	f3:66:17:53:6e:ac:01:c7:7f:7a:57:a7:9e:c0:4d:74
 e:f2:5a:89:bf:c4:16:8f:b9:7f:c1:bb:b7:8b:b1:96
 e:5f:ac:84:fa:01:66:57:ba:46:a5:7e:da:09:e8:bb
 a:26:13:44:b9:44:31:b7:82:6f:a5:8e:6c:23:8b:ea
 c:af:42:88:6c:a7:24:82:51:60:42:cf:b3:8d:54:f2
 :
 public exponent:
 :00:01:
 private exponent:
 :b5:dd:e9:d7:de:4f:3e:6d:66:f8:07:2d:0c:2d:8d
 	dd:be:75:ed:20:f8:49:ba:7e:35:8f:ef:c9:8e:09:26
 :bf:7e:1d:2a:71:7a:8f:5d:21:16:5e:75:4b:79:66
 :49:b1:9e:26:99:d9:52:f7:8e:cf:6f:d7:97:7c:68
 :d0:ae:5c:a2:d2:6d:d0:18:fa:96:d6:f3:b2:60:f0
 	f3:72:66:82:c2:a8:28:d2:a9:ab:de:7b:4e:8e:f0:de
 :13:97:d9:2a:57:1d:81:9d:e5:f6:42:12:d9:c3:e3
 :8b:ae:87:4c:50:a8:de:83:7f:80:f0:69:ee:49:1e
 	e2:ef:a8:f2:f7:b1:0f:a1:f8:64:0e:8d:6b:f8:e8:5e
 :24:f5:44:8d:23:76:e0:90:a4:f6:3b:98:46:93:58
 f:52:b1:12:f2:6f:02:96:40:0e:18:4d:19:20:20:3a
 :6c:cd:2e:05:c0:1a:bf:6c:74:c3:02:bb:9a:7f:e5
 e:bf:47:d6:c8:ee:71:43:d0:6f:f6:4f:72:65:ec:1a
 :91:18:97:6f:e7:21:df:22:9d:02:97:83:5b:52:ca
 :6f:07:74:67:70:80:85:d2:44:0c:b6:f6:b3:10:f2
 	b8:45:e9:8c:d1:c2:e7:67:6d:00:78:0e:30:c7:76:0f
 :
 prime1:
 :cf:69:36:e8:83:17:46:22:20:ec:59:24:f7:16:4f
 e:08:69:0d:29:32:24:9d:90:fb:8e:97:65:ba:3b:50
 e:ca:92:cd:9d:4f:fb:e3:7b:2b:41:58:6c:3a:e8:cd
 :d9:14:b1:e0:22:d6:df:ec:c8:06:e4:85:f7:00:f0
 :a7:89:20:21:d8:ff:a9:3a:4d:59:06:30:04:fa:98
 	fd:60:bf:6f:3c:79:c3:ad:79:91:1c:a6:94:00:44:be
 	e7:43:59:5c:21:ab:1f:aa:c7:5b:e4:ad:d7:00:4c:13
 d:63:89:af:4c:b6:ea:86:b2:59:1d:c8:f7:ee:94:1e
 b:
 prime2:
 :ed:94:8b:24:82:ab:89:6a:16:d9:75:4b:a6:0c:fa
 f:84:13:0d:df:b6:33:6d:30:bc:a5:ee:f1:e3:3f:bf
 	fd:9e:c9:a8:21:1e:49:8b:a8:d1:d7:f2:49:24:a5:b7
 :00:13:e7:a8:83:e6:00:09:fa:85:f2:a4:93:06:9f
 :fd:c2:b0:a7:42:ca:20:17:d0:c6:41:14:6b:f1:71
 	aa:eb:81:b3:d9:b9:30:a8:0f:41:07:74:a2:0e:32:2a
 :7f:f8:7b:c9:3e:34:fe:e1:b9:a2:4f:f5:7a:aa:9d
 :92:dc:98:2b:63:2d:07:5d:75:55:fd:7f:5f:56:7e
 :
 coefficient:
 :71:c7:2c:4c:6e:e5:a5:38:ec:28:3f:54:9b:d7:4c
 :be:78:99:51:75:43:38:9a:8b:7e:d6:5a:c6:97:cc
 	ae:3b:34:83:aa:fc:f3:51:1a:69:38:b4:88:2e:f4:63
 :2f:23:92:3b:29:16:e1:52:91:37:d0:b3:e7:aa:2e
 	b6:b1:00:0a:a5:64:82:b0:8e:2f:25:9b:6f:eb:9f:56
 :57:75:9f:e6:65:36:42:c2:c9:e0:1c:b9:5d:b9:eb
 :86:29:36:87:fc:92:5d:9a:ac:d9:c7:f9:b4:28:24
 :f2:4a:51:20:3b:db:9b:7f:a4:8f:d8:e4:6f:6a:94
 exp1:
 :09:c2:1f:04:94:09:bc:5c:b0:92:20:2f:08:4f:ce
 c:bd:48:e6:96:c2:42:d5:0a:9b:a5:f0:ec:9b:e3:78
 :ee:23:16:f6:ef:af:60:8a:a0:5b:68:df:b7:be:3c
 c:2a:61:12:bb:cc:0c:20:23:38:b1:41:7e:8c:08:4e
 :aa:1a:af:d9:8e:40:07:d5:59:9c:7d:1e:39:c3:65
 	e0:e9:b4:d6:5e:0a:bd:8b:9c:57:b7:97:b8:1d:21:37
 f:4d:ba:99:ee:63:d5:98:df:79:31:72:5e:0f:8e:c6
 :b5:17:b9:4b:b1:53:61:18:80:a5:4b:55:f5:16:6d
 exp2:
 c:59:51:41:e1:70:48:cf:bc:1a:14:14:c4:7f:25:1e
 d:ae:55:e6:0f:c2:85:13:85:7c:79:c6:68:36:43:77
 	b8:c0:ab:74:41:2c:77:62:40:55:7a:7a:40:f9:b4:7a
 	a5:78:c0:18:aa:92:8e:6e:a6:80:c7:52:56:21:69:a0
 	b0:16:11:f9:1e:80:a0:41:a7:09:1f:3e:f5:d5:78:a6
 	e9:da:1b:b7:1b:49:64:a8:ca:48:20:16:38:23:ac:eb
 :43:bf:5c:13:ce:aa:1e:56:2e:b0:2d:7e:47:38:2f
 c:70:c1:c2:27:b3:ff:ca:eb:fb:3f:64:e0:79:86:59
 Public Key PIN:
 	pin-sha256:8WMSWb7fAo1Mu4r8Cib3aGoqGUoXIP093eQI/lKAJ3g=
 Public Key ID:
 	sha256:f1631259bedf028d4cbb8afc0a26f7686a2a194a1720fd3ddde408fe52802778
 	sha1:2eb1121201a8f84def83e27fec8c60323f488a23
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAwHzBZLVCtcE46AJeiECixdPefnJ31NlyiGIFhXVnlgmXLJuR
 WA+D78dkHlPtDzwQ4pejIMOq+BYiVdjpChmf5zuBdnkn61bFE5/xGAvklBvYkR5l
 ZLSMXI159E3iCl2lU4InsKfaGYoL8uLah7lOmEcaHLZKFVJA4CFnoTyI3eL7N1Oc
 HWkXqIV6A6aH1MDq2nN82ZHmX6o9KN09M6p2goigWyZnchGyFgN4x1zPEfNmF1Nu
 rAHHf3pXp57ATXQ+8lqJv8QWj7l/wbu3i7GWnl+shPoBZle6RqV+2gnou0omE0S5
 RDG3gm+ljmwji+oMr0KIbKckglFgQs+zjVTyIwIDAQABAoIBAQC13enX3k8+bWb4
 By0MLY3dvnXtIPhJun41j+/JjgkmQL9+HSpxeo9dIRZedUt5ZnZJsZ4mmdlS947P
 b9eXfGiR0K5cotJt0Bj6ltbzsmDw83JmgsKoKNKpq957To7w3lQTl9kqVx2BneX2
 QhLZw+MXi66HTFCo3oN/gPBp7kke4u+o8vexD6H4ZA6Na/joXlIk9USNI3bgkKT2
 O5hGk1g/UrES8m8ClkAOGE0ZICA6M2zNLgXAGr9sdMMCu5p/5U6/R9bI7nFD0G/2
 T3Jl7Bp2kRiXb+ch3yKdApeDW1LKhm8HdGdwgIXSRAy29rMQ8rhF6YzRwudnbQB4
 DjDHdg8xAoGBAM9pNuiDF0YiIOxZJPcWT44IaQ0pMiSdkPuOl2W6O1BeypLNnU/7
 srQVhsOujNkdkUseAi1t/syAbkhfcA8FOniSAh2P+pOk1ZBjAE+pj9YL9vPHnD
 rXmRHKaUAES+50NZXCGrH6rHW+St1wBME31jia9MtuqGslkdyPfulB57AoGBAO2U
 iySCq4lqFtl1S6YM+h+EEw3ftjNtMLyl7vHjP7/9nsmoIR5Ji6jR1/JJJKW3iQAT
 iD5gAJ+oXypJMGnyL9wrCnQsogF9DGQRRr8XGq64Gz2bkwqA9BB3SiDjIqQ3/4
 e8k+NP7huaJP9XqqnZaS3JgrYy0HXXVV/X9fVn55AoGAVwnCHwSUCbxcsJIgLwhP
 zjy9SOaWwkLVCpul8Oyb43hD7iMW9u+vYIqgW2jft748jCphErvMDCAjOLFBfowI
 TjKqGq/ZjkAH1VmcfR45w2Xg6bTWXgq9i5xXt5e4HSE3j026me5j1ZjfeTFyXg+O
 xjm1F7lLsVNhGIClS1X1Fm0CgYBMWVFB4XBIz7waFBTEfyUeXa5V5g/ChROFfHnG
 aDZDd7jAq3RBLHdiQFV6ekD5tHqleMAYqpKObqaAx1JWIWmgsBYR+R6AoEGnCR8+
 dV4punaG7cbSWSoykggFjgjrOtWQ79cE86qHlYusC1+RzgvfHDBwiez/8rr+z9k
 HmGWQKBgGBxxyxMbuWlOOwoP1Sb10yXvniZUXVDOJqLftZaxpfMrjs0g6r881Ea
 aTi0iC70Y2YvI5I7KRbhUpE30LPnqi62sQAKpWSCsI4vJZtv659WRld1n+ZlNkLC
 yeAcuV2565SGKTaH/JJdmqzZx/m0KCRD8kpRIDvbm3+kj9jkb2qU
 -----END RSA PRIVATE KEY-----

roles/web_server/molecule/default/tests/data/x509/parameters-mandatory-stretch64_https.pem

➞

Show inline comments

@@ new file 100644 @@
 -----BEGIN CERTIFICATE-----
 MIIELDCCApSgAwIBAgIMWWXRlyNKFAsg+sh2MA0GCSqGSIb3DQEBCwUAMEgxIjAg
 BgNVBAMTGUV4YW1wbGUgSW5jLiBUZXN0IFNpdGUgQ0ExFTATBgNVBAoTDEV4YW1w
 bGUgSW5jLjELMAkGA1UEBhMCU0UwHhcNMTcwNzEyMDczNjU1WhcNMjcwNzEwMDcz
 NjU1WjBFMR8wHQYDVQQDExZFeGFtcGUgSW5jLiBXZWIgU2VydmVyMRUwEwYDVQQK
 EwxFeGFtcGxlIEluYy4xCzAJBgNVBAYTAlNFMIIBIjANBgkqhkiG9w0BAQEFAAOC
 AQ8AMIIBCgKCAQEAwHzBZLVCtcE46AJeiECixdPefnJ31NlyiGIFhXVnlgmXLJuR
 WA+D78dkHlPtDzwQ4pejIMOq+BYiVdjpChmf5zuBdnkn61bFE5/xGAvklBvYkR5l
 ZLSMXI159E3iCl2lU4InsKfaGYoL8uLah7lOmEcaHLZKFVJA4CFnoTyI3eL7N1Oc
 HWkXqIV6A6aH1MDq2nN82ZHmX6o9KN09M6p2goigWyZnchGyFgN4x1zPEfNmF1Nu
 rAHHf3pXp57ATXQ+8lqJv8QWj7l/wbu3i7GWnl+shPoBZle6RqV+2gnou0omE0S5
 RDG3gm+ljmwji+oMr0KIbKckglFgQs+zjVTyIwIDAQABo4GYMIGVMAwGA1UdEwEB
 /wQCMAAwHwYDVR0RBBgwFoIUcGFyYW1ldGVycy1tYW5kYXRvcnkwEwYDVR0lBAww
 CgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQULrESEgGo+E3v
 g+J/7IxgMj9IiiMwHwYDVR0jBBgwFoAUN2vbkxxpfpJMa99zhfiEllmBT2swDQYJ
 KoZIhvcNAQELBQADggGBAI1mG7d1wPpA40JmBYll2KasIH/ldLN2eu8rAdM00Rep
 KPeMCwOEIoJp3LZL43fubQKP0okw1JstskQt6PPNbL53I8hIhUmKUQEEYXG3AIB8
 p7w2BSq+ROV3Te3Eu+aSCT+sXGnu7FPbioMoZb90tHdZWxMvDGGN/HNXFevM0h5j
 vf6O+HlBLXU5mClpyD95OR+ULvYwWWhFwWar6mM0l2ByffJzl21iRZT5pBnnEQY
 A9RhUwb7f++uByPlKl08OGAaf2fl9VQUIK2mbjRu3ARfFQWyB+8Mq3EqkYSxRA3
 dpe+thQ8u4dUddJnDdHT5L0/odkCWHfN7512+kCbV4fYq+iSWnIBF6yEa09WLLdq
 a5PHo/GGcA8P2SBGh0Jay/NSKpaIGhrCYp5mxiXm60oAHMYPXHZW0U28vtlAXkJb
 KeCCgR/4Wa0G0QnbiT29s5yDIYy3YgSL+3Ug3y0XGRKMaMzVNA4p4CBbJo1ybhVu
 XMygMYr+69hXbaCoeWn2Bg==
 -----END CERTIFICATE-----

roles/web_server/molecule/default/tests/test_client.py

➞

Show inline comments

 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['clients'])
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['client'])
 def test_connectivity(host):
     """
     Tests connectivity to the web server (ports that should be reachable).
     """

roles/web_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -4,21 +4,21 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory', 'parameters-optional'])
 def test_installed_packages(host):
+def test_installed_packages(host, php_info):
     """
     Tests if the required packages have been installed.
     """
     assert host.package('nginx').is_installed
     assert host.package('virtualenv').is_installed
     assert host.package('virtualenvwrapper').is_installed
-    assert host.package('php5-fpm').is_installed
+    assert host.package(php_info.fpm_package).is_installed
 def test_nginx_user(host):
     """
     Tests if Nginx user has been set-up correctly to traverse TLS directories.
     """
@@ @@ -135,22 +135,22 @@ def test_default_vhost_index_page_file(host): @@
         assert page.is_file
         assert page.user == 'root'
         assert page.group == 'www-data'
         assert page.mode == 0o640
 def test_services(host):
+def test_services(host, php_info):
     """
     Tests if services are enabled at boot and running.
     """
     service = host.service('nginx')
     assert service.is_enabled
     assert service.is_running
-    service = host.service('php5-fpm')
+    service = host.service(php_info.fpm_service)
     assert service.is_enabled
     assert service.is_running
 def test_sockets(host):
     """
@@ @@ -158,81 +158,81 @@ def test_sockets(host): @@
     """
     assert host.socket("tcp://80").is_listening
     assert host.socket("tcp://443").is_listening
 def test_socket_directories(host):
+def test_socket_directories(host, php_info):
     """
     Tests if directories containing sockets for WSGI and PHP apps are created
     correctly.
     """
     directory = host.file('/run/wsgi')
     assert directory.is_directory
     assert directory.user == 'root'
     assert directory.group == 'www-data'
     assert directory.mode == 0o750
-    directory = host.file('/run/php5-fpm')
+    directory = host.file('/run/%s' % php_info.fpm_service)
     assert directory.is_directory
     assert directory.user == 'root'
     assert directory.group == 'www-data'
     assert directory.mode == 0o750
     config = host.file('/etc/tmpfiles.d/wsgi.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     assert 'd /run/wsgi/ 0750 root www-data - -' in config.content
-    config = host.file('/etc/tmpfiles.d/php5-fpm.conf')
+    config = host.file('/etc/tmpfiles.d/%s.conf' % php_info.fpm_service)
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-    assert 'd /run/php5-fpm/ 0750 root www-data - -' in config.content
+    assert 'd /run/%s/ 0750 root www-data - -' % php_info.fpm_service in config.content
-def test_php5_fpm_service_overrides(host):
+def test_php_fpm_service_overrides(host, php_info):
     """
-    Tests if overrides for php5-fpm service are deployed correctly.
+    Tests if overrides for PHP-FPM service are deployed correctly.
     """
-    directory = host.file('/etc/systemd/system/php5-fpm.service.d')
+    directory = host.file('/etc/systemd/system/%s.service.d' % php_info.fpm_service)
     assert directory.is_directory
     assert directory.user == 'root'
     assert directory.group == 'root'
     assert directory.mode == 0o755
-    config = host.file('/etc/systemd/system/php5-fpm.service.d/umask.conf')
+    config = host.file('/etc/systemd/system/%s.service.d/umask.conf' % php_info.fpm_service)
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
 def test_php_timezone_configuration(host):
+def test_php_timezone_configuration(host, php_info):
     """
     Tests if PHP timezone configuration has been set correctly.
     """
-    config = host.file('/etc/php5/cli/conf.d/30-timezone.ini')
+    config = host.file('%s/cli/conf.d/30-timezone.ini' % php_info.base_config_dir)
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-    config = host.file('/etc/php5/fpm/conf.d/30-timezone.ini')
+    config = host.file('%s/fpm/conf.d/30-timezone.ini' % php_info.base_config_dir)
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
-    timezone = host.run("php --php-ini /etc/php5/cli/php.ini -r 'echo ini_get(\"date.timezone\");'")
+    timezone = host.run("php --php-ini %s -r %s", "%s/cli/php.ini" % php_info.base_config_dir, "echo ini_get('date.timezone');")
     assert timezone.rc == 0
     assert timezone.stdout == "GMT+0"
-    timezone = host.run("php --php-ini /etc/php5/fpm/php.ini -r 'echo ini_get(\"date.timezone\");'")
+    timezone = host.run("php --php-ini %s -r %s", "%s/fpm/php.ini" % php_info.base_config_dir, "echo ini_get('date.timezone');")
     assert timezone.rc == 0
     assert timezone.stdout == "GMT+0"

roles/web_server/tasks/main.yml

➞

Show inline comments

@@ @@ -141,53 +141,53 @@ @@
     state: directory
     owner: root
     group: www-data
     mode: 0750
   with_items:
     - "/run/wsgi/"
-    - "/run/php5-fpm/"
+    - "/run/{{ php_fpm_service_name }}/"
 - name: Create directories for storing per-site socket files on boot
   copy:
     content: "d /run/{{ item }}/ 0750 root www-data - -"
     dest: "/etc/tmpfiles.d/{{ item }}.conf"
     owner: root
     group: root
     mode: 0644
   with_items:
     - wsgi
-    - php5-fpm
+    - "{{ php_fpm_service_name }}"
 - name: Install base packages for PHP web applications
   apt:
     name: "{{ item }}"
     state: present
   with_items:
-    - php5-fpm
+    - "{{ php_fpm_package_name }}"
-- name: Create directory for storing PHP FPM service configuration overrides
+- name: Create directory for storing PHP-FPM service configuration overrides
   file:
-    path: "/etc/systemd/system/php5-fpm.service.d/"
+    path: "/etc/systemd/system/{{ php_fpm_service_name }}.service.d/"
     state: directory
     owner: root
     group: root
     mode: 0755
-- name: Configure php5-fpm service to run with umask 0007
+- name: Configure PHP-FPM service to run with umask 0007
   copy:
     src: "php5_fpm_umask.conf"
     dest: "/etc/systemd/system/php5-fpm.service.d/umask.conf"
     src: "php_fpm_umask.conf"
     dest: "/etc/systemd/system/{{ php_fpm_service_name }}.service.d/umask.conf"
     owner: root
     group: root
     mode: 0644
   notify:
-    - Restart php5-fpm
+    - Restart PHP-FPM
 - name: Enable service used for running PHP web applications
   service:
-    name: "php5-fpm"
+    name: "{{ php_fpm_service_name }}"
     enabled: true
     state: started
 - name: Read timezone on server
   slurp:
     src: "/etc/timezone"
@@ @@ -198,16 +198,16 @@ @@
     src: "php_timezone.ini.j2"
     dest: "{{ item }}/30-timezone.ini"
     owner: root
     group: root
     mode: 0644
   with_items:
     - /etc/php5/cli/conf.d/
     - /etc/php5/fpm/conf.d/
     - "{{ php_base_config_dir }}/cli/conf.d/"
     - "{{ php_base_config_dir }}/fpm/conf.d/"
   notify:
-    - Restart php5-fpm
+    - Restart PHP-FPM
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
   when: "handlers | default(False) | bool() == True"
   tags:
     - handlers

0 comments (0 inline, 0 general)