majic-ansible-roles Changeset

Changeset - ff510f233909

Parent rev.

Child rev.

[Not reviewed]

0 10 1

Branko Majic (branko) - 6 years ago 2018-08-04 11:46:15
branko@majic.rs

MAR-132: Added support for Debian 9 (Stretch) to php_website role:

- Implemented the necessary changes related to differences between PHP
versions and related paths (PHP 5 vs PHP 7).
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Use more specific host groups in tests.
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.

11 files changed with 111 insertions and 30 deletions:

docs/rolereference.rst

roles/php_website/defaults/main.yml

roles/php_website/molecule/default/molecule.yml

roles/php_website/molecule/default/playbook.yml

roles/php_website/molecule/default/prepare.yml

roles/php_website/molecule/default/tests/test_parameters_mandatory.py

roles/php_website/molecule/default/tests/test_parameters_optional.py

roles/php_website/molecule/default/tests/test_parameters_optional_jessie.py

roles/php_website/tasks/main.yml

roles/php_website/templates/fpm_site.conf.j2

roles/php_website/templates/nginx_site.j2

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1576,6 +1576,7 @@ Distribution compatibility @@
 Role is compatible with the following distributions:
 - Debian 8 (Jessie)
 - Debian 9 (Stretch)
 Examples

roles/php_website/defaults/main.yml

➞

Show inline comments

@@ @@ -18,3 +18,7 @@ environment_indicator: null @@
 admin: "admin-{{ fqdn | replace('.', '_') }}"
 user: "web-{{ fqdn | replace('.', '_') }}"
 home: "/var/www/{{ fqdn }}"
 php_fpm_pool_directory: "{% if ansible_distribution_release == 'jessie' %}/etc/php5/fpm/pool.d\
 {% elif ansible_distribution_release == 'stretch' %}/etc/php/7.0/fpm/pool.d{% endif %}"
 php_fpm_binary: "{% if ansible_distribution_release == 'jessie' %}php5-fpm{% elif ansible_distribution_release == 'stretch' %}php-fpm7.0{% endif %}"
 php_fpm_service_name: "{% if ansible_distribution_release == 'jessie' %}php5-fpm{% elif ansible_distribution_release == 'stretch' %}php7.0-fpm{% endif %}"

roles/php_website/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -17,10 +17,21 @@ platforms: @@
   - name: php-website-jessie64
     groups:
       - parameters-mandatory
       - parameters-optional
       - jessie
     box: debian/contrib-jessie64
     memory: 512
     cpus: 1
   - name: php-website-stretch64
     groups:
       - parameters-mandatory
       - parameters-optional
       - stretch
     box: debian/contrib-stretch64
     memory: 512
     cpus: 1
 provisioner:
   name: ansible
   config_options:

roles/php_website/molecule/default/playbook.yml

➞

Show inline comments

@@ @@ -46,9 +46,10 @@ @@
         - '^/rewrite_to_index1/(.*) /myindex.php last'
         - '^/rewrite_to_index2/(.*) /myindex.php last'
       packages:
         - php5-ldap
         - php5-json
         - libmariadb-client-lgpl-dev-compat
         - "{% if ansible_distribution_release == 'jessie' %}php5-ldap{% elif ansible_distribution_release == 'stretch' %}php-ldap{% endif %}"
         - "{% if ansible_distribution_release == 'jessie' %}php5-json{% elif ansible_distribution_release == 'stretch' %}php-json{% endif %}"
         - "{% if ansible_distribution_release == 'jessie' %}libmariadb-client-lgpl-dev-compat\
 {% elif ansible_distribution_release == 'stretch' %}libmariadbclient-dev-compat{% endif %}"
       uid: 5001
       website_mail_recipients: user

roles/php_website/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -38,6 +38,32 @@ @@
         name: postfix
         state: present
     - name: Install procmail for consistency with mail_server and mail_forwarder roles
       apt:
         name: procmail
         state: present
     - name: Update Postfix configuration
       lineinfile:
         path: /etc/postfix/main.cf
         regexp: "^{{ item.key }}"
         line: "{{ item.value }}"
         state: present
       with_dict:
         myhostname: "myhostname = {{ inventory_hostname }}"
         mailbox_command: 'mailbox_command = procmail -a "$EXTENSION"'
       notify:
         - Restart Postfix
     - name: Direct all mails from the root account to vagrant (Stretch image does not do that by default)
       lineinfile:
         path: /etc/aliases
         regexp: "^root"
         line: "root: vagrant"
         state: present
       notify:
         - Generate aliases database
     - name: Set-up group for an additional user
       group:
         name: user
@@ @@ -48,3 +74,13 @@ @@
         name: user
         group: user
         shell: /bin/bash
   handlers:
     - name: Restart Postfix
       service:
         name: postfix
         state: restarted
     - name: Generate aliases database
       command: "/usr/bin/newaliases"

roles/php_website/molecule/default/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ @@ -6,7 +6,7 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['all'])
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-mandatory'])
 def test_website_group(host):
@@ @@ -115,7 +115,7 @@ def test_mail_forwarding(host): @@
     send = host.run('swaks --suppress-data --to web-parameters-mandatory@localhost')
     assert send.rc == 0
-    message_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
+    original_queue_id = re.search('Ok: queued as (.*)', send.stdout).group(1)
     # Sleep for a couple of seconds so the mail can get delivered.
     time.sleep(5)
@@ @@ -124,22 +124,29 @@ def test_mail_forwarding(host): @@
         mail_log = host.file('/var/log/mail.log')
         # First extract message ID of forwarded mail.
         pattern = "%s: to=<web-parameters-mandatory@localhost>.*status=sent \(forwarded as ([^)]*)\)" % message_id
         message_id = re.search(pattern, mail_log.content).group(1)
         pattern = "%s: to=<web-parameters-mandatory@localhost>.*status=sent \(forwarded as ([^)]*)\)" % original_queue_id
         forward_queue_id = re.search(pattern, mail_log.content).group(1)
         # Now try to determine where the forward ended-up at.
-        pattern = "%s: to=<vagrant@%s>, orig_to=<web-parameters-mandatory@localhost>.*status=sent" % (message_id, hostname)
+        pattern = "%s: to=<vagrant@%s>, orig_to=<web-parameters-mandatory@localhost>.*status=sent" % (forward_queue_id, hostname)
         assert re.search(pattern, mail_log.content) is not None
-def test_php5_fpm_configuration_file(host):
+def test_php_fpm_configuration_file(host):
     """
     Tests if PHP FPM configuration file has been correctly deployed.
     """
     ansible_facts = host.ansible("setup")["ansible_facts"]
     if ansible_facts['ansible_distribution_release'] == 'jessie':
         config_file_path = '/etc/php5/fpm/pool.d/parameters-mandatory.conf'
     elif ansible_facts['ansible_distribution_release'] == 'stretch':
         config_file_path = '/etc/php/7.0/fpm/pool.d/parameters-mandatory.conf'
     with host.sudo():
-        config = host.file('/etc/php5/fpm/pool.d/parameters-mandatory.conf')
+        config = host.file(config_file_path)
         assert config.is_file
         assert config.user == 'root'
         assert config.group == 'root'

roles/php_website/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -6,7 +6,7 @@ import testinfra.utils.ansible_runner @@
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['all'])
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['parameters-optional'])
 def test_website_group(host):
@@ @@ -137,20 +137,20 @@ def test_installed_packages(host): @@
     Tests if additional packages are installed.
     """
     assert host.package('php5-ldap').is_installed
     assert host.package('php5-json').is_installed
     assert host.package('libmariadb-client-lgpl-dev-compat').is_installed
     ansible_facts = host.ansible("setup")["ansible_facts"]
     if ansible_facts['ansible_distribution_release'] == 'jessie':
         php_ldap_package = 'php5-ldap'
         php_json_package = 'php5-json'
         mariadb_compat_package = 'libmariadb-client-lgpl-dev-compat'
     elif ansible_facts['ansible_distribution_release'] == 'stretch':
         php_ldap_package = 'php-ldap'
         php_json_package = 'php-json'
         mariadb_compat_package = 'libmariadbclient-dev-compat'
 def test_mariadb_compat_symlink(host):
     """
     Tests if compatibility symlink is set-up for mysql_config binary if
     libmariadb-client-lgpl-dev-compat is installed.
     """
     link = host.file('/usr/bin/mysql_config')
     assert link.is_symlink
     assert link.linked_to == "/usr/bin/mariadb_config"
     assert host.package(php_ldap_package).is_installed
     assert host.package(php_json_package).is_installed
     assert host.package(mariadb_compat_package).is_installed
 def test_nginx_tls_files(host):

roles/php_website/molecule/default/tests/test_parameters_optional_jessie.py

➞

Show inline comments

@@ new file 100644 @@
 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts(['jessie'])
 def test_mariadb_compat_symlink(host):
     """
     Tests if compatibility symlink is set-up for mysql_config binary if
     libmariadb-client-lgpl-dev-compat is installed.
     """
     link = host.file('/usr/bin/mysql_config')
     assert link.is_symlink
     assert link.linked_to == "/usr/bin/mariadb_config"

roles/php_website/tasks/main.yml

➞

Show inline comments

@@ @@ -34,6 +34,10 @@ @@
     createhome: false
     state: present
     home: "{{ home }}"
     # This is a workaround for a rather stupid bug that Debian seems
     # uninterested to backport -
     # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865762
     shell: /bin/sh
 - name: Add nginx user to website group
   user:
@@ @@ -59,23 +63,23 @@ @@
     state: present
   with_items: "{{ packages }}"
 - name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
+- name: Set-up MariaDB mysql_config symbolic link for compatibility on Jessie (workaround for Debian bug 766996)
   file:
     src: "/usr/bin/mariadb_config"
     dest: "/usr/bin/mysql_config"
     state: link
   when: "'libmariadb-client-lgpl-dev-compat' in packages"
+  when: "'libmariadb-client-lgpl-dev-compat' in packages and ansible_distribution_release == 'jessie'"
 - name: Deploy PHP FPM configuration file for website
   template:
     src: "fpm_site.conf.j2"
     dest: "/etc/php5/fpm/pool.d/{{ fqdn }}.conf"
     validate: "php5-fpm -t -y %s"
     dest: "{{ php_fpm_pool_directory }}/{{ fqdn }}.conf"
     validate: "{{ php_fpm_binary }} -t -y %s"
     owner: root
     group: root
     mode: 0640
   notify:
-    - Restart php5-fpm
+    - Restart PHP-FPM
 - name: Deploy nginx TLS private key for website
   copy:

roles/php_website/templates/fpm_site.conf.j2

➞

Show inline comments

@@ @@ -6,7 +6,7 @@ user = {{ user }} @@
 group = {{ user }}
 ; Listen on a dedicated UNIX socket.
-listen = /var/run/php5-fpm/{{ fqdn }}.sock
+listen = /var/run/{{ php_fpm_service_name }}/{{ fqdn }}.sock
 ; Set-up UNIX socket permissions (allow web server to connect).
 listen.owner = www-data

roles/php_website/templates/nginx_site.j2

➞

Show inline comments

@@ @@ -56,7 +56,7 @@ server { @@
     # Interpret PHP files via FastCGI.
     location ~ {{ php_file_regex }} {
         include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php5-fpm/{{ fqdn }}.sock;
+        fastcgi_pass unix:/var/run/{{ php_fpm_service_name }}/{{ fqdn }}.sock;
+    }
     # Serve the files.

0 comments (0 inline, 0 general)