diff options
-rw-r--r-- | TODO.md | 5 | ||||
-rw-r--r-- | manifests/apc.pp | 12 | ||||
-rw-r--r-- | manifests/fpm.pp | 4 | ||||
-rw-r--r-- | manifests/init.pp | 24 | ||||
-rw-r--r-- | manifests/packages.pp | 6 | ||||
-rw-r--r-- | manifests/params.pp | 9 | ||||
-rw-r--r-- | manifests/series5.pp | 19 | ||||
-rw-r--r-- | manifests/series5/defaults.pp | 6 | ||||
-rw-r--r-- | manifests/series5/hardened.pp | 15 | ||||
-rw-r--r-- | manifests/series5/packages.pp | 26 | ||||
-rw-r--r-- | manifests/series7.pp | 11 | ||||
-rw-r--r-- | manifests/series7/defaults.pp | 6 | ||||
-rw-r--r-- | manifests/series7/hardened.pp | 19 | ||||
-rw-r--r-- | manifests/series7/packages.pp | 18 |
14 files changed, 115 insertions, 65 deletions
diff --git a/TODO.md b/TODO.md deleted file mode 100644 index 19d1818..0000000 --- a/TODO.md +++ /dev/null @@ -1,5 +0,0 @@ -TODO -==== - -* Refactor to support multiple PHP versions (5.6, 7.0, 7.1, 7.2 etc) and multiple SAPIs at the same time? - One way to do that is to make `$series` as an array. diff --git a/manifests/apc.pp b/manifests/apc.pp index e916f1c..c77cfa1 100644 --- a/manifests/apc.pp +++ b/manifests/apc.pp @@ -1,20 +1,22 @@ class php::apc( + $series, $ensure = 'present', ) { - $series = $::php::series - $fpm = $::php::fpm + $fpm = $::php::fpm + $services_portion = regsubst($series, '^', 'php') + $services = regsubst($services_portion, '$', '-fpm') if $series == '5' { - $version = $::php::series5::version + $version = $::php::params::version5 } else { - $version = $::php::series7::version + $version = $::php::params::version7 } package { [ 'php-apcu', 'php-apcu-bc' ]: ensure => $ensure, notify => $fpm ? { - 'present' => Service["php${version}-fpm"], + 'present' => Service[$services], default => undef, }, } diff --git a/manifests/fpm.pp b/manifests/fpm.pp index a3da2db..9b12b93 100644 --- a/manifests/fpm.pp +++ b/manifests/fpm.pp @@ -3,11 +3,11 @@ define php::fpm( $ensure = 'present', ) { if $series == '5' { - $version = $::php::series5::version + $version = $::php::params::version5 $folder = $::php::series5::folder } else { - $version = $::php::series7::version + $version = $::php::params::version7 $folder = $::php::series7::folder } diff --git a/manifests/init.pp b/manifests/init.pp index daed35f..3f1dbab 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,23 +17,29 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. class php( - $series = '5', + $series = [ '5', '7' ], $hardened = true, $apc = absent, $fpm = absent, $manage_mod_php = false, + $default_cli = '7' ) { - class { "php::series${series}": - hardened => $hardened, - manage_mod_php => $manage_mod_php, - } + include php::params - class { 'php::apc': - ensure => $apc, + $series.each |$item| { + class { "php::series${item}": + hardened => $hardened, + manage_mod_php => $manage_mod_php, + } + + php::fpm { "php-fpm-${item}": + series => $item, + ensure => $fpm, + } } - php::fpm { "php-fpm-${series}": + class { 'php::apc': series => $series, - ensure => $fpm, + ensure => $apc, } } diff --git a/manifests/packages.pp b/manifests/packages.pp new file mode 100644 index 0000000..0ea9292 --- /dev/null +++ b/manifests/packages.pp @@ -0,0 +1,6 @@ +class php::packages { + package { [ 'php', 'php-imagick', 'php-mysql', 'php-sqlite3', 'php-gd', 'php-curl' ]: + ensure => installed, + require => File['/etc/apt/sources.list.d/php.list'], + } +} diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..5585d5b --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,9 @@ +class php::params { + $version7 = '7.2' + $version5 = $::lsbdistcodename ? { + 'xenial' => '5.6', + 'trusty' => '5.6', + 'stretch' => '5.6', + default => '5', + } +} diff --git a/manifests/series5.pp b/manifests/series5.pp index e39dd8b..4202592 100644 --- a/manifests/series5.pp +++ b/manifests/series5.pp @@ -14,14 +14,8 @@ class php::series5( } } - $version = $::lsbdistcodename ? { - 'xenial' => '5.6', - 'trusty' => '5.6', - 'stretch' => '5.6', - default => '5', - } - - $folder = $::lsbdistcodename ? { + $version = $::php::params::version5 + $folder = $::lsbdistcodename ? { 'xenial' => "/etc/php/${version}", 'trusty' => "/etc/php/${version}", 'stretch' => "/etc/php/${version}", @@ -72,10 +66,17 @@ class php::series5( } # The needed apache modules - if $manage_mod_php == true { + if $manage_mod_php == '5' { + $version7 = $::php::params::version7 + apache::module { "php${version}": ensure => present, require => Package["libapache2-mod-php${version}"], } + + apache::module { "php${version7}": + ensure => absent, + require => Package["libapache2-mod-php${version}"], + } } } diff --git a/manifests/series5/defaults.pp b/manifests/series5/defaults.pp index 15cb8a2..0de7462 100644 --- a/manifests/series5/defaults.pp +++ b/manifests/series5/defaults.pp @@ -1,7 +1,7 @@ class php::series5::defaults { php::config { - 'error_reporting' : value => 'E_ALL & ~E_NOTICE & ~E_STRICT'; - 'post_max_size' : value => '100M'; - 'upload_max_filesize' : value => '100M'; + 'error_reporting_5' : param => 'error_reporting', series => '5', value => 'E_ALL & ~E_NOTICE & ~E_STRICT'; + 'post_max_size_5' : param => 'post_max_size', series => '5', value => '100M'; + 'upload_max_filesize_5' : param => 'upload_max_filezise', series => '5', value => '100M'; } } diff --git a/manifests/series5/hardened.pp b/manifests/series5/hardened.pp index e512402..7026a25 100644 --- a/manifests/series5/hardened.pp +++ b/manifests/series5/hardened.pp @@ -1,8 +1,19 @@ class php::series5::hardened { + $fpm = $::php::fpm + $disable_functions = 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec' + #$disable_functions = 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec', + + if $fpm == 'present' { + php::config { + 'allow_url_fopen_5_fpm' : param => 'allow_url_fopen', sapi => 'fpm', value => 'Off'; + 'allow_url_include_5_fpm' : param => 'allow_url_include', sapi => 'fpm', value => 'Off'; + 'disable_functions_5_fpm' : param => 'disable_functions', sapi => 'fpm', value => $disable_functions; + } + } + php::config { 'allow_url_fopen' : value => 'Off'; 'allow_url_include' : value => 'Off'; - 'disable_functions' : value => 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'; - #value => 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec', + 'disable_functions' : value => $disable_functions; } } diff --git a/manifests/series5/packages.pp b/manifests/series5/packages.pp index 2b7dd3d..373a655 100644 --- a/manifests/series5/packages.pp +++ b/manifests/series5/packages.pp @@ -1,28 +1,30 @@ -class php::series5::packages { +class php::series5::packages inherits php::packages { + $version = $::php::params::version5 + # The needed packages: we could also try libapache2-mod-php5.6filter package { 'php5': - name => 'php5.6', + name => "php${version}", require => File['/etc/apt/sources.list.d/php.list'], } package { 'php5-cli': - name => 'php5.6-cli', + name => "php${version}-cli", require => File['/etc/apt/sources.list.d/php.list'], } - package { [ 'php5.6-mysql', 'php5.6-sqlite3', 'php5.6-curl', 'php5.6-gmp', 'libapache2-mod-php5.6' ]: + package { [ "php${version}-mysql", "php${version}-sqlite3", "php${version}-curl", "php${version}-gmp", "libapache2-mod-php${version}" ]: ensure => installed, require => File['/etc/apt/sources.list.d/php.list'], } # Optional packages - package { [ "php5.6-gd", "php-imagick", "php5.6-xml", "php5.6-mbstring" ]: + package { [ "php${version}-gd", "php${version}-xml", "php${version}-mbstring" ]: ensure => installed, require => File['/etc/apt/sources.list.d/php.list'], } # Not available anymore - package { 'php5.6-suhosin': + package { 'php${version}-suhosin': ensure => absent, require => File['/etc/apt/sources.list.d/php.list'], } @@ -33,10 +35,12 @@ class php::series5::packages { } # Default alternative - file { "/etc/alternatives/php": - ensure => "/usr/bin/php5.6", - owner => root, - group => root, - require => Package['php5'], + if $::php::default_cli == '5' { + file { "/etc/alternatives/php": + ensure => "/usr/bin/php${version}", + owner => root, + group => root, + require => Package['php5-cli'], + } } } diff --git a/manifests/series7.pp b/manifests/series7.pp index 38b82d1..d6af596 100644 --- a/manifests/series7.pp +++ b/manifests/series7.pp @@ -14,7 +14,7 @@ class php::series7( } } - $version = '7.2' + $version = $::php::params::version7 $folder = "/etc/php/${version}" include php::series7::packages @@ -26,11 +26,18 @@ class php::series7( } # The needed apache modules - if $manage_mod_php == true { + if $manage_mod_php == '7' { + $version5 = $::php::params::version5 + apache::module { "php${version}": ensure => present, require => Package["libapache2-mod-php${version}"], } + + apache::module { "php${version5}": + ensure => absent, + require => Package["libapache2-mod-php${version}"], + } } file { [ "${folder}", "${folder}/cli", "${folder}/apache2", "${folder}/cli/conf.d", "${folder}/apache2/conf.d" ]: diff --git a/manifests/series7/defaults.pp b/manifests/series7/defaults.pp index 936d165..6d7e5b9 100644 --- a/manifests/series7/defaults.pp +++ b/manifests/series7/defaults.pp @@ -1,7 +1,7 @@ class php::series7::defaults { php::config { - 'error_reporting' : series => '7', value => 'E_ALL & ~E_NOTICE & ~E_STRICT'; - 'post_max_size' : series => '7', value => '100M'; - 'upload_max_filesize' : series => '7', value => '100M'; + 'error_reporting_7' : param => 'error_reporting', series => '7', value => 'E_ALL & ~E_NOTICE & ~E_STRICT'; + 'post_max_size_7' : param => 'post_max_size', series => '7', value => '100M'; + 'upload_max_filesize_7' : param => 'upload_max_filezise', series => '7', value => '100M'; } } diff --git a/manifests/series7/hardened.pp b/manifests/series7/hardened.pp index 2579f79..d0fb67c 100644 --- a/manifests/series7/hardened.pp +++ b/manifests/series7/hardened.pp @@ -1,20 +1,19 @@ class php::series7::hardened { $fpm = $::php::fpm $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec' - # $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec' + #$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec' if $fpm == 'present' { php::config { - 'allow_url_fopen' : series => '7', sapi => 'fpm', value => 'Off'; - 'allow_url_include' : series => '7', sapi => 'fpm', value => 'Off'; - 'disable_functions' : series => '7', sapi => 'fpm', value => $disable_functions; + 'allow_url_fopen_7_fpm' : param => 'allow_url_fopen', series => '7', sapi => 'fpm', value => 'Off'; + 'allow_url_include_7_fpm' : param => 'allow_url_include', series => '7', sapi => 'fpm', value => 'Off'; + 'disable_functions_7_fpm' : param => 'disable_functions', series => '7', sapi => 'fpm', value => $disable_functions; } } - else { - php::config { - 'allow_url_fopen' : series => '7', value => 'Off'; - 'allow_url_include' : series => '7', value => 'Off'; - 'disable_functions' : series => '7', value => $disable_functions; - } + + php::config { + 'allow_url_fopen_7' : param => 'allow_url_fopen', series => '7', value => 'Off'; + 'allow_url_include_7' : param => 'allow_url_include', series => '7', value => 'Off'; + 'disable_functions_7' : param => 'disable_functions', series => '7', value => $disable_functions; } } diff --git a/manifests/series7/packages.pp b/manifests/series7/packages.pp index f4cef52..541ece3 100644 --- a/manifests/series7/packages.pp +++ b/manifests/series7/packages.pp @@ -1,12 +1,22 @@ -class php::series7::packages { - $version = $::php::series7::version +class php::series7::packages inherits php::packages { + $version = $::php::params::version7 - package { [ 'php', 'php-mysql', "php${version}-mysql", 'php-sqlite3', 'php-cli', 'php-curl', "php${version}-curl", 'php-gmp', "libapache2-mod-php${version}" ]: + package { [ "php${version}-common", "php${version}-mysql", "php${version}-cli", "php${version}-curl", 'php-gmp', "libapache2-mod-php${version}" ]: ensure => installed, } # Optional packages - package { [ "php-gd", "php${version}-gd", "php-imagick" ]: + package { [ "php${version}-gd" ]: ensure => installed, } + + # Default alternative + if $::php::default_cli == '7' { + file { "/etc/alternatives/php": + ensure => "/usr/bin/php${version}", + owner => root, + group => root, + require => Package["php${version}-cli"], + } + } } |