aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'manifests')
-rw-r--r--manifests/apc.pp12
-rw-r--r--manifests/fpm.pp4
-rw-r--r--manifests/init.pp24
-rw-r--r--manifests/packages.pp6
-rw-r--r--manifests/params.pp9
-rw-r--r--manifests/series5.pp19
-rw-r--r--manifests/series5/defaults.pp6
-rw-r--r--manifests/series5/hardened.pp15
-rw-r--r--manifests/series5/packages.pp26
-rw-r--r--manifests/series7.pp11
-rw-r--r--manifests/series7/defaults.pp6
-rw-r--r--manifests/series7/hardened.pp19
-rw-r--r--manifests/series7/packages.pp18
13 files changed, 115 insertions, 60 deletions
diff --git a/manifests/apc.pp b/manifests/apc.pp
index e916f1c..c77cfa1 100644
--- a/manifests/apc.pp
+++ b/manifests/apc.pp
@@ -1,20 +1,22 @@
class php::apc(
+ $series,
$ensure = 'present',
) {
- $series = $::php::series
- $fpm = $::php::fpm
+ $fpm = $::php::fpm
+ $services_portion = regsubst($series, '^', 'php')
+ $services = regsubst($services_portion, '$', '-fpm')
if $series == '5' {
- $version = $::php::series5::version
+ $version = $::php::params::version5
}
else {
- $version = $::php::series7::version
+ $version = $::php::params::version7
}
package { [ 'php-apcu', 'php-apcu-bc' ]:
ensure => $ensure,
notify => $fpm ? {
- 'present' => Service["php${version}-fpm"],
+ 'present' => Service[$services],
default => undef,
},
}
diff --git a/manifests/fpm.pp b/manifests/fpm.pp
index a3da2db..9b12b93 100644
--- a/manifests/fpm.pp
+++ b/manifests/fpm.pp
@@ -3,11 +3,11 @@ define php::fpm(
$ensure = 'present',
) {
if $series == '5' {
- $version = $::php::series5::version
+ $version = $::php::params::version5
$folder = $::php::series5::folder
}
else {
- $version = $::php::series7::version
+ $version = $::php::params::version7
$folder = $::php::series7::folder
}
diff --git a/manifests/init.pp b/manifests/init.pp
index daed35f..3f1dbab 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,23 +17,29 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class php(
- $series = '5',
+ $series = [ '5', '7' ],
$hardened = true,
$apc = absent,
$fpm = absent,
$manage_mod_php = false,
+ $default_cli = '7'
) {
- class { "php::series${series}":
- hardened => $hardened,
- manage_mod_php => $manage_mod_php,
- }
+ include php::params
- class { 'php::apc':
- ensure => $apc,
+ $series.each |$item| {
+ class { "php::series${item}":
+ hardened => $hardened,
+ manage_mod_php => $manage_mod_php,
+ }
+
+ php::fpm { "php-fpm-${item}":
+ series => $item,
+ ensure => $fpm,
+ }
}
- php::fpm { "php-fpm-${series}":
+ class { 'php::apc':
series => $series,
- ensure => $fpm,
+ ensure => $apc,
}
}
diff --git a/manifests/packages.pp b/manifests/packages.pp
new file mode 100644
index 0000000..0ea9292
--- /dev/null
+++ b/manifests/packages.pp
@@ -0,0 +1,6 @@
+class php::packages {
+ package { [ 'php', 'php-imagick', 'php-mysql', 'php-sqlite3', 'php-gd', 'php-curl' ]:
+ ensure => installed,
+ require => File['/etc/apt/sources.list.d/php.list'],
+ }
+}
diff --git a/manifests/params.pp b/manifests/params.pp
new file mode 100644
index 0000000..5585d5b
--- /dev/null
+++ b/manifests/params.pp
@@ -0,0 +1,9 @@
+class php::params {
+ $version7 = '7.2'
+ $version5 = $::lsbdistcodename ? {
+ 'xenial' => '5.6',
+ 'trusty' => '5.6',
+ 'stretch' => '5.6',
+ default => '5',
+ }
+}
diff --git a/manifests/series5.pp b/manifests/series5.pp
index e39dd8b..4202592 100644
--- a/manifests/series5.pp
+++ b/manifests/series5.pp
@@ -14,14 +14,8 @@ class php::series5(
}
}
- $version = $::lsbdistcodename ? {
- 'xenial' => '5.6',
- 'trusty' => '5.6',
- 'stretch' => '5.6',
- default => '5',
- }
-
- $folder = $::lsbdistcodename ? {
+ $version = $::php::params::version5
+ $folder = $::lsbdistcodename ? {
'xenial' => "/etc/php/${version}",
'trusty' => "/etc/php/${version}",
'stretch' => "/etc/php/${version}",
@@ -72,10 +66,17 @@ class php::series5(
}
# The needed apache modules
- if $manage_mod_php == true {
+ if $manage_mod_php == '5' {
+ $version7 = $::php::params::version7
+
apache::module { "php${version}":
ensure => present,
require => Package["libapache2-mod-php${version}"],
}
+
+ apache::module { "php${version7}":
+ ensure => absent,
+ require => Package["libapache2-mod-php${version}"],
+ }
}
}
diff --git a/manifests/series5/defaults.pp b/manifests/series5/defaults.pp
index 15cb8a2..0de7462 100644
--- a/manifests/series5/defaults.pp
+++ b/manifests/series5/defaults.pp
@@ -1,7 +1,7 @@
class php::series5::defaults {
php::config {
- 'error_reporting' : value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
- 'post_max_size' : value => '100M';
- 'upload_max_filesize' : value => '100M';
+ 'error_reporting_5' : param => 'error_reporting', series => '5', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+ 'post_max_size_5' : param => 'post_max_size', series => '5', value => '100M';
+ 'upload_max_filesize_5' : param => 'upload_max_filezise', series => '5', value => '100M';
}
}
diff --git a/manifests/series5/hardened.pp b/manifests/series5/hardened.pp
index e512402..7026a25 100644
--- a/manifests/series5/hardened.pp
+++ b/manifests/series5/hardened.pp
@@ -1,8 +1,19 @@
class php::series5::hardened {
+ $fpm = $::php::fpm
+ $disable_functions = 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'
+ #$disable_functions = 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec',
+
+ if $fpm == 'present' {
+ php::config {
+ 'allow_url_fopen_5_fpm' : param => 'allow_url_fopen', sapi => 'fpm', value => 'Off';
+ 'allow_url_include_5_fpm' : param => 'allow_url_include', sapi => 'fpm', value => 'Off';
+ 'disable_functions_5_fpm' : param => 'disable_functions', sapi => 'fpm', value => $disable_functions;
+ }
+ }
+
php::config {
'allow_url_fopen' : value => 'Off';
'allow_url_include' : value => 'Off';
- 'disable_functions' : value => 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec';
- #value => 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec',
+ 'disable_functions' : value => $disable_functions;
}
}
diff --git a/manifests/series5/packages.pp b/manifests/series5/packages.pp
index 2b7dd3d..373a655 100644
--- a/manifests/series5/packages.pp
+++ b/manifests/series5/packages.pp
@@ -1,28 +1,30 @@
-class php::series5::packages {
+class php::series5::packages inherits php::packages {
+ $version = $::php::params::version5
+
# The needed packages: we could also try libapache2-mod-php5.6filter
package { 'php5':
- name => 'php5.6',
+ name => "php${version}",
require => File['/etc/apt/sources.list.d/php.list'],
}
package { 'php5-cli':
- name => 'php5.6-cli',
+ name => "php${version}-cli",
require => File['/etc/apt/sources.list.d/php.list'],
}
- package { [ 'php5.6-mysql', 'php5.6-sqlite3', 'php5.6-curl', 'php5.6-gmp', 'libapache2-mod-php5.6' ]:
+ package { [ "php${version}-mysql", "php${version}-sqlite3", "php${version}-curl", "php${version}-gmp", "libapache2-mod-php${version}" ]:
ensure => installed,
require => File['/etc/apt/sources.list.d/php.list'],
}
# Optional packages
- package { [ "php5.6-gd", "php-imagick", "php5.6-xml", "php5.6-mbstring" ]:
+ package { [ "php${version}-gd", "php${version}-xml", "php${version}-mbstring" ]:
ensure => installed,
require => File['/etc/apt/sources.list.d/php.list'],
}
# Not available anymore
- package { 'php5.6-suhosin':
+ package { 'php${version}-suhosin':
ensure => absent,
require => File['/etc/apt/sources.list.d/php.list'],
}
@@ -33,10 +35,12 @@ class php::series5::packages {
}
# Default alternative
- file { "/etc/alternatives/php":
- ensure => "/usr/bin/php5.6",
- owner => root,
- group => root,
- require => Package['php5'],
+ if $::php::default_cli == '5' {
+ file { "/etc/alternatives/php":
+ ensure => "/usr/bin/php${version}",
+ owner => root,
+ group => root,
+ require => Package['php5-cli'],
+ }
}
}
diff --git a/manifests/series7.pp b/manifests/series7.pp
index 38b82d1..d6af596 100644
--- a/manifests/series7.pp
+++ b/manifests/series7.pp
@@ -14,7 +14,7 @@ class php::series7(
}
}
- $version = '7.2'
+ $version = $::php::params::version7
$folder = "/etc/php/${version}"
include php::series7::packages
@@ -26,11 +26,18 @@ class php::series7(
}
# The needed apache modules
- if $manage_mod_php == true {
+ if $manage_mod_php == '7' {
+ $version5 = $::php::params::version5
+
apache::module { "php${version}":
ensure => present,
require => Package["libapache2-mod-php${version}"],
}
+
+ apache::module { "php${version5}":
+ ensure => absent,
+ require => Package["libapache2-mod-php${version}"],
+ }
}
file { [ "${folder}", "${folder}/cli", "${folder}/apache2", "${folder}/cli/conf.d", "${folder}/apache2/conf.d" ]:
diff --git a/manifests/series7/defaults.pp b/manifests/series7/defaults.pp
index 936d165..6d7e5b9 100644
--- a/manifests/series7/defaults.pp
+++ b/manifests/series7/defaults.pp
@@ -1,7 +1,7 @@
class php::series7::defaults {
php::config {
- 'error_reporting' : series => '7', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
- 'post_max_size' : series => '7', value => '100M';
- 'upload_max_filesize' : series => '7', value => '100M';
+ 'error_reporting_7' : param => 'error_reporting', series => '7', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+ 'post_max_size_7' : param => 'post_max_size', series => '7', value => '100M';
+ 'upload_max_filesize_7' : param => 'upload_max_filezise', series => '7', value => '100M';
}
}
diff --git a/manifests/series7/hardened.pp b/manifests/series7/hardened.pp
index 2579f79..d0fb67c 100644
--- a/manifests/series7/hardened.pp
+++ b/manifests/series7/hardened.pp
@@ -1,20 +1,19 @@
class php::series7::hardened {
$fpm = $::php::fpm
$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'
- # $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec'
+ #$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec'
if $fpm == 'present' {
php::config {
- 'allow_url_fopen' : series => '7', sapi => 'fpm', value => 'Off';
- 'allow_url_include' : series => '7', sapi => 'fpm', value => 'Off';
- 'disable_functions' : series => '7', sapi => 'fpm', value => $disable_functions;
+ 'allow_url_fopen_7_fpm' : param => 'allow_url_fopen', series => '7', sapi => 'fpm', value => 'Off';
+ 'allow_url_include_7_fpm' : param => 'allow_url_include', series => '7', sapi => 'fpm', value => 'Off';
+ 'disable_functions_7_fpm' : param => 'disable_functions', series => '7', sapi => 'fpm', value => $disable_functions;
}
}
- else {
- php::config {
- 'allow_url_fopen' : series => '7', value => 'Off';
- 'allow_url_include' : series => '7', value => 'Off';
- 'disable_functions' : series => '7', value => $disable_functions;
- }
+
+ php::config {
+ 'allow_url_fopen_7' : param => 'allow_url_fopen', series => '7', value => 'Off';
+ 'allow_url_include_7' : param => 'allow_url_include', series => '7', value => 'Off';
+ 'disable_functions_7' : param => 'disable_functions', series => '7', value => $disable_functions;
}
}
diff --git a/manifests/series7/packages.pp b/manifests/series7/packages.pp
index f4cef52..541ece3 100644
--- a/manifests/series7/packages.pp
+++ b/manifests/series7/packages.pp
@@ -1,12 +1,22 @@
-class php::series7::packages {
- $version = $::php::series7::version
+class php::series7::packages inherits php::packages {
+ $version = $::php::params::version7
- package { [ 'php', 'php-mysql', "php${version}-mysql", 'php-sqlite3', 'php-cli', 'php-curl', "php${version}-curl", 'php-gmp', "libapache2-mod-php${version}" ]:
+ package { [ "php${version}-common", "php${version}-mysql", "php${version}-cli", "php${version}-curl", 'php-gmp', "libapache2-mod-php${version}" ]:
ensure => installed,
}
# Optional packages
- package { [ "php-gd", "php${version}-gd", "php-imagick" ]:
+ package { [ "php${version}-gd" ]:
ensure => installed,
}
+
+ # Default alternative
+ if $::php::default_cli == '7' {
+ file { "/etc/alternatives/php":
+ ensure => "/usr/bin/php${version}",
+ owner => root,
+ group => root,
+ require => Package["php${version}-cli"],
+ }
+ }
}