+++ /dev/null
-TODO
-====
-
-* Refactor to support multiple PHP versions (5.6, 7.0, 7.1, 7.2 etc) and multiple SAPIs at the same time?
- One way to do that is to make `$series` as an array.
class php::apc(
+ $series,
$ensure = 'present',
) {
- $series = $::php::series
- $fpm = $::php::fpm
+ $fpm = $::php::fpm
+ $services_portion = regsubst($series, '^', 'php')
+ $services = regsubst($services_portion, '$', '-fpm')
if $series == '5' {
- $version = $::php::series5::version
+ $version = $::php::params::version5
}
else {
- $version = $::php::series7::version
+ $version = $::php::params::version7
}
package { [ 'php-apcu', 'php-apcu-bc' ]:
ensure => $ensure,
notify => $fpm ? {
- 'present' => Service["php${version}-fpm"],
+ 'present' => Service[$services],
default => undef,
},
}
$ensure = 'present',
) {
if $series == '5' {
- $version = $::php::series5::version
+ $version = $::php::params::version5
$folder = $::php::series5::folder
}
else {
- $version = $::php::series7::version
+ $version = $::php::params::version7
$folder = $::php::series7::folder
}
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class php(
- $series = '5',
+ $series = [ '5', '7' ],
$hardened = true,
$apc = absent,
$fpm = absent,
$manage_mod_php = false,
+ $default_cli = '7'
) {
- class { "php::series${series}":
- hardened => $hardened,
- manage_mod_php => $manage_mod_php,
- }
+ include php::params
- class { 'php::apc':
- ensure => $apc,
+ $series.each |$item| {
+ class { "php::series${item}":
+ hardened => $hardened,
+ manage_mod_php => $manage_mod_php,
+ }
+
+ php::fpm { "php-fpm-${item}":
+ series => $item,
+ ensure => $fpm,
+ }
}
- php::fpm { "php-fpm-${series}":
+ class { 'php::apc':
series => $series,
- ensure => $fpm,
+ ensure => $apc,
}
}
--- /dev/null
+class php::packages {
+ package { [ 'php', 'php-imagick', 'php-mysql', 'php-sqlite3', 'php-gd', 'php-curl' ]:
+ ensure => installed,
+ require => File['/etc/apt/sources.list.d/php.list'],
+ }
+}
--- /dev/null
+class php::params {
+ $version7 = '7.2'
+ $version5 = $::lsbdistcodename ? {
+ 'xenial' => '5.6',
+ 'trusty' => '5.6',
+ 'stretch' => '5.6',
+ default => '5',
+ }
+}
}
}
- $version = $::lsbdistcodename ? {
- 'xenial' => '5.6',
- 'trusty' => '5.6',
- 'stretch' => '5.6',
- default => '5',
- }
-
- $folder = $::lsbdistcodename ? {
+ $version = $::php::params::version5
+ $folder = $::lsbdistcodename ? {
'xenial' => "/etc/php/${version}",
'trusty' => "/etc/php/${version}",
'stretch' => "/etc/php/${version}",
}
# The needed apache modules
- if $manage_mod_php == true {
+ if $manage_mod_php == '5' {
+ $version7 = $::php::params::version7
+
apache::module { "php${version}":
ensure => present,
require => Package["libapache2-mod-php${version}"],
}
+
+ apache::module { "php${version7}":
+ ensure => absent,
+ require => Package["libapache2-mod-php${version}"],
+ }
}
}
class php::series5::defaults {
php::config {
- 'error_reporting' : value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
- 'post_max_size' : value => '100M';
- 'upload_max_filesize' : value => '100M';
+ 'error_reporting_5' : param => 'error_reporting', series => '5', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+ 'post_max_size_5' : param => 'post_max_size', series => '5', value => '100M';
+ 'upload_max_filesize_5' : param => 'upload_max_filezise', series => '5', value => '100M';
}
}
class php::series5::hardened {
+ $fpm = $::php::fpm
+ $disable_functions = 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'
+ #$disable_functions = 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec',
+
+ if $fpm == 'present' {
+ php::config {
+ 'allow_url_fopen_5_fpm' : param => 'allow_url_fopen', sapi => 'fpm', value => 'Off';
+ 'allow_url_include_5_fpm' : param => 'allow_url_include', sapi => 'fpm', value => 'Off';
+ 'disable_functions_5_fpm' : param => 'disable_functions', sapi => 'fpm', value => $disable_functions;
+ }
+ }
+
php::config {
'allow_url_fopen' : value => 'Off';
'allow_url_include' : value => 'Off';
- 'disable_functions' : value => 'phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec';
- #value => 'disable_functions = phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec',
+ 'disable_functions' : value => $disable_functions;
}
}
-class php::series5::packages {
+class php::series5::packages inherits php::packages {
+ $version = $::php::params::version5
+
# The needed packages: we could also try libapache2-mod-php5.6filter
package { 'php5':
- name => 'php5.6',
+ name => "php${version}",
require => File['/etc/apt/sources.list.d/php.list'],
}
package { 'php5-cli':
- name => 'php5.6-cli',
+ name => "php${version}-cli",
require => File['/etc/apt/sources.list.d/php.list'],
}
- package { [ 'php5.6-mysql', 'php5.6-sqlite3', 'php5.6-curl', 'php5.6-gmp', 'libapache2-mod-php5.6' ]:
+ package { [ "php${version}-mysql", "php${version}-sqlite3", "php${version}-curl", "php${version}-gmp", "libapache2-mod-php${version}" ]:
ensure => installed,
require => File['/etc/apt/sources.list.d/php.list'],
}
# Optional packages
- package { [ "php5.6-gd", "php-imagick", "php5.6-xml", "php5.6-mbstring" ]:
+ package { [ "php${version}-gd", "php${version}-xml", "php${version}-mbstring" ]:
ensure => installed,
require => File['/etc/apt/sources.list.d/php.list'],
}
# Not available anymore
- package { 'php5.6-suhosin':
+ package { 'php${version}-suhosin':
ensure => absent,
require => File['/etc/apt/sources.list.d/php.list'],
}
}
# Default alternative
- file { "/etc/alternatives/php":
- ensure => "/usr/bin/php5.6",
- owner => root,
- group => root,
- require => Package['php5'],
+ if $::php::default_cli == '5' {
+ file { "/etc/alternatives/php":
+ ensure => "/usr/bin/php${version}",
+ owner => root,
+ group => root,
+ require => Package['php5-cli'],
+ }
}
}
}
}
- $version = '7.2'
+ $version = $::php::params::version7
$folder = "/etc/php/${version}"
include php::series7::packages
}
# The needed apache modules
- if $manage_mod_php == true {
+ if $manage_mod_php == '7' {
+ $version5 = $::php::params::version5
+
apache::module { "php${version}":
ensure => present,
require => Package["libapache2-mod-php${version}"],
}
+
+ apache::module { "php${version5}":
+ ensure => absent,
+ require => Package["libapache2-mod-php${version}"],
+ }
}
file { [ "${folder}", "${folder}/cli", "${folder}/apache2", "${folder}/cli/conf.d", "${folder}/apache2/conf.d" ]:
class php::series7::defaults {
php::config {
- 'error_reporting' : series => '7', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
- 'post_max_size' : series => '7', value => '100M';
- 'upload_max_filesize' : series => '7', value => '100M';
+ 'error_reporting_7' : param => 'error_reporting', series => '7', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+ 'post_max_size_7' : param => 'post_max_size', series => '7', value => '100M';
+ 'upload_max_filesize_7' : param => 'upload_max_filezise', series => '7', value => '100M';
}
}
class php::series7::hardened {
$fpm = $::php::fpm
$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'
- # $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec'
+ #$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec'
if $fpm == 'present' {
php::config {
- 'allow_url_fopen' : series => '7', sapi => 'fpm', value => 'Off';
- 'allow_url_include' : series => '7', sapi => 'fpm', value => 'Off';
- 'disable_functions' : series => '7', sapi => 'fpm', value => $disable_functions;
+ 'allow_url_fopen_7_fpm' : param => 'allow_url_fopen', series => '7', sapi => 'fpm', value => 'Off';
+ 'allow_url_include_7_fpm' : param => 'allow_url_include', series => '7', sapi => 'fpm', value => 'Off';
+ 'disable_functions_7_fpm' : param => 'disable_functions', series => '7', sapi => 'fpm', value => $disable_functions;
}
}
- else {
- php::config {
- 'allow_url_fopen' : series => '7', value => 'Off';
- 'allow_url_include' : series => '7', value => 'Off';
- 'disable_functions' : series => '7', value => $disable_functions;
- }
+
+ php::config {
+ 'allow_url_fopen_7' : param => 'allow_url_fopen', series => '7', value => 'Off';
+ 'allow_url_include_7' : param => 'allow_url_include', series => '7', value => 'Off';
+ 'disable_functions_7' : param => 'disable_functions', series => '7', value => $disable_functions;
}
}
-class php::series7::packages {
- $version = $::php::series7::version
+class php::series7::packages inherits php::packages {
+ $version = $::php::params::version7
- package { [ 'php', 'php-mysql', "php${version}-mysql", 'php-sqlite3', 'php-cli', 'php-curl', "php${version}-curl", 'php-gmp', "libapache2-mod-php${version}" ]:
+ package { [ "php${version}-common", "php${version}-mysql", "php${version}-cli", "php${version}-curl", 'php-gmp', "libapache2-mod-php${version}" ]:
ensure => installed,
}
# Optional packages
- package { [ "php-gd", "php${version}-gd", "php-imagick" ]:
+ package { [ "php${version}-gd" ]:
ensure => installed,
}
+
+ # Default alternative
+ if $::php::default_cli == '7' {
+ file { "/etc/alternatives/php":
+ ensure => "/usr/bin/php${version}",
+ owner => root,
+ group => root,
+ require => Package["php${version}-cli"],
+ }
+ }
}
projects / puppet-php.git / commitdiff