$fpm = $::php::fpm
$version5 = $::php::params::version5
$version7 = $::php::params::version7
+ $version8 = $::php::params::version8
$series = $::php::series
$services_version_5 = regsubst($series, '^5$', $version5)
$services_version_7 = regsubst($services_version_5, '^7$', $version7)
- $services_name = regsubst($services_version_7, '^', 'php')
+ $services_version_8 = regsubst($services_version_7, '^8$', $version8)
+ $services_name = regsubst($services_version_8, '^', 'php')
$services = regsubst($services_name, '$', '-fpm')
package { [ 'php-apcu', 'php-apcu-bc' ]:
-define php::config($series = '5', $order = '20', $param = $name, $value, $ensure = 'present', $sapi = 'apache2') {
+define php::config($series = '8', $order = '20', $param = $name, $value, $ensure = 'present', $sapi = 'apache2') {
if $series == '5' {
$version = $::php::series5::version
$folder = $::php::series5::folder
}
- else {
+ elsif $series == '7' {
$version = $::php::series7::version
$folder = $::php::series7::folder
}
+ else {
+ $version = $::php::series8::version
+ $folder = $::php::series8::folder
+ }
file { "${folder}/${sapi}/conf.d/${order}-${param}.ini":
ensure => $ensure,
$version = $::php::params::version5
$folder = $::php::series5::folder
}
- else {
+ elsif $series == '7' {
$version = $::php::params::version7
$folder = $::php::series7::folder
}
+ else {
+ $version = $::php::params::version8
+ $folder = $::php::series8::folder
+ }
package { "php${version}-fpm":
ensure => $ensure,
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class php(
- $series = [ '5', '7' ],
+ $series = [ '5', '7', '8' ],
$hardened = true,
$apc = absent,
$fpm = absent,
$manage_mod_php = false,
- $default_cli = '7'
+ $default_cli = '8'
) {
include php::params
class php::params {
+ $version8 = $::lsbdistcodename ? {
+ 'bookworm' => '8.3',
+ default => '8.3',
+ }
+
+ $version8_previous = $::lsbdistcodename ? {
+ 'bookworm' => [ '8.2', '8.1', '8.0' ],
+ default => [ '8.2', '8.1', '8.0' ],
+ }
+
$version7 = $::lsbdistcodename ? {
+ 'bookworm' => '7.4',
'bullseye' => '7.4',
'buster' => '7.4',
'stretch' => '7.4',
}
$version7_previous = $::lsbdistcodename ? {
+ 'bookworm' => [ '7.3', '7.2', '7.1', '7.0' ],
'bullseye' => [ '7.3', '7.2', '7.1', '7.0' ],
'buster' => [ '7.3', '7.2', '7.1', '7.0' ],
'stretch' => [ '7.3', '7.2', '7.1', '7.0' ],
# The needed apache modules
if $manage_mod_php == '5' {
$version7 = $::php::params::version7
+ $version8 = $::php::params::version8
apache::module { "php${version}":
ensure => present,
require => Package["libapache2-mod-php${version}"],
}
- apache::module { "php8.0":
+ apache::module { "php${version8}":
ensure => absent,
require => Package["libapache2-mod-php${version}"],
}
# The right apache module
if $manage_mod_php == '7' {
$version5 = $::php::params::version5
+ $version8 = $::php::params::version8
$::php::params::version7_previous.each |$item| {
apache::module { "php${item}":
require => Package["libapache2-mod-php${version}"],
}
- apache::module { "php8.0":
+ apache::module { "php${version8}":
ensure => absent,
require => Package["libapache2-mod-php${version}"],
}
--- /dev/null
+class php::series8(
+ $hardened = true,
+ $manage_mod_php = false,
+) {
+ case $::lsbdistcodename {
+ 'xenial': {
+ include php::ppa
+ }
+ 'trusty': {
+ include php::ppa
+ }
+ 'bookworm': {
+ include php::dpa
+ }
+ 'bullseye': {
+ include php::dpa
+ }
+ 'stretch': {
+ include php::dpa
+ }
+ 'buster': {
+ include php::dpa
+ }
+ }
+
+ $version = $::php::params::version8
+ $folder = "/etc/php/${version}"
+
+ include php::series8::packages
+ include php::resources
+ include php::series8::defaults
+
+ if $hardened == true {
+ include php::series8::hardened
+ }
+
+ # The right apache module
+ if $manage_mod_php == '8' {
+ $version5 = $::php::params::version5
+ $version7 = $::php::params::version7
+
+ $::php::params::version7_previous.each |$item| {
+ apache::module { "php${item}":
+ ensure => absent,
+ }
+ }
+
+ $::php::params::version8_previous.each |$item| {
+ apache::module { "php${item}":
+ ensure => absent,
+ }
+ }
+
+ apache::module { "php${version5}":
+ ensure => absent,
+ require => Package["libapache2-mod-php${version}"],
+ }
+
+ apache::module { "php${version7}":
+ ensure => absent,
+ require => Package["libapache2-mod-php${version}"],
+ }
+
+ apache::module { "php${version}":
+ ensure => present,
+ require => Package["libapache2-mod-php${version}"],
+ }
+ }
+
+ file { [ "${folder}", "${folder}/cli", "${folder}/apache2", "${folder}/cli/conf.d", "${folder}/apache2/conf.d" ]:
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => '0755',
+ require => Package['php'],
+ }
+}
--- /dev/null
+class php::series8::defaults {
+ php::config {
+ 'error_reporting_8' : param => 'error_reporting', series => '8', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+ 'post_max_size_8' : param => 'post_max_size', series => '8', value => '100M';
+ 'upload_max_filesize_8' : param => 'upload_max_filesize', series => '8', value => '100M';
+ }
+}
--- /dev/null
+class php::series8::hardened {
+ $fpm = $::php::fpm
+ $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'
+ #$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec'
+
+ if $fpm == 'present' {
+ php::config {
+ 'allow_url_fopen_8_fpm' : param => 'allow_url_fopen', series => '8', sapi => 'fpm', value => 'Off';
+ 'allow_url_include_8_fpm' : param => 'allow_url_include', series => '8', sapi => 'fpm', value => 'Off';
+ 'disable_functions_8_fpm' : param => 'disable_functions', series => '8', sapi => 'fpm', value => $disable_functions;
+ }
+ }
+
+ php::config {
+ 'allow_url_fopen_8' : param => 'allow_url_fopen', series => '8', value => 'Off';
+ 'allow_url_include_8' : param => 'allow_url_include', series => '8', value => 'Off';
+ 'disable_functions_8' : param => 'disable_functions', series => '8', value => $disable_functions;
+ }
+}
--- /dev/null
+class php::series8::packages inherits php::packages {
+ $version = $::php::params::version8
+
+ package { [ "php${version}-common", "php${version}-mysql", "php${version}-cli", "php${version}-curl", "php${version}-gmp", "php${version}-xml", "php${version}-mbstring", "libapache2-mod-php${version}" ]:
+ ensure => installed,
+ require => File['/etc/apt/sources.list.d/php.list'],
+ }
+
+ # Optional packages
+ package { [ "php${version}-gd" ]:
+ ensure => installed,
+ require => File['/etc/apt/sources.list.d/php.list'],
+ }
+
+ # Default alternative
+ if $::php::default_cli == '8' {
+ file { "/etc/alternatives/php":
+ ensure => "/usr/bin/php${version}",
+ owner => root,
+ group => root,
+ require => Package["php${version}-cli"],
+ }
+ }
+}
projects / puppet-php.git / commitdiff