nbz4live / ansible-php-fpm Goto Github PK

Thank you for creating this open source library. There have been some merges (#35) which are not available in the latest tag. Could you create a new tag?

This is due to the default php_fpm_apt_packages specifying php5-fpm, which is not available on the later versions of Ubuntu. The packages are now available as php-fpm, which then includes php7 dependencies. The same (the 5 is dropped) applies to other packages such as php-cli.

There are a variety of changes required to accommodate php7 - several paths have changed too. It may make sense to add a var to specify whether v5 or v7 should be installed.

Hello,

I had an error while executing the install task for debian jessie.

It works when I use

- name: Add DEB repository (Debian)
  apt_repository: repo='deb https://packages.sury.org/php/ jessie main' state=present filename='ondrej'

instead of stable main .

We also have to get the repo key, as mentioned in the README file : https://packages.sury.org/php/README.txt

is it an issue or do I miss something ?

thanks

This role cannot be installed with default settings on servers with 1 virtual CPU.
regression in wiredcraft-ops@617b52b where

• pm.max_children is set based on server vcpus
• pm.max_spare_servers is kept 3

thus when vcpu = 1, max_children is 2, but max_spare is 3
logically PHP FPM does not allow setting max_spare > max_children

either wiredcraft-ops@617b52b should be reverted or default max_spare should be set to 2

@NBZ4live what do you prefer?

ansible galaxy installs 0.2.6 version. please update

sudo ansible-galaxy install nbz4live.php-fpm

• downloading role 'php-fpm', owned by nbz4live
• downloading role from https://github.com/NBZ4live/ansible-php-fpm/archive/0.2.6.tar.gz
• extracting nbz4live.php-fpm to /etc/ansible/roles/nbz4live.php-fpm
• nbz4live.php-fpm was installed successfully

Hey
Thank you for your role
Can you make a new release after the merge of #12 ?

Should be able to configure these three directives:

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Without them socket is created from root which causes the error:

*12 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream

Seems you've changed a number of things since the version that's on Galaxy, so maybe updating the release on Galaxy would be good. The documentation on the repo doesn't match what's on Galaxy at the moment, which is a bit disorienting.

In file templates/pool.conf.j2,
the line {% for directive, value in ((php_fpm_pool_defaults|default(dict())).items() + item.items()) if directive != "name" %} is invalid: dict().items() is not a list anymore, it's an iterator.

Maybe you should replace it by something like {% for directive, value in ((php_fpm_pool_defaults|default(dict()).items()|list) + (item.items()|list)) if directive != "name" %}

I have an error: failed: [findyourdressnew] (item=[u'php_fpm_apt_packages']) => {"failed": true, "item": ["php_fpm_apt_packages"], "msg": "No package matching 'php_fpm_apt_packages' is available"}

My playbook for this role:

    - role: nbz4live.php-fpm
      php_fpm_apt_packages:
        - php5-fpm
        - php5-cli
        - php5-imagick
        - php5-memcached
        - php5-gd
        - php5-intl
        - php5-mysql
        - php5-curl
        - php-apc
        - php5-dev
        - php-pear

We have about 200 Servers and some should have multiple PHP-versions for different webspaces.

That should be implemented in a Role. How can i do that?

I thought about this structure in the host_vars

webspaces:
  - name: web1
    password: "{{ vault_ssh_web1_password }}"
    php: 5.6
    php_ini:
      - 'memory_limit: 128M'
  - name: web2
    password: "{{ vault_ssh_web2_password }}"
    php: 7.0

and this in the Role webspace

- name: create PHP 7.0 FPM Pools
  debug: msg="{{ item.name }}"
  when: "item.php == 7.0"
  with_items: "{{ webspaces }}"

- name: create PHP 5.6 FPM Pools
  debug: msg="{{ item.name }}"
  when: "item.php == 5.6"
  with_items: "{{ webspaces }}"

but you can't use with_items with roles (ansible/ansible#12623 (comment))

If it isn't, everything after it will be parsed as part of what is above it.

That's bad design in php-fpm, but in the meantime this breaks the php-fpm.conf check every time something is added to it that wasn't present before the include.

Here's an ugly but working workaround:

- name: Copy the FPM configuration file
  ini_file: dest={{ php_fpm_conf }} section="{{ item.section }}" option="{{ item.option }}" value="{{ item.value }}" backup=yes
  with_items: fpm_config
  tags: [configuration,php,fpm]

- name: Delete the include line from the ini file
  ini_file: dest={{ php_fpm_conf }} section=global option=include backup=no state=absent
  with_items: fpm_config
  tags: [configuration,php,fpm]

- name: Readd the include line from the ini file
  ini_file: dest={{ php_fpm_conf }} section=global option=include backup=no state=present value="/etc/php5/fpm/pool.d/*"
  with_items: fpm_config
  notify: 
   - restart php-fpm
  tags: [configuration,php,fpm]

something like php_cli_ini

we need to set memory_limit = -1

or is that out of scope of this role? should i use an additional role just for that?

it would be nice if you could merge the initial "environment" and the variables you want to set instead of a hard overwrite

https://github.com/NBZ4live/ansible-php-fpm/blob/master/tasks/main.yml#L13

This should work with "{{ foo + bar}}", i did not yet have the time to create a fix or PR... :(

Can you define apt_packages variable in default instead of vars so it can be overrided.
Thanks

Hi,

I'm trying to deploy PHP-FPM custom configuration, however it only deploy the default one. I'd like to override it with custom setting like this:

- name: web
  hosts: web
  user: root
  roles:
    - role: nbz4live.php-fpm
      php_fpm_pools:
        - name: www
          user: www-data
          group: www-data
          listen: "{{fpm_sock_path}}"
          listen.mode: 0660
          pm: dynamic
          pm.max_children: 75
          pm.start_servers: 10
          pm.min_spare_servers: 5
          pm.max_spare_servers: 30
          pm.max_requests: 500
          pm.status_path: /fpm_status
          chdir: /
          slowlog: /var/log/php5-fpm.log.slow
          request_slowlog_timeout: 1s
      php_fpm_ini:
        - option: "date.timezone"
          section: "PHP"
          value: "{{timezone}}"
      php_fpm_default_pool:
        delete: yes
        name: www.conf

However, it's always the default configuration which is called. Here is what I got:

 vagrant provision web1
==> web1: Running provisioner: ansible...

PLAY [web] ******************************************************************** 

GATHERING FACTS *************************************************************** 
ok: [web1]

TASK: [nbz4live.php-fpm | Install the php packages] *************************** 
ok: [web1] => (item=php5-cli,php5-fpm)

TASK: [nbz4live.php-fpm | Copy the PHP configuration file] ******************** 
ok: [web1] => (item={'section': 'PHP', 'option': 'engine', 'value': '1'})
ok: [web1] => (item={'section': 'PHP', 'option': 'error_reporting', 'value': 'E_ALL & ~E_DEPRECATED & ~E_STRICT'})
ok: [web1] => (item={'section': 'ldap', 'option': 'ldap.max_links', 'value': '1'})

TASK: [nbz4live.php-fpm | Copy the FPM configuration file] ******************** 
ok: [web1] => (item={'section': 'global', 'option': 'error_log', 'value': '/var/log/php5-fpm.log'})

TASK: [nbz4live.php-fpm | Delete the default POOL configuration file] ********* 
ok: [web1]

TASK: [nbz4live.php-fpm | Copy the POOL configurations] *********************** 
ok: [web1] => (item={'pool': {'name': 'foo', 'vars': ['user = www-data', 'group = www-data', 'listen = 8000', 'pm = dynamic', 'pm.max_children = 5', 'pm.start_servers = 2', 'pm.min_spare_servers = 1', 'pm.max_spare_servers = 3', 'chdir = /']}})

TASK: [nbz4live.php-fpm | Check php-fpm syntax of configuration files] ******** 
ok: [web1]

TASK: [nbz4live.php-fpm | Start the php5-fpm service] ************************* 
ok: [web1]

PLAY RECAP ******************************************************************** 
web1                       : ok=8    changed=0    unreachable=0    failed=0   

The foo pool configuration is deployed, but not my www one. I tried to change www name without success.

Any idea on what I missed ?

Thanks

Maybe use the actual php_fpm_service_name in the task description ?
It is weird when you're using php 7 and you see that task name.