From: Tom Hughes Date: Mon, 18 May 2020 14:14:26 +0000 (+0000) Subject: Move common PHP setup logic to a new cookbook X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/60b19818712842f23e5039de2202f7ee45dbb614?hp=649c05666604a5f56b220a12c24cb152d56e3e91 Move common PHP setup logic to a new cookbook --- diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml index f62bc5d93..f7f64a45d 100644 --- a/.github/workflows/test-kitchen.yml +++ b/.github/workflows/test-kitchen.yml @@ -63,6 +63,9 @@ jobs: - osqa - otrs - passenger + - php + - php-apache + - php-fpm - piwik - planet - planet-current diff --git a/.kitchen.yml b/.kitchen.yml index f664702b6..20147d088 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -223,6 +223,15 @@ suites: - name: passenger run_list: - recipe[passenger::default] + - name: php + run_list: + - recipe[php::default] + - name: php-apache + run_list: + - recipe[php::apache] + - name: php-fpm + run_list: + - recipe[php::fpm] - name: piwik run_list: - recipe[piwik::default] diff --git a/cookbooks/dev/metadata.rb b/cookbooks/dev/metadata.rb index 766f3b5c6..0f689f52b 100644 --- a/cookbooks/dev/metadata.rb +++ b/cookbooks/dev/metadata.rb @@ -14,6 +14,7 @@ depends "memcached" depends "munin" depends "mysql" depends "nodejs" +depends "php" depends "postgresql" depends "python" depends "tools" diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb index 693abecf2..c3d70504c 100644 --- a/cookbooks/dev/recipes/default.rb +++ b/cookbooks/dev/recipes/default.rb @@ -28,16 +28,15 @@ include_recipe "memcached" include_recipe "munin" include_recipe "mysql" include_recipe "nodejs" +include_recipe "php" include_recipe "postgresql" include_recipe "python" package %w[ - php php-cgi php-cli php-curl php-db - php-fpm php-imagick php-mysql php-pear @@ -90,21 +89,12 @@ apache_module "wsgi" package "apache2-suexec-pristine" -service "php7.2-fpm" do - action [:enable, :start] +php_fpm "default" do + template "fpm-default.conf.erb" end -template "/etc/php/7.2/fpm/pool.d/default.conf" do - source "fpm-default.conf.erb" - owner "root" - group "root" - mode 0o644 - notifies :reload, "service[php7.2-fpm]" -end - -file "/etc/php/7.2/fpm/pool.d/www.conf" do +php_fpm "www" do action :delete - notifies :reload, "service[php7.2-fpm]" end directory "/srv/dev.openstreetmap.org" do @@ -163,13 +153,9 @@ search(:accounts, "*:*").each do |account| port = 7000 + account["uid"].to_i - template "/etc/php/7.2/fpm/pool.d/#{name}.conf" do - source "fpm.conf.erb" - owner "root" - group "root" - mode 0o644 + php_fpm name do + template "fpm.conf.erb" variables :user => name, :port => port - notifies :reload, "service[php7.2-fpm]" end ssl_certificate "#{name}.dev.openstreetmap.org" do diff --git a/cookbooks/dmca/attributes/default.rb b/cookbooks/dmca/attributes/default.rb deleted file mode 100644 index 56bdf2134..000000000 --- a/cookbooks/dmca/attributes/default.rb +++ /dev/null @@ -1,2 +0,0 @@ -# Use prefork as PHP is to dumb for anything else -override[:apache][:mpm] = "prefork" diff --git a/cookbooks/dmca/metadata.rb b/cookbooks/dmca/metadata.rb index 6b12e9822..987656295 100644 --- a/cookbooks/dmca/metadata.rb +++ b/cookbooks/dmca/metadata.rb @@ -7,3 +7,4 @@ description "Configure DMCA form" version "1.0.0" supports "ubuntu" depends "apache" +depends "php" diff --git a/cookbooks/dmca/recipes/default.rb b/cookbooks/dmca/recipes/default.rb index 652ae8cb8..c0bd959a6 100644 --- a/cookbooks/dmca/recipes/default.rb +++ b/cookbooks/dmca/recipes/default.rb @@ -18,8 +18,7 @@ # include_recipe "apache" - -apache_module "php7.2" +include_recipe "php::apache" directory "/srv/dmca.openstreetmap.org" do owner "root" diff --git a/cookbooks/donate/attributes/default.rb b/cookbooks/donate/attributes/default.rb index b41666c72..c6c3785d6 100644 --- a/cookbooks/donate/attributes/default.rb +++ b/cookbooks/donate/attributes/default.rb @@ -1,5 +1,2 @@ # Enable the "donate" role default[:accounts][:users][:donate][:status] = :role - -# Use prefork as PHP is to dumb for anything else -override[:apache][:mpm] = "prefork" diff --git a/cookbooks/donate/metadata.rb b/cookbooks/donate/metadata.rb index 645e74851..4c4649b1a 100644 --- a/cookbooks/donate/metadata.rb +++ b/cookbooks/donate/metadata.rb @@ -8,5 +8,6 @@ version "1.0.0" supports "ubuntu" depends "accounts" depends "apache" -depends "mysql" depends "git" +depends "mysql" +depends "php" diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb index 9ae3ebaa4..1c36bfb1e 100644 --- a/cookbooks/donate/recipes/default.rb +++ b/cookbooks/donate/recipes/default.rb @@ -19,19 +19,17 @@ include_recipe "accounts" include_recipe "apache" -include_recipe "mysql" include_recipe "git" +include_recipe "mysql" +include_recipe "php::apache" package %w[ - php php-cli php-curl php-mysql php-gd ] -apache_module "php7.2" - apache_module "headers" passwords = data_bag_item("donate", "passwords") diff --git a/cookbooks/forum/attributes/default.rb b/cookbooks/forum/attributes/default.rb index d6beb41d2..9f4114f80 100644 --- a/cookbooks/forum/attributes/default.rb +++ b/cookbooks/forum/attributes/default.rb @@ -1,5 +1,2 @@ # Enable the "forum" role default[:accounts][:users][:forum][:status] = :role - -# Use prefork as PHP is to dumb for anything else -override[:apache][:mpm] = "prefork" diff --git a/cookbooks/forum/metadata.rb b/cookbooks/forum/metadata.rb index edf2fac48..6721b1ca1 100644 --- a/cookbooks/forum/metadata.rb +++ b/cookbooks/forum/metadata.rb @@ -10,3 +10,4 @@ depends "accounts" depends "apache" depends "git" depends "mysql" +depends "php" diff --git a/cookbooks/forum/recipes/default.rb b/cookbooks/forum/recipes/default.rb index 1e5a4216f..5bc7da464 100644 --- a/cookbooks/forum/recipes/default.rb +++ b/cookbooks/forum/recipes/default.rb @@ -21,13 +21,13 @@ include_recipe "accounts" include_recipe "apache" include_recipe "git" include_recipe "mysql" +include_recipe "php::apache" cache_dir = Chef::Config[:file_cache_path] passwords = data_bag_item("forum", "passwords") package %w[ - php php-cli php-mysql php-xml @@ -35,7 +35,6 @@ package %w[ unzip ] -apache_module "php7.2" apache_module "rewrite" ssl_certificate "forum.openstreetmap.org" do diff --git a/cookbooks/mediawiki/attributes/default.rb b/cookbooks/mediawiki/attributes/default.rb index a7eab3291..221a4eb9a 100644 --- a/cookbooks/mediawiki/attributes/default.rb +++ b/cookbooks/mediawiki/attributes/default.rb @@ -4,9 +4,6 @@ default[:apt][:sources] = node[:apt][:sources] | ["mediawiki"] # Default to enabling the "wiki" role default[:accounts][:users][:wiki][:status] = :role -# Use prefork as PHP is to dumb for anything else -override[:apache][:mpm] = "prefork" - # Set mediawiki defaults default[:mediawiki][:user] = "wiki" default[:mediawiki][:group] = "wiki" diff --git a/cookbooks/mediawiki/metadata.rb b/cookbooks/mediawiki/metadata.rb index 03571ce4a..2c4ad74d0 100644 --- a/cookbooks/mediawiki/metadata.rb +++ b/cookbooks/mediawiki/metadata.rb @@ -12,3 +12,4 @@ depends "apt" depends "git" depends "memcached" depends "mysql" +depends "php" diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb index 4466250b9..f6cea2d26 100644 --- a/cookbooks/mediawiki/recipes/default.rb +++ b/cookbooks/mediawiki/recipes/default.rb @@ -23,10 +23,10 @@ include_recipe "apt" include_recipe "git" include_recipe "memcached" include_recipe "mysql" +include_recipe "php::apache" # Mediawiki Base Requirements package %w[ - php php-cli php-curl php-gd @@ -86,9 +86,7 @@ service "parsoid" do subscribes :restart, "template[/etc/mediawiki/parsoid/config.yaml]" end -apache_module "php7.2" - -link "/etc/php/7.2/apache2/conf.d/20-wikidiff2.ini" do +link "/etc/php/#{node[:php][:version]}/apache2/conf.d/20-wikidiff2.ini" do to "../../mods-available/wikidiff2.ini" end diff --git a/cookbooks/nominatim/metadata.rb b/cookbooks/nominatim/metadata.rb index 017bc0912..de51c87ca 100644 --- a/cookbooks/nominatim/metadata.rb +++ b/cookbooks/nominatim/metadata.rb @@ -11,6 +11,7 @@ depends "fail2ban" depends "git" depends "munin" depends "nginx" +depends "php" depends "postgresql" depends "python" depends "systemd" diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb index 46a03fc91..5e1f19d60 100644 --- a/cookbooks/nominatim/recipes/default.rb +++ b/cookbooks/nominatim/recipes/default.rb @@ -19,6 +19,7 @@ include_recipe "accounts" include_recipe "munin" +include_recipe "php::fpm" basedir = data_bag_item("accounts", "nominatim")["home"] email_errors = data_bag_item("accounts", "lonvia")["email"] @@ -167,8 +168,6 @@ package %w[ python3-pyosmium pyosmium python3-psycopg2 - php - php-fpm php-pgsql php-intl ] @@ -322,19 +321,10 @@ end end end -service "php7.2-fpm" do - action [:enable, :start] - supports :status => true, :restart => true, :reload => true -end - node[:nominatim][:fpm_pools].each do |name, data| - template "/etc/php/7.2/fpm/pool.d/#{name}.conf" do - source "fpm.conf.erb" - owner "root" - group "root" - mode 0o644 + php_fpm name do + template "fpm.conf.erb" variables data.merge(:name => name) - notifies :reload, "service[php7.2-fpm]" end end diff --git a/cookbooks/php/README.md b/cookbooks/php/README.md new file mode 100644 index 000000000..135c7db02 --- /dev/null +++ b/cookbooks/php/README.md @@ -0,0 +1,3 @@ +# PHP Cookbook + +Installs and configures PHP. diff --git a/cookbooks/php/attributes/default.rb b/cookbooks/php/attributes/default.rb new file mode 100644 index 000000000..ecc9c7c66 --- /dev/null +++ b/cookbooks/php/attributes/default.rb @@ -0,0 +1 @@ +default[:php][:version] = "7.2" diff --git a/cookbooks/php/metadata.rb b/cookbooks/php/metadata.rb new file mode 100644 index 000000000..cd084e851 --- /dev/null +++ b/cookbooks/php/metadata.rb @@ -0,0 +1,9 @@ +name "php" +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache-2.0" +description "Installs and configures PHP" + +version "1.0.0" +supports "ubuntu" +depends "apache" diff --git a/cookbooks/php/recipes/apache.rb b/cookbooks/php/recipes/apache.rb new file mode 100644 index 000000000..62cf24d66 --- /dev/null +++ b/cookbooks/php/recipes/apache.rb @@ -0,0 +1,25 @@ +# +# Cookbook:: php +# Recipe:: apache +# +# Copyright:: 2020, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +node.override[:apache][:mpm] = "prefork" + +include_recipe "php" +include_recipe "apache" + +apache_module "php#{node[:php][:version]}" diff --git a/cookbooks/php/recipes/default.rb b/cookbooks/php/recipes/default.rb new file mode 100644 index 000000000..b5962dd9f --- /dev/null +++ b/cookbooks/php/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Cookbook:: php +# Recipe:: default +# +# Copyright:: 2020, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "php" diff --git a/cookbooks/php/recipes/fpm.rb b/cookbooks/php/recipes/fpm.rb new file mode 100644 index 000000000..33baba2ab --- /dev/null +++ b/cookbooks/php/recipes/fpm.rb @@ -0,0 +1,26 @@ +# +# Cookbook:: php +# Recipe:: fpm +# +# Copyright:: 2020, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "php" + +package "php-fpm" + +service "php#{node[:php][:version]}-fpm" do + action [:enable, :start] +end diff --git a/cookbooks/php/resources/fpm.rb b/cookbooks/php/resources/fpm.rb new file mode 100644 index 000000000..0376af4a4 --- /dev/null +++ b/cookbooks/php/resources/fpm.rb @@ -0,0 +1,57 @@ +# +# Cookbook:: php +# Resource:: php_fpm +# +# Copyright:: 2020, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default_action :create + +property :pool, :kind_of => String, :name_property => true +property :cookbook, :kind_of => String +property :template, :kind_of => String, :required => true +property :variables, :kind_of => Hash, :default => {} +property :reload_fpm, :kind_of => [TrueClass, FalseClass], :default => true + +action :create do + declare_resource :template, conf_file do + cookbook new_resource.cookbook + source new_resource.template + owner "root" + group "root" + mode 0o644 + variables new_resource.variables + end +end + +action :delete do + file conf_file do + action :delete + end +end + +action_class do + def php_version + node[:php][:version] + end + + def conf_file + "/etc/php/#{php_version}/fpm/pool.d/#{new_resource.pool}.conf" + end +end + +def after_created + notifies :reload, "service[php#{node[:php][:version]}-fpm]" if reload_fpm +end diff --git a/cookbooks/piwik/attributes/default.rb b/cookbooks/piwik/attributes/default.rb index 9115878d1..e8366f229 100644 --- a/cookbooks/piwik/attributes/default.rb +++ b/cookbooks/piwik/attributes/default.rb @@ -11,5 +11,3 @@ default[:piwik][:plugins] = %w[ VisitFrequency VisitorInterest VisitsSummary VisitTime WebsiteMeasurable Widgetize ] - -override[:apache][:mpm] = "prefork" diff --git a/cookbooks/piwik/metadata.rb b/cookbooks/piwik/metadata.rb index b0f20ff08..54054e0e0 100644 --- a/cookbooks/piwik/metadata.rb +++ b/cookbooks/piwik/metadata.rb @@ -9,3 +9,4 @@ supports "ubuntu" depends "apache" depends "geoipupdate" depends "mysql" +depends "php" diff --git a/cookbooks/piwik/recipes/default.rb b/cookbooks/piwik/recipes/default.rb index 5317c3596..990e1c33e 100644 --- a/cookbooks/piwik/recipes/default.rb +++ b/cookbooks/piwik/recipes/default.rb @@ -20,11 +20,11 @@ include_recipe "apache" include_recipe "geoipupdate" include_recipe "mysql" +include_recipe "php::apache" passwords = data_bag_item("piwik", "passwords") package %w[ - php php-cli php-curl php-mbstring @@ -36,7 +36,6 @@ package %w[ ] apache_module "expires" -apache_module "php7.2" apache_module "rewrite" version = node[:piwik][:version] diff --git a/cookbooks/wordpress/attributes/default.rb b/cookbooks/wordpress/attributes/default.rb index 856c99696..9233459dc 100644 --- a/cookbooks/wordpress/attributes/default.rb +++ b/cookbooks/wordpress/attributes/default.rb @@ -1,9 +1,6 @@ # Enable the "wordpress" role default[:accounts][:users][:wordpress][:status] = :role -# Use prefork as PHP is to dumb for anything else -override[:apache][:mpm] = "prefork" - # Set wordpress defaults default[:wordpress][:user] = "wordpress" default[:wordpress][:group] = "wordpress" diff --git a/cookbooks/wordpress/metadata.rb b/cookbooks/wordpress/metadata.rb index 3ef2a0c9b..ae7816541 100644 --- a/cookbooks/wordpress/metadata.rb +++ b/cookbooks/wordpress/metadata.rb @@ -12,6 +12,7 @@ depends "chef" depends "fail2ban" depends "git" depends "mysql" +depends "php" depends "ssl" gem "httpclient" gem "php_serialize" diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb index 2ca2b240b..800d3c600 100644 --- a/cookbooks/wordpress/recipes/default.rb +++ b/cookbooks/wordpress/recipes/default.rb @@ -22,14 +22,13 @@ include_recipe "apache" include_recipe "fail2ban" include_recipe "git" include_recipe "mysql" +include_recipe "php::apache" package %w[ subversion - php php-mysql ] -apache_module "php7.2" apache_module "rewrite" fail2ban_filter "wordpress" do diff --git a/test/integration/php-apache/serverspec/apache_spec.rb b/test/integration/php-apache/serverspec/apache_spec.rb new file mode 100644 index 000000000..446d3b915 --- /dev/null +++ b/test/integration/php-apache/serverspec/apache_spec.rb @@ -0,0 +1,21 @@ +require "serverspec" + +# Required by serverspec +set :backend, :exec + +describe package("apache2") do + it { should be_installed } +end + +describe service("apache2") do + it { should be_enabled } + it { should be_running } +end + +describe port(80) do + it { should be_listening.with("tcp") } +end + +describe port(443) do + it { should be_listening.with("tcp") } +end