Move common PHP setup logic to a new cookbook
authorTom Hughes <tom@compton.nu>
Mon, 18 May 2020 14:14:26 +0000 (14:14 +0000)
committerTom Hughes <tom@compton.nu>
Mon, 18 May 2020 14:14:26 +0000 (14:14 +0000)
32 files changed:
.github/workflows/test-kitchen.yml
.kitchen.yml
cookbooks/dev/metadata.rb
cookbooks/dev/recipes/default.rb
cookbooks/dmca/attributes/default.rb [deleted file]
cookbooks/dmca/metadata.rb
cookbooks/dmca/recipes/default.rb
cookbooks/donate/attributes/default.rb
cookbooks/donate/metadata.rb
cookbooks/donate/recipes/default.rb
cookbooks/forum/attributes/default.rb
cookbooks/forum/metadata.rb
cookbooks/forum/recipes/default.rb
cookbooks/mediawiki/attributes/default.rb
cookbooks/mediawiki/metadata.rb
cookbooks/mediawiki/recipes/default.rb
cookbooks/nominatim/metadata.rb
cookbooks/nominatim/recipes/default.rb
cookbooks/php/README.md [new file with mode: 0644]
cookbooks/php/attributes/default.rb [new file with mode: 0644]
cookbooks/php/metadata.rb [new file with mode: 0644]
cookbooks/php/recipes/apache.rb [new file with mode: 0644]
cookbooks/php/recipes/default.rb [new file with mode: 0644]
cookbooks/php/recipes/fpm.rb [new file with mode: 0644]
cookbooks/php/resources/fpm.rb [new file with mode: 0644]
cookbooks/piwik/attributes/default.rb
cookbooks/piwik/metadata.rb
cookbooks/piwik/recipes/default.rb
cookbooks/wordpress/attributes/default.rb
cookbooks/wordpress/metadata.rb
cookbooks/wordpress/recipes/default.rb
test/integration/php-apache/serverspec/apache_spec.rb [new file with mode: 0644]

index f62bc5d9308b252b9a11cfe811dfcd126010d8ce..f7f64a45dd17007a0aa96b1725ac15bb8cc6a85b 100644 (file)
@@ -63,6 +63,9 @@ jobs:
           - osqa
           - otrs
           - passenger
+          - php
+          - php-apache
+          - php-fpm
           - piwik
           - planet
           - planet-current
index f664702b6608b38206d2dc1601ad75a703e08575..20147d088b8ba0073b13d44caa75bcae6cda457c 100644 (file)
@@ -223,6 +223,15 @@ suites:
   - name: passenger
     run_list:
       - recipe[passenger::default]
+  - name: php
+    run_list:
+      - recipe[php::default]
+  - name: php-apache
+    run_list:
+      - recipe[php::apache]
+  - name: php-fpm
+    run_list:
+      - recipe[php::fpm]
   - name: piwik
     run_list:
       - recipe[piwik::default]
index 766f3b5c6a95b5fa61bd393b79f21989df6a97f3..0f689f52bfa5cc4fbb619d06729a7a509a0dd715 100644 (file)
@@ -14,6 +14,7 @@ depends           "memcached"
 depends           "munin"
 depends           "mysql"
 depends           "nodejs"
+depends           "php"
 depends           "postgresql"
 depends           "python"
 depends           "tools"
index 693abecf2525a8a8bbf6b82a24f27d5e32d36eb0..c3d70504c742c9396c6c097281b4a0d620124acd 100644 (file)
@@ -28,16 +28,15 @@ include_recipe "memcached"
 include_recipe "munin"
 include_recipe "mysql"
 include_recipe "nodejs"
+include_recipe "php"
 include_recipe "postgresql"
 include_recipe "python"
 
 package %w[
-  php
   php-cgi
   php-cli
   php-curl
   php-db
-  php-fpm
   php-imagick
   php-mysql
   php-pear
@@ -90,21 +89,12 @@ apache_module "wsgi"
 
 package "apache2-suexec-pristine"
 
-service "php7.2-fpm" do
-  action [:enable, :start]
+php_fpm "default" do
+  template "fpm-default.conf.erb"
 end
 
-template "/etc/php/7.2/fpm/pool.d/default.conf" do
-  source "fpm-default.conf.erb"
-  owner "root"
-  group "root"
-  mode 0o644
-  notifies :reload, "service[php7.2-fpm]"
-end
-
-file "/etc/php/7.2/fpm/pool.d/www.conf" do
+php_fpm "www" do
   action :delete
-  notifies :reload, "service[php7.2-fpm]"
 end
 
 directory "/srv/dev.openstreetmap.org" do
@@ -163,13 +153,9 @@ search(:accounts, "*:*").each do |account|
 
   port = 7000 + account["uid"].to_i
 
-  template "/etc/php/7.2/fpm/pool.d/#{name}.conf" do
-    source "fpm.conf.erb"
-    owner "root"
-    group "root"
-    mode 0o644
+  php_fpm name do
+    template "fpm.conf.erb"
     variables :user => name, :port => port
-    notifies :reload, "service[php7.2-fpm]"
   end
 
   ssl_certificate "#{name}.dev.openstreetmap.org" do
diff --git a/cookbooks/dmca/attributes/default.rb b/cookbooks/dmca/attributes/default.rb
deleted file mode 100644 (file)
index 56bdf21..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-# Use prefork as PHP is to dumb for anything else
-override[:apache][:mpm] = "prefork"
index 6b12e982253a2d269ed003622ad9463e13f842ec..9876562950f7c88f5a86e600a6710b9e2ebea945 100644 (file)
@@ -7,3 +7,4 @@ description       "Configure DMCA form"
 version           "1.0.0"
 supports          "ubuntu"
 depends           "apache"
+depends           "php"
index 652ae8cb86dc4d8db6a9295be2b71f3acb5fff7f..c0bd959a630852b4dfe1f7a6ef38b74e34dc4dd4 100644 (file)
@@ -18,8 +18,7 @@
 #
 
 include_recipe "apache"
-
-apache_module "php7.2"
+include_recipe "php::apache"
 
 directory "/srv/dmca.openstreetmap.org" do
   owner "root"
index b41666c72f84b5c02b9dadc247d936c0a5dbd8e8..c6c3785d6db21f8446fdc2f5db9c975ea1ba56a2 100644 (file)
@@ -1,5 +1,2 @@
 # Enable the "donate" role
 default[:accounts][:users][:donate][:status] = :role
-
-# Use prefork as PHP is to dumb for anything else
-override[:apache][:mpm] = "prefork"
index 645e74851203b115c91c22b0572d6cdd9172e050..4c4649b1a065a93c72365c35e75aab9fe109b70f 100644 (file)
@@ -8,5 +8,6 @@ version           "1.0.0"
 supports          "ubuntu"
 depends           "accounts"
 depends           "apache"
-depends           "mysql"
 depends           "git"
+depends           "mysql"
+depends           "php"
index 9ae3ebaa461ec0cf4fb2fa6950ef3119f0b078bb..1c36bfb1e03025826bf9b18bc7c7f9631fe2fa5c 100644 (file)
 
 include_recipe "accounts"
 include_recipe "apache"
-include_recipe "mysql"
 include_recipe "git"
+include_recipe "mysql"
+include_recipe "php::apache"
 
 package %w[
-  php
   php-cli
   php-curl
   php-mysql
   php-gd
 ]
 
-apache_module "php7.2"
-
 apache_module "headers"
 
 passwords = data_bag_item("donate", "passwords")
index d6beb41d210351e01eeee8a5669d245d5e1cd9d7..9f4114f8099ff0627294de623cbb41dfd54ff8ab 100644 (file)
@@ -1,5 +1,2 @@
 # Enable the "forum" role
 default[:accounts][:users][:forum][:status] = :role
-
-# Use prefork as PHP is to dumb for anything else
-override[:apache][:mpm] = "prefork"
index edf2fac4812ef16f9c21ff2706aa9d9072cf7c04..6721b1ca1beedd0f5a27d4a04473619eb653bb1c 100644 (file)
@@ -10,3 +10,4 @@ depends           "accounts"
 depends           "apache"
 depends           "git"
 depends           "mysql"
+depends           "php"
index 1e5a4216fb80ee6b6329b3667f811f71b6a1037e..5bc7da4649b61630838e957ef6ca837caf9cacac 100644 (file)
@@ -21,13 +21,13 @@ include_recipe "accounts"
 include_recipe "apache"
 include_recipe "git"
 include_recipe "mysql"
+include_recipe "php::apache"
 
 cache_dir = Chef::Config[:file_cache_path]
 
 passwords = data_bag_item("forum", "passwords")
 
 package %w[
-  php
   php-cli
   php-mysql
   php-xml
@@ -35,7 +35,6 @@ package %w[
   unzip
 ]
 
-apache_module "php7.2"
 apache_module "rewrite"
 
 ssl_certificate "forum.openstreetmap.org" do
index a7eab32916e00ab7c96c7f064edf7615451e376b..221a4eb9a3fb0d65a0c57f202b67cf4f4a55af44 100644 (file)
@@ -4,9 +4,6 @@ default[:apt][:sources] = node[:apt][:sources] | ["mediawiki"]
 # Default to enabling the "wiki" role
 default[:accounts][:users][:wiki][:status] = :role
 
-# Use prefork as PHP is to dumb for anything else
-override[:apache][:mpm] = "prefork"
-
 # Set mediawiki defaults
 default[:mediawiki][:user] = "wiki"
 default[:mediawiki][:group] = "wiki"
index 03571ce4a91753fcc51f70497f537388dc126868..2c4ad74d080769d95e8fd703b0a0af7a93a791ca 100644 (file)
@@ -12,3 +12,4 @@ depends           "apt"
 depends           "git"
 depends           "memcached"
 depends           "mysql"
+depends           "php"
index 4466250b94836dd5d3ec865dc37848fb91437d74..f6cea2d269bdd4626972b21b36fb8f952ab7cafb 100644 (file)
@@ -23,10 +23,10 @@ include_recipe "apt"
 include_recipe "git"
 include_recipe "memcached"
 include_recipe "mysql"
+include_recipe "php::apache"
 
 # Mediawiki Base Requirements
 package %w[
-  php
   php-cli
   php-curl
   php-gd
@@ -86,9 +86,7 @@ service "parsoid" do
   subscribes :restart, "template[/etc/mediawiki/parsoid/config.yaml]"
 end
 
-apache_module "php7.2"
-
-link "/etc/php/7.2/apache2/conf.d/20-wikidiff2.ini" do
+link "/etc/php/#{node[:php][:version]}/apache2/conf.d/20-wikidiff2.ini" do
   to "../../mods-available/wikidiff2.ini"
 end
 
index 017bc0912b31664442c8701d267694f7eb525760..de51c87ca7feb78700a9cb5be27b2ab88dee772c 100644 (file)
@@ -11,6 +11,7 @@ depends           "fail2ban"
 depends           "git"
 depends           "munin"
 depends           "nginx"
+depends           "php"
 depends           "postgresql"
 depends           "python"
 depends           "systemd"
index 46a03fc9148ade9af1003d54adb77b82144389de..5e1f19d606cb72f97eb74bbe92926633528f2c36 100644 (file)
@@ -19,6 +19,7 @@
 
 include_recipe "accounts"
 include_recipe "munin"
+include_recipe "php::fpm"
 
 basedir = data_bag_item("accounts", "nominatim")["home"]
 email_errors = data_bag_item("accounts", "lonvia")["email"]
@@ -167,8 +168,6 @@ package %w[
   python3-pyosmium
   pyosmium
   python3-psycopg2
-  php
-  php-fpm
   php-pgsql
   php-intl
 ]
@@ -322,19 +321,10 @@ end
   end
 end
 
-service "php7.2-fpm" do
-  action [:enable, :start]
-  supports :status => true, :restart => true, :reload => true
-end
-
 node[:nominatim][:fpm_pools].each do |name, data|
-  template "/etc/php/7.2/fpm/pool.d/#{name}.conf" do
-    source "fpm.conf.erb"
-    owner "root"
-    group "root"
-    mode 0o644
+  php_fpm name do
+    template "fpm.conf.erb"
     variables data.merge(:name => name)
-    notifies :reload, "service[php7.2-fpm]"
   end
 end
 
diff --git a/cookbooks/php/README.md b/cookbooks/php/README.md
new file mode 100644 (file)
index 0000000..135c7db
--- /dev/null
@@ -0,0 +1,3 @@
+# PHP Cookbook
+
+Installs and configures PHP.
diff --git a/cookbooks/php/attributes/default.rb b/cookbooks/php/attributes/default.rb
new file mode 100644 (file)
index 0000000..ecc9c7c
--- /dev/null
@@ -0,0 +1 @@
+default[:php][:version] = "7.2"
diff --git a/cookbooks/php/metadata.rb b/cookbooks/php/metadata.rb
new file mode 100644 (file)
index 0000000..cd084e8
--- /dev/null
@@ -0,0 +1,9 @@
+name              "php"
+maintainer        "OpenStreetMap Administrators"
+maintainer_email  "admins@openstreetmap.org"
+license           "Apache-2.0"
+description       "Installs and configures PHP"
+
+version           "1.0.0"
+supports          "ubuntu"
+depends           "apache"
diff --git a/cookbooks/php/recipes/apache.rb b/cookbooks/php/recipes/apache.rb
new file mode 100644 (file)
index 0000000..62cf24d
--- /dev/null
@@ -0,0 +1,25 @@
+#
+# Cookbook:: php
+# Recipe:: apache
+#
+# Copyright:: 2020, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+node.override[:apache][:mpm] = "prefork"
+
+include_recipe "php"
+include_recipe "apache"
+
+apache_module "php#{node[:php][:version]}"
diff --git a/cookbooks/php/recipes/default.rb b/cookbooks/php/recipes/default.rb
new file mode 100644 (file)
index 0000000..b5962dd
--- /dev/null
@@ -0,0 +1,20 @@
+#
+# Cookbook:: php
+# Recipe:: default
+#
+# Copyright:: 2020, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package "php"
diff --git a/cookbooks/php/recipes/fpm.rb b/cookbooks/php/recipes/fpm.rb
new file mode 100644 (file)
index 0000000..33baba2
--- /dev/null
@@ -0,0 +1,26 @@
+#
+# Cookbook:: php
+# Recipe:: fpm
+#
+# Copyright:: 2020, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "php"
+
+package "php-fpm"
+
+service "php#{node[:php][:version]}-fpm" do
+  action [:enable, :start]
+end
diff --git a/cookbooks/php/resources/fpm.rb b/cookbooks/php/resources/fpm.rb
new file mode 100644 (file)
index 0000000..0376af4
--- /dev/null
@@ -0,0 +1,57 @@
+#
+# Cookbook:: php
+# Resource:: php_fpm
+#
+# Copyright:: 2020, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default_action :create
+
+property :pool, :kind_of => String, :name_property => true
+property :cookbook, :kind_of => String
+property :template, :kind_of => String, :required => true
+property :variables, :kind_of => Hash, :default => {}
+property :reload_fpm, :kind_of => [TrueClass, FalseClass], :default => true
+
+action :create do
+  declare_resource :template, conf_file do
+    cookbook new_resource.cookbook
+    source new_resource.template
+    owner "root"
+    group "root"
+    mode 0o644
+    variables new_resource.variables
+  end
+end
+
+action :delete do
+  file conf_file do
+    action :delete
+  end
+end
+
+action_class do
+  def php_version
+    node[:php][:version]
+  end
+
+  def conf_file
+    "/etc/php/#{php_version}/fpm/pool.d/#{new_resource.pool}.conf"
+  end
+end
+
+def after_created
+  notifies :reload, "service[php#{node[:php][:version]}-fpm]" if reload_fpm
+end
index 9115878d1634ed3cffc21bba2bbe496a95c8aef9..e8366f229a03a15a888dd6b5a34126010a2d7679 100644 (file)
@@ -11,5 +11,3 @@ default[:piwik][:plugins] = %w[
   VisitFrequency VisitorInterest VisitsSummary VisitTime WebsiteMeasurable
   Widgetize
 ]
-
-override[:apache][:mpm] = "prefork"
index b0f20ff08a4f4223cb5b232b4561068e8dff07aa..54054e0e071e0e34589ecb8870d64413098ffe56 100644 (file)
@@ -9,3 +9,4 @@ supports          "ubuntu"
 depends           "apache"
 depends           "geoipupdate"
 depends           "mysql"
+depends           "php"
index 5317c359610fd314cf8feb72d1f1fa99e850c767..990e1c33e84d85a997f13239518d740e30021b61 100644 (file)
 include_recipe "apache"
 include_recipe "geoipupdate"
 include_recipe "mysql"
+include_recipe "php::apache"
 
 passwords = data_bag_item("piwik", "passwords")
 
 package %w[
-  php
   php-cli
   php-curl
   php-mbstring
@@ -36,7 +36,6 @@ package %w[
 ]
 
 apache_module "expires"
-apache_module "php7.2"
 apache_module "rewrite"
 
 version = node[:piwik][:version]
index 856c9969667d93f2d2d3375c21d1e79366dacef0..9233459dcf346fb45148cb1829a9c09c5316ac28 100644 (file)
@@ -1,9 +1,6 @@
 # Enable the "wordpress" role
 default[:accounts][:users][:wordpress][:status] = :role
 
-# Use prefork as PHP is to dumb for anything else
-override[:apache][:mpm] = "prefork"
-
 # Set wordpress defaults
 default[:wordpress][:user] = "wordpress"
 default[:wordpress][:group] = "wordpress"
index 3ef2a0c9bb1b6c816f1d9fb53870c2c6582efdeb..ae7816541299744c616be3840a48b2fff69fe8dd 100644 (file)
@@ -12,6 +12,7 @@ depends           "chef"
 depends           "fail2ban"
 depends           "git"
 depends           "mysql"
+depends           "php"
 depends           "ssl"
 gem               "httpclient"
 gem               "php_serialize"
index 2ca2b240bacdc1f8f88a70f44e3bf4d233fe5f22..800d3c6004eb6106002854f5acdb9f83e1c3174a 100644 (file)
@@ -22,14 +22,13 @@ include_recipe "apache"
 include_recipe "fail2ban"
 include_recipe "git"
 include_recipe "mysql"
+include_recipe "php::apache"
 
 package %w[
   subversion
-  php
   php-mysql
 ]
 
-apache_module "php7.2"
 apache_module "rewrite"
 
 fail2ban_filter "wordpress" do
diff --git a/test/integration/php-apache/serverspec/apache_spec.rb b/test/integration/php-apache/serverspec/apache_spec.rb
new file mode 100644 (file)
index 0000000..446d3b9
--- /dev/null
@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end