From 468836d51ea5ee84e94bf203dd0a599ada551c19 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Jun 2021 16:01:53 -0400 Subject: [PATCH] Cleanup of PHP 7.x & 8.0 dependencies --- roles/1-prep/README.rst | 13 ++++++-- roles/3-base-server/README.rst | 4 +-- roles/3-base-server/tasks/main.yml | 2 +- roles/httpd/tasks/install.yml | 5 ++- roles/mediawiki/tasks/install.yml | 6 ++-- roles/moodle/tasks/install.yml | 17 +++++----- roles/mysql/tasks/install.yml | 5 +-- roles/nextcloud/tasks/install.yml | 31 ++++++++++-------- roles/nextcloud/tasks/nginx.yml | 2 +- roles/nginx/tasks/install.yml | 6 ++-- roles/osm-vector-maps/tasks/install.yml | 3 +- roles/pbx/tasks/freepbx_dependencies.yml | 41 +++++++++++++++--------- roles/www_base/tasks/main.yml | 40 +++++++++++------------ roles/www_options/tasks/main.yml | 4 +-- 14 files changed, 102 insertions(+), 77 deletions(-) diff --git a/roles/1-prep/README.rst b/roles/1-prep/README.rst index e6dec28f7..c0197797a 100644 --- a/roles/1-prep/README.rst +++ b/roles/1-prep/README.rst @@ -2,7 +2,14 @@ 1-prep README ============= -This 1st stage is primarily hardware-focused, prior to OS additions/mods. +This 1st stage is primarily hardware-focused, prior to OS +additions/mods, but also includes critical pieces sometimes needed for +remote support: -Traditionally it included preliminaries like hostname and things specific to a -particular platform, such as the XO laptop, done before the bulk of the install. +- SSH +- Administrator security (username iiab-admin by default) +- OpenVPN software if/as needed later for remote support + +Traditionally it included preliminaries like hostname and things +specific to a particular platform, such as the XO laptop, done before +the bulk of the install. diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 4c8afe1c9..7fbea8b2b 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -4,9 +4,9 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, including: -- the web server (Apache for now, possibly NGINX in future) -- administrator security (username iiab-admin by default) - MySQL (the database underlying many/most user-facing apps) +- NGINX web server (with Apache in some lingering cases) +- *PHP core packages are installed by the above 2 roles e.g. ``php{{ php_version }}-common``, ``php{{ php_version }}-cli``, ``php{{ php_version }}-fpm``, ``php{{ php_version }}-mysql``* 4-server-options follows with more diverse/optional server infra functionality. diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index b95c0c40b..8d8453233 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,7 +3,7 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: MYSQL +- name: MYSQL + PHP CORE include_role: name: mysql #when: mysql_install diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index d0ccbb079..04df3f7bf 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -1,14 +1,13 @@ -- name: 'Install 4 packages: apache2, libapache2-mod-php{{ php_version }}, php{{ php_version }}, php{{ php_version }}-curl' +- name: 'Install 2 packages: {{ apache_service }}, libapache2-mod-php{{ php_version }}' package: #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings) #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS? name: - "{{ apache_service }}" # apache2 on Debuntu - - "libapache2-mod-php{{ php_version }}" # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" + - libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" # - "php{{ php_version }}" # - "php{{ php_version }}-curl" state: present - when: is_debuntu # when: is_debian # - name: 'Install 2 packages: apache2, php (ubuntu)' diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 7ad520fce..26efe977b 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,8 +1,10 @@ - name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring' package: name: - - "php{{ php_version }}-intl" - - "php{{ php_version }}-mbstring" + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-intl + - php{{ php_version }}-mbstring + - php{{ php_version }}-xml # state: present - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }} diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 0d7a29d93..ace7dcde6 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -25,18 +25,19 @@ name: postgresql -- name: Install 6 PHP packages (run 'php -m' or 'php -i' to verify) +- name: Install libsodium23 + 7 PHP packages (run 'php -m' or 'php -i' to verify) package: name: - - php{{ php_version }}-pgsql - #- php{{ php_version }}-curl # 2021-06-25: ALREADY INSTALLED by www_base/tasks/main.yml - - php{{ php_version }}-zip - #- php{{ php_version }}-gd # 2021-06-25: ALREADY INSTALLED by www_base/tasks/main.yml - - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ - - php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common + #- php{{ php_version }}-common # Auto-installed as an apt dependency + #- php{{ php_version }}-cli # 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common + - php{{ php_version }}-curl # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml + - php{{ php_version }}-gd # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ + - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ + - php{{ php_version }}-pgsql - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - #- php-sodium # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"' + - libsodium23 # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- this can be auto-installed by phpX.Y-fpm or phpX.Y-cgi or phpX.Y-cli, according to 'apt rdepends libsodium23 | grep php' -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- GIVEN THE AMBIGUITY, PLEASE VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' + - php{{ php_version }}-zip # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml state: present - name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 5b4d3bc34..1b28b59d4 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -5,13 +5,14 @@ # - 7 DB config # - 2 record as installed -- name: 'Install MySQL packages: mariadb-server, mariadb-client (debuntu)' +- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql' package: name: - mariadb-server - mariadb-client + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-mysql state: present - when: is_debuntu # 2020-07-11: # 10 PHP package installs moved to roles/www_base/tasks/main.yml diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index b7e8c17ea..c09bbb67a 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -40,10 +40,11 @@ # var: php_new -# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- name: Install ffmpeg + libxml2 + 8 PHP packages (run 'php -m' or 'php -i' to verify) +# 2021-06-27: Use this after Nextcloud 22 is released "2021-07-06" : +# https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: #- dnsutils # NOT REQUESTED by Nextcloud @@ -52,13 +53,13 @@ #- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED? - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" - php{{ php_version }}-bz2 # Optional (for extraction of apps) - #- php{{ php_version }}-cli # Likely optional: @jvonau said this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 ? Certainly php{{ php_version }}-common is already installed by www_base/tasks/main.yml - #- php{{ php_version }}-curl # ALREADY INSTALLED by www_base/tasks/main.yml - #- php{{ php_version }}-gd # ALREADY INSTALLED by www_base/tasks/main.yml + #- php{{ php_version }}-common # Auto-installed as an apt dependency. @jvonau said php{{ php_version }}-cli drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 + - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml + - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) - - php{{ php_version }}-imagick # Optional (for preview generation) + - php-imagick # Optional (for preview generation). Drags in many deps (apt depends php-imagick). FYI php{{ php_version }}-imagick appears flawed: (1) 'apt depends php7.4-imagick' yields incomplete output; (2) Version-in-name package not available according to 'apt list "php*imagick"' - php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters) - #- php{{ php_version }}-json # Part of PHP 8.0+ core, so MOVED to stanza just below. + #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) - php{{ php_version }}-mbstring - php{{ php_version }}-mysql @@ -67,16 +68,20 @@ #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - #- php{{ php_version }}-xml # ALREADY INSTALLED by www_base/tasks/main.yml. NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) + - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml -- NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) + #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove - php{{ php_version }}-zip #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? state: present -- name: Install php{{ php_version }}-json if PHP < 8.0 - package: - name: php{{ php_version }}-json - state: present - when: php_version is version('8.0', '<') +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: Auto-installed by phpX.Y-fpm AND phpX.Y-cli in roles/3-base-server, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') # https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation #- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020) diff --git a/roles/nextcloud/tasks/nginx.yml b/roles/nextcloud/tasks/nginx.yml index 47a8868ed..a132b3249 100644 --- a/roles/nextcloud/tasks/nginx.yml +++ b/roles/nextcloud/tasks/nginx.yml @@ -16,4 +16,4 @@ state: restarted with_items: - nginx - - "php{{ php_version }}-fpm" + - php{{ php_version }}-fpm diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 3af0e435b..f06d0b8aa 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -5,12 +5,14 @@ ignore_errors: yes # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 -- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php-fpm, uwsgi, uwsgi-plugin-python3' +- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3 -- TEMPORARILY ALSO php-pear UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19' package: name: - libnginx-mod-http-subs-filter - nginx-extras - - php-fpm + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-fpm # Drags in php{{ php_version }}-cli + - php-pear # 2021-06-27: TEMPORARY, SEE 7 LINES ABOVE! - uwsgi - uwsgi-plugin-python3 state: present diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 132c3b189..4d6440081 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -175,7 +175,8 @@ state: present name: - python3-wget - - "php{{ php_version }}-sqlite3" + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-sqlite3 - python3-geojson - python3-pil diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index 52c7783ed..2a69e210b 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -8,23 +8,32 @@ - net-tools # required by FWConsole (command-line utility, that controls FreePBX) - cron # required by FreePBX UCP package (User Control Panel) - sox # required for CDR web-playback - - php + #- php{{ php_version }} # Drags in phpX.Y-cgi (already below!) + - php{{ php_version }}-bcmath + - php{{ php_version }}-cgi + #- php{{ php_version }}-common # Auto-installed as a dependency + - php{{ php_version }}-curl + - php{{ php_version }}-fpm + - php{{ php_version }}-gd + - php{{ php_version }}-imap + #- php{{ php_version }}-json # See stanza just below + #- php{{ php_version }}-gettext + - php{{ php_version }}-mbstring + - php{{ php_version }}-mysql - php-pear - - php-cgi - - php-common - - php-curl - - php-mbstring - - php-gd - - php-mysql -# - php-gettext - - php-bcmath - - php-zip - - php-xml - - php-imap - - php-json - - php-snmp - - php-fpm + - php{{ php_version }}-snmp + - php{{ php_version }}-xml + - php{{ php_version }}-zip - libapache2-mod-php -# - python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 + #- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 - libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user state: latest + +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: Auto-installed by phpX.Y-fpm AND phpX.Y-cli in roles/3-base-server, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 2d8a22f13..f911cd0c0 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,28 +1,26 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: Install 9 PHP packages (run 'php -m' or 'php -i' to verify) - package: - name: - # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - - php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache that was above. Or its superset php{{ php_version }}-cli if absolutely nec? - - php{{ php_version }}-curl # 2021-06-25: nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! - - php{{ php_version }}-gd # 2021-06-25: nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! - - php{{ php_version }}-imap - - php{{ php_version }}-ldap - - php{{ php_version }}-mysql - - php{{ php_version }}-odbc - - php-pear +# 2021-06-27: Antifragile roles can become less brittle by fully declaring +# their own dependencies (i.e. modularity, separation-of-concerns, +# encapsulation, compartmentalization, scope sanity, etc). +# +#- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify) +# package: +# name: + # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC + #- php{{ php_version }}-common # 2021-06-27: Experimentally remove. 2020-05-21: @jvonau suggests this to avoid Apache that was above. Or its superset php{{ php_version }}-cli if absolutely nec? + #- php{{ php_version }}-curl # 2021-06-27: Installed by nextcloud/tasks/install.yml & moodle/tasks/main.yml + #- php{{ php_version }}-gd # 2021-06-27: Installed by nextcloud/tasks/install.yml & moodle/tasks/main.yml + #- php{{ php_version }}-imap # 2021-06-27: Experimentally remove + #- php{{ php_version }}-ldap # 2021-06-27: Experimentally remove + #- php{{ php_version }}-mysql # 2021-06-27: Experimentally remove + #- php{{ php_version }}-odbc # 2021-06-27: Experimentally remove + #- php-pear # 2021-06-27: Experimentally remove # - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461. - - php{{ php_version }}-xml # 2021-06-25: nextcloud/tasks/install.yml used to install this (and might still benefit!) - #- php{{ php_version }}-xmlrpc # 2021-06-25: Experimentally moved just below, to figure out if/where IIAB still needs this with PHP 8.0+ - state: present - -- name: Install php{{ php_version }}-xmlrpc if PHP < 8.0 - package: - name: php{{ php_version }}-xmlrpc - state: present - when: php_version is version('8.0', '<') + #- php{{ php_version }}-xml # 2021-06-27: Installed by nextcloud/tasks/install.yml + #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove +# state: present - name: Using html.yml include_tasks: html.yml diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 7b4909b08..6ec8f61e4 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -54,7 +54,7 @@ - block: # 3-STANZA BLOCK BEGINS - # FYI roles/nginx has already installed package php-fpm, in 3-base-server + # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: @@ -95,7 +95,7 @@ - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: - name: "php{{ php_version }}-fpm" + name: php{{ php_version }}-fpm state: restarted when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 3-STANZA BLOCK ENDS