From 6b242a0f9ae0ce6366da3e9c4cf08f89d2c345aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20B=C3=BCrki?= Date: Tue, 12 May 2026 19:01:34 +0200 Subject: [PATCH 1/3] feat(roles/php): update template for RedHat-based systems, Docs (partially finished) to allow for multiple PHP-FPM pools to be configured individually --- roles/php/README.md | 194 ++++++++++++++---- .../etc/php-fpm.d/RedHat-pool.conf.j2 | 65 ++++-- 2 files changed, 200 insertions(+), 59 deletions(-) diff --git a/roles/php/README.md b/roles/php/README.md index 27c71d2e..63f44bd3 100644 --- a/roles/php/README.md +++ b/roles/php/README.md @@ -84,42 +84,6 @@ This role never exposes to the world that PHP is installed on the server, no mat * Type: Bool. * Default: `true` -`php__fpm_pools__host_var` / `php__fpm_pools__group_var` - -* List of dictionaries containing PHP-FPM pools. -* For the usage in `host_vars` / `group_vars` (can only be used in one group at a time). -* Type: List of dictionaries. -* Default: `[]` -* Subkeys: - - * `name`: - - * Mandatory. The name of the pool. Will also be used as the filename and for logfiles. - * Type: String. - - * `state`: - - * Optional. State of the pool. Possible options: `absent`, `present`. - * Type: String. - * Default: `'present'` - - * `user`: - - * Optional. The Unix user running the pool processes. - * Type: String. - * Default: `'apache'` - - * `group`: - - * Optional. The Unix group running the pool processes. - * Type: String. - * Default: `'apache'` - - * `raw`: - - * Optional. Raw content which will be added to the end of the pool config. - * Type: String. - `php__modules__host_var` / `php__modules__group_var` * List of dictionaries containing additional PHP modules that should be installed via the standard package manager. @@ -341,7 +305,7 @@ php__ini_upload_max_filesize__host_var: '10000M' ### PHP-FPM Pool Config Directives -Variables for `php.ini` directives and their default values, defined and supported by this role. +Variables for PHP-FPM Pool Config directives and their default values, defined and supported by this role. `php__fpm_pool_conf_pm__group_var` / `php__fpm_pool_conf_pm__host_var` @@ -385,32 +349,180 @@ Variables for `php.ini` directives and their default values, defined and support * Type: Number. * Default: `0` -`php__fpm_pools__group_var` / `php__fpm_pools__host_var` +`php__fpm_pools__host_var` / `php__fpm_pools__group_var` -* List defining pool configuration. +* List of dictionaries containing PHP-FPM pools. +* For the usage in `host_vars` / `group_vars` (can only be used in one group at a time). * Type: List of dictionaries. -* Default: `name: 'www'` `user: 'apache'` `group: 'apache'` +* Default: `[]` * Subkeys: * `name`: - * Mandatory. Pool name. + * Mandatory. The name of the pool. Will also be used as the filename and for logfiles. * Type: String. + * `state`: + + * Optional. State of the pool. Possible options: `absent`, `present`. + * Type: String. + * Default: `'present'` + * `user`: * Optional. The Unix user running the pool processes. * Type: String. + * Default: `'apache'` * `group`: * Optional. The Unix group running the pool processes. * Type: String. + * Default: `'apache'` + + * `pm`: + + * Optional. Choose how the process manager will control the number of child processes. + * Type: String. + * Default: `'dynamic'` + + * `pm_max_children`: + + * Optional. The number of child processes to be created when pm is set to `'static'` and the maximum number of child processes when pm is set to `'dynamic'` or `'ondemand'`. + * Type: Number. + * Default: `50` + + * `pm_start_servers`: + + * Optional. The number of child processes created on startup. Must be greater than `pm_min_spare_servers` but less than `pm_max_spare_servers`. Used only when `pm` is set to `'dynamic`'. + * Type: Number. + * Default: `5` + + * `pm_min_spare_servers`: + + * Optional. The desired minimum number of idle server processes. Used only when `pm` is set to `'dynamic'`. + * Type: Number. + * Default: `5` + + * `pm_max_spare_servers`: + + * Optional. The desired maximum number of idle server processes. Used only when `pm` is set to `'dynamic'`. + * Type: Number. + * Default: `35` + + * `pm_process_idle_timeout`: + + * Optional. The number of seconds after which an idle process will be killed. Used only when `pm` is set to `'ondemand'`. Defaults to `'10s'` if unset. Available units: s(econds, default), m(inutes), h(ours), or d(ays). + * Type: String. + * Default: `'10s'` + + * `pm_max_requests`: + + * Optional. The number of requests each child process should execute before respawning. This can be useful to work around memory leaks in 3rd party libraries. For endless request processing specify `0`. + * Type: Number. + * Default: `0` + + * `pm_status_path`: + + * Optional. Path to view FPM status page. + * Type: String. + * Default: `'/{{ item["name"] }}-fpm-status'` + + * `ping_path`: + + * Optional. The ping path to check if FPM is alive and responding. + * Type: String. + * Default: `'/{{ item["name"] }}-fpm-ping'` + + * `request_slowlog_timeout`: + + * Optional. The timeout for serving a single request after which a PHP backtrace will be dumped to the slowlog file. A value of `0` means off. Available units: s(econds, default), m(inutes), h(ours), or d(ays). + * Type: Number. + * Default: `0` + + * `request_slowlog_trace_depth`: + + * Optional. Depth of slow log stack trace. + * Type: Number. + * Default: `20` + + * `request_terminate_timeout`: + + * The timeout for serving a single request after which the worker process will be killed. This option should be used when the `max_execution_time` ini option does not stop script execution for some reason. A value of `0` means off. Available units: s(econds, default), m(inutes), h(ours), or d(ays). + * Type: Number. + * Default: `0` + + * `php_admin_value_session_save_path`: + + * Optional. + * Type: String. + * Default: `'/var/lib/php/session-{{ item["name"] }}'` + + * `php_admin_value_opcache_file_cache`: + + * Optional. + * Type: String. + * Default: `'/var/lib/php/opcache-{{ item["name"] }}'` + + * `php_admin_value_max_execution_time`: + + * Optional. + * Type: Number. + * Default: `{{ php__ini_max_execution_time__combined_var }}` + + * `php_admin_value_max_input_vars`: + + * Optional. + * Type: Number. + * Default: `{{ php__ini_max_input_vars__combined_var }}` + + * `php_admin_value_memory_limit`: + + * Optional. + * Type: String. + * Default: `'{{ php__ini_memory_limit__combined_var }}'` + + * `php_admin_value_opcache_interned_strings_buffer`: + + * Optional. + * Type: Number. + * Default: `{{ php__ini_opcache_interned_strings_buffer__combined_var }}` + + * `php_admin_value_opcache_max_accelerated_files`: + + * Optional. + * Type: Number. + * Default: `{{ php__ini_opcache_max_accelerated_files__combined_var }}` + + * `php_admin_value_opcache_memory_consumption`: + + * Optional. + * Type: Number. + * Default: `{{ php__ini_opcache_memory_consumption__combined_var }}` + + * `php_admin_value_open_basedir`: + + * Optional. + * Type: String. + * Default: unset + + * `php_admin_value_post_max_size`: + + * Optional. + * Type: String. + * Default: `'{{ php__ini_post_max_size__combined_var }}'` + + * `php_admin_value_upload_max_filesize`: + + * Optional. + * Type: String. + * Default: `'{{ php__ini_upload_max_filesize__combined_var }}'` * `raw`: * Optional. Raw content which will be added to the end of the pool config. * Type: String. + * Default: unset Example: ```yaml diff --git a/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 b/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 index a9577b6e..c7bd6948 100644 --- a/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 +++ b/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 @@ -108,7 +108,7 @@ listen.allowed_clients = 127.0.0.1 ; pm.process_idle_timeout - The number of seconds after which ; an idle process will be killed. ; Note: This value is mandatory. -pm = {{ php__fpm_pool_conf_pm__combined_var | d('dynamic') }} +pm = {{ item["pm"] | d('dynamic') }} ; The number of child processes to be created when pm is set to 'static' and the ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. @@ -119,33 +119,33 @@ pm = {{ php__fpm_pool_conf_pm__combined_var | d('dynamic') }} ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = {{ php__fpm_pool_conf_pm_max_children__combined_var | d(50) }} +pm.max_children = {{ item["pm_max_children"] | d(50) }} ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = {{ php__fpm_pool_conf_pm_start_servers__combined_var | d(5) }} +pm.start_servers = {{ item["pm_start_servers"] | d(5) }} ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = {{ php__fpm_pool_conf_pm_min_spare_servers__combined_var | d(5) }} +pm.min_spare_servers = {{ item["pm_min_spare_servers"] | d(5) }} ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var | d(35) }} +pm.max_spare_servers = {{ item["pm_max_spare_servers"] | d(35) }} ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s -;pm.process_idle_timeout = 10s; +pm.process_idle_timeout = {{ item["pm_process_idle_timeout"] | d("10s") }} ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -;pm.max_requests = 500 +pm.max_requests = {{ item["pm_max_requests"] | d(0) }} ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -244,7 +244,11 @@ pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -pm.status_path = /fpm-status +[% if item["pm_status_path"] | default() %] +pm.status_path = {{ item["pm_status_path"] }} +[% else %] +pm.status_path = /{{ item["name"] }}-fpm-status +[% endif %] ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside @@ -256,7 +260,11 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /fpm-ping +[% if item["ping_path"] | default() %] +ping.path = {{ item["ping_path"] }} +[% else %] +ping.path = /{{ item["name"] }}-fpm-ping +[% endif %] ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. @@ -335,18 +343,18 @@ slowlog = /var/log/php-fpm/{{ item["name"] }}-slow.log ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = {{ php__fpm_pool_conf_request_slowlog_timeout__combined_var }} +request_slowlog_timeout = {{ item["request_slowlog_timeout"] | d(0) }} ; Depth of slow log stack trace. ; Default Value: 20 -;request_slowlog_trace_depth = 20 +request_slowlog_trace_depth = {{ item["request_slowlog_trace_depth"] | d(20) }} ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_terminate_timeout = {{ php__fpm_pool_conf_request_terminate_timeout__combined_var }} +request_terminate_timeout = {{ item["request_terminate_timeout"] | d(0) }} ; Set open file descriptor rlimit. ; Default Value: system defined value @@ -427,9 +435,22 @@ request_terminate_timeout = {{ php__fpm_pool_conf_request_terminate_timeout__com ; specified at startup with the -d argument ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com ;php_flag[display_errors] = off -php_admin_value[error_log] = /var/log/php-fpm/{{ item["name"] }}-error.log + php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 128M +php_admin_value[error_log] = /var/log/php-fpm/{{ item["name"] }}-error.log +php_admin_value[max_execution_time] = {{ item["php_admin_value_max_execution_time"] | d(php__ini_max_execution_time__combined_var) }} +php_admin_value[max_input_vars] = {{ item["php_admin_value_max_input_vars"] | d(php__ini_max_input_vars__combined_var) }} +php_admin_value[memory_limit] = {{ item["php_admin_value_memory_limit"] | d(php__ini_memory_limit__combined_var) }} +php_admin_value[opcache.interned_strings_buffer] = {{ item["php_admin_value_opcache_interned_strings_buffer"] | d(php__ini_opcache_interned_strings_buffer__combined_var) }} +php_admin_value[opcache.max_accelerated_files] = {{ item["php_admin_value_opcache_max_accelerated_files"] | d(php__ini_opcache_max_accelerated_files__combined_var) }} +php_admin_value[opcache.memory_consumption] = {{ item["php_admin_value_opcache_memory_consumption"] | d(php__ini_opcache_memory_consumption__combined_var) }} +[% if item["php_admin_value_open_basedir"] | d() %] +php_admin_value[open_basedir] = {{ item["php_admin_value_open_basedir"] }} +[% else %] +;php_admin_value[open_basedir] = +[% endif %] +php_admin_value[post_max_size] = {{ item["php_admin_value_post_max_size"] | d(php__ini_post_max_size__combined_var) }} +php_admin_value[upload_max_filesize] = {{ item["php_admin_value_upload_max_filesize"] | d(php__ini_upload_max_filesize__combined_var) }} ; Set the following data paths to directories owned by the FPM process user. ; @@ -439,10 +460,18 @@ php_admin_flag[log_errors] = on ; ; See warning about choosing the location of these directories on your system ; at http://php.net/session.save-path -php_value[session.save_handler] = files -php_value[session.save_path] = /var/lib/php/session -php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache -;php_value[opcache.file_cache] = /var/lib/php/opcache +php_admin_value[session.save_handler] = files +[% if item["php_admin_value_opcache_file_cache"] | d() %] +php_admin_value[session.save_path] = {{ item["php_admin_value_opcache_file_cache"] }} +[% else %] +php_admin_value[session.save_path] = /var/lib/php/session-{{ item["name"] }} +[% endif %] +[% if item["php_admin_value_opcache_file_cache"] | d() %] +php_admin_value[opcache.file_cache] = {{ item["php_admin_value_opcache_file_cache"] }} +[% else %] +php_admin_value[opcache.file_cache] = /var/lib/php/opcache-{{ item["name"] }} +[% endif %] +;php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache [% if item["raw"] | default() %] ; raw content From 2aab24ccfd71e99f629c9d9e2d6b00e9b9a940bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20B=C3=BCrki?= Date: Wed, 13 May 2026 09:23:46 +0200 Subject: [PATCH 2/3] fix(roles/php): update timestamp in pool template, use 'd()' in accordance with example role, ensure session.save_path is now set correctly --- .../etc/php-fpm.d/RedHat-pool.conf.j2 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 b/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 index c7bd6948..a53f143f 100644 --- a/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 +++ b/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 @@ -1,7 +1,7 @@ #jinja2:block_start_string:'[%', block_end_string:'%]' ; {{ ansible_managed }} -; 2026012901 -[% if item["by_role"] | default() %] +; 2026051301 +[% if item["by_role"] | d() %] ; Generated by Ansible role: {{ item["by_role"] }} [% endif %] @@ -28,9 +28,9 @@ ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. ; RPM: apache user chosen to provide access to the same directories as httpd -user = {{ item["user"] | default('apache') }} +user = {{ item["user"] | d('apache') }} ; RPM: Keep a group allowed to write in log dir. -group = {{ item["group"] | default('apache') }} +group = {{ item["group"] | d('apache') }} ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -244,7 +244,7 @@ pm.max_requests = {{ item["pm_max_requests"] | d(0) }} ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -[% if item["pm_status_path"] | default() %] +[% if item["pm_status_path"] | d() %] pm.status_path = {{ item["pm_status_path"] }} [% else %] pm.status_path = /{{ item["name"] }}-fpm-status @@ -260,7 +260,7 @@ pm.status_path = /{{ item["name"] }}-fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -[% if item["ping_path"] | default() %] +[% if item["ping_path"] | d() %] ping.path = {{ item["ping_path"] }} [% else %] ping.path = /{{ item["name"] }}-fpm-ping @@ -461,8 +461,8 @@ php_admin_value[upload_max_filesize] = {{ item["php_admin_value_upload_max_files ; See warning about choosing the location of these directories on your system ; at http://php.net/session.save-path php_admin_value[session.save_handler] = files -[% if item["php_admin_value_opcache_file_cache"] | d() %] -php_admin_value[session.save_path] = {{ item["php_admin_value_opcache_file_cache"] }} +[% if item["php_admin_value_session_save_path"] | d() %] +php_admin_value[session.save_path] = {{ item["php_admin_value_session_save_path"] }} [% else %] php_admin_value[session.save_path] = /var/lib/php/session-{{ item["name"] }} [% endif %] @@ -473,7 +473,7 @@ php_admin_value[opcache.file_cache] = /var/lib/php/opcache-{{ item["name"] }} [% endif %] ;php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache -[% if item["raw"] | default() %] +[% if item["raw"] | d() %] ; raw content {{ item["raw"] }} [% endif %] From c94b7defab5f89b71a1ff225b28e338c67cbcec7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20B=C3=BCrki?= Date: Wed, 13 May 2026 18:04:20 +0200 Subject: [PATCH 3/3] feat(roles/php): update template for Debian-based systems, update docs (not complete), update template for RedHat-based systems. --- roles/php/README.md | 2 +- roles/php/tasks/main.yml | 1 + .../etc/php-fpm.d/Debian-pool.conf.j2 | 73 +++++++++------- .../etc/php-fpm.d/RedHat-pool.conf.j2 | 84 ++++++++----------- 4 files changed, 81 insertions(+), 79 deletions(-) diff --git a/roles/php/README.md b/roles/php/README.md index 63f44bd3..af797c03 100644 --- a/roles/php/README.md +++ b/roles/php/README.md @@ -354,7 +354,7 @@ Variables for PHP-FPM Pool Config directives and their default values, defined a * List of dictionaries containing PHP-FPM pools. * For the usage in `host_vars` / `group_vars` (can only be used in one group at a time). * Type: List of dictionaries. -* Default: `[]` +* Default: One pool named `www`. * Subkeys: * `name`: diff --git a/roles/php/tasks/main.yml b/roles/php/tasks/main.yml index 8642121a..b385fb5c 100644 --- a/roles/php/tasks/main.yml +++ b/roles/php/tasks/main.yml @@ -53,6 +53,7 @@ tags: - 'php' + - 'php:fpm' - 'php:ini' - 'php:modules' - 'php:update' diff --git a/roles/php/templates/etc/php-fpm.d/Debian-pool.conf.j2 b/roles/php/templates/etc/php-fpm.d/Debian-pool.conf.j2 index 8c31121d..adf3aec2 100644 --- a/roles/php/templates/etc/php-fpm.d/Debian-pool.conf.j2 +++ b/roles/php/templates/etc/php-fpm.d/Debian-pool.conf.j2 @@ -1,14 +1,14 @@ #jinja2:block_start_string:'[%', block_end_string:'%]' ; {{ ansible_managed }} -; 2026012901 -[% if item["by_role"] | default() %] -; Generated by Ansible role: {{ item["by_role"] }} +; 2026051301 +[% if item['by_role'] | d() %] +; Generated by Ansible role: {{ item['by_role'] }} [% endif %] ; Start a new pool named 'www'. ; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) -[{{ item["name"] }}] +[{{ item['name'] }}] ; Per pool prefix ; It only applies on the following directives: @@ -32,8 +32,8 @@ ; --allow-to-run-as-root option to work. ; Default Values: The user is set to master process running user by default. ; If the group is not set, the user's group is used. -user = {{ item["user"] | default('www-data') }} -group = {{ item["group"] | default('www-data') }} +user = {{ item['user'] | d(php__webserver_user) }} +group = {{ item['group'] | d(php__webserver_group) }} ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -45,7 +45,7 @@ group = {{ item["group"] | default('www-data') }} ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /run/php/{{ item["name"] }}.sock +listen = /run/php/{{ item['name'] }}.sock ; Set listen(2) backlog. ; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) @@ -57,8 +57,8 @@ listen = /run/php/{{ item["name"] }}.sock ; and group can be specified either by name or by their numeric IDs. ; Default Values: Owner is set to the master process running user. If the group ; is not set, the owner's group is used. Mode is set to 0660. -listen.owner = www-data -listen.group = www-data +listen.owner = {{ php__webserver_user }} +listen.group = {{ php__webserver_group }} ;listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using @@ -131,22 +131,22 @@ pm = {{ php__fpm_pool_conf_pm__combined_var | d('dynamic') }} ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = {{ php__fpm_pool_conf_pm_max_children__combined_var | d(5) }} +pm.max_children = {{ item['pm_max_children'] | d(50) }} ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: (min_spare_servers + max_spare_servers) / 2 -pm.start_servers = {{ php__fpm_pool_conf_pm_start_servers__combined_var | d(2) }} +pm.start_servers = {{ item['pm_start_servers'] | d(5) }} ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = {{ php__fpm_pool_conf_pm_min_spare_servers__combined_var | d(1) }} +pm.min_spare_servers = {{ item['pm_min_spare_servers'] | d(5) }} ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var | d(3) }} +pm.max_spare_servers = {{ item['pm_max_spare_servers'] | d(35) }} ; The number of rate to spawn child processes at once. ; Note: Used only when pm is set to 'dynamic' @@ -157,13 +157,13 @@ pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s -;pm.process_idle_timeout = 10s; +pm.process_idle_timeout = {{ item['pm_process_idle_timeout'] | d('10s') }} ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -;pm.max_requests = 500 +pm.max_requests = {{ item['pm_max_requests'] | d(500) }} ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following information: @@ -236,8 +236,8 @@ pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var ; it's always 0 if the process is not in Idle state ; because memory calculation is done when the request ; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to +; If the process is in Idle state, then information is related to the +; last request the process has served. Otherwise information is related to ; the current request being served. ; Example output: ; ************************ @@ -256,13 +256,13 @@ pm.max_spare_servers = {{ php__fpm_pool_conf_pm_max_spare_servers__combined_var ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/share/php/8.2/fpm/status.html +; It's available in: /usr/share/php/8.4/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -pm.status_path = /fpm-status +pm.status_path = {{ item['pm_status_path'] | d('/' ~ item['name'] ~ '-fpm-status') }} ; The address on which to accept FastCGI status request. This creates a new ; invisible pool that can handle requests independently. This is useful @@ -290,7 +290,7 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /fpm-ping +ping.path = {{ item['ping_path'] | d('/' ~ item['name'] ~ '-fpm-ping') }} ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. @@ -379,24 +379,24 @@ ping.response = pong ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = log/{{ item["name"] }}-slow.log +slowlog = log/{{ item['name'] }}-slow.log ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = {{ php__fpm_pool_conf_request_slowlog_timeout__combined_var }} +request_slowlog_timeout = {{ item['request_slowlog_timeout'] | d(0) }} ; Depth of slow log stack trace. ; Default Value: 20 -;request_slowlog_trace_depth = 20 +request_slowlog_trace_depth = {{ item['request_slowlog_trace_depth'] | d(20) }} ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_terminate_timeout = {{ php__fpm_pool_conf_request_terminate_timeout__combined_var }} +request_terminate_timeout = {{ item['request_terminate_timeout'] | d(0) }} ; The timeout set by 'request_terminate_timeout' ini option is not engaged after ; application calls 'fastcgi_finish_request' or when application has finished and @@ -492,11 +492,28 @@ request_terminate_timeout = {{ php__fpm_pool_conf_request_terminate_timeout__com ; specified at startup with the -d argument ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com ;php_flag[display_errors] = off -php_admin_value[error_log] = /var/log/php-fpm-{{ item["name"] }}-error.log php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M +php_admin_value[error_log] = /var/log/php-fpm/{{ item['name'] }}-error.log +php_admin_value[max_execution_time] = {{ item['php_admin_value_max_execution_time'] | d(php__ini_max_execution_time__combined_var) }} +php_admin_value[max_input_vars] = {{ item['php_admin_value_max_input_vars'] | d(php__ini_max_input_vars__combined_var) }} +php_admin_value[memory_limit] = {{ item['php_admin_value_memory_limit'] | d(php__ini_memory_limit__combined_var) }} +php_admin_value[opcache.interned_strings_buffer] = {{ item['php_admin_value_opcache_interned_strings_buffer'] | d(php__ini_opcache_interned_strings_buffer__combined_var) }} +php_admin_value[opcache.max_accelerated_files] = {{ item['php_admin_value_opcache_max_accelerated_files'] | d(php__ini_opcache_max_accelerated_files__combined_var) }} +php_admin_value[opcache.memory_consumption] = {{ item['php_admin_value_opcache_memory_consumption'] | d(php__ini_opcache_memory_consumption__combined_var) }} +[% if item['php_admin_value_open_basedir'] | d() %] +php_admin_value[open_basedir] = {{ item['php_admin_value_open_basedir'] }} +[% else %] +;php_admin_value[open_basedir] = +[% endif %] +php_admin_value[post_max_size] = {{ item['php_admin_value_post_max_size'] | d(php__ini_post_max_size__combined_var) }} +php_admin_value[upload_max_filesize] = {{ item['php_admin_value_upload_max_filesize'] | d(php__ini_upload_max_filesize__combined_var) }} + +php_admin_value[session.save_handler] = files +php_admin_value[session.save_path] = {{ item['php_admin_value_session_save_path'] | d('/var/lib/php/session-' ~ item['name']) }} +php_admin_value[opcache.file_cache] = {{ item['php_admin_value_opcache_file_cache'] | d('/var/lib/php/opcache-' ~ item['name']) }} +;php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache -[% if item["raw"] | default() %] +[% if item['raw'] | () %] ; raw content -{{ item["raw"] }} +{{ item['raw'] }} [% endif %] diff --git a/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 b/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 index a53f143f..d8fe5c16 100644 --- a/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 +++ b/roles/php/templates/etc/php-fpm.d/RedHat-pool.conf.j2 @@ -1,14 +1,14 @@ #jinja2:block_start_string:'[%', block_end_string:'%]' ; {{ ansible_managed }} ; 2026051301 -[% if item["by_role"] | d() %] -; Generated by Ansible role: {{ item["by_role"] }} +[% if item['by_role'] | d() %] +; Generated by Ansible role: {{ item['by_role'] }} [% endif %] ; Start a new pool named 'www'. ; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) -[{{ item["name"] }}] +[{{ item['name'] }}] ; Per pool prefix ; It only applies on the following directives: @@ -28,9 +28,9 @@ ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. ; RPM: apache user chosen to provide access to the same directories as httpd -user = {{ item["user"] | d('apache') }} +user = {{ item['user'] | d(php__webserver_user) }} ; RPM: Keep a group allowed to write in log dir. -group = {{ item["group"] | d('apache') }} +group = {{ item['group'] | d(php__webserver_group) }} ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -42,7 +42,7 @@ group = {{ item["group"] | d('apache') }} ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /run/php-fpm/{{ item["name"] }}.sock +listen = /run/php-fpm/{{ item['name'] }}.sock ; Set listen(2) backlog. ; Default Value: 511 @@ -108,7 +108,7 @@ listen.allowed_clients = 127.0.0.1 ; pm.process_idle_timeout - The number of seconds after which ; an idle process will be killed. ; Note: This value is mandatory. -pm = {{ item["pm"] | d('dynamic') }} +pm = {{ php__fpm_pool_conf_pm__combined_var | d('dynamic') }} ; The number of child processes to be created when pm is set to 'static' and the ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. @@ -119,33 +119,33 @@ pm = {{ item["pm"] | d('dynamic') }} ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = {{ item["pm_max_children"] | d(50) }} +pm.max_children = {{ item['pm_max_children'] | d(50) }} ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = {{ item["pm_start_servers"] | d(5) }} +pm.start_servers = {{ item['pm_start_servers'] | d(5) }} ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = {{ item["pm_min_spare_servers"] | d(5) }} +pm.min_spare_servers = {{ item['pm_min_spare_servers'] | d(5) }} ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = {{ item["pm_max_spare_servers"] | d(35) }} +pm.max_spare_servers = {{ item['pm_max_spare_servers'] | d(35) }} ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s -pm.process_idle_timeout = {{ item["pm_process_idle_timeout"] | d("10s") }} +pm.process_idle_timeout = {{ item['pm_process_idle_timeout'] | d('10s') }} ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = {{ item["pm_max_requests"] | d(0) }} +pm.max_requests = {{ item['pm_max_requests'] | d(0) }} ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -244,11 +244,7 @@ pm.max_requests = {{ item["pm_max_requests"] | d(0) }} ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -[% if item["pm_status_path"] | d() %] -pm.status_path = {{ item["pm_status_path"] }} -[% else %] -pm.status_path = /{{ item["name"] }}-fpm-status -[% endif %] +pm.status_path = {{ item['pm_status_path'] | d('/' ~ item['name'] ~ '-fpm-status') }} ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside @@ -260,11 +256,7 @@ pm.status_path = /{{ item["name"] }}-fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -[% if item["ping_path"] | d() %] -ping.path = {{ item["ping_path"] }} -[% else %] -ping.path = /{{ item["name"] }}-fpm-ping -[% endif %] +ping.path = {{ item['ping_path'] | d('/' ~ item['name'] ~ '-fpm-ping') }} ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. @@ -337,24 +329,24 @@ ping.response = pong ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/php-fpm/{{ item["name"] }}-slow.log +slowlog = /var/log/php-fpm/{{ item['name'] }}-slow.log ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = {{ item["request_slowlog_timeout"] | d(0) }} +request_slowlog_timeout = {{ item['request_slowlog_timeout'] | d(0) }} ; Depth of slow log stack trace. ; Default Value: 20 -request_slowlog_trace_depth = {{ item["request_slowlog_trace_depth"] | d(20) }} +request_slowlog_trace_depth = {{ item['request_slowlog_trace_depth'] | d(20) }} ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_terminate_timeout = {{ item["request_terminate_timeout"] | d(0) }} +request_terminate_timeout = {{ item['request_terminate_timeout'] | d(0) }} ; Set open file descriptor rlimit. ; Default Value: system defined value @@ -437,20 +429,20 @@ request_terminate_timeout = {{ item["request_terminate_timeout"] | d(0) }} ;php_flag[display_errors] = off php_admin_flag[log_errors] = on -php_admin_value[error_log] = /var/log/php-fpm/{{ item["name"] }}-error.log -php_admin_value[max_execution_time] = {{ item["php_admin_value_max_execution_time"] | d(php__ini_max_execution_time__combined_var) }} -php_admin_value[max_input_vars] = {{ item["php_admin_value_max_input_vars"] | d(php__ini_max_input_vars__combined_var) }} -php_admin_value[memory_limit] = {{ item["php_admin_value_memory_limit"] | d(php__ini_memory_limit__combined_var) }} -php_admin_value[opcache.interned_strings_buffer] = {{ item["php_admin_value_opcache_interned_strings_buffer"] | d(php__ini_opcache_interned_strings_buffer__combined_var) }} -php_admin_value[opcache.max_accelerated_files] = {{ item["php_admin_value_opcache_max_accelerated_files"] | d(php__ini_opcache_max_accelerated_files__combined_var) }} -php_admin_value[opcache.memory_consumption] = {{ item["php_admin_value_opcache_memory_consumption"] | d(php__ini_opcache_memory_consumption__combined_var) }} -[% if item["php_admin_value_open_basedir"] | d() %] -php_admin_value[open_basedir] = {{ item["php_admin_value_open_basedir"] }} +php_admin_value[error_log] = /var/log/php-fpm/{{ item['name'] }}-error.log +php_admin_value[max_execution_time] = {{ item['php_admin_value_max_execution_time'] | d(php__ini_max_execution_time__combined_var) }} +php_admin_value[max_input_vars] = {{ item['php_admin_value_max_input_vars'] | d(php__ini_max_input_vars__combined_var) }} +php_admin_value[memory_limit] = {{ item['php_admin_value_memory_limit'] | d(php__ini_memory_limit__combined_var) }} +php_admin_value[opcache.interned_strings_buffer] = {{ item['php_admin_value_opcache_interned_strings_buffer'] | d(php__ini_opcache_interned_strings_buffer__combined_var) }} +php_admin_value[opcache.max_accelerated_files] = {{ item['php_admin_value_opcache_max_accelerated_files'] | d(php__ini_opcache_max_accelerated_files__combined_var) }} +php_admin_value[opcache.memory_consumption] = {{ item['php_admin_value_opcache_memory_consumption'] | d(php__ini_opcache_memory_consumption__combined_var) }} +[% if item['php_admin_value_open_basedir'] | d() %] +php_admin_value[open_basedir] = {{ item['php_admin_value_open_basedir'] }} [% else %] ;php_admin_value[open_basedir] = [% endif %] -php_admin_value[post_max_size] = {{ item["php_admin_value_post_max_size"] | d(php__ini_post_max_size__combined_var) }} -php_admin_value[upload_max_filesize] = {{ item["php_admin_value_upload_max_filesize"] | d(php__ini_upload_max_filesize__combined_var) }} +php_admin_value[post_max_size] = {{ item['php_admin_value_post_max_size'] | d(php__ini_post_max_size__combined_var) }} +php_admin_value[upload_max_filesize] = {{ item['php_admin_value_upload_max_filesize'] | d(php__ini_upload_max_filesize__combined_var) }} ; Set the following data paths to directories owned by the FPM process user. ; @@ -461,19 +453,11 @@ php_admin_value[upload_max_filesize] = {{ item["php_admin_value_upload_max_files ; See warning about choosing the location of these directories on your system ; at http://php.net/session.save-path php_admin_value[session.save_handler] = files -[% if item["php_admin_value_session_save_path"] | d() %] -php_admin_value[session.save_path] = {{ item["php_admin_value_session_save_path"] }} -[% else %] -php_admin_value[session.save_path] = /var/lib/php/session-{{ item["name"] }} -[% endif %] -[% if item["php_admin_value_opcache_file_cache"] | d() %] -php_admin_value[opcache.file_cache] = {{ item["php_admin_value_opcache_file_cache"] }} -[% else %] -php_admin_value[opcache.file_cache] = /var/lib/php/opcache-{{ item["name"] }} -[% endif %] +php_admin_value[session.save_path] = {{ item['php_admin_value_session_save_path'] | d('/var/lib/php/session-' ~ item['name']) }} +php_admin_value[opcache.file_cache] = {{ item['php_admin_value_opcache_file_cache'] | d('/var/lib/php/opcache-' ~ item['name']) }} ;php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache -[% if item["raw"] | d() %] +[% if item['raw'] | d() %] ; raw content -{{ item["raw"] }} +{{ item['raw'] }} [% endif %]