From e25ebe5f801c3d81a0e3ac60e58c0ffc56448109 Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Wed, 21 Oct 2020 14:02:59 +0200 Subject: [PATCH 1/6] (#607) add 'listen.acl_users' to defined type add 'listen.acl_users' to pool template --- manifests/fpm/pool.pp | 3 +++ templates/fpm/pool.conf.erb | 3 +++ 2 files changed, 6 insertions(+) diff --git a/manifests/fpm/pool.pp b/manifests/fpm/pool.pp index 67ac5751..cc5f558f 100644 --- a/manifests/fpm/pool.pp +++ b/manifests/fpm/pool.pp @@ -24,6 +24,8 @@ # # [*listen_mode*] # +# [*listen_acl_users*] +# # [*user*] # The user that php-fpm should run as # @@ -128,6 +130,7 @@ $listen_owner = undef, $listen_group = undef, $listen_mode = undef, + $listen_acl_users = undef, $user = $php::fpm::config::user, $group = $php::fpm::config::group, Optional[String[1]] $apparmor_hat = undef, diff --git a/templates/fpm/pool.conf.erb b/templates/fpm/pool.conf.erb index 99981d19..5fadc4b6 100644 --- a/templates/fpm/pool.conf.erb +++ b/templates/fpm/pool.conf.erb @@ -38,6 +38,9 @@ listen.mode = <%= @listen_mode %> <% else -%> ;listen.mode = 0660 <% end -%> +<% if @listen_acl_users -%> +listen.acl_users = <%= @listen_acl_users %> +<% end -%> ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group From 6db46a05b1a118ec772950361671b14391d24dcb Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Wed, 28 Apr 2021 22:36:19 +0200 Subject: [PATCH 2/6] add description to 'listen_acl_users' parameter Description copied from php-fpm configuration documentation at: https://www.php.net/manual/en/install.fpm.configuration.php --- manifests/fpm/pool.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/fpm/pool.pp b/manifests/fpm/pool.pp index cc5f558f..72a3a7a0 100644 --- a/manifests/fpm/pool.pp +++ b/manifests/fpm/pool.pp @@ -25,6 +25,9 @@ # [*listen_mode*] # # [*listen_acl_users*] +# When POSIX Access Control Lists are supported you can set them using this option. +# When set, listen.owner and listen.group are ignored. Value is a comma separated +# list of user names. # # [*user*] # The user that php-fpm should run as From e42458d9f1a63964d03b4b76fc07e23dfc9e0d85 Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Wed, 28 Apr 2021 22:39:55 +0200 Subject: [PATCH 3/6] (#607) add 'listen.acl_groups' to defined type add 'listen.acl_groups' to pool template --- manifests/fpm/pool.pp | 4 ++++ templates/fpm/pool.conf.erb | 3 +++ 2 files changed, 7 insertions(+) diff --git a/manifests/fpm/pool.pp b/manifests/fpm/pool.pp index 72a3a7a0..54a23b1e 100644 --- a/manifests/fpm/pool.pp +++ b/manifests/fpm/pool.pp @@ -29,6 +29,9 @@ # When set, listen.owner and listen.group are ignored. Value is a comma separated # list of user names. # +# [*listen_acl_groups*] +# See listen_acl_users. Value is a comma separated list of group names. +# # [*user*] # The user that php-fpm should run as # @@ -134,6 +137,7 @@ $listen_group = undef, $listen_mode = undef, $listen_acl_users = undef, + $listen_acl_groups = undef, $user = $php::fpm::config::user, $group = $php::fpm::config::group, Optional[String[1]] $apparmor_hat = undef, diff --git a/templates/fpm/pool.conf.erb b/templates/fpm/pool.conf.erb index 5fadc4b6..8c25dfd7 100644 --- a/templates/fpm/pool.conf.erb +++ b/templates/fpm/pool.conf.erb @@ -41,6 +41,9 @@ listen.mode = <%= @listen_mode %> <% if @listen_acl_users -%> listen.acl_users = <%= @listen_acl_users %> <% end -%> +<% if @listen_acl_groups -%> +listen.acl_groups = <%= @listen_acl_groups %> +<% end -%> ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group From 911fb380c4e8ca6d3078be03ce63d97d0458d2a7 Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Wed, 28 Apr 2021 22:43:28 +0200 Subject: [PATCH 4/6] add datatype to 'listen.?' parameters --- manifests/fpm/pool.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/fpm/pool.pp b/manifests/fpm/pool.pp index 54a23b1e..8ca3fa6b 100644 --- a/manifests/fpm/pool.pp +++ b/manifests/fpm/pool.pp @@ -136,8 +136,8 @@ $listen_owner = undef, $listen_group = undef, $listen_mode = undef, - $listen_acl_users = undef, - $listen_acl_groups = undef, + Optional[String[1]] $listen_acl_users = undef, + Optional[String[1]] $listen_acl_groups = undef, $user = $php::fpm::config::user, $group = $php::fpm::config::group, Optional[String[1]] $apparmor_hat = undef, From 2d8654544732be140a3b95eed667ad8592a81104 Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Wed, 28 Apr 2021 22:56:11 +0200 Subject: [PATCH 5/6] use datatype array for 'listen.?' parameters --- manifests/fpm/pool.pp | 110 ++++++++++++++++++++---------------- templates/fpm/pool.conf.erb | 8 +-- 2 files changed, 64 insertions(+), 54 deletions(-) diff --git a/manifests/fpm/pool.pp b/manifests/fpm/pool.pp index 8ca3fa6b..f689237a 100644 --- a/manifests/fpm/pool.pp +++ b/manifests/fpm/pool.pp @@ -25,12 +25,12 @@ # [*listen_mode*] # # [*listen_acl_users*] -# When POSIX Access Control Lists are supported you can set them using this option. -# When set, listen.owner and listen.group are ignored. Value is a comma separated -# list of user names. +# Array. When POSIX Access Control Lists are supported you can set them using +# this option. When set, listen.owner and listen.group are ignored. Value is +# an array of user names. # # [*listen_acl_groups*] -# See listen_acl_users. Value is a comma separated list of group names. +# See listen_acl_users. Value is an array of group names. # # [*user*] # The user that php-fpm should run as @@ -129,52 +129,52 @@ # '/etc/php5/fpm/pool.d' or '/etc/php-fpm.d' # define php::fpm::pool ( - $ensure = 'present', - $listen = '127.0.0.1:9000', - $listen_backlog = '-1', - $listen_allowed_clients = undef, - $listen_owner = undef, - $listen_group = undef, - $listen_mode = undef, - Optional[String[1]] $listen_acl_users = undef, - Optional[String[1]] $listen_acl_groups = undef, - $user = $php::fpm::config::user, - $group = $php::fpm::config::group, - Optional[String[1]] $apparmor_hat = undef, - $pm = 'dynamic', - $pm_max_children = '50', - $pm_start_servers = '5', - $pm_min_spare_servers = '5', - $pm_max_spare_servers = '35', - $pm_max_requests = '0', - $pm_process_idle_timeout = '10s', - $pm_status_path = undef, - $ping_path = undef, - $ping_response = 'pong', - $access_log = undef, - $access_log_format = '"%R - %u %t \"%m %r\" %s"', - $request_terminate_timeout = '0', - $request_slowlog_timeout = '0', - $security_limit_extensions = undef, - $slowlog = "/var/log/php-fpm/${name}-slow.log", - $template = 'php/fpm/pool.conf.erb', - $rlimit_files = undef, - $rlimit_core = undef, - $chroot = undef, - $chdir = undef, - $catch_workers_output = 'no', - $include = undef, - $env = [], - $env_value = {}, - $clear_env = true, - $options = {}, - $php_value = {}, - $php_flag = {}, - $php_admin_value = {}, - $php_admin_flag = {}, - $php_directives = [], - $root_group = $php::params::root_group, - Optional[Stdlib::Absolutepath] $base_dir = undef, + $ensure = 'present', + $listen = '127.0.0.1:9000', + $listen_backlog = '-1', + $listen_allowed_clients = undef, + $listen_owner = undef, + $listen_group = undef, + $listen_mode = undef, + Array[String[1]] $listen_acl_users = undef, + Array[String[1]] $listen_acl_groups = undef, + $user = $php::fpm::config::user, + $group = $php::fpm::config::group, + Optional[String[1]] $apparmor_hat = undef, + $pm = 'dynamic', + $pm_max_children = '50', + $pm_start_servers = '5', + $pm_min_spare_servers = '5', + $pm_max_spare_servers = '35', + $pm_max_requests = '0', + $pm_process_idle_timeout = '10s', + $pm_status_path = undef, + $ping_path = undef, + $ping_response = 'pong', + $access_log = undef, + $access_log_format = '"%R - %u %t \"%m %r\" %s"', + $request_terminate_timeout = '0', + $request_slowlog_timeout = '0', + $security_limit_extensions = undef, + $slowlog = "/var/log/php-fpm/${name}-slow.log", + $template = 'php/fpm/pool.conf.erb', + $rlimit_files = undef, + $rlimit_core = undef, + $chroot = undef, + $chdir = undef, + $catch_workers_output = 'no', + $include = undef, + $env = [], + $env_value = {}, + $clear_env = true, + $options = {}, + $php_value = {}, + $php_flag = {}, + $php_admin_value = {}, + $php_admin_flag = {}, + $php_directives = [], + $root_group = $php::params::root_group, + Optional[Stdlib::Absolutepath] $base_dir = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['php']) { @@ -196,6 +196,16 @@ default => $php::fpm::package, } + # 'php-fpm' expects a comma separated list of user names + unless $listen_acl_users.empty { + $real_listen_acl_users = join(flatten($listen_acl_users).unique, ",") + } + + # 'php-fpm' expects a comma separated list of group names + unless $listen_acl_groups.empty { + $real_listen_acl_groups = join(flatten($listen_acl_groups).unique, ",") + } + $pool_base_dir = pick_default($base_dir, $php::fpm::config::pool_base_dir, $php::params::fpm_pool_dir) if ($ensure == 'absent') { file { "${pool_base_dir}/${pool}.conf": diff --git a/templates/fpm/pool.conf.erb b/templates/fpm/pool.conf.erb index 8c25dfd7..24f2f6f3 100644 --- a/templates/fpm/pool.conf.erb +++ b/templates/fpm/pool.conf.erb @@ -38,11 +38,11 @@ listen.mode = <%= @listen_mode %> <% else -%> ;listen.mode = 0660 <% end -%> -<% if @listen_acl_users -%> -listen.acl_users = <%= @listen_acl_users %> +<% if @real_listen_acl_users -%> +listen.acl_users = <%= @real_listen_acl_users %> <% end -%> -<% if @listen_acl_groups -%> -listen.acl_groups = <%= @listen_acl_groups %> +<% if @real_listen_acl_groups -%> +listen.acl_groups = <%= @real_listen_acl_groups %> <% end -%> ; Unix user/group of processes From 3b3380a716e36bba6c46bf72d1f250c171850fc5 Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Fri, 30 Apr 2021 21:44:51 +0200 Subject: [PATCH 6/6] correctly align parameters on "=" --- manifests/fpm/pool.pp | 92 +++++++++++++++++++++---------------------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/manifests/fpm/pool.pp b/manifests/fpm/pool.pp index f689237a..a18bf00c 100644 --- a/manifests/fpm/pool.pp +++ b/manifests/fpm/pool.pp @@ -129,52 +129,52 @@ # '/etc/php5/fpm/pool.d' or '/etc/php-fpm.d' # define php::fpm::pool ( - $ensure = 'present', - $listen = '127.0.0.1:9000', - $listen_backlog = '-1', - $listen_allowed_clients = undef, - $listen_owner = undef, - $listen_group = undef, - $listen_mode = undef, - Array[String[1]] $listen_acl_users = undef, - Array[String[1]] $listen_acl_groups = undef, - $user = $php::fpm::config::user, - $group = $php::fpm::config::group, - Optional[String[1]] $apparmor_hat = undef, - $pm = 'dynamic', - $pm_max_children = '50', - $pm_start_servers = '5', - $pm_min_spare_servers = '5', - $pm_max_spare_servers = '35', - $pm_max_requests = '0', - $pm_process_idle_timeout = '10s', - $pm_status_path = undef, - $ping_path = undef, - $ping_response = 'pong', - $access_log = undef, - $access_log_format = '"%R - %u %t \"%m %r\" %s"', - $request_terminate_timeout = '0', - $request_slowlog_timeout = '0', - $security_limit_extensions = undef, - $slowlog = "/var/log/php-fpm/${name}-slow.log", - $template = 'php/fpm/pool.conf.erb', - $rlimit_files = undef, - $rlimit_core = undef, - $chroot = undef, - $chdir = undef, - $catch_workers_output = 'no', - $include = undef, - $env = [], - $env_value = {}, - $clear_env = true, - $options = {}, - $php_value = {}, - $php_flag = {}, - $php_admin_value = {}, - $php_admin_flag = {}, - $php_directives = [], - $root_group = $php::params::root_group, - Optional[Stdlib::Absolutepath] $base_dir = undef, + $ensure = 'present', + $listen = '127.0.0.1:9000', + $listen_backlog = '-1', + $listen_allowed_clients = undef, + $listen_owner = undef, + $listen_group = undef, + $listen_mode = undef, + Array[String[1]] $listen_acl_users = undef, + Array[String[1]] $listen_acl_groups = undef, + $user = $php::fpm::config::user, + $group = $php::fpm::config::group, + Optional[String[1]] $apparmor_hat = undef, + $pm = 'dynamic', + $pm_max_children = '50', + $pm_start_servers = '5', + $pm_min_spare_servers = '5', + $pm_max_spare_servers = '35', + $pm_max_requests = '0', + $pm_process_idle_timeout = '10s', + $pm_status_path = undef, + $ping_path = undef, + $ping_response = 'pong', + $access_log = undef, + $access_log_format = '"%R - %u %t \"%m %r\" %s"', + $request_terminate_timeout = '0', + $request_slowlog_timeout = '0', + $security_limit_extensions = undef, + $slowlog = "/var/log/php-fpm/${name}-slow.log", + $template = 'php/fpm/pool.conf.erb', + $rlimit_files = undef, + $rlimit_core = undef, + $chroot = undef, + $chdir = undef, + $catch_workers_output = 'no', + $include = undef, + $env = [], + $env_value = {}, + $clear_env = true, + $options = {}, + $php_value = {}, + $php_flag = {}, + $php_admin_value = {}, + $php_admin_flag = {}, + $php_directives = [], + $root_group = $php::params::root_group, + Optional[Stdlib::Absolutepath] $base_dir = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['php']) {