Merge remote-tracking branch 'root/master'

* root/master:
  fixes add-apt-repository installation for VMWare's box
  Fix sudoers line
  Fix Ansible deprecations
  Fix php-xdebug config file path
  Update CHANGELOG with roots#504
  Add php7.0-mbstring
  Update CHANGELOG with roots#503
  Added necessary php modules
  Mention MailHog [ci skip]

CHANGELOG.md

@@ -1,3 +1,9 @@
+### HEAD
+* Fix Ansible deprecations for bare variables ([#510](https://github.com/roots/trellis/pull/510))
+* Fixes #508 - update php-xdebug config file path ([#509](https://github.com/roots/trellis/pull/509))
+* Add php-mbstring extension ([#504](https://github.com/roots/trellis/pull/504))
+* Add more necessary PHP extensions ([#503](https://github.com/roots/trellis/pull/503))
+
 ### 0.9.6: February 18th, 2016
 * Update to latest ansible-role-mailhog version ([#497](https://github.com/roots/trellis/pull/497))
 * Add `reverse_www` filter to fix `www_redirect` ([#486](https://github.com/roots/trellis/pull/486))

README.md

@@ -21,6 +21,7 @@ Trellis will configure a server with the following and more:
 * Composer
 * WP-CLI
 * sSMTP (mail delivery)
+* MailHog
 * Memcached
 * Fail2ban
 * ferm

requirements.yml

@@ -14,6 +14,9 @@
   src: kamaln7.swapfile
   version: 0.4
 
+- src: geerlingguy.daemonize
+  version: 1.1.0
+
 - name: mailhog
   src: geerlingguy.mailhog
   version: 1.0.5

roles/common/tasks/main.yml

@@ -7,10 +7,13 @@
     msg: "Your Ansible version is too old. Trellis require at least {{ minimum_ansible_version }}. Your version is {{ ansible_version.full | default('< 1.6') }}"
 
 - name: Update Apt
-  apt: update_cache=yes
+  apt:
+    update_cache: yes
 
 - name: Checking essentials
-  apt: name="{{ item }}" state=present
+  apt:
+    name: "{{ item }}"
+    state: present
   with_items:
   - python-software-properties
   - python-pycurl
@@ -20,12 +23,14 @@
   - git-core
 
 - name: Validate timezone variable
-  stat: path=/usr/share/zoneinfo/{{ default_timezone }}
+  stat:
+    path: /usr/share/zoneinfo/{{ default_timezone }}
   register: timezone_path
   changed_when: false
 
 - name: Explain timezone error
-  fail: msg="{{ default_timezone }} is not a valid timezone. For a list of valid timezones, check https://php.net/manual/en/timezones.php"
+  fail:
+    msg: "{{ default_timezone }} is not a valid timezone. For a list of valid timezones, check https://php.net/manual/en/timezones.php"
   when: not timezone_path.stat.exists
 
 - name: Get current timezone

roles/fail2ban/tasks/main.yml

@@ -1,16 +1,25 @@
 ---
 - name: ensure fail2ban is installed
-  apt: pkg=fail2ban state=latest update_cache=true cache_valid_time={{ apt_cache_valid_time }}
+  apt:
+    pkg: fail2ban
+    state: latest
+    update_cache: true
+    cache_valid_time: "{{ apt_cache_valid_time }}"
   notify:
     - restart fail2ban
 
 - name: ensure fail2ban is configured
-  template: src={{ item }}.j2 dest=/etc/fail2ban/{{ item }}
+  template:
+    src: "{{ item }}.j2"
+    dest: /etc/fail2ban/{{ item }}
   with_items:
     - jail.local
     - fail2ban.local
   notify:
     - restart fail2ban
 
 - name: ensure fail2ban starts on a fresh reboot
-  service: name=fail2ban state=started enabled=yes
+  service:
+    name: fail2ban
+    state: started
+    enabled: yes

roles/ferm/tasks/main.yml

@@ -1,20 +1,34 @@
 ---
 - name: ensure ferm status is in debconf
-  debconf: name=ferm question=ferm/enable vtype=boolean value="{{ ferm_enabled | lower }}"
+  debconf:
+    name: ferm
+    question: ferm/enable
+    vtype: boolean
+    value: "{{ ferm_enabled | lower }}"
 
 - name: ensure ferm is installed
-  apt: pkg=ferm state=latest update_cache=true cache_valid_time="{{ apt_cache_valid_time }}" install_recommends=no
+  apt:
+    pkg: ferm
+    state: latest
+    update_cache: true
+    cache_valid_time: "{{ apt_cache_valid_time }}"
+    install_recommends: no
   notify:
     - restart ferm
 
 - name: ensure configuration directories exist
-  file: path="{{ item }}" state=directory mode=0750
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
   with_items:
     - /etc/ferm/ferm.d
     - /etc/ferm/filter-input.d
 
 - name: ensure firewall is configured
-  template: src="{{ item }}.j2" dest=/{{ item }}
+  template:
+    src: "{{ item }}.j2"
+    dest: /{{ item }}
   with_items:
     - etc/default/ferm
     - etc/ferm/ferm.conf
@@ -29,9 +43,9 @@
         path=/etc/ferm/filter-input.d/{{ item.weight | default('50') }}_{{ item.type }}_{{ item.dport[0] }}.conf
         {% endif %}
   with_flattened:
-    - ferm_input_list
-    - ferm_input_group_list
-    - ferm_input_host_list
+    - "{{ ferm_input_list }}"
+    - "{{ ferm_input_group_list }}"
+    - "{{ ferm_input_host_list }}"
   when: ((item.type is defined and item.type) and (item.dport is defined and item.dport)) and
         (item.delete is defined and item.delete)
 
@@ -43,9 +57,9 @@
             dest=/etc/ferm/filter-input.d/{{ item.weight | default('50') }}_{{ item.type }}_{{ item.dport[0] }}.conf
             {% endif %}
   with_flattened:
-    - ferm_input_list
-    - ferm_input_group_list
-    - ferm_input_host_list
+    - "{{ ferm_input_list }}"
+    - "{{ ferm_input_group_list }}"
+    - "{{ ferm_input_host_list }}"
   when: (item.type is defined and item.type and item.dport is defined and item.dport) and
         (item.delete is undefined or (item.delete is defined and not item.delete))
 

roles/mariadb/tasks/main.yml

@@ -1,26 +1,35 @@
 ---
 - name: Add MariaDB MySQL apt-key
-  apt_key: url="http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search={{ keyserver_fingerprint }}"
-           state=present
+  apt_key:
+    url: "http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search={{ keyserver_fingerprint }}"
+    state: present
 
 - name: Add MariaDB MySQL deb and deb-src
-  apt_repository: repo="{{ item }}" state=present
+  apt_repository:
+    repo: "{{ item }}"
+    state: present
   with_items:
   - "deb http://{{ mirror }}/mariadb/repo/{{ version }}/ubuntu {{ mariadb_dist | default(ansible_distribution_release) }} main"
   - "deb-src http://{{ mirror }}/mariadb/repo/{{ version }}/ubuntu {{ mariadb_dist | default(ansible_distribution_release) }} main"
 
 - name: Install MariaDB MySQL server
-  apt: name=mariadb-server state=present
+  apt:
+    name: mariadb-server
+    state: present
 
 - name: Start MariaDB MySQL Server
-  service: name=mysql state=started enabled=true
+  service:
+    name: mysql
+    state: started
+    enabled: true
 
 - name: Set root user password
-  mysql_user: name=root
-              host="{{ item }}"
-              password="{{ mysql_root_password }}"
-              check_implicit_admin=yes
-              state=present
+  mysql_user:
+    name: root
+    host: "{{ item }}"
+    password: "{{ mysql_root_password }}"
+    check_implicit_admin: yes
+    state: present
   with_items:
     - "{{ inventory_hostname }}"
     - 127.0.0.1
@@ -36,14 +45,16 @@
     mode: 0600
 
 - name: Delete anonymous MySQL server users
-  mysql_user: user=""
-              host="{{ item }}"
-              state=absent
+  mysql_user:
+    user: ""
+    host: "{{ item }}"
+    state: absent
   with_items:
     - localhost
     - "{{ inventory_hostname }}"
     - "{{ ansible_hostname }}"
 
 - name: Remove the test database
-  mysql_db: name=test
-            state=absent
+  mysql_db:
+    name: test
+    state: absent

roles/php/tasks/main.yml

@@ -16,9 +16,13 @@
   - php7.0-dev
   - php7.0-fpm
   - php7.0-gd
+  - php7.0-mbstring
   - php7.0-mcrypt
   - php7.0-mysql
   - php7.0-opcache
+  - php7.0-xml
+  - php7.0-xmlrpc
+  - php7.0-zip
 
 - name: Install Xdebug
   apt:
@@ -29,7 +33,7 @@
 - name: xdebug configuration file
   template:
     src: xdebug.ini.j2
-    dest: /etc/php/mods-available/xdebug.ini
+    dest: /etc/php/7.0/mods-available/xdebug.ini
   when: xdebug_install | default(false)
 
 - name: Start php7.0-fpm service

roles/rollback/tasks/main.yml

@@ -6,13 +6,17 @@
   when: release is not defined
 
 - name: Check whether target release was from a successful deploy
-  stat: path="{{ new_release_path }}/DEPLOY_UNFINISHED"
+  stat:
+    path: "{{ new_release_path }}/DEPLOY_UNFINISHED"
   register: target
 
 - name: Fail if target release was from failed deploy
-  fail: msg="Cannot switch to release at {{ new_release_path }}. It is from an unfinished deploy.
-        You may manually specify a different release using --extra-vars='release=12345678901234'."
+  fail:
+    msg: "Cannot switch to release at {{ new_release_path }}. It is from an unfinished deploy. You may manually specify a different release using --extra-vars='release=12345678901234'."
   when: target.stat.exists | default(False)
 
 - name: Link 'current' directory to target release
-  file: path="{{ project_root }}/current" src="{{ new_release_path }}" state=link
+  file:
+    path: "{{ project_root }}/current"
+    src: "{{ new_release_path }}"
+    state: link

roles/rollback/tasks/prior-release.yml

@@ -6,8 +6,8 @@
   register: current_release_position
 
 - name: Fail if current release is the oldest available release
-  fail: msg="Currently symlinked to earliest available release. Cannot rollback.
-        You may manually specify a different release using --extra-vars='release=12345678901234'."
+  fail:
+    msg: "Currently symlinked to earliest available release. Cannot rollback. You may manually specify a different release using --extra-vars='release=12345678901234'."
   when: current_release_position.stdout_lines[0] == "1"
 
 - name: Collect list of releases

roles/rollback/tasks/user-release.yml

@@ -1,6 +1,7 @@
 ---
 - name: Check whether user-specified release exists
-  stat: path="{{ project_root }}/releases/{{ release }}"
+  stat:
+    path: "{{ project_root }}/releases/{{ release }}"
   register: specified
 
 - name: Get name of current symlinked release
@@ -10,7 +11,8 @@
   register: current_release
 
 - name: Fail if user-specified release doesn't exist or is already active
-  fail: msg="Cannot switch to release {{ release }}. Either it does not exist or it is the active release."
+  fail:
+    msg: "Cannot switch to release {{ release }}. Either it does not exist or it is the active release."
   when: specified.stat.isdir | default(False) == False or current_release.stdout_lines[0] == release
 
 - name: Create new_release_path variable

roles/sshd/tasks/main.yml

@@ -1,13 +1,16 @@
 ---
 - name: ensure ssh server is installed
-  apt: pkg=openssh-server
-       state=latest
-       update_cache=true
-       cache_valid_time="{{ apt_cache_valid_time }}"
+  apt:
+    pkg: openssh-server
+    state: latest
+    update_cache: true
+    cache_valid_time: "{{ apt_cache_valid_time }}"
   notify:
     - restart ssh
 
 - name: ensure sshd is configured
-  template: src=sshd_config.j2 dest=/etc/ssh/sshd_config
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
   notify:
     - restart ssh

roles/ssmtp/tasks/main.yml

@@ -1,6 +1,10 @@
 ---
 - name: Install ssmtp
-  apt: name=ssmtp state=present
+  apt:
+    name: ssmtp
+    state: present
 
 - name: ssmtp configuration
-  template: src=ssmtp.conf.j2 dest=/etc/ssmtp/ssmtp.conf
+  template:
+    src: ssmtp.conf.j2
+    dest: /etc/ssmtp/ssmtp.conf

roles/users/tasks/main.yml

@@ -1,13 +1,16 @@
 ---
 - name: Ensure sudo group is present
-  group: name=sudo state=present
+  group:
+    name: sudo
+    state: present
 
 - name: Ensure sudo group has sudo privileges
-  lineinfile: dest=/etc/sudoers
-              state=present
-              regexp="^%sudo"
-              line="%sudo ALL=(ALL:ALL) ALL"
-              validate="/usr/sbin/visudo -cf %s"
+  lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: "^%sudo"
+    line: "%sudo ALL=(ALL:ALL) ALL"
+    validate: "/usr/sbin/visudo -cf %s"
 
 - name: Fail if root login will be disabled but admin_user will not be a sudoer
   assert:
@@ -19,14 +22,15 @@
   when: not sshd_permit_root_login
 
 - name: Setup users
-  user: name="{{ item.name }}"
-        group="{{ item.groups[0] }}"
-        groups="{{ item.groups | join(',') }}"
-        password="{{ sudoer_passwords[item.name] | default(None) }}"
-        state=present
-        shell=/bin/bash
-        update_password=always
-  with_items: users
+  user:
+    name: "{{ item.name }}"
+    group: "{{ item.groups[0] }}"
+    groups: "{{ item.groups | join(',') }}"
+    password: "{{ sudoer_passwords[item.name] | default(None) }}"
+    state: present
+    shell: /bin/bash
+    update_password: always
+  with_items: "{{ users }}"
 
 - name: Add web user sudoers items for services
   template:
@@ -39,7 +43,9 @@
   when: web_sudoers
 
 - name: Add SSH keys
-  authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
+  authorized_key:
+    user: "{{ item.0.name }}"
+    key: "{{ item.1 }}"
   with_subelements:
     - users | default([])
     - keys