From 45c7cb042c63132c8c82241ecf5a7f4ca722eabc Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Mon, 26 Jun 2023 12:12:42 -0400
Subject: [PATCH 1/2] Change load balancer defaults to return a list type

This was preventing firewall rules from working.
---
 config/defaults.yml | 49 ++++++++++++++++++++++++++++-----------------
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/config/defaults.yml b/config/defaults.yml
index 9d2764c1..d2ea2c14 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -236,36 +236,49 @@ m_php_fpm_port: 9090
 
 # All load balancer types
 load_balancers_all: >
-  {{ groups['load_balancers'] | default([]) }} +
-  {{ groups['load_balancers_meza_internal'] | default([]) }} +
-  {{ groups['load_balancers_meza_external'] | default([]) }} +
-  {{ groups['load_balancers_nonmeza'] | default([]) }} +
-  {{ groups['load_balancers_nonmeza_internal'] | default([]) }} +
-  {{ groups['load_balancers_nonmeza_external'] | default([]) }}
+  {{
+  ( groups.get('load_balancers', [] ) ) +
+  ( groups.get('load_balancers_meza_internal', [] ) ) +
+  ( groups.get('load_balancers_meza_external', [] ) ) +
+  ( groups.get('load_balancers_meza_nonmeza', [] ) ) +
+  ( groups.get('load_balancers_meza_nonmeza_internal', [] ) ) +
+  ( groups.get('load_balancers_meza_nonmeza_external', [] ) )
+  }}
+
 
 # Just load balancers for handling internal services
 load_balancers_internal: >
-  {{ groups['load_balancers_meza_internal'] | default([]) }} +
-  {{ groups['load_balancers_nonmeza_internal'] | default([]) }}
+  {{
+  ( groups.get('load_balancers_meza_internal', [] ) ) +
+  ( groups.get('load_balancers_meza_nonmeza_internal', [] ) )
+  }}
 
 # Just load balancers for handling external traffic
 load_balancers_external: >
-  {{ groups['load_balancers_meza_external'] | default([]) }} +
-  {{ groups['load_balancers_nonmeza_external'] | default([]) }}
+  {{
+  ( groups.get('load_balancers_meza_external', [] ) ) +
+  ( groups.get('load_balancers_meza_nonmeza_external', [] ) )
+  }}
 
 # Just load balancers that handle internal and external
 load_balancers_full: >
-  {{ groups['load_balancers'] | default([]) }} +
-  {{ groups['load_balancers_nonmeza'] | default([]) }}
+  {{
+  ( groups.get('load_balancers', [] ) ) +
+  ( groups.get('load_balancers_nonmeza', [] ) )
+  }}
 
 # Just load balancers managed by Meza
 load_balancers_meza: >
-  {{ groups['load_balancers'] | default([]) }} +
-  {{ groups['load_balancers_meza_internal'] | default([]) }} +
-  {{ groups['load_balancers_meza_external'] | default([]) }}
+  {{
+  ( groups.get('load_balancers', [] ) ) +
+  ( groups.get('load_balancers_meza_internal', [] ) ) +
+  ( groups.get('load_balancers_meza_external', [] ) )
+  }}
 
 # Just unmanaged load balancers (AWS, etc).
 load_balancers_nonmeza: >
-  {{ groups['load_balancers_nonmeza'] | default([]) }} +
-  {{ groups['load_balancers_nonmeza_internal'] | default([]) }} +
-  {{ groups['load_balancers_nonmeza_external'] | default([]) }}
+  {{
+  ( groups.get('load_balancers_nonmeza', [] ) ) +
+  ( groups.get('load_balancers_nonmeza_internal', [] ) ) +
+  ( groups.get('load_balancers_nonmeza_external', [] ) )
+  }}

From 764ba9fa059267a9dc3f2848605e29067a98910d Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Mon, 26 Jun 2023 15:01:22 -0400
Subject: [PATCH 2/2] Adjust packages for MW 1.35/RL8

* Use PHP7.4 (Otherwise we cannot install composer dependencies)
* Do not install -devel packages that do not appear to be used.
  The only things we are compiling from source are pecl-memcached
  and luasandbox.
* Ensure that libmemcached-devel is installed as it is needed
* Do not use --configureoptions with pecl. Support for that is only
  present in a later version of pecl.
---
 config/RedHat.yml                          | 45 +---------------------
 src/roles/apache-php/tasks/php-redhat8.yml | 24 ++++++------
 2 files changed, 13 insertions(+), 56 deletions(-)

diff --git a/config/RedHat.yml b/config/RedHat.yml
index 4c21558a..b8b6fa09 100644
--- a/config/RedHat.yml
+++ b/config/RedHat.yml
@@ -8,58 +8,18 @@ package_openssh_client: openssh-clients
 package_cron: cronie
 package_apache: httpd-devel
 package_php_apache_deps7:
-  - zlib-devel
-  - sqlite-devel
-  - bzip2-devel
-  - pcre-devel
-  - openssl-devel
-  - curl-devel
-  - libxml2-devel
-  - libXpm-devel
-  - gmp-devel
-  - libicu-devel
-  - t1lib-devel
-  - aspell-devel
-  - libcurl-devel
-  - libjpeg-devel
-  - libvpx-devel
-  - libpng-devel
-  - freetype-devel
-  - readline-devel
-  - libtidy-devel
-  - libmcrypt-devel
-  - pam-devel
   - sendmail
   - sendmail-cf
   - m4
   - xz-libs
   - mariadb-libs
-package_php_apache_deps8:
   - zlib-devel
-  - sqlite-devel
-  - bzip2-devel
-  - pcre-devel
-  - openssl-devel
-  - curl-devel
-  - libxml2-devel
-  - libXpm-devel
-  - gmp-devel
-  - libicu-devel
-  - t1lib-devel
-  - aspell-devel
-  - libcurl-devel
-  - libjpeg-devel
-  - libvpx-devel
-  - libpng-devel
-  - freetype-devel
-  - readline-devel
-  - libtidy-devel
-  - libmcrypt-devel
-  - pam-devel
+package_php_apache_deps8:
   - sendmail
   - sendmail-cf
   - m4
   - xz-libs
+  - zlib-devel
 package_java: java-1.8.0-openjdk
 package_python3: python36
 package_python3_pip: python36-pip
@@ -82,7 +42,6 @@ package_lua: [ 'lua', 'lua-devel' ]
 package_imagemagick:
   - ghostscript
   - ImageMagick
-  - ImageMagick-devel
 package_ntp: ntpd
 package_ntp8: chrony
 
diff --git a/src/roles/apache-php/tasks/php-redhat8.yml b/src/roles/apache-php/tasks/php-redhat8.yml
index cff112fe..93acae40 100644
--- a/src/roles/apache-php/tasks/php-redhat8.yml
+++ b/src/roles/apache-php/tasks/php-redhat8.yml
@@ -10,6 +10,9 @@
     name: "php5*"
     state: absent
 
+- name: Switch to php 7.4
+  shell: dnf -y module switch-to php:7.4
+
 - name: Ensure PHP packages for Rocky/RHEL8 installed
   package:
     name:
@@ -33,27 +36,22 @@
       - php-ldap
       - php-fpm
       - php-pear
-      - libmemcached-devel
     state: present
 
+- name: install libmemcached-devel
+  dnf:
+    name: libmemcached-devel
+    enablerepo: devel
+
 # PHP memcached extension needed for SAML auth
 - name: Ensure PEAR channel up-to-date
   shell: pear channel-update pecl.php.net
 
+# --configureoptions parameter is not supported in our version of pecl.
 - name: Install memcached PECL packages
   shell: >
-    pecl install
-    --configureoptions
-    'with-libmemcached-dir="no"
-    with-zlib-dir="no"
-    with-system-fastlz="no"
-    enable-memcached-igbinary="no"
-    enable-memcached-msgpack="no"
-    enable-memcached-json="no"
-    enable-memcached-protocol="no"
-    enable-memcached-sasl="yes"
-    enable-memcached-session="yes"'
-    memcached
+    printf 'no\nno\nno\nno\nno\nno\nno\nyes\nyes\n' |
+    pecl install memcached
   ignore_errors: true
   notify:
     - restart apache