From 0f62ce72646f32b9bcd97af1c101f6356951f785 Mon Sep 17 00:00:00 2001
From: Greg Harvey <greg.harvey@gmail.com>
Date: Wed, 22 Nov 2023 14:18:57 +0100
Subject: [PATCH 1/4] Adding support for PHP session lifetime. (#1240)

* Adding support for PHP session lifetime.

* Updating module namespaces.
---
 .gitignore                                         | 1 +
 roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml | 2 +-
 roles/aws/aws_ec2_with_eip/tasks/main.yml          | 2 +-
 roles/aws/aws_iam_role/tasks/main.yml              | 2 +-
 roles/aws/aws_iam_saml/tasks/main.yml              | 8 ++++----
 roles/aws/aws_s3_bucket/tasks/main.yml             | 2 +-
 roles/php-cli/defaults/main.yml                    | 1 +
 roles/php-cli/templates/php.cli.ini.j2             | 2 +-
 roles/php-fpm/defaults/main.yml                    | 1 +
 roles/php-fpm/templates/php.fpm.ini.j2             | 2 +-
 10 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/.gitignore b/.gitignore
index e7f2aff69..609ae422a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@
 /ce-dev/ansible/vars/_common/*_exporter.yml
 /test.yml
 /ce-dev/ansible/plays/provision-target/indexer
+/roles/contrib
diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml
index f7e5dd8d9..62ac05cc5 100644
--- a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml
+++ b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml
@@ -291,7 +291,7 @@
     - aws_ec2_autoscale_cluster.deploy_cluster
 
 - name: Gather IAM role info.
-  community.aws.iam_role_info:
+  amazon.aws.iam_role_info:
     profile: "{{ aws_ec2_autoscale_cluster.aws_profile }}"
     region: "{{ aws_ec2_autoscale_cluster.region }}"
     name: "{{ aws_ec2_autoscale_cluster.iam_role_name }}"
diff --git a/roles/aws/aws_ec2_with_eip/tasks/main.yml b/roles/aws/aws_ec2_with_eip/tasks/main.yml
index 4ecf47a8c..df46827d6 100644
--- a/roles/aws/aws_ec2_with_eip/tasks/main.yml
+++ b/roles/aws/aws_ec2_with_eip/tasks/main.yml
@@ -13,7 +13,7 @@
     _aws_ec2_with_eip_image_latest: "{{ _aws_ec2_with_eip_image.images | sort(attribute='creation_date') | last }}"
 
 - name: Gather IAM role info.
-  community.aws.iam_role_info:
+  amazon.aws.iam_role_info:
     profile: "{{ aws_ec2_with_eip.aws_profile }}"
     region: "{{ aws_ec2_with_eip.region }}"
     name: "{{ aws_ec2_with_eip.iam_role_name }}"
diff --git a/roles/aws/aws_iam_role/tasks/main.yml b/roles/aws/aws_iam_role/tasks/main.yml
index 9c9e6349f..e82a47acb 100644
--- a/roles/aws/aws_iam_role/tasks/main.yml
+++ b/roles/aws/aws_iam_role/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: Create an IAM role.
-  community.aws.iam_role:
+  amazon.aws.iam_role:
     profile: "{{ aws_iam_role.aws_profile }}"
     name: "{{ aws_iam_role.name }}"
     assume_role_policy_document: "{{ lookup('file', aws_iam_role.policy_document + '_document_policy.json') }}"
diff --git a/roles/aws/aws_iam_saml/tasks/main.yml b/roles/aws/aws_iam_saml/tasks/main.yml
index 81fd4876d..fefb04709 100644
--- a/roles/aws/aws_iam_saml/tasks/main.yml
+++ b/roles/aws/aws_iam_saml/tasks/main.yml
@@ -23,7 +23,7 @@
   register: _aws_account_info
 
 - name: Create a role for administrative access
-  community.aws.iam_role:
+  amazon.aws.iam_role:
     name: "{{ aws_iam_saml.admin_role }}"
     profile: "{{ aws_iam_saml.aws_profile }}"
     tags: "{{ aws_iam_saml.tags }}"
@@ -37,7 +37,7 @@
     - aws_iam_saml.admin_groups[0] is defined
 
 - name: Create a role for read-only access
-  community.aws.iam_role:
+  amazon.aws.iam_role:
     name: "{{ aws_iam_saml.readonly_role }}"
     profile: "{{ aws_iam_saml.aws_profile }}"
     tags: "{{ aws_iam_saml.tags }}"
@@ -51,7 +51,7 @@
     - aws_iam_saml.readonly_groups[0] is defined
 
 - name: Create a customer managed policy for billing access
-  community.aws.iam_managed_policy:
+  amazon.aws.iam_managed_policy:
     policy_name: "{{ aws_iam_saml.billing_policy }}"
     policy_description: "Custom policy for billing access"
     profile: "{{ aws_iam_saml.aws_profile }}"
@@ -64,7 +64,7 @@
     - aws_iam_saml.billing_groups[0] is defined
 
 - name: Create a role for billing access
-  community.aws.iam_role:
+  amazon.aws.iam_role:
     name: "{{ aws_iam_saml.billing_role }}"
     profile: "{{ aws_iam_saml.aws_profile }}"
     tags: "{{ aws_iam_saml.tags }}"
diff --git a/roles/aws/aws_s3_bucket/tasks/main.yml b/roles/aws/aws_s3_bucket/tasks/main.yml
index a6d6cf8f1..d5ae0ce71 100644
--- a/roles/aws/aws_s3_bucket/tasks/main.yml
+++ b/roles/aws/aws_s3_bucket/tasks/main.yml
@@ -8,7 +8,7 @@
   register: _aws_s3_bucket_bucket
 
 - name: Create a matching policy.
-  community.aws.iam_managed_policy:
+  amazon.aws.iam_managed_policy:
     profile: "{{ aws_s3_bucket.aws_profile }}"
     region: "{{ aws_s3_bucket.region }}"
     policy_name: "{{ aws_s3_bucket.name }}"
diff --git a/roles/php-cli/defaults/main.yml b/roles/php-cli/defaults/main.yml
index 6460844e3..29a81b723 100644
--- a/roles/php-cli/defaults/main.yml
+++ b/roles/php-cli/defaults/main.yml
@@ -21,6 +21,7 @@ php:
     max_file_uploads: 20
     date_timezone: "Europe/London"
     overrides: {}
+    gc_maxlifetime: 1440
     opcache:
       enable: 1
       enable_cli: 0
diff --git a/roles/php-cli/templates/php.cli.ini.j2 b/roles/php-cli/templates/php.cli.ini.j2
index 2bf91165c..abdcaba6c 100644
--- a/roles/php-cli/templates/php.cli.ini.j2
+++ b/roles/php-cli/templates/php.cli.ini.j2
@@ -1384,7 +1384,7 @@ session.gc_divisor = 1000
 ; After this number of seconds, stored data will be seen as 'garbage' and
 ; cleaned up by the garbage collection process.
 ; http://php.net/session.gc-maxlifetime
-session.gc_maxlifetime = 1440
+session.gc_maxlifetime = {{ php.cli.gc_maxlifetime }}
 
 ; NOTE: If you are using the subdirectory option for storing session files
 ;       (see session.save_path above), then garbage collection does *not*
diff --git a/roles/php-fpm/defaults/main.yml b/roles/php-fpm/defaults/main.yml
index 3e6a4d7d0..079312f3c 100644
--- a/roles/php-fpm/defaults/main.yml
+++ b/roles/php-fpm/defaults/main.yml
@@ -29,6 +29,7 @@ php:
     max_spare_servers: 3
     process_idle_timeout: 10s
     max_requests: 500
+    gc_maxlifetime: 1440
     opcache:
       enable: 1
       enable_cli: 0
diff --git a/roles/php-fpm/templates/php.fpm.ini.j2 b/roles/php-fpm/templates/php.fpm.ini.j2
index ccfe65dcc..b4d1185d9 100644
--- a/roles/php-fpm/templates/php.fpm.ini.j2
+++ b/roles/php-fpm/templates/php.fpm.ini.j2
@@ -1384,7 +1384,7 @@ session.gc_divisor = 1000
 ; After this number of seconds, stored data will be seen as 'garbage' and
 ; cleaned up by the garbage collection process.
 ; http://php.net/session.gc-maxlifetime
-session.gc_maxlifetime = 1440
+session.gc_maxlifetime = {{ php.fpm.gc_maxlifetime }}
 
 ; NOTE: If you are using the subdirectory option for storing session files
 ;       (see session.save_path above), then garbage collection does *not*

From 4bda03626eab45d3a8d29a2e8cfb902103f949a7 Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Thu, 23 Nov 2023 14:47:49 +0100
Subject: [PATCH 2/4] Adding dnsutils and telnet as standard to common_base.

---
 roles/_meta/common_base/meta/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/_meta/common_base/meta/main.yml b/roles/_meta/common_base/meta/main.yml
index 938863506..c163c862d 100644
--- a/roles/_meta/common_base/meta/main.yml
+++ b/roles/_meta/common_base/meta/main.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
-  - { role: apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx"] }
+  - { role: apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx", "dnsutils", "telnet"] }
   - role: locales
   - role: user_root
   - role: apt_extra_packages

From 848761b472fe368d2310f046c7d06f0bd2556ca3 Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Thu, 23 Nov 2023 14:51:57 +0100
Subject: [PATCH 3/4] Removing merge error.

---
 roles/debian/php-cli/defaults/main.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/debian/php-cli/defaults/main.yml b/roles/debian/php-cli/defaults/main.yml
index 62674c935..2e7efbeaa 100644
--- a/roles/debian/php-cli/defaults/main.yml
+++ b/roles/debian/php-cli/defaults/main.yml
@@ -22,7 +22,6 @@ php:
     date_timezone: "Europe/London"
     gc_maxlifetime: 1440
     overrides: {}
-    gc_maxlifetime: 1440
     opcache:
       enable: 1
       enable_cli: 0

From 02acd592299c15d5153f7717dc2932a211c035ad Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Thu, 23 Nov 2023 14:58:40 +0100
Subject: [PATCH 4/4] Adding atop and sysstat as default too.

---
 roles/_meta/common_base/meta/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/_meta/common_base/meta/main.yml b/roles/_meta/common_base/meta/main.yml
index 143002b7c..b61a85a6d 100644
--- a/roles/_meta/common_base/meta/main.yml
+++ b/roles/_meta/common_base/meta/main.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
-  - { role: debian/apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx", "dnsutils", "telnet"] }
+  - { role: debian/apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx", "dnsutils", "telnet", "atop", "sysstat"] }
   - role: debian/locales
   - role: debian/user_root
   - role: debian/apt_extra_packages