php reloading on each run

[cbisdorff]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: Enterprise latest
• Ruby:
• Distribution: Redhat 8
• Module version: 7.1.0

How to reproduce (e.g Puppet code you use)

HIERA:

---
php::ensure: latest
php::manage_repos: false
php::fpm: true
php::composer: false
php::pear: false
php::phpunit: true
php::settings:
  'PHP/max_execution_time': '90'
  'PHP/max_input_time': '300'
  'PHP/memory_limit': '128M'
  'PHP/post_max_size': '50M'
  'PHP/upload_max_filesize': '40M'

php::extensions:
  gmp: {}
  intl: {}
  mbstring: {}
  mysqlnd: {}
  sodium: {}
  sqlite3: {}
  pdo: {}
  pdo_mysql: {}
  pdo_sqlite: {}
  xmlwriter: {}
  yaml: {}
  opcache: {}

manifest:

php::fpm::pool { "php_hostname":
        listen      => '/run/php-fpm/www.sock',
        listen_mode =>   '0777',
        user        =>   'nginx',
        group       =>  'nginx',
  }

What are you seeing

Hello,
on each puppet run, Puppet gets reloaded because the owner of /var/run/php-fpm gets changed from root (the default one) to apache.

What behaviour did you expect instead

php should not be reloaded on each run

Output log

Notice: /Stage[main]/Php::Fpm::Config/File[/var/run/php-fpm/]/owner: owner changed 'root' to 'apache' (corrective)
Notice: /Stage[main]/Php::Fpm::Config/File[/var/run/php-fpm/]/group: group changed 'root' to 'apache' (corrective)
Info: Class[Php::Fpm::Config]: Scheduling refresh of Class[Php::Fpm::Service]
Info: Class[Php::Fpm::Service]: Scheduling refresh of Service[php-fpm]
Notice: /Stage[main]/Php::Fpm::Service/Service[php-fpm]: Triggered 'refresh' from 1 event

Any additional information you'd like to impart

[cbisdorff]

After a little bit more research, the problem seems to be the following:

Config.pp sets the user to the user, under which, php-fpm is running, which is apache by default.

 ensure_resource('file', ['/var/run/php-fpm/', '/var/log/php-fpm/'], {
    ensure => directory,
    owner => $user,
    group => $group,
  })

when restarting php-fpm, it gets reset to root, by php.
Thus, on the next run, puppet resets the owner of /var/run/php-fpm to apache, reloads the process, which then resets it back to php....
My first guess was changing the PID file back to the default location, which is owned by apache, but since the file-resource is hard-coded, this does not help either.

[jouveits]

For those having this problem, it is possible to fix the issue by overriding the systemd service of php-fpm so that it does not manage the /var/run/php-fpm/ directory:

# /var/run/php-fpm creation
  # Add a configuration for tmpfiles.d so that /var/run/php-fpm is created @boot
  file { '/usr/lib/tmpfiles.d/php-fpm.conf':
    ensure  => present,
    content => 'd     /var/run/php-fpm    0755 apache apache'
  }

  # Override service:
  # - Manage umask for php-fpm : allow file created by php to be modified by group
  # - Remove the management of /var/run/php-fpm by systemd as the puppet-php module
  # changes its ownership on each puppet run, triggering a restart of php-fpm 
  # every time puppet runs...
  $umask_content = @(EOF)
  [Service]
  UMask=0002
  RuntimeDirectory=
  RuntimeDirectoryMode=
  | EOF

  file { '/etc/systemd/system/php-fpm.service.d/':
    ensure => directory,
  }

  file { '/etc/systemd/system/php-fpm.service.d/override.conf':
    content => $umask_content,
    notify  => [
      Service['php-fpm'],
      Exec['php-fpm-daemon-reload'],
    ]
  }

  exec { 'php-fpm-daemon-reload':
    command     => 'systemctl daemon-reload',
    path        => ['/bin','/usr/bin','/sbin'],
    refreshonly =>  true,
    notify      => Service['php-fpm'],
  }

[cbisdorff]

Perfect, this seems to have fixed my issue.
Thanks a lot

[fraenki]

AFAICT the discussed workaround is not required, the following commit fixed this issue by changing the owner to root:
59b6d64#diff-ee7a56aa131d8020a0cf78d7414f6b377f915054ec7ce6c9802d6df08ffb1e94R110-R111
However, this is not available in a release yet, so I'd suggest to use the current master branch for now.