Ansible: PHP
As previously mentioned, I created a couple of roles and a playbook to bundle them together. For the last 2 weeks I have been fixing bugs, but it is currently in a state where it is stable to even be released. While I do think that the coupling between the roles might be too tight, I need to split two roles into more sub-roles for it to work properly.
One of the roles, php-fpm, is used to handle the PHP part of the server. It basically takes in a list of PHP objects containing version, modules and pool variables. With some dictionary juggling and set theory, it will generate two lists from gathered modules: modules to be added; modules to be removed. With these lists it is just a matter to process them in the right order: add new modules and then remove old ones. All this is done for pools too.
To make sure that when a pool changing version does not have any residue or collision due to similar socket names, each pool socket will include the PHP version, and the active socket which apache will use is a symbolic link that gets relinked when php-fpm have finished its changes.
Each pool will be run by the user that owns the domain, additionally each domain will have its own pool, both to separate domains from each other, but also so each domain can pick their own PHP version. Each pool is also chroot-ed, meaning that if a script tries to access outside the designated folders, it will get denied.
I have had this type of structure for years, but finally moved it over to Ansible, meaning I can easily recreate the structure without issue. The best is that whenever I plan to upgrade a site PHP version, I can easily just change it in the config and run the playbook. Some sites requires a specific version too, so that works really well.