{
  use esmith::ConfigDB;
  my $c = esmith::ConfigDB->open_ro || die "Couldn't open the configuration database\n";
  my $httpdpki = $c->get( 'httpd-pki' );

  my $version             = $httpdpki->prop('PHPVersion') || '73';
  # we enable both the httpd server and php pool with same status
  my $status              = $httpdpki->prop('status') || 'disabled';
  return  unless ($status eq 'enabled' && $version eq $PHP_VERSION);
  my $key                 = 'phpki';
  my $pool_name           = lc $key;
  my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data:/usr/share/php:/usr/sbin/:/usr/bin:/opt/phpki/html:/opt/phpki/html/include";
  my $open_basedir        = "/opt/phpki:/var/lib/php/phpki:/usr/sbin/openvpn:/usr/bin/which:/usr/bin/cat:/usr/bin/egrep:$include_path"; 
  my $disabled_functions  = 'show_source,dl,passthru'
;
  # Format vars
  $disabled_functions = join(', ', split /[,;:]/, $disabled_functions);
  $open_basedir       = join(':',  split(/[,;:]/, $open_basedir . ",/usr/share/php"));

  $OUT .=<<"_EOF" if ($version eq $PHP_VERSION);

[$pool_name]
user = phpki
group = phpki
listen.owner = root
listen.group = phpki
listen.mode = 0660
listen = /var/run/php-fpm/php$version-$pool_name.sock
catch_workers_output = yes
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 4
pm.max_requests = 1000
slowlog = /var/log/$key/slow.log
php_admin_value[session.save_path] = /var/lib/php/$key/session
php_admin_value[opcache.file_cache]  = /var/lib/php/$key/opcache
php_admin_value[upload_tmp_dir] = /var/lib/php/$key/tmp
php_admin_value[sys_temp_dir] = /var/lib/php/$key/tmp
php_admin_flag[display_errors] = off
php_admin_value[error_reporting] =E_ERROR | E_WARNING | E_PARSE
php_admin_value[error_log] = /var/log/$key/error.log
php_admin_flag[log_errors] = on
; php_admin_value[max_execution_time] = $max_execution_time
php_admin_value[disable_functions] = $disabled_functions
php_admin_flag[allow_url_fopen] = off
php_admin_flag[file_upload] = off
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[allow_url_include] = off
php_admin_value[session.save_handler] = files
php_admin_value[open_basedir] = $open_basedir

php_admin_value[auto_prepend_file] = /usr/share/php/auth_translation.php
php_value[include_path] = $include_path
php_flag[magic_quotes_gpc] = off
php_flag[track_vars] = on
php_flag[session.use_trans_sid] = off
php_flag[register_globals] = off
php_flag[register_long_arrays] = on

; Needed so shell_exec does it right
env[PATH] = $include_path

_EOF


}

