iiab/roles/1-prep/tasks/main.yml

# Preparations (Hardware Level)

- name: ...IS BEGINNING ============================================
  command: echo

- name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
  include_tasks: roles/network/tasks/dnsmasq.yml
  #when: dnsmasq_install | bool

- name: Install uuid-runtime package (debuntu)
  package:
    name: 
      - uuid-runtime
      - sudo
    state: present
  when: is_debuntu | bool

- name: Does /etc/iiab/uuid file exist?
  stat:
    path: /etc/iiab/uuid
  register: uuid_file

- name: If no uuid exists, create one
  shell: uuidgen
  register: uuid_response
  when: not uuid_file.stat.exists

- name: Put uuid in place at /etc/iiab/uuid
  shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
  when: not uuid_file.stat.exists

- name: Grab the uuid from /etc/iiab/uuid, into register stored_uuid
  command: cat /etc/iiab/uuid
  register: stored_uuid

- name: Place the uuid from register into variable/fact "uuid"
  set_fact:
    uuid: "{{ stored_uuid.stdout_lines[0] }}"

#- name: Does directory /ro exist? (indicating OS is Ubermix)
#  stat:
#    path: /ro
#  register: ro_dir

#- debug:
#    var: ro_dir

- name: Does 'ubermix' exist in /etc/lsb-release?
  shell: grep -i ubermix /etc/lsb-release    # Pipe to cat to avoid red errors?
  register: grep_ubermix
  failed_when: False    # Universal way to hide alarmist red errors!
  #ignore_errors: True
  #check_mode: no

#- debug:
#    var: grep_ubermix

- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix
  copy:
    src: roles/1-prep/files/iiab.conf
    dest: /etc/tmpfiles.d/
    # owner: root
    # group: root
    # mode: '0644'
    force: yes
  when: grep_ubermix.rc == 0    # 1 if absent in file, 2 if file doesn't exist
  #when: ro_dir.stat.exists

# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml
# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*
# pkgs are not installed FWIW.  But it's included to safeguard us across all
# OS's, in case others OS's like Ubermix later appear.  See #1382 for details.
# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix!
- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix
  shell: apt -y remove "libgeos-*"
  when: grep_ubermix.rc == 0    # 1 if absent in file, 2 if file doesn't exist

- name: SSHD
  include_role:
    name: sshd
  #when: sshd_install | bool    # Flag might be created in future?

- name: IIAB-ADMIN
  include_role:
    name: iiab-admin
  #when: iiab-admin_install | bool    # Flag might be created in future?

- name: OPENVPN
  include_role:
    name: openvpn
  when: openvpn_install | bool

# Debian 10 "Buster" is apparently enabling AppArmor in 2019:
# https://wiki.debian.org/AppArmor/Progress
# https://wiki.debian.org/AppArmor/HowToUse
# https://packages.debian.org/buster/apparmor
# Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10
# pre-releases, during @floydianslips' March 2019 testing anyway!  SEE #1387
- name: Disable AppArmor -- override OS default (ubuntu)
  systemd:
    name: apparmor
    enabled: False
    state: stopped
  when: is_ubuntu | bool
  ignore_errors: True

- name: Disable SELinux on next boot (OS's other than debuntu)
  selinux:
    state: disabled
  register: selinux_disabled
  when: not is_debuntu

- name: Disable SELinux for this session (OS's other than debuntu, if needed)
  command: setenforce Permissive
  when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed

##  DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: raspberry_pi.yml
  when: first_run and rpi_model != "none"

- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
  shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
  register: usb_NUC6
  ignore_errors: True

- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6    # iiab_download_url is http://download.iiab.io/packages
  get_url:
    url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
    dest: /lib/firmware
    timeout: "{{ download_timeout }}"
  when: internet_available and usb_NUC6.stdout|int > 0

# this script can be sourced to get IIAB location
- name: Recording STAGE 1 HAS COMPLETED ============================
  template:
    src: roles/1-prep/templates/iiab.env.j2
    dest: "{{ iiab_env_file }}"
Update main.yml 2017-10-27 03:48:02 +00:00			`# Preparations (Hardware Level)`
Update main.yml 2017-10-27 03:46:57 +00:00
fill lines with ==='s 2017-10-30 20:29:49 +00:00			`- name: ...IS BEGINNING ============================================`
Update main.yml 2017-10-27 03:46:57 +00:00			`command: echo`

install and start dnsmasq early - add option to set upstream dns server 2020-05-09 04:06:18 +00:00			`- name: dnsmasq (install now, configure LATER in 'network', after Stage 9)`
			`include_tasks: roles/network/tasks/dnsmasq.yml`
1-prep: #when: dnsmasq_install \| bool 2020-05-10 18:22:58 +00:00			`#when: dnsmasq_install \| bool`
install and start dnsmasq early - add option to set upstream dns server 2020-05-09 04:06:18 +00:00
Update main.yml 2018-11-03 01:28:26 +00:00			`- name: Install uuid-runtime package (debuntu)`
Update main.yml 2017-12-08 06:16:51 +00:00			`package:`
debian does not install sudo by default, and iiab-admin was moved before packages 2018-11-18 03:13:15 +00:00			`name:`
			`- uuid-runtime`
			`- sudo`
Update main.yml 2017-12-08 06:16:51 +00:00			`state: present`
'when: X' -> 'when: X \| bool' for Ansibl 2.8 2019-05-24 22:33:10 +00:00			`when: is_debuntu \| bool`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update main.yml 2018-11-03 01:28:26 +00:00			`- name: Does /etc/iiab/uuid file exist?`
Update main.yml 2017-12-08 06:16:51 +00:00			`stat:`
			`path: /etc/iiab/uuid`
Startup (#85) * move local_facts, test for it, cp if necess * got os wrong -- not OS * change /etc/release, vars/filenames add os_ver * add os_ver to iiab.env * remove uuid generation for local_facts * next * delete debugging lines * fetch the uuid, and put it in ini file * be more specific about uuid * need braces in set_fact * hyphen in OS-version * go back to OS.yml based upon os_ver * remove debug * oops VERSION_ID->OS_VER * issure error message when OS not in case statement 2017-07-04 20:07:47 +00:00			`register: uuid_file`

			`- name: If no uuid exists, create one`
			`shell: uuidgen`
			`register: uuid_response`
			`when: not uuid_file.stat.exists`

Update main.yml 2018-11-03 01:28:26 +00:00			`- name: Put uuid in place at /etc/iiab/uuid`
Startup (#85) * move local_facts, test for it, cp if necess * got os wrong -- not OS * change /etc/release, vars/filenames add os_ver * add os_ver to iiab.env * remove uuid generation for local_facts * next * delete debugging lines * fetch the uuid, and put it in ini file * be more specific about uuid * need braces in set_fact * hyphen in OS-version * go back to OS.yml based upon os_ver * remove debug * oops VERSION_ID->OS_VER * issure error message when OS not in case statement 2017-07-04 20:07:47 +00:00			`shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid`
			`when: not uuid_file.stat.exists`

Update main.yml 2018-11-03 01:28:26 +00:00			`- name: Grab the uuid from /etc/iiab/uuid, into register stored_uuid`
Startup (#85) * move local_facts, test for it, cp if necess * got os wrong -- not OS * change /etc/release, vars/filenames add os_ver * add os_ver to iiab.env * remove uuid generation for local_facts * next * delete debugging lines * fetch the uuid, and put it in ini file * be more specific about uuid * need braces in set_fact * hyphen in OS-version * go back to OS.yml based upon os_ver * remove debug * oops VERSION_ID->OS_VER * issure error message when OS not in case statement 2017-07-04 20:07:47 +00:00			`command: cat /etc/iiab/uuid`
			`register: stored_uuid`

Update main.yml 2018-11-03 01:33:52 +00:00			`- name: Place the uuid from register into variable/fact "uuid"`
Startup (#85) * move local_facts, test for it, cp if necess * got os wrong -- not OS * change /etc/release, vars/filenames add os_ver * add os_ver to iiab.env * remove uuid generation for local_facts * next * delete debugging lines * fetch the uuid, and put it in ini file * be more specific about uuid * need braces in set_fact * hyphen in OS-version * go back to OS.yml based upon os_ver * remove debug * oops VERSION_ID->OS_VER * issure error message when OS not in case statement 2017-07-04 20:07:47 +00:00			`set_fact:`
Update main.yml 2017-12-08 06:16:51 +00:00			`uuid: "{{ stored_uuid.stdout_lines[0] }}"`
Startup (#85) * move local_facts, test for it, cp if necess * got os wrong -- not OS * change /etc/release, vars/filenames add os_ver * add os_ver to iiab.env * remove uuid generation for local_facts * next * delete debugging lines * fetch the uuid, and put it in ini file * be more specific about uuid * need braces in set_fact * hyphen in OS-version * go back to OS.yml based upon os_ver * remove debug * oops VERSION_ID->OS_VER * issure error message when OS not in case statement 2017-07-04 20:07:47 +00:00
Update main.yml 2019-01-12 21:19:07 +00:00			`#- name: Does directory /ro exist? (indicating OS is Ubermix)`
			`# stat:`
			`# path: /ro`
			`# register: ro_dir`

			`#- debug:`
			`# var: ro_dir`

			`- name: Does 'ubermix' exist in /etc/lsb-release?`
Update main.yml 2019-01-15 07:59:12 +00:00			`shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?`
Update main.yml 2019-01-12 21:19:07 +00:00			`register: grep_ubermix`
': false' to ': False' + ': true' to ': True' or ': yes' 2019-05-24 23:29:41 +00:00			`failed_when: False # Universal way to hide alarmist red errors!`
			`#ignore_errors: True`
Update main.yml 2019-01-12 21:19:07 +00:00			`#check_mode: no`
Update main.yml 2019-01-11 00:59:29 +00:00
Update main.yml 2019-01-12 21:19:07 +00:00			`#- debug:`
			`# var: grep_ubermix`
Update main.yml 2019-01-11 00:59:29 +00:00
			`- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix`
			`copy:`
			`src: roles/1-prep/files/iiab.conf`
			`dest: /etc/tmpfiles.d/`
Clean 1-prep/tasks/main.yml 2020-01-13 16:11:46 +00:00			`# owner: root`
			`# group: root`
			`# mode: '0644'`
Update main.yml 2019-01-12 21:19:07 +00:00			`force: yes`
			`when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist`
			`#when: ro_dir.stat.exists`
Update main.yml 2019-01-11 00:59:29 +00:00
Clarify removal of libgeos-* pkgs for KA Lite on Ubermix 2020-03-19 16:01:38 +00:00			`# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml`
move Ubermix workaround 2020-03-19 10:42:00 +00:00			`# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*`
			`# pkgs are not installed FWIW. But it's included to safeguard us across all`
			`# OS's, in case others OS's like Ubermix later appear. See #1382 for details.`
			`# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix!`
			`- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix`
			`shell: apt -y remove "libgeos-*"`
			`when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist`

Update main.yml 2018-09-20 00:42:37 +00:00			`- name: SSHD`
			`include_role:`
			`name: sshd`
Clean tasks/main.yml in stages 1, 3, 4, 6 2020-09-21 18:25:08 +00:00			`#when: sshd_install \| bool # Flag might be created in future?`
Update main.yml 2018-09-20 00:42:37 +00:00
Update main.yml 2018-09-20 07:53:26 +00:00			`- name: IIAB-ADMIN`
			`include_role:`
			`name: iiab-admin`
Clean tasks/main.yml in stages 1, 3, 4, 6 2020-09-21 18:25:08 +00:00			`#when: iiab-admin_install \| bool # Flag might be created in future?`
Update main.yml 2018-09-20 07:53:26 +00:00
Update main.yml 2018-09-19 21:32:07 +00:00			`- name: OPENVPN`
			`include_role:`
			`name: openvpn`
'when: X' -> 'when: X \| bool' for Ansibl 2.8 2019-05-24 22:33:10 +00:00			`when: openvpn_install \| bool`
Update main.yml 2018-09-19 21:32:07 +00:00
Update main.yml 2019-03-29 19:44:23 +00:00			`# Debian 10 "Buster" is apparently enabling AppArmor in 2019:`
			`# https://wiki.debian.org/AppArmor/Progress`
			`# https://wiki.debian.org/AppArmor/HowToUse`
			`# https://packages.debian.org/buster/apparmor`
			`# Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10`
1-prep: tidying for Debian 10 Buster release (soon) 2019-05-12 05:06:53 +00:00			`# pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387`
raspberry_pi_2.yml -> raspberry_pi.yml; indentation/syntax per new Ansible docs 2018-02-13 02:03:49 +00:00			`- name: Disable AppArmor -- override OS default (ubuntu)`
Clean 1-prep/tasks/main.yml 2020-01-13 16:11:46 +00:00			`systemd:`
Update main.yml 2017-12-08 06:16:51 +00:00			`name: apparmor`
			`enabled: False`
			`state: stopped`
'when: X' -> 'when: X \| bool' for Ansibl 2.8 2019-05-24 22:33:10 +00:00			`when: is_ubuntu \| bool`
': false' to ': False' + ': true' to ': True' or ': yes' 2019-05-24 23:29:41 +00:00			`ignore_errors: True`
disable, and turn off apparmor 2017-06-26 22:24:26 +00:00
raspberry_pi_2.yml -> raspberry_pi.yml; indentation/syntax per new Ansible docs 2018-02-13 02:03:49 +00:00			`- name: Disable SELinux on next boot (OS's other than debuntu)`
Update main.yml 2017-12-08 06:16:51 +00:00			`selinux:`
			`state: disabled`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`register: selinux_disabled`
remove first_run from 1-prep main.yml 2017-10-31 18:08:42 +00:00			`when: not is_debuntu`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
raspberry_pi_2.yml -> raspberry_pi.yml; indentation/syntax per new Ansible docs 2018-02-13 02:03:49 +00:00			`- name: Disable SELinux for this session (OS's other than debuntu, if needed)`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`command: setenforce Permissive`
correct selinux for non-redhat installs 2017-09-25 16:17:52 +00:00			`when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
			`## DISCOVER PLATFORMS ######`
			`# Put conditional actions for hardware platforms here`
raspberry_pi_2.yml -> raspberry_pi.yml; indentation/syntax per new Ansible docs 2018-02-13 02:03:49 +00:00			`- include_tasks: raspberry_pi.yml`
first_run framework just remove it 2017-09-19 07:46:37 +00:00			`when: first_run and rpi_model != "none"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update main.yml 2018-11-03 01:47:45 +00:00			`- name: Check if the identifier for Intel's NUC6 built-in WiFi is present`
Update main.yml 2017-12-08 06:16:51 +00:00			`shell: "lsusb \| grep 8087:0a2b \| wc \| awk '{print $1}'"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`register: usb_NUC6`
': false' to ': False' + ': true' to ': True' or ': yes' 2019-05-24 23:29:41 +00:00			`ignore_errors: True`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update main.yml 2018-11-03 01:31:50 +00:00			`- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages`
Update main.yml 2017-12-08 06:16:51 +00:00			`get_url:`
			`url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"`
Update main.yml 2017-12-08 06:21:21 +00:00			`dest: /lib/firmware`
Update main.yml 2017-12-08 06:16:51 +00:00			`timeout: "{{ download_timeout }}"`
Update main.yml 2017-12-08 06:21:21 +00:00			`when: internet_available and usb_NUC6.stdout\|int > 0`
Update main.yml 2017-10-27 03:46:57 +00:00
move iiab.env template - add starting STAGE=1 - update STAGE on the fly part 1 2017-10-28 17:46:47 +00:00			`# this script can be sourced to get IIAB location`
fill lines with ==='s 2017-10-30 20:29:49 +00:00			`- name: Recording STAGE 1 HAS COMPLETED ============================`
Update main.yml 2017-12-08 06:16:51 +00:00			`template:`
			`src: roles/1-prep/templates/iiab.env.j2`
Update main.yml 2018-10-15 09:29:33 +00:00			`dest: "{{ iiab_env_file }}"`