2020-01-21 21:01:52 +00:00
# 2020-01-21: Ansible Input Validation (basic sanity checking for now) to check
2020-01-21 21:40:11 +00:00
# that *_install and *_enabled variables (as set in places like
2020-01-23 13:58:31 +00:00
# /etc/iiab/local_vars.yml) appear coherent i.e. (1) are confirmed defined,
# (2) have type boolean (Ansible often inverts logic when boolean vars are
2020-01-21 21:40:11 +00:00
# accidentally declared as strings, see below!) and (3) have plausible values.
2020-01-21 21:01:52 +00:00
2020-01-23 13:58:31 +00:00
# 2020-01-23: *_installed variables (incrementally saved to
# /etc/iiab/iiab_state.yml) are not required to be boolean (or even defined!)
# for now. However if any of these are defined, the corresponding value of
# *_install must be True, as IIAB does not currently support uninstalling!
2020-01-21 21:40:11 +00:00
# Stricter validation is needed later, when roles/playbooks/tasks are invoked
# by various scripts, possibly bypassing 0-init? Either way, risks abound :/
# 1. "Ansible 2.8+ ADVISORY: avoid warnings by using 'when: var | bool' for
2020-10-16 23:47:53 +00:00
# top-level BARE vars (in case they're strings, instead of boolean)" per #1632.
# 2020-10-16: NO LONGER NEC, SEE: https://github.com/iiab/iiab/pull/2576
2020-01-21 21:01:52 +00:00
2020-01-21 21:40:11 +00:00
# 2. "How Exactly Does Ansible Parse Boolean Variables?"
2020-01-21 21:01:52 +00:00
# https://stackoverflow.com/questions/47877464/how-exactly-does-ansible-parse-boolean-variables/47877502#47877502
# ...is very helpful but has it slightly wrong, as Ansible implements only ~18
# of YAML's 22 definitions of boolean (https://yaml.org/type/bool.html).
# i.e. Ansible fails to implement y|Y|n|N, only allowing ~18 boolean values:
#
# yes|Yes|YES|no|No|NO
# |true|True|TRUE|false|False|FALSE
# |on|On|ON|off|Off|OFF
#
# Otherwise 'var != (var | bool)' is dangerously common, e.g. (1) when a var
# is not one of the above ~18 words (forcing it to become a string) or (2) when
# a var is accidentally set using quotes (forcing it to become a string) these
# ~18 words too WILL FAIL as strings (as will any non-empty string...so beware
# casting strings to boolean later on...can make the situation worse!)
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#bare-variables-in-conditionals
2020-10-16 23:47:53 +00:00
#
# 2020-07-08 - Excellent analysis & summary by Jon Spriggs: "In Ansible,
# determine the type of a value, and casting those values to other types"
# https://jon.sprig.gs/blog/post/1801
2021-01-29 21:03:36 +00:00
#
# 2021-01-29 - ansible-base 2.10.5 (1) is more strict about empty string vars
# (2) no longer supports "when: myvar is boolean", "is integer" & "is float"
2021-01-29 21:33:04 +00:00
# (3) brings yet more "Ansible Collections" dependency changes (undocumented!)
2021-01-29 21:03:36 +00:00
# Details: https://github.com/iiab/iiab/pull/2672 (see also #2669)
2020-01-21 21:01:52 +00:00
2020-01-21 21:40:11 +00:00
# 3. "How do i fail a task in Ansible if the variable contains a boolean value?
2020-01-21 21:01:52 +00:00
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
2020-09-26 17:11:33 +00:00
# 2020-01-23: Checks 53 + 53 + up-to-53 vars...for now...expect this to change!
2020-09-26 17:33:41 +00:00
# 2020-09-26: Commented out 14 vars that are {mandatory, dependencies, or
# unmaintained-for-years} for IIAB 7.2 release. Keeping in mind that vars
2020-09-26 18:09:18 +00:00
# will come and go as IIAB evolves, let's try to keep these 9 aligned:
2020-09-26 17:11:33 +00:00
#
2020-09-26 18:09:18 +00:00
# http://FAQ.IIAB.IO > "What services (IIAB apps) are suggested during installation?"
2020-09-26 17:11:33 +00:00
# https://github.com/iiab/iiab/blob/master/vars/local_vars_min.yml
# https://github.com/iiab/iiab/blob/master/vars/local_vars_medium.yml
# https://github.com/iiab/iiab/blob/master/vars/local_vars_big.yml
2020-09-26 18:09:18 +00:00
# https://github.com/iiab/iiab/blob/master/vars/default_vars.yml
# https://github.com/iiab/iiab/blob/master/unmaintained-roles.txt
# https://github.com/iiab/iiab/blob/master/roles/0-DEPRECATED-ROLES/
# https://github.com/iiab/iiab/blob/master/tests/test.yml
# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml
2020-11-04 22:14:47 +00:00
#
2021-07-07 04:13:52 +00:00
# 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
2020-01-28 12:35:33 +00:00
2021-08-08 13:12:54 +00:00
- name : Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
2020-01-21 21:01:52 +00:00
set_fact :
vars_checklist :
- hostapd
- dhcpd
- named
- dnsmasq
- bluetooth
2020-09-26 18:16:49 +00:00
#- wondershaper # Unmaintained
2020-01-21 21:01:52 +00:00
- sshd
- openvpn
2020-10-03 20:25:38 +00:00
- admin_console
2020-09-26 17:45:36 +00:00
#- nginx # MANDATORY
2021-08-08 13:12:54 +00:00
#- apache # Unmaintained - former dependency
2020-09-26 17:45:36 +00:00
#- mysql # MANDATORY
2020-01-21 21:01:52 +00:00
- squid
- dansguardian
- cups
- samba
2020-01-23 13:58:31 +00:00
- usb_lib
2020-09-26 18:16:49 +00:00
#- xo_services # Unmaintained
#- activity_server # Unmaintained
#- ejabberd_xs # Unmaintained
#- idmgr # Unmaintained
2020-01-21 21:01:52 +00:00
- azuracast
2020-09-26 18:16:49 +00:00
#- dokuwiki # Unmaintained
#- ejabberd # Unmaintained
2021-08-08 13:12:54 +00:00
#- elgg # Unmaintained
2020-01-21 21:01:52 +00:00
- gitea
2021-04-15 19:32:11 +00:00
- jupyterhub
2020-01-21 21:01:52 +00:00
- lokole
- mediawiki
- mosquitto
2020-11-04 22:14:47 +00:00
- nodejs # Dependency - excluded from _installed check below
2020-01-21 21:01:52 +00:00
- nodered
- nextcloud
- wordpress
- kalite
- kolibri
- kiwix
2020-11-04 22:14:47 +00:00
- postgresql # Dependency - excluded from _installed check below
2020-01-21 21:01:52 +00:00
- moodle
2020-11-04 22:14:47 +00:00
- mongodb # Dependency - excluded from _installed check below
2020-01-21 21:01:52 +00:00
- sugarizer
2020-01-23 13:58:31 +00:00
- osm_vector_maps
2020-01-21 21:01:52 +00:00
- transmission
- awstats
- monit
- munin
- phpmyadmin
- vnstat
2020-11-04 22:14:47 +00:00
- yarn # Dependency - excluded from _installed check below
2020-09-26 17:11:33 +00:00
- captiveportal
2021-08-08 13:12:54 +00:00
- internetarchive
2020-01-21 21:01:52 +00:00
- minetest
- calibreweb
2021-08-08 13:12:54 +00:00
- calibre
- pbx
2020-01-21 21:01:52 +00:00
2020-01-22 00:43:20 +00:00
- name : Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined
2020-01-21 21:01:52 +00:00
assert :
that : "{{ item }}_install is defined"
2020-01-28 12:35:33 +00:00
fail_msg : "VARIABLE MUST BE DEFINED: '{{ item }}_install' NEEDS A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
2020-01-21 21:01:52 +00:00
quiet : yes
loop : "{{ vars_checklist }}"
2020-01-22 00:43:20 +00:00
- name : Assert that {{ vars_checklist | length }} "XYZ_enabled" vars are all... defined
2020-01-21 21:01:52 +00:00
assert :
that : "{{ item }}_enabled is defined"
2020-01-28 12:35:33 +00:00
fail_msg : "VARIABLE MUST BE DEFINED: '{{ item }}_enabled' NEEDS A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
2020-01-21 21:01:52 +00:00
quiet : yes
loop : "{{ vars_checklist }}"
2020-01-22 00:47:00 +00:00
- name : Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... type boolean (NOT type string, which can invert logic!)
2020-01-21 21:01:52 +00:00
assert :
that : "{{ item }}_install | type_debug == 'bool'"
2020-01-28 12:35:33 +00:00
fail_msg : "VARIABLE MUST BE BOOLEAN: '{{ item }}_install' now has type '{{ lookup('vars', item + '_install') | type_debug }}' and value '{{ lookup('vars', item + '_install') }}' -- PLEASE SET A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
2020-01-21 21:01:52 +00:00
quiet : yes
loop : "{{ vars_checklist }}"
2020-01-22 00:47:00 +00:00
- name : Assert that {{ vars_checklist | length }} "XYZ_enabled" vars are all... type boolean (NOT type string, which can invert logic!)
2020-01-21 21:01:52 +00:00
assert :
that : "{{ item }}_enabled | type_debug == 'bool'"
2020-01-28 12:35:33 +00:00
fail_msg : "VARIABLE MUST BE BOOLEAN: '{{ item }}_enabled' now has type '{{ lookup('vars', item + '_enabled') | type_debug }}' and value '{{ lookup('vars', item + '_enabled') }}' -- PLEASE SET A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
2020-01-21 21:01:52 +00:00
quiet : yes
loop : "{{ vars_checklist }}"
2020-01-22 00:43:20 +00:00
- name : 'DISALLOW "XYZ_install: False" WITH "XYZ_enabled: True" ...for all {{ vars_checklist | length }} var pairs'
2020-01-21 21:01:52 +00:00
assert :
that : "{{ item }}_install or not {{ item }}_enabled"
2020-01-28 12:35:33 +00:00
fail_msg : "DISALLOWED: '{{ item }}_install: False' WITH '{{ item }}_enabled: True' -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 variable values e.g. in /etc/iiab/local_vars.yml, and other places variables are defined?"
2020-01-21 21:01:52 +00:00
quiet : yes
loop : "{{ vars_checklist }}"
2020-01-23 11:32:06 +00:00
2020-01-23 14:56:01 +00:00
- name : 'DISALLOW "XYZ_install: False" WHEN "XYZ_installed is defined" IN /etc/iiab/iiab_state.yml ...for up-to-{{ vars_checklist | length }} var pairs'
2020-01-23 11:32:06 +00:00
assert :
that : "{{ item }}_install or {{ item }}_installed is undefined"
2020-01-28 12:35:33 +00:00
fail_msg : "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?"
2020-01-23 11:32:06 +00:00
quiet : yes
2021-07-07 04:13:52 +00:00
when : item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies
2020-01-23 11:32:06 +00:00
loop : "{{ vars_checklist }}"
