diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml new file mode 100644 index 000000000..306e715b6 --- /dev/null +++ b/roles/httpd/defaults/main.yml @@ -0,0 +1,6 @@ +# Make this False to disable http://box/common/services/power_off.php button: +apache_allow_sudo: True + +# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# WARNING: Enabling this (might) cause excess use of RAM or other resources? +apache_high_php_limits: False diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 2091165f1..91698ae62 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -21,16 +21,16 @@ name: "php{{ php_version }}-sqlite3" when: is_debian and ansible_distribution_major_version == "9" -- name: Install httpd required packages (ubuntu) - package: - name: "{{ item }}" - state: present - with_items: - - apache2 - - php - tags: - - download - when: is_ubuntu +- name: Install httpd required packages (ubuntu) + package: + name: "{{ item }}" + state: present + with_items: + - apache2 + - php + tags: + - download + when: is_ubuntu - name: SQLite3 no longer included in another package (ubuntu-18) package: @@ -69,7 +69,22 @@ with_items: - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf', mode: '0755' } - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf', mode: '0644' } - - { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' } + #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' } # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147 + +# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# WARNING: Enabling this (might) cause excess use of RAM or other resources? +- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress and/or Moodle intensively + lineinfile: + path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + when: apache_high_php_limits + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 64M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 128M ; default is 8M' } + - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } # remove symlinks for mpm-event, replace with mpm-prefork - name: Remove mpm event links (debuntu) @@ -207,10 +222,10 @@ src: 020_apache_poweroff.j2 dest: /etc/sudoers.d/020_apache_poweroff mode: 0755 - when: allow_apache_sudo + when: apache_allow_sudo - name: Remove apache_user permission to poweroff file: dest: /etc/sudoers.d/020_apache_poweroff state: absent - when: not allow_apache_sudo + when: not apache_allow_sudo diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 31c840e05..d3f5924fb 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -49,3 +49,10 @@ To return to using the systemd unit:: kolibri stop systemctl start kolibri + +Known Issues +------------- + +* Kolibri migrations can take a long time on a Raspberry Pi. These long running migrations could cause kolibri service timeouts. Try running migrations manually using 'kolibri manage migrate' command following the troubleshooting instructions above. Kolibri developers are trying to address this issue. (Refer https://github.com/learningequality/kolibri/issues/4310). + +* Loading channels can take a long time on a Raspberry Pi. When generating channel contents for Khan Academy, the step indicated as “Generating channel listing. This could take a few minutes…” could mean ~30 minutes. The device’s computation power is the bottleneck. You might get logged out while waiting, but this is harmless and the process will continue. Sit tight! diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 40cdac2e4..ab04f2832 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -29,6 +29,32 @@ extra_args: --no-cache-dir when: internet_available +- name: Run kolibri migrations + shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate + ignore_errors: yes + when: kolibri_provision + +- name: Set kolibri default language + shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" + ignore_errors: yes + when: kolibri_provision + +- name: Create kolibri default facility name, admin account and language + shell: > + export KOLIBRI_HOME="{{ kolibri_home }}" && + "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" + --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" + --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput + ignore_errors: yes + when: kolibri_provision + +- name: Change /library/kolibri directory permissions + file: + path: "{{ kolibri_home }}" + owner: "{{ kolibri_user }}" + group: "{{ apache_user }}" + recurse: yes + - name: Create kolibri systemd service unit file template: src: "{{ item.src }}" @@ -54,27 +80,6 @@ state: stopped when: not kolibri_enabled -- name: Set kolibri default language - shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" - ignore_errors: yes - when: kolibri_provision - -- name: Create kolibri default facility name, admin account and language - shell: > - export KOLIBRI_HOME="{{ kolibri_home }}" && - "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" - --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" - --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput - ignore_errors: yes - when: kolibri_provision - -- name: Change /library/kolibri directory permissions - file: - path: "{{ kolibri_home }}" - owner: "{{ kolibri_user }}" - group: "{{ apache_user }}" - recurse: yes - - name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 045496194..46cdb8c59 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -1,9 +1,13 @@ +#moodle_install: True +#moodle_enabled: False + +# If using Moodle intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + moodle_version: 35 #moodle_repo_url: "https://github.com/moodle/moodle.git" moodle_repo_url: "git://git.moodle.org/moodle.git" moodle_base: "{{ iiab_base }}/moodle" #moodle_user: moodle -#moodle_install: True -#moodle_enabled: False moodle_data: '{{ content_base }}/moodle' moodle_database_name: moodle diff --git a/roles/wordpress/defaults/main.yml b/roles/wordpress/defaults/main.yml index 1a84d3164..fd8fbcfcb 100644 --- a/roles/wordpress/defaults/main.yml +++ b/roles/wordpress/defaults/main.yml @@ -1,3 +1,9 @@ +wordpress_install: True +wordpress_enabled: True + +# If using WordPress intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + wordpress_download_base_url: https://wordpress.org wordpress_src: latest.tar.gz @@ -5,9 +11,6 @@ wp_db_name: iiab_wp wp_db_user: iiab_wp wp_db_user_password: changeme -wordpress_install: True -wordpress_enabled: True - wp_install_path: "{{ content_base }}" #wp_install_path: /library diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index fa794dd3c..9a51aa587 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -7,9 +7,9 @@ # - "mv /library/wordpress /library/wordpress.old" # - back up WordPress's database then drop it # -# REASON: "keep_newer: yes" below tries to preserves WordPress's self-upgrades +# REASON: "keep_newer: yes" below tries to preserve WordPress's self-upgrades # and security enhancements using timestamps under /library/wordpress, as these -# can arise without warning when WordPress is online, since WordPress ~4.8. +# can arise without warning when WordPress is online, since WordPress ~4.8 - name: Download the latest WordPress software get_url: @@ -104,7 +104,7 @@ priv: "{{ wp_db_name }}.*:ALL,GRANT" state: present -- name: Copy WordPress config file +- name: Copy wp-config.php template: src: wp-config.php.j2 dest: "{{ wp_abs_path }}/wp-config.php" @@ -112,25 +112,25 @@ group: "{{ apache_user }}" mode: 0660 -- name: Copy WordPress httpd conf file +- name: Copy wordpress.conf to permit http://box{{ wp_url }} template: src: wordpress.conf.j2 dest: "/etc/{{ apache_config_dir }}/wordpress.conf" -- name: Enable httpd conf file if we are disabled (debuntu) +- name: Enable wordpress.conf if wordpress_enabled (debuntu) file: src: /etc/apache2/sites-available/wordpress.conf dest: /etc/apache2/sites-enabled/wordpress.conf state: link when: wordpress_enabled and is_debuntu -- name: Remove httpd conf file if we are disabled (OS's other than debuntu) +- name: Remove wordpress.conf if not wordpress_enabled (debuntu) file: path: /etc/apache2/sites-enabled/wordpress.conf state: absent when: not wordpress_enabled and is_debuntu -- name: Restart Apache, so it picks up the new aliases +- name: Restart Apache to enable/disable http://box{{ wp_url }} service: name: "{{ apache_service }}" state: restarted diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 664bd28d0..742089d18 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -1,5 +1,5 @@ # SEE "emergency" REINSTALL INSTRUCTIONS IN roles/wordpress/tasks/install.yml -- name: Include the install playbook +- name: Install WordPress if wordpress_install include_tasks: install.yml when: wordpress_install diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b0317638c..df8815cd5 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -160,10 +160,14 @@ wan_nameserver: # 3-BASE-SERVER -# Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +# roles/httpd (Apache configuration) runs here -# roles/httpd runs here +# Make this False to disable http://box/common/services/power_off.php button: +apache_allow_sudo: True + +# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# WARNING: Enabling this (might) cause excess use of RAM or other resources? +apache_high_php_limits: False # roles/iiab-admin runs here @@ -280,6 +284,7 @@ nextcloud_enabled: False # WordPress wordpress_install: True wordpress_enabled: False +# If using WordPress intensively, consider setting apache_high_php_limits above # 7-EDU-APPS @@ -309,6 +314,7 @@ iiab_zim_path: /library/zims # Moodle moodle_install: False moodle_enabled: False +# If using Moodle intensively, consider setting apache_high_php_limits above # Sugarizer # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index e6ab61b54..dcf989fab 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -77,7 +77,11 @@ dansguardian_enabled: True # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +apache_allow_sudo: True + +# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# WARNING: Enabling this (might) cause excess use of RAM or other resources? +apache_high_php_limits: False # roles/mysql runs here (mandatory) @@ -154,6 +158,7 @@ nextcloud_enabled: True wordpress_install: True wordpress_enabled: True +# If using WordPress intensively, consider setting apache_high_php_limits above # 7-EDU-APPS @@ -173,6 +178,7 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: True moodle_enabled: True +# If using Moodle intensively, consider setting apache_high_php_limits above # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 24c1571b4..a6c4aa0ff 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -77,7 +77,11 @@ dansguardian_enabled: False # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +apache_allow_sudo: True + +# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# WARNING: Enabling this (might) cause excess use of RAM or other resources? +apache_high_php_limits: False # roles/mysql runs here (mandatory) @@ -154,6 +158,7 @@ nextcloud_enabled: True wordpress_install: True wordpress_enabled: True +# If using WordPress intensively, consider setting apache_high_php_limits above # 7-EDU-APPS @@ -173,6 +178,7 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False +# If using Moodle intensively, consider setting apache_high_php_limits above # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 8c933ee93..1a71b91a5 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -77,7 +77,11 @@ dansguardian_enabled: False # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +apache_allow_sudo: True + +# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# WARNING: Enabling this (might) cause excess use of RAM or other resources? +apache_high_php_limits: False # roles/mysql runs here (mandatory) @@ -154,6 +158,7 @@ nextcloud_enabled: False wordpress_install: False wordpress_enabled: False +# If using WordPress intensively, consider setting apache_high_php_limits above # 7-EDU-APPS @@ -173,6 +178,7 @@ kiwix_enabled: True # Warning: Moodle is a serious LMS, that takes a while to install moodle_install: False moodle_enabled: False +# If using Moodle intensively, consider setting apache_high_php_limits above # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957