From 435450f31e34dbaa44b6229e9827ef25174a8487 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 00:13:52 -0400 Subject: [PATCH 01/29] WIP: Extricate IIAB from 2 web servers complexity --- .../{ => 0-DEPRECATED-ROLES}/httpd/README.md | 0 .../httpd/defaults/main.yml | 0 .../httpd/tasks/homepage.yml | 0 .../httpd/tasks/install.yml | 0 .../httpd/tasks/main.yml | 0 .../httpd/templates/010-iiab.conf.j2 | 0 .../httpd/templates/iiab-homepage.conf | 0 .../httpd/templates/proxy_ajp.conf.j2 | 0 roles/0-init/tasks/validate_vars.yml | 8 ++-- roles/gitea/tasks/install.yml | 8 ++-- roles/jupyterhub/tasks/install.yml | 8 ++-- roles/kalite/tasks/install.yml | 12 +++-- roles/munin/tasks/install.yml | 2 +- roles/nginx/tasks/enable-or-disable.yml | 46 +++++++++---------- roles/nginx/tasks/install.yml | 17 ++++--- roles/phpmyadmin/tasks/enable-or-disable.yml | 16 +++---- roles/phpmyadmin/tasks/install.yml | 28 +++++------ roles/phpmyadmin/tasks/main.yml | 5 +- vars/default_vars.yml | 12 ++--- vars/local_vars_big.yml | 8 ++-- vars/local_vars_medium.yml | 2 +- vars/local_vars_min.yml | 2 +- 22 files changed, 88 insertions(+), 86 deletions(-) rename roles/{ => 0-DEPRECATED-ROLES}/httpd/README.md (100%) rename roles/{ => 0-DEPRECATED-ROLES}/httpd/defaults/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/httpd/tasks/homepage.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/httpd/tasks/install.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/httpd/tasks/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/httpd/templates/010-iiab.conf.j2 (100%) rename roles/{ => 0-DEPRECATED-ROLES}/httpd/templates/iiab-homepage.conf (100%) rename roles/{ => 0-DEPRECATED-ROLES}/httpd/templates/proxy_ajp.conf.j2 (100%) diff --git a/roles/httpd/README.md b/roles/0-DEPRECATED-ROLES/httpd/README.md similarity index 100% rename from roles/httpd/README.md rename to roles/0-DEPRECATED-ROLES/httpd/README.md diff --git a/roles/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml similarity index 100% rename from roles/httpd/defaults/main.yml rename to roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml diff --git a/roles/httpd/tasks/homepage.yml b/roles/0-DEPRECATED-ROLES/httpd/tasks/homepage.yml similarity index 100% rename from roles/httpd/tasks/homepage.yml rename to roles/0-DEPRECATED-ROLES/httpd/tasks/homepage.yml diff --git a/roles/httpd/tasks/install.yml b/roles/0-DEPRECATED-ROLES/httpd/tasks/install.yml similarity index 100% rename from roles/httpd/tasks/install.yml rename to roles/0-DEPRECATED-ROLES/httpd/tasks/install.yml diff --git a/roles/httpd/tasks/main.yml b/roles/0-DEPRECATED-ROLES/httpd/tasks/main.yml similarity index 100% rename from roles/httpd/tasks/main.yml rename to roles/0-DEPRECATED-ROLES/httpd/tasks/main.yml diff --git a/roles/httpd/templates/010-iiab.conf.j2 b/roles/0-DEPRECATED-ROLES/httpd/templates/010-iiab.conf.j2 similarity index 100% rename from roles/httpd/templates/010-iiab.conf.j2 rename to roles/0-DEPRECATED-ROLES/httpd/templates/010-iiab.conf.j2 diff --git a/roles/httpd/templates/iiab-homepage.conf b/roles/0-DEPRECATED-ROLES/httpd/templates/iiab-homepage.conf similarity index 100% rename from roles/httpd/templates/iiab-homepage.conf rename to roles/0-DEPRECATED-ROLES/httpd/templates/iiab-homepage.conf diff --git a/roles/httpd/templates/proxy_ajp.conf.j2 b/roles/0-DEPRECATED-ROLES/httpd/templates/proxy_ajp.conf.j2 similarity index 100% rename from roles/httpd/templates/proxy_ajp.conf.j2 rename to roles/0-DEPRECATED-ROLES/httpd/templates/proxy_ajp.conf.j2 diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 44fac82b8..b10e1678d 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -61,9 +61,9 @@ # https://github.com/iiab/iiab/blob/master/tests/test.yml # https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml # -# 2020-11-04: Fix validation of 5 core dependencies, for ./runrole etc +# 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 46 + 46 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -76,7 +76,7 @@ - openvpn - admin_console #- nginx # MANDATORY - - apache # Dependency - excluded from _installed check below + ###- apache ### Dependency - excluded from _installed check below #- mysql # MANDATORY - squid - dansguardian @@ -162,5 +162,5 @@ that: "{{ item }}_install or {{ item }}_installed is undefined" fail_msg: "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?" quiet: yes - when: item != 'apache' and item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies + when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index e5bfc9b1e..fb0c5966a 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -6,12 +6,12 @@ state: stopped ignore_errors: yes -- name: Ensure group gitea exists +- name: Ensure group 'gitea' exists group: name: gitea state: present -- name: Create user gitea +- name: Create user 'gitea' user: name: gitea comment: Gitea daemon account @@ -26,7 +26,7 @@ group: gitea with_items: "{{ gitea_subdirectories }}" -- name: Make directories data, indexers, and log writable +- name: Make directories data, indexers, and log writable (0750) file: path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea mode: '0750' @@ -98,7 +98,7 @@ # 4. Create systemd service & prepare NGINX for http://box/gitea -- name: "Install from template: /etc/systemd/system/gitea.service" +- name: "Install from template: /etc/systemd/system/gitea.service (by default 0644)" template: src: gitea.service.j2 dest: /etc/systemd/system/gitea.service diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 948c5f453..f33d05191 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,22 +13,22 @@ when: nodejs_installed is undefined -- name: Make the directories to hold JupyterHub config +- name: Make 3 directories to hold JupyterHub config file: state: directory path: "{{ item }}" with_items: - - "{{ jupyterhub_venv }}/etc/jupyter" + - "{{ jupyterhub_venv }}/etc/jupyter" # /opt/iiab/jupyterhub - "{{ jupyterhub_venv }}/etc/jupyterhub" - "{{ jupyterhub_venv }}/etc/systemd" -- name: Use npm to install configurable-http-proxy +- name: Use npm to install 'configurable-http-proxy' npm: name: configurable-http-proxy global: yes state: latest -- name: "Use pip to install into a virtual environment: {{ jupyterhub_venv }} (~229 MB)" +- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~229 MB)" pip: name: - pip diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 16a9a1341..9260549e5 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -53,11 +53,11 @@ # Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work # (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache -- name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)" - template: - src: kalite.conf - dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu - when: apache_installed is defined +# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)" +# template: +# src: kalite.conf +# dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu +# when: apache_installed is defined - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 replace: @@ -89,6 +89,8 @@ poll: 10 +# RECORD KA Lite AS INSTALLED + - name: "Set 'kalite_installed: True'" set_fact: kalite_installed: True diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index c04aa97b4..68380de13 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "Install 5 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl" +- name: "Install 4 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl" package: name: - munin diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml index 510203110..0ef223866 100644 --- a/roles/nginx/tasks/enable-or-disable.yml +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -1,29 +1,29 @@ -- name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap - systemd: - name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml - state: stopped - ignore_errors: yes - # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!) +# - name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap +# systemd: +# name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml +# state: stopped +# ignore_errors: yes +# # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!) -- name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only - template: - src: ports.conf.j2 - dest: "/etc/{{ apache_service }}/ports.conf" - when: nginx_enabled +# - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only +# template: +# src: ports.conf.j2 +# dest: "/etc/{{ apache_service }}/ports.conf" +# when: nginx_enabled -- name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only - template: - src: stock-apache-ports.conf - dest: "/etc/{{ apache_service }}/ports.conf" - when: not nginx_enabled +# - name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only +# template: +# src: stock-apache-ports.conf +# dest: "/etc/{{ apache_service }}/ports.conf" +# when: not nginx_enabled -- name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it - systemd: - name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml - daemon_reload: yes - state: restarted - enabled: true - when: apache_installed is defined and apache_enabled # or not nginx_enabled +# - name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it +# systemd: +# name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml +# daemon_reload: yes +# state: restarted +# enabled: true +# when: apache_installed is defined and apache_enabled # or not nginx_enabled - name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 3516825c1..f69431183 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,16 +1,16 @@ -- name: Stop '{{ apache_service }}' systemd service - systemd: - name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml - state: stopped - ignore_errors: yes - # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 +# - name: Stop '{{ apache_service }}' systemd service +# systemd: +# name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml +# state: stopped +# ignore_errors: yes +# # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 - name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3' package: name: - libnginx-mod-http-subs-filter - nginx-extras - - php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml) + - php{{ php_version }}-fpm # INSTALLS [0] /etc/apache2/conf-available/php{{ php_version }}-fpm.conf AND DRAGS IN [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml) - uwsgi # Admin Console & roles/captiveportal should really install - uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these). state: present @@ -35,7 +35,7 @@ - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' } #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # Moved to enable-or-disable.yml - #- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml below + #- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml, later invoked by roles/www_options/tasks/main.yml - debug: msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url) @@ -45,7 +45,6 @@ systemd: name: "php{{ php_version }}-fpm" state: restarted - #when: nginx_enabled # RECORD NGINX AS INSTALLED diff --git a/roles/phpmyadmin/tasks/enable-or-disable.yml b/roles/phpmyadmin/tasks/enable-or-disable.yml index 31faa2de3..76dfae4e2 100644 --- a/roles/phpmyadmin/tasks/enable-or-disable.yml +++ b/roles/phpmyadmin/tasks/enable-or-disable.yml @@ -1,9 +1,9 @@ -- name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled - command: a2ensite phpmyadmin.conf - when: phpmyadmin_enabled - #when: apache_installed is defined and phpmyadmin_enabled +# - name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled +# command: a2ensite phpmyadmin.conf +# when: phpmyadmin_enabled +# #when: apache_installed is defined and phpmyadmin_enabled -- name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled - command: a2dissite phpmyadmin.conf - when: not phpmyadmin_enabled - #when: apache_installed is defined and not phpmyadmin_enabled +# - name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled +# command: a2dissite phpmyadmin.conf +# when: not phpmyadmin_enabled +# #when: apache_installed is defined and not phpmyadmin_enabled diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index 9b8cf357c..75fd05adb 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -1,17 +1,17 @@ -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True - -- name: APACHE - run 'httpd' role - include_role: - name: httpd +# - name: "Set 'apache_install: True' and 'apache_enabled: True'" +# set_fact: +# apache_install: True +# apache_enabled: True +# +# - name: APACHE - run 'httpd' role +# include_role: +# name: httpd - name: Unarchive {{ phpmyadmin_dl_url }} (7+ MB) to /opt (60+ MB) unarchive: remote_src: yes # Overwrite even if "already exists on the target" - src: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.tar.xv + src: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.tar.xv dest: /opt owner: "{{ apache_user }}" # www-data on debuntu group: "{{ apache_user }}" @@ -33,11 +33,11 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" -- name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template - template: - src: phpmyadmin.j2 - dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf" - #when: apache_installed is defined +# - name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template +# template: +# src: phpmyadmin.j2 +# dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf" +# #when: apache_installed is defined # RECORD phpMyAdmin AS INSTALLED diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index 5df581694..55339f268 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -19,12 +19,13 @@ quiet: yes -- name: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml +- name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml include_tasks: install.yml when: phpmyadmin_installed is undefined -- include_tasks: enable-or-disable.yml +- name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06 + include_tasks: enable-or-disable.yml - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b92be6933..b16f4fbb8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -45,7 +45,7 @@ download_timeout: 200 # Languages (for Apache) default_language: en -language_priority: en es fr +###language_priority: en es fr # Real-time clock: set RTC chip family here. Future auto-detection plausible? # rtc_id: ds3231 @@ -277,12 +277,12 @@ apache_allow_sudo: True # # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Apache is installed on demand as # a dependency -- by CUPS, Elgg, Lokole, Moodle, Node-RED, PBX &/or phpMyAdmin -apache_install: False -apache_enabled: False +###apache_install: False +###apache_enabled: False # # NGINX proxies to Apache for legacy IIAB services, using: -apache_port: 8090 -apache_interface: 127.0.0.1 # 2020-01-13: Var unused +###apache_port: 8090 +###apache_interface: 127.0.0.1 # 2020-01-13: Var unused # 4-SERVER-OPTIONS @@ -562,7 +562,7 @@ watchdog: - sshd - idmgr - ejabberd - - httpd + ###- httpd - postgresql - squid diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index a97ecda83..eac34b850 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -17,7 +17,7 @@ download_timeout: 200 # Languages (for Apache) default_language: en -language_priority: en es fr +###language_priority: en es fr # Real-time clock: set RTC chip family here. Future auto-detection plausible? # rtc_id: ds3231 @@ -247,8 +247,8 @@ azuracast_enabled: False # This var is currently IGNORED. # ejabberd_install: False # ejabberd_enabled: False -elgg_install: True -elgg_enabled: True +elgg_install: False +elgg_enabled: False # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: True @@ -368,7 +368,7 @@ munin_install: True munin_enabled: True # Handy for maintaining tables, but DANGEROUS if not locked down -phpmyadmin_install: True +phpmyadmin_install: False phpmyadmin_enabled: False vnstat_install: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 54bec6639..0e8b4169c 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -17,7 +17,7 @@ download_timeout: 200 # Languages (for Apache) default_language: en -language_priority: en es fr +###language_priority: en es fr # Real-time clock: set RTC chip family here. Future auto-detection plausible? # rtc_id: ds3231 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index afee5a6b3..790a07131 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -17,7 +17,7 @@ download_timeout: 200 # Languages (for Apache) default_language: en -language_priority: en es fr +###language_priority: en es fr # Real-time clock: set RTC chip family here. Future auto-detection plausible? # rtc_id: ds3231 From 75dc7422372be504fbe9e169b511e4e21786a649 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 00:40:13 -0400 Subject: [PATCH 02/29] Deprecating Apache is like pulling teeth --- .../{phpmyadmin.j2 => phpmyadmin.j2.unused} | 0 vars/default_vars.yml | 13 ++----------- 2 files changed, 2 insertions(+), 11 deletions(-) rename roles/phpmyadmin/templates/{phpmyadmin.j2 => phpmyadmin.j2.unused} (100%) diff --git a/roles/phpmyadmin/templates/phpmyadmin.j2 b/roles/phpmyadmin/templates/phpmyadmin.j2.unused similarity index 100% rename from roles/phpmyadmin/templates/phpmyadmin.j2 rename to roles/phpmyadmin/templates/phpmyadmin.j2.unused diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b16f4fbb8..a868228b3 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -270,19 +270,10 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True - # See also Apache vars {default_language, language_priority} @ top of this file # -# 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Apache is installed on demand as -# a dependency -- by CUPS, Elgg, Lokole, Moodle, Node-RED, PBX &/or phpMyAdmin -###apache_install: False -###apache_enabled: False -# -# NGINX proxies to Apache for legacy IIAB services, using: -###apache_port: 8090 -###apache_interface: 127.0.0.1 # 2020-01-13: Var unused +# Make this False to disable http://box/common/services/power_off.php button: +apache_allow_sudo: True # 4-SERVER-OPTIONS From d1ce3b73626dfcac5d4c036913805b093b6a54b9 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 01:08:20 -0400 Subject: [PATCH 03/29] Chemo: deprecate Apache's default_language & language_priority --- vars/default_vars.yml | 6 ------ vars/local_vars_big.yml | 6 ------ vars/local_vars_medium.yml | 6 ------ vars/local_vars_min.yml | 6 ------ 4 files changed, 24 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a868228b3..c884f55dd 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -43,10 +43,6 @@ py3_dist_path: /usr/lib/python3/dist-packages # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Languages (for Apache) -default_language: en -###language_priority: en es fr - # Real-time clock: set RTC chip family here. Future auto-detection plausible? # rtc_id: ds3231 @@ -270,8 +266,6 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# See also Apache vars {default_language, language_priority} @ top of this file -# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index eac34b850..33b5410bd 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -15,10 +15,6 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Languages (for Apache) -default_language: en -###language_priority: en es fr - # Real-time clock: set RTC chip family here. Future auto-detection plausible? # rtc_id: ds3231 @@ -173,8 +169,6 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# See also Apache vars {default_language, language_priority} @ top of this file -# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 0e8b4169c..d075374a0 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -15,10 +15,6 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Languages (for Apache) -default_language: en -###language_priority: en es fr - # Real-time clock: set RTC chip family here. Future auto-detection plausible? # rtc_id: ds3231 @@ -173,8 +169,6 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# See also Apache vars {default_language, language_priority} @ top of this file -# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 790a07131..b832fcca4 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -15,10 +15,6 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Languages (for Apache) -default_language: en -###language_priority: en es fr - # Real-time clock: set RTC chip family here. Future auto-detection plausible? # rtc_id: ds3231 @@ -173,8 +169,6 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# See also Apache vars {default_language, language_priority} @ top of this file -# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True From 5109edf3926ebbe45cd04277b73e4aa7a89d0428 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 01:13:25 -0400 Subject: [PATCH 04/29] default_vars.yml: is Monit's watchdog list still relevant? --- vars/default_vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c884f55dd..f2d87e70b 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -545,9 +545,9 @@ monit_install: False monit_enabled: False watchdog: - sshd - - idmgr - - ejabberd - ###- httpd + #- idmgr + #- ejabberd + #- httpd - postgresql - squid From 85236b0c38e8831abff8174d456785846d39eddf Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 01:46:01 -0400 Subject: [PATCH 05/29] Chemo: Less Apache in calibre, elgg, internetarchive, usb_lib --- roles/calibre/tasks/install.yml | 4 ++-- .../templates/{calibre.conf => calibre.conf.unused} | 0 roles/elgg/tasks/{apache.yml => apache.yml.unused} | 0 roles/elgg/tasks/install.yml | 8 ++++---- roles/elgg/tasks/main.yml | 9 ++++----- roles/elgg/templates/{elgg.conf => elgg.conf.unused} | 0 .../tasks/{apache.yml => apache.yml.unused} | 0 roles/internetarchive/tasks/install.yml | 6 ------ roles/internetarchive/tasks/main.yml | 8 ++++---- ...ternetarchive.conf => internetarchive.conf.unused} | 0 roles/usb_lib/tasks/{apache.yml => apache.yml.unused} | 0 roles/usb_lib/tasks/install.yml | 11 ++--------- roles/usb_lib/tasks/main.yml | 8 ++------ 13 files changed, 18 insertions(+), 36 deletions(-) rename roles/calibre/templates/{calibre.conf => calibre.conf.unused} (100%) rename roles/elgg/tasks/{apache.yml => apache.yml.unused} (100%) rename roles/elgg/templates/{elgg.conf => elgg.conf.unused} (100%) rename roles/internetarchive/tasks/{apache.yml => apache.yml.unused} (100%) rename roles/internetarchive/templates/{internetarchive.conf => internetarchive.conf.unused} (100%) rename roles/usb_lib/tasks/{apache.yml => apache.yml.unused} (100%) diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 764515763..840440583 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -37,13 +37,13 @@ # 2. SYSTEMD SERVICES -- name: Create /etc/systemd/system/calibre-serve.service and /etc/{{ apache_conf_dir }}/calibre.conf +- name: 'Install from template: /etc/systemd/system/calibre-serve.service' template: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service' } - - { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}' } # apache2/sites-available (this doesn't work, see #529: let's try to create /etc/nginx/conf.d/calibre-nginx.conf in future!) + #- { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}' } # apache2/sites-available (this doesn't work, see #529: let's try to create /etc/nginx/conf.d/calibre-nginx.conf in future!) - name: Stop service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal) systemd: diff --git a/roles/calibre/templates/calibre.conf b/roles/calibre/templates/calibre.conf.unused similarity index 100% rename from roles/calibre/templates/calibre.conf rename to roles/calibre/templates/calibre.conf.unused diff --git a/roles/elgg/tasks/apache.yml b/roles/elgg/tasks/apache.yml.unused similarity index 100% rename from roles/elgg/tasks/apache.yml rename to roles/elgg/tasks/apache.yml.unused diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml index 8098501a6..f183cd429 100644 --- a/roles/elgg/tasks/install.yml +++ b/roles/elgg/tasks/install.yml @@ -107,10 +107,10 @@ state: directory owner: "{{ apache_user }}" -- name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }} # http://box/elgg - template: - src: elgg.conf - dest: "/etc/{{ apache_conf_dir }}/elgg.conf" +# - name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }} # http://box/elgg +# template: +# src: elgg.conf +# dest: "/etc/{{ apache_conf_dir }}/elgg.conf" - name: Set up Elgg's MySQL database diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index b0fb38239..f8cb53fa6 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -24,14 +24,13 @@ when: elgg_installed is undefined -#- name: Enable/Disable/Restart Apache if primary -- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - include_tasks: apache.yml - #when: not nginx_enabled +# #- name: Enable/Disable/Restart Apache if primary +# - name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache +# include_tasks: apache.yml +# #when: not nginx_enabled - name: Enable/Disable/Restart NGINX if primary include_tasks: nginx.yml - when: nginx_enabled - name: Add 'elgg' variable values to {{ iiab_ini_file }} diff --git a/roles/elgg/templates/elgg.conf b/roles/elgg/templates/elgg.conf.unused similarity index 100% rename from roles/elgg/templates/elgg.conf rename to roles/elgg/templates/elgg.conf.unused diff --git a/roles/internetarchive/tasks/apache.yml b/roles/internetarchive/tasks/apache.yml.unused similarity index 100% rename from roles/internetarchive/tasks/apache.yml rename to roles/internetarchive/tasks/apache.yml.unused diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 689851636..c7df0e689 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -62,12 +62,6 @@ src: internetarchive.service.j2 dest: /etc/systemd/system/internetarchive.service -- name: "Install from template: /etc/{{ apache_conf_dir }}/internetarchive.conf" - template: - src: internetarchive.conf - dest: "/etc/{{ apache_conf_dir }}/internetarchive.conf" # apache2/sites-available - when: apache_installed is defined - # 4. RECORD Internet Archive AS INSTALLED diff --git a/roles/internetarchive/tasks/main.yml b/roles/internetarchive/tasks/main.yml index 9bd1c6ae2..830211ddd 100644 --- a/roles/internetarchive/tasks/main.yml +++ b/roles/internetarchive/tasks/main.yml @@ -68,13 +68,13 @@ state: stopped when: not internetarchive_enabled -- name: Enable/Disable/Restart Apache if primary - include_tasks: apache.yml - when: apache_installed is defined and not nginx_enabled +# - name: Enable/Disable/Restart Apache if primary +# include_tasks: apache.yml +# when: apache_installed is defined and not nginx_enabled - name: Enable/Disable/Restart NGINX if primary include_tasks: nginx.yml - when: nginx_enabled + #when: nginx_enabled - name: Add 'internetarchive' variable values to {{ iiab_ini_file }} diff --git a/roles/internetarchive/templates/internetarchive.conf b/roles/internetarchive/templates/internetarchive.conf.unused similarity index 100% rename from roles/internetarchive/templates/internetarchive.conf rename to roles/internetarchive/templates/internetarchive.conf.unused diff --git a/roles/usb_lib/tasks/apache.yml b/roles/usb_lib/tasks/apache.yml.unused similarity index 100% rename from roles/usb_lib/tasks/apache.yml rename to roles/usb_lib/tasks/apache.yml.unused diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 3304a0f16..2cfd2f9bb 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -47,13 +47,13 @@ state: present when: is_ubuntu -- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear +- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775) file: state: directory path: "{{ doc_root }}/local_content" owner: "{{ apache_user }}" group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222) - mode: '0775' + mode: 0775 - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off' template: @@ -81,13 +81,6 @@ path: /etc/usbmount/mount.d/00_create_model_symlink state: absent -# 2021-03-25: Consider removing this stanza & all of this role's Apache logic! -- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template - template: - src: content_dir.conf - dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu - when: apache_installed is defined - # RECORD 'USB_LIB' AS INSTALLED diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index 75cd8e4e7..7836f2d3a 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -56,13 +56,9 @@ when: not usb_lib_umask0000_for_kolibri -- name: Enable/Disable/Restart Apache if primary - include_tasks: apache.yml - when: not nginx_enabled - -- name: Enable/Disable/Restart NGINX if primary +- name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - when: nginx_enabled + # 2021-04-29: Clean up here to catch the already installed users, remove for the next release (PR #2760) - name: Remove /etc/usbmount/mount.d/00_create_model_symlink From 4e5c7c68cc0155e7d170953bc33bd9f03b8a842a Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 02:02:09 -0400 Subject: [PATCH 06/29] Mark httpd as unmaintained; elgg & phpmyadmin MAY follow --- tests/test.yml | 2 +- unmaintained-roles.txt | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/test.yml b/tests/test.yml index b429180f7..5d99a34e1 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -32,7 +32,7 @@ - { role: firmware } - { role: gitea } #- { role: homepage } - - { role: httpd } + #- { role: httpd } #- { role: idmgr } - { role: iiab-admin } - { role: internetarchive } diff --git a/unmaintained-roles.txt b/unmaintained-roles.txt index bb6253dd3..9174375a4 100644 --- a/unmaintained-roles.txt +++ b/unmaintained-roles.txt @@ -7,6 +7,7 @@ dokuwiki ejabberd ejabberd_xs homepage +httpd httpd-enable idmgr moodle-1.9 From b8ffdb1258aa31faa9e2af6b8fff16d47b4b5351 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 02:27:52 -0400 Subject: [PATCH 07/29] Clean & tighten nodejs/tasks/install.yml --- roles/nodejs/tasks/install.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index ba3536c96..33039d899 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -65,12 +65,12 @@ # state: absent # when: internet_available and is_debuntu -- name: Set up Node.js {{ nodejs_version }} apt sources (debuntu) +- name: Set up Node.js {{ nodejs_version }} apt sources shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - args: warn: no creates: /etc/apt/sources.list.d/nodesource.list - when: internet_available and is_debuntu + when: internet_available #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) # NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/.yml # DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!) @@ -80,20 +80,20 @@ # "npm install -g npm@latest" (all *SHOULD* be magically fixed by 2019-04-18 ?) # Forces update -- name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm (debuntu) +- name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm package: #name: nodejs={{ nodejs_version }} name: nodejs state: latest #state: present - when: internet_available and is_debuntu + when: internet_available #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) -- name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat) - shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash - - args: - warn: no - when: internet_available and is_redhat +# - name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat) +# shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash - +# args: +# warn: no +# when: internet_available and is_redhat # 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm From 060a371de3700cd725129fa909140e70aab37921 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 02:51:30 -0400 Subject: [PATCH 08/29] Clean & tighten postgresql/tasks/install.yml --- roles/postgresql/tasks/install.yml | 55 ++++++++++++------------------ 1 file changed, 21 insertions(+), 34 deletions(-) diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index fc78589af..bc180c234 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,21 +1,11 @@ -- name: Install 'postgresql' package +- name: 'Install packages: postgresql, postgresql-client' package: - name: postgresql + name: + - postgresql + - postgresql-client state: present -- name: Install 'postgresql-client' package (debuntu) - package: - name: postgresql-client - state: present - when: is_debuntu - -- name: Install 'postgresql-server' package (OS's other than debuntu) - package: - name: postgresql-server - state: present - when: not is_debuntu - -- name: Install /etc/systemd/system/postgresql-iiab.service from template +- name: Install /etc/systemd/system/postgresql-iiab.service from template (0644 by default) template: src: postgresql-iiab.service dest: /etc/systemd/system/postgresql-iiab.service @@ -23,50 +13,47 @@ # group: root # mode: '0644' -- name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres +- name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres (0700) file: + state: directory path: /library/pgsql-iiab owner: postgres group: postgres - mode: '0700' - state: directory + mode: 0700 -- name: Make sure locale {{ postgresql_locale }} is enabled (debuntu) # en_US.UTF-8 +- name: Make sure locale {{ postgresql_locale }} is enabled # en_US.UTF-8 lineinfile: dest: /etc/locale.gen line: "{{ postgresql_locale }} UTF-8" - when: is_debuntu -- name: Generate locales (debuntu) +- name: Generate locales command: /usr/sbin/locale-gen - when: is_debuntu -- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (debuntu) +- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf #command: su - postgres -c "/usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab" command: /usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab args: creates: /library/pgsql-iiab/pg_hba.conf become: yes become_user: postgres - when: is_debuntu -- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (OS's other than debuntu) - #command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab" - command: /usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab - args: - creates: /library/pgsql-iiab/pg_hba.conf - become: yes - become_user: postgres - when: not is_debuntu +# - name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (OS's other than debuntu) +# #command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab" +# command: /usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab +# args: +# creates: /library/pgsql-iiab/pg_hba.conf +# become: yes +# become_user: postgres +# when: not is_debuntu -- name: Install /library/pgsql-iiab/postgresql.conf owned by postgres:postgres, from template +- name: Install /library/pgsql-iiab/postgresql.conf from template (postgres:postgres, 0640) template: backup: yes src: postgresql.conf.j2 dest: /library/pgsql-iiab/postgresql.conf owner: postgres group: postgres - mode: '0640' + mode: 0640 - name: Disable & Stop stock 'postgresql' (parent) systemd service systemd: From 3d88039a268f9994c987e213a7582487dabecd13 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 03:19:11 -0400 Subject: [PATCH 09/29] Clean & tighten 2-common/tasks/packages.yml --- roles/2-common/tasks/packages.yml | 36 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 3b76d7beb..cae041643 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,20 +1,20 @@ -- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" - package: - name: - - avahi - - avahi-tools - - createrepo - - linux-firmware - - nss-mdns - - openssl # FC 18 does not supply, but pear requires - - syslog - - wpa_supplicant - - xml-common - - yum-utils - state: present - when: is_redhat +# - name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" +# package: +# name: +# - avahi +# - avahi-tools +# - createrepo +# - linux-firmware +# - nss-mdns +# - openssl # FC 18 does not supply, but pear requires +# - syslog +# - wpa_supplicant +# - xml-common +# - yum-utils +# state: present +# when: is_redhat -- name: "Install 6 deb/apt packages: avahi-daemon, exfat-fuse, exfat-utils, inetutils-syslogd, libnss-mdns, wpasupplicant (debuntu)" +- name: "Install 6 deb/apt packages: avahi-daemon, exfat-fuse, exfat-utils, inetutils-syslogd, libnss-mdns, wpasupplicant" package: name: #- avahi-discover @@ -25,9 +25,9 @@ - libnss-mdns # Provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - wpasupplicant state: present - when: is_debuntu + #when: is_debuntu -- name: "Install 20 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 20 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, iproute2, logrotate, make, mlocate, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # Daemon for ACPI (power mgmt) events From cff2bac84c1760863aaca6e633cdea04c93f850d Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 03:36:48 -0400 Subject: [PATCH 10/29] Refine 2-common/tasks/packages.yml --- roles/2-common/tasks/packages.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index cae041643..7aab952c2 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -27,7 +27,7 @@ state: present #when: is_debuntu -- name: "Install 20 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, iproute2, logrotate, make, mlocate, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: "Install 19 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, make, mlocate, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" package: name: - acpid # Daemon for ACPI (power mgmt) events @@ -37,7 +37,7 @@ - gawk - htop - i2c-tools # Low-level bus/chip/register/EEPROM tools e.g. for RTC - - iproute2 + #- iproute2 # Installed by roles/2-common/tasks/network.yml - logrotate #- lynx # Installed by 1-prep's roles/iiab-admin/tasks/access.yml - make # 2021-04-26: What roles (if any) truly still use this? From 826225f1fa2a481f33ed6428fda1b0402703e6ba Mon Sep 17 00:00:00 2001 From: root Date: Wed, 7 Jul 2021 14:44:27 -0400 Subject: [PATCH 11/29] Elgg clarifs, regardless what can/cannot be saved --- roles/elgg/defaults/main.yml | 2 +- roles/elgg/tasks/install.yml | 31 ++++++++++++++++--------------- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/roles/elgg/defaults/main.yml b/roles/elgg/defaults/main.yml index 24d621f6f..2bfcb6bd8 100644 --- a/roles/elgg/defaults/main.yml +++ b/roles/elgg/defaults/main.yml @@ -21,7 +21,7 @@ dbname: elggdb dbhost: localhost dbprefix: elgg_ -# The following variables must be in sync with template/elggdb.sql.j2 +# The following variables must be in sync with templates/elggdb.sql.j2 # If you change them, you will probably have to rebuild the database. # They can be changed from the administrative interface once Elgg is installed. diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml index f183cd429..6ab07d2e2 100644 --- a/roles/elgg/tasks/install.yml +++ b/roles/elgg/tasks/install.yml @@ -1,11 +1,12 @@ -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True +# - name: "Set 'apache_install: True' and 'apache_enabled: True'" +# set_fact: +# apache_install: True +# apache_enabled: True +# +# - name: APACHE - run 'httpd' role +# include_role: +# name: httpd -- name: APACHE - run 'httpd' role - include_role: - name: httpd # 2020-06-15: roles/httpd/tasks/install.yml now takes care of this. # # 2020-05-21: Required now that mysql/tasks/install.yml installs @@ -32,7 +33,7 @@ # creates: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip" get_url: url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip" - dest: "{{ downloads_dir }}" + dest: "{{ downloads_dir }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" when: internet_available @@ -41,7 +42,7 @@ path: "/opt/elgg-{{ elgg_version }}/index.php" register: elgg -- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist +- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist ({{ apache_user }}:{{ apache_user }}) #shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt" unarchive: #remote_src: yes @@ -52,7 +53,7 @@ group: "{{ apache_user }}" when: elgg.stat.exists is defined and not elgg.stat.exists -- name: Create softlink from /opt/elgg to /opt/elgg-{{ elgg_version }} +- name: Symlink /opt/elgg -> /opt/elgg-{{ elgg_version }} file: src: "./elgg-{{ elgg_version }}" path: /opt/elgg @@ -69,13 +70,13 @@ group: "{{ apache_user }}" # The name of this file changed from 1.9 to 1.10. -- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree +- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree (0644) copy: src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist" dest: "/opt/{{ elgg_xx }}/.htaccess" owner: "{{ apache_user }}" group: "{{ apache_user }}" - mode: '0644' + mode: 0644 #regexp='^#RewriteBase' - name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }} # http://box/elgg @@ -86,12 +87,12 @@ insertafter: '^#RewriteBase' line: "RewriteBase {{ elgg_url }}/" -- name: Set /opt/elgg/engine directory permissions to 0755 so Apache can write there +- name: Set /opt/elgg/engine directory permissions to 0755 (owner {{ apache_user }}) so Apache can write there file: state: directory path: /opt/elgg/engine/ owner: "{{ apache_user }}" - mode: '0755' + mode: 0755 - name: Change /opt/elgg-{{ elgg_version }} ownership to {{ apache_user }}:{{ apache_user }} (likely not nec, as unarchive & all do this above) file: @@ -103,7 +104,7 @@ - name: Create upload directory {{ elgg_upload_path }} that Apache (and Elgg) can write to file: - path: "{{ elgg_upload_path }}" + path: "{{ elgg_upload_path }}" # /library/elgg state: directory owner: "{{ apache_user }}" From 1d280bbfc351ae06dc2d0fbc7346c39f200872cc Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 11 Jul 2021 16:42:51 -0400 Subject: [PATCH 12/29] Cleaner munin/tasks/install.yml --- roles/munin/tasks/install.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 68380de13..0e7af8fe4 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -8,14 +8,6 @@ #- libapache2-mod-fcgid state: present -# - name: "Install 2 packages: munin, munin-node (OS's other than debuntu)" -# package: -# name: -# - munin -# - munin-node -# state: present -# when: not is_debuntu - - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd htpasswd: path: /etc/munin/munin-htpasswd From b2aa326db4bb9104e1414e893c681936ab758164 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 12 Jul 2021 17:49:21 -0400 Subject: [PATCH 13/29] moodle/tasks/install.yml: Clarify php.ini req IF PHP 8+ --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index aa763be59..5289eb0ae 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -105,7 +105,7 @@ dest: "{{ moodle_base }}" mode: 0755 -- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation +- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini IF PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" args: creates: "{{ moodle_base }}/config.php" From 1118519aeb1b5d8006362ad4d00ad02020694d64 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 15:59:45 -0400 Subject: [PATCH 14/29] 6-generic-apps/tasks/main.yml: Elgg unmaintained for now --- roles/6-generic-apps/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index d1bdc56a1..af4e40224 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -21,10 +21,11 @@ name: ejabberd when: ejabberd_install is defined and ejabberd_install +# UNMAINTAINED - name: ELGG include_role: name: elgg - when: elgg_install + when: elgg_install is defined and elgg_install - name: GITEA include_role: From c85cb7cc894815fb36e7a6d12a3af8786d648f82 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 19:52:47 -0400 Subject: [PATCH 15/29] Update default_vars.yml --- vars/default_vars.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 801c41175..799debdb0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -355,6 +355,7 @@ dokuwiki_url: /dokuwiki ejabberd_install: False ejabberd_enabled: False +# UNMAINTAINED as of July 2021 elgg_install: False elgg_enabled: False # elgg_mysql_password: $6$iiab51$jeTwnATcbaa92xo0QBTgjLBU.5aVDDrbKeNyyC99R/TAWz6pvfzj.L7lfnOVVjD78nxqT.gkNn6XZmuRV0W3o1 @@ -554,6 +555,7 @@ watchdog: munin_install: False munin_enabled: False +# UNMAINTAINED as of July 2021 # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False From fde0c13f100b2a71dc58a2748b2f67c72d75de25 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 19:55:21 -0400 Subject: [PATCH 16/29] Update local_vars_big.yml --- vars/local_vars_big.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 33b5410bd..205ced861 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -229,18 +229,10 @@ usb_lib_umask0000_for_kolibri: True # 6-GENERIC-APPS -# UNMAINTAINED as of September 2020 azuracast_install: False azuracast_enabled: False # This var is currently IGNORED. -# UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 -# dokuwiki_install: False -# dokuwiki_enabled: False - -# UNMAINTAINED as of November 2019 -# ejabberd_install: False -# ejabberd_enabled: False - +# UNMAINTAINED as of July 2021 elgg_install: False elgg_enabled: False @@ -361,6 +353,7 @@ monit_enabled: False munin_install: True munin_enabled: True +# UNMAINTAINED as of July 2021 # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False From f999953c44f5a5a31cd0b2059e03085fc02ab2bd Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 19:57:49 -0400 Subject: [PATCH 17/29] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index d075374a0..4eab18180 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -229,18 +229,10 @@ usb_lib_umask0000_for_kolibri: True # 6-GENERIC-APPS -# UNMAINTAINED as of September 2020 azuracast_install: False azuracast_enabled: False # This var is currently IGNORED. -# UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 -# dokuwiki_install: False -# dokuwiki_enabled: False - -# UNMAINTAINED as of November 2019 -# ejabberd_install: False -# ejabberd_enabled: False - +# UNMAINTAINED as of July 2021 elgg_install: False elgg_enabled: False @@ -361,6 +353,7 @@ monit_enabled: False munin_install: False munin_enabled: False +# UNMAINTAINED as of July 2021 # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False From c6c7edcc1635de3cc330136d56ad913478994029 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 19:59:04 -0400 Subject: [PATCH 18/29] Update local_vars_min.yml --- vars/local_vars_min.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index b832fcca4..fcb8c47e2 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -229,18 +229,10 @@ usb_lib_umask0000_for_kolibri: True # 6-GENERIC-APPS -# UNMAINTAINED as of September 2020 azuracast_install: False azuracast_enabled: False # This var is currently IGNORED. -# UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 -# dokuwiki_install: False -# dokuwiki_enabled: False - -# UNMAINTAINED as of November 2019 -# ejabberd_install: False -# ejabberd_enabled: False - +# UNMAINTAINED as of July 2021 elgg_install: False elgg_enabled: False @@ -361,6 +353,7 @@ monit_enabled: False munin_install: False munin_enabled: False +# UNMAINTAINED as of July 2021 # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False From 6f1885cd096f2c1febc8ef4812e5f1b4aba6737d Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 20:04:11 -0400 Subject: [PATCH 19/29] Update default_vars.yml --- vars/default_vars.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 799debdb0..49320db14 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -334,7 +334,6 @@ idmgr_enabled: False # 2020-01-23: UNUSED # 6-GENERIC-APPS -# UNMAINTAINED as of September 2020 azuracast_install: False azuracast_enabled: False # This var is currently IGNORED azuracast_http_port: 10080 From df91cd8a11470886e5460e51e10491d0f6cc5879 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 20:05:31 -0400 Subject: [PATCH 20/29] Rename ports.conf.j2 to ports.conf.j2.unused --- roles/nginx/templates/{ports.conf.j2 => ports.conf.j2.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/templates/{ports.conf.j2 => ports.conf.j2.unused} (100%) diff --git a/roles/nginx/templates/ports.conf.j2 b/roles/nginx/templates/ports.conf.j2.unused similarity index 100% rename from roles/nginx/templates/ports.conf.j2 rename to roles/nginx/templates/ports.conf.j2.unused From b02a938c9fa114b75b082b982a09230d7085bf97 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 20:06:12 -0400 Subject: [PATCH 21/29] Rename stock-apache-ports.conf to stock-apache-ports.conf.unused --- .../{stock-apache-ports.conf => stock-apache-ports.conf.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/nginx/templates/{stock-apache-ports.conf => stock-apache-ports.conf.unused} (100%) diff --git a/roles/nginx/templates/stock-apache-ports.conf b/roles/nginx/templates/stock-apache-ports.conf.unused similarity index 100% rename from roles/nginx/templates/stock-apache-ports.conf rename to roles/nginx/templates/stock-apache-ports.conf.unused From 818b897f0abf12e89d0041a46e51c4919871bb8e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 21:30:42 -0400 Subject: [PATCH 22/29] Update default_vars.yml --- vars/default_vars.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 49320db14..ba6b31347 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -150,9 +150,11 @@ iiab_gateway_enabled: False gw_squid_whitelist: False gw_block_https: False +# UNMAINTAINED as of July 2021 dhcpd_install: False dhcpd_enabled: False +# UNMAINTAINED as of July 2021 # named (BIND) named_install: False named_enabled: False @@ -277,9 +279,11 @@ apache_allow_sudo: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") +# UNMAINTAINED as of July 2021 squid_install: False squid_enabled: False +# UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled. # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019. dansguardian_install: False From c1d2491d6de729feb4058c5f38f6021782912821 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 21:32:10 -0400 Subject: [PATCH 23/29] Update local_vars_big.yml --- vars/local_vars_big.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 205ced861..01086bffc 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -98,9 +98,11 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False +# UNMAINTAINED as of July 2021 dhcpd_install: False dhcpd_enabled: False +# UNMAINTAINED as of July 2021 # named (BIND) named_install: False named_enabled: False @@ -180,9 +182,11 @@ apache_allow_sudo: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") +# UNMAINTAINED as of July 2021 squid_install: False squid_enabled: False +# UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled. # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019. dansguardian_install: False From 2dd8d41637e078b8143b1f7c8db2d1bd3c633b45 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 21:34:20 -0400 Subject: [PATCH 24/29] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 4eab18180..1013bf5f0 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -98,9 +98,11 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False +# UNMAINTAINED as of July 2021 dhcpd_install: False dhcpd_enabled: False +# UNMAINTAINED as of July 2021 # named (BIND) named_install: False named_enabled: False @@ -180,9 +182,11 @@ apache_allow_sudo: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") +# UNMAINTAINED as of July 2021 squid_install: False squid_enabled: False +# UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled. # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019. dansguardian_install: False From cfdc9c29a66abd1cefe96a3549a962de8f5b947c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 26 Jul 2021 21:35:15 -0400 Subject: [PATCH 25/29] Update local_vars_min.yml --- vars/local_vars_min.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index fcb8c47e2..0d4e359b1 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -98,9 +98,11 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False +# UNMAINTAINED as of July 2021 dhcpd_install: False dhcpd_enabled: False +# UNMAINTAINED as of July 2021 # named (BIND) named_install: False named_enabled: False @@ -180,9 +182,11 @@ apache_allow_sudo: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") +# UNMAINTAINED as of July 2021 squid_install: False squid_enabled: False +# UNMAINTAINED as of July 2021 # DansGuardian REQUIRES Squid (above) be installed & enabled. # DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019. dansguardian_install: False From 9f58a01b93a39b7af76cbb8ee39d9479d7178f69 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 8 Aug 2021 08:41:18 -0400 Subject: [PATCH 26/29] nginx/tasks/install.yml: Overwrite /etc/apache2/ports.conf + Deprecate unmaintained Elgg --- roles/{ => 0-DEPRECATED-ROLES}/elgg/README.rst | 0 roles/{ => 0-DEPRECATED-ROLES}/elgg/defaults/main.yml | 0 .../{ => 0-DEPRECATED-ROLES}/elgg/tasks/apache.yml.unused | 0 roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/install.yml | 0 roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/main.yml | 0 roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/nginx.yml | 0 roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/setup.yml | 0 .../elgg/templates/elgg-nginx.conf.j2 | 0 .../elgg/templates/elgg.conf.unused | 0 .../{ => 0-DEPRECATED-ROLES}/elgg/templates/elggdb.sql.j2 | 0 .../elgg/templates/settings.php.j2 | 0 roles/nginx/tasks/install.yml | 6 +++--- .../{ports.conf.j2.unused => apache-ports.conf.j2} | 7 ++++++- 13 files changed, 9 insertions(+), 4 deletions(-) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/README.rst (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/defaults/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/apache.yml.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/install.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/main.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/nginx.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/tasks/setup.yml (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/templates/elgg-nginx.conf.j2 (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/templates/elgg.conf.unused (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/templates/elggdb.sql.j2 (100%) rename roles/{ => 0-DEPRECATED-ROLES}/elgg/templates/settings.php.j2 (100%) rename roles/nginx/templates/{ports.conf.j2.unused => apache-ports.conf.j2} (70%) diff --git a/roles/elgg/README.rst b/roles/0-DEPRECATED-ROLES/elgg/README.rst similarity index 100% rename from roles/elgg/README.rst rename to roles/0-DEPRECATED-ROLES/elgg/README.rst diff --git a/roles/elgg/defaults/main.yml b/roles/0-DEPRECATED-ROLES/elgg/defaults/main.yml similarity index 100% rename from roles/elgg/defaults/main.yml rename to roles/0-DEPRECATED-ROLES/elgg/defaults/main.yml diff --git a/roles/elgg/tasks/apache.yml.unused b/roles/0-DEPRECATED-ROLES/elgg/tasks/apache.yml.unused similarity index 100% rename from roles/elgg/tasks/apache.yml.unused rename to roles/0-DEPRECATED-ROLES/elgg/tasks/apache.yml.unused diff --git a/roles/elgg/tasks/install.yml b/roles/0-DEPRECATED-ROLES/elgg/tasks/install.yml similarity index 100% rename from roles/elgg/tasks/install.yml rename to roles/0-DEPRECATED-ROLES/elgg/tasks/install.yml diff --git a/roles/elgg/tasks/main.yml b/roles/0-DEPRECATED-ROLES/elgg/tasks/main.yml similarity index 100% rename from roles/elgg/tasks/main.yml rename to roles/0-DEPRECATED-ROLES/elgg/tasks/main.yml diff --git a/roles/elgg/tasks/nginx.yml b/roles/0-DEPRECATED-ROLES/elgg/tasks/nginx.yml similarity index 100% rename from roles/elgg/tasks/nginx.yml rename to roles/0-DEPRECATED-ROLES/elgg/tasks/nginx.yml diff --git a/roles/elgg/tasks/setup.yml b/roles/0-DEPRECATED-ROLES/elgg/tasks/setup.yml similarity index 100% rename from roles/elgg/tasks/setup.yml rename to roles/0-DEPRECATED-ROLES/elgg/tasks/setup.yml diff --git a/roles/elgg/templates/elgg-nginx.conf.j2 b/roles/0-DEPRECATED-ROLES/elgg/templates/elgg-nginx.conf.j2 similarity index 100% rename from roles/elgg/templates/elgg-nginx.conf.j2 rename to roles/0-DEPRECATED-ROLES/elgg/templates/elgg-nginx.conf.j2 diff --git a/roles/elgg/templates/elgg.conf.unused b/roles/0-DEPRECATED-ROLES/elgg/templates/elgg.conf.unused similarity index 100% rename from roles/elgg/templates/elgg.conf.unused rename to roles/0-DEPRECATED-ROLES/elgg/templates/elgg.conf.unused diff --git a/roles/elgg/templates/elggdb.sql.j2 b/roles/0-DEPRECATED-ROLES/elgg/templates/elggdb.sql.j2 similarity index 100% rename from roles/elgg/templates/elggdb.sql.j2 rename to roles/0-DEPRECATED-ROLES/elgg/templates/elggdb.sql.j2 diff --git a/roles/elgg/templates/settings.php.j2 b/roles/0-DEPRECATED-ROLES/elgg/templates/settings.php.j2 similarity index 100% rename from roles/elgg/templates/settings.php.j2 rename to roles/0-DEPRECATED-ROLES/elgg/templates/settings.php.j2 diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 97872766c..6a33254d5 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,4 +1,4 @@ -- name: Stop '{{ apache_service }}' systemd service, just in case it exists +- name: Stop '{{ apache_service }}' systemd service, in case it exists -- REGARDLESS /etc/{{ apache_service }}/ports.conf WILL BE OVERWRITTEN BELOW systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml state: stopped @@ -42,7 +42,7 @@ path: /etc/nginx/sites-enabled/default state: absent -- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types' +- name: 'Install 4 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types, /etc/{{ apache_service }}/ports.conf' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -50,7 +50,7 @@ - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' } - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' } - # - { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # Moved to enable-or-disable.yml + - { src: 'apache-ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # 2021-08-08: Restored from enable-or-disable.yml # - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml, invoked later by roles/www_options/tasks/main.yml (see below!) - debug: diff --git a/roles/nginx/templates/ports.conf.j2.unused b/roles/nginx/templates/apache-ports.conf.j2 similarity index 70% rename from roles/nginx/templates/ports.conf.j2.unused rename to roles/nginx/templates/apache-ports.conf.j2 index 5591d27be..a10d24122 100644 --- a/roles/nginx/templates/ports.conf.j2.unused +++ b/roles/nginx/templates/apache-ports.conf.j2 @@ -2,7 +2,11 @@ # have to change the VirtualHost statement in # /etc/apache2/sites-enabled/000-default.conf -Listen 127.0.0.1:{{ apache_port }} +# Apache's stock default +#Listen 80 + +# IIAB NGINX proxying to legacy svcs (Dec 2019 - Aug 2021) +#Listen 127.0.0.1:{{ apache_port }} # # Listen 443 @@ -13,3 +17,4 @@ Listen 127.0.0.1:{{ apache_port }} # # vim: syntax=apache ts=4 sw=4 sts=4 sr noet + From 24285ca7b2d50f041b2df188663bf70af1efb538 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 8 Aug 2021 09:12:54 -0400 Subject: [PATCH 27/29] Update validate_vars.yml + Prune local_vars files etc --- roles/0-init/tasks/validate_vars.yml | 12 +++++----- roles/6-generic-apps/tasks/main.yml | 1 - tests/test.yml | 2 +- unmaintained-roles.txt | 1 + vars/local_vars_big.yml | 22 ------------------- vars/local_vars_medium.yml | 22 ------------------- vars/local_vars_min.yml | 22 ------------------- ...rs_olpc.yml => local_vars_olpc.yml.unused} | 0 8 files changed, 8 insertions(+), 74 deletions(-) rename vars/{local_vars_olpc.yml => local_vars_olpc.yml.unused} (100%) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index b10e1678d..44f20da20 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,7 +63,7 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc -- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -76,7 +76,7 @@ - openvpn - admin_console #- nginx # MANDATORY - ###- apache ### Dependency - excluded from _installed check below + #- apache # Unmaintained - former dependency #- mysql # MANDATORY - squid - dansguardian @@ -90,7 +90,7 @@ - azuracast #- dokuwiki # Unmaintained #- ejabberd # Unmaintained - - elgg + #- elgg # Unmaintained - gitea - jupyterhub - lokole @@ -99,7 +99,6 @@ - nodejs # Dependency - excluded from _installed check below - nodered - nextcloud - - pbx - wordpress - kalite - kolibri @@ -116,11 +115,12 @@ - phpmyadmin - vnstat - yarn # Dependency - excluded from _installed check below - - internetarchive - captiveportal + - internetarchive - minetest - - calibre - calibreweb + - calibre + - pbx - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined assert: diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index d25999ad7..f241095f6 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -3,7 +3,6 @@ - name: ...IS BEGINNING ==================================== meta: noop -# UNMAINTAINED - name: AZURACAST include_role: name: azuracast diff --git a/tests/test.yml b/tests/test.yml index 5d99a34e1..7160b247c 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -28,7 +28,7 @@ #- { role: dokuwiki } #- { role: ejabberd } #- { role: ejabberd_xs } - - { role: elgg } + #- { role: elgg } - { role: firmware } - { role: gitea } #- { role: homepage } diff --git a/unmaintained-roles.txt b/unmaintained-roles.txt index 9174375a4..c30178fbc 100644 --- a/unmaintained-roles.txt +++ b/unmaintained-roles.txt @@ -6,6 +6,7 @@ docker dokuwiki ejabberd ejabberd_xs +elgg homepage httpd httpd-enable diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index ff295308a..fd7d66e3c 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -199,34 +199,12 @@ usb_lib_umask0000_for_kolibri: True # Lesser-supported XO services need additional testing. Please contact # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. -# UNMAINTAINED -# xo_services_install: False -# xo_services_enabled: False - -# UNMAINTAINED -# activity_server_install: False -# activity_server_enabled: False - -# UNMAINTAINED -# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below -# ejabberd_xs_install: False -# ejabberd_xs_enabled: False - -# UNMAINTAINED -# Change calibre_port from 8080 to 8010 below, if you enable idmgr -# idmgr_install: False -# idmgr_enabled: False - # 6-GENERIC-APPS azuracast_install: False azuracast_enabled: False # This var is currently IGNORED. -# UNMAINTAINED as of July 2021 -elgg_install: False -elgg_enabled: False - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: True gitea_enabled: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 3c62bf7d2..253468a51 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -199,34 +199,12 @@ usb_lib_umask0000_for_kolibri: True # Lesser-supported XO services need additional testing. Please contact # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. -# UNMAINTAINED -# xo_services_install: False -# xo_services_enabled: False - -# UNMAINTAINED -# activity_server_install: False -# activity_server_enabled: False - -# UNMAINTAINED -# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below -# ejabberd_xs_install: False -# ejabberd_xs_enabled: False - -# UNMAINTAINED -# Change calibre_port from 8080 to 8010 below, if you enable idmgr -# idmgr_install: False -# idmgr_enabled: False - # 6-GENERIC-APPS azuracast_install: False azuracast_enabled: False # This var is currently IGNORED. -# UNMAINTAINED as of July 2021 -elgg_install: False -elgg_enabled: False - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 3897442e7..4b5e6874d 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -199,34 +199,12 @@ usb_lib_umask0000_for_kolibri: True # Lesser-supported XO services need additional testing. Please contact # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. -# UNMAINTAINED -# xo_services_install: False -# xo_services_enabled: False - -# UNMAINTAINED -# activity_server_install: False -# activity_server_enabled: False - -# UNMAINTAINED -# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below -# ejabberd_xs_install: False -# ejabberd_xs_enabled: False - -# UNMAINTAINED -# Change calibre_port from 8080 to 8010 below, if you enable idmgr -# idmgr_install: False -# idmgr_enabled: False - # 6-GENERIC-APPS azuracast_install: False azuracast_enabled: False # This var is currently IGNORED. -# UNMAINTAINED as of July 2021 -elgg_install: False -elgg_enabled: False - # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False diff --git a/vars/local_vars_olpc.yml b/vars/local_vars_olpc.yml.unused similarity index 100% rename from vars/local_vars_olpc.yml rename to vars/local_vars_olpc.yml.unused From 1112310f41b02d70a72b56cd4d3eef73878d324d Mon Sep 17 00:00:00 2001 From: root Date: Sun, 8 Aug 2021 09:48:26 -0400 Subject: [PATCH 28/29] Public Works: Prune local_vars files + Update default_vars.yml --- vars/default_vars.yml | 4 ++-- vars/local_vars_big.yml | 25 +------------------------ vars/local_vars_medium.yml | 25 +------------------------ vars/local_vars_min.yml | 25 +------------------------ 4 files changed, 5 insertions(+), 74 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 087cef90b..49f48f355 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -167,7 +167,7 @@ dnsmasq_enabled: True # Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" dns_jail_enabled: False -# Bluetooth PAN access to IIAB server +# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False @@ -532,7 +532,7 @@ watchdog: #- ejabberd #- httpd - postgresql - - squid + #- squid munin_install: False munin_enabled: False diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index fd7d66e3c..68e1fc94b 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -98,23 +98,10 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False -# UNMAINTAINED as of July 2021 -dhcpd_install: False -dhcpd_enabled: False - -# UNMAINTAINED as of July 2021 -# named (BIND) -named_install: False -named_enabled: False - -# dnsmasq - handles DHCP and DNS -dnsmasq_install: True -dnsmasq_enabled: True - # Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" dns_jail_enabled: False -# Bluetooth PAN access to IIAB server +# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False @@ -169,16 +156,6 @@ apache_allow_sudo: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") -# UNMAINTAINED as of July 2021 -squid_install: False -squid_enabled: False - -# UNMAINTAINED as of July 2021 -# DansGuardian REQUIRES Squid (above) be installed & enabled. -# DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019. -dansguardian_install: False -dansguardian_enabled: False - # Common UNIX Printing System (CUPS) cups_install: True cups_enabled: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 253468a51..83a46de39 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -98,23 +98,10 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False -# UNMAINTAINED as of July 2021 -dhcpd_install: False -dhcpd_enabled: False - -# UNMAINTAINED as of July 2021 -# named (BIND) -named_install: False -named_enabled: False - -# dnsmasq - handles DHCP and DNS -dnsmasq_install: True -dnsmasq_enabled: True - # Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" dns_jail_enabled: False -# Bluetooth PAN access to IIAB server +# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False @@ -169,16 +156,6 @@ apache_allow_sudo: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") -# UNMAINTAINED as of July 2021 -squid_install: False -squid_enabled: False - -# UNMAINTAINED as of July 2021 -# DansGuardian REQUIRES Squid (above) be installed & enabled. -# DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019. -dansguardian_install: False -dansguardian_enabled: False - # Common UNIX Printing System (CUPS) cups_install: False cups_enabled: False diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 4b5e6874d..bf8f5ccb6 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -98,23 +98,10 @@ ports_externally_visible: 3 # ssh + http-or-https + common IIAB services # Set True if client machines should have "passthrough" access to WAN/Internet: iiab_gateway_enabled: False -# UNMAINTAINED as of July 2021 -dhcpd_install: False -dhcpd_enabled: False - -# UNMAINTAINED as of July 2021 -# named (BIND) -named_install: False -named_enabled: False - -# dnsmasq - handles DHCP and DNS -dnsmasq_install: True -dnsmasq_enabled: True - # Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" dns_jail_enabled: False -# Bluetooth PAN access to IIAB server +# Bluetooth PAN access to IIAB server - for Raspberry Pi - for 4-SERVER-OPTIONS bluetooth_install: True bluetooth_enabled: False bluetooth_term_enabled: False @@ -169,16 +156,6 @@ apache_allow_sudo: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") -# UNMAINTAINED as of July 2021 -squid_install: False -squid_enabled: False - -# UNMAINTAINED as of July 2021 -# DansGuardian REQUIRES Squid (above) be installed & enabled. -# DansGuardian is NO LONGER AVAILABLE in Debian Buster i.e. since June 2019. -dansguardian_install: False -dansguardian_enabled: False - # Common UNIX Printing System (CUPS) cups_install: False cups_enabled: False From 15a42dcd7f39fed409262e564de866456de84897 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 8 Aug 2021 10:54:27 -0400 Subject: [PATCH 29/29] Fix nginx/templates/apache-ports.conf + Update nginx/README.md --- roles/nginx/README.md | 12 ++++++------ roles/nginx/tasks/install.yml | 2 +- .../{apache-ports.conf.j2 => apache-ports.conf} | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) rename roles/nginx/templates/{apache-ports.conf.j2 => apache-ports.conf} (91%) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 758f6a1e4..fd70c279e 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,7 +10,7 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2021-07-24: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))* +3. Current state of IIAB App/Service migrations as of 2021-08-08: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))* 1. These support "Native" NGINX but ***NOT*** Apache @@ -37,11 +37,11 @@ 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: - * NONE: Apache support is being fully removed starting 2021-07-06 ([PR #2850](https://github.com/iiab/iiab/pull/2850)) + * **NONE: Apache support is now fully REMOVED as of 2021-08-08** ([PR #2850](https://github.com/iiab/iiab/pull/2850)) 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache. - * elgg [*, should be deprecated, or considered for a complete overhaul from ancient Elgg 2.x to 4.x?] + * elgg [deprecated -- consider assisting with a complete overhaul from Elgg 2.x to 4.x ?] 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) @@ -53,11 +53,11 @@ * minetest * mosquitto * openvpn - * pbx [*, requires Apache for now, as in Section iii., [PR #2862](https://github.com/iiab/iiab/pull/2862)] + * pbx [*, recommends Apache for now, as in Section iii., [#2914](https://github.com/iiab/iiab/issues/2914)] * phpmyadmin [*, requires Apache for now, as in Section iii.] - * samba + * samba [*] * sshd * transmission * vnstat -[*] The 4 above starred roles could use improvement, as of 2021-07-24. +[*] The 4 above starred roles could use improvement, as of 2021-08-08. diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 6a33254d5..5a0285af6 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -50,7 +50,7 @@ - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' } - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' } - - { src: 'apache-ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # 2021-08-08: Restored from enable-or-disable.yml + - { src: 'apache-ports.conf', dest: '/etc/{{ apache_service }}/ports.conf' } # 2021-08-08: Restored from enable-or-disable.yml # - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml, invoked later by roles/www_options/tasks/main.yml (see below!) - debug: diff --git a/roles/nginx/templates/apache-ports.conf.j2 b/roles/nginx/templates/apache-ports.conf similarity index 91% rename from roles/nginx/templates/apache-ports.conf.j2 rename to roles/nginx/templates/apache-ports.conf index a10d24122..3ed5e9035 100644 --- a/roles/nginx/templates/apache-ports.conf.j2 +++ b/roles/nginx/templates/apache-ports.conf @@ -6,7 +6,7 @@ #Listen 80 # IIAB NGINX proxying to legacy svcs (Dec 2019 - Aug 2021) -#Listen 127.0.0.1:{{ apache_port }} +#Listen 127.0.0.1:8090 # # Listen 443