diff --git a/roles/2-common/tasks/iiab-startup.yml b/roles/2-common/tasks/iiab-startup.yml index 8509bba5b..65ac2f695 100644 --- a/roles/2-common/tasks/iiab-startup.yml +++ b/roles/2-common/tasks/iiab-startup.yml @@ -3,20 +3,20 @@ path: /usr/libexec/iiab-startup.sh register: startup_script -- name: Copy template script to /usr/libexec/iiab-startup.sh +- name: If not, install /usr/libexec/iiab-startup.sh from template template: src: iiab-startup.sh dest: /usr/libexec/ mode: 0755 when: not startup_script.stat.exists -- name: Copy iiab-startup.service to {{ systemd_location }} +- name: Install {{ systemd_location }}/iiab-startup.service from template template: src: iiab-startup.service dest: "{{ systemd_location }}" when: not startup_script.stat.exists -- name: Enable & restart the systemd service after daemon-reload +- name: Enable & restart systemd service (iiab-startup) after daemon-reload # shell: systemctl daemon-reload # shell: systemctl restart iiab-startup.service # shell: systemctl enable iiab-startup.service diff --git a/roles/2-common/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml index d84900650..02db8ee97 100644 --- a/roles/2-common/tasks/iptables.yml +++ b/roles/2-common/tasks/iptables.yml @@ -4,12 +4,13 @@ enabled: no when: not is_debuntu -- name: Use larger hammer to disable firewalld -- 2 symbolic links involved (OS's other than debuntu) - shell: "systemctl disable firewalld.service" +# Likely no longer nec as of 2019 +- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu) + shell: systemctl disable firewalld.service when: not is_debuntu - name: Mask firewalld service (OS's other than debuntu) - shell: 'systemctl mask firewalld' + shell: systemctl mask firewalld ignore_errors: yes when: not installing and not is_debuntu @@ -20,17 +21,17 @@ ignore_errors: yes when: not installing and not is_debuntu -- name: Remove iptables.service file from /etc +- name: Remove /etc/systemd/system/iptables.service file: path: /etc/systemd/system/iptables.service state: absent -- name: Remove iptables-xs.service file from /etc - file: - path: /etc/systemd/system/iptables-xs.service - state: absent +#- name: Remove iptables-xs.service file from /etc +# file: +# path: /etc/systemd/system/iptables-xs.service +# state: absent -- name: Install iptables service package (debuntu) +- name: Install package iptables-persistent (debuntu) package: name: iptables-persistent state: present @@ -38,7 +39,7 @@ tags: - download -- name: Install iptables service package (OS's other than debuntu) +- name: Install package iptables-services (OS's other than debuntu) package: name: iptables-services state: present @@ -46,17 +47,15 @@ tags: - download -- name: Install iptables services +- name: Install /etc/sysconfig/iptables-config from template template: - src: "{{ item.0 }}" - dest: "{{ item.1 }}" + src: iptables-config + dest: /etc/sysconfig/iptables-config owner: root group: root - mode: "{{ item.2 }}" - with_items: - - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' } + mode: 0644 -- name: Install Debian config (debuntu) +- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu) template: src: iptables dest: /etc/network/if-pre-up.d/iptables diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 48a072231..8dad669df 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -72,7 +72,7 @@ value: 1 state: present -- name: Install custom profile file +- name: Install custom /etc/profile.d/zzz_iiab.sh from template template: dest: /etc/profile.d/zzz_iiab.sh src: zzz_iiab.sh diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index c8367b31d..fcff88c52 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,72 +1,72 @@ -- name: Install yum/dnf packages (redhat) +- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" package: name: - - yum-utils - - createrepo - - wpa_supplicant - - linux-firmware - - syslog - - xml-common - - nss-mdns - avahi - avahi-tools + - createrepo + - linux-firmware + - nss-mdns + - openssl # FC 18 does not supply, but pear requires + - syslog + - wpa_supplicant + - xml-common + - yum-utils state: present when: is_redhat -- name: Download & install usbmount, missing from Debian Stretch (debian-9) +- name: Install {{ iiab_download_url }}/usbmount_0.0.14.1_all.deb, missing from Debian Stretch (debian-9) apt: deb: "{{ iiab_download_url }}/usbmount_0.0.14.1_all.deb" #timeout: "{{ download_timeout }}" # Ansible's apt module doesn't support timeout parameter; that's ok as usbmount_0.0.14.1_all.deb is only 10KB when: internet_available and is_debian_9 -- name: Install packages (debuntu) +- name: "Install 7 deb/apt packages: avahi-daemon, avahi-discover, exfat-fuse, exfat-utils, inetutils-syslogd, libnss-mdns, wpasupplicant (debuntu)" package: name: - - inetutils-syslogd - - wpasupplicant - - libnss-mdns - avahi-daemon - avahi-discover - exfat-fuse - exfat-utils + - inetutils-syslogd + - libnss-mdns + - wpasupplicant state: present when: is_debuntu -- name: Install common packages +- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, openssh-server, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget" package: name: - acpid - - mlocate - - rsync - - htop + - bridge-utils + - bzip2 + - curl #- etckeeper # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 - - python-passlib - - usbmount - - net-tools - - openssh-server - - sudo + - gawk + - hostapd + - htop + - i2c-tools - logrotate + #- lynx # already installed by 1-prep's roles/iiab-admin/tasks/access.yml - make + - mlocate + - netmask + - net-tools + - ntfs-3g + - openssh-server + - pandoc + - rsync + - sudo - tar - unzip - - bzip2 - - i2c-tools - - bridge-utils - - netmask + - usbmount - usbutils - - hostapd - wget - - openssl # FC 18 does not supply, but pear requires - - gawk - - curl - - pandoc - - lynx # already installed by 1-prep's roles/iiab-admin/tasks/access.yml - - ntfs-3g state: present -- name: Install common Python packages {python-pip, python-setuptools, python-virtualenv} +- name: "Install 4 common Python packages: python-passlib, python-pip, python-setuptools, python-virtualenv" package: name: + - python-passlib - python-pip - python-setuptools - python-virtualenv diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 5d07b28af..2b1672f1a 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -15,8 +15,8 @@ # has no "when: XXXXX_install" flag tags: base, mysql -- name: Restart httpd - service: +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: name: "{{ apache_service }}" state: restarted when: not installing diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index fab02336e..ec90b4118 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -3,22 +3,22 @@ - name: ...IS BEGINNING ================================== command: echo -- name: Installing dnsmasq +- name: Install dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install tags: base, domain, dnsmasq, network -- name: Installing named +- name: Install named / BIND include_tasks: roles/network/tasks/named.yml when: named_install tags: base, named, network, domain -- name: Installing dhcpd +- name: Install dhcpd include_tasks: roles/network/tasks/dhcpd.yml when: dhcpd_install tags: base, dhcpd, network, domain -- name: Installing Squid +- name: Install Squid (and DansGuardian if dansguardian_install) include_tasks: roles/network/tasks/squid.yml when: squid_install tags: base, squid, network, domain diff --git a/roles/activity-server/tasks/main.yml b/roles/activity-server/tasks/main.yml index 8be5c0805..b0593a613 100644 --- a/roles/activity-server/tasks/main.yml +++ b/roles/activity-server/tasks/main.yml @@ -116,11 +116,12 @@ enabled=yes state=restarted -- name: add xs-activity-server to service list - ini_file: dest='{{ iiab_ini_file }}' - section=activity-server - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'activity-server' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: activity-server + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: "Activity Server" diff --git a/roles/ajenti/tasks/main.yml b/roles/ajenti/tasks/main.yml index 045403d93..e5a03096a 100644 --- a/roles/ajenti/tasks/main.yml +++ b/roles/ajenti/tasks/main.yml @@ -47,11 +47,12 @@ state=restarted when: ajenti_enabled -- name: Add ajenti to service list - ini_file: dest='{{ iiab_ini_file }}' - section=ajenti - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'ajenti' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: ajenti + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: ajenti diff --git a/roles/authserver/tasks/main.yml b/roles/authserver/tasks/main.yml index 817068d0f..00ec12408 100644 --- a/roles/authserver/tasks/main.yml +++ b/roles/authserver/tasks/main.yml @@ -50,18 +50,19 @@ enabled=yes when: authserver_enabled -- name: add xs-authserver to service list - ini_file: dest='{{ iiab_ini_file }}' - section=xs-authserver - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'authserver' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: authserver + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: XS-authserver - option: description - value: '"xs-authserver implements a seamless web authentication service - using XO laptop registration capabilities. It is heavily inspired - by the Moodle OLPC-XS authentication plugin"' + value: '"authserver (xs-authserver) implements a seamless web authentication + service using XO laptop registration capabilities. It is heavily + inspired by the Moodle OLPC-XS authentication plugin"' - option: port value: 5000 - option: path diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 355e81409..97ee62195 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,4 +1,4 @@ -- name: Install packages {awstats, pwauth, openssl} +- name: 'Install 3 packages: awstats, openssl, pwauth' package: name: - awstats @@ -8,7 +8,7 @@ tags: - download -- name: Install packages libapache2-mod-authnz-external and apache2-utils (debuntu) +- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external (debuntu)' package: name: - libapache2-mod-authnz-external @@ -22,7 +22,7 @@ command: a2enmod cgi when: is_debuntu -- name: Create directory for AWStats to use as intermediate summary storage +- name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}' # /library/awstats & /var/log/apache2 typically file: path: "{{ item }}" mode: 0750 diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index eba3828b0..7efc20bda 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -1,9 +1,9 @@ - include_tasks: install.yml when: awstats_install -- name: Add 'awstats' to list of services at {{ iiab_ini_file }} +- name: Add 'awstats' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: awstats option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index c4013ca6e..37e30cd72 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Create Calibre-Web folders to store data and configuration files +- name: Create 3 Calibre-Web folders to store data and configuration files file: path: "{{ item }}" owner: "{{ calibreweb_user }}" @@ -84,7 +84,7 @@ when: not metadatadb.stat.exists #when: calibreweb_provision -- name: Enable and restart 'calibre-web' service +- name: Enable and restart 'calibre-web' systemd service systemd: name: calibre-web daemon_reload: yes @@ -101,7 +101,7 @@ # command: apachectl -k graceful # when: calibreweb_enabled -- name: Disable 'calibre-web' service +- name: Disable 'calibre-web' systemd service systemd: name: calibre-web daemon_reload: yes @@ -117,14 +117,14 @@ # command: apachectl -k graceful # when: not calibreweb_enabled -- name: Restart Apache +- name: Restart Apache service {{ apache_service }} systemd: name: "{{ apache_service }}" # httpd or apache2 state: restarted -- name: Add 'calibre-web' to list of services at {{ iiab_ini_file }} +- name: Add 'calibre-web' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: calibre-web option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index bc74b8121..ab16676c1 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -1,6 +1,6 @@ # 1. INSTALL THE LATEST CALIBRE 3.X+ (calibre, calibredb, calibre-server etc) ON ALL OS'S -- name: Check if /usr/bin/calibre exists +- name: Does /usr/bin/calibre exist? stat: path: "/usr/bin/calibre" register: calib_executable @@ -39,7 +39,7 @@ group: root mode: "{{ item.mode }}" backup: no -# register: calibre_config + #register: calibre_config with_items: - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'} - { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'} @@ -49,7 +49,7 @@ systemd: daemon_reload: yes when: (not calib_executable.stat.exists) -# when: calibre_config.changed + #when: calibre_config.changed # 2. STOP CALIBRE SERVICE IF IT EXISTS (REQUIRED FOR DB ACTIVITY...AND IF not calibre_enabled) @@ -59,14 +59,13 @@ # register: calibre_svc - name: Stop Calibre service -- calibre-server by Kovid Goyal -# systemd: - service: + systemd: name: calibre-serve state: stopped #enabled: no -# register: command_result # gist.github.com/tyrells/0a79681de339237cb04c -# failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!) -# when: calibre_svc.stat.exists + #register: command_result # gist.github.com/tyrells/0a79681de339237cb04c + #failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!) + #when: calibre_svc.stat.exists # 3. CREATE USER DATABASE @@ -87,7 +86,7 @@ # 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x) -- name: Check if /library/calibre/metadata.db exists +- name: Does /library/calibre/metadata.db exist? stat: path: "{{ calibre_dbpath }}/metadata.db" register: calibre_db @@ -104,20 +103,20 @@ # https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 # (anyway this works great for calibre-web, allowing http://box/books # to work even better than http://box:8083 when box == 192.168.0.x !) -- name: Create calibre.conf link for UNTESTED http://box/calibre etc (debuntu) +- name: Create symlink calibre.conf from sites-enabled to sites-available, for UNTESTED http://box/calibre etc (debuntu) file: src: /etc/apache2/sites-available/calibre.conf dest: /etc/apache2/sites-enabled/calibre.conf state: link when: calibre_enabled and is_debuntu -- name: Remove calibre.conf link if disabled (debuntu) +- name: Remove symlink /etc/apache2/sites-enabled/calibre.conf (debuntu) file: dest: /etc/apache2/sites-enabled/calibre.conf state: absent when: (not calibre_enabled) and is_debuntu -- name: Enable Calibre service -- runs calibre-server by Kovid Goyal +- name: Enable & Start Calibre service -- runs calibre-server by Kovid Goyal service: name: calibre-serve enabled: yes @@ -126,14 +125,14 @@ #async: 900 #poll: 5 -- name: Forcing apache to reread configs - service: +- name: Reload Apache + systemd: name: "{{ apache_service }}" state: reloaded -- name: Add 'calibre' to list of services at {{ iiab_ini_file }} +- name: Add 'calibre' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: calibre option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index bf6da5f8e..e0c9f3cb1 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -7,24 +7,24 @@ tags: - download -- name: Put our own /etc/cups/cupsd.conf in place, to permit local LAN admin +- name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin template: src: cupsd.conf dest: /etc/cups/cupsd.conf -- name: Put an apache2 config file in place +- name: Install /etc/{{ apache_config_dir }}/cups.conf from template template: src: cups.conf dest: "/etc/{{ apache_config_dir }}/" -- name: Create the link for sites-enabled (debuntu) +- name: Create symlink cups.conf from sites-enabled to sites-available (debuntu) file: src: /etc/apache2/sites-available/cups.conf dest: /etc/apache2/sites-enabled/cups.conf state: link when: cups_enabled and is_debuntu -- name: Enable services for CUPS (OS's other than Fedora 18) +- name: Enable & Start services 'cups' and 'cups-browsed' (OS's other than Fedora 18) service: name: "{{ item }}" state: started @@ -34,8 +34,8 @@ - cups-browsed when: cups_enabled and not is_F18 -- name: Enable services for CUPS (Fedora 18, for XO laptops) - service: +- name: Enable & Start service 'cups' (Fedora 18, for XO laptops) + systemd: name: cups state: started enabled: yes @@ -45,8 +45,8 @@ shell: "cupsctl --remote-admin" when: cups_enabled -- name: Disable services for CUPS (OS's other than Fedora 18) - service: +- name: Disable both CUPS services (OS's other than Fedora 18) + systemd: name: "{{ item }}" state: stopped enabled: no @@ -56,15 +56,15 @@ when: not cups_enabled and not is_F18 - name: Disable services for CUPS (Fedora 18, for XO laptops) - service: + systemd: name: cups state: stopped enabled: no when: not cups_enabled and is_F18 -- name: Add 'cups' to list of services at {{ iiab_ini_file }} +- name: Add 'cups' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: cups option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 1692b1613..7763054db 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -40,11 +40,12 @@ enabled=false when: not docker_enabled -- name: add docker to service list - ini_file: dest='{{ iiab_ini_file }}' - section=docker - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'docker' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: docker + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: Docker Container diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index f1dc4ea6e..e14aba6e7 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -2,9 +2,9 @@ include_tasks: install.yml when: dokuwiki_install -- name: Add 'dokuwiki' to list of services at {{ iiab_ini_file }} +- name: Add 'dokuwiki' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: dokuwiki option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 05d804b09..29b7e34c0 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -119,7 +119,7 @@ name: /tmp/elggdb.sql state: absent -- name: Install Apache's elgg.conf from template, for http://box/elgg +- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box/elgg template: src: elgg.conf dest: "/etc/{{ apache_config_dir }}/elgg.conf" @@ -131,7 +131,7 @@ state: link when: elgg_enabled and is_debuntu -- name: Remove symlink elgg.conf from sites-enabled (debuntu) +- name: Remove symlink /etc/apache2/sites-enabled/elgg.conf (debuntu) file: path: /etc/apache2/sites-enabled/elgg.conf state: absent @@ -143,14 +143,14 @@ state: absent when: not elgg_enabled and is_redhat -- name: Restart Apache, to enable/disable http://box/elgg +- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/elgg service: name: "{{ apache_service }}" state: restarted -- name: Add 'elgg' to list of services at {{ iiab_ini_file }} +- name: Add 'elgg' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: elgg option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index deb8b26be..0e12493c3 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Install Apache's required packages (debian) +- name: 'Install 3 packages: apache2, php{{ php_version }}, php{{ php_version }}-curl (debian)' package: #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings) #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS? @@ -11,17 +11,7 @@ tags: - download -- name: Debian changed SQLite name (debian-8) - package: - name: "php{{ php_version }}-sqlite" - when: is_debian and ansible_distribution_major_version == "8" - -- name: Debian changed SQLite3 name (debian-9) - package: - name: "php{{ php_version }}-sqlite3" - when: is_debian and ansible_distribution_major_version == "9" - -- name: Install Apache's required packages (ubuntu) +- name: 'Install 2 packages: apache2, php (ubuntu)' package: #name: [u'apache2', u'php'] # FAILS ('u' for Unicode strings) #name: ['apache2', 'php'] # WORKS @@ -33,32 +23,31 @@ tags: - download -- name: SQLite3 no longer included in another package (ubuntu-18) +- name: Install php{{ php_version }}-sqlite (debian-8) package: - name: php{{ php_version }}-sqlite3 - when: is_ubuntu_18 + name: "php{{ php_version }}-sqlite" + when: is_debian and ansible_distribution_major_version == "8" -- name: Install Apache's required packages (redhat) +# SQLite3 no longer included in another package +- name: Install php{{ php_version }}-sqlite3 (debian-9 or ubuntu-18) + package: + name: "php{{ php_version }}-sqlite3" + when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18 + +- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)' package: #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings) #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS name: - httpd + - mod_authnz_external - php - php-curl - - mod_authnz_external state: present when: is_redhat tags: - download -# MOVED DOWN ~58 LINES -#- name: Remove the default apache2 config file (debuntu) -# file: -# path: /etc/apache2/sites-enabled/000-default.conf -# state: absent -# when: is_debuntu - - name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates template: backup: yes @@ -88,7 +77,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } # remove symlinks for mpm-event, replace with mpm-prefork -- name: Remove mpm event symlinks (debuntu) +- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) file: path: "/etc/apache2/mods-enabled/{{ item }}" state: absent @@ -97,7 +86,7 @@ - mpm_event.load when: is_debuntu -- name: Create symlinks for mpm-prefork (debuntu) +- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu) file: src: "/etc/apache2/mods-available/{{ item }}" path: "/etc/apache2/mods-enabled/{{ item }}" @@ -107,7 +96,7 @@ - mpm_prefork.load when: is_debuntu -- name: Turn on mod_proxy (debuntu) +- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)' command: a2enmod {{ item }} with_items: - proxy @@ -116,14 +105,14 @@ - rewrite when: is_debuntu -- name: Create 010-iiab.conf symlink enabling our site (debuntu) +- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu) file: src: "/etc/{{ apache_config_dir }}/010-iiab.conf" path: /etc/apache2/sites-enabled/010-iiab.conf state: link when: is_debuntu -- name: Remove apache2 default config files (debuntu) +- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu) file: path: "{{ item }}" state: absent @@ -140,19 +129,19 @@ group: root state: directory -- name: Create admin group +- name: 'Create group: admin' group: name: admin state: present -- name: Add user {{ apache_user }} (from variable apache_user) to admin group +- name: Add user {{ apache_user }} (from variable apache_user) to group admin user: name: "{{ apache_user }}" groups: admin state: present createhome: no -- name: Create Apache's log dir /var/log/{{ apache_service }} +- name: Create Apache dir /var/log/{{ apache_service }} file: path: "/var/log/{{ apache_service }}" mode: 0755 @@ -160,7 +149,7 @@ group: "{{ apache_user }}" state: directory -- name: Enable systemd service {{ apache_service }} +- name: Enable {{ apache_service }} systemd service service: name: "{{ apache_service }}" enabled: yes @@ -173,23 +162,8 @@ group: "{{ apache_user }}" state: directory -# roles/httpd/templates/iiab-info.conf.j2.deprecated is no longer needed, as -# Apache serves http://box/info directly from above /library/www/html/info -# directly (as generated by /usr/bin/iiab-refresh-wiki-docs) -# -#- name: Remove iiab-info.conf -# file: -# path: "/etc/{{ apache_config_dir }}/iiab-info.conf" -# state: absent -# -#- name: Remove iiab-info.conf symlink (debuntu) -# file: -# path: /etc/apache2/sites-enabled/iiab-info.conf -# state: absent -# when: is_debuntu - # SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways) -- name: Copy osm.conf for http://box/maps (all OS's) +- name: Copy osm.conf to /etc/{{ apache_config_dir }} for http://box/maps (all OS's) copy: src: osm.conf dest: "/etc/{{ apache_config_dir }}" @@ -215,7 +189,7 @@ tags: - base -- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script will run at the end of Stage 4 = roles/4-server-options/tasks/main.yml) +- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) template: src: refresh-wiki-docs.sh dest: /usr/bin/iiab-refresh-wiki-docs @@ -233,3 +207,8 @@ path: /etc/sudoers.d/020_apache_poweroff state: absent when: not apache_allow_sudo + +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" + state: restarted diff --git a/roles/httpd/tasks/php-stem.yml b/roles/httpd/tasks/php-stem.yml index a31c4e064..1869d5981 100644 --- a/roles/httpd/tasks/php-stem.yml +++ b/roles/httpd/tasks/php-stem.yml @@ -11,7 +11,7 @@ # command: cd /; wget http://download.iiab.io/packages/php-stem.x64.tar # when: not is_rpi -- name: Download & unpack php-stem.rpi.tar to / (rpi) +- name: Unarchive http://download.iiab.io/packages/php-stem.rpi.tar to / (rpi) unarchive: src: http://download.iiab.io/packages/php-stem.rpi.tar dest: / @@ -21,7 +21,7 @@ remote_src: yes when: is_rpi -- name: Download & unpack php-stem.x86.tar to / (debian-9 on x86_64 only) +- name: Unarchive http://download.iiab.io/packages/php-stem.x64.tar to / (debian-9 on x86_64 only) unarchive: src: http://download.iiab.io/packages/php-stem.x64.tar dest: / @@ -33,9 +33,3 @@ # Presumably fails on Debian 8 & 10? # Fails on Debian i686 as of 2018-08-07: https://github.com/iiab/iiab/issues/983 # Fails on Ubuntu 18.04 as of 2018-07-28: https://github.com/iiab/iiab/issues/829 - -# No need to do this twice? Happens later @ https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml#L24-L28 -#- name: Restart apache2 / httpd -# service: -# name: "{{ apache_service }}" -# state: restarted diff --git a/roles/idmgr/tasks/main.yml b/roles/idmgr/tasks/main.yml index 5b49d3f76..7d70dd11e 100644 --- a/roles/idmgr/tasks/main.yml +++ b/roles/idmgr/tasks/main.yml @@ -79,15 +79,16 @@ insertafter='^#allowsftp' line=allowsftp -- name: Add idmgr to service list - ini_file: dest='{{ iiab_ini_file }}' - section=idmgr - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'idmgr' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: idmgr + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: idmgr - option: description - value: '"Idmgr is an automatic identity manager for XO clients which enables automatic backup"' + value: '"IdMgr is an automatic identity manager for XO clients which enables automatic backup"' - option: enabled value: "{{ xo_services_enabled }}" diff --git a/roles/iiab-admin/tasks/access.yml b/roles/iiab-admin/tasks/access.yml index 93d2b0c28..c09fd503f 100644 --- a/roles/iiab-admin/tasks/access.yml +++ b/roles/iiab-admin/tasks/access.yml @@ -1,4 +1,4 @@ -- name: Install textmode remote access packages {screen, lynx} +- name: "Install textmode remote access packages: screen, lynx" package: name: - screen diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 900ce6db3..28063b45f 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -12,7 +12,7 @@ kalite_db_name: "{{ kalite_root }}/database/data.sqlite" when: not is_F18 -- name: See if KA Lite is already configured +- name: Does KA Lite database {{ kalite_db_name }} exist? # See if KA Lite is already configured stat: path: "{{ kalite_db_name }}" register: kalite_installed @@ -36,9 +36,9 @@ - include_tasks: enable.yml -- name: Add 'kalite' to list of services at {{ iiab_ini_file }} +- name: Add 'kalite' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: kalite option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 71e4fc7ad..fa09e5f00 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -1,6 +1,6 @@ # 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE -- name: Create various directories for Kiwix ZIM files +- name: Create directory {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files file: path: "{{ item }}" owner: root @@ -12,12 +12,12 @@ - "{{ iiab_zim_path }}/content" - "{{ iiab_zim_path }}/index" -- name: Check for /library/zims/library.xml +- name: Check for {{ kiwix_library_xml }} # /library/zims/library.xml stat: path: "{{ kiwix_library_xml }}" register: kiwix_xml -- name: Place a stub /library/zims/library.xml if file does not exist +- name: Install a stub /library/zims/library.xml if one doesn't exist template: src: "{{ item }}" dest: "{{ kiwix_library_xml }}" @@ -34,12 +34,12 @@ path: "{{ kiwix_path }}/bin/kiwix-serve" register: kiwix_bin -- name: Set kiwix_force_install if kiwix-serve not found +- name: Set fact kiwix_force_install if kiwix-serve not found set_fact: kiwix_force_install: True when: not kiwix_bin.stat.exists -- name: Copy test.zim file if kiwix_force_install +- name: Install {{ iiab_zim_path }}/content/test.zim if kiwix_force_install copy: src: test.zim dest: "{{ iiab_zim_path }}/content/test.zim" @@ -49,7 +49,7 @@ force: no when: kiwix_force_install -- name: Create /opt/iiab/kiwix/bin directory +- name: Create {{ kiwix_path }}/bin directory # /opt/iiab/kiwix/bin file: path: "{{ kiwix_path }}/bin" owner: root @@ -59,7 +59,7 @@ # 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install -- name: Unarchive kiwix-tools .tar.gz to /tmp +- name: Unarchive {{ kiwix_src_file }} to /tmp # e.g. kiwix-tools_linux-armhf-0.6.1-1.tar.gz unarchive: src: "{{ downloads_dir }}/{{ kiwix_src_file }}" dest: /tmp @@ -73,7 +73,7 @@ # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU -- name: Enable the mods which permit Apache to proxy (debuntu) +- name: Enable the 4 mods which permit Apache to proxy (debuntu) apache2_module: name: "{{ item }}" with_items: @@ -85,7 +85,7 @@ # 4. CREATE/ENABLE/RESTART (OR DISABLE) KIWIX SERVICE & ITS CRON JOB -- name: Create 'kiwix-serve' service and related files +- name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py, kiwix.conf' template: backup: no src: "{{ item.src }}" @@ -101,14 +101,14 @@ # - { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'} - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'} -- name: Enable Kiwix Proxy in Apache - is disabled by turning off kiwix service (debuntu) +- name: Create softlink kiwix.conf from sites-enabled to sites-available - for Kiwix Proxy in Apache - is disabled by turning off service kiwix-serve (debuntu) file: src: /etc/apache2/sites-available/kiwix.conf path: /etc/apache2/sites-enabled/kiwix.conf state: link when: is_debuntu -- name: Enable 'kiwix-serve' service +- name: Enable & Restart 'kiwix-serve' service service: name: kiwix-serve enabled: yes @@ -149,9 +149,9 @@ # 5. FINALIZE -- name: Add 'kiwix' to list of services at {{ iiab_ini_file }} +- name: Add 'kiwix' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: kiwix option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index e7f7cd8ec..961ee1bb2 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -9,7 +9,7 @@ system: yes create_home: no -- name: Create /library/kolibri to store data and configuration files +- name: Create {{ kolibri_home }} (for data) and {{ kolibri_venv_path }} (for program/config) file: path: "{{ item }}" owner: "{{ kolibri_user }}" @@ -20,7 +20,7 @@ - "{{ kolibri_home }}" - "{{ kolibri_venv_path }}" -- name: Install kolibri using pip on all OS's +- name: Install latest kolibri using pip pip: name: kolibri virtualenv: "{{ kolibri_venv_path }}" @@ -29,17 +29,17 @@ extra_args: --no-cache-dir when: internet_available -- name: Run kolibri migrations +- name: Run Kolibri migrations shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate ignore_errors: yes when: kolibri_provision -- name: Set kolibri default language +- name: Set Kolibri default language shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" ignore_errors: yes when: kolibri_provision -- name: Create kolibri default facility name, admin account and language +- name: Create Kolibri default facility name, admin account and language shell: > export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" @@ -48,7 +48,7 @@ ignore_errors: yes when: kolibri_provision -- name: Change /library/kolibri directory permissions +- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} file: path: "{{ kolibri_home }}" owner: "{{ kolibri_user }}" @@ -80,9 +80,9 @@ state: stopped when: not kolibri_enabled -- name: Add 'kolibri' to list of services at {{ iiab_ini_file }} +- name: Add 'kolibri' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: kolibri option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 663e703fe..bbcad9cfe 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,4 +1,4 @@ -- name: Install packages php{{ php_version }}-intl and php{{ php_version }}-mbstring +- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring' package: name: - "php{{ php_version }}-intl" @@ -25,7 +25,7 @@ mode: 0755 keep_newer: yes -- name: Ensure MySQL is running, so we can create db +- name: Start MySQL service, so we can create db service: state: started name: "{{ mysql_service }}" @@ -60,12 +60,12 @@ chdir: "{{ mediawiki_abs_path }}" creates: "{{ mediawiki_abs_path }}/LocalSettings.php" -- name: Copy mediawiki.conf to permit http://box{{ mediawiki_url }} +- name: Install /etc/{{ apache_config_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} template: src: mediawiki.conf.j2 dest: "/etc/{{ apache_config_dir }}/mediawiki.conf" -- name: Enable mediawiki.conf if mediawiki_enabled (debuntu) +- name: Create softlink mediawiki.conf from sites-enabled to sites-available, if mediawiki_enabled (debuntu) file: src: /etc/apache2/sites-available/mediawiki.conf dest: /etc/apache2/sites-enabled/mediawiki.conf @@ -83,9 +83,9 @@ name: "{{ apache_service }}" state: restarted -- name: Add 'mediawiki' to list of services at {{ iiab_ini_file }} +- name: Add 'mediawiki' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: mediawiki option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 65f124022..2029c6b2d 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Install packages mongodb-server and mongodb +- name: 'Install packages: mongodb, mongodb-server' package: name: - mongodb-server @@ -8,7 +8,7 @@ tags: - download -- name: Create the data directory for MongoDB +- name: Create 3 dirs for MongoDB file: state: directory path: "{{ item.path }}" @@ -18,7 +18,7 @@ - { path: "{{ mongodb_db_path }}" } # == /library/dbdata/mongodb/ - { path: '/var/log/mongodb' } -- name: Populate & position /etc/mongod.conf, mongodb.service +- name: Populate & position /etc/mongod.conf, mongodb.service, /usr/bin/iiab-mongodb-repair-if-no-lock template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -30,7 +30,7 @@ - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' } - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' } -- name: Enable+restart systemd service if mongodb_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?) +- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?) systemd: name: mongodb enabled: yes @@ -38,16 +38,16 @@ daemon_reload: yes when: mongodb_enabled -- name: 'Disable+stop systemd service if mongodb_enabled: False' +- name: Disable 'mongodb' service, if not mongodb_enabled systemd: name: mongodb enabled: no state: stopped when: not mongodb_enabled -- name: Add 'mongodb' to list of services at {{ iiab_ini_file }} +- name: Add 'mongodb' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: mongodb option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index 512030f14..1c52113df 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -5,7 +5,7 @@ tags: - download -- name: Install chkconfig package -- not in Debian 8 +- name: Install chkconfig package (debian-8) package: name: chkconfig state: present @@ -13,7 +13,7 @@ tags: - download -- name: Update main config file +- name: Install /etc/monitrc from template template: backup: yes src: monitrc @@ -22,15 +22,14 @@ group: root mode: 0600 -- name: Update config files +- name: Install config file /etc/monit.d/watchdog from template template: - src: "{{ item }}" - dest: "/etc/monit.d/{{ item }}" + src: watchdog + dest: /etc/monit.d/watchdog owner: root group: root force: yes mode: 0755 - with_items: watchdog register: monit_config when: false until: monit_config | success @@ -38,16 +37,16 @@ delay: 1 #TODO: create systemd script -- name: Enable 'monit' service +- name: Enable 'monit' service (chkconfig monit on) command: chkconfig monit on when: is_debian and ansible_local.local_facts.os_ver == "debian-8" #- name: Restart monit service # command: service monit restart -- name: Add 'monit' to list of services at {{ iiab_ini_file }} +- name: Add 'monit' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: monit option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/moodle-1.9/moodle/tasks/main.yml b/roles/moodle-1.9/moodle/tasks/main.yml index 0f1cb82be..21f93f909 100644 --- a/roles/moodle-1.9/moodle/tasks/main.yml +++ b/roles/moodle-1.9/moodle/tasks/main.yml @@ -75,11 +75,12 @@ shell: cat /etc/moodle/adminpw register: moodlepw -- name: add moodle to service list - ini_file: dest='{{ iiab_ini_file }}' - section=moodle - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'moodle' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: moodle + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: Moodle diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 2a5554493..86fd21cc1 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -46,21 +46,21 @@ #ignore_errors: yes when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists -- name: Prepare the downloaded directory so Apache can install config file +- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?) file: path: "{{ moodle_base }}" owner: "{{ apache_user }}" recurse: yes state: directory -- name: Give Apache permission to write Moodle data directory +- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} with write permission 0755 file: path: "{{ content_base }}/dbdata/moodle" owner: "{{ apache_user }}" mode: 0755 state: directory -- name: Create a Moodle data dir with Apache permission to write +- name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770 # /library/moodle file: path: "{{ moodle_data }}" owner: "{{ apache_user }}" @@ -73,7 +73,7 @@ path: "/etc/{{ apache_config_dir }}/moodle.conf" state: absent -- name: Install Apache's 022-moodle.conf from template +- name: Install Apache's 022-moodle.conf from template, if moodle_enabled template: src: 022-moodle.j2 dest: "/etc/{{ apache_config_dir }}/022-moodle.conf" @@ -82,25 +82,25 @@ mode: 0644 when: moodle_enabled -- name: Create symlink 022-moodle.conf from sites-enabled to sites-available (debuntu) +- name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu) file: src: /etc/apache2/sites-available/022-moodle.conf dest: /etc/apache2/sites-enabled/022-moodle.conf state: link when: moodle_enabled and is_debuntu -- name: Remove symlink 022-moodle.conf (debuntu) +- name: Remove symlink 022-moodle.conf, if not moodle_enabled (debuntu) file: path: /etc/apache2/sites-enabled/022-moodle.conf state: absent when: not moodle_enabled and is_debuntu -- name: Start postgresql-iiab +- name: Restart postgresql-iiab service: name: postgresql-iiab state: restarted -- name: Create db user +- name: Create PostgreSQL db user Admin/changeme postgresql_user: name: Admin password: changeme @@ -110,7 +110,7 @@ become: yes become_user: postgres -- name: Create database +- name: 'Create database: {{ moodle_database_name }}' postgresql_db: name: "{{ moodle_database_name }}" encoding: utf8 @@ -120,42 +120,42 @@ become: yes become_user: postgres -- name: Put moodle_installer script in {{ moodle_base }} +- name: Install {{ moodle_base }}/moodle_installer from template template: - dest: "{{ moodle_base }}" src: moodle_installer + dest: "{{ moodle_base }}" mode: 0755 -- name: Restart postgresql-iiab +- name: Enable & Restart postgresql-iiab service: name: postgresql-iiab state: restarted enabled: yes when: moodle_enabled -- name: Restart Apache +- name: Restart Apache ({{ apache_service }}) service: name: "{{ apache_service }}" state: restarted -- name: See if {{ moodle_base }}/config.php exists +- name: Does {{ moodle_base }}/config.php exist? stat: path: "{{ moodle_base }}/config.php" register: config -- name: Execute moodle_installer script - shell: '{{ moodle_base }}/moodle_installer' +- name: Execute {{ moodle_base }}/moodle_installer + shell: "{{ moodle_base }}/moodle_installer" when: config.stat.exists is defined and not config.stat.exists -- name: Give Apache permission to read {{ moodle_base }}/config.php +- name: Give read permission 0644 to {{ moodle_base }}/config.php # /opt/iiab/moodle/config.php #command: chown -R {{ apache_user }} {{ moodle_base }} file: path: "{{ moodle_base }}/config.php" mode: 0644 -- name: Add 'moodle' to list of services at {{ iiab_ini_file }} +- name: Add 'moodle' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: moodle option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 558cfa3ce..4a5f0e565 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -40,7 +40,7 @@ create: yes state: present -- name: Enable munin-node service +- name: Enable & Start munin-node systemd service service: name: munin-node enabled: yes @@ -54,7 +54,7 @@ state: link when: munin_enabled and is_debuntu -- name: Remove symlink munin24.conf in sites-enabled if not munin_enabled (debuntu) +- name: Remove symlink /etc/apache2/sites-enabled/munin24.conf if not munin_enabled (debuntu) file: path: /etc/apache2/sites-enabled/munin24.conf state: absent @@ -81,9 +81,9 @@ - /usr/share/munin/plugins/mysql_threads when: mysql_enabled -- name: Add 'munin' to list of services at {{ iiab_ini_file }} +- name: Add 'munin' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: munin option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index b8976373b..8331c32cb 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Install MySQL (debuntu) +- name: 'Install MySQL packages: mariadb-server, mariadb-client, python-mysqldb and 8 php packages (debuntu)' package: name: - mariadb-server @@ -18,19 +18,19 @@ tags: - download -- name: php-xml (ubuntu or debian-9) +- name: Install php{{ php_version }}-xml (ubuntu or debian-9) package: name: "php{{ php_version }}-xml" state: present when: is_ubuntu or is_debian_9 -- name: php-xml (debian-8) +- name: Install php-xml-parser (debian-8) package: - name: "php-xml-parser" + name: php-xml-parser state: present when: is_debian_8 -- name: Install MySQL (OS's other than debuntu) +- name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)" package: name: - MySQL-python @@ -59,14 +59,15 @@ tags: - download -# Name of mysql service varies by OS so softcoded in 1-prep -- name: Start the MySQL service - service: +# Name of MySQL service varies by OS so softcoded in 1-prep +- name: 'Start MySQL systemd service: {{ mysql_service }}' + systemd: name: "{{ mysql_service }}" state: started + when: mysql_enabled -- name: Enable the MySQL service - service: +- name: Enable MySQL systemd service (upon subsequent boots) if mysql_enabled + systemd: name: "{{ mysql_service }}" enabled: yes when: mysql_enabled @@ -74,17 +75,15 @@ # 'localhost' needs to be the last item for idempotency, see # http://ansible.cc/docs/modules.html#mysql-user # unfortunately it still doesn't work -- name: Update MySQL root password for localhost root accounts +- name: Update MySQL root password for localhost root accounts, if mysql_enabled mysql_user: name: root - host: "{{ item }}" + host: localhost password: "{{ mysql_root_password }}" priv: "*.*:ALL,GRANT" - with_items: - - localhost when: mysql_enabled -- name: Install .my.cnf file from template, with root password credentials +- name: Install .my.cnf file from template, with root password credentials, if mysql_enabled template: src: my.cnf.j2 dest: /root/.my.cnf @@ -92,7 +91,7 @@ mode: 0600 when: mysql_enabled -- name: Update MySQL root password for all remaining root accounts +- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1) if mysql_enabled mysql_user: name: root host: "{{ item }}" @@ -104,36 +103,36 @@ - ::1 when: mysql_enabled -- name: Delete anonymous MySQL server user for {{ ansible_hostname }} +- name: Delete anonymous MySQL server user for {{ ansible_hostname }}, if mysql_enabled mysql_user: user: "" host: "{{ ansible_hostname }}" state: absent when: mysql_enabled -- name: Delete anonymous MySQL server user for localhost +- name: Delete anonymous MySQL server user for localhost, if mysql_enabled mysql_user: user: "" state: absent when: mysql_enabled -- name: Remove the MySQL test database +- name: Remove the MySQL 'test' database, if mysql_enabled mysql_db: db: test state: absent when: mysql_enabled # we had to start mysql in order to configure it, now turn if off if not enabled -- name: Provisionally Disable the MySQL service - service: +- name: Config is done but now DISABLE MySQL service, if not mysql_enabled + systemd: name: "{{ mysql_service }}" enabled: no state: stopped when: not mysql_enabled -- name: Add 'mysql' to list of services at {{ iiab_ini_file }} +- name: Add 'mysql' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: mysql option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/dansguardian.yml b/roles/network/tasks/dansguardian.yml index c0e8d297d..4433716fc 100644 --- a/roles/network/tasks/dansguardian.yml +++ b/roles/network/tasks/dansguardian.yml @@ -5,7 +5,7 @@ tags: - download -- name: Copy DansGuardian config file (Fedora) +- name: Install /etc/dansguardian/dansguardian.conf from template (Fedora) template: src: roles/network/templates/squid/dansguardian.conf.j2 dest: /etc/dansguardian/dansguardian.conf @@ -14,7 +14,7 @@ mode: 0640 when: ansible_distribution == "Fedora" -- name: Copy DansGuardian config file (debuntu) +- name: Install /etc/dansguardian/dansguardian.conf from template (debuntu) template: src: roles/network/templates/squid/dansguardian.conf.debian.j2 dest: /etc/dansguardian/dansguardian.conf @@ -23,7 +23,7 @@ mode: 0640 when: is_debuntu -- name: Copy DansGuardian config file (CentOS) +- name: Install /etc/dansguardian/dansguardian.conf from template (CentOS) template: src: roles/network/templates/squid/dansguardian.conf.centos.j2 dest: /etc/dansguardian/dansguardian.conf @@ -32,7 +32,7 @@ mode: 0640 when: ansible_distribution == "CentOS" -- name: Create 'dansguardian' log directory (OS's other than CentOS) +- name: Create directory /var/log/dansguardian (OS's other than CentOS) file: path: /var/log/dansguardian owner: dansguardian @@ -41,7 +41,7 @@ state: directory when: ansible_distribution != "CentOS" -- name: Create DansGuardian log directory (CentOS) +- name: Create directory /var/log/dansguardian (CentOS) file: path: /var/log/dansguardian owner: dansguardian diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 1eb1d18d1..640a52d75 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -11,7 +11,7 @@ enabled: yes when: dhcpd_enabled and dhcpd_install -- name: Copy /etc/sysconfig/dhcpd file +- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -23,7 +23,7 @@ - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' } when: dhcpd_enabled and dhcpd_install -- name: Copy named file +- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -35,63 +35,63 @@ - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' } - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' } -- name: Enable named service - service: +- name: Enable named service ({{ dns_service }}) if named_enabled + systemd: name: "{{ dns_service }}" enabled: yes when: named_enabled and named_install -- name: Disable named service - service: +- name: Disable named service ({{ dns_service }}) if not named_enabled + systemd: name: "{{ dns_service }}" enabled: no when: not named_enabled and named_install -- name: Disable dnsmasq - service: +- name: Disable dnsmasq, if not dnsmasq_enabled + systemd: name: dnsmasq enabled: no when: not dnsmasq_enabled and dnsmasq_install -- name: Copy dnsmasq.conf to /etc +- name: Install /etc/dnsmasq.conf from template, if dnsmasq_enabled template: src: network/dnsmasq.conf.j2 dest: /etc/dnsmasq.conf when: dnsmasq_enabled and dnsmasq_install -- name: Enable dnsmasq - service: +- name: Enable dnsmasq systemd service, if dnsmasq_enabled + systemd: name: dnsmasq enabled: yes when: dnsmasq_enabled and dnsmasq_install -- name: Enable DansGuardian - service: +- name: Enable DansGuardian systemd service, if dansguardian_enabled + systemd: name: dansguardian enabled: yes when: dansguardian_enabled and dansguardian_install -- name: Disable DansGuardian - service: +- name: Disable DansGuardian, if not dansguardian_enabled + systemd: name: dansguardian enabled: no when: not dansguardian_enabled and dansguardian_install -- name: Create xs_httpcache flag +- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled lineinfile: - dest: "{{ iiab_env_file }}" + path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=True' state: present when: squid_enabled and squid_install -- name: Enable Squid service - service: +- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled + systemd: name: "{{ proxy }}" enabled: yes when: squid_enabled and squid_install -- name: Copy init script and config file +- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }} template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -106,20 +106,20 @@ mode: 0644 when: squid_enabled and squid_install -- name: Point to Squid config file from startup file +- name: Point to Squid config file from startup file, if squid_enabled (debuntu) lineinfile: regexp: '^CONFIG' line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf" - dest: "/etc/init.d/{{ proxy }}" + path: "/etc/init.d/{{ proxy }}" when: squid_enabled and squid_install and is_debuntu -- name: Disable Squid service - service: +- name: Disable Squid service, if not squid_enabled + systemd: name: "{{ proxy }}" enabled: no when: not squid_enabled and squid_install -- name: Remove xs_httpcache flag +- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled lineinfile: dest: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' @@ -127,32 +127,30 @@ state: present when: not squid_enabled -- name: Enable Wondershaper service - service: +- name: Enable Wondershaper service, if wondershaper_enabled + systemd: name: wondershaper enabled: yes when: wondershaper_enabled and wondershaper_install -- name: Disable Wondershaper service - service: +- name: Disable Wondershaper service, if not wondershaper_enabled + systemd: name: wondershaper enabled: no when: not wondershaper_enabled and wondershaper_install # check-LAN should be iptables.yml remove later -- name: Grab clean copy of iiab-gen-iptables +- name: Install clean copy of /usr/bin/iiab-gen-iptables from template template: - src: "{{ item.0 }}" - dest: "{{ item.1 }}" + src: gateway/iiab-gen-iptables + dest: /usr/bin/iiab-gen-iptables owner: root group: root mode: 0755 - with_items: - - { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' } -- name: Add 'squid' to list of services at {{ iiab_ini_file }} +- name: Add 'squid' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: squid option: "{{ item.option }}" value: "{{ item.value }}" @@ -160,9 +158,9 @@ - option: enabled value: "{{ squid_enabled }}" -- name: Add 'dansguardian' to list of services at {{ iiab_ini_file }} +- name: Add 'dansguardian' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: dansguardian option: "{{ item.option }}" value: "{{ item.value }}" @@ -170,9 +168,9 @@ - option: enabled value: "{{ dansguardian_enabled }}" -- name: Add 'wondershaper' to list of services at {{ iiab_ini_file }} +- name: Add 'wondershaper' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: wondershaper option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index d450c3b96..0fc0b5a52 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -1,4 +1,4 @@ -- name: Install named packages {bind9, bind9utils} (if debuntu) +- name: "Install named packages: bind9, bind9utils (debuntu)" package: name: - bind9 @@ -8,7 +8,7 @@ tags: - download -- name: Install named packages {bind, bind-utils} (if not debuntu) +- name: "Install named packages: bind, bind-utils (OS's other than debuntu)" package: name: - bind @@ -25,7 +25,7 @@ state: stopped when: first_run and is_debuntu -- name: Set folder permission +- name: "Set 3 folders' ownership to {{ dns_user }}:root and permission to 0755" file: path: "{{ item }}" owner: "{{ dns_user }}" @@ -37,7 +37,7 @@ - /var/named-iiab/data - /etc/sysconfig/olpc-scripts/domain_config.d -- name: Configure named +- name: Install 21 configuration files for named, from templates template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -68,39 +68,39 @@ - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' } -- name: Substitute our unit file which uses $OPTIONS from sysconfig +- name: Install named unit file /etc/systemd/system/{{ dns_service }}.service, which uses $OPTIONS from sysconfig template: src: "roles/network/templates/named/{{ dns_service }}.service" dest: "/etc/systemd/system/{{ dns_service }}.service" mode: 0644 -- name: The dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled) +- name: "Install /etc/{{ apache_config_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)" # in named-iiab.conf, and the redirection of 404 error documents to / template: src: roles/network/templates/named/dns-jail.conf dest: "/etc/{{ apache_config_dir }}/" when: dns_jail_enabled -- name: Separate enabling required (if debuntu and dns_jail_enabled) +- name: Create symlink dns-jail.conf from sites-enabled to sites-available (if debuntu and dns_jail_enabled) file: src: "/etc/{{ apache_config_dir }}/dns-jail.conf" path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf" state: link when: is_debuntu and dns_jail_enabled -- name: Separate disabling required (if debuntu and not dns_jail_enabled) +- name: Remove symlink /etc/{{ apache_service }}/sites-enabled/dns-jail.conf (if debuntu and not dns_jail_enabled) file: path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf" state: absent when: is_debuntu and not dns_jail_enabled -- name: Separate enabling/disabling required (if not debuntu and not dns_jail_enabled) +- name: Remove symlink /etc/{{ apache_config_dir }}/dns-jail.conf (if not debuntu and not dns_jail_enabled) file: path: "/etc/{{ apache_config_dir }}/dns-jail.conf" state: absent when: not is_debuntu and not dns_jail_enabled -- name: Start named after copying files - service: +- name: Start named systemd service + systemd: name: "{{ dns_service }}" state: started diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 09cc67a09..6b71e882c 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -1,4 +1,4 @@ -- name: Install Squid packages {{ proxy }} and cadaver +- name: "Install 2 packages: {{ proxy }}, cadaver" package: name: - "{{ proxy }}" @@ -7,7 +7,7 @@ tags: - download -- name: Bigger hammer for Ubuntu +- name: "Bigger hammer for Ubuntu, run: /etc/init.d/squid stop" command: /etc/init.d/squid stop when: is_ubuntu @@ -17,13 +17,13 @@ state: stopped when: not installing -- name: Create the Squid user +- name: "Create the Squid user: {{ proxy_user }}" user: name: "{{ proxy_user }}" createhome: False shell: /bin/false -- name: Copy init script and config file +- name: "Install from template: /usr/bin/iiab-httpcache, /etc/sysconfig/squid, /etc/{{ proxy }}/sites.whitelist.txt and 3 .rules files" template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -62,7 +62,7 @@ group: 'root' mode: '0755' -- name: Create Squid cache directory +- name: Create Squid directory /library/cache file: path: /library/cache owner: "{{ proxy_user }}" @@ -70,7 +70,7 @@ mode: 0750 state: directory -- name: Create Squid log directory +- name: Create Squid directory /var/log/{{ proxy }} file: path: "/var/log/{{ proxy }}" owner: "{{ proxy_user }}" @@ -82,7 +82,7 @@ when: dansguardian_install # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8 -- name: Add '{{ proxy }}' to list of services at {{ iiab_ini_file }} +- name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: "{{ proxy }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 9b5bdc34e..ee3fe4e9c 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Check for existence of /opt/nextcloud/version.php +- name: Does /opt/nextcloud/version.php exist? stat: path: "{{ nextcloud_prefix }}/nextcloud/version.php" register: nextcloud_page @@ -83,7 +83,7 @@ state: present when: is_redhat -- name: Unpack {{ nextcloud_src_file }} to permanent location /opt/nextcloud +- name: Unarchive {{ nextcloud_src_file }} to permanent location {{ nextcloud_prefix }}/nextcloud # e.g. unpack nextcloud_latest-14.tar.bz2 to /opt/nextcloud unarchive: src: "{{ downloads_dir }}/{{ nextcloud_src_file }}" dest: "{{ nextcloud_prefix }}" @@ -150,9 +150,9 @@ # Enables or disable Nextcloud! - include_tasks: nextcloud_enabled.yml -- name: Add 'nextcloud' to list of services at {{ iiab_ini_file }} +- name: Add 'nextcloud' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: Nextcloud option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/nodogsplash/tasks/rpi.yml b/roles/nodogsplash/tasks/rpi.yml index 2bf76b9e2..56d180f0f 100644 --- a/roles/nodogsplash/tasks/rpi.yml +++ b/roles/nodogsplash/tasks/rpi.yml @@ -1,9 +1,9 @@ -- name: nodogsplash dependencies +- name: Install package libmicrohttpd12 (Nodogsplash dependencies) package: name: libmicrohttpd12 state: present -- name: Download nodogsplash software +- name: Download {{ iiab_download_url }}/{{ nodogsplash_arm_deb }} to {{ downloads_dir }} get_url: url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}" dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}" @@ -12,9 +12,9 @@ #async: 300 #poll: 5 -- name: Install nodogsplash +- name: Install Nodogsplash apt: - deb="{{ downloads_dir }}/{{ nodogsplash_arm_deb }}" + deb: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}" #- name: Create nodogsplash.service # deb file has one # template: @@ -25,7 +25,7 @@ # group: root # mode: 0644 -- name: Install custom files +- name: Install custom /etc/nodogsplash/nodogsplash.conf, /etc/nodogsplash/htdocs/splash.html template: backup: no src: "{{ item.src }}" @@ -38,23 +38,23 @@ - { src: 'splash.html.j2', dest: '/etc/nodogsplash/htdocs/splash.html', mode: '0644'} # We should probably only start this service on next boot -- name: Enable nodogsplash service - service: +- name: Enable & Start 'nodogsplash' systemd service, if nodogsplash_enabled + systemd: name: nodogsplash enabled: yes state: started when: nodogsplash_enabled -- name: Disable nodogsplash service - service: +- name: Disable 'nodogsplash' systemd service, if not nodogsplash_enabled + systemd: name: nodogsplash enabled: no state: stopped when: not nodogsplash_enabled -- name: Add 'nodogsplash' to list of services at {{ iiab_ini_file }} +- name: Add 'nodogsplash' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: nodogsplash option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 88d95d9d9..6d6b51e6e 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -43,7 +43,7 @@ - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" -- name: "Create 3 directories for: OpenVPN keys, scripts & up_wan" +- name: 'Create dirs: /etc/openvpn/keys, /etc/openvpn/scripts' file: path: "{{ item }}" state: directory @@ -205,9 +205,9 @@ # when: not openvpn_enabled and not installing -- name: Add 'openvpn' to list of services at {{ iiab_ini_file }} +- name: Add 'openvpn' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: openvpn option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/osm/tasks/main.yml b/roles/osm/tasks/main.yml index 984b8ebd1..49ccb8574 100644 --- a/roles/osm/tasks/main.yml +++ b/roles/osm/tasks/main.yml @@ -1,30 +1,28 @@ -- name: Install OSM required packages (debuntu) +- name: Install 5 OSM required packages (debuntu) package: - name: "{{ item }}" + name: + - gcc + - python-dev + - liblzma-dev + - libapache2-mod-wsgi + - libapache2-mod-xsendfile state: present - with_items: - - gcc - - python-dev - - liblzma-dev - - libapache2-mod-wsgi - - libapache2-mod-xsendfile when: is_debuntu -- name: Install OSM required packages (not debuntu) +- name: Install 6 OSM required packages (not debuntu) package: - name: "{{ item }}" + name: + - python-pip + - gcc + - python-devel + - xz-devel + - mod_wsgi + - mod_xsendfile state: present - with_items: - - python-pip - - gcc - - python-devel - - xz-devel - - mod_wsgi - - mod_xsendfile when: not is_debuntu # OSM wants a specific version do that first -- name: Install Whoosh 2.6 (debuntu) +- name: Install Whoosh 2.6 using pip, into virtualenv (debuntu) pip: name: whoosh virtualenv: "{{ osm_venv }}" @@ -33,7 +31,7 @@ extra_args: "--no-cache-dir" when: internet_available and is_debuntu -- name: Install Flask 0.12X (debuntu) +- name: Install Flask 0.12.4 using pip, into virtualenv (debuntu) pip: name: Flask virtualenv: "{{ osm_venv }}" @@ -42,7 +40,7 @@ extra_args: "--no-cache-dir" when: internet_available and is_debuntu -- name: Install OSM with dependencies (debuntu) +- name: Install OSM with dependencies using pip, into virtualenv (debuntu) pip: name: "{{ item }}" virtualenv: "{{ osm_venv }}" @@ -55,56 +53,56 @@ when: internet_available and is_debuntu # OSM wants a specific version do that first -- name: Install Whoosh 2.6 (not debuntu) +- name: Install Whoosh 2.6 using pip, into virtualenv (not debuntu) pip: name: whoosh virtualenv: "{{ osm_venv }}" virtualenv_site_packages: no version: 2.6 -# extra_args="--no-cache-dir" + #extra_args: "--no-cache-dir" when: internet_available and not is_debuntu -- name: Install Flask 0.12X (not debuntu) +- name: Install Flask 0.12.4 using pip, into virtualenv (not debuntu) pip: name: Flask virtualenv: "{{ osm_venv }}" virtualenv_site_packages: no version: 0.12.4 -# extra_args="--no-cache-dir" + #extra_args: "--no-cache-dir" when: internet_available and not is_debuntu -- name: Install OSM with dependencies (not debuntu) +- name: Install OSM with dependencies using pip, into virtualenv (not debuntu) pip: name: "{{ item }}" virtualenv: "{{ osm_venv }}" virtualenv_site_packages: no -# extra_args="--no-cache-dir" + #extra_args: "--no-cache-dir" with_items: - MarkupSafe - pytz - Internet-in-a-Box when: internet_available and not is_debuntu -- name: Set osm_path (redhat) +- name: Set osm_path fact (redhat) set_fact: #osm_path: "{{ osm_venv }}/{{ python_path }}/iiab" osm_path: "{{ osm_venv }}{{ python_path }}/iiab" when: osm_enabled and is_redhat -- name: Set osm_path (debuntu) +- name: Set osm_path fact (debuntu) set_fact: #osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab" osm_path: "{{ osm_venv }}lib/python2.7/site-packages/iiab" when: osm_enabled and is_debuntu -- name: Point wsgi to virtual environment (all OS's) +- name: Point wsgi to virtual environment lineinfile: - dest: "{{ osm_venv }}/bin/iiab.wsgi" + path: "{{ osm_venv }}/bin/iiab.wsgi" regexp: "path_to_virtualenv = None" line: "path_to_virtualenv = '/usr/local/osm'" state: present -- name: Copy OSM config file (all OS's) +- name: Install /etc/{{ apache_config_dir }}/osm.conf from template template: src: osm.conf.j2 dest: "/etc/{{ apache_config_dir }}/osm.conf" @@ -114,41 +112,41 @@ backup: no when: osm_enabled -- name: Create a link from sites-enabled to sites-available (debuntu) +- name: Create softlink osm.conf from sites-enabled to sites-available (debuntu) file: src: "/etc/{{ apache_config_dir }}/osm.conf" - dest: /etc/apache2/sites-enabled/osm.conf + path: /etc/apache2/sites-enabled/osm.conf state: link when: osm_enabled and is_debuntu -- name: Remove the link from sites-enabled to sites-available (debuntu) +- name: Remove softlink osm.conf from sites-enabled (debuntu) file: - dest: /etc/apache2/sites-enabled/osm.conf + path: /etc/apache2/sites-enabled/osm.conf state: absent when: not osm_enabled and is_debuntu -- name: Remove the osm.conf (redhat) +- name: Remove /{{ apache_config_dir }}/osm.conf (redhat) file: - dest: "/{{ apache_config_dir }}/osm.conf" + path: "/{{ apache_config_dir }}/osm.conf" state: absent when: not osm_enabled and is_redhat -- name: Remove link to cgi (all OS's) +- name: Remove link {{ doc_root }}/osm.wsgi file: - dest: "{{ doc_root }}/osm.wsgi" + path: "{{ doc_root }}/osm.wsgi" state: absent when: not osm_enabled -- name: Create link to cgi (all OS's) +- name: Create softlink osm.wsgi to iiab.cgi file: src: "{{ osm_venv }}/bin/iiab.wsgi" - dest: "{{ doc_root }}/osm.wsgi" + path: "{{ doc_root }}/osm.wsgi" owner: root group: root state: link when: osm_enabled -- name: Create the knowledge data set folders +- name: Create dir /library/knowledge/modules file: path: /library/knowledge/modules state: directory @@ -156,7 +154,7 @@ group: "{{ apache_user }}" # the following was brought into OSM playbook from iiab-factory osm-fix script -- name: Copy the files +- name: Install 6 files from templates template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -174,9 +172,9 @@ name: "{{ apache_service }}" state: restarted -- name: Add 'osm' to list of services at {{ iiab_ini_file }} +- name: Add 'osm' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: osm option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml index e01b79149..488c6680f 100644 --- a/roles/owncloud/tasks/main.yml +++ b/roles/owncloud/tasks/main.yml @@ -105,11 +105,12 @@ - include_tasks: owncloud_enabled.yml when: owncloud_enabled -- name: Add owncloud to service list - ini_file: dest='{{ iiab_ini_file }}' - section=owncloud - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'owncloud' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: owncloud + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: owncloud diff --git a/roles/pathagar/tasks/main.yml b/roles/pathagar/tasks/main.yml index f50e042f7..ef4f895db 100644 --- a/roles/pathagar/tasks/main.yml +++ b/roles/pathagar/tasks/main.yml @@ -188,14 +188,14 @@ state: absent when: not pathagar_enabled and is_debuntu -- name: Restart http - service: +- name: Reload Apache ({{ apache_service }}) + systemd: name: "{{ apache_service }}" state: reloaded -- name: Add 'pathagar' to list of services at {{ iiab_ini_file }} +- name: Add 'pathagar' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: pathagar option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index fabe8fd94..7fc1e5e3e 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Download phpMyAdmin software +- name: Download {{ iiab_download_url }}/{{ phpmyadmin_name_zip }} to {{ downloads_dir }} get_url: url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}" dest: "{{ downloads_dir }}" @@ -6,7 +6,7 @@ #register: phpmyadmin_dl_output when: internet_available -- name: Check if /opt/iiab/downloads/{{ phpmyadmin_name_zip }} exists +- name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist? # e.g. /opt/iiab/downloads/phpMyAdmin-4.8.3-all-languages.zip stat: path: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }}" register: phpmyadmin_dl @@ -22,14 +22,14 @@ dest: /opt owner: "{{ apache_user }}" -- name: Create symbolic link /opt/phpmyadmin to phpMyAdmin folder above +- name: Create symlink from /opt/phpmyadmin to {{ phpmyadmin_name }} file: src: "{{ phpmyadmin_name }}" - dest: /opt/phpmyadmin + path: /opt/phpmyadmin owner: "{{ apache_user }}" state: link -- name: Copy phpMyAdmin's config file into place +- name: Install /opt/phpmyadmin/config.inc.php from template template: src: config.inc.php dest: /opt/phpmyadmin/config.inc.php @@ -46,28 +46,28 @@ # # recurse: yes # # state: directory -- name: Put the alias into Apache config when enabled +- name: Install /etc/{{ apache_config_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled template: src: phpmyadmin.j2 dest: "/etc/{{ apache_config_dir }}/phpmyadmin.conf" when: phpmyadmin_enabled -- name: Enable phpMyAdmin +- name: Create symlink phpmyadmin.conf from sites-enabled to sites-available (debuntu) file: src: /etc/apache2/sites-available/phpmyadmin.conf - dest: /etc/apache2/sites-enabled/phpmyadmin.conf + path: /etc/apache2/sites-enabled/phpmyadmin.conf state: link when: phpmyadmin_enabled and is_debuntu -- name: Remove the alias into Apache config when not enabled +- name: Remove /etc/apache2/sites-enabled/phpmyadmin.conf, if not phpmyadmin_enabled (debuntu) file: path: /etc/apache2/sites-enabled/phpmyadmin.conf state: absent when: not phpmyadmin_enabled and is_debuntu -- name: Add 'phpmyadmin' to list of services at {{ iiab_ini_file }} +- name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: phpmyadmin option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index ca6196cc3..bb7ca4478 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -21,7 +21,7 @@ tags: - download -- name: Create postgresql-iiab systemd service +- name: Install /etc/systemd/system/postgresql-iiab.service from template template: src: postgresql-iiab.service dest: /etc/systemd/system/postgresql-iiab.service @@ -29,7 +29,7 @@ group: root mode: 0644 -- name: Create postgres data directory +- name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres file: path: /library/pgsql-iiab owner: postgres @@ -37,17 +37,17 @@ mode: 0700 state: directory -- name: Make sure that the en_US locale is enabled (debuntu) +- name: Make sure locale {{ postgresql_locale }} is enabled (debuntu) # en_US.UTF-8 lineinfile: dest: /etc/locale.gen line: "{{ postgresql_locale }} UTF-8" when: is_debuntu -- name: Generate the selected locales (debuntu) +- name: Generate locales (debuntu) command: /usr/sbin/locale-gen when: is_debuntu -- name: Initialize the postgres db (debuntu) +- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (debuntu) #command: su - postgres -c "/usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab" command: /usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab args: @@ -56,7 +56,7 @@ become_user: postgres when: is_debuntu -- name: Initialize the postgres db (OS's other than debuntu) +- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (OS's other than debuntu) #command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab" command: /usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab args: @@ -65,7 +65,7 @@ become_user: postgres when: not is_debuntu -- name: Configure PostgreSQL +- name: Install /library/pgsql-iiab/postgresql.conf owned by postgres:postgres, from template template: backup: yes src: postgresql.conf.j2 @@ -74,34 +74,35 @@ group: postgres mode: 0640 -- name: Stop postgresql service (debuntu) +# Probably Not Nec! Given stanza below does the same. +- name: 'Stop postgresql service: /etc/init.d/postgresql stop (debuntu)' command: "/etc/init.d/postgresql stop" ignore_errors: True when: postgresql_install and is_debuntu -- name: Stop and disable stock postgresql service - service: +- name: Disable stock postgresql service + systemd: name: postgresql state: stopped enabled: no -- name: Start and enable postgresql-iiab service - service: +- name: Enable & Start postgresql-iiab systemd service, if postgresql_enabled + systemd: name: postgresql-iiab state: started enabled: yes when: postgresql_enabled -- name: Stop and disable postgresql-iiab service if not postgresql_enabled - service: +- name: Disable postgresql-iiab service, if not postgresql_enabled + systemd: name: postgresql-iiab state: stopped enabled: no when: not postgresql_enabled -- name: Add 'postgresql' to list of services at {{ iiab_ini_file }} +- name: Add 'postgresql' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: postgresql option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/rachel/tasks/main.yml b/roles/rachel/tasks/main.yml index 98c45c26f..123fedc9a 100644 --- a/roles/rachel/tasks/main.yml +++ b/roles/rachel/tasks/main.yml @@ -23,11 +23,12 @@ - include_tasks: rachel_enabled.yml when: rachel_enabled and rachel_content_found -- name: Add rachel to service list - ini_file: dest='{{ iiab_ini_file }}' - section=rachel - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'rachel' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: rachel + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: rachel diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index b4a60bdb7..54241cac4 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -1,23 +1,19 @@ ---- -# Create a smbuser -# - -- name: Create smb user +- name: "Create smb user: {{ smbuser }}" user: name: "{{ smbuser }}" shell: /sbin/nologin password: "{{ smbpassword }}" -- name: Create the public folder +- name: "Create public folder: {{ shared_dir }}" file: - dest: "{{ shared_dir }}" + path: "{{ shared_dir }}" owner: "{{ smbuser }}" group: "{{ smbuser }}" mode: 0777 state: directory # Install and configure samba server (requires ports 137, 138, 139, 445 open). -- name: Install packages {samba, samba-client, samba-common, cifs-client} +- name: "Install 4 packages: samba, samba-client, samba-common, cifs-client" package: name: - samba @@ -29,50 +25,50 @@ - samba - download -- name: Put our smb.conf in place +- name: Install /etc/samba/smb.conf from template template: src: smb.conf.j2 dest: /etc/samba/smb.conf -- name: Ensure Samba is running and set to start on boot. +- name: Enable & Start Samba systemd service service: name: "{{ smb_service }}" state: started enabled: yes tags: - samba - when : samba_enabled + when: samba_enabled -- name: NetBIOS name server is running and set to start on boot +- name: Enable & Start NetBIOS name server ({{ nmb_service }}) service: name: "{{ nmb_service }}" state: started enabled: yes tags: - samba - when : samba_enabled + when: samba_enabled -- name: Disable Samba if that is wanted +- name: Disable Samba if not samba_enabled service: name: "{{ smb_service }}" state: stopped enabled: no tags: - samba - when : not samba_enabled + when: not samba_enabled -- name: Disable Samba name server if that is wanted +- name: Disable NetBIOS name server ({{ nmb_service }}) if not samba_enabled service: name: "{{ nmb_service }}" state: stopped enabled: no tags: - samba - when : not samba_enabled + when: not samba_enabled -- name: Add 'samba' to list of services at {{ iiab_ini_file }} +- name: Add 'samba' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: samba option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/schooltool/tasks/main.yml b/roles/schooltool/tasks/main.yml index 36a79d977..dceda132e 100644 --- a/roles/schooltool/tasks/main.yml +++ b/roles/schooltool/tasks/main.yml @@ -55,11 +55,12 @@ enabled=no when: not schooltool_enabled -- name: add schooltool to service list - ini_file: dest='{{ iiab_ini_file }}' - section=schooltool - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'schooltool' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: schooltool + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: Schooltool diff --git a/roles/sugar-stats/tasks/main.yml b/roles/sugar-stats/tasks/main.yml index 2dd60cd8e..c2b6a9819 100644 --- a/roles/sugar-stats/tasks/main.yml +++ b/roles/sugar-stats/tasks/main.yml @@ -40,11 +40,12 @@ - include_tasks: statistics-consolidation.yml -- name: Add sugar-stats to service list - ini_file: dest='{{ iiab_ini_file }}' - section=sugar_stats - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'sugar-stats' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: sugar_stats + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: sugar_stats diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index e6e62c108..33def01e3 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -6,6 +6,7 @@ warn: no when: sugarizer_version == "sugarizer-1.0" + # 1. DOWNLOAD+LINK /opt/iiab/sugarizer - name: Clone llaske/sugarizer ({{ sugarizer_git_version }}) from GitHub to /opt/iiab (MAY DOWNLOAD 600+ MB) @@ -17,12 +18,13 @@ depth: 1 when: internet_available -- name: Create symbolic link /opt/iiab/sugarizer -> /opt/iiab/{{ sugarizer_version }} +- name: Create symlink /opt/iiab/sugarizer -> /opt/iiab/{{ sugarizer_version }} file: src: "{{ sugarizer_location }}/{{ sugarizer_version }}" dest: "{{ sugarizer_location }}/sugarizer" state: link + # 2. DOWNLOAD+LINK /opt/iiab/sugarizer-server # 2018-07-11: http://download.iiab.io/packages/sugarizer-server-1.0.tar.gz @@ -55,6 +57,7 @@ dest: "{{ sugarizer_location }}/sugarizer-server" state: link + # 3. INSTALL A GOOD VERSION OF Node.js AND npm - name: Set up Node.js 8.x apt sources (debuntu, but avoid ubuntu-18) @@ -98,6 +101,7 @@ state: latest when: internet_available and (is_ubuntu_18 or not is_debuntu) + # 4. RUN "npm install" TO POPULATE ~35MB /opt/iiab/sugarizer-server/node_modules # Re-running "npm install" USED TO fail on Raspbian 9 if not other OS's ? @@ -170,9 +174,10 @@ chdir: "{{ sugarizer_location }}/{{ sugarizer_server_version }}" when: internet_available + # 5. PLACE CONFIG FILES -- name: Configure sugarizer.service (systemd), sugarizer.conf (Apache) and sugarizer.ini +- name: "Install from templates: sugarizer.service (systemd), sugarizer.conf (Apache), sugarizer.ini and sugarizer-server" template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -185,15 +190,23 @@ - { src: 'sugarizer.service.j2', dest: '/etc/systemd/system/sugarizer.service', mode: '0644' } - { src: 'sugarizer.js', dest: '/opt/iiab/sugarizer-server', mode: '0644' } -- name: Create symlink for short URL http://box/sugarizer +- name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URL http://box/sugarizer (debuntu) file: src: /etc/apache2/sites-available/sugarizer.conf - dest: /etc/apache2/sites-enabled/sugarizer.conf + path: /etc/apache2/sites-enabled/sugarizer.conf state: link + when: sugarizer_enabled and is_debuntu + +- name: "Remove symlink /etc/apache2/sites-enabled/sugarizer.conf, if sugarizer_enabled: False (debuntu)" + file: + path: /etc/apache2/sites-enabled/sugarizer.conf + state: absent + when: not sugarizer_enabled and is_debuntu + # 6. RESTART/STOP SYSTEMD SERVICE -- name: Enable+restart systemd service if sugarizer_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?) +- name: Enable & Restart systemd service if sugarizer_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?) systemd: name: sugarizer enabled: yes @@ -201,19 +214,19 @@ daemon_reload: yes when: sugarizer_enabled -- name: Restart Apache so http://box/sugarizer works (not just http://box:8089) - systemd: - name: "{{ apache_service }}" # httpd or apache2 - state: restarted - when: sugarizer_enabled - -- name: 'Disable+stop systemd service if sugarizer_enabled: False' +- name: "Disable systemd service, if sugarizer_enabled: False" systemd: name: sugarizer enabled: no state: stopped when: not sugarizer_enabled +- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/sugarizer (not just http://box:8089) + systemd: + name: "{{ apache_service }}" # httpd or apache2 + state: restarted + #when: sugarizer_enabled + #- name: Enable services (all OS's) # service: # name: "{{ item.name }}" @@ -231,9 +244,9 @@ # state: stopped # when: not sugarizer_enabled -- name: Add 'sugarizer' to list of services at {{ iiab_ini_file }} +- name: Add 'sugarizer' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: sugarizer option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/teamviewer/tasks/main.yml b/roles/teamviewer/tasks/main.yml index 8fcede986..2162d4efa 100644 --- a/roles/teamviewer/tasks/main.yml +++ b/roles/teamviewer/tasks/main.yml @@ -8,11 +8,12 @@ include_tasks: install.yml when: teamviewer_install -- name: Add teamviewer to service list - ini_file: dest='{{ iiab_ini_file }}' - section=teamviewer - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'teamviewer' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: teamviewer + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: teamviewer diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index 60fe97bc3..941de4565 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -1,11 +1,11 @@ -- name: Install packages transmission-daemon and transmission-cli +- name: 'Install packages: transmission-daemon, transmission-cli' package: name: - transmission-daemon - transmission-cli state: present -- name: Create /library/transmission download directory +- name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }} # /library/transmission file: path: "{{ transmission_download_dir }}" owner: "{{ transmission_user }}" @@ -19,7 +19,7 @@ state: stopped ignore_errors: yes -- name: Create transmission-daemon settings +- name: Install /etc/transmission-daemon/settings.json from template template: src: settings.json.j2 dest: /etc/transmission-daemon/settings.json @@ -27,7 +27,7 @@ owner: "{{ transmission_user }}" group: "{{ transmission_group }}" -- name: Enable and Restart transmission-daemon service +- name: Enable & Restart transmission-daemon systemd service, incl daemon-reload systemd: name: transmission-daemon daemon_reload: yes @@ -45,7 +45,7 @@ when: transmission_enabled and transmission_provision and transmission_kalite_languages is defined and transmission_kalite_languages is not none ignore_errors: yes -- name: Disable transmission-daemon service +- name: Disable transmission-daemon service, if not transmission_enabled systemd: name: transmission-daemon daemon_reload: yes @@ -53,9 +53,9 @@ state: stopped when: not transmission_enabled -- name: Add transmission to list of services at {{ iiab_ini_file }} +- name: Add 'transmission' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: transmission option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index 4fa46ca42..de0df7a79 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -1,12 +1,12 @@ -- name: Add a content directory for links to be located +- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear file: - dest: "{{ doc_root }}/local_content" + path: "{{ doc_root }}/local_content" state: directory owner: "{{ apache_user }}" group: "{{ iiab_admin_user }}" # ISN'T "{{ apache_user }}" MORE APPROPRIATE? mode: 0775 -- name: Copy mount file to usbmount when enabled +- name: Install /etc/usbmount/mount.d/70-usb-library from template template: src: mount.d/70-usb-library dest: /etc/usbmount/mount.d/ @@ -15,7 +15,7 @@ mode: 0751 when: usb_lib_enabled -- name: Install udev to systemd link -> usbmount +- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb-lib-show-all-on, /usr/bin/iiab-usb-lib-show-all-off' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -26,13 +26,13 @@ - { src: 'iiab-usb-lib-show-all-on' , dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-usb-lib-show-all-off' , dest: '/usr/bin/', mode: '0755' } -- name: Enable exFAT and NTFS +- name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf lineinfile: regexp: '^FILESYSTEMS.*' line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' - dest: /etc/usbmount/usbmount.conf + path: /etc/usbmount/usbmount.conf -- name: Copy umount file to usbmount when enabled +- name: Install /etc/usbmount/umount.d/70-usb-library from template template: src: umount.d/70-usb-library dest: /etc/usbmount/umount.d @@ -41,13 +41,13 @@ mode: 0751 when: usb_lib_enabled -- name: Remove mount file to usbmount when not enabled +- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled file: path: /etc/usbmount/mount.d/70-usb-library state: absent when: not usb_lib_enabled -- name: Remove umount file to usbmount when not enabled +- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled file: path: /etc/usbmount/umount.d/70-usb-library state: absent @@ -55,39 +55,38 @@ - name: Put variable in iiab.env that enables display of content at root of USB lineinfile: - dest: "{{ iiab_env_file }}" + path: "{{ iiab_env_file }}" regexp: "^IIAB_USB_LIB_SHOW_ALL.*" line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" -- name: Add Apache config for content directory +- name: Install /etc/{{ apache_config_dir }}/content_dir.conf from template template: src: content_dir.conf dest: "/etc/{{ apache_config_dir }}" when: usb_lib_enabled -- name: Create the link to enable (debuntu) +- name: Create symlink content_dir.conf from sites-enabled to sites-available (debuntu) file: src: "/etc/{{ apache_config_dir }}/content_dir.conf" dest: /etc/apache2/sites-enabled/content_dir.conf state: link when: is_debuntu -- name: Remove the link that enables (debuntu) +- name: Remove symlink content_dir.conf from /etc/apache2/sites-enabled (debuntu) file: - src: "/etc/{{ apache_config_dir }}/content_dir.conf" dest: /etc/apache2/sites-enabled/content_dir.conf state: absent when: is_debuntu and not usb_lib_enabled -- name: Remove Apache config for content directory +- name: Remove content_dir.conf from /etc/{{ apache_config_dir }} file: name: "/etc/{{ apache_config_dir }}/content_dir.conf" state: absent when: not usb_lib_enabled -- name: Add usb-lib to service list +- name: Add 'usb-lib' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: usb-lib option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index efb37319f..8815bd4b4 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -21,14 +21,14 @@ when: iiab_lan_iface is defined - name: Enable & Start vnStat's systemd service - service: + systemd: name: vnstat enabled: yes state: started -- name: Add 'vnstat' to list of services at {{ iiab_ini_file }} +- name: Add 'vnstat' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: vnstat option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 6ad6ea2e9..902d91162 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -11,7 +11,7 @@ # and security enhancements using timestamps under /library/wordpress, as these # can arise without warning when WordPress is online, since WordPress ~4.8 -- name: Download the latest WordPress software +- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} get_url: url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" dest: "{{ downloads_dir }}" @@ -21,14 +21,14 @@ register: wp_download_output when: internet_available -- name: Create link /opt/iiab/downloads/wordpress.tar.gz pointing to {{ wp_download_output.dest }} +- name: Create symlink from /opt/iiab/downloads/wordpress.tar.gz to {{ wp_download_output.dest }} file: src: "{{ wp_download_output.dest }}" - dest: "{{ downloads_dir }}/wordpress.tar.gz" + path: "{{ downloads_dir }}/wordpress.tar.gz" state: link when: wp_download_output.dest is defined -- name: Check if /opt/iiab/downloads/wordpress.tar.gz link exists +- name: Does /opt/iiab/downloads/wordpress.tar.gz link exist? stat: path: "{{ downloads_dir }}/wordpress.tar.gz" register: wp_link @@ -61,7 +61,7 @@ - name: Make /library/wordpress directories 775 so Apache can traverse and write (most files remain 0664) command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +" -- name: Copy wp salt values +- name: Install {{ wp_abs_path }}/wp-keys.php.BAK copy: src: wp-keys.php.BAK dest: "{{ wp_abs_path }}/wp-keys.php.BAK" @@ -71,7 +71,7 @@ # Fetch random salts for WordPress config into wp-keys.php file by generating script and running -- name: Create wp salt script +- name: Install script /tmp/get-iiab-wp-salts from template template: src: get-iiab-wp-salts.j2 dest: /tmp/get-iiab-wp-salts @@ -79,20 +79,20 @@ group: root mode: 0700 -- name: Run wp salt script to create /library/wordpress/wp-keys.php +- name: Run /tmp/get-iiab-wp-salts to create /library/wordpress/wp-keys.php command: /tmp/get-iiab-wp-salts -- name: Cleanup - remove wp salt script +- name: Remove script /tmp/get-iiab-wp-salts file: path: /tmp/get-iiab-wp-salts state: absent -- name: MySQL database needs to be running if we are trying to create a new db +- name: Start MySQL systemd service service: state: started name: "{{ mysql_service }}" -- name: Create MySQL wordpress database +- name: 'Create MySQL wordpress database: {{ wp_db_name }}' mysql_db: name: "{{ wp_db_name }}" state: present @@ -104,7 +104,7 @@ priv: "{{ wp_db_name }}.*:ALL,GRANT" state: present -- name: Copy wp-config.php +- name: Install {{ wp_abs_path }}/wp-config.php template: src: wp-config.php.j2 dest: "{{ wp_abs_path }}/wp-config.php" @@ -112,32 +112,32 @@ group: "{{ apache_user }}" mode: 0660 -- name: Copy wordpress.conf to permit http://box{{ wp_url }} +- name: Install etc/{{ apache_config_dir }}/wordpress.conf from template, for http://box{{ wp_url }} template: src: wordpress.conf.j2 dest: "/etc/{{ apache_config_dir }}/wordpress.conf" -- name: Enable wordpress.conf if wordpress_enabled (debuntu) +- name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu) file: src: /etc/apache2/sites-available/wordpress.conf - dest: /etc/apache2/sites-enabled/wordpress.conf + path: /etc/apache2/sites-enabled/wordpress.conf state: link when: wordpress_enabled and is_debuntu -- name: Remove wordpress.conf if not wordpress_enabled (debuntu) +- name: Remove /etc/apache2/sites-enabled/wordpress.conf if not wordpress_enabled (debuntu) file: path: /etc/apache2/sites-enabled/wordpress.conf state: absent when: not wordpress_enabled and is_debuntu - name: Restart Apache to enable/disable http://box{{ wp_url }} - service: + systemd: name: "{{ apache_service }}" state: restarted -- name: Add 'wordpress' to list of services at {{ iiab_ini_file }} +- name: Add 'wordpress' variable values to {{ iiab_ini_file }} ini_file: - dest: "{{ iiab_ini_file }}" + path: "{{ iiab_ini_file }}" section: wordpress option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/xovis/tasks/main.yml b/roles/xovis/tasks/main.yml index e200239c0..5d89c0e64 100644 --- a/roles/xovis/tasks/main.yml +++ b/roles/xovis/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Install Couchdb and other necessary packages +- name: Install CouchDB and other necessary packages package: name={{ item }} state=present with_items: @@ -45,13 +45,13 @@ - name: Allow access to Couchdb from other hosts command: sed -i 's/^\(bind_address\s*=\s*\).*$/\10\.0\.0\.0/' /etc/couchdb/default.ini -- name: Enable Couchdb service +- name: Enable CouchDB service service: name=couchdb enabled=yes state=started when: xovis_enabled -- name: Wait for couchdb to become ready +- name: Wait for CouchDB to become ready wait_for: port=5984 delay=1 timeout=5 @@ -66,7 +66,7 @@ register: found_db ignore_errors: yes -- name: Create Couchdb database if does not already exist +- name: Create CouchDB database if does not already exist command: kanso createdb {{ xovis_db_url }} when: xovis_enabled and found_db.stdout != xovis_db_name @@ -81,11 +81,12 @@ --server http://{{ xovis_db_login }}@{{ xovis_target_host }}" when: xovis_enabled -- name: Add xovis to service list - ini_file: dest='{{ iiab_ini_file }}' - section=xovis - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'xovis' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: xovis + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: xovis