Merge pull request #177 from iiab/master

sync from iiab/iiab
2025-02-13 11:42:08 +00:00 · 2018-11-02 01:20:43 -04:00 · 2018-11-02 01:20:43 -04:00 · 1518be298b
commit 1518be298b
parent 2892a43c4e 54b0dba443
54 changed files with 546 additions and 560 deletions
--- a/roles/2-common/tasks/iiab-startup.yml
+++ b/roles/2-common/tasks/iiab-startup.yml
@ -3,20 +3,20 @@
    path: /usr/libexec/iiab-startup.sh
  register: startup_script
- name: Copy template script to /usr/libexec/iiab-startup.sh
+- name: If not, install /usr/libexec/iiab-startup.sh from template
  template:
    src: iiab-startup.sh
    dest: /usr/libexec/
    mode: 0755
  when: not startup_script.stat.exists
- name: Copy iiab-startup.service to {{ systemd_location }}
+- name: Install {{ systemd_location }}/iiab-startup.service from template
  template:
    src: iiab-startup.service
    dest: "{{ systemd_location }}"
  when: not startup_script.stat.exists
- name: Enable & restart the systemd service after daemon-reload
+- name: Enable & restart systemd service (iiab-startup) after daemon-reload
  # shell: systemctl daemon-reload
  # shell: systemctl restart iiab-startup.service
  # shell: systemctl enable iiab-startup.service
--- a/roles/2-common/tasks/iptables.yml
+++ b/roles/2-common/tasks/iptables.yml
@ -4,12 +4,13 @@
    enabled: no
  when: not is_debuntu
- name: Use larger hammer to disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
+# Likely no longer nec as of 2019
-  shell: "systemctl disable firewalld.service"
+- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
  shell: systemctl disable firewalld.service
  when: not is_debuntu
 - name: Mask firewalld service (OS's other than debuntu)
-  shell: 'systemctl mask firewalld'
+  shell: systemctl mask firewalld
  ignore_errors: yes
  when: not installing and not is_debuntu
@ -20,17 +21,17 @@
  ignore_errors: yes
  when: not installing and not is_debuntu
- name: Remove iptables.service file from /etc
+- name: Remove /etc/systemd/system/iptables.service
  file:
    path: /etc/systemd/system/iptables.service
    state: absent
- name: Remove iptables-xs.service file from /etc
+#- name: Remove iptables-xs.service file from /etc
-  file:
+#  file:
-    path: /etc/systemd/system/iptables-xs.service
+#    path: /etc/systemd/system/iptables-xs.service
-    state: absent
+#    state: absent
- name: Install iptables service package (debuntu)
+- name: Install package iptables-persistent (debuntu)
  package:
    name: iptables-persistent
    state: present
@ -38,7 +39,7 @@
  tags:
    - download
- name: Install iptables service package (OS's other than debuntu)
+- name: Install package iptables-services (OS's other than debuntu)
  package:
    name: iptables-services
    state: present
@ -46,17 +47,15 @@
  tags:
    - download
- name: Install iptables services
+- name: Install /etc/sysconfig/iptables-config from template
  template:
-    src: "{{ item.0 }}"
+    src: iptables-config
-    dest: "{{ item.1 }}"
+    dest: /etc/sysconfig/iptables-config
    owner: root
    group: root
-    mode: "{{ item.2 }}"
+    mode: 0644
  with_items:
   - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
- name: Install Debian config (debuntu)
+- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
  template:
    src: iptables
    dest: /etc/network/if-pre-up.d/iptables
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@ -72,7 +72,7 @@
    value: 1
    state: present
- name: Install custom profile file
+- name: Install custom /etc/profile.d/zzz_iiab.sh from template
  template:
    dest: /etc/profile.d/zzz_iiab.sh
    src: zzz_iiab.sh
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@ -1,72 +1,72 @@
- name: Install yum/dnf packages (redhat)
+- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)"
  package:
    name:
      - yum-utils
      - createrepo
      - wpa_supplicant
      - linux-firmware
      - syslog
      - xml-common
      - nss-mdns
      - avahi
      - avahi-tools
      - createrepo
      - linux-firmware
      - nss-mdns
      - openssl    # FC 18 does not supply, but pear requires
      - syslog
      - wpa_supplicant
      - xml-common
      - yum-utils
    state: present
  when: is_redhat
- name: Download & install usbmount, missing from Debian Stretch (debian-9)
+- name: Install {{ iiab_download_url }}/usbmount_0.0.14.1_all.deb, missing from Debian Stretch (debian-9)
  apt:
    deb: "{{ iiab_download_url }}/usbmount_0.0.14.1_all.deb"
    #timeout: "{{ download_timeout }}"    # Ansible's apt module doesn't support timeout parameter; that's ok as usbmount_0.0.14.1_all.deb is only 10KB
  when: internet_available and is_debian_9
- name: Install packages (debuntu)
+- name: "Install 7 deb/apt packages: avahi-daemon, avahi-discover, exfat-fuse, exfat-utils, inetutils-syslogd, libnss-mdns, wpasupplicant (debuntu)"
  package:
    name:
      - inetutils-syslogd
      - wpasupplicant
      - libnss-mdns
      - avahi-daemon
      - avahi-discover
      - exfat-fuse
      - exfat-utils
      - inetutils-syslogd
      - libnss-mdns
      - wpasupplicant
    state: present
  when: is_debuntu
- name: Install common packages
+- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, openssh-server, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget"
  package:
    name:
      - acpid
-      - mlocate
+      - bridge-utils
-      - rsync
+      - bzip2
-      - htop
+      - curl
      #- etckeeper    # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
-      - python-passlib
+      - gawk
-      - usbmount
+      - hostapd
-      - net-tools
+      - htop
-      - openssh-server
+      - i2c-tools
      - sudo
      - logrotate
      #- lynx    # already installed by 1-prep's roles/iiab-admin/tasks/access.yml
      - make
      - mlocate
      - netmask
      - net-tools
      - ntfs-3g
      - openssh-server
      - pandoc
      - rsync
      - sudo
      - tar
      - unzip
-      - bzip2
+      - usbmount
      - i2c-tools
      - bridge-utils
      - netmask
      - usbutils
      - hostapd
      - wget
      - openssl    # FC 18 does not supply, but pear requires
      - gawk
      - curl
      - pandoc
      - lynx    # already installed by 1-prep's roles/iiab-admin/tasks/access.yml
      - ntfs-3g
    state: present
- name: Install common Python packages {python-pip, python-setuptools, python-virtualenv}
+- name: "Install 4 common Python packages: python-passlib, python-pip, python-setuptools, python-virtualenv"
  package:
    name:
      - python-passlib
      - python-pip
      - python-setuptools
      - python-virtualenv
--- a/roles/3-base-server/tasks/main.yml
+++ b/roles/3-base-server/tasks/main.yml
@ -15,8 +15,8 @@
  # has no "when: XXXXX_install" flag
  tags: base, mysql
- name: Restart httpd
+- name: Restart Apache systemd service ({{ apache_service }})
-  service:
+  systemd:
    name: "{{ apache_service }}"
    state: restarted
  when: not installing
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@ -3,22 +3,22 @@
 - name: ...IS BEGINNING ==================================
  command: echo
- name: Installing dnsmasq
+- name: Install dnsmasq
  include_tasks: roles/network/tasks/dnsmasq.yml
  when: dnsmasq_install
  tags: base, domain, dnsmasq, network
- name: Installing named
+- name: Install named / BIND
  include_tasks: roles/network/tasks/named.yml
  when: named_install
  tags: base, named, network, domain
- name: Installing dhcpd
+- name: Install dhcpd
  include_tasks: roles/network/tasks/dhcpd.yml
  when: dhcpd_install
  tags: base, dhcpd, network, domain
- name: Installing Squid
+- name: Install Squid (and DansGuardian if dansguardian_install)
  include_tasks: roles/network/tasks/squid.yml
  when: squid_install
  tags: base, squid, network, domain
--- a/roles/activity-server/tasks/main.yml
+++ b/roles/activity-server/tasks/main.yml
@ -116,11 +116,12 @@
           enabled=yes
           state=restarted
- name: add xs-activity-server to service list
+- name: Add 'activity-server' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=activity-server
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: activity-server
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: "Activity Server"
--- a/roles/ajenti/tasks/main.yml
+++ b/roles/ajenti/tasks/main.yml
@ -47,11 +47,12 @@
           state=restarted
  when: ajenti_enabled
- name: Add ajenti to service list
+- name: Add 'ajenti' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=ajenti
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: ajenti
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: ajenti
--- a/roles/authserver/tasks/main.yml
+++ b/roles/authserver/tasks/main.yml
@ -50,18 +50,19 @@
           enabled=yes
  when: authserver_enabled
- name: add xs-authserver to service list
+- name: Add 'authserver' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=xs-authserver
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: authserver
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: XS-authserver
    - option: description
-      value: '"xs-authserver implements a seamless web authentication service
+      value: '"authserver (xs-authserver) implements a seamless web authentication
-             using XO laptop registration capabilities.  It is heavily inspired
+             service using XO laptop registration capabilities.  It is heavily
-             by the Moodle OLPC-XS authentication plugin"'
+             inspired by the Moodle OLPC-XS authentication plugin"'
    - option: port
      value: 5000
    - option: path
--- a/roles/awstats/tasks/install.yml
+++ b/roles/awstats/tasks/install.yml
@ -1,4 +1,4 @@
- name: Install packages {awstats, pwauth, openssl}
+- name: 'Install 3 packages: awstats, openssl, pwauth'
  package:
    name:
      - awstats
@ -8,7 +8,7 @@
  tags:
    - download
- name: Install packages libapache2-mod-authnz-external and apache2-utils (debuntu)
+- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external (debuntu)'
  package:
    name:
      - libapache2-mod-authnz-external
@ -22,7 +22,7 @@
  command: a2enmod cgi
  when: is_debuntu
- name: Create directory for AWStats to use as intermediate summary storage
+- name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}'    # /library/awstats & /var/log/apache2 typically
  file:
    path: "{{ item }}"
    mode: 0750
--- a/roles/awstats/tasks/main.yml
+++ b/roles/awstats/tasks/main.yml
@ -1,9 +1,9 @@
 - include_tasks: install.yml
  when: awstats_install
- name: Add 'awstats' to list of services at {{ iiab_ini_file }}
+- name: Add 'awstats' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: awstats
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/calibre-web/tasks/main.yml
+++ b/roles/calibre-web/tasks/main.yml
@ -1,4 +1,4 @@
- name: Create Calibre-Web folders to store data and configuration files
+- name: Create 3 Calibre-Web folders to store data and configuration files
  file:
    path: "{{ item }}"
    owner: "{{ calibreweb_user }}"
@ -84,7 +84,7 @@
  when: not metadatadb.stat.exists
  #when: calibreweb_provision
- name: Enable and restart 'calibre-web' service
+- name: Enable and restart 'calibre-web' systemd service
  systemd:
    name: calibre-web
    daemon_reload: yes
@ -101,7 +101,7 @@
 #  command: apachectl -k graceful
 #  when: calibreweb_enabled
- name: Disable 'calibre-web' service
+- name: Disable 'calibre-web' systemd service
  systemd:
    name: calibre-web
    daemon_reload: yes
@ -117,14 +117,14 @@
 #  command: apachectl -k graceful
 #  when: not calibreweb_enabled
- name: Restart Apache
+- name: Restart Apache service {{ apache_service }}
  systemd:
    name: "{{ apache_service }}"    # httpd or apache2
    state: restarted
- name: Add 'calibre-web' to list of services at {{ iiab_ini_file }}
+- name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: calibre-web
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/calibre/tasks/main.yml
+++ b/roles/calibre/tasks/main.yml
@ -1,6 +1,6 @@
 # 1. INSTALL THE LATEST CALIBRE 3.X+ (calibre, calibredb, calibre-server etc) ON ALL OS'S
- name: Check if /usr/bin/calibre exists
+- name: Does /usr/bin/calibre exist?
  stat:
    path: "/usr/bin/calibre"
  register: calib_executable
@ -39,7 +39,7 @@
    group: root
    mode: "{{ item.mode }}"
    backup: no
-# register: calibre_config
+  #register: calibre_config
  with_items:
    - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'}
    - { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
@ -49,7 +49,7 @@
  systemd:
    daemon_reload: yes
  when: (not calib_executable.stat.exists)
-# when: calibre_config.changed
+  #when: calibre_config.changed
 # 2. STOP CALIBRE SERVICE IF IT EXISTS (REQUIRED FOR DB ACTIVITY...AND IF not calibre_enabled)
@ -59,14 +59,13 @@
 #  register: calibre_svc
 - name: Stop Calibre service -- calibre-server by Kovid Goyal
-# systemd:
+  systemd:
  service:
    name: calibre-serve
    state: stopped
    #enabled: no
-# register: command_result    # gist.github.com/tyrells/0a79681de339237cb04c
+  #register: command_result    # gist.github.com/tyrells/0a79681de339237cb04c
-#  failed_when: false          # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!)
+  #failed_when: false          # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!)
-# when: calibre_svc.stat.exists
+  #when: calibre_svc.stat.exists
 # 3. CREATE USER DATABASE
@ -87,7 +86,7 @@
 # 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x)
- name: Check if /library/calibre/metadata.db exists
+- name: Does /library/calibre/metadata.db exist?
  stat:
    path: "{{ calibre_dbpath }}/metadata.db"
  register: calibre_db
@ -104,20 +103,20 @@
 # https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2
 #    (anyway this works great for calibre-web, allowing http://box/books
 #    to work even better than http://box:8083 when box == 192.168.0.x !)
- name: Create calibre.conf link for UNTESTED http://box/calibre etc (debuntu)
+- name: Create symlink calibre.conf from sites-enabled to sites-available, for UNTESTED http://box/calibre etc (debuntu)
  file:
    src: /etc/apache2/sites-available/calibre.conf
    dest: /etc/apache2/sites-enabled/calibre.conf
    state: link
  when: calibre_enabled and is_debuntu
- name: Remove calibre.conf link if disabled (debuntu)
+- name: Remove symlink /etc/apache2/sites-enabled/calibre.conf (debuntu)
  file:
    dest: /etc/apache2/sites-enabled/calibre.conf
    state: absent
  when: (not calibre_enabled) and is_debuntu
- name: Enable Calibre service -- runs calibre-server by Kovid Goyal
+- name: Enable & Start Calibre service -- runs calibre-server by Kovid Goyal
  service:
    name: calibre-serve
    enabled: yes
@ -126,14 +125,14 @@
  #async: 900
  #poll: 5
- name: Forcing apache to reread configs
+- name: Reload Apache
-  service:
+  systemd:
    name: "{{ apache_service }}"
    state: reloaded
- name: Add 'calibre' to list of services at {{ iiab_ini_file }}
+- name: Add 'calibre' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: calibre
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/cups/tasks/main.yml
+++ b/roles/cups/tasks/main.yml
@ -7,24 +7,24 @@
  tags:
    - download
- name: Put our own /etc/cups/cupsd.conf in place, to permit local LAN admin
+- name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin
  template:
    src: cupsd.conf
    dest: /etc/cups/cupsd.conf
- name: Put an apache2 config file in place
+- name: Install /etc/{{ apache_config_dir }}/cups.conf from template
  template:
    src: cups.conf
    dest: "/etc/{{ apache_config_dir }}/"
- name: Create the link for sites-enabled (debuntu)
+- name: Create symlink cups.conf from sites-enabled to sites-available (debuntu)
  file:
    src: /etc/apache2/sites-available/cups.conf
    dest: /etc/apache2/sites-enabled/cups.conf
    state: link
  when: cups_enabled and is_debuntu
- name: Enable services for CUPS (OS's other than Fedora 18)
+- name: Enable & Start services 'cups' and 'cups-browsed' (OS's other than Fedora 18)
  service:
    name: "{{ item }}"
    state: started
@ -34,8 +34,8 @@
    - cups-browsed
  when: cups_enabled and not is_F18
- name: Enable services for CUPS (Fedora 18, for XO laptops)
+- name: Enable & Start service 'cups' (Fedora 18, for XO laptops)
-  service:
+  systemd:
    name: cups
    state: started
    enabled: yes
@ -45,8 +45,8 @@
  shell: "cupsctl --remote-admin"
  when: cups_enabled
- name: Disable services for CUPS (OS's other than Fedora 18)
+- name: Disable both CUPS services (OS's other than Fedora 18)
-  service:
+  systemd:
    name: "{{ item }}"
    state: stopped
    enabled: no
@ -56,15 +56,15 @@
  when: not cups_enabled and not is_F18
 - name: Disable services for CUPS (Fedora 18, for XO laptops)
-  service:
+  systemd:
    name: cups
    state: stopped
    enabled: no
  when: not cups_enabled and is_F18
- name: Add 'cups' to list of services at {{ iiab_ini_file }}
+- name: Add 'cups' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: cups
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -40,11 +40,12 @@
           enabled=false
  when: not docker_enabled
- name: add docker to service list
+- name: Add 'docker' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=docker
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: docker
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: Docker Container
--- a/roles/dokuwiki/tasks/main.yml
+++ b/roles/dokuwiki/tasks/main.yml
@ -2,9 +2,9 @@
  include_tasks: install.yml
  when: dokuwiki_install
- name: Add 'dokuwiki' to list of services at {{ iiab_ini_file }}
+- name: Add 'dokuwiki' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: dokuwiki
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/elgg/tasks/main.yml
+++ b/roles/elgg/tasks/main.yml
@ -119,7 +119,7 @@
    name: /tmp/elggdb.sql
    state: absent
- name: Install Apache's elgg.conf from template, for http://box/elgg
+- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box/elgg
  template:
    src: elgg.conf
    dest: "/etc/{{ apache_config_dir }}/elgg.conf"
@ -131,7 +131,7 @@
    state: link
  when: elgg_enabled and is_debuntu
- name: Remove symlink elgg.conf from sites-enabled (debuntu)
+- name: Remove symlink /etc/apache2/sites-enabled/elgg.conf (debuntu)
  file:
    path: /etc/apache2/sites-enabled/elgg.conf
    state: absent
@ -143,14 +143,14 @@
    state: absent
  when: not elgg_enabled and is_redhat
- name: Restart Apache, to enable/disable http://box/elgg
+- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/elgg
  service:
    name: "{{ apache_service }}"
    state: restarted
- name: Add 'elgg' to list of services at {{ iiab_ini_file }}
+- name: Add 'elgg' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: elgg
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/httpd/tasks/main.yml
+++ b/roles/httpd/tasks/main.yml
@ -1,4 +1,4 @@
- name: Install Apache's required packages (debian)
+- name: 'Install 3 packages: apache2, php{{ php_version }}, php{{ php_version }}-curl (debian)'
  package:
    #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl']    # FAILS ('u' for Unicode strings)
    #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl']       # WORKS?
@ -11,17 +11,7 @@
  tags:
    - download
- name: Debian changed SQLite name (debian-8)
+- name: 'Install 2 packages: apache2, php (ubuntu)'
  package:
    name: "php{{ php_version }}-sqlite"
  when: is_debian and ansible_distribution_major_version == "8"
 - name: Debian changed SQLite3 name (debian-9)
  package:
    name: "php{{ php_version }}-sqlite3"
  when: is_debian and ansible_distribution_major_version == "9"
 - name: Install Apache's required packages (ubuntu)
  package:
    #name: [u'apache2', u'php']    # FAILS ('u' for Unicode strings)
    #name: ['apache2', 'php']      # WORKS
@ -33,32 +23,31 @@
  tags:
    - download
- name: SQLite3 no longer included in another package (ubuntu-18)
+- name: Install php{{ php_version }}-sqlite (debian-8)
  package:
-    name: php{{ php_version }}-sqlite3
+    name: "php{{ php_version }}-sqlite"
-  when: is_ubuntu_18
+  when: is_debian and ansible_distribution_major_version == "8"
- name: Install Apache's required packages (redhat)
+# SQLite3 no longer included in another package
 - name: Install php{{ php_version }}-sqlite3 (debian-9 or ubuntu-18)
  package:
    name: "php{{ php_version }}-sqlite3"
  when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18
 - name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)'
  package:
    #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external']    # FAILS ('u' for Unicode strings)
    #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external']        # WORKS
    name:
      - httpd
      - mod_authnz_external
      - php
      - php-curl
      - mod_authnz_external
    state: present
  when: is_redhat
  tags:
    - download
 # MOVED DOWN ~58 LINES
 #- name: Remove the default apache2 config file (debuntu)
 #  file:
 #    path: /etc/apache2/sites-enabled/000-default.conf
 #    state: absent
 #  when: is_debuntu
 - name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates
  template:
    backup: yes
@ -88,7 +77,7 @@
    - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
 # remove symlinks for mpm-event, replace with mpm-prefork
- name: Remove mpm event symlinks (debuntu)
+- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu)
  file:
    path: "/etc/apache2/mods-enabled/{{ item }}"
    state: absent
@ -97,7 +86,7 @@
    - mpm_event.load
  when: is_debuntu
- name: Create symlinks for mpm-prefork (debuntu)
+- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu)
  file:
    src: "/etc/apache2/mods-available/{{ item }}"
    path: "/etc/apache2/mods-enabled/{{ item }}"
@ -107,7 +96,7 @@
    - mpm_prefork.load
  when: is_debuntu
- name: Turn on mod_proxy (debuntu)
+- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)'
  command: a2enmod {{ item }}
  with_items:
    - proxy
@ -116,14 +105,14 @@
    - rewrite
  when: is_debuntu
- name: Create 010-iiab.conf symlink enabling our site (debuntu)
+- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu)
  file:
    src: "/etc/{{ apache_config_dir }}/010-iiab.conf"
    path: /etc/apache2/sites-enabled/010-iiab.conf
    state: link
  when: is_debuntu
- name: Remove apache2 default config files (debuntu)
+- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu)
  file:
    path: "{{ item }}"
    state: absent
@ -140,19 +129,19 @@
    group: root
    state: directory
- name: Create admin group
+- name: 'Create group: admin'
  group:
    name: admin
    state: present
- name: Add user {{ apache_user }} (from variable apache_user) to admin group
+- name: Add user {{ apache_user }} (from variable apache_user) to group admin
  user:
    name: "{{ apache_user }}"
    groups: admin
    state: present
    createhome: no
- name: Create Apache's log dir /var/log/{{ apache_service }}
+- name: Create Apache dir /var/log/{{ apache_service }}
  file:
    path: "/var/log/{{ apache_service }}"
    mode: 0755
@ -160,7 +149,7 @@
    group: "{{ apache_user }}"
    state: directory
- name: Enable systemd service {{ apache_service }}
+- name: Enable {{ apache_service }} systemd service
  service:
    name: "{{ apache_service }}"
    enabled: yes
@ -173,23 +162,8 @@
    group: "{{ apache_user }}"
    state: directory
 # roles/httpd/templates/iiab-info.conf.j2.deprecated is no longer needed, as
 # Apache serves http://box/info directly from above /library/www/html/info
 # directly (as generated by /usr/bin/iiab-refresh-wiki-docs)
 #
 #- name: Remove iiab-info.conf
 #  file:
 #    path: "/etc/{{ apache_config_dir }}/iiab-info.conf"
 #    state: absent
 #
 #- name: Remove iiab-info.conf symlink (debuntu)
 #  file:
 #    path: /etc/apache2/sites-enabled/iiab-info.conf
 #    state: absent
 #  when: is_debuntu
 # SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways)
- name: Copy osm.conf for http://box/maps (all OS's)
+- name: Copy osm.conf to /etc/{{ apache_config_dir }} for http://box/maps (all OS's)
  copy:
    src: osm.conf
    dest: "/etc/{{ apache_config_dir }}"
@ -215,7 +189,7 @@
  tags:
    - base
- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (This script will run at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
+- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
  template:
    src: refresh-wiki-docs.sh
    dest: /usr/bin/iiab-refresh-wiki-docs
@ -233,3 +207,8 @@
    path: /etc/sudoers.d/020_apache_poweroff
    state: absent
  when: not apache_allow_sudo
 - name: Restart Apache systemd service ({{ apache_service }})
  systemd:
    name: "{{ apache_service }}"
    state: restarted
--- a/roles/httpd/tasks/php-stem.yml
+++ b/roles/httpd/tasks/php-stem.yml
@ -11,7 +11,7 @@
 #  command: cd /; wget http://download.iiab.io/packages/php-stem.x64.tar
 #  when: not is_rpi
- name: Download & unpack php-stem.rpi.tar to / (rpi)
+- name: Unarchive http://download.iiab.io/packages/php-stem.rpi.tar to / (rpi)
  unarchive:
    src: http://download.iiab.io/packages/php-stem.rpi.tar
    dest: /
@ -21,7 +21,7 @@
    remote_src: yes
  when: is_rpi
- name: Download & unpack php-stem.x86.tar to / (debian-9 on x86_64 only)
+- name: Unarchive http://download.iiab.io/packages/php-stem.x64.tar to / (debian-9 on x86_64 only)
  unarchive:
    src: http://download.iiab.io/packages/php-stem.x64.tar
    dest: /
@ -33,9 +33,3 @@
 # Presumably fails on Debian 8 & 10?
 # Fails on Debian i686 as of 2018-08-07: https://github.com/iiab/iiab/issues/983
 # Fails on Ubuntu 18.04 as of 2018-07-28: https://github.com/iiab/iiab/issues/829
 # No need to do this twice?  Happens later @ https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml#L24-L28
 #- name: Restart apache2 / httpd
 #  service:
 #    name: "{{ apache_service }}"
 #    state: restarted
--- a/roles/idmgr/tasks/main.yml
+++ b/roles/idmgr/tasks/main.yml
@ -79,15 +79,16 @@
             insertafter='^#allowsftp'
             line=allowsftp
- name: Add idmgr to service list
+- name: Add 'idmgr' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=idmgr
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: idmgr
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: idmgr
    - option: description
-      value: '"Idmgr is an automatic identity manager for XO clients which enables automatic backup"'
+      value: '"IdMgr is an automatic identity manager for XO clients which enables automatic backup"'
    - option: enabled
      value: "{{ xo_services_enabled }}"
--- a/roles/iiab-admin/tasks/access.yml
+++ b/roles/iiab-admin/tasks/access.yml
@ -1,4 +1,4 @@
- name: Install textmode remote access packages {screen, lynx}
+- name: "Install textmode remote access packages: screen, lynx"
  package:
    name:
    - screen
--- a/roles/kalite/tasks/main.yml
+++ b/roles/kalite/tasks/main.yml
@ -12,7 +12,7 @@
    kalite_db_name: "{{ kalite_root }}/database/data.sqlite"
  when: not is_F18
- name: See if KA Lite is already configured
+- name: Does KA Lite database {{ kalite_db_name }} exist?    # See if KA Lite is already configured
  stat:
    path: "{{ kalite_db_name }}"
  register: kalite_installed
@ -36,9 +36,9 @@
 - include_tasks: enable.yml
- name: Add 'kalite' to list of services at {{ iiab_ini_file }}
+- name: Add 'kalite' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: kalite
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/kiwix/tasks/kiwix_install.yml
+++ b/roles/kiwix/tasks/kiwix_install.yml
@ -1,6 +1,6 @@
 # 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE
- name: Create various directories for Kiwix ZIM files
+- name: Create directory {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files
  file:
    path: "{{ item }}"
    owner: root
@ -12,12 +12,12 @@
  - "{{ iiab_zim_path }}/content"
  - "{{ iiab_zim_path }}/index"
- name: Check for /library/zims/library.xml
+- name: Check for {{ kiwix_library_xml }}    # /library/zims/library.xml
  stat:
    path: "{{ kiwix_library_xml }}"
  register: kiwix_xml
- name: Place a stub /library/zims/library.xml if file does not exist
+- name: Install a stub /library/zims/library.xml if one doesn't exist
  template:
    src: "{{ item }}"
    dest: "{{ kiwix_library_xml }}"
@ -34,12 +34,12 @@
    path: "{{ kiwix_path }}/bin/kiwix-serve"
  register: kiwix_bin
- name: Set kiwix_force_install if kiwix-serve not found
+- name: Set fact kiwix_force_install if kiwix-serve not found
  set_fact:
    kiwix_force_install: True
  when: not kiwix_bin.stat.exists
- name: Copy test.zim file if kiwix_force_install
+- name: Install {{ iiab_zim_path }}/content/test.zim if kiwix_force_install
  copy:
    src: test.zim
    dest: "{{ iiab_zim_path }}/content/test.zim"
@ -49,7 +49,7 @@
    force: no
  when: kiwix_force_install
- name: Create /opt/iiab/kiwix/bin directory
+- name: Create {{ kiwix_path }}/bin directory    # /opt/iiab/kiwix/bin
  file:
    path: "{{ kiwix_path }}/bin"
    owner: root
@ -59,7 +59,7 @@
 # 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install
- name: Unarchive kiwix-tools .tar.gz to /tmp
+- name: Unarchive {{ kiwix_src_file }} to /tmp    # e.g. kiwix-tools_linux-armhf-0.6.1-1.tar.gz
  unarchive:
    src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
    dest: /tmp
@ -73,7 +73,7 @@
 # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
- name: Enable the mods which permit Apache to proxy (debuntu)
+- name: Enable the 4 mods which permit Apache to proxy (debuntu)
  apache2_module:
    name: "{{ item }}"
  with_items:
@ -85,7 +85,7 @@
 # 4. CREATE/ENABLE/RESTART (OR DISABLE) KIWIX SERVICE & ITS CRON JOB
- name: Create 'kiwix-serve' service and related files
+- name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py, kiwix.conf'
  template:
    backup: no
    src: "{{ item.src }}"
@ -101,14 +101,14 @@
 #  - { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'}
  - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'}
- name: Enable Kiwix Proxy in Apache - is disabled by turning off kiwix service (debuntu)
+- name: Create softlink kiwix.conf from sites-enabled to sites-available - for Kiwix Proxy in Apache - is disabled by turning off service kiwix-serve (debuntu)
  file:
    src: /etc/apache2/sites-available/kiwix.conf
    path: /etc/apache2/sites-enabled/kiwix.conf
    state: link
  when: is_debuntu
- name: Enable 'kiwix-serve' service
+- name: Enable & Restart 'kiwix-serve' service
  service:
    name: kiwix-serve
    enabled: yes
@ -149,9 +149,9 @@
 # 5. FINALIZE
- name: Add 'kiwix' to list of services at {{ iiab_ini_file }}
+- name: Add 'kiwix' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: kiwix
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/kolibri/tasks/main.yml
+++ b/roles/kolibri/tasks/main.yml
@ -9,7 +9,7 @@
    system: yes
    create_home: no
- name: Create /library/kolibri to store data and configuration files
+- name: Create {{ kolibri_home }} (for data) and {{ kolibri_venv_path }} (for program/config)
  file:
    path: "{{ item }}"
    owner: "{{ kolibri_user }}"
@ -20,7 +20,7 @@
    - "{{ kolibri_home }}"
    - "{{ kolibri_venv_path }}"
- name: Install kolibri using pip on all OS's
+- name: Install latest kolibri using pip
  pip:
    name: kolibri
    virtualenv: "{{ kolibri_venv_path }}"
@ -29,17 +29,17 @@
    extra_args: --no-cache-dir
  when: internet_available
- name: Run kolibri migrations
+- name: Run Kolibri migrations
  shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate
  ignore_errors: yes
  when: kolibri_provision
- name: Set kolibri default language
+- name: Set Kolibri default language
  shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}"
  ignore_errors: yes
  when: kolibri_provision
- name: Create kolibri default facility name, admin account and language
+- name: Create Kolibri default facility name, admin account and language
  shell: >
    export KOLIBRI_HOME="{{ kolibri_home }}" &&
    "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}"
@ -48,7 +48,7 @@
  ignore_errors: yes
  when: kolibri_provision
- name: Change /library/kolibri directory permissions
+- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }}
  file:
    path: "{{ kolibri_home }}"
    owner: "{{ kolibri_user }}"
@ -80,9 +80,9 @@
    state: stopped
  when: not kolibri_enabled
- name: Add 'kolibri' to list of services at {{ iiab_ini_file }}
+- name: Add 'kolibri' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: kolibri
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/mediawiki/tasks/install.yml
+++ b/roles/mediawiki/tasks/install.yml
@ -1,4 +1,4 @@
- name: Install packages php{{ php_version }}-intl and php{{ php_version }}-mbstring
+- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring'
  package:
    name:
      - "php{{ php_version }}-intl"
@ -25,7 +25,7 @@
    mode: 0755
    keep_newer: yes
- name: Ensure MySQL is running, so we can create db
+- name: Start MySQL service, so we can create db
  service:
    state: started
    name: "{{ mysql_service }}"
@ -60,12 +60,12 @@
    chdir: "{{ mediawiki_abs_path }}"
    creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
- name: Copy mediawiki.conf to permit http://box{{ mediawiki_url }}
+- name: Install /etc/{{ apache_config_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }}
  template:
    src: mediawiki.conf.j2
    dest: "/etc/{{ apache_config_dir }}/mediawiki.conf"
- name: Enable mediawiki.conf if mediawiki_enabled (debuntu)
+- name: Create softlink mediawiki.conf from sites-enabled to sites-available, if mediawiki_enabled (debuntu)
  file:
    src: /etc/apache2/sites-available/mediawiki.conf
    dest: /etc/apache2/sites-enabled/mediawiki.conf
@ -83,9 +83,9 @@
    name: "{{ apache_service }}"
    state: restarted
- name: Add 'mediawiki' to list of services at {{ iiab_ini_file }}
+- name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: mediawiki
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/mongodb/tasks/main.yml
+++ b/roles/mongodb/tasks/main.yml
@ -1,4 +1,4 @@
- name: Install packages mongodb-server and mongodb
+- name: 'Install packages: mongodb, mongodb-server'
  package:
    name:
      - mongodb-server
@ -8,7 +8,7 @@
  tags:
    - download
- name: Create the data directory for MongoDB
+- name: Create 3 dirs for MongoDB
  file:
    state: directory
    path: "{{ item.path }}"
@ -18,7 +18,7 @@
    - { path: "{{ mongodb_db_path }}" }    # == /library/dbdata/mongodb/
    - { path: '/var/log/mongodb' }
- name: Populate & position /etc/mongod.conf, mongodb.service
+- name: Populate & position /etc/mongod.conf, mongodb.service, /usr/bin/iiab-mongodb-repair-if-no-lock
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -30,7 +30,7 @@
    - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' }
    - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' }
- name: Enable+restart systemd service if mongodb_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?)
+- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
  systemd:
    name: mongodb
    enabled: yes
@ -38,16 +38,16 @@
    daemon_reload: yes
  when: mongodb_enabled
- name: 'Disable+stop systemd service if mongodb_enabled: False'
+- name: Disable 'mongodb' service, if not mongodb_enabled
  systemd:
    name: mongodb
    enabled: no
    state: stopped
  when: not mongodb_enabled
- name: Add 'mongodb' to list of services at {{ iiab_ini_file }}
+- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: mongodb
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/monit/tasks/main.yml
+++ b/roles/monit/tasks/main.yml
@ -5,7 +5,7 @@
  tags:
    - download
- name: Install chkconfig package -- not in Debian 8
+- name: Install chkconfig package (debian-8)
  package:
    name: chkconfig
    state: present
@ -13,7 +13,7 @@
  tags:
    - download
- name: Update main config file
+- name: Install /etc/monitrc from template
  template:
    backup: yes
    src: monitrc
@ -22,15 +22,14 @@
    group: root
    mode: 0600
- name: Update config files
+- name: Install config file /etc/monit.d/watchdog from template
  template:
-    src: "{{ item }}"
+    src: watchdog
-    dest: "/etc/monit.d/{{ item }}"
+    dest: /etc/monit.d/watchdog
    owner: root
    group: root
    force: yes
    mode: 0755
  with_items: watchdog
  register: monit_config
  when: false
  until: monit_config | success
@ -38,16 +37,16 @@
  delay: 1
 #TODO: create systemd script
- name: Enable 'monit' service
+- name: Enable 'monit' service (chkconfig monit on)
  command: chkconfig monit on
  when: is_debian and ansible_local.local_facts.os_ver == "debian-8"
 #- name: Restart monit service
 #  command: service monit restart
- name: Add 'monit' to list of services at {{ iiab_ini_file }}
+- name: Add 'monit' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: monit
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/moodle-1.9/moodle/tasks/main.yml
+++ b/roles/moodle-1.9/moodle/tasks/main.yml
@ -75,11 +75,12 @@
  shell: cat /etc/moodle/adminpw
  register: moodlepw
- name: add moodle to service list
+- name: Add 'moodle' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=moodle
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: moodle
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: Moodle
--- a/roles/moodle/tasks/main.yml
+++ b/roles/moodle/tasks/main.yml
@ -46,21 +46,21 @@
  #ignore_errors: yes
  when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists
- name: Prepare the downloaded directory so Apache can install config file
+- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?)
  file:
    path: "{{ moodle_base }}"
    owner: "{{ apache_user }}"
    recurse: yes
    state: directory
- name: Give Apache permission to write Moodle data directory
+- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} with write permission 0755
  file:
    path: "{{ content_base }}/dbdata/moodle"
    owner: "{{ apache_user }}"
    mode: 0755
    state: directory
- name: Create a Moodle data dir with Apache permission to write
+- name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770    # /library/moodle
  file:
    path: "{{ moodle_data }}"
    owner: "{{ apache_user }}"
@ -73,7 +73,7 @@
    path: "/etc/{{ apache_config_dir }}/moodle.conf"
    state: absent
- name: Install Apache's 022-moodle.conf from template
+- name: Install Apache's 022-moodle.conf from template, if moodle_enabled
  template:
    src: 022-moodle.j2
    dest: "/etc/{{ apache_config_dir }}/022-moodle.conf"
@ -82,25 +82,25 @@
    mode: 0644
  when: moodle_enabled
- name: Create symlink 022-moodle.conf from sites-enabled to sites-available (debuntu)
+- name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu)
  file:
    src: /etc/apache2/sites-available/022-moodle.conf
    dest: /etc/apache2/sites-enabled/022-moodle.conf
    state: link
  when: moodle_enabled and is_debuntu
- name: Remove symlink 022-moodle.conf (debuntu)
+- name: Remove symlink 022-moodle.conf, if not moodle_enabled (debuntu)
  file:
    path: /etc/apache2/sites-enabled/022-moodle.conf
    state: absent
  when: not moodle_enabled and is_debuntu
- name: Start postgresql-iiab
+- name: Restart postgresql-iiab
  service:
    name: postgresql-iiab
    state: restarted
- name: Create db user
+- name: Create PostgreSQL db user Admin/changeme
  postgresql_user:
    name: Admin
    password: changeme
@ -110,7 +110,7 @@
  become: yes
  become_user: postgres
- name: Create database
+- name: 'Create database: {{ moodle_database_name }}'
  postgresql_db:
    name: "{{ moodle_database_name }}"
    encoding: utf8
@ -120,42 +120,42 @@
  become: yes
  become_user: postgres
- name: Put moodle_installer script in {{ moodle_base }}
+- name: Install {{ moodle_base }}/moodle_installer from template
  template:
    dest: "{{ moodle_base }}"
    src: moodle_installer
    dest: "{{ moodle_base }}"
    mode: 0755
- name: Restart postgresql-iiab
+- name: Enable & Restart postgresql-iiab
  service:
    name: postgresql-iiab
    state: restarted
    enabled: yes
  when: moodle_enabled
- name: Restart Apache
+- name: Restart Apache ({{ apache_service }})
  service:
    name: "{{ apache_service }}"
    state: restarted
- name: See if {{ moodle_base }}/config.php exists
+- name: Does {{ moodle_base }}/config.php exist?
  stat:
    path: "{{ moodle_base }}/config.php"
  register: config
- name: Execute moodle_installer script
+- name: Execute {{ moodle_base }}/moodle_installer
-  shell: '{{ moodle_base }}/moodle_installer'
+  shell: "{{ moodle_base }}/moodle_installer"
  when: config.stat.exists is defined and not config.stat.exists
- name: Give Apache permission to read {{ moodle_base }}/config.php
+- name: Give read permission 0644 to {{ moodle_base }}/config.php    # /opt/iiab/moodle/config.php
  #command: chown -R {{ apache_user }} {{ moodle_base }}
  file:
    path: "{{ moodle_base }}/config.php"
    mode: 0644
- name: Add 'moodle' to list of services at {{ iiab_ini_file }}
+- name: Add 'moodle' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: moodle
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/munin/tasks/main.yml
+++ b/roles/munin/tasks/main.yml
@ -40,7 +40,7 @@
    create: yes
    state: present
- name: Enable munin-node service
+- name: Enable & Start munin-node systemd service
  service:
    name: munin-node
    enabled: yes
@ -54,7 +54,7 @@
    state: link
  when: munin_enabled and is_debuntu
- name: Remove symlink munin24.conf in sites-enabled if not munin_enabled (debuntu)
+- name: Remove symlink /etc/apache2/sites-enabled/munin24.conf if not munin_enabled (debuntu)
  file:
    path: /etc/apache2/sites-enabled/munin24.conf
    state: absent
@ -81,9 +81,9 @@
    - /usr/share/munin/plugins/mysql_threads
  when: mysql_enabled
- name: Add 'munin' to list of services at {{ iiab_ini_file }}
+- name: Add 'munin' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: munin
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@ -1,4 +1,4 @@
- name: Install MySQL (debuntu)
+- name: 'Install MySQL packages: mariadb-server, mariadb-client, python-mysqldb and 8 php packages (debuntu)'
  package:
    name:
      - mariadb-server
@ -18,19 +18,19 @@
  tags:
    - download
- name: php-xml (ubuntu or debian-9)
+- name: Install php{{ php_version }}-xml (ubuntu or debian-9)
  package:
    name: "php{{ php_version }}-xml"
    state: present
  when: is_ubuntu or is_debian_9
- name: php-xml (debian-8)
+- name: Install php-xml-parser (debian-8)
  package:
-    name: "php-xml-parser"
+    name: php-xml-parser
    state: present
  when: is_debian_8
- name: Install MySQL (OS's other than debuntu)
+- name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
  package:
    name:
      - MySQL-python
@ -59,14 +59,15 @@
  tags:
    - download
-# Name of mysql service varies by OS so softcoded in 1-prep
+# Name of MySQL service varies by OS so softcoded in 1-prep
- name: Start the MySQL service
+- name: 'Start MySQL systemd service: {{ mysql_service }}'
-  service:
+  systemd:
    name: "{{ mysql_service }}"
    state: started
  when: mysql_enabled
- name: Enable the MySQL service
+- name: Enable MySQL systemd service (upon subsequent boots) if mysql_enabled
-  service:
+  systemd:
    name: "{{ mysql_service }}"
    enabled: yes
  when: mysql_enabled
@ -74,17 +75,15 @@
 # 'localhost' needs to be the last item for idempotency, see
 # http://ansible.cc/docs/modules.html#mysql-user
 # unfortunately it still doesn't work
- name: Update MySQL root password for localhost root accounts
+- name: Update MySQL root password for localhost root accounts, if mysql_enabled
  mysql_user:
    name: root
-    host: "{{ item }}"
+    host: localhost
    password: "{{ mysql_root_password }}"
    priv: "*.*:ALL,GRANT"
  with_items:
    - localhost
  when: mysql_enabled
- name: Install .my.cnf file from template, with root password credentials
+- name: Install .my.cnf file from template, with root password credentials, if mysql_enabled
  template:
    src: my.cnf.j2
    dest: /root/.my.cnf
@ -92,7 +91,7 @@
    mode: 0600
  when: mysql_enabled
- name: Update MySQL root password for all remaining root accounts
+- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1) if mysql_enabled
  mysql_user:
    name: root
    host: "{{ item }}"
@ -104,36 +103,36 @@
    - ::1
  when: mysql_enabled
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
+- name: Delete anonymous MySQL server user for {{ ansible_hostname }}, if mysql_enabled
  mysql_user:
    user: ""
    host: "{{ ansible_hostname }}"
    state: absent
  when: mysql_enabled
- name: Delete anonymous MySQL server user for localhost
+- name: Delete anonymous MySQL server user for localhost, if mysql_enabled
  mysql_user:
    user: ""
    state: absent
  when: mysql_enabled
- name: Remove the MySQL test database
+- name: Remove the MySQL 'test' database, if mysql_enabled
  mysql_db:
    db: test
    state: absent
  when: mysql_enabled
 # we had to start mysql in order to configure it, now turn if off if not enabled
- name: Provisionally Disable the MySQL service
+- name: Config is done but now DISABLE MySQL service, if not mysql_enabled
-  service:
+  systemd:
    name: "{{ mysql_service }}"
    enabled: no
    state: stopped
  when: not mysql_enabled
- name: Add 'mysql' to list of services at {{ iiab_ini_file }}
+- name: Add 'mysql' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: mysql
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/network/tasks/dansguardian.yml
+++ b/roles/network/tasks/dansguardian.yml
@ -5,7 +5,7 @@
  tags:
    - download
- name: Copy DansGuardian config file (Fedora)
+- name: Install /etc/dansguardian/dansguardian.conf from template (Fedora)
  template:
    src: roles/network/templates/squid/dansguardian.conf.j2
    dest: /etc/dansguardian/dansguardian.conf
@ -14,7 +14,7 @@
    mode: 0640
  when: ansible_distribution == "Fedora"
- name: Copy DansGuardian config file (debuntu)
+- name: Install /etc/dansguardian/dansguardian.conf from template (debuntu)
  template:
    src: roles/network/templates/squid/dansguardian.conf.debian.j2
    dest: /etc/dansguardian/dansguardian.conf
@ -23,7 +23,7 @@
    mode: 0640
  when: is_debuntu
- name: Copy DansGuardian config file (CentOS)
+- name: Install /etc/dansguardian/dansguardian.conf from template (CentOS)
  template:
    src: roles/network/templates/squid/dansguardian.conf.centos.j2
    dest: /etc/dansguardian/dansguardian.conf
@ -32,7 +32,7 @@
    mode: 0640
  when: ansible_distribution == "CentOS"
- name: Create 'dansguardian' log directory (OS's other than CentOS)
+- name: Create directory /var/log/dansguardian (OS's other than CentOS)
  file:
    path: /var/log/dansguardian
    owner: dansguardian
@ -41,7 +41,7 @@
    state: directory
  when: ansible_distribution != "CentOS"
- name: Create DansGuardian log directory (CentOS)
+- name: Create directory /var/log/dansguardian (CentOS)
  file:
    path: /var/log/dansguardian
    owner: dansguardian
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@ -11,7 +11,7 @@
    enabled: yes
  when: dhcpd_enabled and dhcpd_install
- name: Copy /etc/sysconfig/dhcpd file
+- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -23,7 +23,7 @@
   - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
  when: dhcpd_enabled and dhcpd_install
- name: Copy named file
+- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -35,63 +35,63 @@
   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }
   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }
- name: Enable named service
+- name: Enable named service ({{ dns_service }}) if named_enabled
-  service:
+  systemd:
    name: "{{ dns_service }}"
    enabled: yes
  when: named_enabled and named_install
- name: Disable named service
+- name: Disable named service ({{ dns_service }}) if not named_enabled
-  service:
+  systemd:
    name: "{{ dns_service }}"
    enabled: no
  when: not named_enabled and named_install
- name: Disable dnsmasq
+- name: Disable dnsmasq, if not dnsmasq_enabled
-  service:
+  systemd:
    name: dnsmasq
    enabled: no
  when: not dnsmasq_enabled and dnsmasq_install
- name: Copy dnsmasq.conf to /etc
+- name: Install /etc/dnsmasq.conf from template, if dnsmasq_enabled
  template:
    src: network/dnsmasq.conf.j2
    dest: /etc/dnsmasq.conf
  when: dnsmasq_enabled and dnsmasq_install
- name: Enable dnsmasq
+- name: Enable dnsmasq systemd service, if dnsmasq_enabled
-  service:
+  systemd:
    name: dnsmasq
    enabled: yes
  when: dnsmasq_enabled and dnsmasq_install
- name: Enable DansGuardian
+- name: Enable DansGuardian systemd service, if dansguardian_enabled
-  service:
+  systemd:
    name: dansguardian
    enabled: yes
  when: dansguardian_enabled and dansguardian_install
- name: Disable DansGuardian
+- name: Disable DansGuardian, if not dansguardian_enabled
-  service:
+  systemd:
    name: dansguardian
    enabled: no
  when: not dansguardian_enabled and dansguardian_install
- name: Create xs_httpcache flag
+- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: '^HTTPCACHE_ON=*'
    line: 'HTTPCACHE_ON=True'
    state: present
  when: squid_enabled and squid_install
- name: Enable Squid service
+- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
-  service:
+  systemd:
    name: "{{ proxy }}"
    enabled: yes
  when: squid_enabled and squid_install
- name: Copy init script and config file
+- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -106,20 +106,20 @@
      mode: 0644
  when: squid_enabled and squid_install
- name: Point to Squid config file from startup file
+- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
  lineinfile:
    regexp: '^CONFIG'
    line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
-    dest: "/etc/init.d/{{ proxy }}"
+    path: "/etc/init.d/{{ proxy }}"
  when: squid_enabled and squid_install and is_debuntu
- name: Disable Squid service
+- name: Disable Squid service, if not squid_enabled
-  service:
+  systemd:
    name: "{{ proxy }}"
    enabled: no
  when: not squid_enabled and squid_install
- name: Remove xs_httpcache flag
+- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
  lineinfile:
    dest: "{{ iiab_env_file }}"
    regexp: '^HTTPCACHE_ON=*'
@ -127,32 +127,30 @@
    state: present
  when: not squid_enabled
- name: Enable Wondershaper service
+- name: Enable Wondershaper service, if wondershaper_enabled
-  service:
+  systemd:
    name: wondershaper
    enabled: yes
  when: wondershaper_enabled and wondershaper_install
- name: Disable Wondershaper service
+- name: Disable Wondershaper service, if not wondershaper_enabled
-  service:
+  systemd:
    name: wondershaper
    enabled: no
  when: not wondershaper_enabled and wondershaper_install
 # check-LAN should be iptables.yml remove later
- name: Grab clean copy of iiab-gen-iptables
+- name: Install clean copy of /usr/bin/iiab-gen-iptables from template
  template:
-    src: "{{ item.0 }}"
+    src: gateway/iiab-gen-iptables
-    dest: "{{ item.1 }}"
+    dest: /usr/bin/iiab-gen-iptables
    owner: root
    group: root
    mode: 0755
  with_items:
   - { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' }
- name: Add 'squid' to list of services at {{ iiab_ini_file }}
+- name: Add 'squid' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: squid
    option: "{{ item.option }}"
    value: "{{ item.value }}"
@ -160,9 +158,9 @@
    - option: enabled
      value: "{{ squid_enabled }}"
- name: Add 'dansguardian' to list of services at {{ iiab_ini_file }}
+- name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: dansguardian
    option: "{{ item.option }}"
    value: "{{ item.value }}"
@ -170,9 +168,9 @@
    - option: enabled
      value: "{{ dansguardian_enabled }}"
- name: Add 'wondershaper' to list of services at {{ iiab_ini_file }}
+- name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: wondershaper
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/network/tasks/named.yml
+++ b/roles/network/tasks/named.yml
@ -1,4 +1,4 @@
- name: Install named packages {bind9, bind9utils} (if debuntu)
+- name: "Install named packages: bind9, bind9utils (debuntu)"
  package:
    name:
      - bind9
@ -8,7 +8,7 @@
  tags:
    - download
- name: Install named packages {bind, bind-utils} (if not debuntu)
+- name: "Install named packages: bind, bind-utils (OS's other than debuntu)"
  package:
    name:
      - bind
@ -25,7 +25,7 @@
    state: stopped
  when: first_run and is_debuntu
- name: Set folder permission
+- name: "Set 3 folders' ownership to {{ dns_user }}:root and permission to 0755"
  file:
    path: "{{ item }}"
    owner: "{{ dns_user }}"
@ -37,7 +37,7 @@
    - /var/named-iiab/data
    - /etc/sysconfig/olpc-scripts/domain_config.d
- name: Configure named
+- name: Install 21 configuration files for named, from templates
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -68,39 +68,39 @@
    - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }
- name: Substitute our unit file which uses $OPTIONS from sysconfig
+- name: Install named unit file /etc/systemd/system/{{ dns_service }}.service, which uses $OPTIONS from sysconfig
  template:
    src: "roles/network/templates/named/{{ dns_service }}.service"
    dest: "/etc/systemd/system/{{ dns_service }}.service"
    mode: 0644
- name: The dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)
+- name: "Install /etc/{{ apache_config_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
 #        in named-iiab.conf, and the redirection of 404 error documents to /
  template:
    src: roles/network/templates/named/dns-jail.conf
    dest: "/etc/{{ apache_config_dir }}/"
  when: dns_jail_enabled
- name: Separate enabling required (if debuntu and dns_jail_enabled)
+- name: Create symlink dns-jail.conf from sites-enabled to sites-available (if debuntu and dns_jail_enabled)
  file:
    src: "/etc/{{ apache_config_dir }}/dns-jail.conf"
    path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
    state: link
  when: is_debuntu and dns_jail_enabled
- name: Separate disabling required (if debuntu and not dns_jail_enabled)
+- name: Remove symlink /etc/{{ apache_service }}/sites-enabled/dns-jail.conf (if debuntu and not dns_jail_enabled)
  file: 
    path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
    state: absent
  when: is_debuntu and not dns_jail_enabled
- name: Separate enabling/disabling required (if not debuntu and not dns_jail_enabled)
+- name: Remove symlink /etc/{{ apache_config_dir }}/dns-jail.conf (if not debuntu and not dns_jail_enabled)
  file:
    path: "/etc/{{ apache_config_dir }}/dns-jail.conf"
    state: absent
  when: not is_debuntu and not dns_jail_enabled
- name: Start named after copying files
+- name: Start named systemd service
-  service:
+  systemd:
    name: "{{ dns_service }}"
    state: started
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@ -1,4 +1,4 @@
- name: Install Squid packages {{ proxy }} and cadaver
+- name: "Install 2 packages: {{ proxy }}, cadaver"
  package:
    name:
      - "{{ proxy }}"
@ -7,7 +7,7 @@
  tags:
    - download
- name: Bigger hammer for Ubuntu
+- name: "Bigger hammer for Ubuntu, run: /etc/init.d/squid stop"
  command: /etc/init.d/squid stop
  when: is_ubuntu
@ -17,13 +17,13 @@
    state: stopped
  when: not installing
- name: Create the Squid user
+- name: "Create the Squid user: {{ proxy_user }}"
  user:
    name: "{{ proxy_user }}"
    createhome: False
    shell: /bin/false
- name: Copy init script and config file
+- name: "Install from template: /usr/bin/iiab-httpcache, /etc/sysconfig/squid, /etc/{{ proxy }}/sites.whitelist.txt and 3 .rules files"
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -62,7 +62,7 @@
      group: 'root'
      mode: '0755'
- name: Create Squid cache directory
+- name: Create Squid directory /library/cache
  file:
    path: /library/cache
    owner: "{{ proxy_user }}"
@ -70,7 +70,7 @@
    mode: 0750
    state: directory
- name: Create Squid log directory
+- name: Create Squid directory /var/log/{{ proxy }}
  file:
    path: "/var/log/{{ proxy }}"
    owner: "{{ proxy_user }}"
@ -82,7 +82,7 @@
  when: dansguardian_install
 # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
- name: Add '{{ proxy }}' to list of services at {{ iiab_ini_file }}
+- name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }}
  ini_file:
    dest: "{{ iiab_ini_file }}"
    section: "{{ proxy }}"
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -1,4 +1,4 @@
- name: Check for existence of /opt/nextcloud/version.php
+- name: Does /opt/nextcloud/version.php exist?
  stat:
    path: "{{ nextcloud_prefix }}/nextcloud/version.php"
  register: nextcloud_page
@ -83,7 +83,7 @@
    state: present
  when: is_redhat
- name: Unpack {{ nextcloud_src_file }} to permanent location /opt/nextcloud
+- name: Unarchive {{ nextcloud_src_file }} to permanent location {{ nextcloud_prefix }}/nextcloud    # e.g. unpack nextcloud_latest-14.tar.bz2 to /opt/nextcloud
  unarchive:
    src: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
    dest: "{{ nextcloud_prefix }}"
@ -150,9 +150,9 @@
 # Enables or disable Nextcloud!
 - include_tasks: nextcloud_enabled.yml
- name: Add 'nextcloud' to list of services at {{ iiab_ini_file }}
+- name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: Nextcloud
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/nodogsplash/tasks/rpi.yml
+++ b/roles/nodogsplash/tasks/rpi.yml
@ -1,9 +1,9 @@
- name: nodogsplash dependencies
+- name: Install package libmicrohttpd12 (Nodogsplash dependencies)
  package:
    name: libmicrohttpd12
    state: present
- name: Download nodogsplash software
+- name: Download {{ iiab_download_url }}/{{ nodogsplash_arm_deb }} to {{ downloads_dir }}
  get_url:
     url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}"
     dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}"
@ -12,9 +12,9 @@
  #async: 300
  #poll: 5
- name: Install nodogsplash
+- name: Install Nodogsplash
  apt:
-    deb="{{ downloads_dir }}/{{ nodogsplash_arm_deb }}"
+    deb: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}"
 #- name: Create nodogsplash.service # deb file has one
 #  template:
@ -25,7 +25,7 @@
 #    group: root
 #    mode: 0644
- name: Install custom files
+- name: Install custom /etc/nodogsplash/nodogsplash.conf, /etc/nodogsplash/htdocs/splash.html
  template:
    backup: no
    src: "{{ item.src }}"
@ -38,23 +38,23 @@
    - { src: 'splash.html.j2', dest: '/etc/nodogsplash/htdocs/splash.html', mode: '0644'}
 # We should probably only start this service on next boot
- name: Enable nodogsplash service
+- name: Enable & Start 'nodogsplash' systemd service, if nodogsplash_enabled
-  service:
+  systemd:
    name: nodogsplash
    enabled: yes
    state: started
  when: nodogsplash_enabled
- name: Disable nodogsplash service
+- name: Disable 'nodogsplash' systemd service, if not nodogsplash_enabled
-  service:
+  systemd:
    name: nodogsplash
    enabled: no
    state: stopped
  when: not nodogsplash_enabled
- name: Add 'nodogsplash' to list of services at {{ iiab_ini_file }}
+- name: Add 'nodogsplash' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: nodogsplash
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@ -43,7 +43,7 @@
    - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$"
    - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$"
- name: "Create 3 directories for: OpenVPN keys, scripts & up_wan"
+- name: 'Create dirs: /etc/openvpn/keys, /etc/openvpn/scripts'
  file:
    path: "{{ item }}"
    state: directory
@ -205,9 +205,9 @@
 #  when: not openvpn_enabled and not installing
- name: Add 'openvpn' to list of services at {{ iiab_ini_file }}
+- name: Add 'openvpn' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: openvpn
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/osm/tasks/main.yml
+++ b/roles/osm/tasks/main.yml
@ -1,30 +1,28 @@
- name: Install OSM required packages (debuntu)
+- name: Install 5 OSM required packages (debuntu)
  package:
-    name: "{{ item }}"
+    name:
      - gcc
      - python-dev
      - liblzma-dev
      - libapache2-mod-wsgi
      - libapache2-mod-xsendfile
    state: present
  with_items:
    - gcc
    - python-dev
    - liblzma-dev
    - libapache2-mod-wsgi
    - libapache2-mod-xsendfile
  when: is_debuntu
- name: Install OSM required packages (not debuntu)
+- name: Install 6 OSM required packages (not debuntu)
  package:
-    name: "{{ item }}"
+    name:
      - python-pip
      - gcc
      - python-devel
      - xz-devel
      - mod_wsgi
      - mod_xsendfile
    state: present
  with_items:
    - python-pip
    - gcc
    - python-devel
    - xz-devel
    - mod_wsgi
    - mod_xsendfile
  when: not is_debuntu
 # OSM wants a specific version do that first
- name: Install Whoosh 2.6 (debuntu)
+- name: Install Whoosh 2.6 using pip, into virtualenv (debuntu)
  pip:
    name: whoosh
    virtualenv: "{{ osm_venv }}"
@ -33,7 +31,7 @@
    extra_args: "--no-cache-dir"
  when: internet_available and is_debuntu
- name: Install Flask 0.12X (debuntu)
+- name: Install Flask 0.12.4 using pip, into virtualenv (debuntu)
  pip:
    name: Flask
    virtualenv: "{{ osm_venv }}"
@ -42,7 +40,7 @@
    extra_args: "--no-cache-dir"
  when: internet_available and is_debuntu
- name: Install OSM with dependencies (debuntu)
+- name: Install OSM with dependencies using pip, into virtualenv (debuntu)
  pip:
    name: "{{ item }}"
    virtualenv: "{{ osm_venv }}"
@ -55,56 +53,56 @@
  when: internet_available and is_debuntu
 # OSM wants a specific version do that first
- name: Install Whoosh 2.6 (not debuntu)
+- name: Install Whoosh 2.6 using pip, into virtualenv (not debuntu)
  pip:
    name: whoosh
    virtualenv: "{{ osm_venv }}"
    virtualenv_site_packages: no
    version: 2.6
-#       extra_args="--no-cache-dir"
+    #extra_args: "--no-cache-dir"
  when: internet_available and not is_debuntu
- name: Install Flask 0.12X (not debuntu)
+- name: Install Flask 0.12.4 using pip, into virtualenv (not debuntu)
  pip:
    name: Flask
    virtualenv: "{{ osm_venv }}"
    virtualenv_site_packages: no
    version: 0.12.4
-#       extra_args="--no-cache-dir"
+    #extra_args: "--no-cache-dir"
  when: internet_available and not is_debuntu
- name: Install OSM with dependencies (not debuntu)
+- name: Install OSM with dependencies using pip, into virtualenv (not debuntu)
  pip:
    name: "{{ item }}"
    virtualenv: "{{ osm_venv }}"
    virtualenv_site_packages: no
-#       extra_args="--no-cache-dir"
+    #extra_args: "--no-cache-dir"
  with_items:
    - MarkupSafe
    - pytz
    - Internet-in-a-Box
  when: internet_available and not is_debuntu
- name: Set osm_path (redhat)
+- name: Set osm_path fact (redhat)
  set_fact:
    #osm_path: "{{ osm_venv }}/{{ python_path }}/iiab"
    osm_path: "{{ osm_venv }}{{ python_path }}/iiab"
  when: osm_enabled and is_redhat
- name: Set osm_path (debuntu)
+- name: Set osm_path fact (debuntu)
  set_fact:
    #osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab"
    osm_path: "{{ osm_venv }}lib/python2.7/site-packages/iiab"
  when: osm_enabled and is_debuntu
- name: Point wsgi to virtual environment (all OS's)
+- name: Point wsgi to virtual environment
  lineinfile:
-    dest: "{{ osm_venv }}/bin/iiab.wsgi"
+    path: "{{ osm_venv }}/bin/iiab.wsgi"
    regexp: "path_to_virtualenv = None"
    line: "path_to_virtualenv = '/usr/local/osm'"
    state: present
- name: Copy OSM config file (all OS's)
+- name: Install /etc/{{ apache_config_dir }}/osm.conf from template
  template:
    src: osm.conf.j2
    dest: "/etc/{{ apache_config_dir }}/osm.conf"
@ -114,41 +112,41 @@
    backup: no
  when: osm_enabled
- name: Create a link from sites-enabled to sites-available (debuntu)
+- name: Create softlink osm.conf from sites-enabled to sites-available (debuntu)
  file:
    src: "/etc/{{ apache_config_dir }}/osm.conf"
-    dest: /etc/apache2/sites-enabled/osm.conf
+    path: /etc/apache2/sites-enabled/osm.conf
    state: link
  when: osm_enabled and is_debuntu
- name: Remove the link from sites-enabled to sites-available (debuntu)
+- name: Remove softlink osm.conf from sites-enabled (debuntu)
  file:
-    dest: /etc/apache2/sites-enabled/osm.conf
+    path: /etc/apache2/sites-enabled/osm.conf
    state: absent
  when: not osm_enabled and is_debuntu
- name: Remove the osm.conf (redhat)
+- name: Remove /{{ apache_config_dir }}/osm.conf (redhat)
  file:
-    dest: "/{{ apache_config_dir }}/osm.conf"
+    path: "/{{ apache_config_dir }}/osm.conf"
    state: absent
  when: not osm_enabled and is_redhat
- name: Remove link to cgi (all OS's)
+- name: Remove link {{ doc_root }}/osm.wsgi
  file:
-    dest: "{{ doc_root }}/osm.wsgi"
+    path: "{{ doc_root }}/osm.wsgi"
    state: absent
  when: not osm_enabled
- name: Create link to cgi (all OS's)
+- name: Create softlink osm.wsgi to iiab.cgi
  file:
    src: "{{ osm_venv }}/bin/iiab.wsgi"
-    dest: "{{ doc_root }}/osm.wsgi"
+    path: "{{ doc_root }}/osm.wsgi"
    owner: root
    group: root
    state: link
  when: osm_enabled
- name: Create the knowledge data set folders
+- name: Create dir /library/knowledge/modules
  file:
    path: /library/knowledge/modules
    state: directory
@ -156,7 +154,7 @@
    group: "{{ apache_user }}"
 # the following was brought into OSM playbook from iiab-factory osm-fix script
- name: Copy the files
+- name: Install 6 files from templates
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -174,9 +172,9 @@
    name: "{{ apache_service }}"
    state: restarted
- name: Add 'osm' to list of services at {{ iiab_ini_file }}
+- name: Add 'osm' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: osm
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/owncloud/tasks/main.yml
+++ b/roles/owncloud/tasks/main.yml
@ -105,11 +105,12 @@
 - include_tasks: owncloud_enabled.yml
  when: owncloud_enabled
- name: Add owncloud to service list
+- name: Add 'owncloud' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=owncloud
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: owncloud
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: owncloud
--- a/roles/pathagar/tasks/main.yml
+++ b/roles/pathagar/tasks/main.yml
@ -188,14 +188,14 @@
    state: absent
  when: not pathagar_enabled and is_debuntu
- name: Restart http
+- name: Reload Apache ({{ apache_service }})
-  service:
+  systemd:
    name: "{{ apache_service }}"
    state: reloaded
- name: Add 'pathagar' to list of services at {{ iiab_ini_file }}
+- name: Add 'pathagar' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: pathagar
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/phpmyadmin/tasks/main.yml
+++ b/roles/phpmyadmin/tasks/main.yml
@ -1,4 +1,4 @@
- name: Download phpMyAdmin software
+- name: Download {{ iiab_download_url }}/{{ phpmyadmin_name_zip }} to {{ downloads_dir }}
  get_url:
    url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}"
    dest: "{{ downloads_dir }}"
@ -6,7 +6,7 @@
  #register: phpmyadmin_dl_output
  when: internet_available
- name: Check if /opt/iiab/downloads/{{ phpmyadmin_name_zip }} exists
+- name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist?    # e.g. /opt/iiab/downloads/phpMyAdmin-4.8.3-all-languages.zip
  stat:
    path: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }}"
  register: phpmyadmin_dl
@ -22,14 +22,14 @@
    dest: /opt
    owner: "{{ apache_user }}"
- name: Create symbolic link /opt/phpmyadmin to phpMyAdmin folder above
+- name: Create symlink from /opt/phpmyadmin to {{ phpmyadmin_name }}
  file:
    src: "{{ phpmyadmin_name }}"
-    dest: /opt/phpmyadmin
+    path: /opt/phpmyadmin
    owner: "{{ apache_user }}"
    state: link
- name: Copy phpMyAdmin's config file into place
+- name: Install /opt/phpmyadmin/config.inc.php from template
  template:
    src: config.inc.php
    dest: /opt/phpmyadmin/config.inc.php
@ -46,28 +46,28 @@
 #   #  recurse: yes
 #   #  state: directory
- name: Put the alias into Apache config when enabled
+- name: Install /etc/{{ apache_config_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled
  template:
    src: phpmyadmin.j2
    dest: "/etc/{{ apache_config_dir }}/phpmyadmin.conf"
  when: phpmyadmin_enabled
- name: Enable phpMyAdmin
+- name: Create symlink phpmyadmin.conf from sites-enabled to sites-available (debuntu)
  file:
    src: /etc/apache2/sites-available/phpmyadmin.conf
-    dest: /etc/apache2/sites-enabled/phpmyadmin.conf
+    path: /etc/apache2/sites-enabled/phpmyadmin.conf
    state: link
  when: phpmyadmin_enabled and is_debuntu
- name: Remove the alias into Apache config when not enabled
+- name: Remove /etc/apache2/sites-enabled/phpmyadmin.conf, if not phpmyadmin_enabled (debuntu)
  file:
    path: /etc/apache2/sites-enabled/phpmyadmin.conf
    state: absent
  when: not phpmyadmin_enabled and is_debuntu
- name: Add 'phpmyadmin' to list of services at {{ iiab_ini_file }}
+- name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: phpmyadmin
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -21,7 +21,7 @@
  tags:
    - download
- name: Create postgresql-iiab systemd service
+- name: Install /etc/systemd/system/postgresql-iiab.service from template
  template:
    src: postgresql-iiab.service
    dest: /etc/systemd/system/postgresql-iiab.service
@ -29,7 +29,7 @@
    group: root
    mode: 0644
- name: Create postgres data directory
+- name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres
  file:
    path: /library/pgsql-iiab
    owner: postgres
@ -37,17 +37,17 @@
    mode: 0700
    state: directory
- name: Make sure that the en_US locale is enabled (debuntu)
+- name: Make sure locale {{ postgresql_locale }} is enabled (debuntu)    # en_US.UTF-8
  lineinfile:
    dest: /etc/locale.gen
    line: "{{ postgresql_locale }} UTF-8"
  when: is_debuntu
- name: Generate the selected locales (debuntu)
+- name: Generate locales (debuntu)
  command: /usr/sbin/locale-gen
  when: is_debuntu
- name: Initialize the postgres db (debuntu)
+- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (debuntu)
  #command: su - postgres -c "/usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab"
  command: /usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab
  args:
@ -56,7 +56,7 @@
  become_user: postgres
  when: is_debuntu
- name: Initialize the postgres db (OS's other than debuntu)
+- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (OS's other than debuntu)
  #command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab"
  command: /usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab
  args:
@ -65,7 +65,7 @@
  become_user: postgres
  when: not is_debuntu
- name: Configure PostgreSQL
+- name: Install /library/pgsql-iiab/postgresql.conf owned by postgres:postgres, from template
  template:
    backup: yes
    src: postgresql.conf.j2
@ -74,34 +74,35 @@
    group: postgres
    mode: 0640
- name: Stop postgresql service (debuntu)
+# Probably Not Nec!  Given stanza below does the same.
 - name: 'Stop postgresql service: /etc/init.d/postgresql stop (debuntu)'
  command: "/etc/init.d/postgresql stop"
  ignore_errors: True
  when: postgresql_install and is_debuntu
- name: Stop and disable stock postgresql service
+- name: Disable stock postgresql service
-  service:
+  systemd:
    name: postgresql
    state: stopped
    enabled: no
- name: Start and enable postgresql-iiab service
+- name: Enable & Start postgresql-iiab systemd service, if postgresql_enabled
-  service:
+  systemd:
    name: postgresql-iiab
    state: started
    enabled: yes
  when: postgresql_enabled
- name: Stop and disable postgresql-iiab service if not postgresql_enabled
+- name: Disable postgresql-iiab service, if not postgresql_enabled
-  service:
+  systemd:
    name: postgresql-iiab
    state: stopped
    enabled: no
  when: not postgresql_enabled
- name: Add 'postgresql' to list of services at {{ iiab_ini_file }}
+- name: Add 'postgresql' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: postgresql
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/rachel/tasks/main.yml
+++ b/roles/rachel/tasks/main.yml
@ -23,11 +23,12 @@
 - include_tasks: rachel_enabled.yml
  when: rachel_enabled and rachel_content_found
- name: Add rachel to service list
+- name: Add 'rachel' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=rachel
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: rachel
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: rachel
--- a/roles/samba/tasks/main.yml
+++ b/roles/samba/tasks/main.yml
@ -1,23 +1,19 @@
---
+- name: "Create smb user: {{ smbuser }}"
 # Create a smbuser
 #
 - name: Create smb user
  user:
    name: "{{ smbuser }}"
    shell: /sbin/nologin
    password: "{{ smbpassword }}"
- name: Create the public folder
+- name: "Create public folder: {{ shared_dir }}"
  file:
-    dest: "{{ shared_dir }}"
+    path: "{{ shared_dir }}"
    owner: "{{ smbuser }}"
    group: "{{ smbuser }}"
    mode: 0777
    state: directory
 # Install and configure samba server (requires ports 137, 138, 139, 445 open).
- name: Install packages {samba, samba-client, samba-common, cifs-client}
+- name: "Install 4 packages: samba, samba-client, samba-common, cifs-client"
  package:
    name:
      - samba
@ -29,50 +25,50 @@
    - samba
    - download
- name: Put our smb.conf in place
+- name: Install /etc/samba/smb.conf from template
  template:
    src: smb.conf.j2
    dest: /etc/samba/smb.conf
- name: Ensure Samba is running and set to start on boot.
+- name: Enable & Start Samba systemd service
  service:
    name: "{{ smb_service }}"
    state: started
    enabled: yes
  tags:
    - samba
-  when : samba_enabled
+  when: samba_enabled
- name: NetBIOS name server is running and set to start on boot
+- name: Enable & Start NetBIOS name server ({{ nmb_service }})
  service:
    name: "{{ nmb_service }}"
    state: started
    enabled: yes
  tags:
    - samba
-  when : samba_enabled
+  when: samba_enabled
- name: Disable Samba if that is wanted
+- name: Disable Samba if not samba_enabled
  service:
    name: "{{ smb_service }}"
    state: stopped
    enabled: no
  tags:
    - samba
-  when : not samba_enabled
+  when: not samba_enabled
- name: Disable Samba name server if that is wanted
+- name: Disable NetBIOS name server ({{ nmb_service }}) if not samba_enabled
  service:
    name: "{{ nmb_service }}"
    state: stopped
    enabled: no
  tags:
    - samba
-  when : not samba_enabled
+  when: not samba_enabled
- name: Add 'samba' to list of services at {{ iiab_ini_file }}
+- name: Add 'samba' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: samba
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/schooltool/tasks/main.yml
+++ b/roles/schooltool/tasks/main.yml
@ -55,11 +55,12 @@
           enabled=no
  when: not schooltool_enabled
- name: add schooltool to service list
+- name: Add 'schooltool' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=schooltool
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: schooltool
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: Schooltool
--- a/roles/sugar-stats/tasks/main.yml
+++ b/roles/sugar-stats/tasks/main.yml
@ -40,11 +40,12 @@
 - include_tasks: statistics-consolidation.yml
- name: Add sugar-stats to service list
+- name: Add 'sugar-stats' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=sugar_stats
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: sugar_stats
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: sugar_stats
--- a/roles/sugarizer/tasks/main.yml
+++ b/roles/sugarizer/tasks/main.yml
@ -6,6 +6,7 @@
    warn: no
  when: sugarizer_version == "sugarizer-1.0"
 # 1. DOWNLOAD+LINK /opt/iiab/sugarizer
 - name: Clone llaske/sugarizer ({{ sugarizer_git_version }}) from GitHub to /opt/iiab (MAY DOWNLOAD 600+ MB)
@ -17,12 +18,13 @@
    depth: 1
  when: internet_available
- name: Create symbolic link /opt/iiab/sugarizer -> /opt/iiab/{{ sugarizer_version }}
+- name: Create symlink /opt/iiab/sugarizer -> /opt/iiab/{{ sugarizer_version }}
  file:
    src: "{{ sugarizer_location }}/{{ sugarizer_version }}"
    dest: "{{ sugarizer_location }}/sugarizer"
    state: link
 # 2. DOWNLOAD+LINK /opt/iiab/sugarizer-server
 # 2018-07-11: http://download.iiab.io/packages/sugarizer-server-1.0.tar.gz
@ -55,6 +57,7 @@
    dest: "{{ sugarizer_location }}/sugarizer-server"
    state: link
 # 3. INSTALL A GOOD VERSION OF Node.js AND npm
 - name: Set up Node.js 8.x apt sources (debuntu, but avoid ubuntu-18)
@ -98,6 +101,7 @@
    state: latest
  when: internet_available and (is_ubuntu_18 or not is_debuntu)
 # 4. RUN "npm install" TO POPULATE ~35MB /opt/iiab/sugarizer-server/node_modules
 # Re-running "npm install" USED TO fail on Raspbian 9 if not other OS's ?
@ -170,9 +174,10 @@
    chdir: "{{ sugarizer_location }}/{{  sugarizer_server_version }}"
  when: internet_available
 # 5. PLACE CONFIG FILES
- name: Configure sugarizer.service (systemd), sugarizer.conf (Apache) and sugarizer.ini
+- name: "Install from templates: sugarizer.service (systemd), sugarizer.conf (Apache), sugarizer.ini and sugarizer-server"
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -185,15 +190,23 @@
    - { src: 'sugarizer.service.j2', dest: '/etc/systemd/system/sugarizer.service', mode: '0644' }
    - { src: 'sugarizer.js', dest: '/opt/iiab/sugarizer-server', mode: '0644' }
- name: Create symlink for short URL http://box/sugarizer
+- name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URL http://box/sugarizer (debuntu)
  file:
    src: /etc/apache2/sites-available/sugarizer.conf
-    dest: /etc/apache2/sites-enabled/sugarizer.conf
+    path: /etc/apache2/sites-enabled/sugarizer.conf
    state: link
  when: sugarizer_enabled and is_debuntu
 - name: "Remove symlink /etc/apache2/sites-enabled/sugarizer.conf, if sugarizer_enabled: False (debuntu)"
  file:
    path: /etc/apache2/sites-enabled/sugarizer.conf
    state: absent
  when: not sugarizer_enabled and is_debuntu
 # 6. RESTART/STOP SYSTEMD SERVICE
- name: Enable+restart systemd service if sugarizer_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?)
+- name: Enable & Restart systemd service if sugarizer_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?)
  systemd:
    name: sugarizer
    enabled: yes
@ -201,19 +214,19 @@
    daemon_reload: yes
  when: sugarizer_enabled
- name: Restart Apache so http://box/sugarizer works (not just http://box:8089)
+- name: "Disable systemd service, if sugarizer_enabled: False"
  systemd:
    name: "{{ apache_service }}"    # httpd or apache2
    state: restarted
  when: sugarizer_enabled
 - name: 'Disable+stop systemd service if sugarizer_enabled: False'
  systemd:
    name: sugarizer
    enabled: no
    state: stopped
  when: not sugarizer_enabled
 - name: Restart Apache ({{ apache_service }}) to enable/disable http://box/sugarizer (not just http://box:8089)
  systemd:
    name: "{{ apache_service }}"    # httpd or apache2
    state: restarted
  #when: sugarizer_enabled
 #- name: Enable services (all OS's)
 #  service:
 #    name: "{{ item.name }}"
@ -231,9 +244,9 @@
 #    state: stopped
 #  when: not sugarizer_enabled
- name: Add 'sugarizer' to list of services at {{ iiab_ini_file }}
+- name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: sugarizer
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/teamviewer/tasks/main.yml
+++ b/roles/teamviewer/tasks/main.yml
@ -8,11 +8,12 @@
  include_tasks: install.yml
  when: teamviewer_install
- name: Add teamviewer to service list
+- name: Add 'teamviewer' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=teamviewer
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: teamviewer
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: teamviewer
--- a/roles/transmission/tasks/main.yml
+++ b/roles/transmission/tasks/main.yml
@ -1,11 +1,11 @@
- name: Install packages transmission-daemon and transmission-cli
+- name: 'Install packages: transmission-daemon, transmission-cli'
  package:
    name:
      - transmission-daemon
      - transmission-cli
    state: present
- name: Create /library/transmission download directory
+- name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }}    # /library/transmission
  file:
    path: "{{ transmission_download_dir }}"
    owner: "{{ transmission_user }}"
@ -19,7 +19,7 @@
    state: stopped
  ignore_errors: yes
- name: Create transmission-daemon settings
+- name: Install /etc/transmission-daemon/settings.json from template
  template:
    src: settings.json.j2
    dest: /etc/transmission-daemon/settings.json
@ -27,7 +27,7 @@
    owner: "{{ transmission_user }}"
    group: "{{ transmission_group }}"
- name: Enable and Restart transmission-daemon service
+- name: Enable & Restart transmission-daemon systemd service, incl daemon-reload
  systemd:
    name: transmission-daemon
    daemon_reload: yes
@ -45,7 +45,7 @@
  when: transmission_enabled and transmission_provision and transmission_kalite_languages is defined and transmission_kalite_languages is not none
  ignore_errors: yes
- name: Disable transmission-daemon service
+- name: Disable transmission-daemon service, if not transmission_enabled
  systemd:
    name: transmission-daemon
    daemon_reload: yes
@ -53,9 +53,9 @@
    state: stopped
  when: not transmission_enabled
- name: Add transmission to list of services at {{ iiab_ini_file }}
+- name: Add 'transmission' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: transmission
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/usb-lib/tasks/main.yml
+++ b/roles/usb-lib/tasks/main.yml
@ -1,12 +1,12 @@
- name: Add a content directory for links to be located
+- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
  file:
-    dest: "{{ doc_root }}/local_content"
+    path: "{{ doc_root }}/local_content"
    state: directory
    owner: "{{ apache_user }}"
    group: "{{ iiab_admin_user }}"    # ISN'T "{{ apache_user }}" MORE APPROPRIATE?
    mode: 0775
- name: Copy mount file to usbmount when enabled
+- name: Install /etc/usbmount/mount.d/70-usb-library from template
  template:
    src: mount.d/70-usb-library
    dest: /etc/usbmount/mount.d/
@ -15,7 +15,7 @@
    mode: 0751
  when: usb_lib_enabled
- name: Install udev to systemd link -> usbmount
+- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb-lib-show-all-on, /usr/bin/iiab-usb-lib-show-all-off'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -26,13 +26,13 @@
    - { src: 'iiab-usb-lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
    - { src: 'iiab-usb-lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
- name: Enable exFAT and NTFS
+- name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf
  lineinfile: 
    regexp: '^FILESYSTEMS.*'
    line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
-    dest: /etc/usbmount/usbmount.conf
+    path: /etc/usbmount/usbmount.conf
- name: Copy umount file to usbmount when enabled
+- name: Install /etc/usbmount/umount.d/70-usb-library from template
  template:
    src: umount.d/70-usb-library
    dest: /etc/usbmount/umount.d
@ -41,13 +41,13 @@
    mode: 0751
  when: usb_lib_enabled
- name: Remove mount file to usbmount when not enabled
+- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
  file:
    path: /etc/usbmount/mount.d/70-usb-library
    state: absent
  when: not usb_lib_enabled
- name: Remove umount file to usbmount when not enabled
+- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled
  file:
    path: /etc/usbmount/umount.d/70-usb-library
    state: absent
@ -55,39 +55,38 @@
 - name: Put variable in iiab.env that enables display of content at root of USB
  lineinfile:
-    dest: "{{ iiab_env_file }}"
+    path: "{{ iiab_env_file }}"
    regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
    line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}"
- name: Add Apache config for content directory
+- name: Install /etc/{{ apache_config_dir }}/content_dir.conf from template
  template:
    src: content_dir.conf
    dest: "/etc/{{ apache_config_dir }}"
  when: usb_lib_enabled
- name: Create the link to enable (debuntu)
+- name: Create symlink content_dir.conf from sites-enabled to sites-available (debuntu)
  file:
    src: "/etc/{{ apache_config_dir }}/content_dir.conf"
    dest: /etc/apache2/sites-enabled/content_dir.conf
    state: link
  when: is_debuntu
- name: Remove the link that enables (debuntu)
+- name: Remove symlink content_dir.conf from /etc/apache2/sites-enabled (debuntu)
  file:
    src: "/etc/{{ apache_config_dir }}/content_dir.conf"
    dest: /etc/apache2/sites-enabled/content_dir.conf
    state: absent
  when: is_debuntu and not usb_lib_enabled
- name: Remove Apache config for content directory
+- name: Remove content_dir.conf from /etc/{{ apache_config_dir }}
  file:
    name: "/etc/{{ apache_config_dir }}/content_dir.conf"
    state: absent
  when: not usb_lib_enabled
- name: Add usb-lib to service list
+- name: Add 'usb-lib' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: usb-lib
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/vnstat/tasks/main.yml
+++ b/roles/vnstat/tasks/main.yml
@ -21,14 +21,14 @@
  when: iiab_lan_iface is defined
 - name: Enable & Start vnStat's systemd service
-  service:
+  systemd:
    name: vnstat
    enabled: yes
    state: started
- name: Add 'vnstat' to list of services at {{ iiab_ini_file }}
+- name: Add 'vnstat' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: vnstat
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/wordpress/tasks/install.yml
+++ b/roles/wordpress/tasks/install.yml
@ -11,7 +11,7 @@
 # and security enhancements using timestamps under /library/wordpress, as these
 # can arise without warning when WordPress is online, since WordPress ~4.8
- name: Download the latest WordPress software
+- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}
  get_url:
    url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
    dest: "{{ downloads_dir }}"
@ -21,14 +21,14 @@
  register: wp_download_output
  when: internet_available
- name: Create link /opt/iiab/downloads/wordpress.tar.gz pointing to {{ wp_download_output.dest }}
+- name: Create symlink from /opt/iiab/downloads/wordpress.tar.gz to {{ wp_download_output.dest }}
  file:
    src: "{{ wp_download_output.dest }}"
-    dest: "{{ downloads_dir }}/wordpress.tar.gz"
+    path: "{{ downloads_dir }}/wordpress.tar.gz"
    state: link
  when: wp_download_output.dest is defined
- name: Check if /opt/iiab/downloads/wordpress.tar.gz link exists
+- name: Does /opt/iiab/downloads/wordpress.tar.gz link exist?
  stat:
    path: "{{ downloads_dir }}/wordpress.tar.gz"
  register: wp_link
@ -61,7 +61,7 @@
 - name: Make /library/wordpress directories 775 so Apache can traverse and write (most files remain 0664)
  command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +"
- name: Copy wp salt values
+- name: Install {{ wp_abs_path }}/wp-keys.php.BAK
  copy:
    src: wp-keys.php.BAK
    dest: "{{ wp_abs_path }}/wp-keys.php.BAK"
@ -71,7 +71,7 @@
 # Fetch random salts for WordPress config into wp-keys.php file by generating script and running
- name: Create wp salt script
+- name: Install script /tmp/get-iiab-wp-salts from template
  template:
    src: get-iiab-wp-salts.j2
    dest: /tmp/get-iiab-wp-salts
@ -79,20 +79,20 @@
    group: root
    mode: 0700
- name: Run wp salt script to create /library/wordpress/wp-keys.php
+- name: Run /tmp/get-iiab-wp-salts to create /library/wordpress/wp-keys.php
  command: /tmp/get-iiab-wp-salts
- name: Cleanup - remove wp salt script
+- name: Remove script /tmp/get-iiab-wp-salts
  file:
    path: /tmp/get-iiab-wp-salts
    state: absent
- name: MySQL database needs to be running if we are trying to create a new db
+- name: Start MySQL systemd service
  service:
    state: started
    name: "{{ mysql_service }}"
- name: Create MySQL wordpress database
+- name: 'Create MySQL wordpress database: {{ wp_db_name }}'
  mysql_db:
    name: "{{ wp_db_name }}"
    state: present
@ -104,7 +104,7 @@
    priv: "{{ wp_db_name }}.*:ALL,GRANT"
    state: present
- name: Copy wp-config.php
+- name: Install {{ wp_abs_path }}/wp-config.php
  template:
    src: wp-config.php.j2
    dest: "{{ wp_abs_path }}/wp-config.php"
@ -112,32 +112,32 @@
    group: "{{ apache_user }}"
    mode: 0660
- name: Copy wordpress.conf to permit http://box{{ wp_url }}
+- name: Install etc/{{ apache_config_dir }}/wordpress.conf from template, for http://box{{ wp_url }}
  template:
    src: wordpress.conf.j2
    dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
- name: Enable wordpress.conf if wordpress_enabled (debuntu)
+- name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu)
  file:
    src: /etc/apache2/sites-available/wordpress.conf
-    dest: /etc/apache2/sites-enabled/wordpress.conf
+    path: /etc/apache2/sites-enabled/wordpress.conf
    state: link
  when: wordpress_enabled and is_debuntu
- name: Remove wordpress.conf if not wordpress_enabled (debuntu)
+- name: Remove /etc/apache2/sites-enabled/wordpress.conf if not wordpress_enabled (debuntu)
  file:
    path: /etc/apache2/sites-enabled/wordpress.conf
    state: absent
  when: not wordpress_enabled and is_debuntu
 - name: Restart Apache to enable/disable http://box{{ wp_url }}
-  service:
+  systemd:
    name: "{{ apache_service }}"
    state: restarted
- name: Add 'wordpress' to list of services at {{ iiab_ini_file }}
+- name: Add 'wordpress' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"
    section: wordpress
    option: "{{ item.option }}"
    value: "{{ item.value }}"
--- a/roles/xovis/tasks/main.yml
+++ b/roles/xovis/tasks/main.yml
@ -1,4 +1,4 @@
- name: Install Couchdb and other necessary packages
+- name: Install CouchDB and other necessary packages
  package: name={{ item }}
           state=present
  with_items:
@ -45,13 +45,13 @@
 - name: Allow access to Couchdb from other hosts
  command: sed -i 's/^\(bind_address\s*=\s*\).*$/\10\.0\.0\.0/' /etc/couchdb/default.ini
- name: Enable Couchdb service
+- name: Enable CouchDB service
  service: name=couchdb
           enabled=yes
           state=started
  when: xovis_enabled
- name: Wait for couchdb to become ready
+- name: Wait for CouchDB to become ready
  wait_for: port=5984
            delay=1
            timeout=5
@ -66,7 +66,7 @@
  register: found_db
  ignore_errors: yes
- name: Create Couchdb database if does not already exist
+- name: Create CouchDB database if does not already exist
  command: kanso createdb {{ xovis_db_url }}
  when: xovis_enabled and found_db.stdout != xovis_db_name
@ -81,11 +81,12 @@
  --server http://{{ xovis_db_login }}@{{ xovis_target_host }}"
  when: xovis_enabled
- name: Add xovis to service list
+- name: Add 'xovis' variable values to {{ iiab_ini_file }}
-  ini_file: dest='{{ iiab_ini_file }}'
+  ini_file:
-            section=xovis
+    path: "{{ iiab_ini_file }}"
-            option='{{ item.option }}'
+    section: xovis
-            value='{{ item.value }}'
+    option: "{{ item.option }}"
    value: "{{ item.value }}"
  with_items:
    - option: name
      value: xovis