external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-15 04:32:11 +00:00
Code Issues Releases Wiki Activity

Merge pull request #367 from iiab/master

Browse source 
sync from iiab:master
This commit is contained in:
A Holt 2020-02-10 09:02:48 -05:00 committed by GitHub
commit 159512ed03
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
131 changed files with 2135 additions and 1625 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/0-DEPRECATED-ROLES/pathagar/tasks/main.yml
View file

@ -3,7 +3,7 @@
postgresql_install: True
postgresql_enabled: True
- name: POSTGRESQL - run the 'postgresql' role
- name: POSTGRESQL - run 'postgresql' role
include_role:
name: postgresql

2
roles/2-common/tasks/main.yml
View file

@ -52,6 +52,6 @@
- name: Recording STAGE 2 HAS COMPLETED ==========================
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=2'

2
roles/3-base-server/tasks/main.yml
View file

@ -23,6 +23,6 @@
- name: Recording STAGE 3 HAS COMPLETED =====================
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=3'

2
roles/4-server-options/tasks/main.yml
View file

@ -50,6 +50,6 @@
- name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=4'

2
roles/5-xo-services/tasks/main.yml
View file

@ -23,6 +23,6 @@
- name: Recording STAGE 5 HAS COMPLETED =====================
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=5'

2
roles/6-generic-apps/tasks/main.yml
View file

@ -67,6 +67,6 @@
- name: Recording STAGE 6 HAS COMPLETED ====================
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=6'

2
roles/7-edu-apps/tasks/main.yml
View file

@ -47,6 +47,6 @@
- name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=7'

2
roles/8-mgmt-tools/tasks/main.yml
View file

@ -35,6 +35,6 @@
- name: Recording STAGE 8 HAS COMPLETED ======================
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=8'

3
roles/9-local-addons/tasks/main.yml
View file

@ -12,7 +12,6 @@
- name: CAPTIVE PORTAL
include_role:
name: captiveportal
#include_tasks: roles/captiveportal/tasks/main.yml
when: captiveportal_install | bool
- name: MINETEST
@ -52,6 +51,6 @@
- name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^STAGE=*'
line: 'STAGE=9'

12
roles/awstats/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
command: a2ensite awstats.conf
when: awstats_enabled | bool
- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
command: a2dissite awstats.conf
when: not awstats_enabled
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

55
roles/awstats/tasks/enable.yml
View file

@ -1,55 +0,0 @@
# Apache
- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
command: a2ensite awstats.conf
when: apache_install and awstats_enabled
- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
command: a2dissite awstats.conf
when: apache_install and not awstats_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box/awstats via NGINX, by installing /etc/nginx/cgi-bin.php & {{ nginx_conf_dir }}/awstats-nginx.conf from template
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "awstats-nginx.conf", dest: "{{ nginx_conf_dir }}/" }
- { src: "cgi-bin.php", dest: "/etc/nginx/" }
when: nginx_install and awstats_enabled
- name: Disable http://box/awstats_url via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf
file:
path: "{{ nginx_conf_dir }}/awstats-nginx.conf"
state: absent
when: nginx_install and not awstats_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: awstats
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: AWStats
- option: description
value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
- option: install
value: "{{ awstats_install }}"
- option: enabled
value: "{{ awstats_enabled }}"

52
roles/awstats/tasks/install.yml
View file

@ -1,3 +1,10 @@
# TO DO:
#
# - Prepare for a possible future w/o Apache by verifying/refining below...
# - 5 'when: apache_install | bool'
# - 1 'when: nginx_install | bool'
# - 8 core stanzas w/o such 'when:' clauses
- name: 'Install 3 packages: awstats, openssl, pwauth'
package:
name:
@ -12,33 +19,47 @@
- libapache2-mod-authnz-external
- apache2-utils
state: present
when: apache_install | bool
- name: Enable cgi execution via Apache
- name: Run 'a2enmod cgi' to enable cgi execution via Apache
command: a2enmod cgi
when: apache_install | bool
- name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}' # /library/awstats & /var/log/apache2 typically
- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
file:
state: directory
recurse: yes
path: "{{ apache_log_dir }}" # /var/log/apache2 on debuntu
owner: "{{ apache_user }}" # www-data on debuntu
group: "{{ apache_user }}"
mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits
#force: yes
when: apache_install | bool
- name: Create 2 directories... mkdir {{ awstats_data_dir }} (intermediate summary storage) and /usr/lib/cgi-bin/awstats, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
file:
state: directory
recurse: yes
path: "{{ item }}"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0750'
state: directory
recurse: yes
force: yes
mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits
#force: yes
with_items:
- "{{ awstats_data_dir }}"
- "{{ apache_log_dir }}"
- "{{ awstats_data_dir }}" # /library/awstats
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
template:
src: apache-awstats.conf
dest: "/etc/{{ apache_conf_dir }}/awstats.conf"
dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu
when: apache_install | bool
- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
template:
src: logrotate.d.apache2
dest: /etc/logrotate.d/apache2
when: apache_install | bool
- name: Does /etc/awstats/awstats.conf exist?
stat:
@ -59,22 +80,25 @@
template:
src: awstats.schoolserver.conf.j2
dest: /etc/awstats/awstats.schoolserver.conf
# when: awstats_enabled | bool
- name: Symlink /etc/awstats/awstats.conf -> /etc/awstats/awstats.schoolserver.conf for access by IP address
file:
src: /etc/awstats/awstats.schoolserver.conf
path: /etc/awstats/awstats.conf
state: link
# when: awstats_enabled | bool
# - name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu)
# shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
# when: awstats_enabled and not is_debuntu
- name: On first enabling of AWStats, summarize httpd logs up to now
- name: "Summarize logs up to now: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update"
shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
# when: awstats_enabled | bool
- name: Install /etc/nginx/cgi-bin.php from template
template:
src: cgi-bin.php
dest: /etc/nginx/
when: nginx_install | bool
# RECORD AWStats AS INSTALLED
@ -85,6 +109,6 @@
- name: "Add 'awstats_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^awstats_installed'
line: 'awstats_installed: True'

55
roles/awstats/tasks/main.yml
View file

@ -1,7 +1,50 @@
- name: Install AWStats if awstats_install
include_tasks: install.yml
when: awstats_install and not awstats_installed is defined
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable AWStats
include_tasks: enable.yml
when: awstats_install or awstats_installed is defined
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "awstats_install is sameas true" (boolean not string etc)
assert:
that: awstats_install is sameas true
fail_msg: "PLEASE SET 'awstats_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "awstats_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: awstats_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'awstats_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: awstats_installed is undefined
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: awstats
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: AWStats
- option: description
value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
- option: install
value: "{{ awstats_install }}"
- option: enabled
value: "{{ awstats_enabled }}"

16
roles/awstats/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box/awstats via NGINX, by installing {{ nginx_conf_dir }}/awstats-nginx.conf from template
template:
src: awstats-nginx.conf
dest: "{{ nginx_conf_dir }}/" # /etc/nginx/conf.d
when: awstats_enabled | bool
- name: Disable http://box/awstats via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf
file:
path: "{{ nginx_conf_dir }}/awstats-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not awstats_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

11
roles/awstats/templates/awstats-nginx.conf
View file

@ -1,13 +1,13 @@
location ~ ^/awstats {
rewrite ^ /cgi-bin/awstats.pl;
rewrite ^ /cgi-bin/awstats.pl;
}
location ^~ /awstatsicons {
alias /usr/share/awstats/icon/;
access_log off;
alias /usr/share/awstats/icon/;
access_log off;
}
location ^~ /awstatsclasses {
alias /usr/share/java/awstats/;
access_log off;
alias /usr/share/java/awstats/;
access_log off;
}
location ~ ^/cgi-bin/.*\.(cgi|pl|py|rb) {
@ -21,4 +21,3 @@ location ~ ^/cgi-bin/.*\.(cgi|pl|py|rb) {
fastcgi_param X_SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REMOTE_USER $remote_user;
}

2
roles/azuracast/tasks/install.yml
View file

@ -73,6 +73,6 @@
- name: "Add 'azuracast_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^azuracast_installed'
line: 'azuracast_installed: True'

2
roles/bluetooth/tasks/install.yml
View file

@ -64,6 +64,6 @@
- name: "Add 'bluetooth_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^bluetooth_installed'
line: 'bluetooth_installed: True'

6
roles/calibre-web/README.rst
View file

@ -147,11 +147,11 @@ Known Issues
it's not a priority, as URL's like {http://192.168.0.x/books,
http://10.8.0.x/books, http://127.0.0.1/books and http://box/books} all work. |se| |nbsp| Marked as "wontfix" on 2018-09-12: `#1050 <https://github.com/iiab/iiab/issues/1050>`_
* Calibre-Web does not currently use version numbers, so glitches may
* |ss| Calibre-Web does not currently use version numbers, so glitches may
occasionally arise, when upstream developers change its master branch without
warning.
warning. |se|
* Imagemagick policy prevents generating thumbnails for PDF's during upload: `#1530 <https://github.com/iiab/iiab/issues/1530>`_ `janeczku/calibre-web#827 <https://github.com/janeczku/calibre-web/issues/827>`_
* |ss| Imagemagick policy prevents generating thumbnails for PDF's during upload: `#1530 <https://github.com/iiab/iiab/issues/1530>`_ `janeczku/calibre-web#827 <https://github.com/janeczku/calibre-web/issues/827>`_ |se|
* Upload of not supported file formats gives no feedback to the user: `janeczku/calibre-web#828 <https://github.com/janeczku/calibre-web/issues/828>`_

6
roles/calibre-web/defaults/main.yml
View file

@ -19,16 +19,16 @@ calibreweb_version: 0.6.5 # WAS: master, 0.6.4
calibreweb_venv_path: /usr/local/calibre-web
calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py"
# calibre-web folder to store configuration files.
# Config files put in:
calibreweb_config: "{{ calibreweb_home }}/config"
# calibre-web setup will be provisioned with default administrative account,
# Calibre-Web will be provisioned with default administrative account,
# metadata.db and language if /library/calibre-web/metadata.db does not exist.
# NOT CURRENTLY IN USE: calibreweb_provision: True
calibreweb_settings_database: app.db
calibreweb_database: metadata.db
# calibre-web system user
# Files owned by:
calibreweb_user: root
# UNUSED variables, as of March 2019:

12
roles/calibre-web/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache # http://box/books, http://box/libros, http://box/livres
command: a2ensite calibre-web.conf
when: calibreweb_enabled | bool
- name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
command: a2dissite calibre-web.conf
when: not calibreweb_enabled
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

85
roles/calibre-web/tasks/enable.yml
View file

@ -1,85 +0,0 @@
- name: Enable & Restart 'calibre-web' systemd service
systemd:
name: calibre-web
daemon_reload: yes
enabled: yes
state: restarted
when: calibreweb_enabled | bool
- name: Disable & Stop 'calibre-web' systemd service
systemd:
name: calibre-web
enabled: no
state: stopped
when: not calibreweb_enabled
# SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
# Apache
# i.e. http://box/books, http://box/libros, http://box/livres
- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
command: a2ensite calibre-web.conf
when: apache_install and calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
command: a2dissite calibre-web.conf
when: apache_install and not calibreweb_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
# NGINX
# TO DO: restore http://box/libros & http://box/livres, alongside English (#2195)
- name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_conf_dir }}/calibre-web-nginx.conf from template # http://box/books
template:
src: calibre-web-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
when: nginx_install and calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf
file:
path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
state: absent
when: nginx_install and not calibreweb_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: calibre-web
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre-Web
- option: description
value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
- option: calibreweb_url1
value: "{{ calibreweb_url1 }}"
- option: calibreweb_url2
value: "{{ calibreweb_url2 }}"
- option: calibreweb_url3
value: "{{ calibreweb_url3 }}"
- option: calibreweb_path
value: "{{ calibreweb_venv_path }}"
- option: calibreweb_home
value: "{{ calibreweb_home }}"
- option: calibreweb_port
value: "{{ calibreweb_port }}"
- option: calibreweb_database
value: "{{ calibreweb_database }}"
- option: calibreweb_enabled
value: "{{ calibreweb_enabled }}"

74
roles/calibre-web/tasks/install.yml
View file

@ -1,39 +1,36 @@
- name: Install ImageMagick package (debuntu)
- name: "Install ImageMagick package: imagemagick"
package:
name: imagemagick
state: present
when: is_debuntu | bool
- name: Allow ImageMagick to read PDFs (debuntu)
- name: Allow ImageMagick to read PDFs, per /etc/ImageMagick-6/policy.xml, to create book cover thumbnails
lineinfile:
path: /etc/ImageMagick-6/policy.xml
regexp: '<policy domain="coder" rights="none" pattern="PDF" />'
backrefs: yes
line: ' <policy domain="coder" rights="read" pattern="PDF" />'
state: present
when: is_debuntu | bool
- name: "Create 3 Calibre-Web folders to store data and configuration files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }}"
- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}, '0755')"
file:
path: "{{ item }}"
owner: "{{ calibreweb_user }}"
group: "{{ apache_user }}"
mode: '0755'
state: directory
path: "{{ item }}"
owner: "{{ calibreweb_user }}" # root
group: "{{ apache_user }}" # www-data on debuntu
mode: '0755'
with_items:
- "{{ calibreweb_home }}"
- "{{ calibreweb_venv_path }}"
- "{{ calibreweb_config }}"
- "{{ calibreweb_home }}" # /library/calibre-web
- "{{ calibreweb_venv_path }}" # /usr/local/calibre-web
- "{{ calibreweb_config }}" # /library/calibre-web/config
## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456
- name: Download Calibre-Web github repository to {{ calibreweb_venv_path }}
- name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }}
git:
repo: https://github.com/janeczku/calibre-web.git
dest: "{{ calibreweb_venv_path }}"
dest: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web
force: yes
#update: yes # not needed, as Ansible's default is to update
depth: 1
version: "{{ calibreweb_version }}"
version: "{{ calibreweb_version }}" # e.g. master, 0.6.5
when: internet_available | bool
## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed)
@ -45,31 +42,32 @@
# ignore_errors: True
##
# Implementing this with Ansible command module for now.
- name: Download Calibre-Web dependencies (using pip) into virtual environment
- name: Download Calibre-Web dependencies (using pip) into python2.7 virtual environment {{ calibreweb_venv_path }}
pip:
requirements: "{{ calibreweb_venv_path }}/requirements.txt"
virtualenv: "{{ calibreweb_venv_path }}"
virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web
virtualenv_site_packages: no
virtualenv_command: /usr/bin/virtualenv
virtualenv_python: python2.7
when: internet_available | bool
- name: Symlink {{ calibreweb_venv_path }}/vendor to {{ calibreweb_venv_path }}/lib/python2.7/site-packages to keep cps.py happy
# 2020-02-02: IS PYTHON 3 POSSIBLE ABOVE AND BELOW?
- name: Symlink {{ calibreweb_venv_path }}/vendor -> {{ calibreweb_venv_path }}/lib/python2.7/site-packages - to keep {{ calibreweb_venv_path }}/cps.py happy
file:
src: "{{ calibreweb_venv_path }}/lib/python2.7/site-packages"
dest: "{{ calibreweb_venv_path }}/vendor"
path: "{{ calibreweb_venv_path }}/vendor" # /usr/local/calibre-web
state: link
- name: Install unit file /etc/systemd/system/calibre-web.service & /etc/apache2/sites-available/calibre-web.conf for http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} from templates
- name: Install /etc/systemd/system/calibre-web.service from template
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
# owner: root
# group: root
# mode: '0644'
with_items:
- { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' }
- { src: 'calibre-web.conf.j2', dest: '/etc/apache2/sites-available/calibre-web.conf' }
src: calibre-web.service.j2
dest: /etc/systemd/system/calibre-web.service
- name: Install /etc/{{ apache_conf_dir }}/calibre-web.conf from template, for http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache # http://box/books, http://box/libros, http://box/livres
template:
src: calibre-web.conf.j2
dest: "/etc/{{ apache_conf_dir }}/calibre-web.conf" # apache2/sites-available on debuntu
when: apache_install | bool
- name: Does /library/calibre-web/metadata.db exist?
@ -77,12 +75,12 @@
path: /library/calibre-web/metadata.db
register: metadatadb
- name: Provision/Copy both default metadata files into /library/calibre-web IF metadata.db did not exist
- name: Provision/Copy both default metadata files (metadata.db, metadata_db_prefs_backup.json) into {{ calibreweb_home }} IF metadata.db did not exist
copy:
src: "{{ item }}"
dest: "{{ calibreweb_home }}"
owner: "{{ calibreweb_user }}"
group: "{{ apache_user }}"
dest: "{{ calibreweb_home }}" # /library/calibre-web
owner: "{{ calibreweb_user }}" # root
group: "{{ apache_user }}" # www-data on debuntu
mode: '0644'
backup: yes
with_items:
@ -91,12 +89,12 @@
when: not metadatadb.stat.exists
#when: calibreweb_provision | bool
- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist # {{ calibreweb_config }} is /library/calibre-web/config
- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist
copy:
src: roles/calibre-web/files/app.db
dest: "{{ calibreweb_config }}"
owner: "{{ calibreweb_user }}"
group: "{{ apache_user }}"
dest: "{{ calibreweb_config }}" # /library/calibre-web/config
owner: "{{ calibreweb_user }}" # root
group: "{{ apache_user }}" # www-data on debuntu
mode: '0644'
backup: yes
when: not metadatadb.stat.exists
@ -111,6 +109,6 @@
- name: "Add 'calibreweb_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^calibreweb_installed'
line: 'calibreweb_installed: True'

80
roles/calibre-web/tasks/main.yml
View file

@ -1,5 +1,77 @@
- include_tasks: install.yml
when: calibreweb_install and not calibreweb_installed is defined
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- include_tasks: enable.yml
when: calibreweb_install or calibreweb_installed is defined
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "calibreweb_install is sameas true" (boolean not string etc)
assert:
that: calibreweb_install is sameas true
fail_msg: "PLEASE SET 'calibreweb_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "calibreweb_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: calibreweb_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'calibreweb_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: calibreweb_installed is undefined
- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled
systemd:
name: calibre-web
daemon_reload: yes
enabled: yes
state: restarted
when: calibreweb_enabled | bool
- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled
systemd:
name: calibre-web
enabled: no
state: stopped
when: not calibreweb_enabled
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: calibre-web
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Calibre-Web
- option: description
value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."'
- option: calibreweb_url1
value: "{{ calibreweb_url1 }}"
- option: calibreweb_url2
value: "{{ calibreweb_url2 }}"
- option: calibreweb_url3
value: "{{ calibreweb_url3 }}"
- option: calibreweb_path
value: "{{ calibreweb_venv_path }}"
- option: calibreweb_home
value: "{{ calibreweb_home }}"
- option: calibreweb_port
value: "{{ calibreweb_port }}"
- option: calibreweb_database
value: "{{ calibreweb_database }}"
- option: calibreweb_enabled
value: "{{ calibreweb_enabled }}"

19
roles/calibre-web/tasks/nginx.yml Normal file
View file

@ -0,0 +1,19 @@
# TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195)
# RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
- name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_conf_dir }}/calibre-web-nginx.conf from template # http://box/books
template:
src: calibre-web-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
when: calibreweb_enabled | bool
- name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_conf_dir }}/calibre-web-nginx.conf
file:
path: "{{ nginx_conf_dir }}/calibre-web-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not calibreweb_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

3
roles/calibre-web/templates/calibre-web-nginx.conf.j2
View file

@ -1,3 +1,6 @@
# TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195)
# RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
location {{ calibreweb_url1 }}/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

2
roles/calibre/tasks/install.yml
View file

@ -93,6 +93,6 @@
- name: "Add 'calibre_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^calibre_installed'
line: 'calibre_installed: True'

8
roles/captiveportal/README.md
View file

@ -11,11 +11,13 @@
1. iiab-divert-to-nginx -- Bash script writes dnsmasq config file which points to IIAB server
1. iiab-make-cp-servers.py -- Python script writes nginx configuration file to /etc/nginx/sites-enabled
1. capture-wsgi.py -- the script which determines the client agent, records it in sqlite database, and responds with redirects as appropriate for each OS.
1. uwsgi-captiveportal.service -- systemd unit file which runs uwsgi which makes capture-wsgi.py available on port 9090.
1. captiveportal.ini.j2 -- config file for uwsgi service, which in turn runs the capture-wsgi.py script.
1. uwsgi.service -- systemd unit file which runs python3 programs --permits captive portal and admin-console python scripts to function.
## Extending and Debugging Captive Portal
* The python capture script can be run interactively in terminal (use systemctl stop uwsgi-captiveportal to free up the port). This will expose any python errors easily.
* Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/apache2/portal.log
* Running the capture-wsgi.py python script interactively will expose any python errors easily.
* The python capture script can be run interactively in terminal rather than automatically by uwsgi -- (use "systemctl stop uwsgi" to free up the port used by captive portal: 9090). The uwsgi service for captive portal grabs port 9090, and two programs cannot share the same port. NOTE: that while the uwsgi service is stopped, the admin-console will not function).
* Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/captiveportal/captiveportal.log
* To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
## Known Problems

2
roles/captiveportal/tasks/install.yml
View file

@ -61,6 +61,6 @@
- name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^captiveportal_installed'
line: 'captiveportal_installed: True'

2
roles/cups/tasks/main.yml
View file

@ -31,7 +31,7 @@
- name: "Add 'cups_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^cups_installed'
line: 'cups_installed: True'

12
roles/elgg/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box{{ elgg_url }} via Apache # http://box/elgg
command: a2ensite elgg.conf
when: elgg_enabled | bool
- name: Disable http://box{{ elgg_url }} via Apache # http://box/elgg
command: a2dissite elgg.conf
when: not elgg_enabled
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

52
roles/elgg/tasks/enable.yml
View file

@ -1,52 +0,0 @@
# Apache
- name: Enable http://box{{ elgg_url }} via Apache # http://box/elgg
command: a2ensite elgg.conf
when: apache_install and elgg_enabled
- name: Disable http://box{{ elgg_url }} via Apache # http://box/elgg
command: a2dissite elgg.conf
when: apache_install and not elgg_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
state: restarted
when: apache_enabled | bool
# NGINX
- name: "SHIM: Enable http://box{{ elgg_url }} via NGINX, by installing {{ nginx_conf_dir }}/elgg-nginx.conf from template" # http://box/elgg
template:
src: elgg-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/elgg-nginx.conf"
when: nginx_install and elgg_enabled
- name: "SHIM: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_conf_dir }}/elgg-nginx.conf" # http://box/elgg
file:
path: "{{ nginx_conf_dir }}/elgg-nginx.conf"
state: absent
when: nginx_install and not elgg_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'elgg' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: elgg
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Elgg
- option: description
value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."'
- option: path
value: /opt/elgg
- option: elgg_enabled
value: "{{ elgg_enabled }}"

20
roles/elgg/tasks/install.yml
View file

@ -1,5 +1,15 @@
# Assume we only get here if elgg_install: True
# Assume MySQL is running
# Assume (enforce!) we only get here if elgg_install: True
# Assume (enforce?) MySQL is running
# - name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
# set_fact:
# mysql_install: True
# mysql_enabled: True
#
# - name: MYSQL - run 'mysql' role (attempt to install & enable MySQL)
# include_role:
# name: mysql
- name: Download {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip to {{ downloads_dir }}
#shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }}
@ -88,6 +98,10 @@
dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
- name: Set up Elgg's MySQL database
include_tasks: setup.yml
# RECORD Elgg AS INSTALLED
- name: "Set 'elgg_installed: True'"
@ -96,6 +110,6 @@
- name: "Add 'elgg_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^elgg_installed'
line: 'elgg_installed: True'

56
roles/elgg/tasks/main.yml
View file

@ -1,11 +1,51 @@
- name: Install Elgg
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "elgg_install is sameas true" (boolean not string etc)
assert:
that: elgg_install is sameas true
fail_msg: "PLEASE SET 'elgg_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "elgg_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: elgg_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'elgg_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Install Elgg if 'elgg_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: elgg_install and not elgg_installed is defined
when: elgg_installed is undefined
- name: Provision DB
include_tasks: setup.yml
when: elgg_install and not installing
- name: Enable Elgg
include_tasks: enable.yml
when: elgg_install or elgg_installed is defined
#- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
#when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'elgg' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: elgg
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Elgg
- option: description
value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."'
- option: path
value: /opt/elgg
- option: elgg_enabled
value: "{{ elgg_enabled }}"

16
roles/elgg/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box{{ elgg_url }} via NGINX, by installing {{ nginx_conf_dir }}/elgg-nginx.conf from template # http://box/elgg
template:
src: elgg-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/elgg-nginx.conf" # /etc/nginx/conf.d
when: elgg_enabled | bool
- name: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_conf_dir }}/elgg-nginx.conf # http://box/elgg
file:
path: "{{ nginx_conf_dir }}/elgg-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not elgg_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

2
roles/gitea/README.rst
View file

@ -2,7 +2,7 @@
Gitea README
============
This Ansible role installs Gitea - a self-hosted Git service written in Go.
This Ansible role installs Gitea a self-hosted Git service written in Go.
Using It
--------

28
roles/gitea/defaults/main.yml
View file

@ -7,7 +7,8 @@
# Using @coolaj86's script as a template
# https://git.coolaj86.com/coolaj86/gitea-installer.sh
# Information needed to install Gitea
# Info needed to install Gitea:
gitea_version: 1.10.3
iset_suffixes:
i386: 386
@ -20,7 +21,7 @@ gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown')
gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}"
gitea_integrity_url: "{{ gitea_download_url }}.asc"
gitea_root_directory: /library/gitea
gitea_root_directory: "{{ content_base }}/gitea" # /library/gitea
gitea_subdirectories:
- bin
- custom
@ -31,19 +32,9 @@ gitea_subdirectories:
gitea_install_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}"
gitea_checksum_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}.asc"
gitea_link_path: "{{ gitea_root_directory }}/gitea"
# Information needed to verify Gitea
# Info needed to verify Gitea
gitea_gpg_key: 7C9E68152594688862D62AF62D9AE806EC1592E2
# Information needed to run Gitea
gitea_user: gitea
gitea_home: "/home/{{ gitea_user }}" # SSH credentials stored here
gitea_run_directory: "{{ gitea_root_directory }}"
gitea_url: /gitea
gitea_port: 61734 # leet for GITEA
# Data locations
gitea_db_path: "{{ gitea_root_directory }}/data/gitea.db"
gitea_repo_root: "{{ gitea_root_directory }}/data/repositories"
@ -55,3 +46,14 @@ gitea_log_root: "{{ gitea_root_directory }}/log"
# Extra configuration
gitea_display_name: Internet-in-a-Box Gitea
skip_install_screen: true # lowercase for Gitea's own /etc/gitea/app.ini
gitea_link_path: "{{ gitea_root_directory }}/gitea"
# Info needed to run Gitea:
gitea_user: gitea
gitea_home: "/home/{{ gitea_user }}" # SSH credentials stored here
gitea_run_directory: "{{ gitea_root_directory }}"
gitea_url: /gitea
gitea_port: 61734 # leet for GITEA

12
roles/gitea/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box{{ gitea_url }} via Apache # http://box/gitea
command: a2ensite gitea.conf
when: gitea_enabled | bool
- name: Disable http://box{{ gitea_url }} via Apache # http://box/gitea
command: a2dissite gitea.conf
when: not gitea_enabled
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

69
roles/gitea/tasks/enable.yml
View file

@ -1,69 +0,0 @@
- name: Enable & Restart 'gitea' systemd service
systemd:
name: gitea
daemon_reload: yes
enabled: yes
state: restarted
when: gitea_enabled | bool
- name: Disable & Restart 'gitea' systemd service
systemd:
name: gitea
enabled: no
state: stopped
when: not gitea_enabled
# Apache
- name: Enable http://box{{ gitea_url }} via Apache # i.e. http://box/gitea
command: a2ensite gitea.conf
when: apache_install and gitea_enabled
- name: Disable http://box{{ gitea_url }} via Apache
command: a2dissite gitea.conf
when: apache_install and not gitea_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
template:
src: gitea-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/gitea-nginx.conf"
when: nginx_install and gitea_enabled
- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
file:
path: "{{ nginx_conf_dir }}/gitea-nginx.conf"
state: absent
when: nginx_install and not gitea_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: gitea
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Gitea
- option: description
value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
- option: gitea_run_directory
value: "{{ gitea_run_directory }}"
- option: gitea_url
value: "{{ gitea_url }}"
- option: gitea_enabled
value: "{{ gitea_enabled }}"

27
roles/gitea/tasks/install.yml
View file

@ -1,4 +1,4 @@
# Prepare to install Gitea: create user and directory structure
# 1. Prepare to install Gitea: create user and directory structure
- name: Shut down existing Gitea instance (if we're reinstalling)
systemd:
@ -16,11 +16,11 @@
name: gitea
comment: Gitea daemon account
groups: gitea
home: "{{ gitea_home }}"
home: "{{ gitea_home }}" # /home/gitea
- name: Create Gitea directory structure
file:
path: "{{ gitea_root_directory }}/{{ item }}"
path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea
state: directory
owner: gitea
group: gitea
@ -28,21 +28,22 @@
- name: Make directories data, indexers, and log writable
file:
path: "{{ gitea_root_directory }}/{{ item }}"
path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea
mode: '0750'
with_items:
- data
- indexers
- log
# Download, verify, and link Gitea binary
# 2. Download, verify, and link Gitea binary
- name: Fail if we detect unknown architecture
fail:
msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
when: gitea_iset_suffix == "unknown"
- name: Download Gitea binary
- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }}
get_url:
url: "{{ gitea_download_url }}"
dest: "{{ gitea_install_path }}"
@ -69,14 +70,15 @@
group: gitea
state: link
# Configure Gitea
# 3. Configure Gitea
# For security reasons, the Gitea developers recommend removing group write
# permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of
# Gitea. User gitea needs write permissions during the first run but not
# subsequent runs.
- name: Create Gitea config directory
- name: mkdir /etc/gitea
file:
state: directory
path: /etc/gitea
@ -84,7 +86,7 @@
group: gitea
mode: '0770'
- name: Create app.ini
- name: Install /etc/gitea/app.ini from template
template:
src: app.ini.j2
dest: /etc/gitea/app.ini
@ -92,7 +94,8 @@
group: gitea
mode: '0664'
# Create systemd service & prepare Apache for http://box/gitea
# 4. Create systemd service & prepare Apache for http://box/gitea
- name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf"
template:
@ -103,7 +106,7 @@
- { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" }
# RECORD Gitea AS INSTALLED
# 5. RECORD Gitea AS INSTALLED
- name: "Set 'gitea_installed: True'"
set_fact:
@ -111,6 +114,6 @@
- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^gitea_installed'
line: 'gitea_installed: True'

72
roles/gitea/tasks/main.yml
View file

@ -1,7 +1,67 @@
- name: Install Gitea {{ gitea_version }} if gitea_install
include_tasks: install.yml
when: gitea_install and not (gitea_installed is defined)
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable Gitea {{ gitea_version }} if gitea_install
include_tasks: enable.yml
when: gitea_install or gitea_installed is defined
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "gitea_install is sameas true" (boolean not string etc)
assert:
that: gitea_install is sameas true
fail_msg: "PLEASE SET 'gitea_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "gitea_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: gitea_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'gitea_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: gitea_installed is undefined
- name: Enable & Restart 'gitea' systemd service, if gitea_enabled
systemd:
name: gitea
daemon_reload: yes
enabled: yes
state: restarted
when: gitea_enabled | bool
- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled
systemd:
name: gitea
enabled: no
state: stopped
when: not gitea_enabled
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml
section: gitea
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Gitea
- option: description
value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"'
- option: gitea_run_directory
value: "{{ gitea_run_directory }}"
- option: gitea_url
value: "{{ gitea_url }}"
- option: gitea_enabled
value: "{{ gitea_enabled }}"

16
roles/gitea/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template
template:
src: gitea-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/gitea-nginx.conf" # /etc/nginx/conf.d
when: gitea_enabled | bool
- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf
file:
path: "{{ nginx_conf_dir }}/gitea-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not gitea_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

2
roles/httpd/tasks/install.yml
View file

@ -149,6 +149,6 @@
- name: "Add 'apache_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^apache_installed'
line: 'apache_installed: True'

1
roles/httpd/templates/010-iiab.conf.j2
View file

@ -53,6 +53,7 @@ ServerTokens OS
# proxy_send_timeout 60s; # time to accept the request
# More background details on this ongoing Kiwix problem:
# https://github.com/iiab/iiab/pull/2063
# https://github.com/iiab/iiab/issues/2152
# https://github.com/kiwix/kiwix-tools/issues/345
#

5
roles/internetarchive/defaults/main.yml
View file

@ -6,5 +6,6 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
internetarchive_dir: '{{ iiab_base }}/internetarchive'
internetarchive_upgrade: False
internetarchive_dir: "{{ iiab_base }}/internetarchive" # /opt/iiab
# internetarchive_upgrade: False # 2020-02-04: No longer needed!?

12
roles/internetarchive/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable internetarchive.conf via Apache (for short URL http://box/archive eventually?) if internetarchive_enabled
command: a2ensite internetarchive.conf
when: internetarchive_enabled | bool
- name: Disable internetarchive.conf via Apache, if not internetarchive_enabled
command: a2dissite internetarchive.conf
when: not internetarchive_enabled
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

47
roles/internetarchive/tasks/enable.yml
View file

@ -1,47 +0,0 @@
- name: Create symlink internetarchive.conf from sites-enabled to sites-available, for short URL http://box/archive (if debuntu and internetarchive_enabled)
file:
src: /etc/apache2/sites-available/internetarchive.conf
path: /etc/apache2/sites-enabled/internetarchive.conf
state: link
when: is_debuntu and internetarchive_enabled
- name: Remove symlink /etc/apache2/sites-enabled/internetarchive.conf (if debuntu and not internetarchive_enabled)
file:
path: /etc/apache2/sites-enabled/internetarchive.conf
state: absent
when: is_debuntu and not internetarchive_enabled
# RESTART/ENABLE SYSTEMD SERVICE
- name: Disable 'internetarchive' systemd service (if not internetarchive_enabled)
systemd:
name: internetarchive
enabled: no
when: not internetarchive_enabled
- name: Enable & Restart 'internetarchive' systemd service (if internetarchive_enabled)
systemd:
name: internetarchive
daemon_reload: yes
enabled: yes
state: restarted
when: internetarchive_enabled | bool
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/archive (not just http://box:{{ internetarchive_port }})
systemd:
name: "{{ apache_service }}" # httpd or apache2
state: restarted
when: internetarchive_enabled | bool
- name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: internetarchive
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Internet Archive
- option: description
value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
- option: internetarchive_enabled
value: "{{ internetarchive_enabled }}"

37
roles/internetarchive/tasks/install.yml
View file

@ -5,16 +5,21 @@
nodejs_install: True
nodejs_enabled: True
- name: Install Node.JS
- name: NODEJS - run 'nodejs' role (attempt to install & enable Node.js)
include_role:
name: nodejs
- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x or 12.x
fail:
msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
when: (nodejs_version != "10.x") and (nodejs_version != "12.x")
- name: "Set 'yarn_install: True' and 'yarn_enabled: True'"
set_fact:
yarn_install: True
yarn_enabled: True
- name: Install Yarn
- name: YARN - run 'yarn' role (attempt to install & enable Yarn package manager)
include_role:
name: yarn
@ -23,40 +28,42 @@
name: libsecret-1-dev
state: present
# CREATE 2 DIRS & RUN YARN
- name: mkdir {{ internetarchive_dir }}
file:
path: "{{ internetarchive_dir }}" # /opt/iiab/internetarchive
state: directory
owner: "root"
path: "{{ internetarchive_dir }}" # /opt/iiab/internetarchive
# owner: root
- name: Run yarn install to get needed modules (CAN TAKE ~15 MINUTES)
- name: Run yarn install to populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~15 MINUTES)
shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror
args:
chdir: "{{ internetarchive_dir }}"
creates: "{{ internetarchive_dir }}/node_modules/@internetarchive/dweb-mirror/internetarchive"
when: internet_available | bool
register: internetarchive_installing
# register: internetarchive_installing
- name: mkdir /library/archiveorg
- name: mkdir {{ content_base }}/archiveorg
file:
path: "/library/archiveorg"
state: directory
owner: "root"
path: "{{ content_base }}/archiveorg" # /library
# owner: root
# CONFIG FILES
- name: "Install from templates: internetarchive.service (systemd), internetarchive.conf (Apache)"
- name: "Install from templates: /etc/systemd/system/internetarchive.service, /etc/{{ apache_conf_dir }}/internetarchive.conf"
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: '0644'
owner: root
group: root
# owner: root
# group: root
# mode: '0644'
with_items:
- { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' }
- { src: 'internetarchive.conf', dest: '/etc/apache2/sites-available/internetarchive.conf' }
- { src: 'internetarchive.conf', dest: '/etc/{{ apache_conf_dir }}/internetarchive.conf' } # apache2/sites-available
# RECORD Internet Archive AS INSTALLED
@ -67,6 +74,6 @@
- name: "Add 'internetarchive_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^internetarchive_installed'
line: 'internetarchive_installed: True'

105
roles/internetarchive/tasks/main.yml
View file

@ -1,32 +1,93 @@
# We need a recent version of node
- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x or 12.x
fail:
msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
when: internetarchive_install and (nodejs_version != "10.x") and (nodejs_version != "12.x")
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Install Yarn and Internet Archive
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "internetarchive_install is sameas true" (boolean not string etc)
assert:
that: internetarchive_install is sameas true
fail_msg: "PLEASE SET 'internetarchive_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "internetarchive_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: internetarchive_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'internetarchive_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
#- name: Set --reinstall fact
# set_fact:
# internetarchive_upgrade: True
# when: reinstall is defined
- block: # UPDATE IF... internetarchive_installed is defined and internet_available
- name: Stop 'internetarchive' systemd service, if internetarchive_upgrade
systemd:
name: internetarchive
daemon_reload: yes
state: stopped
#when: internetarchive_enabled and internetarchive_upgrade
- name: Update pre-existing install (yarn upgrade) if internetarchive_upgrade
shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade
args:
chdir: "{{ internetarchive_dir }}"
#when: internetarchive_enabled and internetarchive_upgrade
when: internetarchive_installed is defined and internet_available # END BLOCK
# "ELSE" INSTALL...
- name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: internetarchive_install and not internetarchive_installed is defined
when: internetarchive_installed is undefined and internet_available
- name: Set --reinstall fact
set_fact:
internetarchive_upgrade: True
when: reinstall is defined
# STOP SYSTEMD SERVICE
- name: Stop 'internetarchive' systemd service
# ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ?
- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled
systemd:
name: internetarchive
daemon_reload: yes
enabled: yes
state: restarted
when: internetarchive_enabled | bool
- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled
systemd:
name: internetarchive
enabled: no
state: stopped
when: internetarchive_enabled and internetarchive_upgrade
when: not internetarchive_enabled
- name: 'Update pre-existing install: yarn upgrade'
shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade
args:
chdir: "{{ internetarchive_dir }}"
when: internetarchive_enabled and internetarchive_upgrade
#- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
#when: not nginx_enabled
- name: Enable Internet Archive
include_tasks: enable.yml
when: internetarchive_install or internetarchive_installed is defined
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'internetarchive' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: internetarchive
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Internet Archive
- option: description
value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"'
- option: internetarchive_install
value: "{{ internetarchive_install }}"
- option: internetarchive_enabled
value: "{{ internetarchive_enabled }}"

16
roles/internetarchive/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box/archive via NGINX, by installing {{ nginx_conf_dir }}/internetarchive-nginx.conf from template
template:
src: internetarchive-nginx.conf.j2 # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/internetarchive-nginx.conf" # /etc/nginx/conf.d
when: internetarchive_enabled | bool
- name: Disable http://box/archive via NGINX, by removing {{ nginx_conf_dir }}/internetarchive-nginx.conf
file:
path: "{{ nginx_conf_dir }}/internetarchive-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not internetarchive_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

2
roles/internetarchive/templates/internetarchive-nginx.conf.j2 Normal file
View file

@ -0,0 +1,2 @@
# 2020-02-04: Let's try to get http://box/archive working with NGINX, using
# this file. BACKGROUND: https://github.com/iiab/iiab/pull/2120

2
roles/kalite/tasks/setup.yml
View file

@ -27,6 +27,6 @@
- name: "Add 'kalite_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^kalite_installed'
line: 'kalite_installed: True'

2
roles/kiwix/defaults/main.yml
View file

@ -38,3 +38,5 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# - NEW WAY: cd /opt/iiab/iiab; ./runrole --reinstall kiwix
# - OLD WAY: rm /opt/iiab/kiwix/bin/kiwix-serve; cd /opt/iiab/iiab; ./runrole kiwix
kiwix_force_install: False
kiwix_nginx_timeout: 600
kiwix_threads: 4

2
roles/kiwix/tasks/install.yml
View file

@ -93,6 +93,6 @@
- name: "Add 'kiwix_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^kiwix_installed'
line: 'kiwix_installed: True'

9
roles/kiwix/templates/kiwix-nginx.conf
View file

@ -1,3 +1,12 @@
location /kiwix {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_connect_timeout {{ kiwix_nginx_timeout }};
proxy_send_timeout {{ kiwix_nginx_timeout }};
proxy_read_timeout {{ kiwix_nginx_timeout }};
send_timeout {{ kiwix_nginx_timeout }};
proxy_pass http://127.0.0.1:3000;
}

2
roles/kiwix/templates/kiwix-serve.service.j2
View file

@ -4,7 +4,7 @@ After=syslog.target network.target local-fs.target
[Service]
Type=forking
ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }}
ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }} --threads {{ kiwix_threads }}
TimeoutStartSec=180
Restart=on-abort
RestartSec=5s

12
roles/kolibri/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box{{ kolibri_url }} via Apache # http://box/kolibri
command: a2ensite kolibri.conf
when: kolibri_enabled | bool
- name: Disable http://box{{ kolibri_url }} via Apache # http://box/kolibri
command: a2dissite kolibri.conf
when: not kolibri_enabled
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

71
roles/kolibri/tasks/enable.yml
View file

@ -1,71 +0,0 @@
- name: Enable & Start 'kolibri' systemd service
systemd:
name: kolibri
daemon_reload: yes
enabled: yes
state: started
when: kolibri_enabled | bool
- name: Disable & Stop 'kolibri' systemd service
systemd:
name: kolibri
enabled: no
state: stopped
when: not kolibri_enabled
# Apache
- name: Enable http://box{{ kolibri_url }} via Apache # i.e. http://box/kolibri
command: a2ensite kolibri.conf
when: apache_install and kolibri_enabled
- name: Disable http://box{{ kolibri_url }} via Apache
command: a2dissite kolibri.conf
when: apache_install and not kolibri_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template
template:
src: kolibri-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/kolibri-nginx.conf"
when: nginx_install and kolibri_enabled
- name: Disable http://box{{ kolibri_url }} via NGINX, by removing {{ nginx_conf_dir }}/kolibri-nginx.conf
file:
path: "{{ nginx_conf_dir }}/kolibri-nginx.conf"
state: absent
when: nginx_install and not kolibri_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini
ini_file:
path: "{{ iiab_ini_file }}"
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: kolibri
- option: description
value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
- option: kolibri_url
value: "{{ kolibri_url }}"
- option: kolibri_path
value: "{{ kolibri_exec_path }}"
- option: kolibri_port
value: "{{ kolibri_http_port }}"
- option: kolibri_enabled
value: "{{ kolibri_enabled }}"

43
roles/kolibri/tasks/install.yml
View file

@ -9,37 +9,37 @@
system: yes
create_home: no
- name: Create {{ kolibri_home }} (for Kolibri content, configuration, sqlite3 databases)
- name: Create directory {{ kolibri_home }} for Kolibri content, configuration, sqlite3 databases ({{ kolibri_user }}:{{ apache_user }}, '0755')
file:
state: directory
path: "{{ kolibri_home }}" # /library/kolibri
owner: "{{ kolibri_user }}" # kolibri
group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian)
mode: 0755
state: directory
mode: '0755'
- name: Create /etc/kolibri
- name: Create directory /etc/kolibri
file:
name: /etc/kolibri
state: directory
owner: root
group: root
mode: 0755
name: /etc/kolibri
# owner: root
# group: root
# mode: '0755'
- name: Save kolibri_user ({{ kolibri_user }}) to /etc/kolibri/username
copy:
content: "{{ kolibri_user }}"
dest: /etc/kolibri/username
owner: root
group: root
mode: 0644
# owner: root
# group: root
# mode: '0644'
- name: Save kolibri_home (KOLIBRI_HOME="{{ kolibri_home }}") to /etc/kolibri/daemon.conf
copy:
content: 'KOLIBRI_HOME="{{ kolibri_home }}"'
dest: /etc/kolibri/daemon.conf
owner: root
group: root
mode: 0644
# owner: root
# group: root
# mode: '0644'
- name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri
apt:
@ -49,22 +49,21 @@
KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later
when: internet_available | bool
- name: 'Install from templates: kolibri.service unit file for systemd & sites-available/kolibri.conf for Apache'
- name: 'Install from templates: /etc/systemd/system/kolibri.service & /etc/{{ apache_conf_dir }}/kolibri.conf'
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
# owner: root
# group: root
# mode: '0644'
with_items:
- { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service' }
- { src: 'kolibri.conf.j2', dest: '/etc/apache2/sites-available/kolibri.conf' }
- { src: 'kolibri.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kolibri.conf' } # apache2/sites-available
- name: Enable 'kolibri' systemd service (for reboots) but ensure it's stopped for Kolibri provisioning
- name: Stop 'kolibri' systemd service, for Kolibri provisioning (after daemon_reload)
systemd:
name: kolibri
daemon_reload: yes
enabled: yes
state: stopped
@ -122,6 +121,6 @@
- name: "Add 'kolibri_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^kolibri_installed'
line: 'kolibri_installed: True'

79
roles/kolibri/tasks/main.yml
View file

@ -1,7 +1,74 @@
- name: Install Kolibri
include_tasks: install.yml
when: kolibri_install and not kolibri_installed is defined
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable Kolibri
include_tasks: enable.yml
when: kolibri_install or kolibri_installed is defined
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "kolibri_install is sameas true" (boolean not string etc)
assert:
that: kolibri_install is sameas true
fail_msg: "PLEASE SET 'kolibri_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "kolibri_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: kolibri_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'kolibri_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
#- name: "Set 'kolibri_provision: False' for a more lightweight (re)install"
# set_fact:
# kolibri_provision: False
# when: ???
- name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: kolibri_installed is undefined
- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled
systemd:
name: kolibri
daemon_reload: yes
enabled: yes
state: started
when: kolibri_enabled | bool
- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled
systemd:
name: kolibri
enabled: no
state: stopped
when: not kolibri_enabled
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kolibri
- option: description
value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
- option: kolibri_url
value: "{{ kolibri_url }}"
- option: kolibri_path
value: "{{ kolibri_exec_path }}"
- option: kolibri_port
value: "{{ kolibri_http_port }}"
- option: kolibri_enabled
value: "{{ kolibri_enabled }}"

16
roles/kolibri/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template # http://box/kolibri
template:
src: kolibri-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/kolibri-nginx.conf" # /etc/nginx/conf.d
when: kolibri_enabled | bool
- name: Disable http://box{{ kolibri_url }} via NGINX, by removing {{ nginx_conf_dir }}/kolibri-nginx.conf # http://box/kolibri
file:
path: "{{ nginx_conf_dir }}/kolibri-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not kolibri_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

2
roles/lokole/tasks/apache.yml
View file

@ -6,7 +6,7 @@
command: a2dissite lokole.conf
when: not lokole_enabled
- name: Restart '{{ apache_service }}' systemd service
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

2
roles/lokole/tasks/install.yml
View file

@ -100,6 +100,6 @@
- name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^lokole_installed'
line: 'lokole_installed: True'

6
roles/lokole/tasks/main.yml
View file

@ -19,12 +19,12 @@
quiet: yes
- name: Install Lokole {{ lokole_version }} if lokole_installed is not defined
- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: lokole_installed is undefined
- name: Enable & Restart 'lokole' systemd service
- name: Enable & Restart 'lokole' systemd service, if lokole_enabled
systemd:
name: lokole
daemon_reload: yes
@ -32,7 +32,7 @@
state: restarted
when: lokole_enabled | bool
- name: Disable & Stop 'lokole' systemd service
- name: Disable & Stop 'lokole' systemd service, if not lokole_enabled
systemd:
name: lokole
enabled: no

4
roles/lokole/tasks/nginx.yml
View file

@ -1,10 +1,10 @@
- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template" # http://box/lokole
- name: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template # http://box/lokole
template:
src: lokole-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/lokole-nginx.conf" # /etc/nginx/conf.d
when: lokole_enabled | bool
- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf" # http://box/lokole
- name: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf # http://box/lokole
file:
path: "{{ nginx_conf_dir }}/lokole-nginx.conf" # /etc/nginx/conf.d
state: absent

2
roles/mediawiki/defaults/main.yml
View file

@ -29,4 +29,4 @@ mediawiki_abs_path: "{{ mediawiki_install_path }}/mediawiki-{{ mediawiki_version
mediawiki_url: /wiki
mediawiki_url2: /mediawiki
mediawiki_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ mediawiki_url }}" # http://box.lan/wiki
mediawiki_symlink: w # can also be mwlink. NO slashes as they are suppplied as needed in the code
mediawiki_symlink: w # Can also be mwlink. NO slashes as they are supplied as needed in the code

12
roles/mediawiki/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box{{ mediawiki_url }} via Apache # http://box/wiki
command: a2ensite mediawiki.conf
when: mediawiki_enabled | bool
- name: Disable http://box{{ mediawiki_url }} via Apache # http://box/wiki
command: a2dissite mediawiki.conf
when: not mediawiki_enabled
- name: Restart '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

62
roles/mediawiki/tasks/enable.yml
View file

@ -1,62 +0,0 @@
# Apache
- name: Enable http://box{{ mediawiki_url }} via Apache # i.e. http://box/wiki
command: a2ensite mediawiki.conf
when: apache_install and mediawiki_enabled
- name: Disable http://box{{ mediawiki_url }} via Apache
command: a2dissite mediawiki.conf
when: apache_install and not mediawiki_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by installing {{ nginx_conf_dir }}/mediawiki-nginx.conf from template
template:
src: mediawiki-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/mediawiki-nginx.conf"
when: nginx_install and mediawiki_enabled
- name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_conf_dir }}/mediawiki-nginx.conf
file:
path: "{{ nginx_conf_dir }}/mediawiki-nginx.conf"
state: absent
when: nginx_install and not mediawiki_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: mediawiki
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MediaWiki
- option: description
value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
- option: mediawiki_src
value: "{{ mediawiki_src }}"
- option: mediawiki_abs_path
value: "{{ mediawiki_abs_path }}"
- option: mediawiki_db_name
value: "{{ mediawiki_db_name }}"
- option: mediawiki_db_user
value: "{{ mediawiki_db_user }}"
- option: mediawiki_url
value: "{{ mediawiki_url }}"
- option: mediawiki_full_url
value: "{{ mediawiki_full_url }}"
- option: mediawiki_enabled
value: "{{ mediawiki_enabled }}"

34
roles/mediawiki/tasks/install.yml
View file

@ -8,43 +8,43 @@
- name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }}
get_url:
url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}"
dest: "{{ downloads_dir }}"
dest: "{{ downloads_dir }}" # /opt/iiab/downloads
timeout: "{{ download_timeout }}"
#force: yes
#backup: yes
when: internet_available | bool
- name: Unpack it to permanent location {{ mediawiki_abs_path }}
- name: Unarchive (unpack) it to permanent location {{ mediawiki_abs_path }} ({{ apache_user }}:{{ apache_user }}, u+rw,g+r,o+r)
unarchive:
src: "{{ downloads_dir }}/{{ mediawiki_src }}"
dest: "{{ mediawiki_install_path }}"
dest: "{{ mediawiki_install_path }}" # /library
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: u+rw,g+r,o+r # '0755' forced executable bits on files
keep_newer: yes
- name: Create symlink {{ doc_root }}/{{ mediawiki_symlink }} -> {{ mediawiki_abs_path }}
- name: Symlink {{ doc_root }}/{{ mediawiki_symlink }} -> {{ mediawiki_abs_path }}
file:
src: "{{ mediawiki_abs_path }}"
path: "{{ doc_root }}/{{ mediawiki_symlink }}"
src: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z
path: "{{ doc_root }}/{{ mediawiki_symlink }}" # /library/www/html/w
state: link
- name: Start MySQL systemd service ({{ mysql_service }}) so we can create db
systemd:
state: started
name: "{{ mysql_service }}"
state: started
- name: Create MySQL database {{ mediawiki_db_name }}
mysql_db:
name: "{{ mediawiki_db_name }}"
state: present
name: "{{ mediawiki_db_name }}" # iiab_mediawiki
#state: present
- name: Create MySQL database user {{ mediawiki_db_user }} with password, and permissions to above db
mysql_user:
name: "{{ mediawiki_db_user }}"
name: "{{ mediawiki_db_user }}" # iiab_mediawiki_user
password: "{{ mediawiki_db_user_password }}"
priv: "{{ mediawiki_db_name }}.*:ALL,GRANT"
state: present
#state: present
- name: Configure MediaWiki, if {{ mediawiki_abs_path }}/LocalSettings.php doesn't exist
shell: >
@ -61,29 +61,29 @@
"{{ mediawiki_site_name }}"
"{{ mediawiki_admin_user }}"
args:
chdir: "{{ mediawiki_abs_path }}"
chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z
creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
- name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
lineinfile:
dest: "{{ mediawiki_abs_path }}/LocalSettings.php"
path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z
line: '$wgArticlePath = "/wiki/$1";'
- name: Configure $wgUsePathInfo variable in {{ mediawiki_abs_path }}/LocalSettings.php
lineinfile:
dest: "{{ mediawiki_abs_path }}/LocalSettings.php"
path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z
line: '$wgUsePathInfo = true;'
- name: Configure $wgServer variable in {{ mediawiki_abs_path }}/LocalSettings.php
lineinfile:
dest: "{{ mediawiki_abs_path }}/LocalSettings.php"
path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z
regexp: '^\$wgServer ='
line: '$wgServer = "//" . $_SERVER["HTTP_HOST"];'
- name: Install /etc/{{ apache_conf_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache
template:
src: mediawiki.conf.j2
dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"
dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf" # apache2/sites-available on debuntu
# RECORD MediaWiki AS INSTALLED
@ -94,6 +94,6 @@
- name: "Add 'mediawiki_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^mediawiki_installed'
line: 'mediawiki_installed: True'

65
roles/mediawiki/tasks/main.yml
View file

@ -1,7 +1,60 @@
- name: Install MediaWiki {{ mediawiki_version }}
include_tasks: install.yml
when: mediawiki_install and not mediawiki_installed is defined
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable MediaWiki
include_tasks: enable.yml
when: mediawiki_install or mediawiki_installed is defined
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "mediawiki_install is sameas true" (boolean not string etc)
assert:
that: mediawiki_install is sameas true
fail_msg: "PLEASE SET 'mediawiki_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "mediawiki_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: mediawiki_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'mediawiki_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mediawiki_installed is undefined
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mediawiki
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MediaWiki
- option: description
value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."'
- option: mediawiki_src
value: "{{ mediawiki_src }}"
- option: mediawiki_abs_path
value: "{{ mediawiki_abs_path }}"
- option: mediawiki_db_name
value: "{{ mediawiki_db_name }}"
- option: mediawiki_db_user
value: "{{ mediawiki_db_user }}"
- option: mediawiki_url
value: "{{ mediawiki_url }}"
- option: mediawiki_full_url
value: "{{ mediawiki_full_url }}"
- option: mediawiki_enabled
value: "{{ mediawiki_enabled }}"

16
roles/mediawiki/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by installing {{ nginx_conf_dir }}/mediawiki-nginx.conf from template # http://box/wiki & http://box/mediawiki
template:
src: mediawiki-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/mediawiki-nginx.conf" # /etc/nginx.conf.d
when: mediawiki_enabled | bool
- name: Disable http://box{{ mediawiki_url }} & http://box{{ mediawiki_url2 }} via NGINX, by removing {{ nginx_conf_dir }}/mediawiki-nginx.conf # http://box/wiki & http://box/mediawiki
file:
path: "{{ nginx_conf_dir }}/mediawiki-nginx.conf" # /etc/nginx.conf.d
state: absent
when: not mediawiki_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

2
roles/minetest/tasks/provision.yml
View file

@ -78,6 +78,6 @@
- name: "Add 'minetest_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^minetest_installed'
line: 'minetest_installed: True'

2
roles/mongodb/tasks/install.yml
View file

@ -135,6 +135,6 @@
- name: "Add 'mongodb_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^mongodb_installed'
line: 'mongodb_installed: True'

59
roles/mongodb/tasks/main.yml
View file

@ -18,42 +18,37 @@
fail_msg: "PLEASE GIVE VARIABLE 'mongodb_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: EXIT MONGODB PLAYBOOK, IF DEBIAN 10+ (where MongoDB doesn't exist)
meta: end_play
when: (is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)
- debug:
var: mongodb_install
- debug:
var: mongodb_enabled
- debug:
var: mongodb_installed
- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mongodb_installed is undefined
- debug:
var: is_debian
- debug:
var: is_raspbian
- name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian and not is_raspbian' i.e. TRUE DEBIAN (where MongoDB no longer exists)
fail: # FORCE IT RED THIS ONCE!
msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN, which is no longer supported. Nevertheless IIAB will continue (consider this a warning!)
when: is_debian and not is_raspbian
#when: (is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9) # Test for Debian 10+
ignore_errors: yes
- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
systemd:
name: mongodb
daemon_reload: yes
enabled: yes
state: restarted
when: mongodb_enabled | bool
# ELSE...
- name: Disable 'mongodb' service, if not mongodb_enabled
systemd:
name: mongodb
enabled: no
state: stopped
when: not mongodb_enabled
- name: Install/Enable/Disable/Record MongoDB (main2.yml) if is_raspbian or not is_debian, i.e. not True Debian
include_tasks: main2.yml
when: is_raspbian or not is_debian
# THE block: APPROACH BELOW WORKS JUST LIKE main2.yml ABOVE.
# BUT IT VISUALLY POLLUTES: MANY BLUE "skipping:" MESSAGES IN ANSIBLE'S OUTPUT.
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: enabled
value: "{{ mongodb_enabled }}"
# - block: # ENTIRE BLOCK CONDITIONED ON 'when: is_raspbian or not is_debian'
#
# [MOVED TO main2.yml]
#
# when: is_raspbian or not is_debian # CONDITION FOR ENTIRE ABOVE block:

34
roles/mongodb/tasks/main2.yml Normal file
View file

@ -0,0 +1,34 @@
- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mongodb_installed is undefined
- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?)
systemd:
name: mongodb
daemon_reload: yes
enabled: yes
state: restarted
when: mongodb_enabled | bool
- name: Disable & Stop 'mongodb' service, if not mongodb_enabled
systemd:
name: mongodb
enabled: no
state: stopped
when: not mongodb_enabled
- name: Add 'mongodb' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: enabled
value: "{{ mongodb_enabled }}"

2
roles/monit/tasks/install.yml
View file

@ -63,6 +63,6 @@
- name: "Add 'monit_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^monit_installed'
line: 'monit_installed: True'

12
roles/moodle/tasks/apache.yml Normal file
View file

@ -0,0 +1,12 @@
- name: Enable http://box/moodle via Apache
command: a2ensite 022-moodle.conf
when: moodle_enabled | bool
- name: Disable http://box/moodle via Apache
command: a2dissite 022-moodle.conf
when: not moodle_enabled
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

67
roles/moodle/tasks/enable.yml
View file

@ -1,67 +0,0 @@
- name: Enable 'postgresql-iiab' systemd service, if moodle_enabled
systemd:
name: postgresql-iiab
state: started
enabled: yes
when: moodle_enabled
# if the only service using the backend db disable if not running
- name: Disable 'postgresql-iiab' systemd service, if not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
systemd:
name: postgresql-iiab
state: stopped
enabled: no
when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
# Apache
- name: Enable http://box/moodle via Apache
command: a2ensite 022-moodle.conf
when: apache_install and moodle_enabled
- name: Disable http://box/moodle via Apache
command: a2dissite 022-moodle.conf
when: apache_install and not moodle_enabled
- name: Restart '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box/moodle via NGINX, by installing {{ nginx_conf_dir }}/moodle-nginx.conf from template
template:
src: moodle-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/moodle-nginx.conf"
when: nginx_install and moodle_enabled
- name: Disable http://box/moodle via NGINX, by removing {{ nginx_conf_dir }}/moodle-nginx.conf
file:
path: "{{ nginx_conf_dir }}/moodle-nginx.conf"
state: absent
when: nginx_install and not moodle_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'moodle' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: moodle
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Moodle
- option: description
value: '"Access the Moodle learning management system."'
- option: "moodle_base"
value: "{{ moodle_base }}"
- option: moodle_enabled
value: "{{ moodle_enabled }}"

62
roles/moodle/tasks/install.yml
View file

@ -1,19 +1,13 @@
- debug:
var: postgresql_install
- debug:
var: postgresql_enabled
- debug:
var: postgresql_installed
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
set_fact:
postgresql_install: True
postgresql_enabled: True
- name: POSTGRESQL - run the 'postgresql' role
- name: POSTGRESQL - run 'postgresql' role (attempt to install & enable PostgreSQL)
include_role:
name: postgresql
- name: "Install packages: python-psycopg2, php-pgsql (OS's other than debuntu)"
package:
name:
@ -35,22 +29,22 @@
state: present
when: is_debuntu | bool
- name: "Install package: php{{ php_version }}-zip (ubuntu or debian-9+)"
- name: "Install package: php{{ php_version }}-zip (Ubuntu or Debian 9+)"
package:
name: "php{{ php_version }}-zip"
when: is_ubuntu or (is_debian and not is_debian_8)
- name: "Install package: php-pclzip (debian-8)"
package:
name: php-pclzip
when: is_debian_8 | bool
# - name: "Install package: php-pclzip (debian-8)"
# package:
# name: php-pclzip
# when: is_debian_8 | bool
- name: Determine if Moodle is already downloaded
- name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed)
stat:
path: "{{ moodle_base }}/config-dist.php"
register: moodle
- name: Download the latest Moodle repo
- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }}
git:
repo: "{{ moodle_repo_url }}"
dest: "{{ moodle_base }}"
@ -63,32 +57,32 @@
- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?)
file:
state: directory
path: "{{ moodle_base }}"
owner: "{{ apache_user }}"
recurse: yes
state: directory
- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }}
file:
state: directory
path: "{{ content_base }}/dbdata/moodle"
owner: "{{ apache_user }}"
# mode: '0755'
state: directory
- name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770 # /library/moodle
- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}, '0770') # /library/moodle
file:
state: directory
path: "{{ moodle_data }}"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0770'
state: directory
- name: Remove Apache's stock moodle.conf
- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf
file:
path: "/etc/{{ apache_conf_dir }}/moodle.conf"
state: absent
- name: Install Apache's 022-moodle.conf from template, if moodle_enabled
- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template
template:
src: 022-moodle.j2
dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf"
@ -96,10 +90,10 @@
# group: root
# mode: '0644'
- name: Restart postgresql-iiab
service:
- name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB
systemd:
name: postgresql-iiab
state: restarted
state: started
- name: Create PostgreSQL db user Admin/changeme
postgresql_user:
@ -121,21 +115,21 @@
become: yes
become_user: postgres
- name: Install {{ moodle_base }}/moodle_installer from template
- name: Install {{ moodle_base }}/moodle_installer from template ('0755')
template:
src: moodle_installer
dest: "{{ moodle_base }}"
mode: '0755'
- name: Enable & Restart postgresql-iiab
service:
- name: (Re)Start 'postgresql-iiab' systemd service
systemd:
name: postgresql-iiab
state: restarted
enabled: yes
when: moodle_enabled | bool
#enabled: yes
#when: moodle_enabled | bool
- name: Restart Apache systemd service ({{ apache_service }})
service:
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}"
state: restarted
@ -148,10 +142,10 @@
shell: "{{ moodle_base }}/moodle_installer"
when: config.stat.exists is defined and not config.stat.exists
- name: Give read permission 0644 to {{ moodle_base }}/config.php # /opt/iiab/moodle/config.php
- name: Make {{ moodle_base }}/config.php readable, with permission '0644'
#command: chown -R {{ apache_user }} {{ moodle_base }}
file:
path: "{{ moodle_base }}/config.php"
path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle
mode: '0644'
@ -163,6 +157,6 @@
- name: "Add 'moodle_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^moodle_installed'
line: 'moodle_installed: True'

87
roles/moodle/tasks/main.yml
View file

@ -1,7 +1,82 @@
- name: "Install Moodle"
include_tasks: install.yml
when: moodle_install and not moodle_installed is defined
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: Enable Moodle
include_tasks: enable.yml
when: moodle_install or moodle_installed is defined
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "moodle_install is sameas true" (boolean not string etc)
assert:
that: moodle_install is sameas true
fail_msg: "PLEASE SET 'moodle_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "moodle_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: moodle_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'moodle_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: moodle_installed is undefined
# - name: Enable 'postgresql-iiab' systemd service, if moodle_enabled
# systemd:
# name: postgresql-iiab
# deamon_reload: yes
# state: started
# enabled: yes
# when: moodle_enabled | bool
#
# # if the only service using the backend db disable if not running
# - name: Disable 'postgresql-iiab' systemd service, if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'
# systemd:
# name: postgresql-iiab
# state: stopped
# enabled: no
# when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
- name: "Set 'postgresql_enabled: True' if moodle_enabled"
set_fact:
postgresql_enabled: True
when: moodle_enabled | bool
- name: "Set 'postgresql_enabled: False' if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'"
set_fact:
postgresql_enabled: False
when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL)
include_role:
name: postgresql
#- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
#when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool
- name: Add 'moodle' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: moodle
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Moodle
- option: description
value: '"Access the Moodle learning management system."'
- option: "moodle_base"
value: "{{ moodle_base }}"
- option: moodle_enabled
value: "{{ moodle_enabled }}"

16
roles/moodle/tasks/nginx.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Enable http://box/moodle via NGINX, by installing {{ nginx_conf_dir }}/moodle-nginx.conf from template
template:
src: moodle-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/moodle-nginx.conf" # /etc/nginx/conf.d
when: moodle_enabled | bool
- name: Disable http://box/moodle via NGINX, by removing {{ nginx_conf_dir }}/moodle-nginx.conf
file:
path: "{{ nginx_conf_dir }}/moodle-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not moodle_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

2
roles/mosquitto/tasks/install.yml
View file

@ -38,6 +38,6 @@
- name: "Add 'mosquitto_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^mosquitto_installed'
line: 'mosquitto_installed: True'

2
roles/munin/tasks/apache.yml
View file

@ -6,7 +6,7 @@
command: a2dissite munin24.conf
when: not munin_enabled
- name: Restart '{{ apache_service }}' systemd service
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

2
roles/munin/tasks/install.yml
View file

@ -57,6 +57,6 @@
- name: "Add 'munin_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^munin_installed'
line: 'munin_installed: True'

183
roles/mysql/tasks/install.yml Normal file
View file

@ -0,0 +1,183 @@
# Stanzas as of 2020-02-04:
#
# - 4 base install
# - Remove the last 3 above, as CentOS & Fedora no longer supported ?
# - 6 double timeout for slow CPUs
# - 7 DB config
# - 2 record as installed
- name: 'Install MySQL packages: mariadb-server, mariadb-client, and 9 php packages (debuntu)'
package:
name:
- mariadb-server
- mariadb-client
- php{{ php_version }}
- php{{ php_version }}-mysql
- php-pear
- php{{ php_version }}-gd
- php{{ php_version }}-imap
- php{{ php_version }}-ldap
- php{{ php_version }}-odbc
- php{{ php_version }}-xml # Was below
- php{{ php_version }}-xmlrpc
state: present
when: is_debuntu | bool
# - name: Install package 'php{{ php_version }}-xml' (debuntu) # WAS: (ubuntu or debian 9+)
# package:
# name: "php{{ php_version }}-xml"
# state: present
# when: is_debuntu | bool
# #when: is_ubuntu or (is_debian and not is_debian_8)
#- name: Install php-xml-parser (debian-8)
# package:
# name: php-xml-parser
# state: present
# when: is_debian_8 | bool
- name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
package:
name:
- MySQL-python
- mysql
- php
- php-mysql
- php-pear
- php-gd
- php-imap
- php-ldap
- php-odbc
- php-xml
- php-xmlrpc
state: present
when: not is_debuntu
- include_tasks: centos.yml
when: ansible_distribution == "CentOS"
- include_tasks: fedora.yml
when: ansible_distribution == "Fedora"
# 2019-07-03 @jvonau @holta: the next 50 lines (6 stanzas) double MariaDB's
# default boot timeout (90s to 180s) for slow CPUs like this Ubuntu 18.04.2 VM:
# https://github.com/iiab/iiab/issues/1802
# https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd
- name: Check if /lib/systemd/system/mariadb.service exists
stat:
path: /lib/systemd/system/mariadb.service
register: mariadb_unit_file
- name: Copy pkg's /lib/systemd/system/mariadb.service to /etc/systemd/system/ to be customized (CREATES TIMESTAMPED BACKUPS OF /etc/systemd/system/mariadb.service e.g. IF OPERATOR CUSTOMIZED IT, EVEN DESPITE WARNING BELOW!)
copy:
force: yes
backup: yes
src: /lib/systemd/system/mariadb.service
dest: /etc/systemd/system/
when: mariadb_unit_file.stat.exists
- name: Symlink /etc/systemd/system/mysql.service -> /etc/systemd/system/mariadb.service
file:
state: link
force: yes
src: /etc/systemd/system/mariadb.service
path: /etc/systemd/system/mysql.service
when: mariadb_unit_file.stat.exists
- name: Symlink /etc/systemd/system/mysqld.service -> /etc/systemd/system/mariadb.service
file:
state: link
force: yes
src: /etc/systemd/system/mariadb.service
path: /etc/systemd/system/mysqld.service
when: mariadb_unit_file.stat.exists
- name: "WARN OPERATOR: Changes made to /etc/systemd/system/mariadb.service WILL BE LOST whenever 'mysql' playbook is run"
lineinfile:
path: /etc/systemd/system/mariadb.service
insertbefore: BOF # Beginning of file
line: "# WARNING: CHANGES TO THIS FILE WILL BE REGULARLY *OVERWRITTEN* BY:\n# /opt/iiab/iiab/roles/mysql/tasks/main.yml\n"
when: mariadb_unit_file.stat.exists
- name: Set systemd boot timeout to 180 seconds for slow machines, in /etc/systemd/system/mariadb.service
lineinfile:
path: /etc/systemd/system/mariadb.service
insertafter: '^\[Service\]$'
regexp: "^TimeoutStartSec="
line: "\n# 2019-07-03: @jvonau @holta doubled MariaDB's default boot timeout, from\n# 90 seconds to 180 seconds, for slow machines like this Ubuntu 18.04.2 VM:\n# https://github.com/iiab/iiab/issues/1802\n# https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd\nTimeoutStartSec=180\n"
# If the line above were to be run repeatedly (never happens here!) Ansible
# would pollute MariaDB's systemd unit file. As multi-line regexp's are
# not allowed (both regexp's should match, for idempotency). If nec, use
# the 1-liner below, or Ansible's 'blockinfile' which pollutes config files
# in its own way...surrounding blocks with marker lines.
# line: "TimeoutStartSec=180"
when: mariadb_unit_file.stat.exists
# 7 STANZAS BELOW...could later be put into setup.yml or config.yml or or provision.yml ?
# Name of MySQL service varies by OS, so hardcoded in /opt/iiab/iiab/vars/<OS>.yml (formerly in roles/0-init/tasks/main.yml)
- name: Start MySQL systemd service ({{ mysql_service }}) to permit configuration
systemd:
name: "{{ mysql_service }}"
daemon_reload: yes
state: restarted
- name: Install /root/.my.cnf file from template, with root password credentials
template:
src: my.cnf.j2
dest: /root/.my.cnf
owner: root
mode: '0600'
# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
# unfortunately it still doesn't work
- name: Update MySQL root password for localhost root accounts
mysql_user:
name: root
host: localhost
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1)
mysql_user:
name: root
host: "{{ item }}"
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
with_items:
#- "{{ iiab_hostname }}.{{ iiab_domain }}"
- 127.0.0.1
- ::1
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
mysql_user:
user: ""
host: "{{ ansible_hostname }}"
state: absent
- name: Delete anonymous MySQL server user for localhost
mysql_user:
user: ""
state: absent
- name: Remove the MySQL 'test' database
mysql_db:
db: test
state: absent
# RECORD MySQL AS INSTALLED
- name: "Set 'mysql_installed: True'"
set_fact:
mysql_installed: True
- name: "Add 'mysql_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^mysql_installed'
line: 'mysql_installed: True'

208
roles/mysql/tasks/main.yml
View file

@ -1,194 +1,46 @@
# TO DO:
# - Validate input vars mysql_install & mysql_enabled
# - Put ~13 stanzas just below into install.yml
# - Triggered by... 'when: mysql_installed is undefined'
# - Eliminate stale Fedora/CentOS code & gratuitous when: is_debuntu clauses?
# - Put ~8 stanzas below that into enable-or-disable.yml
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
- name: 'Install MySQL packages: mariadb-server, mariadb-client, and 8 php packages (debuntu)'
package:
name:
- mariadb-server
- mariadb-client
- php{{ php_version }}
- php{{ php_version }}-mysql
- php-pear
- php{{ php_version }}-gd
- php{{ php_version }}-imap
- php{{ php_version }}-ldap
- php{{ php_version }}-odbc
#- php{{ php_version }}-xml
- php{{ php_version }}-xmlrpc
state: present
when: is_debuntu | bool
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Install package 'php{{ php_version }}-xml' (debuntu) # WAS: (ubuntu or debian 9+)
package:
name: "php{{ php_version }}-xml"
state: present
when: is_debuntu | bool
#when: is_ubuntu or (is_debian and not is_debian_8)
- name: Assert that "mysql_install is sameas true" (boolean not string etc)
assert:
that: mysql_install is sameas true
fail_msg: "PLEASE SET 'mysql_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
#- name: Install php-xml-parser (debian-8)
# package:
# name: php-xml-parser
# state: present
# when: is_debian_8 | bool
- name: Assert that "mysql_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: mysql_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'mysql_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
package:
name:
- MySQL-python
- mysql
- php
- php-mysql
- php-pear
- php-gd
- php-imap
- php-ldap
- php-odbc
- php-xml
- php-xmlrpc
state: present
when: not is_debuntu
- include_tasks: centos.yml
when: ansible_distribution == "CentOS"
- include_tasks: fedora.yml
when: ansible_distribution == "Fedora"
- debug:
var: mysql_install
- debug:
var: mysql_enabled
- debug:
var: mysql_installed
# 2019-07-03 @jvonau @holta: the next 50 lines (6 stanzas) double MariaDB's
# default boot timeout (90s to 180s) for slow CPUs like this Ubuntu 18.04.2 VM:
# https://github.com/iiab/iiab/issues/1802
# https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd
- name: Check if /lib/systemd/system/mariadb.service exists
stat:
path: /lib/systemd/system/mariadb.service
register: mariadb_unit_file
- name: Copy pkg's /lib/systemd/system/mariadb.service to /etc/systemd/system/ to be customized (CREATES TIMESTAMPED BACKUPS OF /etc/systemd/system/mariadb.service e.g. IF OPERATOR CUSTOMIZED IT, EVEN DESPITE WARNING BELOW!)
copy:
force: yes
backup: yes
src: /lib/systemd/system/mariadb.service
dest: /etc/systemd/system/
when: mariadb_unit_file.stat.exists
- name: Symlink /etc/systemd/system/mysql.service -> /etc/systemd/system/mariadb.service
file:
state: link
force: yes
src: /etc/systemd/system/mariadb.service
path: /etc/systemd/system/mysql.service
when: mariadb_unit_file.stat.exists
- name: Symlink /etc/systemd/system/mysqld.service -> /etc/systemd/system/mariadb.service
file:
state: link
force: yes
src: /etc/systemd/system/mariadb.service
path: /etc/systemd/system/mysqld.service
when: mariadb_unit_file.stat.exists
- name: "WARN OPERATOR: Changes made to /etc/systemd/system/mariadb.service WILL BE LOST whenever 'mysql' playbook is run"
lineinfile:
path: /etc/systemd/system/mariadb.service
insertbefore: BOF # Beginning of file
line: "# WARNING: CHANGES TO THIS FILE WILL BE REGULARLY *OVERWRITTEN* BY:\n# /opt/iiab/iiab/roles/mysql/tasks/main.yml\n"
when: mariadb_unit_file.stat.exists
- name: Set systemd boot timeout to 180 seconds for slow machines, in /etc/systemd/system/mariadb.service
lineinfile:
path: /etc/systemd/system/mariadb.service
insertafter: '^\[Service\]$'
regexp: "^TimeoutStartSec="
line: "\n# 2019-07-03: @jvonau @holta doubled MariaDB's default boot timeout, from\n# 90 seconds to 180 seconds, for slow machines like this Ubuntu 18.04.2 VM:\n# https://github.com/iiab/iiab/issues/1802\n# https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd\nTimeoutStartSec=180\n"
# If the line above were to be run repeatedly (never happens here!) Ansible
# would pollute MariaDB's systemd unit file. As multi-line regexp's are
# not allowed (both regexp's should match, for idempotency). If nec, use
# the 1-liner below, or Ansible's 'blockinfile' which pollutes config files
# in its own way...surrounding blocks with marker lines.
# line: "TimeoutStartSec=180"
when: mariadb_unit_file.stat.exists
- name: Install MySQL if 'mysql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: mysql_installed is undefined
# RECORD MySQL AS INSTALLED
- name: "Set 'mysql_installed: True'"
set_fact:
mysql_installed: True
- name: "Add 'mysql_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^mysql_installed'
line: 'mysql_installed: True'
# Name of MySQL service varies by OS, so hardcoded in /opt/iiab/iiab/vars/<OS>.yml (formerly in roles/0-init/tasks/main.yml)
- name: Enable & Start MySQL systemd service ({{ mysql_service }}) if mysql_enabled
- name: Enable & Start MySQL ({{ mysql_service }}) systemd service, if mysql_enabled
systemd:
name: "{{ mysql_service }}"
daemon_reload: yes
state: restarted
state: started
enabled: yes
when: mysql_enabled | bool
- name: Install /root/.my.cnf file from template, with root password credentials, if mysql_enabled
template:
src: my.cnf.j2
dest: /root/.my.cnf
owner: root
mode: '0600'
when: mysql_enabled | bool
# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
# unfortunately it still doesn't work
- name: Update MySQL root password for localhost root accounts, if mysql_enabled
mysql_user:
name: root
host: localhost
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
when: mysql_enabled | bool
- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1) if mysql_enabled
mysql_user:
name: root
host: "{{ item }}"
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
with_items:
#- "{{ iiab_hostname }}.{{ iiab_domain }}"
- 127.0.0.1
- ::1
when: mysql_enabled | bool
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}, if mysql_enabled
mysql_user:
user: ""
host: "{{ ansible_hostname }}"
state: absent
when: mysql_enabled | bool
- name: Delete anonymous MySQL server user for localhost, if mysql_enabled
mysql_user:
user: ""
state: absent
when: mysql_enabled | bool
- name: Remove the MySQL 'test' database, if mysql_enabled
mysql_db:
db: test
state: absent
when: mysql_enabled | bool
# we had to start mysql in order to configure it, now turn if off if not enabled
- name: Config is done but now DISABLE MySQL service, if not mysql_enabled
# We had to start MySQL in order to configure it, now turn if off if not enabled
- name: Disable & Stop MySQL ({{ mysql_service }}) systemd service, if not mysql_enabled
systemd:
name: "{{ mysql_service }}"
enabled: no
@ -198,7 +50,7 @@
- name: Add 'mysql' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: mysql
option: "{{ item.option }}"
value: "{{ item.value | string }}"

4
roles/network/tasks/computed_network.yml
View file

@ -174,14 +174,14 @@
- name: Record IIAB_WAN_DEVICE to {{ iiab_env_file }}
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^IIAB_WAN_DEVICE=*'
line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
when: not installing #REMOVE THIS LINE IF installing IS ALWAYS false AS SET IN roles/0-init/defaults/main.yml
- name: Record IIAB_LAN_DEVICE to {{ iiab_env_file }}
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^IIAB_LAN_DEVICE=*'
line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
state: present

2
roles/network/tasks/dansguardian.yml
View file

@ -50,6 +50,6 @@
- name: "Add 'dansguardian_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^dansguardian_installed'
line: 'dansguardian_installed: True'

2
roles/network/tasks/dhcpd.yml
View file

@ -56,6 +56,6 @@
- name: "Add 'dhcpd_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^dhcpd_installed'
line: 'dhcpd_installed: True'

2
roles/network/tasks/enable_services.yml
View file

@ -174,7 +174,7 @@
- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=False'
state: present

2
roles/network/tasks/hostapd.yml
View file

@ -63,7 +63,7 @@
- name: Record HOSTAPD_ENABLED to {{ iiab_env_file }}
lineinfile:
dest: "{{ iiab_env_file }}"
path: "{{ iiab_env_file }}"
regexp: '^HOSTAPD_ENABLED=*'
line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}'
state: present

2
roles/network/tasks/named.yml
View file

@ -79,7 +79,7 @@
- name: "Add 'named_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^named_installed'
line: 'named_installed: True'

2
roles/network/tasks/squid.yml
View file

@ -82,7 +82,7 @@
- name: "Add 'squid_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^squid_installed'
line: 'squid_installed: True'

2
roles/network/tasks/wondershaper.yml
View file

@ -40,7 +40,7 @@
- name: "Add 'wondershaper_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^wondershaper_installed'
line: 'wondershaper_installed: True'

2
roles/nextcloud/tasks/apache.yml
View file

@ -6,7 +6,7 @@
command: a2dissite nextcloud.conf
when: not nextcloud_enabled
- name: Restart '{{ apache_service }}' systemd service
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

2
roles/nextcloud/tasks/install.yml
View file

@ -188,6 +188,6 @@
- name: "Add 'nextcloud_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^nextcloud_installed'
line: 'nextcloud_installed: True'

4
roles/nextcloud/tasks/nginx.yml
View file

@ -1,10 +1,10 @@
- name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_conf_dir }}/nextcloud-nginx.conf from template" # http://box/nextcloud
- name: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_conf_dir }}/nextcloud-nginx.conf from template # http://box/nextcloud
template:
src: nextcloud-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/nextcloud-nginx.conf" # /etc/nginx/conf.d
when: nextcloud_enabled | bool
- name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_conf_dir }}/nextcloud-nginx.conf" # http://box/nextcloud
- name: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_conf_dir }}/nextcloud-nginx.conf # http://box/nextcloud
file:
path: "{{ nginx_conf_dir }}/nextcloud-nginx.conf" # /etc/nginx/conf.d
state: absent

24
roles/nginx/README.md
View file

@ -1,6 +1,6 @@
### Transition to NGINX
1. Initial testing strategy (December 2019 - January 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below.
1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below.
Until "Native" NGINX is later implemented for that IIAB App/Service &mdash; allowing it to move up to *Section ii.* below.
@ -10,20 +10,21 @@
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
3. Current state of IIAB App/Service migrations as of 2020-01-24:
3. Current state of IIAB App/Service migrations as of 2020-02-04:
1. These support "Native" NGINX but ***NOT*** Apache
* Admin Console
* captiveportal
* IIAB documentation (http://box/info)
* osm-vector-maps
* RACHEL-like modules
* usb-lib
* OER2Go/RACHEL modules
* usb-lib [*]
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) for your testing).
* awstats
* calibre-web
* gitea
* kiwix
* kiwix [*]
* kolibri
* mediawiki
* munin
@ -31,13 +32,18 @@
* wordpress
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/0-init/tasks/main.yml#L40-L44](../0-init/tasks/main.yml#L40-L44) for a list of these IIAB Apps/Services, that auto-enable Apache.
* dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056))
* elgg
* lokole
* moodle
* nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119))
* nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119)) [*]
* nodered
4. Not Yet Dealt With!
4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
* calibre (menu goes directly to port 8080) [*]
* internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120))
* kalite (menu goes directly to ports 8006-8008)
* kalite (menu goes directly to ports 8006-8008) [*]
* minetest [*]
* openvpn [*]
* pbx
[*] Apache, NGINX and the 7 starred roles above could use improvement as of 2020-02-04.

2
roles/nginx/tasks/install.yml
View file

@ -52,6 +52,6 @@
- name: "Add 'nginx_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^nginx_installed'
line: 'nginx_installed: True'

154
roles/nodejs/tasks/install.yml Normal file
View file

@ -0,0 +1,154 @@
# 1. TEST IF Node.js ALEADY INSTALLED & WARN AS NEC
# 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED:
# IF SO & THIS DOESN'T MATCH nodejs_version AS SET IN defaults_vars.yml
# AND/OR local_vars.yml, INSTALL HALTS WITH AN EXPLANATION (PR #1447)
# 2019-07-04: FOR A SOMEWHAT MORE MODERN "VERSION DETECTOR" SEE:
# github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml#L1-L40
- name: Try to run 'nodejs -v' to get Node.js version
# 'node -v' doesn't work with older versions e.g. Ubuntu 16.04's nodejs 4.2.6
# Both below convert v10.15.1 to 10.x, but this is safer: (removes non-digits)
shell: nodejs -v | sed 's/[^0-9]*//' | sed 's/[^0-9].*/.x/'
#shell: nodejs -v | sed 's/^[vV]//' | sed 's/\..*/.x/'
register: nodejs_version_installed
#- debug:
# var: nodejs_version_installed
# When nodejs is NOT installed:
# nodejs_version_installed.rc == 0 # Crazy with stderr below, "due to pipes"
# nodejs_version_installed.stdout == ""
# nodejs_version_installed.stderr == "/bin/sh: 1: nodejs: not found"
# BOTH ABOVE (incl non-null stderr) are USED BELOW to confirm install is nec!
#- name: "ENFORCE PRECONDITION: Stop installing (intentionally fail) IF an installed 'nodejs' version isn't {{ nodejs_version }}"
# fail:
# msg: >
# PLEASE REMOVE 'nodejs' VERSION {{ nodejs_version_installed.stdout }} AS
# IT DOES NOT MATCH THE REQUIRED nodejs_version: {{ nodejs_version }} --
# as set in /opt/iiab/iiab/vars/default_vars.yml and/or
# /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
# Forces < 12 or > 12 to be removed, ignored if file is absent
- name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
file:
state: absent
path: /etc/apt/sources.list.d/nodesource.list
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
# Forces < 12 or > 12 to be uninstalled
- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }})
package:
name: nodejs
state: absent
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# Forces == 12
- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
debug:
msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"
when: nodejs_version_installed is defined and nodejs_version_installed.stdout == nodejs_version
# 2. INSTALL Node.js USING nodesource.com
# 2019-02-12: Should not be nec, as stanza below it should overwrite
# /etc/apt/sources.list.d/nodesource.list regardless!
#
#- name: Clear prior /etc/apt/sources.list.d/nodesource.list (permitting Node.js downgrade if nec)
# file:
# path: /etc/apt/sources.list.d/nodesource.list
# state: absent
# when: internet_available and is_debuntu
- name: Set up Node.js {{ nodejs_version }} apt sources (debuntu)
shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -
args:
warn: no
creates: /etc/apt/sources.list.d/nodesource.list
when: internet_available and is_debuntu
#when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
# NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/<OS>.yml
# DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!)
# 2019-03-29: Above works on Debian 10 Buster pre-releases, but fails on Ubuntu
# 19.04 Beta. Comment it out for now, and manually run: "apt install npm" then
# "npm install -g npm@latest" (all *SHOULD* be magically fixed by 2019-04-18 ?)
# Forces update
- name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm (debuntu)
package:
#name: nodejs={{ nodejs_version }}
name: nodejs
state: latest
#state: present
when: internet_available and is_debuntu
#when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
- name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat)
shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash -
args:
warn: no
when: internet_available and is_redhat
# 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm
# 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above
# nodesource.com approach to get a version of npm that works with Sugarizer:
# https://github.com/iiab/iiab/issues/798#issuecomment-404324530
#
# MORE POSITIVELY: this nodesource.com approach (brings in npm 5.6.0 with
# nodejs 8.11.3 for now, to any OS) would also work on Ubuntu 18.04, and
# might even bring about a sane consistency across mainline OS's?
#
# BUT FOR NOW: Ubuntu 18.04's apt (approach below) brings in npm 3.5.2,
# which appears suffic "SO FAR"? 18.04's nodejs 8.10.0 is more reassuring!
#
# CRAZY IDEA: most versions of npm can upgrade themselves to the latest
# (6.2.0 for now) using command "npm install -g npm", if that helps us in
# future, e.g. TK's memory issue etc? If so, be CAREFUL this puts npm
# in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian
# where it upgrades /usr/bin/npm in place:
# https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation
# 2019-02-03: OLD WAY (PRIOR TO 2019) BELOW. Since then, @m-anish helped
# us standardize on the above nodesource.com approach i.e.
# https://github.com/nodesource/distributions#debinstall ...across all
# distros (so nodejs & npm always findable in /usr/bin, for Node-RED etc)
# - name: Install packages nodejs {{ nodejs_version }} and npm (debuntu distros AFTER 2017, or other distros)
# package:
# name:
# - nodejs={{ nodejs_version }} # Nec to change above from 'package:' to 'apt:' ?
# - npm
# state: latest
# when: internet_available and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
# 2019-01-16: fyi Node.js 10.x became "LTS" on 2018-10-30 but distros are
# holding back for now: certainly Ubuntu 18.04 and even Debian 10/Buster
# ("testing" branch) both install Node.js 8.x (instead of 10.x). While the
# more bleeding-edge Debian Sid ("unstable" branch) does install Node.js 10.x
#
# This May Change: thanks all for running "apt -a list nodejs" on Buster's
# daily builds @ www.debian.org/devel/debian-installer/ and Disco Dingo (Ubuntu
# 19.04) https://launchpad.net/ubuntu/+source/nodejs to keep us informed!
# 2019-03-29: Debian 10 Buster & Ubuntu 19.04 pre-releases made the jump
# thankfully; currently both offer Node.js 10.15.2
# 3. RECORD Node.js AS INSTALLED
- name: "Set 'nodejs_installed: True'"
set_fact:
nodejs_installed: True
- name: "Add 'nodejs_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^nodejs_installed'
line: 'nodejs_installed: True'

199
roles/nodejs/tasks/main.yml
View file

@ -1,164 +1,57 @@
# 2019-02-12: SEE VAR nodejs_version: 10.x (FOR NOW!) IN vars/default_vars.yml
# AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml
# SEE VAR nodejs_version: 12.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR
# NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml
# Duplicate Node.js code unified by @jvonau. Revised by @holta. Now used by:
# roles/nodered/tasks/main.yml w/ roles/nodered/meta/main.yml
# roles/pbx/tasks/main.yml w/ roles/pbx/meta/main.yml (Asterisk/FreePBX)
# roles/sugarizer/tasks/main.yml w/ roles/sugarizer/meta/main.yml
# Duplicate Node.js code unified by @jvonau. Revised by @holta. Used by:
# roles/nodered/tasks/*.yml formerly w/ roles/nodered/meta/main.yml
# roles/pbx/tasks/*.yml formerly w/ roles/pbx/meta/main.yml (Asterisk/FreePBX)
# roles/sugarizer/tasks/*.yml formerly w/ roles/sugarizer/meta/main.yml
# 1. TEST IF Node.js ALEADY INSTALLED & WARN AS NEC
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
# 2019-02-03: BELOW TESTS IF 'nodejs' VERSION IS ALREADY INSTALLED:
# IF SO & THIS DOESN'T MATCH nodejs_version AS SET IN defaults_vars.yml
# AND/OR local_vars.yml, INSTALL HALTS WITH AN EXPLANATION (PR #1447)
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
# 2019-07-04: FOR A SOMEWHAT MORE MODERN "VERSION DETECTOR" SEE:
# github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml#L1-L40
- name: Assert that "nodejs_install is sameas true" (boolean not string etc)
assert:
that: nodejs_install is sameas true
fail_msg: "PLEASE SET 'nodejs_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Try to run 'nodejs -v' to get Node.js version
# 'node -v' doesn't work with older versions e.g. Ubuntu 16.04's nodejs 4.2.6
# Both below convert v10.15.1 to 10.x, but this is safer: (removes non-digits)
shell: nodejs -v | sed 's/[^0-9]*//' | sed 's/[^0-9].*/.x/'
#shell: nodejs -v | sed 's/^[vV]//' | sed 's/\..*/.x/'
register: nodejs_version_installed
- name: Assert that "nodejs_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: nodejs_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'nodejs_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
#- debug:
# var: nodejs_version_installed
# When nodejs is NOT installed:
# nodejs_version_installed.rc == 0 # Crazy with stderr below, "due to pipes"
# nodejs_version_installed.stdout == ""
# nodejs_version_installed.stderr == "/bin/sh: 1: nodejs: not found"
# BOTH ABOVE (incl non-null stderr) are USED BELOW to confirm install is nec!
#- name: "ENFORCE PRECONDITION: Stop installing (intentionally fail) IF an installed 'nodejs' version isn't {{ nodejs_version }}"
# fail:
# msg: >
# PLEASE REMOVE 'nodejs' VERSION {{ nodejs_version_installed.stdout }} AS
# IT DOES NOT MATCH THE REQUIRED nodejs_version: {{ nodejs_version }} --
# as set in /opt/iiab/iiab/vars/default_vars.yml and/or
# /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
# Forces < 12 or > 12 to be removed, ignored if file is absent
- name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
file:
state: absent
path: /etc/apt/sources.list.d/nodesource.list
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
# Forces < 12 or > 12 to be uninstalled
- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }})
package:
name: nodejs
state: absent
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# Forces == 12
- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
debug:
msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"
when: nodejs_version_installed is defined and nodejs_version_installed.stdout == nodejs_version
- debug:
var: nodejs_install
- debug:
var: nodejs_enabled
- debug:
var: nodejs_installed
# 2. INSTALL Node.js USING nodesource.com
# 2019-02-12: Should not be nec, as stanza below it should overwrite
# /etc/apt/sources.list.d/nodesource.list regardless!
#
#- name: Clear prior /etc/apt/sources.list.d/nodesource.list (permitting Node.js downgrade if nec)
# file:
# path: /etc/apt/sources.list.d/nodesource.list
# state: absent
# when: internet_available and is_debuntu
- name: Set up Node.js {{ nodejs_version }} apt sources (debuntu)
shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -
args:
warn: no
creates: /etc/apt/sources.list.d/nodesource.list
when: internet_available and is_debuntu
#when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
# NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/<OS>.yml
# DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!)
# 2019-03-29: Above works on Debian 10 Buster pre-releases, but fails on Ubuntu
# 19.04 Beta. Comment it out for now, and manually run: "apt install npm" then
# "npm install -g npm@latest" (all *SHOULD* be magically fixed by 2019-04-18 ?)
# Forces update
- name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm (debuntu)
package:
#name: nodejs={{ nodejs_version }}
name: nodejs
state: latest
#state: present
when: internet_available and is_debuntu
#when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
- name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat)
shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash -
args:
warn: no
when: internet_available and is_redhat
- name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nodejs_installed is undefined
# 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm
# 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above
# nodesource.com approach to get a version of npm that works with Sugarizer:
# https://github.com/iiab/iiab/issues/798#issuecomment-404324530
#
# MORE POSITIVELY: this nodesource.com approach (brings in npm 5.6.0 with
# nodejs 8.11.3 for now, to any OS) would also work on Ubuntu 18.04, and
# might even bring about a sane consistency across mainline OS's?
#
# BUT FOR NOW: Ubuntu 18.04's apt (approach below) brings in npm 3.5.2,
# which appears suffic "SO FAR"? 18.04's nodejs 8.10.0 is more reassuring!
#
# CRAZY IDEA: most versions of npm can upgrade themselves to the latest
# (6.2.0 for now) using command "npm install -g npm", if that helps us in
# future, e.g. TK's memory issue etc? If so, be CAREFUL this puts npm
# in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian
# where it upgrades /usr/bin/npm in place:
# https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation
# 2019-02-03: OLD WAY (PRIOR TO 2019) BELOW. Since then, @m-anish helped
# us standardize on the above nodesource.com approach i.e.
# https://github.com/nodesource/distributions#debinstall ...across all
# distros (so nodejs & npm always findable in /usr/bin, for Node-RED etc)
# - name: Install packages nodejs {{ nodejs_version }} and npm (debuntu distros AFTER 2017, or other distros)
# package:
# name:
# - nodejs={{ nodejs_version }} # Nec to change above from 'package:' to 'apt:' ?
# - npm
# state: latest
# when: internet_available and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
# 2019-01-16: fyi Node.js 10.x became "LTS" on 2018-10-30 but distros are
# holding back for now: certainly Ubuntu 18.04 and even Debian 10/Buster
# ("testing" branch) both install Node.js 8.x (instead of 10.x). While the
# more bleeding-edge Debian Sid ("unstable" branch) does install Node.js 10.x
#
# This May Change: thanks all for running "apt -a list nodejs" on Buster's
# daily builds @ www.debian.org/devel/debian-installer/ and Disco Dingo (Ubuntu
# 19.04) https://launchpad.net/ubuntu/+source/nodejs to keep us informed!
# 2019-03-29: Debian 10 Buster & Ubuntu 19.04 pre-releases made the jump
# thankfully; currently both offer Node.js 10.15.2
# 3. RECORD Node.js AS INSTALLED
- name: "Set 'nodejs_installed: True'"
set_fact:
nodejs_installed: True
- name: "Add 'nodejs_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^nodejs_installed'
line: 'nodejs_installed: True'
- name: Add 'nodejs' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml
section: nodejs
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Node.js
- option: description
value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."'
- option: nodejs_install
value: "{{ nodejs_install }}"
- option: nodejs_enabled
value: "{{ nodejs_enabled }}"

Some files were not shown because too many files have changed in this diff Show more