Merge b2434f9290 into 1308fb8670

.github/workflows/10min-iiab-test-install.yml

@@ -51,6 +51,8 @@ jobs:
           sudo mkdir /etc/iiab
           # touch /etc/iiab/local_vars.yml
           sudo cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml
+          sudo mkdir /usr/local/ansible
+          sudo cp /opt/iiab/iiab/collections.yml /usr/local/ansible/collections.yml
       - run: sudo /opt/iiab/iiab/scripts/ansible
       - run: sudo ./iiab-install
         working-directory: /opt/iiab/iiab

.github/workflows/30min-iiab-test-install-deb12-on-rpi3.yml

@@ -58,6 +58,8 @@ jobs:
               ls /opt/iiab/iiab
               mkdir /etc/iiab
               cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml
+              mkdir /usr/local/ansible
+              cp /opt/iiab/iiab/collections.yml /usr/local/ansible/collections.yml
               /opt/iiab/iiab/scripts/ansible
               ./iiab-install
               cd /opt/iiab/iiab

.github/workflows/30min-iiab-test-install-raspios-on-zero2w.yml

@@ -70,6 +70,8 @@ jobs:
               ls /opt/iiab/iiab
               mkdir /etc/iiab
               cp /opt/iiab/iiab/vars/local_vars_none.yml /etc/iiab/local_vars.yml
+              mkdir /usr/local/ansible
+              cp /opt/iiab/iiab/collections.yml /usr/local/ansible/collections.yml
               /opt/iiab/iiab/scripts/ansible
               ./iiab-install
               cd /opt/iiab/iiab

ansible.cfg

@@ -6,3 +6,4 @@
 #squash_actions = apk, apt, dnf, homebrew, openbsd_pkg, pacman, pkgng, yum, zypper, package
 [defaults]
 interpreter_python=/usr/local/ansible/bin/python3
+collections_path=/usr/local/ansible/collections/ansible_collections/

collections.yml

@@ -4,11 +4,15 @@
 
 ---
 collections:
-  - name: community.general
-  - name: community.mysql
-  - name: community.postgresql
-  - name: ansible.posix    # 2020-11-28: For ~3 modules below...
+# 2025-02-20 community.general.ini_file
+  - name: community.general # community.general.ini_file
+# 2025-02-20 moved to /opt/iiab/iiab/roles/mysql/tasks/install.yml
+#  - name: community.mysql
+# 2025-02-20 moved to /opt/iiab/iiab/roles/postgresql/tasks/install.yml
+#  - name: community.postgresql
+  - name: ansible.posix    # 2025-02-20: For ~4 modules below...
 
 # selinux WAS in /opt/iiab/iiab/roles/1-prep/tasks/main.yml
 # sysctl      in /opt/iiab/iiab/roles/2-common/tasks/main.yml
+# munin /opt/iiab/iiab/roles/munin/tasks/install.yml
 # synchronize in /opt/iiab/iiab-admin-console/roles/js-menu/tasks/main.yml

roles/0-init/tasks/main.yml

@@ -70,6 +70,11 @@
 - name: Set hostname / domain (etc) in various places
   include_tasks: hostname.yml
 
+- name: "Set ansible_collections_path to /usr/share/ansible/collections for deb install of ansible"
+  set_fact:
+    ansible_collections_path: /usr/share/ansible/collections
+  when: ansible_architecture == "i386"
+
 - name: Add 'runtime' variable values to {{ iiab_ini_file }}
   ini_file:
     path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini

roles/2-common/tasks/main.yml

@@ -9,7 +9,7 @@
 - include_tasks: packages.yml
 
 - name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf"
-  sysctl:    # Places these settings in /etc/sysctl.conf, to survive reboot
+  ansible.posix.sysctl:    # Places these settings in /etc/sysctl.conf, to survive reboot
     name: "{{ item.name }}"
     value: "{{ item.value }}"
   with_items:

roles/calibre-web/tasks/install.yml

@@ -134,7 +134,7 @@
     fi
 
 - name: Download Calibre-Web dependencies from 'requirements.txt' into python3 virtual environment {{ calibreweb_venv_path }}
-  pip:
+  ansible.builtin.pip:
     requirements: "{{ calibreweb_venv_path }}/requirements.txt"
     virtualenv: "{{ calibreweb_venv_path }}"    # /usr/local/calibre-web-py3
     #virtualenv_site_packages: no

roles/jupyterhub/tasks/install.yml

@@ -44,7 +44,7 @@
     state: latest
 
 - name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~316 MB total, after 2 Ansible calls)"
-  pip:
+  ansible.builtin.pip:
     name:
       - pip
       - wheel
@@ -61,7 +61,7 @@
 # https://github.com/iiab/iiab/issues/3283
 
 - name: Break up jupyterhub/jupyterlab pip installs into 2 parts (3 packages above + 4 packages here) due to mutual dependency deadlock on some OS's
-  pip:
+  ansible.builtin.pip:
     name:
       - jupyterlab
       - jupyterhub_firstuseauthenticator

roles/kalite/tasks/install.yml

@@ -29,7 +29,7 @@
   when: is_debian_12    # Also covers is_raspbian_12
 
 - name: Use pip to pin setuptools to 44 in {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12
-  pip:
+  ansible.builtin.pip:
     name: setuptools==44
     virtualenv: "{{ kalite_venv }}"    # /usr/local/kalite/venv
     virtualenv_site_packages: no
@@ -39,7 +39,7 @@
   when: is_ubuntu_2204 or is_ubuntu_2310 or is_debian_12    # Also covers is_linuxmint_21 and is_raspbian_12
 
 - name: Use pip to install ka-lite-static to {{ kalite_venv }} -- if Ubuntu 22.04 / Mint 21, Ubuntu 23.10, Debian 12 or RasPiOS 12
-  pip:
+  ansible.builtin.pip:
     name: ka-lite-static
     version: "{{ kalite_version }}"
     virtualenv: "{{ kalite_venv }}"

roles/lokole/tasks/install.yml

@@ -32,7 +32,7 @@
 # following line to roles/lokole/defaults/main.yml:
 # lokole_commit: <git_commit_id>
 - name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined"
-  pip:
+  ansible.builtin.pip:
     name: "git+{{ lokole_repo }}@{{ lokole_commit }}#egg=opwen_email_client"
     virtualenv: "{{ lokole_venv }}"
     virtualenv_command: python3 -m venv "{{ lokole_venv }}"
@@ -43,7 +43,7 @@
 # the following line to roles/lokole/defaults/main.yml:
 # lokole_version: <git_version_number>
 - name: "OPTIONAL: pip install opwen_email_client (Lokole, version {{ lokole_version }}) from PyPI to {{ lokole_venv }}, if lokole_version is defined"
-  pip:
+  ansible.builtin.pip:
     name: opwen_email_client
     version: "{{ lokole_version }}"
     virtualenv: "{{ lokole_venv }}"
@@ -52,7 +52,7 @@
   when: lokole_version is defined
 
 - name: "DEFAULT: pip install opwen_email_client (Lokole, latest available version) from PyPI to {{ lokole_venv }}, if above vars both UNdefined"
-  pip:
+  ansible.builtin.pip:
     name: opwen_email_client
     virtualenv: "{{ lokole_venv }}"
     virtualenv_command: python3 -m venv "{{ lokole_venv }}"

roles/matomo/tasks/install.yml

@@ -12,21 +12,6 @@
 # fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"}
 
 
-- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
-  set_fact:
-    mysql_install: True
-    mysql_enabled: True
-
-- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
-  include_role:
-    name: mysql
-
-- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
-  fail:
-    msg: "Matomo install cannot proceed, as MySQL / MariaDB is not installed."
-  when: mysql_installed is undefined
-
-
 - name: Record (initial) disk space used
   shell: df -B1 --output=used / | tail -1
   register: df1

roles/matomo/tasks/main.yml

@@ -18,6 +18,20 @@
     fail_msg: "PLEASE GIVE VARIABLE 'matomo_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
 
+- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
+  set_fact:
+    mysql_install: True
+    mysql_enabled: True
+
+- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
+  include_role:
+    name: mysql
+
+- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
+  fail:
+    msg: "Matomo install cannot proceed, as MySQL / MariaDB is not installed."
+  when: mysql_installed is undefined
+
 
 - block:
 

roles/mediawiki/tasks/install.yml

@@ -1,18 +1,3 @@
-- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
-  set_fact:
-    mysql_install: True
-    mysql_enabled: True
-
-- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
-  include_role:
-    name: mysql
-
-- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
-  fail:
-    msg: "MediaWiki install cannot proceed, as MySQL / MariaDB is not installed."
-  when: mysql_installed is undefined
-
-
 - name: Record (initial) disk space used
   shell: df -B1 --output=used / | tail -1
   register: df1
@@ -67,12 +52,12 @@
     state: started
 
 - name: Create MySQL database {{ mediawiki_db_name }}
-  mysql_db:
+  community.mysql.mysql_db:
     name: "{{ mediawiki_db_name }}"    # iiab_mediawiki
     #state: present
 
 - name: Create MySQL database user {{ mediawiki_db_user }} with password, and permissions to above db
-  mysql_user:
+  community.mysql.mysql_user:
     name: "{{ mediawiki_db_user }}"    # iiab_mediawiki_user
     password: "{{ mediawiki_db_user_password }}"
     priv: "{{ mediawiki_db_name }}.*:ALL,GRANT"

roles/mediawiki/tasks/main.yml

@@ -18,6 +18,21 @@
     fail_msg: "PLEASE GIVE VARIABLE 'mediawiki_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
 
+- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
+  set_fact:
+    mysql_install: True
+    mysql_enabled: True
+
+- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
+  include_role:
+    name: mysql
+
+- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
+  fail:
+    msg: "MediaWiki install cannot proceed, as MySQL / MariaDB is not installed."
+  when: mysql_installed is undefined
+
+
 
 - block:
 

roles/moodle/tasks/install.yml

@@ -21,16 +21,6 @@
 # sudo -u www-data /usr/bin/php admin/cli/maintenance.php --disable
 
 
-- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
-  set_fact:
-    postgresql_install: True
-    postgresql_enabled: True
-
-- name: POSTGRESQL - run 'postgresql' role (attempt to install & enable PostgreSQL)
-  include_role:
-    name: postgresql
-
-
 - name: Record (initial) disk space used
   shell: df -B1 --output=used / | tail -1
   register: df1
@@ -134,7 +124,7 @@
     state: started
 
 - name: Create PostgreSQL db user {{ moodle_db_user }}/{{ moodle_db_pass }}
-  postgresql_user:
+  community.postgresql.postgresql_user:
     name: "{{ moodle_db_user }}"    # Admin
     password: "{{ moodle_db_pass }}"    # changeme
     encrypted: yes    # Required by PostgreSQL 10+ e.g. Ubuntu 18.04's PostgreSQL 10.3+, see https://github.com/iiab/iiab/issues/759
@@ -144,7 +134,7 @@
   become_user: postgres
 
 - name: 'Create database: {{ moodle_db_name }}'
-  postgresql_db:
+  community.postgresql.postgresql_db:
     name: "{{ moodle_db_name }}"
     encoding: utf8
     owner: "{{ moodle_db_user }}"

roles/moodle/tasks/main.yml

@@ -18,6 +18,20 @@
     fail_msg: "PLEASE GIVE VARIABLE 'moodle_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
 
+- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
+  set_fact:
+    postgresql_install: True
+    postgresql_enabled: True
+
+- name: POSTGRESQL - run 'postgresql' role (attempt to install & enable PostgreSQL)
+  include_role:
+    name: postgresql
+
+- name: FAIL (STOP THE INSTALL) IF 'postgresql_installed is undefined'
+  fail:
+    msg: "Moodle install cannot proceed, as postgresql is not installed."
+  when: postgresql_installed is undefined
+
 
 - block:
 

roles/munin/tasks/install.yml

@@ -5,7 +5,7 @@
 
 # SEE ALSO roles/network/tasks/install.yml
 - name: "TEMPORARILY REVERT net.ipv6.conf.all.disable_ipv6 to 0 in /etc/sysctl.conf for #3434"
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv6.conf.all.disable_ipv6
     value: 0
 
@@ -21,19 +21,19 @@
     state: present
 
 - name: pip install 'passlib' into venv /usr/local/ansible -- for Ansible module 'htpasswd' in Ansible collection community.general -- used just below
-  pip:
+  ansible.builtin.pip:
     name: passlib
     virtualenv: /usr/local/ansible
     extra_args: "--upgrade --no-cache-dir --prefer-binary"    # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built!  SEE #3560
 
 # SEE ALSO roles/network/tasks/install.yml
 - name: RESTORE net.ipv6.conf.all.disable_ipv6 to 1 in /etc/sysctl.conf for #3434
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv6.conf.all.disable_ipv6
     value: 1
 
 - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd
-  htpasswd:
+  community.general.htpasswd:
     path: /etc/munin/munin-htpasswd
     name: "{{ munin_username}}"         # Admin
     password: "{{ munin_password }}"    # changeme

roles/mysql/tasks/install.yml

@@ -14,11 +14,14 @@
     state: present
 
 - name: pip install 'PyMySQL' into venv /usr/local/ansible -- for Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in roles {mediawiki, nextcloud, wordpress, matomo, pbx}
-  pip:
+  ansible.builtin.pip:
     name: PyMySQL
-    virtualenv: /usr/local/ansible
+    virtualenv: "{{ ansible_venv_path }}"
     extra_args: "--upgrade --no-cache-dir --prefer-binary"    # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built!  SEE #3560
 
+- name: Install Collection community.mysql with ansible-galaxy
+  shell: "{{ ansible_venv_path }}/bin/ansible-galaxy collection install --force-with-deps community.mysql -p {{ ansible_collections_path }}"
+
 # 2020-07-11: 10 PHP package installs moved to roles/www_base/tasks/main.yml
 # php{{ php_version }}-sqlite3 install moved to roles/osm-vector-maps/tasks/install.yml
 

roles/nextcloud/tasks/install.yml

@@ -1,18 +1,3 @@
-- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
-  set_fact:
-    mysql_install: True
-    mysql_enabled: True
-
-- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
-  include_role:
-    name: mysql
-
-- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
-  fail:
-    msg: "Nextcloud install cannot proceed, as MySQL / MariaDB is not installed."
-  when: mysql_installed is undefined
-
-
 - name: Record (initial) disk space used
   shell: df -B1 --output=used / | tail -1
   register: df1

roles/nextcloud/tasks/main.yml

@@ -18,6 +18,20 @@
     fail_msg: "PLEASE GIVE VARIABLE 'nextcloud_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
 
+- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
+  set_fact:
+    mysql_install: True
+    mysql_enabled: True
+
+- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
+  include_role:
+    name: mysql
+
+- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
+  fail:
+    msg: "Nextcloud install cannot proceed, as MySQL / MariaDB is not installed."
+  when: mysql_installed is undefined
+
 
 - block:
 

roles/nextcloud/tasks/setup.yml

@@ -1,9 +1,9 @@
 - name: 'Create MySQL database with name: {{ nextcloud_dbname }}'
-  mysql_db:
+  community.mysql.mysql_db:
     name: "{{ nextcloud_dbname }}"
 
 - name: Add username/password to the MySQL database (associated with trusted IP's like localhost)
-  mysql_user:
+  community.mysql.mysql_user:
     name: "{{ nextcloud_dbuser }}"
     host: "{{ item }}"
     password: "{{ nextcloud_dbpassword }}"

roles/pbx/tasks/freepbx.yml

@@ -150,7 +150,7 @@
 
 
 - name: FreePBX - Add MySQL user ({{ asterisk_db_user }})
-  mysql_user:
+  community.mysql.mysql_user:
     name: "{{ asterisk_db_user }}"            # asterisk
     password: "{{ asterisk_db_password }}"    # asterisk
     priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL"
@@ -160,7 +160,7 @@
     host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}"
 
 - name: FreePBX - Add MySQL db ({{ asterisk_db_dbname }})
-  mysql_db:
+  community.mysql.mysql_db:
     name: "{{ asterisk_db_dbname }}"    # asterisk
     encoding: utf8
     collation: utf8_general_ci
@@ -169,7 +169,7 @@
     login_password: "{{ asterisk_db_password }}"
 
 - name: FreePBX - Add CDR MySQL db ({{ asterisk_db_cdrdbname }})
-  mysql_db:
+  community.mysql.mysql_db:
     name: "{{ asterisk_db_cdrdbname }}"    # asteriskcdrdb
     encoding: utf8
     collation: utf8_general_ci

roles/pbx/tasks/install.yml

@@ -22,21 +22,6 @@
 #   when: nodejs_version != "12.x"
 
 
-- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
-  set_fact:
-    mysql_install: True
-    mysql_enabled: True
-
-- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
-  include_role:
-    name: mysql
-
-- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
-  fail:
-    msg: "PBX install cannot proceed, as MySQL / MariaDB is not installed."
-  when: mysql_installed is undefined
-
-
 - name: Record (initial) disk space used
   shell: df -B1 --output=used / | tail -1
   register: df1

roles/pbx/tasks/main.yml

@@ -18,6 +18,20 @@
     fail_msg: "PLEASE GIVE VARIABLE 'pbx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
 
+- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
+  set_fact:
+    mysql_install: True
+    mysql_enabled: True
+
+- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
+  include_role:
+    name: mysql
+
+- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
+  fail:
+    msg: "PBX install cannot proceed, as MySQL / MariaDB is not installed."
+  when: mysql_installed is undefined
+
 
 - block:
 

roles/postgresql/tasks/install.yml

@@ -12,11 +12,14 @@
     state: present
 
 - name: pip install 'psycopg' (NEW Psycopg 3) into venv /usr/local/ansible -- for Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml
-  pip:
+  ansible.builtin.pip:
     name: psycopg
-    virtualenv: /usr/local/ansible
+    virtualenv: "{{ ansible_venv_path }}"
     extra_args: "--upgrade --no-cache-dir --prefer-binary"    # 2023-10-01: Lifesaver when recent wheels (e.g. piwheels.org) are inevitably not yet built!  SEE #3560
 
+- name: Install Collection community.postgresql with ansible-galaxy
+  shell: "{{ ansible_venv_path }}/bin/ansible-galaxy collection install --force-with-deps community.postgresql -p {{ ansible_collections_path }}"
+
 - name: Run shell command "pg_config --version" to extract MAJOR version number -- strip off MINOR/PATCH version number(s)
   shell: pg_config --version | sed 's/^[^0-9]*//; s/[^0-9].*//'
   register: pg_config_version

roles/wordpress/tasks/install.yml

@@ -12,21 +12,6 @@
 # can arise without warning when WordPress is online, since WordPress ~4.8
 
 
-- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
-  set_fact:
-    mysql_install: True
-    mysql_enabled: True
-
-- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
-  include_role:
-    name: mysql
-
-- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
-  fail:
-    msg: "WordPress install cannot proceed, as MySQL / MariaDB is not installed."
-  when: mysql_installed is undefined
-
-
 - name: Record (initial) disk space used
   shell: df -B1 --output=used / | tail -1
   register: df1

roles/wordpress/tasks/main.yml

@@ -20,6 +20,20 @@
     fail_msg: "PLEASE GIVE VARIABLE 'wordpress_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
 
+- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
+  set_fact:
+    mysql_install: True
+    mysql_enabled: True
+
+- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
+  include_role:
+    name: mysql
+
+- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
+  fail:
+    msg: "WordPress install cannot proceed, as MySQL / MariaDB is not installed."
+  when: mysql_installed is undefined
+
 
 - block:
 

roles/wordpress/tasks/setup.yml

@@ -4,11 +4,11 @@
     name: "{{ mysql_service }}"
 
 - name: 'Create MySQL database for WordPress: {{ wp_db_name }}'
-  mysql_db:
+  community.mysql.mysql_db:
     name: "{{ wp_db_name }}"
 
 - name: Create MySQL username ({{ wp_db_user }}) with password, for above database
-  mysql_user:
+  community.mysql.mysql_user:
     name: "{{ wp_db_user }}"
     password: "{{ wp_db_user_password }}"
     priv: "{{ wp_db_name }}.*:ALL,GRANT"

scripts/ansible

@@ -9,6 +9,7 @@
 APT_PATH=/usr/bin     # Avoids problematic /usr/local/bin/apt on Linux Mint
 CURR_VER=undefined    # Ansible version you have installed, e.g. [core 2.18.2]
 GOOD_VER=2.18.2       # Orig for 'yum install [rpm]' & XO laptops (pip install)
+CWD=$(pwd)
 
 # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and
 # .gpg key etc) are commented out with ### below.  Associated guidance/comments
@@ -221,6 +222,21 @@ if [[ $(dpkg --print-architecture) == "i386" ]] && apt-cache show ansible-core >
     # 2023-08-10 #3613/#3615/#3617: apt-not-pip kludge for legacy 32-bit i386
     # (DEBIAN 12+ ETC) avoids #3547 rust/wheels/cryptography compiling mess!
     $APT_PATH/apt -y install ansible-core    # Bookworm ~= ansible-core 2.14.3
+    echo -e "\n\nIIAB requires these ~4 Ansible Collections: (we upgrade them here if possible!)\n"
+    cat > ansible.cfg << EOF
+'[defaults]'
+'interpreter_python=/usr/bin/python3' >> $CWD/ansible.cfg
+EOF
+    git commit -a -m"altering ansible.cfg for deb install"
+    ansible-galaxy collection install --force-with-deps \
+               -r /opt/iiab/iiab/collections.yml \
+               -p /usr/share/ansible/collections
+
+# 2021-02-24: 'ansible-galaxy collection list' lists those installed. (#2659)
+# 2020-11-28: The ~3 Ansible Collections used by IIAB (~37MB) once lived here:
+#    /root/.ansible/collections/ansible_collections
+# But going forward they'll be stored herein: [~24MB for 4 Collections as of 2021-05-19]
+#    /usr/share/ansible/collections/ansible_collections
 else
     # 2023-03-22: OS's like Ubuntu 23.04 and Debian 12 (e.g. with Python 3.11+) ask
     # that virtual environments (venv) be used to safely isolate pip installs:
@@ -285,21 +301,21 @@ EOF
     for bin in ansible*; do
 	ln -sf /usr/local/ansible/bin/"$bin" /usr/local/bin/"$bin"
     done
-fi
 
 # (Re)running collection installs appears safe, with --force-with-deps to force
 # upgrade of collection and dependencies it pulls in.  Note Ansible may support
 # explicit upgrading of collections (--upgrade / -U flag) in version "2.11"
 # with PR ansible/ansible#73336.  See also IIAB PRs #2647 #2652 #2653 #2655.
-echo -e "\n\nIIAB requires these ~4 Ansible Collections: (we upgrade them here if possible!)\n"
-ansible-galaxy collection install --force-with-deps \
-               -r /opt/iiab/iiab/collections.yml \
-               -p /usr/share/ansible/collections
-# 2021-02-24: 'ansible-galaxy collection list' lists those installed. (#2659)
-# 2020-11-28: The ~3 Ansible Collections used by IIAB (~37MB) once lived here:
-#    /root/.ansible/collections/ansible_collections
-# But going forward they'll be stored herein: [~24MB for 4 Collections as of 2021-05-19]
-#    /usr/share/ansible/collections/ansible_collections
+    echo -e "\n\nIIAB requires these ~4 Ansible Collections: (we upgrade them here if possible!)\n"
+    # test github runners fail without '|| true'
+    cp $CWD/collections.yml /usr/local/ansible/ || true
+    cd /usr/local/ansible/
+    . bin/activate
+    bin/ansible-galaxy collection install --force-with-deps -r collections.yml -p collections
+    deactivate
+fi
+# But going forward they'll be stored herein: [~24MB for 4 Collections as of 2025-02-18]
+#    /usr/local/ansible/collections/ansible_collections
 
 # 2021-04-19: No longer needed, per PR #2743 testing
 #echo -e "\n\nCreating/verifying directory /etc/ansible & installing /etc/ansible/hosts\n"
@@ -309,6 +325,7 @@ ansible-galaxy collection install --force-with-deps \
 echo -e "\n\nSUCCESS!  PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n"
 echo -e "    ansible --version"
 echo -e "    /usr/local/ansible/bin/pip3 show ansible-core"
+echo -e "    /usr/local/ansible/bin/ansible-galaxy collection list\n\n"
 echo -e '    apt -a list "ansible*"'
 echo -e "    ansible-galaxy collection list\n\n"
 #echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n"

vars/default_vars.yml

@@ -32,6 +32,10 @@ iiab_env_file: "{{ iiab_etc_path }}/iiab.env"
 iiab_ini_file: "{{ iiab_etc_path }}/iiab.ini"
 iiab_state_file: "{{ iiab_etc_path }}/iiab_state.yml"
 
+# keep syncd with scripts/ansible
+ansible_venv_path: /usr/local/ansible
+ansible_collections_path: "{{ ansible_venv_path }}/collections"
+
 iiab_base: /opt/iiab
 iiab_dir: "{{ iiab_base }}/iiab"
 pip_packages_dir: "{{ iiab_base }}/pip-packages"