roles/pbx/tasks/apache.yml as cleanup of roles/nginx etc

2025-02-14 20:22:08 +00:00 · 2021-08-09 08:01:36 -04:00 · 2021-08-09 08:01:36 -04:00 · 2141b3b6ee
commit 2141b3b6ee
parent 43b54ddc3d
6 changed files with 132 additions and 101 deletions
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@ -42,7 +42,7 @@
    path: /etc/nginx/sites-enabled/default
    state: absent

- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types
+- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -50,7 +50,7 @@
    - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
    - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
    - { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' }
-    # - { src: 'apache-ports.conf', dest: '/etc/{{ apache_service }}/ports.conf' }    # 2021-08-09: Moved to pbx role
+    # - { src: 'ports.conf', dest: '/etc/{{ apache_service }}/ports.conf' }    # 2021-08-09: Restored from enable-or-disable.yml then moved to roles/pbx/tasks/apache.yml
    # - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }    # Moved into homepage.yml, invoked later by roles/www_options/tasks/main.yml (see below!)

 - debug:
--- a/roles/pbx/tasks/apache.yml
+++ b/roles/pbx/tasks/apache.yml
@ -0,0 +1,41 @@
+# Must happen before install of Apache, or it'll collide with NGINX port 80.
+# 2021-08-09: Used to be done by roles/nginx/tasks/install.yml
+- name: "Install from template: /etc/{{ apache_service }}/ports.conf containing 'Listen {{ pbx_http_port }}'"
+  template:
+    src: ports.conf
+    dest: /etc/{{ apache_service }}/
+
+- name: "FreePBX - Install Apache packages: {{ apache_service }}, libapache2-mod-php, libapache2-mpm-itk - if not pbx_try_nginx"
+  package:
+    name:
+      - "{{ apache_service }}"    # 2021-08-07: Install apache2 directly, as we prepare to deprecate roles/httpd
+      - libapache2-mod-php        # NOTE duplication: roles/httpd/tasks.install.yml installed libapache2-mod-php{{ php_version }} ostensibly for "Elgg, Moodle, etc"
+      - libapache2-mpm-itk        # To serve FreePBX through a VirtualHost as asterisk user (#2914: Is this possible via NGINX?)
+
+- name: 'Enable Apache module, as with "a2enmod" command: rewrite'
+  apache2_module:
+    name: rewrite
+
+# Legacy code from roles/httpd/tasks/install.yml
+# - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
+#   apache2_module:
+#     name: "{{ item }}"
+#   with_items:
+#     - headers
+#     - proxy
+#     - proxy_html
+#     - proxy_http
+#     - rewrite
+
+# 2021-08-08: Security risks?  But official install doc recommends this:
+# https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
+# (lineinfile doesn't quite do the job, as all instances are replaced)
+- name: Run "sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf"
+  command: sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf
+
+- name: FreePBX - Install /etc/{{ apache_service }}/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
+  template:
+    src: freepbx.conf.j2
+    dest: /etc/{{ apache_service }}/sites-available/freepbx.conf    # apache2
+    owner: "{{ apache_user }}"    # www-data
+    group: "{{ apache_user }}"
--- a/roles/pbx/tasks/asterisk.yml
+++ b/roles/pbx/tasks/asterisk.yml
@ -1,6 +1,6 @@
 # 2021-08-05: Asterisk's own install_prereq (below) handles essentially all of these
 # - name: Asterisk - Install dependencies
-#   include: asterisk_dependencies.yml
+#   include_tasks: asterisk_dependencies.yml

 # BEWARE: 'systemctl is-active asterix' falsely reports 'inactive' even when systemd
 # is compiled in below!   FWIW: /opt/iiab/asterisk/contrib/systemd/asterisk.service
--- a/roles/pbx/tasks/freepbx.yml
+++ b/roles/pbx/tasks/freepbx.yml
@ -3,8 +3,65 @@
 # RPi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html
 # 2012-2017: http://www.raspberry-asterisk.org

- name: FreePBX - Install dependencies
-  include: freepbx_dependencies.yml
+
+# 2021-08-04: systemd service 'asterisk' is Enabled but Not Active at this point -- LET'S EXPERIMENT
+# - name: FreePBX - Disable & Stop 'asterisk' systemd service
+#   systemd:
+#     daemon_reload: yes
+#     name: asterisk
+#     enabled: no
+#     state: stopped
+
+# 2021-08-05: Asterisk's systemd / systemctl support is getting there but Very
+# Imperfect (even when compiled in, as a result of package 'libsystemd-dev' at
+# top of asterisk.tml) so let's follow these "official" instructions for now:
+
+- name: FreePBX - Run 'update-rc.d -f asterisk remove' similar to 'systemctl disable asterisk' giving FreePBX full control during boot - not strictly required but recommended by https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
+  command: update-rc.d -f asterisk remove
+
+
+- name: FreePBX - Install wget, git, unixodbc, sudo, net-tools, cron, sox + ~12 PHP dependencies (run 'php -m' or 'php -i' to verify PHP modules)
+  package:
+    name:
+      - wget
+      - git
+      - unixodbc     # For Asterisk CDR (Call Detail Records)
+      - sudo         # Required by FreePBX install script
+      - net-tools    # Required by FWConsole (command-line utility, that controls FreePBX)
+      - cron         # Required by FreePBX UCP package (User Control Panel)
+      - sox          # Required for CDR web-playback
+      # - php{{ php_version }}           # Basically drags in phpX.Y-cgi (already below!)
+      - php{{ php_version }}-bcmath      # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
+      - php{{ php_version }}-cgi
+      # - php{{ php_version }}-common    # Auto-installed as an apt dependency.  REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
+      - php{{ php_version }}-curl        # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
+      - php{{ php_version }}-fpm         # Likewise installed in nginx/tasks/install.yml
+      # - php{{ php_version }}-gettext
+      - php{{ php_version }}-gd          # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
+      - php{{ php_version }}-imap
+      # - php{{ php_version }}-json      # See stanza just below
+      - php{{ php_version }}-mbstring    # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
+      # - python-mysqldb                 # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
+      - php{{ php_version }}-mysql       # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
+      - php-pear                         # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
+      - php{{ php_version }}-snmp
+      - php{{ php_version }}-xml         # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
+      - php{{ php_version }}-zip         # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
+    state: latest
+
+# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
+# For PHP <  8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
+#
+# - name: Install php{{ php_version }}-json if PHP < 8.0
+#   package:
+#     name: php{{ php_version }}-json
+#     state: present
+#   when: php_version is version('8.0', '<')
+
+- FreePBX - Install and configure Apache - if not pbx_try_nginx
+  include_tasks: apache.yml
+  when: not pbx_try_nginx
+

 - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }}
  get_url:
@ -49,27 +106,17 @@
 #     src: roles/pbx/templates/pbx.patch
 #     dest: "{{ freepbx_src_dir }}/amp_conf/htdocs/admin/libraries/Composer/vendor/neitanod/forceutf8/src/ForceUTF8/Encoding.php"

-
-# 2021-08-04: systemd service 'asterisk' is Enabled but Not Active at this point -- LET'S EXPERIMENT
-# - name: FreePBX - Disable & Stop 'asterisk' systemd service
-#   systemd:
-#     daemon_reload: yes
-#     name: asterisk
-#     enabled: no
-#     state: stopped
-
-# 2021-08-05: Asterisk's systemd / systemctl support is getting there but Very
-# Imperfect (even when compiled in, as a result of package 'libsystemd-dev' at
-# top of asterisk.tml) so let's follow these "official" instructions for now:
-
- name: FreePBX - Run 'update-rc.d -f asterisk remove' similar to 'systemctl disable asterisk' giving FreePBX full control during boot - not strictly required but recommended by https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
-  command: update-rc.d -f asterisk remove
+# 2021-08-04: FreePBX 16 no longer needs this FreePBX 15 patch
+# - name: FreePBX - Patch FreePBX source - disable get_magic_quotes_gpc()
+#   patch:
+#     src: roles/pbx/templates/pbx2.patch
+#     dest: "{{ freepbx_install_dir }}/admin/libraries/view.functions.php"


 - name: FreePBX - Add MySQL user ({{ asterisk_db_user }})
  mysql_user:
-    name: "{{ asterisk_db_user }}"
-    password: "{{ asterisk_db_password }}"
+    name: "{{ asterisk_db_user }}"            # asterisk
+    password: "{{ asterisk_db_password }}"    # asterisk
    priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL"
    # login_host: "{{ asterisk_db_host }}"
    # login_user: root
@ -79,7 +126,7 @@

 - name: FreePBX - Add MySQL db ({{ asterisk_db_dbname }})
  mysql_db:
-    name: "{{ asterisk_db_dbname }}"
+    name: "{{ asterisk_db_dbname }}"    # asterisk
    encoding: utf8
    collation: utf8_general_ci
    # login_host: "{{ asterisk_db_host }}"
@ -89,12 +136,13 @@

 - name: FreePBX - Add cdr MySQL db ({{ asterisk_db_cdrdbname }})
  mysql_db:
-    name: "{{ asterisk_db_cdrdbname }}"
+    name: "{{ asterisk_db_cdrdbname }}"    # asteriskcdrdb
    encoding: utf8
    collation: utf8_general_ci
    login_host: "{{ asterisk_db_host }}"
    state: present

+
 - name: FreePBX - Create new php sessions dir /var/lib/php/asterisk_sessions/ - SEE 'php_value session.save_path /var/lib/php/asterisk_sessions/' IN pbx/templates/freepbx.conf.j2
  file:
    path: /var/lib/php/asterisk_sessions/
@ -107,7 +155,7 @@
    group: asterisk
    recurse: yes

- name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions - and possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache"
+- name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions"    # And possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache
  blockinfile:
    content: |
      [blacklist]
@ -118,14 +166,8 @@
    group: asterisk
    create: yes

-# 2021-08-04: FreePBX 16 no longer needs this FreePBX 15 patch
-# - name: FreePBX - Patch FreePBX source - disable get_magic_quotes_gpc()
-#   patch:
-#     src: roles/pbx/templates/pbx2.patch
-#     dest: "{{ freepbx_install_dir }}/admin/libraries/view.functions.php"

-
- name: FreePBX - 2-step install (just run once) - CAN TAKE 3-12 MIN OR LONGER!
+- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - CAN TAKE 3-12 MIN OR LONGER!
  command: "{{ item }}"
  args:
    chdir: "{{ freepbx_src_dir }}"
@ -151,7 +193,6 @@
    # - fwconsole restart
  ignore_errors: yes    # 2021-08-08: For things like 'killall -9 safe_asterisk' that fail when process doesn't exist

-
 # 2021-08-06: This stanza works, but above is more graceful.  (FYI PRs #2908,
 # #2912, #2913 didn't quite work -- whereas this PR #2915 at least worked!)
 # - name: FreePBX - Run 'systemctl restart freepbx' TWICE (THIS IS 1 OF 2) to get past 'systemctl status freepbx' glitch "Unable to run Pre-Asterisk hooks, because Asterisk is already running"
@ -161,6 +202,18 @@
 #     enabled: yes
 #     state: restarted

+
+- name: FreePBX - Install /etc/odbc.ini from template (root:root, 0644 by default) for CDR 'asteriskcdrdb' - in future consider compiling ODBC driver for aarch64 per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ?
+  template:
+    src: odbc.ini
+    dest: /etc/
+
+- name: FreePBX - Install /etc/systemd/system/freepbx.service from template (root:root, 0644 by default)
+  template:
+    src: freepbx.service
+    dest: /etc/systemd/system/
+
+
 # - name: 'FreePBX - fix file permissions for NGINX: /etc/freepbx.conf (0644), /var/log/asterisk/freepbx.log (0666)'
 #   file:
 #     #state: file
@ -169,6 +222,7 @@
 #   with_items:
 #     - { path: '/etc/freepbx.conf', mode: u=rw,g=r,o=r }                  # 2021-08-04: LATER ENDS UP AS 0660
 #     - { path: '/var/log/asterisk/freepbx.log', mode: u=rw,g=rw,o=rw }    # 2021-08-04: LATER ENDS UP AS 0664
+#   when: pbx_try_nginx

 # - name: 'FreePBX - fix dir permissions for NGINX: /var/spool/asterisk/cache (0777)'
 #   file:
@ -179,17 +233,7 @@
 #   with_items:
 #     # - /var/www/html/freepbx/admin/assets/less/cache
 #     - /var/spool/asterisk/cache
-
- name: FreePBX - Install /etc/odbc.ini from template (root:root, 0644 by default) - in future consider compiling ODBC driver for aarch64 per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ?
-  template:
-    src: odbc.ini
-    dest: /etc/
-
- name: FreePBX - Install /etc/systemd/system/freepbx.service from template (root:root, 0644 by default)
-  template:
-    src: freepbx.service
-    dest: /etc/systemd/system/
-
+#   when: pbx_try_nginx

 # For 'pbx_try_nginx: True' -- FreePBX's initial page (Admin user registration)
 # tries to set up a cron job but fails:
@ -202,21 +246,3 @@
 #     insertafter: '^<\?php$'    # Match exact line '<?php'
 #     line: "$amp_conf['AMPASTERISKWEBUSER'] = 'www-data';"
 #   when: pbx_try_nginx
-
-
- block:
-
-  - name: FreePBX - Install /etc/{{ apache_service }}/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
-    template:
-      src: freepbx.conf.j2
-      dest: /etc/{{ apache_service }}/sites-available/freepbx.conf    # apache2
-      owner: "{{ apache_user }}"    # www-data
-      group: "{{ apache_user }}"
-
-  - name: FreePBX - Add directive "Listen {{ pbx_http_port }}" to /etc/{{ apache_service }}/ports.conf
-    lineinfile:
-      path: /etc/{{ apache_service }}/ports.conf
-      line: "Listen {{ pbx_http_port }}"
-      # insertafter: Listen 80
-
-  when: not pbx_try_nginx
--- a/roles/pbx/tasks/freepbx_dependencies.yml.unused
+++ b/roles/pbx/tasks/freepbx_dependencies.yml.unused
@ -35,41 +35,3 @@
 #     name: php{{ php_version }}-json
 #     state: present
 #   when: php_version is version('8.0', '<')
-
-
- block:
-
-  - name: "FreePBX - Install Apache packages: {{ apache_service }}, libapache2-mod-php, libapache2-mpm-itk - if not pbx_try_nginx"
-    package:
-      name:
-        - "{{ apache_service }}"    # 2021-08-07: Install apache2 directly, as we prepare to deprecate roles/httpd
-        - libapache2-mod-php        # NOTE duplication: roles/httpd/tasks.install.yml installed libapache2-mod-php{{ php_version }} ostensibly for "Elgg, Moodle, etc"
-        - libapache2-mpm-itk        # To serve FreePBX through a VirtualHost as asterisk user (#2914: Is this possible via NGINX?)
-
-  - name: 'Enable Apache module, as with "a2enmod" command: rewrite'
-    apache2_module:
-      name: rewrite
-
-  # - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
-  #   apache2_module:
-  #     name: "{{ item }}"
-  #   with_items:
-  #     - headers
-  #     - proxy
-  #     - proxy_html
-  #     - proxy_http
-  #     - rewrite
-
-
-  - name: 'Install /etc/{{ apache_service }}/ports.conf'
-    template:
-      src: roles/nginx/templates/apache-ports.conf
-      dest: /etc/{{ apache_service }}/ports.conf
-
-  # lineinfile?
-  # 2021-08-08: Security risks?  But official install doc recommends this:
-  # https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
-  - name: Run "sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf"
-    command: sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf
-
-  when: not pbx_try_nginx
--- a/roles/nginx/templates/apache-ports.conf
+++ b/roles/nginx/templates/apache-ports.conf
@ -8,6 +8,9 @@
 # IIAB NGINX proxying to legacy svcs (Dec 2019 - Aug 2021)
 #Listen 127.0.0.1:8090

+# IIAB FreePBX for Asterisk
+Listen {{ pbx_http_port }}
+
 #<IfModule ssl_module>
 #	Listen 443
 #</IfModule>
@ -17,4 +20,3 @@
 #</IfModule>

 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-