diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0f543665a..06c4fc660 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,51 +1,71 @@ Contributing to Internet-in-a-Box (IIAB) ======================================= -Internet-in-a-Box runs on various GNU/Linux operating systems such as Fedora, Ubuntu, Debian, CentOS and Raspbian. +Internet-in-a-Box runs on various GNU/Linux operating systems such as Raspbian, Ubuntu, Debian, CentOS and Fedora. -You can install Internet-in-a-Box on most late model desktop and laptop computers. It also supports Intel NUC, Intel Gigabyte BRIX, OLPC XO-1.5, XO-1.75, XO-4, Raspberry Pi 2 and Raspberry Pi 3. A VirtualBox VM can also used for testing purposes. Using Docker containers however is not recommended as our Ansible provisioning system requires low-level access to the operating system. +You can install Internet-in-a-Box on x86_64 PCs/laptops and Raspberry Pi 3 (or 3 B+). Example PC's include Intel NUC and Gigabyte BRIX. Partial support is also available on OLPC laptops like the XO-1.5, XO-1.75 and XO-4. A VirtualBox VM can also be used for testing purposes. Using Docker containers however is not recommended as our Ansible provisioning system requires low-level access to the operating system. + +Finally, running Internet-in-a-Box on the Raspberry Pi Zero W is also possible, if you transfer a working IIAB (microSD card) that was built up inside a Raspberry Pi 3 (or 3 B+). Please refer to [IIAB Platforms](https://github.com/iiab/iiab/wiki/IIAB-Platforms) for more information. -Internet-in-a-Box uses [Ansible](https://www.ansible.com/) infrastructure automation tool to deploy and configure all software packages. Ansible uses [playbooks](http://docs.ansible.com/ansible/latest/playbooks.html) a human readable instruction files in YAML format. Playbooks are divided into hosts, roles and tasks. +Internet-in-a-Box uses Ansible (acquired by Red Hat in October 2015, similar to Puppet) to install and configure all software packages. Ansible uses [playbooks](http://docs.ansible.com/ansible/latest/playbooks.html) as human-readable instruction files in [YAML](http://www.yaml.org/start.html) format. Playbooks are divided into hosts, roles and tasks. ``` ├── roles │ ├── 1-prep │ │ ├─ defaults -| | | ├──main.yml (lowest precedence variable definitions, overridden by /vars/default_vars.yml, overridden by ./vars/local_vars.yml. +| | | ├──main.yml (lowest precedence variable definitions, overridden by /vars/default_vars.yml, overridden by /etc/iiab/local_vars.yml) │ │ ├── README.rst │ │ ├── tasks | | | ├──main.yml (specifies the actions to install this role │ │ └── templates -| | | ├<(text files where ansible variables are substituted, specified via {% %} containers-(jinja2 language). +| | | ├── %}> │ ├── 2-common │ │ ├── README.rst │ │ ├── tasks │ │ └── templates ``` -At runtime, Ansible gathers system information and makes it available (called 'facts') and combines this with playbook defined 'variables' to guide the installation process. The execution follows a sequence of cascading steps: +Specifically, Ansible installs Internet-in-a-Box starting with 0-init, followed by Stages 1 to 9, and finally runs the network stage: +- [0-init](https://github.com/iiab/iiab/tree/master/roles/0-init) +- [1-prep](https://github.com/iiab/iiab/tree/master/roles/1-prep) +- [2-common](https://github.com/iiab/iiab/tree/master/roles/2-common) +- [3-base-server](https://github.com/iiab/iiab/tree/master/roles/3-base-server) +- [4-server-options](https://github.com/iiab/iiab/tree/master/roles/4-server-options) +- [5-xo-services](https://github.com/iiab/iiab/tree/master/roles/5-xo-services) +- [6-generic-apps](https://github.com/iiab/iiab/tree/master/roles/6-generic-apps) +- [7-edu-apps](https://github.com/iiab/iiab/tree/master/roles/7-edu-apps) +- [8-mgmt-tools](https://github.com/iiab/iiab/tree/master/roles/8-mgmt-tools) +- [9-local-addons](https://github.com/iiab/iiab/tree/master/roles/9-local-addons) +- [network](https://github.com/iiab/iiab/tree/master/roles/network) -1. Bash script `./runansible` follows instructions in `iiab.yml` in the root directory. +Click on Stages 1 to 9 above for descriptions of their specific purposes. -2. `iiab.yml` calls 9 aggregate roles (the numbered directories under `./roles/`). +At runtime (to build up your Internet-in-a-Box server) Ansible gathers system information making it available (as 'facts') and combines this with Ansible 'variables' to guide the installation process. The execution follows a sequence of cascading steps: -3. Each aggregate role has a `/meta/main.yml` which calls the individual named roles. +1. Bash script `./iiab-install` uses Ansible to run `/opt/iiab/iiab/iiab-stages.yml` + +2. `iiab-stages.yml` calls 9+ aggregate roles (AKA stages, these are the numbered directories above, in /opt/iiab/iiab/roles) and then the network role. It avoids repeating any of these 9 core install stages (in case of Internet glitches etc) by keeping a counter ("STAGE") in `/etc/iiab/iiab.env` (Aside: the network role can also later be run using `./iiab-network`) + +3. Each aggregate role AKA stage has a `/tasks/main.yml` (formerly `/meta/main.yml`) to invoke all needed roles and tasks. Please refer to the [IIAB Architecture](https://github.com/iiab/iiab/wiki/IIAB-Architecture) and [IIAB Variables]( https://github.com/iiab/iiab/wiki/IIAB-Variables) pages for more information. Installation ============ -Before you start the installation please refer to the [hardware section of FAQ](http://wiki.laptop.org/go/IIAB/FAQ#What_hardware_should_I_use.3F) page for memory, storage and network requirements for your platform. Also note that downloading content might take a long time on slower Internet connections. +Before you start the installation please refer to the [hardware section of FAQ](http://wiki.laptop.org/go/IIAB/FAQ#What_hardware_should_I_use.3F) page for memory, storage and network requirements for your platform. Also note that downloading content might take a long time on slower Internet connections. -If you are a developer, please consider [building Internet-in-a-Box from scratch](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch). +Most all implementers should use IIAB's 1-line installer at http://download.iiab.io (click on the version number, e.g. [6.6](http://download.iiab.io/6.6/)). + +If you are a developer, consider [building Internet-in-a-Box from scratch](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch). Please refer to the [IIAB Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) page for more information. Setting up development environment =================================== + ( This section uses experimental development environment for Internet-in-a-Box. It is being developed in the [iiab-dev-mode repository](https://github.com/arky/iiab-dev-mode). ) -This section provide a quick setup of Internet-in-a-Box (IIAB) development environment using [Vagrant](https://www.vagrantup.com/). You will need a computer with [virtualization enabled](https://www.virtualbox.org/manual/UserManual.html) and git, Vagrant (2.0 or later) and [VirtualBox](https://www.virtualbox.org/) installed. +This section provide a quick setup of Internet-in-a-Box (IIAB) development environment using [Vagrant](https://www.vagrantup.com/). You will need a computer with [virtualization enabled](https://www.virtualbox.org/manual/UserManual.html) and git, Vagrant (2.0 or later) and [VirtualBox](https://www.virtualbox.org/) installed. ## Requirements @@ -55,14 +75,15 @@ This section provide a quick setup of Internet-in-a-Box (IIAB) development envir * Editor ([Atom](www.atom.io), Emacs, vi, etc) ## Setup Instructions + 1. Check out the repository and its submodules onto your development machine. `git clone --recursive git@github.com:arky/iiab-dev-mode.git` -2. Change directory into 'iiab-dev-mode' with `cd iiab-dev-mode`. You can update all the submodules to latest master using `git submodule foreach git pull origin master` +2. Change directory into 'iiab-dev-mode' with `cd iiab-dev-mode`. You can update all the submodules to the latest master using `git submodule foreach git pull origin master` -3. Set up a vagrant machine with `vagrant up` and provision it with `vagrant provision`. Please select the available bridge network interface (wlan0 or eth0) that connects your host machine to the Internet. +3. Set up a vagrant machine with `vagrant up` and provision it with `vagrant provision`. Please select the available bridge network interface (wlan0 or eth0) that connects your host machine to the Internet. -4. Connect to your vagrant machine with `vagrant ssh`. All your local development files available as shared folder in `/opt/iiab` directory. +4. Connect to your vagrant machine with `vagrant ssh`. All your local development files available as shared folder in `/opt/iiab` directory. 5. Install IIAB itself from the Ansible playbooks by following [IIAB Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch) instructions: ``` @@ -80,11 +101,11 @@ This section provide a quick setup of Internet-in-a-Box (IIAB) development envir ``` 6. Hack away! -7. You can commit your local changes to your personal forks of Internet-in-a-Box repository and then send pull request to IIAB project. Once you forked a repository, you change directory into that repository and setting a default git remote push setting with the following command. +7. You can commit your local changes to your personal forks of Internet-in-a-Box repository and then send pull request to the IIAB project. Once you've forked a repository, you change directory into that repository and set a default git remote push setting with the following command: `cd && git remote set-url --push origin git@github.com:/.git` - Learn more by reading blog post [Different git Push & Pull(fetch) URLs](http://blog.yuriy.tymch.uk/2012/05/different-git-push-pullfetch-urls.html) and the [Git Basics - Working with Remotes](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) chapter of Scott Chacon and Ben Straub's "Git Pro" book. + Learn more by reading the blog post [Different git Push & Pull(fetch) URLs](http://blog.yuriy.tymch.uk/2012/05/different-git-push-pullfetch-urls.html) and the [Git Basics - Working with Remotes](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) chapter of Scott Chacon and Ben Straub's "Git Pro" book. 8. Once you are done, you can stop your vagrant machine with `vagrant halt` or remove it completely with `vagrant destroy`. @@ -93,7 +114,7 @@ Debugging Here are few strategies for debugging problems during the Internet-in-a-Box installation. -* When a installation task fails, Ansible halts printing out a descriptive error message to the screen. This error information is also written to `iiab-install.log` file within `/opt/iiab/iiab`. (Look through logs to check if any preceding line contains the error). +* When a installation task fails, Ansible halts printing out a descriptive error message to the screen. This error information is also written to `iiab-install.log` file within `/opt/iiab/iiab`. (Look through logs to check if any preceding line contains the error). * When an installation succeeds, the last lines printed on the screen will look like the following (failed=0): ``` PLAY RECAP ********************************************************************* @@ -111,7 +132,7 @@ Testing your code with Travis CI To maintain the quality of the Internet-in-a-Box (IIAB) code we use [Travis Continuous Integration (CI)](https://travis-ci.org) build infrastructure. Travis CI does tests to ensure the code syntax is correct and the code is formatted properly using `ansible` syntax checker, `ansible-lint` and `ansible-review` tools. The results of Travis CI Internet-in-a-Box (IIAB) could be seen [here](https://travis-ci.org/iiab/iiab). -Every pull request is automatically tested by Travis CI. The results of these tests are added to the pull request. This aids Internet-in-a-Box (IIAB) developers in reviewing the quality of the code in a pull request. +Every pull request [was] automatically tested by Travis CI. The results of these tests [were] added to the pull request. This aids Internet-in-a-Box (IIAB) developers in reviewing the quality of the code in a pull request [this approach is currently on hold as of July 2018 — if it's tuned up this or any similar CI/CD alternatives would be welcome!] To test your forked repository of Internet-in-a-Box (IIAB) code. You have to enable automatic build tests in your [Travis-ci.org](https://travis-ci.org) profile page. @@ -140,4 +161,4 @@ Get in touch * Join our [live calls](http://minutes.iiab.io) most Mondays and Thursday * Join us on IRC live chat: [#schoolserver](https://webchat.freenode.net/?channels=#schoolserver) on [freenode]( https://www.freenode.net/) * Post an idea or question to our [community forums](http://iiab.io/) -* Read our Frequently Asked Questions ([FAQ.IIAB.IO](http://FAQ.IIAB.IO)) +* Read ["What are the best places for community support?"](http://FAQ.IIAB.IO#What_are_the_best_places_for_community_support.3F) within our Frequently Asked Questions ([FAQ.IIAB.IO](http://FAQ.IIAB.IO)) diff --git a/README.md b/README.md index 1b8c20f5b..3de62a82f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Internet-in-a-Box (IIAB) [![Build Status](https://travis-ci.org/iiab/iiab.svg?branch=master)](https://travis-ci.org/iiab/iiab) +# Internet-in-a-Box (IIAB) Welcome to the Git repository of the Internet-in-a-Box (IIAB) project. This is a community-based project developed and supported by volunteers from around the world. The Internet-in-a-Box (IIAB) is small, inexpensive device which provides essential Internet resources (like Wikipedia, OpenStreetMap, Khan Academy and others) without any Internet connection. It provides a local content server of the world’s Free Knowledge. diff --git a/iiab-base.yml b/iiab-base.yml index adf698fb9..de2238008 100644 --- a/iiab-base.yml +++ b/iiab-base.yml @@ -5,7 +5,7 @@ vars_files: - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - - vars/local_vars.yml + - /etc/iiab/local_vars.yml roles: - { role: 0-init, tags: ['0-init'] } diff --git a/iiab-from-console.yml b/iiab-from-console.yml index 97e8de990..c6275a641 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -5,7 +5,7 @@ vars_files: - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - - vars/local_vars.yml + - /etc/iiab/local_vars.yml - /etc/iiab/config_vars.yml roles: diff --git a/iiab-install b/iiab-install index 42eebef69..4e022309d 100755 --- a/iiab-install +++ b/iiab-install @@ -10,9 +10,42 @@ CWD=`pwd` OS=`grep ^ID= /etc/*release|cut -d= -f2` OS=${OS//\"/} MIN_RPI_KERN=4.9.59-v7+ -MIN_ANSIBLE_VER=2.4.1.0 +MIN_ANSIBLE_VER=2.5.7 -export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" +if [ ! -f /etc/iiab/local_vars.yml ]; then + + if [ -f /opt/iiab/iiab/vars/local_vars.yml ]; then + echo -e "\nACTION NEEDED: YOUR /opt/iiab/iiab/vars/local_vars.yml IS NO LONGER SUPPORTED.\n" >&2 + echo -e "███████████████████ TO MOVE IT TO THE CORRECT LOCATION, RUN: ███████████████████" >&2 + echo -e "██ ██" >&2 + echo -e "██ mv /opt/iiab/iiab/vars/local_vars.yml /etc/iiab/local_vars.yml ██" >&2 + echo -e "██ ██" >&2 + echo -e "████████████████████████████████████████████████████████████████████████████████\n" >&2 + fi + + echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2 + echo -e "(1) Please read http://wiki.iiab.io/local_vars.yml to learn more" >&2 + echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2 + echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2 + echo -e ' http://download.iiab.io (click on "6.6" or a more recent version!)\n' >&2 + + #case $OS in + # OLPC | fedora) + # echo -e "Please examine /opt/iiab/iiab/vars/local_vars_olpc.yml for XO laptops.\n" >&2 + # ;; + # centos | debian | ubuntu | raspbian) + # echo -e "Please consider /opt/iiab/iiab/vars/local_vars_medium.yml or similar.\n" >&2 + # ;; + # *) + # echo -e "EXITING: IIAB requires Raspbian, Debian, Ubuntu, CentOS or OLPC/Fedora.\n" >&2 + # ;; + #esac + exit 1 +fi + +# FUTURE: Test if their local_vars.yml is sufficiently version-compatible ! + +echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n" if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then mkdir -p /etc/ansible/facts.d @@ -30,7 +63,7 @@ if [ "$1" != "--debug" ] && [ "$1" != "--reinstall" ] && [ "$1" != "" ]; then echo "Use './iiab-install' for regular installs, or to continue an install." echo "Use './iiab-install --reinstall' to force running all Stages 0-9." echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9." - echo "Use './runtags' to run a single Stage or Tag or Role." + echo "Use './runrole' to run a single Stage or Role." echo "Use './iiab-network' to run Network sections." exit 1 fi @@ -68,9 +101,11 @@ if [[ `command -v ansible` ]]; then # "command -v" is POSIX compliant; it fi if version_gt $MIN_ANSIBLE_VER $CURR_ANSIBLE_VER ; then echo -e "\nEXITING: Ansible "$MIN_ANSIBLE_VER" or higher required." - echo "PLEASE RUN './scripts/ansible' to install the latest Ansible from PPA or RPM." - echo "'ansible --version' and 'apt -a list ansible' can also be useful here. Try" - echo "to remove prior versions with 'apt purge ansible' or 'pip uninstall ansible'." + echo + echo "REMOVE PRIOR VERSIONS using 'apt purge ansible' and/or 'pip uninstall ansible'." + echo "THEN RUN 'scripts/ansible' to install the latest Ansible from PPA or RPM." + echo "'ansible --version' and 'apt -a list ansible' can also be very useful." + echo echo "IIAB INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation" exit 1 fi @@ -107,36 +142,21 @@ if [ -f /etc/iiab/iiab.env ]; then echo -e "\nEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." echo "Use './iiab-install --reinstall' to force running all Stages 0-9." echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9." - echo "Use './runtags' to run a single Stage or Tag or Role." - echo "Use './iiab-network' to run Network sections." - exit 1 + echo "Use './runrole' to run a single Stage or Role." + echo -e "Use './iiab-network' to run Network sections.\n\n" + exit 0 # allows rerunning http://download.iiab.io/6.6/install.txt fi fi if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then echo -e "\n'--debug' *ignored* as STAGE (counter) < 2." fi -# If vars/local_vars.yml is missing, put a default file in place. -if [ ! -f ./vars/local_vars.yml ]; then - case $OS in - OLPC | fedora) - cp ./vars/local_vars_olpc.yml ./vars/local_vars.yml - echo -e "\nvars/local_vars.yml created from local_vars_olpc.yml defaults." - ;; - centos | debian | ubuntu | raspbian) - cp ./vars/local_vars_medium.yml ./vars/local_vars.yml - echo -e "\nvars/local_vars.yml created from local_vars_medium.yml defaults." - echo "See MIN/MEDIUM/BIG options @ http://wiki.iiab.io/local_vars.yml" - ;; - *) - echo -e "\nEXITING: IIAB requires Raspbian, Debian, Ubuntu, CentOS or OLPC/Fedora." - exit 1 - ;; - esac -fi - echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!" echo -e "\nRunning local playbooks....Stage 0 will now run....followed by Stages $(($STAGE + 1))-9" +export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" + ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local + +echo -e "./iiab-install $* COMPLETED IN $CWD\n\n" diff --git a/iiab-network.yml b/iiab-network.yml index 989108cb3..721bedac9 100644 --- a/iiab-network.yml +++ b/iiab-network.yml @@ -5,7 +5,7 @@ vars_files: - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - - vars/local_vars.yml + - /etc/iiab/local_vars.yml - /etc/iiab/config_vars.yml roles: diff --git a/iiab-stages.yml b/iiab-stages.yml index 0f0d0ae56..35db6f84f 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -6,7 +6,7 @@ - roles/0-init/defaults/main.yml - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - - vars/local_vars.yml + - /etc/iiab/local_vars.yml tasks: diff --git a/iiab.yml b/iiab.yml.deprecated similarity index 96% rename from iiab.yml rename to iiab.yml.deprecated index 721203544..d387a1d7c 100644 --- a/iiab.yml +++ b/iiab.yml.deprecated @@ -5,7 +5,7 @@ vars_files: - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - - vars/local_vars.yml + - /etc/iiab/local_vars.yml - /etc/iiab/config_vars.yml roles: diff --git a/install-support b/install-support index 79439f2f7..b5ae9a12e 100755 --- a/install-support +++ b/install-support @@ -14,7 +14,7 @@ then exit 1 fi -sed -i -e "s/openvpn_install: False/openvpn_install: True/" vars/local_vars.yml -sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" vars/local_vars.yml +sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml +sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" /etc/iiab/local_vars.yml ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 6adb8394a..2d522f1fe 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -12,7 +12,7 @@ gw_active: none internet_available: False discovered_wan_iface: none -# old defs +# Old defs gui_port: 80 exFAT_enabled: False is_F18: False @@ -21,12 +21,12 @@ is_F18: False rtc_id: ds3231 NUC6_firmware_needed: False -# used in 2-common/tasks/xo.yml +# Used in 2-common/tasks/xo.yml wifi_id: none -# used in 2-common, 3-base-server and roles/network +# Used in 2-common, 3-base-server and roles/network installing: False -# network +# Network no_net_restart: False no_NM_reload: False diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index a2f9ea1c3..56c8e8e9b 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -3,7 +3,7 @@ path: /etc/cloud/cloud.cfg register: U18_server -- name: edit cloud.cfg yaml +- name: Edit cloud.cfg yaml lineinfile: dest: /etc/cloud/cloud.cfg regexp: '^preserve_hostname*' diff --git a/roles/0-init/tasks/iiab_ini.yml b/roles/0-init/tasks/iiab_ini.yml index 9b4a13c7c..3475ec764 100644 --- a/roles/0-init/tasks/iiab_ini.yml +++ b/roles/0-init/tasks/iiab_ini.yml @@ -1,5 +1,5 @@ # workaround for fact that auto create does not work on ini_file -- name: Create iiab config file +- name: Create /etc/iiab/iiab.ini (iiab_config_file) file: dest: "{{ iiab_config_file }}" state: touch @@ -16,12 +16,12 @@ - option: iiab_dir value: "{{ iiab_dir }}" -- name: add version section +- name: Add version section ini_file: - dest: "{{ iiab_config_file }}" - section: version - option: "{{ item.option }}" - value: "{{ item.value }}" + dest: "{{ iiab_config_file }}" + section: version + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: distribution value: "{{ ansible_distribution }}" diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 9673811a2..014f21393 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -10,8 +10,8 @@ first_run: True when: not NewInstall.stat.exists -# we need to inialize the ini file and only write the location and version sections once and only -# once to preserve the install date and git hash. +# We need to inialize the ini file and only write the location and version +# sections once and only once to preserve the install date and git hash. - name: Write iiab_ini.yml for the first time include_tasks: first_run.yml when: first_run @@ -22,13 +22,13 @@ setup: filter: ansible_local -- name: Set top level variables from local facts for convenience +- name: Set top-level variables from local_facts for convenience set_fact: xo_model: "{{ ansible_local.local_facts.xo_model }}" phplib_dir: "{{ ansible_local.local_facts.phplib_dir }}" iiab_stage: "{{ ansible_local.local_facts.stage }}" -- name: Discover if this is running Raspbian -- if so assume it is a RPi +- name: Discover if this is running Raspbian -- if so assume it is an RPi set_fact: rpi_model: "rpi" is_rpi: True @@ -41,7 +41,8 @@ exFAT_enabled: True when: xo_model != "none" -# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate +# Discover: do we have a gateway? +# If Ansible detects gateway, becomes WAN candidate. - name: Finding gateway set_fact: discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" @@ -58,7 +59,7 @@ gw_active: True when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" -- name: Test for internet access +- name: Test for Internet access get_url: url: "{{ iiab_download_url }}/heart-beat.txt" dest: /tmp/heart-beat.txt @@ -74,12 +75,12 @@ internet_available: True when: not internet_access_test|failed and not disregard_network -- name: Cleanup internet test file +- name: Remove Internet test file file: path: /tmp/heart-beat.txt state: absent -# Put all computed vars here so derive properly from any prior var file +# Put all computed vars here so derive properly from any prior var file. - name: If the TZ is not set in env, set it to UTC include_tasks: tz.yml @@ -98,24 +99,24 @@ mysql_install: True mysql_enabled: True -# we decided to enable mysql unconditionally +# We decided to enable mysql unconditionally. # when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install -# Commenting out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427 -- name: Turn on mongodb if sugarizer enabled +# Late 2017: Had commented out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427 +- name: Turn on vars for MongoDB if Sugarizer enabled set_fact: mongodb_install: True mongodb_enabled: True when: sugarizer_enabled # There might be other db's -- name: Turn on PostgreSQL if Moodle or Pathagar enabled +- name: Turn on vars for PostgreSQL if Moodle or Pathagar enabled set_fact: postgresql_install: True postgresql_enabled: True when: moodle_enabled or pathagar_enabled -- name: Turn on Docker if SchoolTool is to be installed +- name: Turn on vars for Docker if SchoolTool is to be installed set_fact: docker_install: True docker_enabled: True @@ -131,15 +132,14 @@ python_path: /usr/local/lib/python2.7/dist-packages/ when: is_debuntu -# for various reasons the mysql service can not be enabled on fedora 20, -# but 'mariadb', which is its real name can -# on fedora 18 we need to use 'mysqld' +# For various reasons the mysql service cannot be enabled on Fedora 20, but +# 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'. -- name: Set mysqld_service to mariadb by default +- name: Set mysql_service to mariadb by default set_fact: mysql_service: mariadb -- name: Set mysqld_service to mysqld etc (Fedora 18) +- name: Set mysql_service to mysqld etc (Fedora 18) set_fact: mysql_service: mysqld no_NM_reload: True @@ -161,11 +161,11 @@ FQDN_changed: True when: iiab_fqdn != ansible_fqdn -- name: Setting hostname +- name: Set hostname if FQDN_changed include_tasks: hostname.yml when: FQDN_changed -- name: Add version section +- name: Add 'runtime' section alongside list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ iiab_config_file }}" section: runtime @@ -209,9 +209,9 @@ - option: FQDN_changed value: "{{ FQDN_changed }}" -- name: Now changing FQDN - include_tasks: hostname.yml - when: FQDN_changed +#- name: Now changing FQDN +# include_tasks: hostname.yml +# when: FQDN_changed - name: STAGE 0 HAS COMPLETED ====================================== ini_file: diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index fdb840965..f64c25936 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -14,14 +14,14 @@ - avahi-tools when: is_redhat -- name: Download usbmount -- not in Debian Stretch (debian_9) +- name: Download usbmount -- not in Debian Stretch (debian-9) get_url: url: "{{ iiab_download_url }}/usbmount_0.0.14.1_all.deb" dest: "{{ downloads_dir }}" timeout: "{{ download_timeout }}" when: internet_available and is_debian_9 -- name: Install usbmount (debian_9) +- name: Install usbmount (debian-9) command: apt install -y {{ downloads_dir }}/usbmount_0.0.14.1_all.deb when: is_debian_9 diff --git a/roles/2-common/tasks/udev.yml b/roles/2-common/tasks/udev.yml index c5ed659a1..293280d6c 100644 --- a/roles/2-common/tasks/udev.yml +++ b/roles/2-common/tasks/udev.yml @@ -22,8 +22,9 @@ when: udev_unit.stat.exists is defined and udev_unit.stat.exists # ubuntu 16.04 comes with ansible 2.0.0.2 -- no systemd module -- name: Ask systemd to recognize the changes - shell: systemctl daemon-reload +- name: Ask systemd to reread unit files (daemon-reload) + systemd: + daemon_reload: yes when: udev_unit.stat.exists is defined and udev_unit.stat.exists - name: Restart so systemd recognizes the changes diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index ca4afb22a..61d79f77e 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -2,7 +2,7 @@ 4-server-options README ======================= -Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /opt/iiab/iiab/vars/local_vars.yml +Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /etc/iiab/local_vars.yml This includes some networking fundamentals, before they're configured later on. diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index edd787d28..fbe551818 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -85,7 +85,7 @@ src: roles/1-prep/templates/iiab_env.py.j2 dest: /etc/iiab/iiab_env.py -- name: Generate the offline documents +- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation (script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which runs the HTTPD playbook = roles/httpd/tasks/main.yml) command: /usr/bin/iiab-refresh-wiki-docs when: not nodocs diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 62699e42b..941f6347e 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -9,6 +9,12 @@ when: kalite_install tags: kalite +- name: KOLIBRI + include_role: + name: kolibri + when: kolibri_install + tags: kolibri + - name: KIWIX include_role: name: kiwix diff --git a/roles/calibre/defaults/main.yml b/roles/calibre/defaults/main.yml index f135ee6f2..a89171f8b 100644 --- a/roles/calibre/defaults/main.yml +++ b/roles/calibre/defaults/main.yml @@ -5,7 +5,14 @@ calibre_web_path: calibre # In addition to: http://box:8080 http://box/books box/libros box/livres box/livros box/liv calibre_dbpath: "{{ content_base }}/calibre" -# i.e. /library/calibre +# i.e. /library/calibre (holds metadata.db + book directories + our users.sqlite) + +calibre_userdb: "{{ calibre_dbpath }}/users.sqlite" +# i.e. /library/calibre/users.sqlite since github.com/iiab/iiab/issues/830 +# Teachers add/remove/convert books & edit metadata using: Admin/changeme +# Stub/Student acnts to browse: box/box, h/h, ht/ht, m/m, mx/mx, p/p, pe/pe +# Edit accounts/permissions using: +# calibre-server --manage-users --userdb /library/calibre/users.sqlite calibre_sample_book: "Metamorphosis-jackson.epub" # Must be downloadable from http://download.iiab.io/packages @@ -14,5 +21,5 @@ calibre_src_url: "https://raw.githubusercontent.com/kovidgoyal/calibre/master/se # USE TO TEST debs.yml (RASPBIAN APPROACH!) ON DEBIAN 9.X: (now handled by calibre_via_debs in /opt/iiab/iiab/vars/*) #calibre_debs_on_debian: True -# Enable unstable .deb's, not just testing .deb's: (moved to vars/local_vars.yml & vars/default_vars.yml) +# Enable unstable .deb's, not just testing .deb's: (moved to /etc/iiab/local_vars.yml & /opt/iiab/iiab/vars/default_vars.yml) #calibre_unstable_debs: False diff --git a/roles/calibre/tasks/create-db.yml b/roles/calibre/tasks/create-db.yml index f630f8b2e..c2723d1d8 100644 --- a/roles/calibre/tasks/create-db.yml +++ b/roles/calibre/tasks/create-db.yml @@ -1,9 +1,3 @@ -- name: Create /library/calibre (mandatory since Calibre 3.x) - file: - path: "{{ calibre_dbpath }}" - state: directory - #mode: 0755 - - name: Check if sample book exists in /opt/iiab/downloads stat: path: "{{ content_base }}/downloads/{{ calibre_sample_book }}" diff --git a/roles/calibre/tasks/debs.yml b/roles/calibre/tasks/debs.yml index 0d13d9b9d..797b2bb57 100644 --- a/roles/calibre/tasks/debs.yml +++ b/roles/calibre/tasks/debs.yml @@ -28,7 +28,8 @@ # when: is_rpi and internet_available - name: Upgrade to latest Calibre using .deb's from testing (rpi) - command: scripts/calibre-install-latest-rpi.sh # SEEMS TO ONCE AGAIN WORK since Calibre 3.26.0 (Calibre 3.24-3.25 required above prereq calibre-install-packages.sh then Debian's own calibre-install-latest.sh to be bootable in Zero W) + #command: scripts/calibre-install-latest-rpi-plus.sh # NEC FOR Calibre 3.27.1 on 2018-07-22 (#948 -> PR #950) THO NOT BOOTABLE IN Zero W (#952). Similar to Calibre 3.24.x & 3.25 in June 2018, which had used calibre-install-packages.sh then Debian's own calibre-install-latest.sh + command: scripts/calibre-install-latest-rpi.sh # WORKS for Calibre 3.28 on 2018-07-26 (PR #971). Likewise for Calibre 3.26.x when: is_rpi and internet_available - name: Upgrade to Calibre testing .deb's - target Ubuntu 16.04 (not rpi and not ubuntu_18) diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index 74c10c428..5cfb310d0 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -32,7 +32,7 @@ # - run testing branch for Ubuntu 16.04: scripts/calibre-install-latest.sh # - run unstable branch for Debian etc: scripts/calibre-install-unstable.sh -- name: Create calibre-serve.service and calibre.conf +- name: Create calibre-serve.service and calibre.conf (IF /usr/bin/calibre WAS MISSING) template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -40,15 +40,17 @@ group: root mode: "{{ item.mode }}" backup: no - register: calibre_config +# register: calibre_config with_items: - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'} - { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'} + when: (not calib_executable.stat.exists) -- name: Force systemd to reread configs +- name: Force systemd to reread configs (IF /usr/bin/calibre WAS MISSING) systemd: daemon_reload: yes - when: calibre_config.changed + when: (not calib_executable.stat.exists) +# when: calibre_config.changed # 2. STOP CALIBRE SERVICE IF IT EXISTS (REQUIRED FOR DB ACTIVITY...AND IF not calibre_enabled) @@ -67,7 +69,24 @@ # failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!) # when: calibre_svc.stat.exists -# 3. CREATE DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x) +# 3. CREATE USER DATABASE + +- name: Create /library/calibre (mandatory since Calibre 3.x) + file: + path: "{{ calibre_dbpath }}" + state: directory + #mode: 0755 + +- name: Copy template userdb to /library/calibre/users.sqlite (IF /usr/bin/calibre WAS MISSING) + copy: + src: /opt/iiab/iiab/roles/calibre/templates/users.sqlite + dest: "{{ calibre_userdb }}" + owner: root + group: root + mode: 0644 + when: (not calib_executable.stat.exists) + +# 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x) - name: Check if /library/calibre/metadata.db exists stat: @@ -78,7 +97,7 @@ include_tasks: create-db.yml when: not calibre_db.stat.exists -# 4. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC +# 5. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC # http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/books ARE A MESS (BOOKS RARELY DISPLAY) - name: Create calibre.conf link for UNTESTED http://box/books etc (debuntu) diff --git a/roles/calibre/templates/calibre-serve.service.j2 b/roles/calibre/templates/calibre-serve.service.j2 index 97e10d6d3..db62f5a31 100644 --- a/roles/calibre/templates/calibre-serve.service.j2 +++ b/roles/calibre/templates/calibre-serve.service.j2 @@ -6,7 +6,7 @@ After=syslog.target network.target local-fs.target Type=forking PIDFile=/var/run/calibre.pid TimeoutStartSec=400 -ExecStart=/usr/bin/calibre-server --daemonize --log=/var/log/calibre.log --pidfile=/var/run/calibre.pid --port={{ calibre_port }} {{ calibre_dbpath }} +ExecStart=/usr/bin/calibre-server --daemonize --log=/var/log/calibre.log --pidfile=/var/run/calibre.pid --port={{ calibre_port }} --enable-auth --userdb={{ calibre_userdb }} {{ calibre_dbpath }} [Install] TimeoutStartSec=900 diff --git a/roles/calibre/templates/calibre.conf b/roles/calibre/templates/calibre.conf index 7318a51fb..5f5317268 100644 --- a/roles/calibre/templates/calibre.conf +++ b/roles/calibre/templates/calibre.conf @@ -1,4 +1,4 @@ -# http://box/XYZ mnemonic if properly set within /opt/iiab/iiab/vars/local_vars.yml +# http://box/XYZ mnemonic if properly set within /etc/iiab/local_vars.yml ProxyPass /{{ calibre_web_path }} http://localhost:{{ calibre_port }} ProxyPassReverse /{{ calibre_web_path }} http://localhost:{{ calibre_port }} diff --git a/roles/calibre/templates/users.sqlite b/roles/calibre/templates/users.sqlite new file mode 100644 index 000000000..5dc597dbe Binary files /dev/null and b/roles/calibre/templates/users.sqlite differ diff --git a/roles/elgg/README.rst b/roles/elgg/README.rst index 1dadfb4b5..c0b756242 100644 --- a/roles/elgg/README.rst +++ b/roles/elgg/README.rst @@ -6,24 +6,25 @@ Elgg is an award-winning social networking engine, delivering the building block that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. -http://elgg.org/ +https://elgg.org After Installation ------------------ -Go to http://box.lan/elgg and log on as Admin with password changeme. +Go to http://box/elgg or http://box.lan/elgg and log on as Admin with password changeme. Change the following: * Administrator password -* Title to appear on elgg screens and any other settings as desired. +* Title to appear on Elgg screens and any other settings as desired. Locations --------- - The uploaded files are expected to be in /library/elgg -- The URL is /elgg +- The software is in /opt/elgg -> /opt/elgg-x.y.z (i.e. actual version number) +- The URL is http://box/elgg Parameters ---------- @@ -34,16 +35,16 @@ some constraints. Users and Passwords ------------------- -There are a number of seemilingly similar user names and passwords in this installation: +There are a number of seemingly similar usernames and passwords in this installation: -* dbuser - the mysql user that elgg uses to access the database. This is a local variable - the name of which corresponds to that in the elgg settings.php file. +* dbuser - the MySQL user that Elgg uses to access the database + This is a local variable, the name of which corresponds to that in /opt/elgg/elgg-config/settings.php -* dbpassword - password for dbuser. This is also a local variable - the name of which corresponds to that in the elgg settings.php file. +* dbpassword - password for dbuser + This is also a local variable, the name of which corresponds to that in /opt/elgg/elgg-config/settings.php -* elgg_mysql_password - this is the global name for dbpassword in default_vars.yml. +* elgg_mysql_password - this is the global name for dbpassword in default_vars.yml -* elgg_admin_user - the elgg (not mysql) user that is the administrator. +* elgg_admin_user - the Elgg (not MySQL) user that is the administrator -* elgg_admin_password - the password for elgg_admin_user. +* elgg_admin_password - the password for elgg_admin_user diff --git a/roles/elgg/defaults/main.yml b/roles/elgg/defaults/main.yml index 3ceb90588..2607f3ad7 100644 --- a/roles/elgg/defaults/main.yml +++ b/roles/elgg/defaults/main.yml @@ -1,5 +1,5 @@ elgg_xx: elgg -elgg_version: "2.3.7" +elgg_version: "2.3.8" # elgg_mysql_password: defined in default_vars elgg_url: /elgg @@ -7,7 +7,7 @@ elgg_upload_path: /library/elgg elgg_install: True elgg_enabled: False -# following variables used in elgg engine/settings.php template +# Variables used by template to create /opt/elgg/elgg-config/settings.php dbuser: Admin dbpassword: changeme dbname: elggdb diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 54a257f4b..555850615 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -29,10 +29,9 @@ state: link force: true -# use template to fix up settings in engine/settings.php with our variables substituted -# into engine/settings.example.php -# note this will overwrite any manual settings -- name: Substitute our parameters in engine/settings.example.php +# Use template to fix up settings in elgg-config/settings.php with our variables substituted. +# Note this will overwrite any manual settings. +- name: Substitute our parameters in /opt/elgg/elgg-config/settings.php template: src: "settings.php.j2" dest: "/opt/{{ elgg_xx }}/elgg-config/settings.php" @@ -90,9 +89,9 @@ password: "{{ dbpassword }}" priv: "{{ dbname }}.*:ALL" with_items: - - 127.0.0.1 - - ::1 - - localhost + - 127.0.0.1 + - ::1 + - localhost - name: Create file to load database template: diff --git a/roles/homepage/tasks/main.yml b/roles/homepage/tasks/main.yml index 91b570df5..f88503082 100644 --- a/roles/homepage/tasks/main.yml +++ b/roles/homepage/tasks/main.yml @@ -1,16 +1,19 @@ - name: Create home directory - file: path={{ doc_root }}/home - mode=0755 - owner={{ apache_user }} - group={{ apache_user }} - state=directory + file: + path: "{{ doc_root }}/home" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0755 + state: directory - name: Install admin homepage into apache2 - template: src=iiab-homepage.conf - dest=/etc/{{ apache_config_dir }}/iiab-homepage.conf + template: + src: iiab-homepage.conf + dest: "/etc/{{ apache_config_dir }}/iiab-homepage.conf" - name: Enable the home page - file: src=/etc/{{ apache_config_dir }}/iiab-homepage.conf - dest=/etc/apache2/sites-enabled/iiab-homepage.conf - state=link + file: + src: "/etc/{{ apache_config_dir }}/iiab-homepage.conf" + dest: /etc/apache2/sites-enabled/iiab-homepage.conf + state: link when: is_debuntu diff --git a/roles/httpd/files/html/credits.html b/roles/httpd/files/html/credits.html index 4a6d8ae60..c1cef0e8b 100755 --- a/roles/httpd/files/html/credits.html +++ b/roles/httpd/files/html/credits.html @@ -10,35 +10,39 @@

Internet-in-a-Box Credits

- The XSCE School Server known as Internet-in-a-Box includes a variety of educational and other content and applications which are attributed as follows:

- - All Wikipedia content is available for free at www.wikipedia.org.
- All other Wikimedia content is available for free via links at www.wikimedia.org.
- All Khan Academy content is available for free at www.khanacademy.org.
- All CK-12 content is available for free at www.ck-12.org.
- All PhET Interactive Simulations content is available for free at phet.colorado.edu.
- All MedLine content is available for free at www.nlm.nih.gov/medlineplus.
- All Hesperian content is available for free at www.hesperian.org.
- All Gutenberg content is available for free at www.gutenberg.org.
- All OLPC content is available for free at www.laptop.org.
- All MIT Scratch content is available for free at scratch.mit.edu.
- All UNESCO's IICBA content is available for free at www.eng.unesco-iicba.org.
- All Math Expression content is available for free at www.mathexpression.com.
- All Music Theory content is available for free at www.musictheory.net.

+ Internet-in-a-Box (formerly known as XSCE School Server) includes a variety of educational content and applications which are attributed as follows:

+ All Wikipedia content is available for free at www.wikipedia.org.
+ All other Wikimedia content is available for free via links at www.wikimedia.org.
+ All Khan Academy content is available for free at www.khanacademy.org.
+ All CK-12 content is available for free at www.ck12.org.
+ All PhET Interactive Simulations content is available for free at phet.colorado.edu.
+ All MedLine content is available for free at medlineplus.gov.
+ All Hesperian content is available for free at hesperian.org.
+ Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at mawared.org.
+ All Gutenberg content is available for free at www.gutenberg.org.
+ All OLPC content is available for free at wiki.laptop.org.
+ All MIT Scratch content is available for free at scratch.mit.edu.
+ All UNESCO's IICBA content is available for free at www.iicba.unesco.org/.
+ All Math Expression content is available for free at www.mathexpression.com.
+ All Music Theory content is available for free at www.musictheory.net.
+ All HealthPhone content is available for free at www.healthphone.org.
+ All Centers for Disease Control content is available for free at www.cdc.gov.
+ All Global Emergency Medicine Wiki content is available for free at wikem.org/wiki/Main_Page.

+ Internet-in-a-Box also includes the work of content aggregators which we gratefully acknowledge:

- RACHEL is a curation of selected offline content at www.rachel.worldpossible.org.
- Kiwix is a Zim server and repository of Wikimedia and other content in a compressed Zim file format at www.kiwix.org.
- KA Lite is a server and repository of Khan Academy content in various languages at learningequality.org/ka-lite.

+ RACHEL is a curation of selected offline content at oer2go.org.
+ Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
+ KA Lite is a server and repository of Khan Academy content in various languages at learningequality.org/ka-lite.

- Internet-in-a-Box also contains a number of applications each of which has its own attribution information which is included.

+ Internet-in-a-Box also contains a number of applications each of which has its own attribution information, which is included.

- This Internet-in-a-Box distribution resides at github.com/XSCE/iiab.

+ This Internet-in-a-Box distribution resides at github.com/iiab.

It is licensed under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

- Licensing information may be found at github.com/XSCE/iiab/blob/master/LICENSE.
+ Licensing information may be found at github.com/iiab/iiab/blob/master/LICENSE.md.
diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index de04af0f0..ba5543dc5 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -53,7 +53,6 @@ - name: Remove the default apache2 config file (debuntu) file: path: /etc/apache2/sites-enabled/000-default.conf - src: /etc/apache2/sites-available/000-default.conf state: absent when: is_debuntu @@ -170,7 +169,12 @@ tags: - base -- name: Place the script to generate homepages +# Fixes search @ http://box/modules/es-wikihow - see https://github.com/iiab/iiab/issues/829 +- include_tasks: php-stem.yml + tags: + - base + +- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation (will be run at the end of Stage 4 = roles/4-server-options/tasks/main.yml) template: src: refresh-wiki-docs.sh dest: /usr/bin/iiab-refresh-wiki-docs diff --git a/roles/httpd/tasks/php-stem.yml b/roles/httpd/tasks/php-stem.yml new file mode 100644 index 000000000..191872775 --- /dev/null +++ b/roles/httpd/tasks/php-stem.yml @@ -0,0 +1,38 @@ +# Fixes search @ http://box/modules/es-wikihow (popular with Spanish youth) +# Source code: http://download.iiab.io/packages/php-stem.src.tar +# June 2018 debugging & compilation thanks to Tim Moody & George Hunt +# Original bug: https://github.com/iiab/iiab/issues/829 + +#- name: Download php-stem.rpi.tar +# command: cd /; wget http://download.iiab.io/packages/php-stem.rpi.tar +# when: is_rpi + +#- name: Download php-stem.x86.tar +# command: cd /; wget http://download.iiab.io/packages/php-stem.x64.tar +# when: not is_rpi + +- name: Download & unpack php-stem.rpi.tar to / (rpi) + unarchive: + src: http://download.iiab.io/packages/php-stem.rpi.tar + dest: / + owner: root + group: root + #mode: ???? + remote_src: yes + when: is_rpi + +- name: Download & unpack php-stem.x86.tar to / (not rpi) + unarchive: + src: http://download.iiab.io/packages/php-stem.x64.tar + dest: / + owner: root + group: root + #mode: ???? + remote_src: yes + when: not is_rpi + +# No need to do this twice? Happens later @ https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml#L24-L28 +#- name: Restart apache2 / httpd +# service: +# name: "{{ apache_service }}" +# state: restarted diff --git a/roles/kalite/defaults/main.yml b/roles/kalite/defaults/main.yml index 086f6839e..3d4683c0f 100644 --- a/roles/kalite/defaults/main.yml +++ b/roles/kalite/defaults/main.yml @@ -1,21 +1,29 @@ ---- # The values here are defaults. -# To override them edit the main var definitions in iiab/vars -kalite_version: "0.17.4" +# To override them edit /etc/iiab/local_vars.yml + +kalite_install: True +kalite_enabled: False + +kalite_version: "0.17.5" kalite_repo_url: "https://github.com/learningequality/ka-lite.git" +kalite_requirements: "https://raw.githubusercontent.com/learningequality/ka-lite/master/requirements.txt" + kalite_venv: "/usr/local/kalite/venv" kalite_program: "{{ kalite_venv }}/bin/kalite" -kalite_requirements: "https://raw.githubusercontent.com/learningequality/ka-lite/master/requirements.txt" kalite_root: "/library/ka-lite" + +kalite_server_port: 8008 +kalite_admin_user: Admin +kalite_admin_password: changeme + +# Unused in 2018; but remain as placeholders for Fedora 18 legacy (XO laptops) +kalite_cron_enabled: False kalite_user: kalite # obtain a password hash with - python -c 'import crypt; print crypt.crypt("", "$6$<salt>")' kalite_password_hash: $6$<salt>$KHET0XRRsgAY.wOWyTOI3W7dyDh0ESOr48uI5vtk2xdzsU7aw0TF4ZkNuM34RmHBGMJ1fTCmOyVobo0LOhBlJ/ kalite_password: kalite -kalite_admin_user: Admin -kalite_admin_password: changeme -kalite_server_name: kalite -kalite_server_port: 8008 -kalite_enabled: False -kalite_cron_enabled: False -khan_assessment_install: True -khan_assessment_url: "http://pantry.learningequality.org/downloads/ka-lite/0.16/content/khan_assessment.zip" + +# Unused in 2018 +# kalite_server_name: kalite +# khan_assessment_install: True +# khan_assessment_url: "http://pantry.learningequality.org/downloads/ka-lite/0.16/content/khan_assessment.zip" diff --git a/roles/kalite/tasks/assessment.yml b/roles/kalite/tasks/assessment.yml index 43839eb7f..73faec727 100644 --- a/roles/kalite/tasks/assessment.yml +++ b/roles/kalite/tasks/assessment.yml @@ -8,7 +8,7 @@ - name: Run the assessment setup using kalite manage command: "{{ kalite_program }} manage unpack_assessment_zip {{ downloads_dir }}/khan_assessment.zip" environment: - KALITE_HOME: "{{ kalite_root }}" + KALITE_HOME: "{{ kalite_root }}" async: 900 poll: 10 when: not khan_assessment_installed.stat.exists or khan_assessment_installed.stat.size < 20000 diff --git a/roles/kalite/tasks/enable.yml b/roles/kalite/tasks/enable.yml index ed278a863..7a95aabeb 100644 --- a/roles/kalite/tasks/enable.yml +++ b/roles/kalite/tasks/enable.yml @@ -2,26 +2,30 @@ # And the systemd unit files should be defined - name: Enable 'kalite-serve' service - service: name=kalite-serve - enabled=yes - state=started + service: + name: kalite-serve + enabled: yes + state: started - name: Disable 'kalite-serve' service - service: name=kalite-serve - enabled=no - state=stopped + service: + name: kalite-serve + enabled: no + state: stopped when: not kalite_enabled # Since Fedora 18 we don't have a separate unit file for kalite-cron - name: Disable kalite cron server F18 - service: name=kalite-cron - enabled=no - state=stopped + service: + name: kalite-cron + enabled: no + state: stopped when: not kalite_cron_enabled and is_F18 - name: Enable kalite cron server F18 - service: name=kalite-cron - enabled=yes - state=started + service: + name: kalite-cron + enabled: yes + state: started when: kalite_cron_enabled and is_F18 diff --git a/roles/kalite/tasks/install-f18.yml b/roles/kalite/tasks/install-f18.yml index bad6c551a..7d38866fc 100644 --- a/roles/kalite/tasks/install-f18.yml +++ b/roles/kalite/tasks/install-f18.yml @@ -1,66 +1,75 @@ # This is for Fedora 18, assumed to be an XO - name: Install dependent packages (Fedora 18) - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - python-psutil - expect when: is_F18 - name: Install dependent pip packages (Fedora 18) - pip: name=selenium + pip: + name: selenium when: internet_available and is_F18 - name: Determine if KA Lite is already downloaded - stat: path={{ downloads_dir }}/ka-lite + stat: + path: "{{ downloads_dir }}/ka-lite" register: kalite - name: Download the latest KA Lite repo - git: repo={{ kalite_repo_url }} - dest={{ downloads_dir }}/ka-lite - depth=1 - version="0.13.x" + git: + repo: "{{ kalite_repo_url }}" + dest: "{{ downloads_dir }}/ka-lite" + depth: 1 + version: 0.13.x ignore_errors: yes when: internet_available and kalite.stat.exists is defined and not kalite.stat.exists - name: Create iiab-kalite user and password (Fedora 18) - user: name={{ kalite_user }} - password={{ kalite_password_hash }} - update_password=on_create + user: + name: "{{ kalite_user }}" + password: "{{ kalite_password_hash }}" + update_password: on_create - name: Create kalite_root directory (Fedora 18) - file: path={{ kalite_root }} - owner=root - group=root - mode=0755 - state=directory + file: + path: "{{ kalite_root }}" + owner: root + group: root + mode: 0755 + state: directory - name: Copy the KA Lite repo into place (Fedora 18) command: "rsync -at {{ downloads_dir }}/ka-lite/ {{ kalite_root }}" - name: Make kalite_user owner - file: path={{ kalite_root }} - owner={{ kalite_user }} - group={{ kalite_user }} - recurse=yes - state=directory + file: + path: "{{ kalite_root }}" + owner: "{{ kalite_user }}" + group: "{{ kalite_user }}" + recurse: yes + state: directory # local_settings is deprecated - name: Copy local_settings file - template: src=f18/local_settings.py.j2 - dest="{{ kalite_root }}/kalite/local_settings.py" - owner={{ kalite_user }} - group={{ kalite_user }} - mode=0644 + template: + src: f18/local_settings.py.j2 + dest: "{{ kalite_root }}/kalite/local_settings.py" + owner: "{{ kalite_user }}" + group: "{{ kalite_user }}" + mode: 0644 - name: Create kalite-serve & kalite-cron services, and iiab_cronservectl.sh - template: backup=no - src={{ item.src }} - dest={{ item.dest }} - owner=root - group=root - mode={{ item.mode }} + template: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" with_items: - { src: 'f18/kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'} - { src: 'f18/kalite-cron.service.j2', dest: '/etc/systemd/system/kalite-cron.service', mode: '0644'} diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 4be6dc4c7..331163dc8 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -32,7 +32,7 @@ # extra_args="--disable-pip-version-check" when: internet_available and is_debuntu -#- name: Install KA Lite non-static + reqs file with pip - (OS's other than debuntu) +#- name: Install KA Lite non-static + reqs file with pip (OS's other than debuntu) # pip: requirements={{ pip_packages_dir }}/kalite.txt # virtualenv={{ kalite_venv }} # virtualenv_site_packages=no @@ -40,7 +40,7 @@ # extra_args="--disable-pip-version-check" # when: internet_available and not is_debuntu -- name: Install KA Lite static with pip - (OS's other than debuntu) +- name: Install KA Lite static with pip (OS's other than debuntu) pip: name: ka-lite-static version: "{{ kalite_version }}" diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index f68fd7d92..6f8908d86 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -4,16 +4,17 @@ - name: Calc KA Lite db file name (Fedora 18) set_fact: - kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite" + kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite" when: is_F18 - name: Calc KA Lite db file name (OS's other than Fedora 18) set_fact: - kalite_db_name: "{{ kalite_root }}/database/data.sqlite" + kalite_db_name: "{{ kalite_root }}/database/data.sqlite" when: not is_F18 - name: See if KA Lite is already configured - stat: path="{{ kalite_db_name }}" + stat: + path: "{{ kalite_db_name }}" register: kalite_installed - include_tasks: install-f18.yml @@ -22,8 +23,9 @@ - include_tasks: install.yml when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18 -- name: Ask systemd to reread the unit files - shell: systemctl daemon-reload +- name: Ask systemd to reread unit files (daemon-reload) + systemd: + daemon_reload: yes when: not kalite_installed.stat.exists - include_tasks: setup-f18.yml @@ -47,13 +49,9 @@ value: '"KA Lite is a server to present Khan Academy videos offline and to download them."' - option: path value: "{{ kalite_root }}" - - option: server_name - value: "{{ kalite_server_name }}" - option: port value: "{{ kalite_server_port }}" - option: enabled value: "{{ kalite_enabled }}" - option: cron_enabled value: "{{ kalite_cron_enabled }}" - - option: khan_assessment_install - value: "{{ khan_assessment_install }}" diff --git a/roles/kalite/tasks/setup.yml b/roles/kalite/tasks/setup.yml index 2ad239833..05b8d5674 100644 --- a/roles/kalite/tasks/setup.yml +++ b/roles/kalite/tasks/setup.yml @@ -1,15 +1,16 @@ # This is for an OS other than Fedora 18 - name: Create kalite_root directory - file: path={{ kalite_root }}/httpsrv/static - owner=root - group=root - mode=0755 - state=directory + file: + path: "{{ kalite_root }}/httpsrv/static" + owner: root + group: root + mode: 0755 + state: directory - name: Run the setup using 'kalite manage' command: "{{ kalite_program }} manage setup --username={{ kalite_admin_user }} --password={{ kalite_admin_password }} --noinput" environment: - KALITE_HOME: "{{ kalite_root }}" + KALITE_HOME: "{{ kalite_root }}" async: 900 poll: 10 diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index e208742c7..839d4c832 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -13,7 +13,8 @@ Locations - Your ZIM files are expected to be in /library/zims/content - Your ZIM index files are expected to be in directories under /library/zims/index -- The URL is http://box:3000 +- The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats) +- Use URL http://box:3000/kiwix if you want to avoid the proxy Your local ZIM catalog (at /library/zims/library.xml) can be -regenerated by running: iiab-make-kiwix-lib +regenerated by running: /usr/bin/iiab-make-kiwix-lib diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 4e3fe36ae..d11d8207d 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -2,8 +2,8 @@ # As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/ kiwix_version_armhf: "kiwix-tools_linux-armhf-0.6.0" -kiwix_version_linux64: "kiwix-tools_linux-i586-0.6.0" -kiwix_version_i686: "kiwix-tools_linux-x86_64-0.6.0" +kiwix_version_linux64: "kiwix-tools_linux-x86_64-0.6.0" +kiwix_version_i686: "kiwix-tools_linux-i586-0.6.0" # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") # v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier: @@ -12,12 +12,11 @@ kiwix_version_i686: "kiwix-tools_linux-x86_64-0.6.0" kiwix_src_file_armhf: "{{ kiwix_version_armhf }}.tar.gz" kiwix_src_file_linux64: "{{ kiwix_version_linux64 }}.tar.gz" -kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.bz2" +kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.gz" kiwix_port: 3000 -# Expected to be used soon for Kiwix proxy: -kiwix_url: /kiwix/ -# Unused in Nov 2017, but should be: +# Used for Kiwix proxy http://box/kiwix/ +kiwix_url: /kiwix kiwix_path: "{{ iiab_base }}/kiwix" # /library/zims contains 3 important things: @@ -26,13 +25,9 @@ kiwix_path: "{{ iiab_base }}/kiwix" # - index directory for legacy *.zim.idx's iiab_zim_path: "{{ content_base }}/zims" kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" -# Unused: (Nov 2017) -# kiwix_content_path: "{{ iiab_zim_path }}/content" # Installation Variables kiwix_install: True kiwix_enabled: True # MOVE FILE /opt/iiab/kiwix/bin/kiwix-serve TO FORCE A REINSTALL OF kiwix-tools kiwix_force_install: False -# Unused: (Nov 2017) -# kiwix_content_found: False diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index f08b9a7f2..0cb5193b5 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -58,9 +58,8 @@ state: directory # 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install -# (We get a whole web server for i686 but only kiwix execs for linux64 & armhf) -- name: Unarchive kiwix-tools .tar.gz or .tar.bz2 to /tmp +- name: Unarchive kiwix-tools .tar.gz to /tmp unarchive: src: "{{ downloads_dir }}/{{ kiwix_src_file }}" dest: /tmp @@ -68,34 +67,9 @@ group: root when: kiwix_force_install -- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64) +- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686) shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" - when: kiwix_force_install and not kiwix_src_contains_bin - -- name: Move /tmp/{{ kiwix_src_dir }}/bin/* to permanent location /opt/iiab/kiwix/bin (i686) - shell: "mv /tmp/{{ kiwix_src_dir }}/bin/* {{ kiwix_path }}/bin/" - when: kiwix_force_install and kiwix_src_contains_bin - -#- name: Unarchive Kiwix binaries to permanent location (NOT i686) -# unarchive: -# src: "{{ downloads_dir }}/{{ kiwix_src_file }}" -# dest: "{{ kiwix_path }}/bin" -# owner: root -# group: root -# when: kiwix_src_bin_only and kiwix_force_install - -#- name: Unarchive kiwix*i686.tar.bz2 to /tmp (i686) -# unarchive: -# src: "{{ downloads_dir }}/{{ kiwix_src_file }}" -# dest: /tmp -# # dest: "{{ iiab_base }}" -# owner: root -# group: root -# when: not kiwix_src_bin_only and kiwix_force_install -# -#- name: Move /tmp/kiwix*i686/bin/* to permanent location /opt/iiab/kiwix/bin (i686) -# shell: "mv /tmp/kiwix*i686/bin/* {{ kiwix_path }}/bin/" -# when: not kiwix_src_bin_only and kiwix_force_install + when: kiwix_force_install # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU @@ -193,8 +167,5 @@ value: "{{ iiab_zim_path }}" - option: kiwix_library_xml value: "{{ kiwix_library_xml }}" -# The following 2 lines are unused: (Nov 2017) -# - option: kiwix_content_path -# value: "{{ kiwix_content_path }}" - option: enabled value: "{{ kiwix_enabled }}" diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 673ef7ef9..ce8b224cf 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -2,21 +2,18 @@ set_fact: kiwix_src_dir: "{{ kiwix_version_armhf }}" kiwix_src_file: "{{ kiwix_src_file_armhf }}" - kiwix_src_contains_bin: False when: ansible_machine == "armv7l" or ansible_machine == "armv6l" - name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)" set_fact: kiwix_src_dir: "{{ kiwix_version_linux64 }}" kiwix_src_file: "{{ kiwix_src_file_linux64 }}" - kiwix_src_contains_bin: False when: ansible_machine == "x86_64" - name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)" set_fact: kiwix_src_dir: "{{ kiwix_version_i686 }}" kiwix_src_file: "{{ kiwix_src_file_i686 }}" - kiwix_src_contains_bin: True when: ansible_machine == "i686" # COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib b/roles/kiwix/templates/iiab-make-kiwix-lib index ae06bc0cd..5680470f3 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib +++ b/roles/kiwix/templates/iiab-make-kiwix-lib @@ -1,8 +1,30 @@ -#!/bin/bash - -{{ systemctl_program }} stop kiwix-serve -/usr/bin/iiab-make-kiwix-lib.py -#/usr/bin/iiab-make-apache-config.py -{{ systemctl_program }} start kiwix-serve - -exit 0 +#!/bin/bash + +LOCK_PATH=/run/lock/kiwix +mkdir -p $LOCK_PATH + +WAITLOCK="$LOCK_PATH/make-kiwix-lib-wait.LCK"; +RUNLOCK="$LOCK_PATH/kiwix-lib-access.LCK"; +KIWIXLIB={{ kiwix_library_xml }} + +exec 200>$WAITLOCK; +exec 201>$RUNLOCK; + +if flock -n -e 200; then : + echo 'Waiting to run iiab-make-kiwix-lib.py' + # wait for up to 5 min + flock -x -w 300 201 + flock -u 200 # unlock queue + echo "Now running iiab-make-kiwix-lib.py" + # write to {{ kiwix_library_xml }}.tmp to minimize kiwix down + # zim map could be out of sync for a few seconds + /usr/bin/iiab-make-kiwix-lib.py + {{ systemctl_program }} stop kiwix-serve + rm $KIWIXLIB + mv $KIWIXLIB.tmp $KIWIXLIB + {{ systemctl_program }} start kiwix-serve +else + echo "Can't get wait lock for iiab-make-kiwix-lib.py"; + exit 1; +fi +exit 0 diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index 40f45cb82..d331f194d 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -2,7 +2,7 @@ """ - Creates library.xml file for kiwix from contents of /zims/content and index + Creates temp library.xml file for kiwix from contents of /zims/content and index Author: Tim Moody <tim(at)timmoody(dot)com> Contributors: Jerry Vonau <jvonau3(at)gmail.com> @@ -30,6 +30,8 @@ iiab_config_file = "{{ iiab_config_file }}" # Variables that should be read from config file # All of these variables will be read from config files and recomputed in init() iiab_zim_path = "{{ iiab_zim_path }}" + +# Later we will append .tmp to file name kiwix_library_xml = "{{ kiwix_library_xml }}" iiab_base_path = "{{ iiab_base }}" @@ -41,8 +43,9 @@ old_zim_map = {"bad.zim" : "unparseable name"} def main(): """Server routine""" - + global kiwix_library_xml init() + kiwix_library_xml += '.tmp' # write to temp file # remove existing file try: diff --git a/roles/kiwix/templates/kiwix.conf.j2 b/roles/kiwix/templates/kiwix.conf.j2 index a191cdb81..59cd3cb7c 100644 --- a/roles/kiwix/templates/kiwix.conf.j2 +++ b/roles/kiwix/templates/kiwix.conf.j2 @@ -1 +1,6 @@ -ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port }}{{ kiwix_url }} \ No newline at end of file +ProxyPreserveHost On +ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port}}{{ kiwix_url }} +ProxyPassReverse {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port}}{{ kiwix_url }} + +RewriteEngine on +RewriteRule ^/kiwix$ /kiwix/ [R] diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst new file mode 100644 index 000000000..197581251 --- /dev/null +++ b/roles/kolibri/README.rst @@ -0,0 +1,67 @@ +============== +Kolibri README +============== + +This Ansible role installs Kolibri within Internet-in-a-Box. Kolibri is an +open-source educational platform specially designed to provide offline access +to a wide range of quality, openly licensed educational contents in +low-resource contexts like rural schools, refugee camps, orphanages, and also +in non-formal school programs. + +Access +------ + +If enabled and with the default settings Kolibri should be accessible at http://box:8009 + +To login to Kolibri enter + + Username: Admin + + Password: changeme + +Configuration Parameters +------------------------ + +Please look in defaults/main.yml for the default values of the various install parameters. Everything +in this readme assumes the default values. + +Automatic Device Provisioning +----------------------------- + +When kolibri_provision is enabled, the installation will setup the following settings: + + Kolibri Facility name: 'Kolibri-in-a-Box' + + Kolibri Preset type: formal (Other options are nonformal, informal) + + Kolibri default language: en (Otherwise language are ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu) + + Kolibri Admin User: Admin + + Kolibri Admin password: changeme + +Cloning content +--------------- + +Kolibri 0.10 introduced `kolibri manage deprovision` which will remove +user configuration, leaving content intact. You can then copy/clone /library/kolibri +to a new location. + +Troubleshooting +---------------- + +You can run the server manually with the following commands: + + systemctl stop kolibri (make sure the systemd service is not running) + + export KOLIBRI_HOME=/library/kolibri + + export KOLIBRI_HTTP_PORT=8009 (otherwise Kolibri will try to run on default port 8080) + + kolibri start + +To return to using the systemd unit: + + kolibri stop + + systemctl start kolibri diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml new file mode 100644 index 000000000..990ac7b5e --- /dev/null +++ b/roles/kolibri/defaults/main.yml @@ -0,0 +1,35 @@ +# The values here are defaults. +# To override them edit /etc/iiab/local_vars.yml + +# Installation Variables +kolibri_install: False +kolibri_enabled: False + +# Kolibri folder to store its data and configuration files. +kolibri_home: "{{ content_base }}/kolibri" + +kolibri_http_port: 8009 +kolibri_url: /kolibri/ +kolibri_path: "{{ iiab_base }}/kolibri" +# 2018-07-16: IIAB recommends /usr/bin but @arky says this isn't yet possible, due to pip +kolibri_exec_path: /usr/local/bin/kolibri + +# Kolibri system user +kolibri_user: kolibri + +# Kolibri setup will be provisioned with default administration account, preset and +# language. You could turn this to 'False' while reinstalling kolibri. +kolibri_provision: True + +# Kolibri Facility name +kolibri_facility: Kolibri-in-a-Box + +# Kolibri Preset type: formal, nonformal, informal +kolibri_preset: formal + +# Kolibri default language (ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu) +kolibri_language: en + +# Kolibri admin account +kolibri_admin_user: Admin +kolibri_admin_password: changeme diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml new file mode 100644 index 000000000..9372008fd --- /dev/null +++ b/roles/kolibri/tasks/main.yml @@ -0,0 +1,96 @@ +- name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk + user: + name: "{{ kolibri_user }}" + groups: + - "{{ apache_user }}" + - disk + state: present + shell: /bin/false + system: yes + create_home: no + +- name: Create /library/kolibri to store data and configuration files + file: + path: "{{ item }}" + owner: "{{ kolibri_user }}" + group: "{{ apache_user }}" + mode: 0755 + state: directory + with_items: + - "{{ kolibri_home }}" + +- name: Install kolibri using pip on all OS's + pip: + name: kolibri + state: latest + extra_args: --no-cache-dir + when: internet_available + +- name: Create kolibri systemd service unit file + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service', mode: '0644' } + +- name: Ask systemd to reread unit files (daemon-reload) + systemd: + daemon_reload: yes + +- name: Set kolibri default language + shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" + ignore_errors: yes + when: kolibri_provision + +- name: Create kolibri default facility name, admin account and language + shell: > + export KOLIBRI_HOME="{{ kolibri_home }}" && + "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" + --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" + --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput + ignore_errors: yes + when: kolibri_provision + +- name: Change /library/kolibri directory permissions + file: + path: "{{ kolibri_home }}" + owner: "{{ kolibri_user }}" + group: "{{ apache_user }}" + recurse: yes + +- name: Enable kolibri service + service: + name: kolibri + enabled: yes + state: restarted + when: kolibri_enabled + +- name: Disable kolibri service + service: + name: kolibri + enabled: no + state: stopped + when: not kolibri_enabled + +- name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: kolibri + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: kolibri + - option: description + value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' + - option: kolibri_url + value: "{{ kolibri_url }}" + - option: kolibri_path + value: "{{ kolibri_path }}" + - option: kolibri_port + value: "{{ kolibri_http_port }}" + - option: enabled + value: "{{ kolibri_enabled }}" diff --git a/roles/kolibri/templates/kolibri.service.j2 b/roles/kolibri/templates/kolibri.service.j2 new file mode 100644 index 000000000..0b230f7d1 --- /dev/null +++ b/roles/kolibri/templates/kolibri.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Kolibri + +[Service] +Type=forking +RemainAfterExit=yes +Environment=KOLIBRI_USER={{ kolibri_user }} +Environment=KOLIBRI_HOME={{ kolibri_home }} +Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }} +User={{ kolibri_user }} +Group={{ apache_user }} +ExecStart={{ kolibri_exec_path }} start +ExecStop={{ kolibri_exec_path }} stop + +[Install] +WantedBy=multi-user.target diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 2553868fb..61d1d951f 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -1,2 +1,6 @@ mongodb_install: False mongodb_enabled: False + +mongodb_conf: /etc/mongod.conf +mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # == /library/dbdata/mongodb/ +mongodb_db_lock_file: "{{ mongodb_db_path }}/mongod.lock" diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 81a4864c9..e52e10360 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -1,6 +1,7 @@ -- name: Install mongodb required packages - package: name={{ item }} - state=present +- name: Install MongoDB required packages + package: + name: "{{ item }}" + state: present with_items: - mongodb-server - mongodb @@ -8,50 +9,67 @@ tags: - download -- name: create the data directory for mongodb - file: state=directory - path={{ item.path }} - owner=mongodb +- name: Create the data directory for MongoDB + file: + state: directory + path: "{{ item.path }}" + owner: mongodb with_items: - - { path: '/var/run/mongodb' } - - { path: '/library/dbdata/mongodb' } - - { path: '/var/log/mongodb' } + - { path: '/var/run/mongodb' } + - { path: "{{ mongodb_db_path }}" } # == /library/dbdata/mongodb/ + - { path: '/var/log/mongodb' } -- name: Move required files - template: src={{ item.src }} - dest={{ item.dest }} - owner=root - group=root - mode=0644 +- name: Populate & position /etc/mongod.conf, mongodb.service + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" with_items: - - { src: 'mongodb.service' , dest: '/etc/systemd/system/' } - - { src: 'mongod.conf' , dest: '/etc/mongod.conf'} + - { src: 'mongod.conf.j2', dest: "{{ mongodb_conf }}", mode: '0644' } + - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' } + - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' } -- name: enable services - service: name={{ item.name }} - enabled=yes - state=restarted - with_items: - - { name: mongodb } +- name: Enable+restart systemd service if mongodb_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?) + systemd: + name: mongodb + enabled: yes + state: restarted + daemon_reload: yes when: mongodb_enabled -- name: disable services - service: name={{ item.name }} - enabled=no - state=stopped - with_items: - - { name: mongodb } +- name: 'Disable+stop systemd service if mongodb_enabled: False' + systemd: + name: mongodb + enabled: no + state: stopped when: not mongodb_enabled -- name: add mongodb to service list - ini_file: dest="{{ service_filelist }}" - section=mongodb - option="{{ item.option }}" - value="{{ item.value }}" +#- name: Restart service if enabled +# service: +# name: mongodb +# enabled: yes +# state: restarted +# when: mongodb_enabled + +#- name: Stop service if not enabled +# service: +# name: mongodb +# enabled: no +# state: stopped +# when: not mongodb_enabled + +- name: Add 'mongodb' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: mongodb + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - - option: name - value: MongoDB - - option: description - value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' - - option: enabled - value: "{{ mongodb_enabled }}" + - option: name + value: MongoDB + - option: description + value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' + - option: enabled + value: "{{ mongodb_enabled }}" diff --git a/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 b/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 new file mode 100644 index 000000000..790748103 --- /dev/null +++ b/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ -f {{ mongodb_db_lock_file }} ]; then + echo '"mongod --repair" cannot run when {{ mongodb_db_lock_file }} present.' >&2 # Output to STDERR but keep going, so /etc/systems/system/mongodb.service continues +else + /usr/bin/mongod --repair --dbpath {{ mongodb_db_path }} +fi diff --git a/roles/mongodb/templates/mongod.conf b/roles/mongodb/templates/mongod.conf.j2 similarity index 99% rename from roles/mongodb/templates/mongod.conf rename to roles/mongodb/templates/mongod.conf.j2 index 478375a5e..f8b3f1497 100644 --- a/roles/mongodb/templates/mongod.conf +++ b/roles/mongodb/templates/mongod.conf.j2 @@ -21,7 +21,7 @@ logpath = /var/log/mongodb/mongod.log # unixSocketPrefix = /var/run/mongodb # Directory for datafiles (defaults to /data/db/) -dbpath = /library/dbdata/mongodb +dbpath = {{ mongodb_db_path }} # Enable/Disable journaling (journaling is on by default for 64 bit) journal = true @@ -234,4 +234,3 @@ smallfiles = true # Activate FIPS 140-2 mode at startup #sslFIPSMode = true - diff --git a/roles/mongodb/templates/mongodb.service b/roles/mongodb/templates/mongodb.service deleted file mode 100644 index 328682a10..000000000 --- a/roles/mongodb/templates/mongodb.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=High-performance, schema-free document-oriented database -After=syslog.target network.target - -[Service] -Type=simple -User=mongodb -Group=mongodb -ExecStart=/usr/bin/mongod -f /etc/mongod.conf - -[Install] -WantedBy=multi-user.target - diff --git a/roles/mongodb/templates/mongodb.service.j2 b/roles/mongodb/templates/mongodb.service.j2 new file mode 100644 index 000000000..1ae050ae8 --- /dev/null +++ b/roles/mongodb/templates/mongodb.service.j2 @@ -0,0 +1,20 @@ +[Unit] +Description=High-performance, schema-free document-oriented database +After=syslog.target network.target + +[Service] +Type=simple +User=mongodb +Group=mongodb +# FAILS (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942) +#ExecStartPre=/usr/bin/mongod --repair --dbpath /library/dbdata/mongodb +# FAILS as systemd cannot run bash here: +#ExecStartPre=if [ ! -f /library/dbdata/mongodb/mongod.lock ]; then /usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}; fi +ExecStartPre=/usr/bin/iiab-mongodb-repair-if-no-lock +ExecStart=/usr/bin/mongod -f {{ mongodb_conf }} +ExecStop=/usr/bin/killall mongod +# killall's SIGTERM (15) seems fine, to induce a graceful stop. This would work too: +#ExecStop=mongod --dbpath {{ mongodb_db_path }} --shutdown + +[Install] +WantedBy=multi-user.target diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 8226ad1ff..7374ae31e 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -22,12 +22,12 @@ - php{{ php_version }}-cli when: is_debuntu -- name: php-zip name (debian_9 or ubuntu) +- name: php-zip name (debian-9 or ubuntu) package: name: "php{{ php_version }}-zip" when: is_debian_9 or is_ubuntu -- name: php-zip name for (debian_8) +- name: php-zip name for (debian-8) package: name: php-pclzip when: is_debian_8 diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 02f879cd1..3fad2b357 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -19,13 +19,13 @@ tags: - download - - name: php-xml (ubuntu or debian_9) + - name: php-xml (ubuntu or debian-9) package: name: "php{{ php_version }}-xml" state: present when: is_ubuntu or is_debian_9 - - name: php-xml (debian_8) + - name: php-xml (debian-8) package: name: "php-xml-parser" state: present diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index 4524918df..9adbf7ad8 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -1,4 +1,3 @@ ---- # Defaults for network detection wireless_lan_present: False strict_networking: False @@ -19,14 +18,14 @@ discovered_lan_iface: "none" discovered_wired_iface: "none" discovered_wireless_iface: "none" -#Redhat +# Red Hat #iiab_wired_lan_iface: "none" #iiab_wireless_lan_iface: "none" has_WAN: False has_ifcfg_gw: "none" has_wifi_gw: "none" -#Debian +# Debian dhcpcd_result: "" wan_in_interfaces: False network_manager_active: False @@ -39,13 +38,13 @@ gui_desired_network_role: Gateway wondershaper_dspeed: "4096" wondershaper_upspeed: "1024" -# WiFi +# Wi-Fi host_ssid: IIAB hostapd_wait: 1 host_wifi_mode: g host_channel: 6 host_wireless_n: False -# Below moved to /opt/iiab/iiab/vars/local_vars.yml: (so implementer sets this) +# Below moved to /etc/iiab/local_vars.yml: (so implementer sets this) #host_country_code: US hostapd_secure: True hostapd_password: "iiab2017" @@ -63,11 +62,20 @@ network_config_dir: /etc/network/interfaces.d dns_jail_enabled: False services_externally_visible: False -# following variables set for old apache,dhcpd,named usage +# Following variables set for old Apache, dhcpd, named usage dhcpd_install: True dhcpd_enabled: True named_install: True named_enabled: True dnsmasq_enabled: False dnsmasq_install: False + +# For @tim-moody's Nodogsplash approach to Captive Portal? High experimental as of June 2018: github.com/iiab/iiab/issues/608 captive_portal_enabled: False + +# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870 +py_captive_portal_install: True +py_captive_portal_enabled: True +py_captive_portal_port: "9090" +py_captive_portal_username: "Admin" +py_captive_portal_password: "changeme" diff --git a/roles/network/tasks/captive_portal.yml b/roles/network/tasks/captive_portal.yml new file mode 100644 index 000000000..033314121 --- /dev/null +++ b/roles/network/tasks/captive_portal.yml @@ -0,0 +1,47 @@ +- name: Create directory for Captive Portal script + file: + path: /opt/iiab/captive-portal + state: directory + when: py_captive_portal_install + +- name: Copy Captive Portal script + template: + src: roles/network/templates/captive_portal/captive_portal.py.j2 + dest: /opt/iiab/captive-portal/captive_portal.py + owner: root + group: root + mode: 0740 + when: py_captive_portal_install + +- name: Copy Captive Portal service file + template: + src: roles/network/templates/captive_portal/captive_portal.service.j2 + dest: /etc/systemd/system/captive_portal.service + owner: root + group: root + mode: 0644 + when: py_captive_portal_install + +- name: Enable captive_portal after copying files + service: + name: captive_portal.service + enabled: yes + when: py_captive_portal_install and py_captive_portal_enabled + +- name: Start captive_portal after copying files + service: + name: captive_portal.service + state: started + when: py_captive_portal_install and py_captive_portal_enabled + +- name: Disable captive_portal after copying files + service: + name: captive_portal.service + enabled: no + when: py_captive_portal_install and py_captive_portal_enabled + +- name: Stop captive_portal after copying files + service: + name: captive_portal.service + state: started + when: py_captive_portal_install and py_captive_portal_enabled diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 4ec38b22a..9eeddb4f6 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -21,52 +21,64 @@ # state=present - name: For upgrades from earlier IIAB 6.2, remove br0 file - file: path=/etc/network/interfaces.d/br0 - state=absent + file: + path: /etc/network/interfaces.d/br0 + state: absent when: iiab_lan_iface != "br0" and wan_ip == "dhcp" - name: Supply resolvconf.conf - template: dest=/etc/resolvconf.conf - src=network/resolvconf.j2 + template: + dest: /etc/resolvconf.conf + src: network/resolvconf.j2 - name: Supply dhcpcd.conf - template: dest=/etc/dhcpcd.conf - src=network/dhcpcd.conf.j2 + template: + dest: /etc/dhcpcd.conf + src: network/dhcpcd.conf.j2 when: dhcpcd_result == "enabled" - name: Copy the bridge script - template: dest=/etc/network/interfaces.d/iiab - src=network/systemd.j2 + template: + dest: /etc/network/interfaces.d/iiab + src: network/systemd.j2 when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp" or gui_static_wan_ip == "undefined") - name: Copy the bridge script for RPi - template: dest=/etc/network/interfaces.d/iiab - src=network/rpi.j2 + template: + dest: /etc/network/interfaces.d/iiab + src: network/rpi.j2 when: is_rpi and iiab_lan_iface == "br0" -- name: Workaround auto issue on Debian-9 - template: dest=/etc/network/interfaces.d/patch_auto - src=network/debian-auto.j2 +- name: Workaround auto issue (debian-9) + template: + dest: /etc/network/interfaces.d/patch_auto + src: network/debian-auto.j2 when: iiab_wan_iface != "none" and is_debian_9 -- name: Clearing out /etc/network/interfaces for static addresses (is_debian_9) +- name: Clearing out /etc/network/interfaces for static addresses (debian-9) lineinfile: - state: absent - path: /etc/network/interfaces - regexp: "{{ iiab_wan_iface }}" + state: absent + path: /etc/network/interfaces + regexp: "{{ iiab_wan_iface }}" when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian_9 -- name: bind may be affected - service: name={{ dns_service }} state=stopped +- name: BIND may be affected + service: + name: "{{ dns_service }}" + state: stopped when: named_install and dnsmasq_enabled # dhcpd_server release the interface - name: dhcpd_server may be affected - stopping dhcpd - service: name=dhcpd state=stopped + service: + name: dhcpd + state: stopped when: dhcpd_install - name: dhcpd_server may be affected - stopping dnsmasq - service: name=dnsmasq state=stopped + service: + name: dnsmasq + state: stopped when: dnsmasq_install - name: Reload systemd @@ -75,9 +87,13 @@ # now pick up denyinterfaces - name: Restart dhcpcd - service: name=dhcpcd state=restarted + service: + name: dhcpcd + state: restarted when: dhcpcd_result == "enabled" - name: Restart the networking service - service: name=networking state=restarted + service: + name: networking + state: restarted when: not nobridge is defined and not no_net_restart diff --git a/roles/network/tasks/down-debian.yml b/roles/network/tasks/down-debian.yml index 393d7fd4e..c5954a72a 100644 --- a/roles/network/tasks/down-debian.yml +++ b/roles/network/tasks/down-debian.yml @@ -5,7 +5,7 @@ # dest: /etc/resolvconf.conf # src: network/resolvconf.j2 -- name: bind may be affected +- name: BIND may be affected service: name: "{{ dns_service }}" state: stopped diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 4628874af..c4b2fac76 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -1,156 +1,181 @@ - name: Disable dhcpd service - service: name=dhcpd - enabled=no + service: + name: dhcpd + enabled: no when: not dhcpd_enabled and dhcpd_install # service is restarted with NM dispatcher.d script - name: Enable dhcpd service - service: name=dhcpd - enabled=yes + service: + name: dhcpd + enabled: yes when: dhcpd_enabled and dhcpd_install - name: Copy /etc/sysconfig/dhcpd file - template: src={{ item.src }} - dest={{ item.dest }} - owner=root - group=root - mode={{ item.mode }} + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" with_items: - - { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' } + - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' } - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' } when: dhcpd_enabled and dhcpd_install - name: Copy named file - template: src={{ item.src }} - dest={{ item.dest }} - owner=root - group=root - mode={{ item.mode }} + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" with_items: - - { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0644' } - - { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0644' } + - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' } + - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' } + - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' } - name: Enable named service - service: name={{ dns_service }} - enabled=yes + service: + name: "{{ dns_service }}" + enabled: yes when: named_enabled and named_install - name: Disable named service - service: name={{ dns_service }} - enabled=no + service: + name: "{{ dns_service }}" + enabled: no when: not named_enabled and named_install - name: Disable dnsmasq - service: name=dnsmasq - enabled=no + service: + name: dnsmasq + enabled: no when: not dnsmasq_enabled and dnsmasq_install -- name: dnsmasq copy config file to /etc - template: src=network/dnsmasq.conf.j2 dest=/etc/dnsmasq.conf +- name: Copy dnsmasq.conf to /etc + template: + src: network/dnsmasq.conf.j2 + dest: /etc/dnsmasq.conf when: dnsmasq_enabled and dnsmasq_install - name: Enable dnsmasq - service: name=dnsmasq - enabled=yes + service: + name: dnsmasq + enabled: yes when: dnsmasq_enabled and dnsmasq_install - name: Enable DansGuardian - service: name=dansguardian - enabled=yes + service: + name: dansguardian + enabled: yes when: dansguardian_enabled and dansguardian_install - name: Disable DansGuardian - service: name=dansguardian - enabled=no + service: + name: dansguardian + enabled: no when: not dansguardian_enabled and dansguardian_install - name: Create xs_httpcache flag - lineinfile: dest=/etc/iiab/iiab.env - regexp='^HTTPCACHE_ON=*' - line='HTTPCACHE_ON=True' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^HTTPCACHE_ON=*' + line: 'HTTPCACHE_ON=True' + state: present when: squid_enabled and squid_install - name: Enable Squid service - service: name={{ proxy }} - enabled=yes + service: + name: "{{ proxy }}" + enabled: yes when: squid_enabled and squid_install - name: Copy init script and config file - template: src={{ item.src }} - dest={{ item.dest }} - owner={{ item.owner }} - group={{ item.group }} - mode={{ item.mode }} + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" with_items: - - src: 'squid/squid-iiab.conf.j2' - dest: '/etc/{{ proxy }}/squid-iiab.conf' - owner: '{{ proxy_user }}' - group: '{{ proxy_user }}' - mode: '0644' + - src: squid/squid-iiab.conf.j2 + dest: "/etc/{{ proxy }}/squid-iiab.conf" + owner: "{{ proxy_user }}" + group: "{{ proxy_user }}" + mode: 0644 when: squid_enabled and squid_install - name: Point to Squid config file from startup file - lineinfile: regexp='^CONFIG' - line='CONFIG=/etc/{{ proxy }}/squid-iiab.conf' - dest=/etc/init.d/{{ proxy }} + lineinfile: + regexp: '^CONFIG' + line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf" + dest: "/etc/init.d/{{ proxy }}" when: squid_enabled and squid_install and is_debuntu - name: Disable Squid service - service: name={{ proxy }} - enabled=no + service: + name: "{{ proxy }}" + enabled: no when: not squid_enabled and squid_install - name: Remove xs_httpcache flag - lineinfile: dest=/etc/iiab/iiab.env - regexp='^HTTPCACHE_ON=*' - line='HTTPCACHE_ON=False' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^HTTPCACHE_ON=*' + line: 'HTTPCACHE_ON=False' + state: present when: not squid_enabled - name: Enable Wondershaper service - service: name=wondershaper - enabled=yes + service: + name: wondershaper + enabled: yes when: wondershaper_enabled and wondershaper_install - name: Disable Wondershaper service - service: name=wondershaper - enabled=no + service: + name: wondershaper + enabled: no when: not wondershaper_enabled and wondershaper_install # check-LAN should be iptables.yml remove later - name: Grab clean copy of iiab-gen-iptables - template: src={{ item.0 }} - dest={{ item.1 }} - owner='root' - group='root' - mode='0755' + template: + src: "{{ item.0 }}" + dest: "{{ item.1 }}" + owner: root + group: root + mode: 0755 with_items: - { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' } -- name: Add 'squid' to service list - ini_file: dest='{{ service_filelist }}' - section=squid - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'squid' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: squid + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: enabled value: "{{ squid_enabled }}" -- name: Add 'dansguardian' to service list - ini_file: dest='{{ service_filelist }}' - section=dansguardian - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: dansguardian + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: enabled value: "{{ dansguardian_enabled }}" -- name: Add 'wondershaper' to service list - ini_file: dest='{{ service_filelist }}' - section=wondershaper - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: wondershaper + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: enabled value: "{{ wondershaper_enabled }}" diff --git a/roles/network/tasks/ifcfg_mods.yml b/roles/network/tasks/ifcfg_mods.yml index b5a3f5f9c..444f3241f 100644 --- a/roles/network/tasks/ifcfg_mods.yml +++ b/roles/network/tasks/ifcfg_mods.yml @@ -26,16 +26,22 @@ with_items: - "{{ discovered_lan_iface }}" -- name: bind may be affected - service: name={{ dns_service }} state=stopped +- name: BIND may be affected + service: + name: "{{ dns_service }}" + state: stopped when: named_install and dnsmasq_enabled - name: dhcpd_server may be affected - stopping dhcpd - service: name=dhcpd state=stopped + service: + name: dhcpd + state: stopped when: dhcpd_install - name: dhcpd_server may be affected - stopping dnsmasq - service: name=dnsmasq state=stopped + service: + name: dnsmasq + state: stopped when: dnsmasq_install - name: Stop the LAN/Bridge deleting iiab-LAN @@ -59,21 +65,24 @@ # when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode - name: Configuring LAN interface as iiab_lan_iface - template: src=network/ifcfg.j2 - dest=/etc/sysconfig/network-scripts/ifcfg-LAN + template: + src: network/ifcfg.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-LAN when: iiab_lan_iface != "none" # can be more than one wired interface - name: Wired enslaving ## lan_list_result ## to Bridge - template: src=network/ifcfg-slave.j2 - dest=/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }} + template: + src: network/ifcfg-slave.j2 + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }}" when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface with_items: - - "{{ lan_list_result.stdout_lines }}" + - "{{ lan_list_result.stdout_lines }}" - name: WiFi enslaving {{ iiab_wireless_lan_iface }} to Bridge - template: src=network/wifi-slave.j2 - dest=/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }} + template: + src: network/wifi-slave.j2 + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}" when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none" tags: - network @@ -81,7 +90,7 @@ - include_tasks: enable_wan.yml when: not installing and not iiab_demo_mode -- name: ask systemd to reread the unit files, picks up changes done +- name: Ask systemd to reread the unit files, picks up changes done systemd: daemon_reload: yes when: not installing @@ -111,7 +120,7 @@ ignore_errors: True when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface and not iiab_demo_mode with_items: - - "{{ lan_list_result.stdout_lines }}" + - "{{ lan_list_result.stdout_lines }}" #- name: restart hostapd when wifi is present # service: name=hostapd state=started diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 6e73f7d4c..3d2e7ec42 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -74,6 +74,14 @@ include_tasks: squid.yml when: FQDN_changed and squid_install and iiab_stage|int == 9 +#- name: FOREFULLY ENABLE CAPTIVE PORTAL +# set_fact: +# py_captive_portal_install: True + +- name: (Re)Installing captive portal + include_tasks: captive_portal.yml + when: py_captive_portal_install + #### start services - include_tasks: avahi.yml tags: diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index bfeaa7c16..90dd17706 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -1,6 +1,7 @@ - name: Install named packages (debuntu) - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - bind9 - bind9utils @@ -9,8 +10,9 @@ - download - name: Install named packages (OS's that are not debuntu) - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - bind - bind-utils @@ -20,76 +22,87 @@ # or we have to change the serial number in the config files. - name: Stop named before copying files - service: name={{ dns_service }} state=stopped + service: + name: "{{ dns_service }}" + state: stopped when: first_run and is_debuntu - name: Set folder permission - file: path={{ item }} - owner={{ dns_user }} - group=root - mode=0755 - state=directory + file: + path: "{{ item }}" + owner: "{{ dns_user }}" + group: root + mode: 0755 + state: directory with_items: - /var/named-iiab - /var/named-iiab/data - /etc/sysconfig/olpc-scripts/domain_config.d - name: Configure named - template: src={{ item.src }} - dest={{ item.dest }} - owner={{ item.owner }} - group=root - mode={{ item.mode }} + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ item.owner }}" + group: root + mode: "{{ item.mode }}" with_items: - - { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' } - - { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' } - - { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' } - - { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' } - - { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' } - - { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'} + - { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly - - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'} - - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'} - - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'} - - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'} + - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' } + - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' } - name: Substitute our unit file which uses $OPTIONS from sysconfig - template: src=roles/network/templates/named/{{ dns_service }}.service - dest=/etc/systemd/system/{{ dns_service }}.service - mode=0644 + template: + src: "roles/network/templates/named/{{ dns_service }}.service" + dest: "/etc/systemd/system/{{ dns_service }}.service" + mode: 0644 -- name: The dns-jail redirect requires the named.blackhole,disabling recursion +- name: The dns-jail redirect requires the named.blackhole, disabling recursion # in named-iiab.conf, and the redirection of 404 error documents to / - template: src=roles/network/templates/named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/ + template: + src: roles/network/templates/named/dns-jail.conf + dest: "/etc/{{ apache_config_dir }}/" when: dns_jail_enabled -- name: Separate enabling required for debuntu - file: src=/etc/{{ apache_config_dir }}/dns-jail.conf - path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf - state=link +- name: Separate enabling required (debuntu) + file: + src: "/etc/{{ apache_config_dir }}/dns-jail.conf" + path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf" + state: link when: is_debuntu and dns_jail_enabled -- name: Separate enabling/disabling required (debuntu) - file: src=/etc/{{ apache_config_dir }}/dns-jail.conf - path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf - state=absent +- name: Separate disabling required (debuntu) + file: + path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf" + state: absent when: is_debuntu and not dns_jail_enabled - name: Separate enabling/disabling required (OS's that are not debuntu) - file: path=/etc/{{ apache_config_dir }}/dns-jail.conf - state=absent + file: + path: "/etc/{{ apache_config_dir }}/dns-jail.conf" + state: absent when: not is_debuntu and not dns_jail_enabled - name: Start named after copying files - service: name={{ dns_service }} state=started + service: + name: "{{ dns_service }}" + state: started diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 30aa4b307..6a60ec235 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,4 +1,4 @@ -- name: restart hostapd when wifi is present +- name: Restart hostapd when WiFi is present systemd: name: hostapd state: restarted diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 406c70e07..e56f8806e 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -20,7 +20,7 @@ dest: /etc/dhcpcd.conf src: network/dhcpcd.conf.j2 -- name: New raspbian requires counry code -- check for it +- name: New raspbian requires country code -- check for it shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf register: country_code ignore_errors: True diff --git a/roles/network/templates/captive_portal/captive_portal.py.j2 b/roles/network/templates/captive_portal/captive_portal.py.j2 new file mode 100755 index 000000000..22ad1f009 --- /dev/null +++ b/roles/network/templates/captive_portal/captive_portal.py.j2 @@ -0,0 +1,97 @@ +#!/usr/bin/python + +# Captive portal script adapted from https://github.com/nikosft/captive-portal + +import subprocess +import BaseHTTPServer +import cgi + +# These variables are used as settings +PORT = int("{{ py_captive_portal_port }}") # the port in which the captive portal web server listens +IFACE = "{{ iiab_lan_iface }}" # the interface that captive portal protects +IP_ADDRESS = "{{ lan_ip }}" # the ip address of the captive portal (it can be the IP of IFACE) + +''' +This it the http server used by the the captive portal +''' +class CaptivePortal(BaseHTTPServer.BaseHTTPRequestHandler): + #this is the index of the captive portal + #it simply redirects the user to the to login page + html_redirect = """ + <html> + <head> + <meta http-equiv="refresh" content="0; url=http://%s:%s/login" /> + </head> + <body> + <b>Redirecting to login page</b> + </body> + </html> + """%(IP_ADDRESS, PORT) + #the login page + html_login = """ + <html> + <body> + <b>Login Form</b> + <form method="POST" action="do_login"> + Username: <input type="text" name="username"><br> + Password: <input type="password" name="password"><br> + <input type="submit" value="Submit"> + </form> + </body> + </html> + """ + + ''' + if the user requests the login page show it, else + use the redirect page + ''' + def do_GET(self): + path = self.path + self.send_response(200) + self.send_header("Content-type", "text/html") + self.end_headers() + if path == "/login": + self.wfile.write(self.html_login) + else: + self.wfile.write(self.html_redirect) + ''' + this is called when the user submits the login form + ''' + def do_POST(self): + self.send_response(200) + self.send_header("Content-type", "text/html") + self.end_headers() + form = cgi.FieldStorage( + fp=self.rfile, + headers=self.headers, + environ={'REQUEST_METHOD':'POST', + 'CONTENT_TYPE':self.headers['Content-Type'], + }) + username = form.getvalue("username") + password = form.getvalue("password") + #dummy security check + if username == '{{ py_captive_portal_username }}' and password == '{{ py_captive_portal_password }}': + #authorized user + remote_IP = self.client_address[0] + print 'New authorization from '+ remote_IP + print 'Updating IP tables' + subprocess.call(["iptables","-t", "nat", "-I", "PREROUTING","1", "-s", remote_IP, "-j" ,"ACCEPT"]) + subprocess.call(["iptables", "-I", "FORWARD", "-s", remote_IP, "-j" ,"ACCEPT"]) + self.wfile.write("You are now authorized. Navigate to any URL") + else: + #show the login form + self.wfile.write(self.html_login) + + #the following function makes server produce no output + #comment it out if you want to print diagnostic messages + #def log_message(self, format, *args): + # return + +print "Starting captive portal web server" +httpd = BaseHTTPServer.HTTPServer(('', PORT), CaptivePortal) + +try: + httpd.serve_forever() +except KeyboardInterrupt: + pass +httpd.server_close() diff --git a/roles/network/templates/captive_portal/captive_portal.service.j2 b/roles/network/templates/captive_portal/captive_portal.service.j2 new file mode 100644 index 000000000..03f3c33d5 --- /dev/null +++ b/roles/network/templates/captive_portal/captive_portal.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=Captive portal +After=syslog.target + +[Service] +Type=simple +User=root +Group=root +WorkingDirectory=/opt/iiab/captive-portal +ExecStart=/opt/iiab/captive-portal/captive_portal.py +StandardOutput=syslog +StandardError=syslog + +[Install] +WantedBy=multi-user.target diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 7ec8f3bf0..812fe1b39 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -57,11 +57,13 @@ services_externally_visible={{ services_externally_visible }} calibre_port={{ calibre_port }} kiwix_port={{ kiwix_port }} kalite_server_port={{ kalite_server_port }} +kolibri_http_port={{ kolibri_http_port }} sugarizer_port={{ sugarizer_port }} block_DNS={{ block_DNS }} captive_portal_enabled={{ captive_portal_enabled }} +py_captive_portal_enabled={{ py_captive_portal_enabled }} -echo "Lan is $lan and WAN is $wan" +echo "LAN is $lan and WAN is $wan" # # delete all existing rules. # @@ -89,6 +91,7 @@ fi if [ "$services_externally_visible" == "True" ]; then $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT fi @@ -101,12 +104,13 @@ $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACC #Block https traffic except if directed at server if [ "$gw_block_https" == "True" ]; then - $IPTABLES -A FORWARD -p tcp ! -d 172.18.96.1 --dport 443 -j DROP + $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP fi # Allow outgoing connections from the LAN side. -$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT - +if ! [ "$py_captive_portal_enabled" == "True" ];then + $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT +fi # Don't forward from the outside to the inside. $IPTABLES -A FORWARD -i $wan -o $lan -j DROP $IPTABLES -A INPUT -i $wan -j DROP @@ -122,8 +126,11 @@ if [ "$captive_portal_enabled" == "True" ];then $IPTABLES -t mangle -A internet -j MARK --set-mark 99 $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }} +elif [ "py_$captive_portal_enabled" == "True" ];then + $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ py_captive_portal_port }} + elif [ "$HTTPCACHE_ON" == "True" ]; then - $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128 + $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128 fi # Enable routing. diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index 282c0b222..afd148c89 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -4,7 +4,7 @@ bogus-priv #server=/{{ iiab_domain }}/{{ iiab_hostname }} # Add local-only domains here, queries in these domains are answered from /etc/hosts or DHCP only. local=/{{ iiab_domain }}/ -{% if captive_portal_enabled == "True" %} +{% if dns_jail_enabled %} # Make all host names resolve to the Raspberry Pi's IP address address=/#/{{ lan_ip }} {% endif %} diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 3252efa43..05ebee138 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -18,6 +18,7 @@ url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}" dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}" force: yes + #validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954 timeout: "{{ download_timeout }}" when: internet_available and nextcloud_force_install async: 900 diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index 965973ad4..7a24d512f 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -6,7 +6,7 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud <IfModule mod_authz_core.c> # Apache 2.4 Require host localhost - Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} + Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 diff --git a/roles/osm/tasks/main.yml b/roles/osm/tasks/main.yml index 2789a2dd5..a9ed97c62 100644 --- a/roles/osm/tasks/main.yml +++ b/roles/osm/tasks/main.yml @@ -1,6 +1,7 @@ -- name: Install OSM required packages - package: name={{ item }} - state=present +- name: Install OSM required packages (debuntu) + package: + name: "{{ item }}" + state: present with_items: - gcc - python-dev @@ -9,9 +10,10 @@ - libapache2-mod-xsendfile when: is_debuntu -- name: Install OSM required packages - package: name={{ item }} - state=present +- name: Install OSM required packages (not debuntu) + package: + name: "{{ item }}" + state: present with_items: - python-pip - gcc @@ -22,27 +24,30 @@ when: not is_debuntu # OSM wants a specific version do that first -- name: Install Whoosh 2.6 - pip: name=whoosh - virtualenv={{ osm_venv }} - virtualenv_site_packages=no - version=2.6 - extra_args="--no-cache-dir" +- name: Install Whoosh 2.6 (debuntu) + pip: + name: whoosh + virtualenv: "{{ osm_venv }}" + virtualenv_site_packages: no + version: 2.6 + extra_args: "--no-cache-dir" when: internet_available and is_debuntu -- name: Install Flask 0.12X - pip: name=Flask - virtualenv={{ osm_venv }} - virtualenv_site_packages=no - version=0.12.4 - extra_args="--no-cache-dir" +- name: Install Flask 0.12X (debuntu) + pip: + name: Flask + virtualenv: "{{ osm_venv }}" + virtualenv_site_packages: no + version: 0.12.4 + extra_args: "--no-cache-dir" when: internet_available and is_debuntu -- name: Install OSM with dependencies - pip: name={{ item }} - virtualenv={{ osm_venv }} - virtualenv_site_packages=no - extra_args="--no-cache-dir" +- name: Install OSM with dependencies (debuntu) + pip: + name: "{{ item }}" + virtualenv: "{{ osm_venv }}" + virtualenv_site_packages: no + extra_args: "--no-cache-dir" with_items: - MarkupSafe - pytz @@ -50,26 +55,29 @@ when: internet_available and is_debuntu # OSM wants a specific version do that first -- name: Install Whoosh 2.6 - pip: name=whoosh - virtualenv={{ osm_venv }} - virtualenv_site_packages=no - version=2.6 +- name: Install Whoosh 2.6 (not debuntu) + pip: + name: whoosh + virtualenv: "{{ osm_venv }}" + virtualenv_site_packages: no + version: 2.6 # extra_args="--no-cache-dir" when: internet_available and not is_debuntu -- name: Install Flask 0.12X - pip: name=Flask - virtualenv={{ osm_venv }} - virtualenv_site_packages=no - version=0.12.4 +- name: Install Flask 0.12X (not debuntu) + pip: + name: Flask + virtualenv: "{{ osm_venv }}" + virtualenv_site_packages: no + version: 0.12.4 # extra_args="--no-cache-dir" when: internet_available and not is_debuntu -- name: Install OSM with dependencies - pip: name={{ item }} - virtualenv={{ osm_venv }} - virtualenv_site_packages=no +- name: Install OSM with dependencies (not debuntu) + pip: + name: "{{ item }}" + virtualenv: "{{ osm_venv }}" + virtualenv_site_packages: no # extra_args="--no-cache-dir" with_items: - MarkupSafe @@ -77,81 +85,92 @@ - Internet-in-a-Box when: internet_available and not is_debuntu -- name: Set osm_path +- name: Set osm_path (redhat) set_fact: - osm_path: "{{ osm_venv }}/{{ python_path }}/iiab" + osm_path: "{{ osm_venv }}/{{ python_path }}/iiab" when: osm_enabled and is_redhat -- name: Set osm_path +- name: Set osm_path (debuntu) set_fact: - osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab" + osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab" when: osm_enabled and is_debuntu - name: Point wsgi to virtual environment (all OS's) - lineinfile: dest={{ osm_venv }}/bin/iiab.wsgi - regexp="path_to_virtualenv = None" - line="path_to_virtualenv = '/usr/local/osm'" - state=present + lineinfile: + dest: "{{ osm_venv }}/bin/iiab.wsgi" + regexp: "path_to_virtualenv = None" + line: "path_to_virtualenv = '/usr/local/osm'" + state: present - name: Copy OSM config file (all OS's) - template: backup=no - src=osm.conf.j2 - dest=/etc/{{ apache_config_dir }}/osm.conf - owner=root - group=root - mode=0644 + template: + src: osm.conf.j2 + dest: "/etc/{{ apache_config_dir }}/osm.conf" + owner: root + group: root + mode: 0644 + backup: no when: osm_enabled - name: Create a link from sites-enabled to sites-available (debuntu) - file: src=/etc/{{ apache_config_dir }}/osm.conf - dest=/etc/apache2/sites-enabled/osm.conf - state=link + file: + src: "/etc/{{ apache_config_dir }}/osm.conf" + dest: /etc/apache2/sites-enabled/osm.conf + state: link when: osm_enabled and is_debuntu - name: Remove the link from sites-enabled to sites-available (debuntu) - file: dest=/etc/apache2/sites-enabled/osm.conf - state=absent + file: + dest: /etc/apache2/sites-enabled/osm.conf + state: absent when: not osm_enabled and is_debuntu - name: Remove the osm.conf (redhat) - file: dest=/{{ apache_config_dir }}/osm.conf - state=absent + file: + dest: "/{{ apache_config_dir }}/osm.conf" + state: absent when: not osm_enabled and is_redhat - name: Remove link to cgi (all OS's) - file: dest={{ doc_root }}/osm.wsgi - state=absent + file: + dest: "{{ doc_root }}/osm.wsgi" + state: absent when: not osm_enabled - name: Create link to cgi (all OS's) - file: src={{ osm_venv }}/bin/iiab.wsgi - dest={{ doc_root }}/osm.wsgi - owner=root - group=root - state=link + file: + src: "{{ osm_venv }}/bin/iiab.wsgi" + dest: "{{ doc_root }}/osm.wsgi" + owner: root + group: root + state: link when: osm_enabled - name: Create the knowledge data set folders - file: path=/library/knowledge/modules - state=directory - owner={{ apache_user }} - group={{ apache_user }} + file: + path: /library/knowledge/modules + state: directory + owner: "{{ apache_user }}" + group: "{{ apache_user }}" # the following was brought into OSM playbook from iiab-factory osm-fix script - name: Copy the files - template: src={{ item.src }} dest={{ item.dest }} + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" with_items: - - { src: 'defaults.ini', dest: "{{ osm_path }}/" } - - { src: 'etc.iiab.conf', dest: '/etc/iiab.conf' } - - { src: 'map_search.py', dest: "{{ osm_path }}/map_search.py" } - - { src: 'map.html', dest: "{{ osm_path }}/static/map.html" } - - { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" } - - { src: '{{ osm_path }}/static/map.html', dest: "{{ osm_path }}/static/index.html" } + - { src: 'defaults.ini', dest: "{{ osm_path }}/" } + - { src: 'etc.iiab.conf', dest: '/etc/iiab.conf' } + - { src: 'map_search.py', dest: "{{ osm_path }}/map_search.py" } + - { src: 'map.html', dest: "{{ osm_path }}/static/map.html" } + - { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" } + - { src: "{{ osm_path }}/static/map.html", dest: "{{ osm_path }}/static/index.html" } when: osm_enabled - name: Restart httpd service - service: name={{ apache_service }} - state=restarted + service: + name: "{{ apache_service }}" + state: restarted - name: Add 'osm' to list of services at /etc/iiab/iiab.ini ini_file: diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index 2779db9eb..57f820564 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -1,4 +1,4 @@ phpmyadmin_install: False phpmyadmin_enabled: False -phpmyadmin_name: "phpMyAdmin-4.8.1-all-languages" +phpmyadmin_name: "phpMyAdmin-4.8.2-all-languages" phpmyadmin_name_zip: "{{ phpmyadmin_name }}.zip" diff --git a/roles/rachel/README.rst b/roles/rachel/README.rst index ac07828cb..31aa1453d 100644 --- a/roles/rachel/README.rst +++ b/roles/rachel/README.rst @@ -13,7 +13,7 @@ Do the following: * cd /library/rachel * mv /library/rachelusb_32EN_3.1.4/RACHEL/bin . * you should see /library/rachel/bin/www/index.php -* re-run ansible (making sure that rachel_enabled: True has been set in vars/local_vars.yml +* re-run ansible (making sure that rachel_enabled: True has been set in /etc/iiab/local_vars.yml Locations --------- diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index 7baf488d2..1b0d7f0bf 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -1,6 +1,15 @@ sugarizer_install: True sugarizer_enabled: False -sugarizer_location: /opt/iiab -sugarizer_version: 'sugarizer-1.0' -sugarizer_server_version: 'sugarizer-server-1.0' -npm_exists: False + +sugarizer_location: "{{ iiab_base }}" # /opt/iiab + +sugarizer_version: sugarizer-1.0 +sugarizer_git_version: v1.0.1 +# PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases + +sugarizer_server_version: sugarizer-server-1.0 +sugarizer_server_git_version: v1.0.1 # "master" worked over July 11-14, 2018 +# PLEASE HELP MONITOR https://github.com/llaske/sugarizer-server/releases + +# Unused as of 2018-07-14 +# node_modules_exists: False diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 84b4311d8..e4be6106a 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -1,94 +1,168 @@ -- name: Wipe any previous sugarizer installation +# 0. CLEAN UP PRIOR VERSIONS OF SUGARIZER (NEEDS WORK!) + +- name: Wipe /library/www/html/sugarizer* if installing sugarizer-1.0 shell: "rm -rf {{ doc_root }}/sugarizer*" when: sugarizer_version == "sugarizer-1.0" -- name: Download latest stable Sugarizer from location we control - get_url: - url: "{{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz" - dest: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz" - timeout: "{{ download_timeout }}" +# 1. DOWNLOAD+LINK /opt/iiab/sugarizer + +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }}) from GitHub to /opt/iiab (MAY DOWNLOAD 600+ MB) + git: + repo: https://github.com/llaske/sugarizer + dest: "{{ sugarizer_location }}/{{ sugarizer_version }}" + version: "{{ sugarizer_git_version }}" + force: yes + depth: 1 when: internet_available -- name: Untar to {{ sugarizer_version }} - unarchive: - src: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz" - dest: "{{ sugarizer_location }}" - creates: "{{ sugarizer_location }}/{{ sugarizer_version }}/index.html" -# command: tar xzf {{ downloads_dir }}/{{ sugarizer_version }}.tar.gz -C {{ sugarizer_location }} -# creates="{{ sugarizer_location }}/{{ sugarizer_version }}/index.html" - -- name: Download latest stable Server from location we control - get_url: - url: "{{ iiab_download_url }}/{{ sugarizer_server_version }}.tar.gz" - dest: "{{ downloads_dir }}/{{ sugarizer_server_version }}.tar.gz" - timeout: "{{ download_timeout }}" - when: internet_available - -- name: Untar to /{{ sugarizer_version }} - unarchive: - src: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz" - dest: "{{ sugarizer_location }}" - creates: "{{ sugarizer_location }}/{{ sugarizer_version }}/index.html" -- name: Create symbolic link /library/www/html/sugarizer +- name: Create symbolic link /opt/iiab/sugarizer -> /opt/iiab/{{ sugarizer_version }} file: src: "{{ sugarizer_location }}/{{ sugarizer_version }}" dest: "{{ sugarizer_location }}/sugarizer" state: link -- name: Untar to /library/www/html/{{ sugarizer_server_version }} - unarchive: - src: "{{ downloads_dir }}/{{ sugarizer_server_version }}.tar.gz" - dest: "{{ sugarizer_location }}" - creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/index.html" -- name: Create symbolic link /library/www/html/sugarizer +# 2. DOWNLOAD+LINK /opt/iiab/sugarizer-server + +# 2018-07-11: http://download.iiab.io/packages/sugarizer-server-1.0.tar.gz +# was flawed, as documented at: +# https://github.com/iiab/iiab/pull/814#issuecomment-404211098 +# Versions of MongoDB, npm (& Node.js ?) matter! Sugarizer 1.0 Context: +# https://github.com/iiab/iiab/issues/798 +# Going forward let's "git clone" IIAB's preferred versions, of sugarizer +# AND sugarizer-server, as specified in roles/sugarizer/defaults/main.yml + +# 2018-07-14 BLOAT: git works well BUT even with "depth: 1" +# - 229MB is unfort downloaded to /opt/iiab/sugarizer/.git +# - 1.4MB is unfort downloaded to /opt/iiab/sugarizer-server/.git + +# CLARIF: during repeat runs of "./runrole sugarizer", this git sync shows +# "changed" (whereas above git sync shows "ok"). Reason: "npm install" +# (below) modifies /opt/iiab/sugarizer-server/node_modules +- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }}) from GitHub to /opt/iiab + git: + repo: https://github.com/llaske/sugarizer-server + dest: "{{ sugarizer_location }}/{{ sugarizer_server_version }}" + version: "{{ sugarizer_server_git_version }}" + force: yes + depth: 1 + when: internet_available + +- name: Create symbolic link /opt/iiab/sugarizer-server -> /opt/iiab/{{ sugarizer_server_version }} file: src: "{{ sugarizer_location }}/{{ sugarizer_server_version }}" dest: "{{ sugarizer_location }}/sugarizer-server" state: link -- name: Set up Node.js 6.x apt sources (debuntu) - shell: curl -sL https://deb.nodesource.com/setup_6.x | bash - +# 3. INSTALL A GOOD VERSION OF Node.js AND npm + +- name: Set up Node.js 8.x apt sources (debuntu, but avoid ubuntu-18) + shell: curl -sL https://deb.nodesource.com/setup_8.x | bash - when: internet_available and is_debuntu and not is_ubuntu_18 -- name: Install latest Node.js which includes /usr/bin/npm (debuntu) +- name: Install latest Node.js which includes /usr/bin/npm (debuntu, but avoid ubuntu-18) package: name: nodejs + # name: nodejs=8.x state: latest -# package: name=nodejs=6.* -# state=present + # state: present when: internet_available and is_debuntu and not is_ubuntu_18 -- name: Install npm (OS's other than debuntu) - package: - name: "{{ item }}" - state: present - when: internet_available and not is_debuntu - with_items: - - nodejs - - npm +# 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm +# 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above +# nodesource.com approach to get a version of npm that works with Sugarizer: +# https://github.com/iiab/iiab/issues/798#issuecomment-404324530 +# +# MORE POSITIVELY: this nodesource.com approach (brings in npm 5.6.0 with +# nodejs 8.11.3 for now, to any OS) would also work on Ubuntu 18.04, and +# might even bring about a sane consistency across mainline OS's? +# +# BUT FOR NOW: Ubuntu 18.04's apt (approach below) brings in npm 3.5.2, +# which appears suffic "SO FAR"? 18.04's nodejs 8.10.0 is more reassuring! -- name: Install npm (ubuntu-18) +# CRAZY IDEA: most versions of npm can upgrade themselves to the latest +# (6.2.0 for now) using command "npm install -g npm", if that helps us in +# future, e.g. TK's memory issue etc? If so, be CAREFUL this puts npm +# in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian +# where it upgrades /usr/bin/npm in place: +# https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation + +- name: Install Node.js and npm (ubuntu-18 or not debuntu) package: name: "{{ item }}" state: latest - when: internet_available and is_ubuntu_18 with_items: - - npm - nodejs + - npm + when: internet_available and (is_ubuntu_18 or not is_debuntu) -# attempting to reinstall npm is broken on Raspbian 9 -- name: Check for Sugarizer already installed - stat: - path: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules" - register: npm - ignore_errors: true +# 4. RUN "npm install" TO POPULATE ~35MB /opt/iiab/sugarizer-server/node_modules -- name: Set a flag to abort second attempt to install - set_fact: - npm_exists: True - when: npm.stat is defined and npm.stat.exists +# Re-running "npm install" USED TO fail on Raspbian 9 if not other OS's ? +# Strategies considered to avoid re-running it: +# OLD WAY 1: test & set flag node_modules_exists: True +# OLD WAY 2: "creates: ..." checks for non-existence of /opt/iiab/sugarizer-server-1.0/node_modules +# OLD WAY 3: set "register: git_sug_server_output" above, then as nec delete /opt/iiab/sugarizer-server-1.0/node_modules "when: git_sug_server_output.changed" and as nec run "npm install" -- name: Create systemd files and copy our ini file +#- name: Check for /opt/iiab/{{ sugarizer_server_version }}/node_modules +# stat: +# path: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules" +# register: nmtest +# ignore_errors: true +# +#- name: Set a flag to prevent re-running of "npm install" +# set_fact: +# node_modules_exists: True +# when: nmtest.stat is defined and nmtest.stat.exists + +# NEW WAY BELOW: run "npm install --allow-root" every time, as modern versions +# of npm are incremental, with sanity checks (all 3 may work: but npm 6.2.0 +# is better than 5.6.0. which is better than Ubuntu 18.04's 3.5.2). + +# 2018-07-15: TK Kang & Holt confirmed sudo-driven "npm install" maxes out CPU +# for hours, on diff OS's using npm 5.6.0 and 6.2.0. Hours later you may get +# error: code EACCES, errno -13 (permission denied), +# "Missing write access to /opt/iiab/sugarizer-server-1.0/node_modules" +# +# SOLUTION: Implement '--allow-root --unsafe-perm=true' below, as is critical +# for 1st run of sudo-driven 'npm install' especially: +# +# ON DEBIAN: npm 5.6.0's --allow-root would be sufficient: causing creation +# of /root/.npm cache & lock files to owned by root:root instead of +# iiab-admin:iiab-admin...thus permitting it & IIAB installs to complete! +# +# ON RASPBIAN: npm 5.6.0's --unsafe-perm=true is *required* so that npm +# install actually finished (in about 5 minutes). It's possible we should +# remove --allow-root in favore of --unsafe-perm=true alone. But this needs +# testing on different Linuxes before proceeding. +# +# CLARIF 1: Something like 'chown -R root:root /root/.npm' would do the job, +# but cannot happen synchronously throughout the 1st run of 'npm install' +# (when it's needed!) Similar to what --allow-root does on Debian. +# +# CLARIF 2: Ubuntu 18.04 is currently unaffected due to its ancient +# npm 3.5.2, which instead uses /home/iiab-admin/.npm (which remains owned +# by iiab-admin:iiab-admin, even with '--allow-root', but thankfully still +# gets the job done, for now!) + +#- name: Create the express framework for Node.js (OS's other than Fedora 18) +- name: Run 'npm install --allow-root --unsafe-perm=true' to create /opt/iiab/{{ sugarizer_server_version }}/node_modules (CAN TAKE ~3 MINUTES) + command: npm install --allow-root --unsafe-perm=true # "command:" a bit safer than "shell:" + args: + chdir: "{{ sugarizer_location }}/{{ sugarizer_server_version }}" + #creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules" # OLD WAY 2 + when: internet_available # "npm install" generally requires Internet access +# when: internet_available and git_sug_server_output.changed # OLD WAY 3 +# when: internet_available and not is_F18 and not node_modules_exists # OLD WAY 1 + +#- name: Create the express framework for Node.js (Fedora 18) +# shell: npm install +# args: +# chdir: "{{ sugarizer_location }}/sugarizer/server" +# when: internet_available and is_F18 and not node_modules_exists + +# 5. PLACE CONFIG FILES + +- name: Configure sugarizer.service (systemd), sugarizer.conf (Apache) and sugarizer.ini template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -96,47 +170,51 @@ owner: root group: root with_items: - - { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service', mode: '0644' } - - { src: 'sugarizer.ini' , dest: '{{ sugarizer_location }}/{{ sugarizer_server_version }}/env/sugarizer.ini', mode: '0644' } - - { src: 'sugarizer.conf' , dest: '/etc/apache2/sites-available',mode: '0644' } - - { src: 'sugarizer.js' , dest: '/opt/iiab/sugarizer-server',mode: '0644' } + - { src: 'sugarizer.ini', dest: '{{ sugarizer_location }}/{{ sugarizer_server_version }}/env/sugarizer.ini', mode: '0644' } + - { src: 'sugarizer.conf', dest: '/etc/apache2/sites-available', mode: '0644' } + - { src: 'sugarizer.service.j2', dest: '/etc/systemd/system/sugarizer.service', mode: '0644' } + - { src: 'sugarizer.js', dest: '/opt/iiab/sugarizer-server', mode: '0644' } -- name: Create the symlink enabling the rewrite - file: src=/etc/apache2/sites-available/sugarizer.conf - dest=/etc/apache2/sites-enabled/sugarizer.conf - state=link +- name: Create symlink for short URL http://box/sugarizer + file: + src: /etc/apache2/sites-available/sugarizer.conf + dest: /etc/apache2/sites-enabled/sugarizer.conf + state: link -- name: Create the express framework for Node.js (OS's other than Fedora 18) - shell: npm install - args: - chdir: "{{ sugarizer_location }}/{{ sugarizer_server_version }}" - creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/server/node_modules" - when: not is_F18 and not npm_exists +# 6. RESTART/STOP SYSTEMD SERVICE -- name: Create the express framework for Node.js (Fedora 18) - shell: npm install - args: - chdir: "{{ sugarizer_location }}/sugarizer/server" - when: is_F18 and not npm_exists - -- name: Enable services (all OS's) - service: - name: "{{ item.name }}" +- name: Enable+restart systemd service if sugarizer_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?) + systemd: + name: sugarizer enabled: yes state: restarted - with_items: - - { name: sugarizer } + daemon_reload: yes when: sugarizer_enabled -- name: Disable services (all OS's) - service: - name: "{{ item.name }}" +- name: 'Disable+stop systemd service if sugarizer_enabled: False' + systemd: + name: sugarizer enabled: no state: stopped - with_items: - - { name: sugarizer } when: not sugarizer_enabled +#- name: Enable services (all OS's) +# service: +# name: "{{ item.name }}" +# enabled: yes +# state: restarted +# with_items: +## - { name: mongodb } # 2018-07-14: NICE TRY, but still doesn't bring http://box:8089 to life reliably, as a reboot usually does! (Is a "systemctl daemon-reload" or some such nec?) +# - { name: sugarizer } +# when: sugarizer_enabled + +#- name: Disable service (all OS's) +# service: +# name: sugarizer +# enabled: no +# state: stopped +# when: not sugarizer_enabled + - name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" diff --git a/roles/sugarizer/templates/sugarizer.ini b/roles/sugarizer/templates/sugarizer.ini index afcd97d19..bbb48a914 100644 --- a/roles/sugarizer/templates/sugarizer.ini +++ b/roles/sugarizer/templates/sugarizer.ini @@ -20,6 +20,7 @@ path = ../sugarizer/ server = localhost port = 27018 name = sugarizer +waitdb = 1 [presence] port = 8039 diff --git a/roles/sugarizer/templates/sugarizer.service.j2 b/roles/sugarizer/templates/sugarizer.service.j2 index e21f3b6e0..3b1e75cfa 100644 --- a/roles/sugarizer/templates/sugarizer.service.j2 +++ b/roles/sugarizer/templates/sugarizer.service.j2 @@ -1,7 +1,8 @@ [Unit] Description=Node.js Sugarizer Server Requires=mongodb.service -After=mongodb.service # Requires the mongodb service to run first +After=mongodb.service +# Requires mongodb service to run first [Service] WorkingDirectory=/opt/iiab/sugarizer-server/ diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index 1f312b188..e146ecf90 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -26,7 +26,7 @@ - { src: 'iiab-usb-lib-show-all-on' , dest: '/usr/bin/', mode: '0755' } - { src: 'iiab-usb-lib-show-all-off' , dest: '/usr/bin/', mode: '0755' } -- name: Enable exfat and ntfs +- name: Enable exFAT and NTFS lineinfile: regexp: '^FILESYSTEMS.*' line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' @@ -53,7 +53,7 @@ state: absent when: not usb_lib_enabled -- name: Put a variable in iiab.env for display of content at root of USB +- name: Put variable in iiab.env that enables display of content at root of USB lineinfile: dest: /etc/iiab/iiab.env regexp: "^IIAB_USB_LIB_SHOW_ALL.*" @@ -65,14 +65,14 @@ dest: "/etc/{{ apache_config_dir }}" when: usb_lib_enabled -- name: Create the link to enable (debian) +- name: Create the link to enable (debuntu) file: src: "/etc/{{ apache_config_dir }}/content_dir.conf" dest: /etc/apache2/sites-enabled/content_dir.conf state: link when: is_debuntu -- name: Remove the link that enables (debian) +- name: Remove the link that enables (debuntu) file: src: "/etc/{{ apache_config_dir }}/content_dir.conf" dest: /etc/apache2/sites-enabled/content_dir.conf diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 2fcdf7868..fa794dd3c 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -2,7 +2,7 @@ # to /library/wordpress) should also work offline... # # ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR -# NEXT RUN OF "./runtags wordpress" OR "./iiab-install" PLEASE FIRST DO: +# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO: # # - "mv /library/wordpress /library/wordpress.old" # - back up WordPress's database then drop it diff --git a/run-one-role.yml b/run-one-role.yml index e1ae27c2f..abd41ff1d 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -5,7 +5,7 @@ vars_files: - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - - vars/local_vars.yml + - /etc/iiab/local_vars.yml - /etc/iiab/config_vars.yml roles: diff --git a/runansible b/runansible.deprecated similarity index 100% rename from runansible rename to runansible.deprecated diff --git a/runtags b/runtags.deprecated similarity index 100% rename from runtags rename to runtags.deprecated diff --git a/scripts/ansible b/scripts/ansible index 27a992211..6f2d474ad 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -1,12 +1,19 @@ #!/bin/bash -e -echo -e '\nATTEMPTING TO INSTALL THE LATEST (RELEASED VERSION OF) ANSIBLE.' -echo -e 'Ensure you'"'"'re online before running this! (/opt/iiab/iiab/scripts/ansible)' -echo -e 'INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch' -echo -e 'ALTERNATIVES: Consider scripts/ansible-2.5.x "slow food" instead.\n' +echo -e '\n\nSTRONGLY RECOMMENDED PREREQUISITE: (1) remove all prior versions of Ansible using "apt purge ansible" and/or "pip uninstall ansible" and (2) clear out all lines containing ansible from /etc/apt/sources.list and /etc/apt/sources.list.d/*\n' -GOOD_VER="2.5.4" # Ansible version for OLPC XO laptops (pip install). - # On other OS's we install/upgrade to THE latest (released version of) Ansible. +echo -e 'WARNING: repeatedly re-run "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367" if this part of the script fails due to network/mirrors.\n' + +echo -e 'COMPLETE INSTALL INSTRUCTIONS:\nhttps://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n' + +echo -e 'NOW ATTEMPTING TO INSTALL THE LATEST ANSIBLE:' +echo -e 'Ensure you'"'"'re online before running this (/opt/iiab/iiab/scripts/ansible)\n' + +echo -e 'ALTERNATIVES: Run scripts/ansible-2.5.x-deprecated or scripts/ansible-2.6.x\n\n' + + +GOOD_VER="2.6.2" # Ansible version for OLPC XO laptops (pip install). + # On other OS's we attempt to install/upgrade THE latest from PPA, which might provide an even more recent version of Ansible. CURR_VER="undefined" # below are unused for future use # URL="NA" @@ -14,12 +21,12 @@ CURR_VER="undefined" export DEBIAN_FRONTEND=noninteractive if [ ! `command -v ansible-playbook` ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" - echo "Installing --- Please Wait" + echo "scripts/ansible will now try to install Ansible --- Please Wait" if [ -f /etc/centos-release ]; then yum -y install ca-certificates nss epel-release yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python yum -y install python-pip python-setuptools python-wheel patch - yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.0-1.el7.ans.noarch.rpm + yum -y install https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.6.2-1.el7.ans.noarch.rpm # elif [ -f /etc/fedora-release ]; then # CURR_VER=`grep VERSION_ID /etc/*elease | cut -d= -f2` # URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$CURR_VER.yml @@ -67,7 +74,7 @@ else #if [[ `grep -qi ansible /etc/apt/sources.list` ]] || [ -f /etc/apt/sources.list.d/ansible*.list ]; then elif (grep -qi ansible /etc/apt/sources.list) || (ls /etc/apt/sources.list.d/*ansible*.list >/dev/null 2>&1) ; then #echo "Ansible repo(s) found within /etc/apt/sources.list*" - echo -e 'MANUAL INTERVENTION URGED:\nANSIBLE REPO(S) FOUND WITHIN /etc/apt/sources.list AND/OR /etc/apt/sources.list.d/*ansible*.list -- MUST CONTAIN LINE "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" IF YOU WANT THE LATEST ANSIBLE -- AND REMOVE ALL SIMILAR LINES TO ENSURE ANSIBLE UPDATES CLEANLY -- then re-run this script.\n' + echo -e 'CONSIDER MANUAL INTERVENTION:\nANSIBLE REPO(S) FOUND WITHIN /etc/apt/sources.list AND/OR /etc/apt/sources.list.d/*ansible*.list -- MUST CONTAIN LINE "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" IF YOU WANT THE LATEST ANSIBLE -- AND REMOVE ALL SIMILAR LINES TO ENSURE ANSIBLE UPDATES CLEANLY -- then re-run this script.\n' else echo -e 'Upstream ansible source repo not found:\nPLEASE UNINSTALL ANSIBLE (run "apt purge ansible" or "pip uninstall ansible", depending how Ansible was originally installed) THEN RE-RUN THIS SCRIPT.' exit 1 diff --git a/scripts/ansible-2.5.x b/scripts/ansible-2.5.x-deprecated similarity index 83% rename from scripts/ansible-2.5.x rename to scripts/ansible-2.5.x-deprecated index 7f5c2f429..62ce9ef4e 100755 --- a/scripts/ansible-2.5.x +++ b/scripts/ansible-2.5.x-deprecated @@ -1,11 +1,18 @@ #!/bin/bash -e -echo -e '\nATTEMPTING TO INSTALL THE LATEST ANSIBLE 2.5.x' -echo -e 'Ensure you'"'"'re online before running this! (/opt/iiab/iiab/scripts/ansible-2.5.x)' -echo -e 'INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch' -echo -e 'ALTERNATIVE: Consider scripts/ansible to keep up-to-date as Ansible evolves.\n' +echo -e '\n\nSTRONGLY RECOMMENDED PREREQUISITE: (1) remove all prior versions of Ansible using "apt purge ansible" and/or "pip uninstall ansible" and (2) clear out all lines containing ansible from /etc/apt/sources.list and /etc/apt/sources.list.d/*\n' -GOOD_VER="2.5.4" # Ansible version for OLPC XO laptops (pip install). +echo -e 'WARNING: repeatedly re-run "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367" if this part of the script fails due to network/mirror.\n' + +echo -e 'COMPLETE INSTALL INSTRUCTIONS:\nhttps://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n' + +echo -e 'NOW ATTEMPTING TO INSTALL THE LATEST ANSIBLE 2.5.x:' +echo -e 'Ensure you'"'"'re online before running this (/opt/iiab/iiab/scripts/ansible-2.5.x)\n' + +echo -e 'ALTERNATIVES: Run scripts/ansible-2.6.x, or scripts/ansible for the latest.\n\n' + + +GOOD_VER="2.5.6" # Ansible version for OLPC XO laptops (pip install). # On other OS's we attempt to install/upgrade/pin to the latest Ansible 2.5.x CURR_VER="undefined" # below are unused for future use @@ -19,7 +26,7 @@ if [ ! `command -v ansible-playbook` ]; then # "command -v" is POSIX compliant yum -y install ca-certificates nss epel-release yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python yum -y install python-pip python-setuptools python-wheel patch - yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.0-1.el7.ans.noarch.rpm + yum -y install https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.5-1.el7.ans.noarch.rpm # elif [ -f /etc/fedora-release ]; then # CURR_VER=`grep VERSION_ID /etc/*elease | cut -d= -f2` # URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$CURR_VER.yml diff --git a/scripts/ansible-2.6.x b/scripts/ansible-2.6.x new file mode 100755 index 000000000..5a035f722 --- /dev/null +++ b/scripts/ansible-2.6.x @@ -0,0 +1,102 @@ +#!/bin/bash -e + +echo -e '\n\nSTRONGLY RECOMMENDED PREREQUISITE: (1) remove all prior versions of Ansible using "apt purge ansible" and/or "pip uninstall ansible" and (2) clear out all lines containing ansible from /etc/apt/sources.list and /etc/apt/sources.list.d/*\n' + +echo -e 'WARNING: repeatedly re-run "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367" if this part of the script fails due to network/mirrors.\n' + +echo -e 'COMPLETE INSTALL INSTRUCTIONS:\nhttps://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n' + +echo -e 'NOW ATTEMPTING TO INSTALL THE LATEST ANSIBLE 2.6.x:' +echo -e 'Ensure you'"'"'re online before running this (/opt/iiab/iiab/scripts/ansible-2.6.x)\n' + +echo -e 'ALTERNATIVES: Run scripts/ansible-2.5.x-deprecated "slow food", or scripts/ansible for the latest.\n\n' + + +GOOD_VER="2.6.2" # Ansible version for OLPC XO laptops (pip install). + # On other OS's we attempt to install/upgrade/pin to the latest 2.6.x from PPA, which might provide an even more recent version of Ansible. +CURR_VER="undefined" +# below are unused for future use +# URL="NA" + +export DEBIAN_FRONTEND=noninteractive + +if [ ! `command -v ansible-playbook` ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" + echo "scripts/ansible-2.6.x will now try to install Ansible --- Please Wait" + if [ -f /etc/centos-release ]; then + yum -y install ca-certificates nss epel-release + yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python + yum -y install python-pip python-setuptools python-wheel patch + yum -y install https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.6.2-1.el7.ans.noarch.rpm +# elif [ -f /etc/fedora-release ]; then +# CURR_VER=`grep VERSION_ID /etc/*elease | cut -d= -f2` +# URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$CURR_VER.yml +# dnf -y install ansible git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python +# dnf -y install python-pip python-setuptools python-wheel patch + elif [ -f /etc/olpc-release ]; then + yum -y install ca-certificates nss + yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python + yum -y install python-pip python-setuptools python-wheel patch + pip install --upgrade pip setuptools wheel #EOL just do it + pip install ansible==$GOOD_VER --disable-pip-version-check + # Parens are optional, but greatly clarify :) + elif (grep -qi ubuntu /etc/lsb-release 2> /dev/null) || (grep -qi ubuntu /etc/os-release); then + apt -y install python-pip python-setuptools python-wheel patch + #apt-add-repository -y ppa:ansible/ansible + apt-add-repository -y ppa:ansible/ansible-2.6 + # elif UBUNTU MUST REMAIN ABOVE (as Ubuntu ALSO contains /etc/debian_version, which would trigger the line just below) + elif [ -f /etc/debian_version ] || (grep -qi raspbian /etc/*elease) ; then + if ( ! grep -qi ansible /etc/apt/sources.list) && [ ! -f /etc/apt/sources.list.d/ansible ]; then + apt update + #apt -y install dirmngr python-pip python-setuptools python-wheel patch + apt -y install dirmngr + #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" \ + # >> /etc/apt/sources.list.d/iiab-ansible.list + echo "deb http://ppa.launchpad.net/ansible/ansible-2.6/ubuntu xenial main" \ + >> /etc/apt/sources.list.d/iiab-ansible.list + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367 + fi + else + echo "WARN: Could not detect distro or distro unsupported" + exit 1 + fi +else + #CURR_VER=`ansible --version | head -n 1 | cut -f 2 -d " "` + CURR_VER=`ansible --version | head -1 | awk '{print $2}'` # to match iiab-install + echo "Currently installed Ansible version is: $CURR_VER" + echo -e "INTERNET-IN-A-BOX GENERALLY REQUIRES ANSIBLE VERSION: $GOOD_VER or higher\n" + if [ -f /etc/centos-release ] || [ -f /etc/fedora-release ]; then + echo "Please use your system's package manager (or pip if nec) to update Ansible." + exit 0 + elif [ -f /etc/olpc-release ]; then + echo "Please use pip package manager to update Ansible." + exit 0 + #fi + #if [[ `grep -qi ansible /etc/apt/sources.list` ]] || [ -f /etc/apt/sources.list.d/ansible*.list ]; then + elif (grep -qi ansible /etc/apt/sources.list) || (ls /etc/apt/sources.list.d/*ansible*.list >/dev/null 2>&1) ; then + #echo "Ansible repo(s) found within /etc/apt/sources.list*" + echo -e 'CONSIDER MANUAL INTERVENTION:\nANSIBLE REPO(S) FOUND WITHIN /etc/apt/sources.list AND/OR /etc/apt/sources.list.d/*ansible*.list -- MUST CONTAIN LINE "deb http://ppa.launchpad.net/ansible/ansible-2.6/ubuntu xenial main" IF YOU WANT THE LATEST ANSIBLE 2.6.x -- AND REMOVE ALL SIMILAR LINES TO ENSURE ANSIBLE UPDATES CLEANLY -- then re-run this script.\n' + else + echo -e 'Upstream ansible source repo not found:\nPLEASE UNINSTALL ANSIBLE (run "apt purge ansible" or "pip uninstall ansible", depending how Ansible was originally installed) THEN RE-RUN THIS SCRIPT.' + exit 1 + fi +fi + +if [ ! -f /etc/centos-release ] && [ ! -f /etc/fedora-release ] && [ ! -f /etc/olpc-release ]; then + # Align IIAB with Ansible community's latest official release + echo "Using apt to check for updates, then install/upgrade ansible" + apt update + apt -y --allow-downgrades install ansible=2.6* + + # TEMPORARILY USE ANSIBLE 2.4.4 (REMOVE IT WITH "pip uninstall ansible") + #pip install ansible==2.4.4 + + # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. DETAILS @ https://github.com/iiab/iiab/issues/669 + #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" + #cd /tmp + #wget http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb + #apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb +fi + +# needed? +mkdir -p /etc/ansible/ +echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts diff --git a/scripts/calibre-install-latest-rpi-plus.sh b/scripts/calibre-install-latest-rpi-plus.sh new file mode 100755 index 000000000..cf9d5114c --- /dev/null +++ b/scripts/calibre-install-latest-rpi-plus.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Calibre 3.27.1 .deb's were released for Raspbian 2018-07-22 but requires +# python-pyqt5 from debian testing, to overcome error: +# +# The following packages have unmet dependencies: +# calibre : Depends: python-pyqt5 (>= 5.11.2+dfsg-1) but 5.10.1+dfsg-2+rpi1 is to be installed +# +# More details @ https://github.com/iiab/iiab/issues/948 and +# https://www.mobileread.com/forums/showthread.php?p=3729117#post3729117 + +# Thanks to Jerry Vonau (https://github.com/jvonau) who made this critical +# breakthrough possible! +# +# SEE COMMENTS AT THE TOP OF scripts/calibre-install-packages.sh + +export DEBIAN_FRONTEND=noninteractive + +# Prepares to update from debian testing +apt-key adv --recv-key --keyserver keyserver.ubuntu.com 7638D0442B90D010 +echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list.d/debian-testing.list +apt update +apt -y install python-pyqt5 +rm /etc/apt/sources.list.d/debian-testing.list + +# Prepares to update from raspbian testing +echo "deb http://raspbian.raspberrypi.org/raspbian/ testing main" > /etc/apt/sources.list.d/rpi-testing.list +apt update +apt -y install calibre calibre-bin +rm /etc/apt/sources.list.d/rpi-testing.list +# Clears the cache of testing +apt update diff --git a/scripts/calibre-install-latest-rpi.sh b/scripts/calibre-install-latest-rpi.sh index 092cbb00c..869a4b64f 100755 --- a/scripts/calibre-install-latest-rpi.sh +++ b/scripts/calibre-install-latest-rpi.sh @@ -6,11 +6,12 @@ # SEE COMMENTS AT THE TOP OF scripts/calibre-install-packages.sh export DEBIAN_FRONTEND=noninteractive -# Prepares to update to latest from testing +# Prepares to update to latest from raspbian testing echo "deb http://raspbian.raspberrypi.org/raspbian/ testing main" > /etc/apt/sources.list.d/rpi-testing.list apt update apt -y install calibre calibre-bin -# Removes last line, safer than: rm /etc/apt/sources.list.d/rpi-testing.list -sed -i '$ d' /etc/apt/sources.list.d/rpi-testing.list +## Removes last line, safer than: rm /etc/apt/sources.list.d/rpi-testing.list +#sed -i '$ d' /etc/apt/sources.list.d/rpi-testing.list +rm /etc/apt/sources.list.d/rpi-testing.list # Clears the cache of testing apt update diff --git a/scripts/calibre-install-latest.sh b/scripts/calibre-install-latest.sh index 75142a5c2..c8bf11ebd 100755 --- a/scripts/calibre-install-latest.sh +++ b/scripts/calibre-install-latest.sh @@ -8,12 +8,13 @@ export DEBIAN_FRONTEND=noninteractive # Drags in stock desktop dependencies without too much from testing below apt -y install dirmngr -# Prepares to update to latest from testing +# Prepares to update to latest from debian testing apt-key adv --recv-key --keyserver keyserver.ubuntu.com 7638D0442B90D010 echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list.d/debian-testing.list apt update apt -y install libqt5core5a python-lxml calibre calibre-bin -# Removes last line, safer than: rm /etc/apt/sources.list.d/debian-testing.list -sed -i '$ d' /etc/apt/sources.list.d/debian-testing.list +## Removes last line, safer than: rm /etc/apt/sources.list.d/debian-testing.list +#sed -i '$ d' /etc/apt/sources.list.d/debian-testing.list +rm /etc/apt/sources.list.d/debian-testing.list # Clears the cache of testing apt update diff --git a/scripts/calibre-install-packages.sh b/scripts/calibre-install-packages.sh index 616a1a7f0..ba99b882a 100755 --- a/scripts/calibre-install-packages.sh +++ b/scripts/calibre-install-packages.sh @@ -32,12 +32,12 @@ # https://github.com/iiab/iiab/pull/833 # WORKED ON RPI 3 AND RPI 3 B+ BUT... # https://github.com/iiab/iiab/issues/835 # FAILED ON RPI ZERO W, possibly due to libc6 (IF ABOVE STEP 2 NOT RUN!) -# FYI Calibre 3.26.0 is the latest available from testing as of 2018-06-21: +# FYI Calibre 3.26.1 and 3.27.1 are the latest available from testing as of 2018-07-10: # # http://raspbian.raspberrypi.org/raspbian/pool/main/c/calibre/ # http://archive.raspbian.org/raspbian/pool/main/c/calibre/ # https://packages.debian.org/search?keywords=calibre -# http://deb.debian.org/debian/pool/main/c/calibre/ +# http://deb.debian.org/debian/pool/main/c/calibre/ ~= http://cdn-fastly.deb.debian.org/debian/pool/main/c/calibre/ # # Might break future updates; you have been warned. diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index d08dc9f3a..b83d5305a 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -23,6 +23,7 @@ case $OS_VER in "fedora-22" | \ "debian-8" | \ "debian-9" | \ + "debian-10" | \ "ubuntu-16" | \ "ubuntu-17" | \ "ubuntu-18" | \ diff --git a/vars/debian-10.yml b/vars/debian-10.yml new file mode 100644 index 000000000..bf4245c86 --- /dev/null +++ b/vars/debian-10.yml @@ -0,0 +1,24 @@ +is_debuntu: True +is_debian: True +is_debian_10: True +dns_service: bind9 +dhcp_service: isc-dhcp-server +dns_user: bind +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_config_dir: apache2/sites-available +apache_user: www-data +apache_log_dir: /var/log/apache2 +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +apache_log: /var/log/apache2/access.log +sshd_service: ssh +php_version: 7.1 +postgresql_version: 10 +systemd_location: /lib/systemd/system +# Upgrade OS's own Calibre to very latest: +calibre_via_debs: True +calibre_via_python: False diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ebe72e509..76df8d252 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -1,7 +1,7 @@ # WARNING: DO NOT MODIFY THIS FILE. # CHANGES WILL BE LOST IF YOU DO A GIT PULL OR FETCH. -# Instead put changes in local_vars.yml which is not tracked by git: -# http://wiki.iiab.io/local_vars.yml +# Instead put changes in your own /etc/iiab/local_vars.yml +# See http://wiki.iiab.io/local_vars.yml to learn more! # By convention we use True/False to indicate boolean constants. @@ -22,6 +22,7 @@ download_timeout: 200 # Configuration File(s) iiab_config_file: /etc/iiab/iiab.ini +iiab_local_vars_file: /etc/iiab/local_vars.yml service_filelist: "{{ iiab_config_file }}" # The following variable may be useful in debugging @@ -52,8 +53,9 @@ local_tz: "{{ ansible_date_time.tz }}" # Read https://github.com/iiab/iiab/wiki/IIAB-Networking # Also readable offline @ http://box/info/IIAB-Networking.html -# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 60 LINES, as enabled by Ansible's -# NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS. +# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 65 LINES, as enabled by Ansible's +# NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS below. +# SEE ALSO: /opt/iiab/iiab/roles/network/defaults/main.yml iiab_hostname: box iiab_domain: lan @@ -63,7 +65,7 @@ lan_netmask: 255.255.224.0 # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled # The platform variable adapts install to specific hardware (raspberry pi=rpi2) -# Raspbian req WiFi country since March 2018. CHANGE IT IN vars/local_vars.yml +# Raspbian req WiFi country since March 2018. CHANGE IT IN /etc/iiab/local_vars.yml host_country_code: US host_ssid: "Internet in a Box" host_wifi_mode: g @@ -105,13 +107,20 @@ named_enabled: True block_DNS: False # dnsmasq -dnsmasq_install: False +dnsmasq_install: True dnsmasq_enabled: False -# Captive Portal highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608 +# Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +dns_jail_enabled: False + +# For @tim-moody's Nodogsplash approach to Captive Portal? High experimental as of June 2018: github.com/iiab/iiab/issues/608 captive_portal_install: False captive_portal_enabled: False +# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870 +py_captive_portal_install: True +py_captive_portal_enabled: False + # Squid squid_install: False squid_enabled: False @@ -158,8 +167,8 @@ schooltool_enabled: False # 3-BASE-SERVER -# Needed if you want http://box/common/services/power_off.php to work -allow_apache_sudo: False +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True # roles/httpd runs here @@ -179,6 +188,7 @@ sshd_enabled: True # OpenVPN vpn_presence: xscenet.net openvpn_server_port: 1194 +openvpn_server_virtual_ip: 10.8.0.1 openvpn_cron_enabled: False openvpn_install: True openvpn_enabled: False @@ -186,15 +196,15 @@ openvpn_enabled: False # roles/network runs here (MANY SETTINGS ABOVE) # Homepage -# Default to the GUI where the selection is made or override in local_vars.yml iiab_home_url: /home -# You can change iiab_home_url in local_vars.yml in order to get a different -# homepage. For example one of the following: (assuming they are enabled) +# You can change iiab_home_url in /etc/iiab/local_vars.yml to get a different +# homepage. For example one of the following: (if its service is enabled!) # iiab_home_url: /home # iiab_home_url: /wordpress -# iiab_home_url: /wiki - either dokuwiki or mediawiki +# iiab_home_url: /wiki # for dokuwiki +# iiab_home_url: /mediawiki # PostgreSQL auto-installed by Moodle &/or Pathagar as nec, no need to touch! # roles/1-prep/tasks/computed_vars.yml, roles/4-server-options/tasks/main.yml @@ -295,14 +305,21 @@ wordpress_enabled: False # KA Lite kalite_install: True +kalite_enabled: False +kalite_server_port: 8008 kalite_root: "/library/ka-lite" +# Unused in 2018; but remain as placeholders for Fedora 18 legacy (XO laptops) +kalite_cron_enabled: False kalite_user: kalite kalite_password_hash: $6$<salt>$KHET0XRRsgAY.wOWyTOI3W7dyDh0ESOr48uI5vtk2xdzsU7aw0TF4ZkNuM34RmHBGMJ1fTCmOyVobo0LOhBlJ/ kalite_password: kalite -kalite_server_name: kalite -kalite_server_port: 8008 -kalite_enabled: False -kalite_cron_enabled: False +# Unused in 2018 +# kalite_server_name: kalite + +# Kolibri +kolibri_install: False +kolibri_enabled: False +kolibri_http_port: 8009 # Kiwix kiwix_install: True @@ -326,6 +343,8 @@ pathagar_install: False pathagar_enabled: False # Sugarizer +# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 sugarizer_install: True sugarizer_enabled: False sugarizer_port: 8089 @@ -399,9 +418,10 @@ xovis_chart_heading: "My School: Usage Data Visualization" # wide to narrow is_debuntu: False is_ubuntu: False -is_ubuntu_16: False is_ubuntu_18: False +is_ubuntu_16: False is_debian: False +is_debian_10: False is_debian_9: False is_debian_8: False is_rpi: False diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index d89b264d5..7e693f6c3 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -1,4 +1,4 @@ -# This is local_vars_big.yml -- copy it to local_vars.yml then... +# This is local_vars_big.yml -- copy it to /etc/iiab/local_vars.yml then... # Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml @@ -39,8 +39,6 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -dns_jail_enabled: False - # Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or # 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables # within github.com/iiab/iiab/blob/master/roles/ @@ -49,8 +47,16 @@ services_externally_visible: True # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False -# Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +# dnsmasq +dnsmasq_install: True +dnsmasq_enabled: False + +# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +dns_jail_enabled: False + +# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870 +py_captive_portal_install: True +py_captive_portal_enabled: False # Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: squid_install: True @@ -69,6 +75,9 @@ dansguardian_enabled: True # 3-BASE-SERVER +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS @@ -159,8 +168,12 @@ wordpress_enabled: True kalite_install: True kalite_enabled: True +# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops) kalite_cron_enabled: True +kolibri_install: True +kolibri_enabled: True + kiwix_install: True kiwix_enabled: True @@ -177,11 +190,9 @@ pathagar_install: False pathagar_enabled: False # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 sugarizer_install: True sugarizer_enabled: True -# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! -# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail -# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues # 8-MGMT-TOOLS diff --git a/vars/local_vars_big_vpn.yml b/vars/local_vars_big_vpn.yml index 699ebc145..33e5aa6e8 100644 --- a/vars/local_vars_big_vpn.yml +++ b/vars/local_vars_big_vpn.yml @@ -1,4 +1,4 @@ -# This is local_vars_big_vpn.yml -- copy it to local_vars.yml then... +# This is local_vars_big_vpn.yml -- copy it to /etc/iiab/local_vars.yml then... # Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml @@ -39,8 +39,6 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -dns_jail_enabled: False - # Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or # 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables # within github.com/iiab/iiab/blob/master/roles/ @@ -49,8 +47,16 @@ services_externally_visible: True # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False -# Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +# dnsmasq +dnsmasq_install: True +dnsmasq_enabled: False + +# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +dns_jail_enabled: False + +# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870 +py_captive_portal_install: True +py_captive_portal_enabled: False # Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: squid_install: True @@ -69,6 +75,9 @@ dansguardian_enabled: True # 3-BASE-SERVER +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS @@ -159,8 +168,12 @@ wordpress_enabled: True kalite_install: True kalite_enabled: True +# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops) kalite_cron_enabled: True +kolibri_install: True +kolibri_enabled: True + kiwix_install: True kiwix_enabled: True @@ -177,11 +190,9 @@ pathagar_install: False pathagar_enabled: False # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 sugarizer_install: True sugarizer_enabled: True -# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! -# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail -# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues # 8-MGMT-TOOLS diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 8e3b2cb0f..fd109e255 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -1,4 +1,4 @@ -# This is local_vars_medium.yml -- copy it to local_vars.yml then... +# This is local_vars_medium.yml -- copy it to /etc/iiab/local_vars.yml then... # Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml @@ -39,8 +39,6 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -dns_jail_enabled: False - # Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or # 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables # within github.com/iiab/iiab/blob/master/roles/ @@ -49,8 +47,16 @@ services_externally_visible: True # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False -# Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +# dnsmasq +dnsmasq_install: True +dnsmasq_enabled: False + +# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +dns_jail_enabled: False + +# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870 +py_captive_portal_install: True +py_captive_portal_enabled: False # Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: squid_install: False @@ -69,6 +75,9 @@ dansguardian_enabled: False # 3-BASE-SERVER +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS @@ -159,8 +168,12 @@ wordpress_enabled: True kalite_install: True kalite_enabled: True +# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops) kalite_cron_enabled: True +kolibri_install: False +kolibri_enabled: False + kiwix_install: True kiwix_enabled: True @@ -177,11 +190,9 @@ pathagar_install: False pathagar_enabled: False # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 sugarizer_install: True sugarizer_enabled: True -# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! -# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail -# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues # 8-MGMT-TOOLS diff --git a/vars/local_vars_medium_vpn.yml b/vars/local_vars_medium_vpn.yml index bb5cfed17..b82c44260 100644 --- a/vars/local_vars_medium_vpn.yml +++ b/vars/local_vars_medium_vpn.yml @@ -1,4 +1,4 @@ -# This is local_vars_medium_vpn.yml -- copy it to local_vars.yml then... +# This is local_vars_medium_vpn.yml -- copy it to /etc/iiab/local_vars.yml then... # Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml @@ -39,8 +39,6 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -dns_jail_enabled: False - # Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or # 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables # within github.com/iiab/iiab/blob/master/roles/ @@ -49,8 +47,16 @@ services_externally_visible: True # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False -# Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +# dnsmasq +dnsmasq_install: True +dnsmasq_enabled: False + +# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +dns_jail_enabled: False + +# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870 +py_captive_portal_install: True +py_captive_portal_enabled: False # Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: squid_install: False @@ -69,6 +75,9 @@ dansguardian_enabled: False # 3-BASE-SERVER +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS @@ -159,8 +168,12 @@ wordpress_enabled: True kalite_install: True kalite_enabled: True +# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops) kalite_cron_enabled: True +kolibri_install: False +kolibri_enabled: False + kiwix_install: True kiwix_enabled: True @@ -177,11 +190,9 @@ pathagar_install: False pathagar_enabled: False # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 sugarizer_install: True sugarizer_enabled: True -# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! -# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail -# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues # 8-MGMT-TOOLS diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index a29a150db..8f5ee2ba1 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -1,4 +1,4 @@ -# This is local_vars_min.yml -- copy it to local_vars.yml then... +# This is local_vars_min.yml -- copy it to /etc/iiab/local_vars.yml then... # Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml @@ -31,7 +31,7 @@ iiab_domain: lan # Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki) iiab_home_url: /home -# Raspbian requires WiFi country since March 2018. Please set it here: +# Raspbian requires Wi-Fi country since March 2018. Please set it here: host_country_code: US host_ssid: "Internet in a Box" host_wifi_mode: g @@ -39,8 +39,6 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -dns_jail_enabled: False - # Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or # 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables # within github.com/iiab/iiab/blob/master/roles/ @@ -49,8 +47,16 @@ services_externally_visible: True # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False -# Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +# dnsmasq +dnsmasq_install: True +dnsmasq_enabled: False + +# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +dns_jail_enabled: False + +# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870 +py_captive_portal_install: True +py_captive_portal_enabled: False # Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: squid_install: False @@ -69,6 +75,9 @@ dansguardian_enabled: False # 3-BASE-SERVER +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS @@ -159,8 +168,12 @@ wordpress_enabled: False kalite_install: True kalite_enabled: True +# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops) kalite_cron_enabled: True +kolibri_install: False +kolibri_enabled: False + kiwix_install: True kiwix_enabled: True @@ -177,11 +190,9 @@ pathagar_install: False pathagar_enabled: False # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 sugarizer_install: False sugarizer_enabled: False -# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! -# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail -# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues # 8-MGMT-TOOLS diff --git a/vars/local_vars_min_vpn.yml b/vars/local_vars_min_vpn.yml index 351e01b4a..015bc0ee0 100644 --- a/vars/local_vars_min_vpn.yml +++ b/vars/local_vars_min_vpn.yml @@ -1,4 +1,4 @@ -# This is local_vars_min_vpn.yml -- copy it to local_vars.yml then... +# This is local_vars_min_vpn.yml -- copy it to /etc/iiab/local_vars.yml then... # Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml @@ -39,8 +39,6 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -dns_jail_enabled: False - # Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or # 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables # within github.com/iiab/iiab/blob/master/roles/ @@ -49,8 +47,16 @@ services_externally_visible: True # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False -# Make this False to disable http://box/common/services/power_off.php button: -allow_apache_sudo: True +# dnsmasq +dnsmasq_install: True +dnsmasq_enabled: False + +# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" +dns_jail_enabled: False + +# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870 +py_captive_portal_install: True +py_captive_portal_enabled: False # Stages 3 & 4 must be run (using iiab-install or runrole) if changing these: squid_install: False @@ -69,6 +75,9 @@ dansguardian_enabled: False # 3-BASE-SERVER +# Make this False to disable http://box/common/services/power_off.php button: +allow_apache_sudo: True + # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS @@ -159,8 +168,12 @@ wordpress_enabled: False kalite_install: True kalite_enabled: True +# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops) kalite_cron_enabled: True +kolibri_install: False +kolibri_enabled: False + kiwix_install: True kiwix_enabled: True @@ -177,11 +190,9 @@ pathagar_install: False pathagar_enabled: False # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 +# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 sugarizer_install: False sugarizer_enabled: False -# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal! -# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail -# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues # 8-MGMT-TOOLS