Merge pull request #2250 from holta/local_content-dir-change-group

Modularize roles/usb_lib + change group ownership of /library/www/html/local_content
2025-02-13 03:32:12 +00:00 · 2020-02-13 21:18:26 -05:00 · 2020-02-13 21:18:26 -05:00 · 27e508c444
commit 27e508c444
parent e1d5261f84 37ae468e7d
4 changed files with 112 additions and 86 deletions
--- a/roles/usb_lib/tasks/enable-or-disable.yml
+++ b/roles/usb_lib/tasks/enable-or-disable.yml
@ -0,0 +1,37 @@
+- name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled
+  template:
+    src: mount.d/70-usb-library
+    dest: /etc/usbmount/mount.d/
+    owner: root
+    group: root
+    mode: '0751'
+  when: usb_lib_enabled | bool
+
+- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
+  template:
+    src: umount.d/70-usb-library
+    dest: /etc/usbmount/umount.d
+    owner: root
+    group: root
+    mode: '0751'
+  when: usb_lib_enabled | bool
+
+- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
+  file:
+    path: /etc/usbmount/mount.d/70-usb-library
+    state: absent
+  when: not usb_lib_enabled
+
+- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled
+  file:
+    path: /etc/usbmount/umount.d/70-usb-library
+    state: absent
+  when: not usb_lib_enabled
+
+- name: Enable http://box/usb via Apache, if usb_lib_enabled
+  command: a2ensite content_dir.conf
+  when: apache_install and usb_lib_enabled
+
+- name: Disable http://box/usb via Apache, if not usb_lib_enabled
+  command: a2dissite content_dir.conf
+  when: apache_install and not usb_lib_enabled
--- a/roles/usb_lib/tasks/install.yml
+++ b/roles/usb_lib/tasks/install.yml
@ -0,0 +1,43 @@
+- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
+  file:
+    state: directory
+    path: "{{ doc_root }}/local_content"
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"    # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222)
+    mode: '0775'
+
+- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off'
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
+    - { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
+    - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' }
+    - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' }
+
+- name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf
+  lineinfile:
+    regexp: '^FILESYSTEMS.*'
+    line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
+    path: /etc/usbmount/usbmount.conf
+
+- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
+  template:
+    src: content_dir.conf
+    dest: "/etc/{{ apache_conf_dir }}"    # apache2/sites-available on debuntu
+  when: apache_install
+
+
+# RECORD 'USB_LIB' AS INSTALLED
+
+- name: "Set 'usb_lib_installed: True'"
+  set_fact:
+    usb_lib_installed: True
+
+- name: "Add 'usb_lib_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^usb_lib_installed'
+    line: 'usb_lib_installed: True'
--- a/roles/usb_lib/tasks/main.yml
+++ b/roles/usb_lib/tasks/main.yml
@ -1,91 +1,36 @@
-# TO DO:
-# - validate input vars + prereqs
-# - move 6 top stanzas into install.yml
-# - move 6 mid/lower stanzas into enable-or-disable.yml
-# - verify analogous NGINX logic from roles/nginx/* -- then integrate as nec?
-
- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
-  file:
-    state: directory
-    path: "{{ doc_root }}/local_content"
-    owner: "{{ apache_user }}"
-    group: "{{ iiab_admin_user }}"    # ISN'T "{{ apache_user }}" MORE APPROPRIATE?
-    mode: '0775'
-
- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off'
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
-    - { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
-    - { src: 'iiab-usb_lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
-    - { src: 'iiab-usb_lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
-
- name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf
-  lineinfile:
-    regexp: '^FILESYSTEMS.*'
-    line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
-    path: /etc/usbmount/usbmount.conf
-
- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
-  template:
-    src: content_dir.conf
-    dest: "/etc/{{ apache_conf_dir }}"
-  when: apache_install
+# TO DO: (2020-02-13)
+# - Look at analogous NGINX logic for http://box/usb in
+#   nginx/templates/iiab.conf.j2 and make that visually meaningful for teachers:
+# https://github.com/iiab/iiab/blob/master/roles/nginx/templates/iiab.conf.j2#L5-L8


-# RECORD usb_lib AS INSTALLED
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499

- name: "Set 'usb_lib_installed: True'"
-  set_fact:
-    usb_lib_installed: True
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible

- name: "Add 'usb_lib_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^usb_lib_installed'
-    line: 'usb_lib_installed: True'
+- name: Assert that "usb_lib_install is sameas true" (boolean not string etc)
+  assert:
+    that: usb_lib_install is sameas true
+    fail_msg: "PLEASE SET 'usb_lib_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "usb_lib_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: usb_lib_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'usb_lib_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes


- name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled
-  template:
-    src: mount.d/70-usb-library
-    dest: /etc/usbmount/mount.d/
-    owner: root
-    group: root
-    mode: '0751'
-  when: usb_lib_enabled | bool
+- name: Install USB_LIB if 'usb_lib_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: usb_lib_installed is undefined

- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
-  template:
-    src: umount.d/70-usb-library
-    dest: /etc/usbmount/umount.d
-    owner: root
-    group: root
-    mode: '0751'
-  when: usb_lib_enabled | bool

- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
-  file:
-    path: /etc/usbmount/mount.d/70-usb-library
-    state: absent
-  when: not usb_lib_enabled
-
- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled
-  file:
-    path: /etc/usbmount/umount.d/70-usb-library
-    state: absent
-  when: not usb_lib_enabled
-
- name: Enable http://box/usb via Apache, if usb_lib_enabled
-  command: a2ensite content_dir.conf
-  when: apache_install and usb_lib_enabled
-
- name: Disable http://box/usb via Apache, if not usb_lib_enabled
-  command: a2dissite content_dir.conf
-  when: apache_install and not usb_lib_enabled
+- include_tasks: enable-or-disable.yml


 - name: Put variable in iiab.env that enables display of content at root of USB
@ -96,14 +41,16 @@

 - name: Add 'usb_lib' variable values to {{ iiab_ini_file }}
  ini_file:
-    path: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: usb_lib
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
-      value: usb_lib
+      value: USB_LIB
    - option: description
-      value: '"usb_lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
-    - option: enabled
+      value: '"USB_LIB automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
+    - option: usb_lib_install
+      value: "{{ usb_lib_install }}"
+    - option: usb_lib_enabled
      value: "{{ usb_lib_enabled }}"
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@ -49,7 +49,6 @@ language_priority: en es fr
 iiab_admin_user_install: True
 # If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing
 # Linux user that has sudo access, for login to Admin Console http://box/admin
-# ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml TO SET GROUP PERM FOR /library/www/html/local_content (ISN'T {{ apache_user }} MORE APPROPRIATE?)
 iiab_admin_user: iiab-admin
 iiab_admin_published_pwd: g0adm1n    # For live checks/alerts of published pwds
 # Password hash to override above, if Ansible creates above user:
@ -304,7 +303,7 @@ samba_udp_ports: "137:138"
 samba_tcp_mports: "139,445"
 shared_dir : "{{ content_base }}/public"    # /library/public

-# usb-lib
+# USB_LIB
 usb_lib_install: True
 usb_lib_enabled: True
 # Show entire contents of USB sticks/drives (at http://box/usb)