Merge pull request #496 from iiab/master

Sync from iiab/iiab:master

roles/3-base-server/tasks/main.yml

@@ -8,9 +8,9 @@
     name: mysql
   #when: mysql_install
 
-# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles:
+# 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles:
 #
-#    cups, elgg, lokole, moodle, nodered, pbx, phpmyadmin
+#    cups, elgg, moodle, nodered, pbx, phpmyadmin
 #
 # These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files:
 #

roles/awstats/tasks/install.yml

@@ -1,31 +1,29 @@
 # TO DO:
 #
-# - Prepare for a possible future w/o Apache by verifying/refining below...
+# Prepare for a possible future w/o Apache by verifying/refining below...
-#   - 5 'when: apache_installed is defined'
+# - 5 'when: apache_installed is defined'  (2021-05-21: COMMENT OUT THESE STANZAS SOON!?)
 # - 1 'when: nginx_install'
 # - 8 core stanzas w/o such 'when:' clauses
 
-- name: 'Install 3 packages: awstats, openssl, pwauth'
+- name: 'Install package: awstats'
   package:
-    name:
+    name: awstats
-      - awstats
-      - pwauth
-      - openssl
     state: present
 
-- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external'
+- name: 'Install package: pwauth (when: apache_installed is defined)'
   package:
     name:
-      - libapache2-mod-authnz-external
+      - pwauth    # Auto-installs apache2-bin and libapache2-mod-authnz-external
-      - apache2-utils
+      #- apache2-utils    # Unneeded?  (In any case, already installed by Apache itself.)
+      #- openssl    # Unneeded?  (In any case, already installed by most every Linux distro.)
     state: present
   when: apache_installed is defined
 
-- name: Run 'a2enmod cgi' to enable cgi execution via Apache
+- name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)"
   command: a2enmod cgi
   when: apache_installed is defined
 
-- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
+- name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)'
   file:
     state: directory
     recurse: yes
@@ -41,7 +39,7 @@
     state: directory
     recurse: yes
     path: "{{ item }}"
-    owner: "{{ apache_user }}"
+    owner: "{{ apache_user }}"    # USED FOR NGINX TOO: 'www-data' on debuntu
     group: "{{ apache_user }}"
     mode: u+rw,g+r,g-w,o-rwx    # '0750' turned on too many x bits
     #force: yes
@@ -49,13 +47,13 @@
     - "{{ awstats_data_dir }}"    # /library/awstats
     - /usr/lib/cgi-bin/awstats    # create backward compatible path for awstats
 
-- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
+- name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)'
   template:
     src: apache-awstats.conf
     dest: "/etc/{{ apache_conf_dir }}/awstats.conf"    # apache2/sites-available on debuntu
   when: apache_installed is defined
 
-- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
+- name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)"
   template:
     src: logrotate.d.apache2
     dest: /etc/logrotate.d/apache2

roles/mediawiki/tasks/install.yml

@@ -18,7 +18,7 @@
   unarchive:
     src: "{{ downloads_dir }}/{{ mediawiki_src }}"
     dest: "{{ mediawiki_install_path }}"    # /library
-    owner: "{{ apache_user }}"
+    owner: "{{ apache_user }}"    # www-data on debuntu
     group: "{{ apache_user }}"
     mode: u+rw,g+r,o+r    # '0755' forced executable bits on files
     keep_newer: yes
@@ -31,7 +31,7 @@
 
 - name: Start MySQL systemd service ({{ mysql_service }}) so we can create db
   systemd:
-    name: "{{ mysql_service }}"
+    name: "{{ mysql_service }}"    # mariadb on debuntu
     state: started
 
 - name: Create MySQL database {{ mediawiki_db_name }}
@@ -64,7 +64,7 @@
     chdir: "{{ mediawiki_abs_path }}"    # /library/mediawiki-1.XY.Z
     creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
 
-- name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
+- name: Configure $wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
   lineinfile:
     path: "{{ mediawiki_abs_path }}/LocalSettings.php"    # /library/mediawiki-1.XY.Z
     line: '$wgArticlePath = "/wiki/$1";'

roles/nginx/README.md

@@ -10,7 +10,7 @@
 
 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
 
-3. Current state of IIAB App/Service migrations as of 2021-05-15:
+3. Current state of IIAB App/Service migrations as of 2021-05-21: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
 
    1. These support "Native" NGINX but ***NOT*** Apache
       * Admin Console
@@ -34,16 +34,16 @@
       * sugarizer
       * wordpress
 
-   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache.
+   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache.
       * elgg
-      * moodle
+      * moodle [*, PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)]
       * nodered
 
    4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations).  In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
       * bluetooth
       * calibre (menu goes directly to port 8080)
-      * cups [(available on port 631) * shim not yet in place.]
+      * cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)]
-      * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*]
+      * internetarchive (menu goes directly to port 4244) [*, [PR #2120](https://github.com/iiab/iiab/pull/2120)]
       * kalite (menu goes directly to ports 8006-8008)
       * minetest
       * mosquitto
@@ -55,4 +55,4 @@
       * transmission
       * vnstat
 
-[*] The 4 above starred roles could use improvement, as of 2021-05-15.
+[*] The 5 above starred roles could use improvement, as of 2021-05-21.

roles/nginx/tasks/install.yml

@@ -5,16 +5,15 @@
   ignore_errors: yes
   # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2
 
-- name: Install required and helper packages for NGINX
+- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php-fpm, uwsgi, uwsgi-plugin-python3'
   package:
-    name: "{{ item }}"
+    name:
-    state: present
+      - libnginx-mod-http-subs-filter
-  with_items:
       - nginx-extras
+      - php-fpm
       - uwsgi
       - uwsgi-plugin-python3
-    - php-fpm
+    state: present
-    - libnginx-mod-http-subs-filter
 
 # 2020-10-16: Removed per #2560
 #- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
@@ -27,7 +26,7 @@
     path: /etc/nginx/sites-enabled/default
     state: absent
 
-- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf'
+- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"