Merge branch 'validate' into validate

roles/0-init/tasks/validate_vars.yml

@@ -1,9 +1,14 @@
 # 2020-01-21: Ansible Input Validation (basic sanity checking for now) to check
 # that *_install and *_enabled variables (as set in places like
-# /etc/iiab/local_vars.yml) appear coherent i.e. (1) are confirmed defined, (2)
-# have type boolean (Ansible often inverts logic when boolean vars are
+# /etc/iiab/local_vars.yml) appear coherent i.e. (1) are confirmed defined,
+# (2) have type boolean (Ansible often inverts logic when boolean vars are
 # accidentally declared as strings, see below!) and (3) have plausible values.
 
+# 2020-01-23: *_installed variables (incrementally saved to
+# /etc/iiab/iiab_state.yml) are not required to be boolean (or even defined!)
+# for now.  However if any of these are defined, the corresponding value of
+# *_install must be True, as IIAB does not currently support uninstalling!
+
 # Stricter validation is needed later, when roles/playbooks/tasks are invoked
 # by various scripts, possibly bypassing 0-init?  Either way, risks abound :/
 
@@ -32,10 +37,11 @@
 # I want to perform input validation for Ansible playbooks"
 # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-# 2020-01-21: checks 46+46 vars...for now...expect this to change!  Should we
-# remove idmgr as it's officially now UNMAINTAINED in default_vars.yml and
+# 2020-01-23: checks 53 + 53 + 53 vars...for now...expect this to change!
+# Should we remove {xo_services, activity_server, ejabberd_xs, idmgr} as these
+# are officially now UNMAINTAINED in default_vars.yml and
 # https://github.com/iiab/iiab/blob/master/unmaintained-roles.txt etc?
-- name: Set vars_checklist for ~46 + ~46 vars ("XYZ_install" + "XYZ_enabled") to be checked
+- name: Set vars_checklist for 53 + 53 + 53 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
   set_fact:
     vars_checklist:
       - hostapd
@@ -47,6 +53,7 @@
       - wondershaper
       - sshd
       - openvpn
+      - admin_console
       - nginx
       - apache
       - mysql
@@ -55,6 +62,10 @@
       - postgresql
       - cups
       - samba
+      - usb_lib
+      - xo_services
+      - activity_server
+      - ejabberd_xs
       - idmgr
       - azuracast
       - dokuwiki
@@ -64,6 +75,7 @@
       - lokole
       - mediawiki
       - mosquitto
+      - nodejs
       - nodered
       - nextcloud
       - pbx
@@ -74,6 +86,7 @@
       - moodle
       - mongodb
       - sugarizer
+      - osm_vector_maps
       - transmission
       - awstats
       - monit
@@ -88,7 +101,7 @@
 - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined
   assert:
     that: "{{ item }}_install is defined"
-    fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
   loop: "{{ vars_checklist }}"
   #register: install_vars_defined
@@ -96,7 +109,7 @@
 - name: Assert that {{ vars_checklist | length }} "XYZ_enabled" vars are all... defined
   assert:
     that: "{{ item }}_enabled is defined"
-    fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
   loop: "{{ vars_checklist }}"
   #register: enabled_vars_defined
@@ -104,7 +117,7 @@
 - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... type boolean (NOT type string, which can invert logic!)
   assert:
     that: "{{ item }}_install | type_debug == 'bool'"
-    fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
   loop: "{{ vars_checklist }}"
   #register: install_vars_boolean
@@ -112,7 +125,7 @@
 - name: Assert that {{ vars_checklist | length }} "XYZ_enabled" vars are all... type boolean (NOT type string, which can invert logic!)
   assert:
     that: "{{ item }}_enabled | type_debug == 'bool'"
-    fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
   loop: "{{ vars_checklist }}"
   #register: enabled_vars_boolean
@@ -120,15 +133,15 @@
 - name: 'DISALLOW "XYZ_install: False" WITH "XYZ_enabled: True" ...for all {{ vars_checklist | length }} var pairs'
   assert:
     that: "{{ item }}_install or not {{ item }}_enabled"
-    fail_msg: "PLEASE VERIFY THESE 2 VARIABLES e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "IIAB DOES NOT SUPPORT UNINSTALLS. PLEASE VERIFY {{ item }}_install AND {{ item }}_enabled e.g. IN: /etc/iiab/local_vars.yml"
     #fail_msg: '{{ item }}_install or not {{ item }}_enabled    {{ item }}_install is {{ {{ item }}_install }}    {{ item }}_enabled is {{ {{ item }}_enabled }}'   # Is there a way to output var values ?
     quiet: yes
   loop: "{{ vars_checklist }}"
   #register: var_pairs_validation
 
-- name: 'DISALLOW "XYZ_install: False" WITH "XYZ_installed: True" ...for all {{ vars_checklist | length }} var pairs'
+- name: 'DISALLOW "XYZ_install: False" WHEN "XYZ_installed is defined" IN /etc/iiab/iiab_state.yml ...for all {{ vars_checklist | length }} var pairs'
   assert:
     that: "{{ item }}_install or {{ item }}_installed is undefined"
-    fail_msg: "{{ item }} already installed please set to True in: /etc/iiab/local_vars.yml"
+    fail_msg: "{{ item }} ALREADY INSTALLED. IIAB DOES NOT SUPPORT UNINSTALLS. PLEASE SET '{{ item }}_install: True' e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
   loop: "{{ vars_checklist }}"

roles/2-common/tasks/fl.yml

@@ -37,14 +37,3 @@
     src: "{{ doc_root }}/common/fonts"    # /library/www/html
     path: "{{ doc_root }}/common/webfonts"
     state: link
-
-- name: File Layout - Create log file directories {{ apache_log_dir }} & {{ nginx_log_dir }}
-  file:
-    path: "{{ item }}"
-    owner: "{{ apache_user }}"    # www-data
-    group: "{{ apache_user }}"    # www-data
-    mode: '0770'
-    state: directory
-  with_items:
-    - "{{ apache_log_dir }}"    # /var/log/apache2 typically, as set in /opt/iiab/iiab/vars/<OS>.yml
-    - "{{ nginx_log_dir }}"     # /var/log/nginx

roles/captiveportal/tasks/enable-or-disable.yml

@@ -0,0 +1,65 @@
+# 2020-01-22: Package 'uwsgi' is installed by nginx/tasks/install.yml for
+# Captive Portal (responds to browsers trying to detect a Captive Portal) and
+# also for Admin Console.
+
+# IIAB makes the 'uwsgi' service mandatory for now (see Line 45) but this could
+# perhaps be auto-disabled in future (or never installed?)  e.g. if Captive
+# Portal + Admin Console are both unneeded...and impact of uWSGI is too high ?
+
+- name: Stop 'uwsgi' systemd service (may include 3 child processes for Captive Portal, and 3 child processes for Admin Console)
+  systemd:
+    name: uwsgi
+    state: stopped
+
+- name: Install /etc/uwsgi/apps-enabled/captiveportal.ini from template (if captiveportal_enabled)
+  template:
+    src: captiveportal.ini.j2
+    dest: /etc/uwsgi/apps-enabled/captiveportal.ini
+  when: captiveportal_enabled | bool
+
+- name: Delete /etc/uwsgi/apps-enabled/captiveportal.ini (if not captiveportal_enabled)
+  file:
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: absent
+  when: not captiveportal_enabled
+
+- name: Symlink /etc/nginx/sites-enabled/capture.conf -> /etc/nginx/sites-available/capture.conf to enable NGINX to service the sites in checkurls list (if captiveportal_enabled)
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
+- name: Delete symlink /etc/nginx/sites-enabled/capture.conf to disable NGINX to location definitions for checkurls (if not captiveportal_enabled)
+  file:
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled
+
+- name: Delete /etc/dnsmasq.d/capture to make sure dnsmasq is not diverting (if not captiveportal_enabled)
+  file:
+    path: /etc/dnsmasq.d/capture
+    state: absent
+  when: not captiveportal_enabled
+
+# Let's assume (for now) that Admin Console was/will be installed. Disabling of
+# uWSGI's service can be implemented later as nec, e.g. if CP+AC both disabled?
+- name: Start & Enable 'uwsgi' systemd service (may include 3 child processes for Captive Portal, and 3 child processes for Admin Console)
+  systemd:
+    name: uwsgi
+    daemon_reload: yes
+    state: started
+    enabled: true
+
+# Unify 2 stanzas below ('state: restarted') when we end Ubuntu 16.04 support.
+- name: Stop 'dnsmasq' systemd service (if dnsmasq_enabled)
+  systemd:
+    name: dnsmasq
+    state: stopped
+  when: dnsmasq_enabled | bool
+
+- name: Start 'dnsmasq' systemd service (if dnsmasq_enabled)
+  systemd:
+    name: dnsmasq
+    state: started
+  when: dnsmasq_enabled | bool

roles/captiveportal/tasks/install.yml

@@ -0,0 +1,59 @@
+- name: "Download & install packages: python3-dateutil, python3-jinja2"
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - python3-dateutil
+    - python3-jinja2
+
+- name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }}
+  file:
+    path: /opt/iiab/captiveportal
+    state: directory
+    owner: "{{ apache_user }}"
+
+- name: mkdir /var/log/captiveportal for logs, set ownership {{ apache_user }}:{{ apache_user }}, set mode '0750'
+  file:
+    path: /var/log/captiveportal
+    state: directory
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    mode: '0750'    # Same as /var/log/apache2
+
+- name: "Install 3 scripts from template: /opt/iiab/captiveportal/checkurls, /usr/sbin/iiab-divert-to-nginx, /usr/sbin/iiab-make-cp-servers.py"
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' }
+
+- name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server)
+  template:
+    src: capture-wsgi.py.j2
+    dest: /opt/iiab/captiveportal/capture-wsgi.py
+    mode: '0755'
+
+- name: Copy files {simple.template, mac.template} into /opt/iiab/captiveportal/
+  copy:
+    src: "{{ item }}"
+    dest: /opt/iiab/captiveportal/
+  with_items:
+    - simple.template
+    - mac.template
+
+- name: Run iiab-divert-to-nginx to generate diversion lists for NGINX
+  shell: /usr/sbin/iiab-divert-to-nginx
+
+- name: Run iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf)
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+    creates: /etc/nginx/sites-available/capture.conf
+
+- name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^captiveportal_installed'
+    line: 'captiveportal_installed: True'

roles/captiveportal/tasks/main.yml

@@ -1,128 +1,46 @@
-# TO DO: move ~7 stanzas below into tasks/install.yml
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: "Download & install packages: python3-dateutil, python3-jinja2"
-  package:
-    name: "{{ item }}"
-    state: present
+# If 0-init/tasks/validate_vars.yml has DEFINITELY been run (?) perhaps no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "captiveportal_install is sameas true" (boolean not string etc)
+  assert:
+    that: captiveportal_install is sameas true
+    fail_msg: "PLEASE SET 'captiveportal_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+    #that: captiveportal_install is defined and captiveportal_install is sameas true
+    #success_msg: captiveportal_install is defined and captiveportal_install is sameas true
+
+- name: Assert that "captiveportal_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: captiveportal_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'captiveportal_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+    #that: captiveportal_enabled is defined and captiveportal_enabled | type_debug == 'bool'
+    #success_msg: captiveportal_enabled is defined and captiveportal_enabled | type_debug == 'bool'
+
+- name: Install Captive Portal if 'captiveportal_installed' is not defined in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: captiveportal_installed is undefined
+
+- name: Enable or Disable Captive Portal
+  include_tasks: enable-or-disable.yml
+
+- name: Add 'captiveportal' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"
+    section: captiveportal
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
   with_items:
-    - python3-dateutil
-    - python3-jinja2
-
-- name: Create directory /opt/iiab/captiveportal for scripts & templates; set owner to {{ apache_user }}
-  file:
-    path: /opt/iiab/captiveportal
-    state: directory
-    owner: "{{ apache_user }}"
-
-- name: "Install 3 scripts from template: /opt/iiab/captiveportal/checkurls, /usr/sbin/iiab-make-cp-servers.py, /usr/sbin/iiab-divert-to-nginx"
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' }
-    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' }
-    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' }
-
-- name: Install /opt/iiab/captiveportal/capture-wsgi.py from template (creates the server)
-  template:
-    src: capture-wsgi.py.j2
-    #src: roles/captiveportal/templates/capture-wsgi.py.j2
-    dest: /opt/iiab/captiveportal/capture-wsgi.py
-    mode: '0755'
-
-- name: Copy files {simple.template, mac.template} into /opt/iiab/captiveportal/
-  copy:
-    src: "{{ item }}"
-    dest: /opt/iiab/captiveportal/
-  with_items:
-    - simple.template
-    #- roles/captiveportal/files/simple.template
-    - mac.template
-    #- roles/captiveportal/files/mac.template
-
-- name: Install uWSGI config file /opt/iiab/captiveportal/captiveportal.ini from template
-  template:
-    src: captiveportal.ini.j2
-    #src: roles/captiveportal/templates/captiveportal.ini.j2
-    dest: /opt/iiab/captiveportal/captiveportal.ini
-
-- name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^captiveportal_installed'
-    line: 'captiveportal_installed: True'
-
-# TO DO: move most/all 7-10 stanzas below into enable-or-disable.yml
-
-- name: Install /etc/systemd/system/uwsgi-captiveportal.service from template
-  template:
-    src: uwsgi-captiveportal.service
-    #src: roles/captiveportal/templates/uwsgi-captiveportal.service
-    dest: /etc/systemd/system/
-
-- name: Restart & Enable 'uwsgi-captiveportal' systemd service (uWSGI server) that responds to browsers trying to detect a Captive Portal
-  systemd:
-    name: uwsgi-captiveportal
-    daemon_reload: yes
-    state: restarted
-    enabled: True
-  when: captiveportal_enabled | bool
-
-- name: Stop & Disable 'uwsgi-captiveportal' systemd service (uWSGI server) if Captive Portal has been disabled
-  systemd:
-    name: uwsgi-captiveportal
-    state: stopped
-    enabled: False
-  when: not captiveportal_enabled
-
-- name: Run iiab-divert-to-nginx to generate diversion lists for NGINX
-  shell: /usr/sbin/iiab-divert-to-nginx
-
-- name: Run iiab-make-cp-servers.py to generate NGINX servers from checkurls input list (creates /etc/nginx/sites-available/capture.conf)
-  command: /usr/sbin/iiab-make-cp-servers.py
-  args:
-    creates: /etc/nginx/sites-available/capture.conf
-
-- name: Symlink /etc/nginx/sites-enabled/capture.conf -> /etc/nginx/sites-available/capture.conf, to enable NGINX to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
-- name: Delete symlink /etc/nginx/sites-enabled/capture.conf, to disable NGINX to location definitions for checkurls
-  file:
-    #src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: absent
-  when: not captiveportal_enabled
-
-- name: Make sure dnsmasq is not diverting if not captiveportal_enabled
-  file:
-    path: /etc/dnsmasq.d/capture
-    state: absent
-  when: not captiveportal_enabled
-
-#- name: Restart dnsmasq
-#  systemd:
-#    name: dnsmasq
-#    state: restarted
-#  when: dnsmasq_enabled | bool
-
-# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
-
-- name: Stop 'dnsmasq' systemd service
-  systemd:
-    name: dnsmasq
-    state: stopped
-  when: dnsmasq_enabled | bool
-
-- name: Start 'dnsmasq' systemd service
-  systemd:
-    name: dnsmasq
-    state: started
-  when: dnsmasq_enabled | bool
-
-# TO DO: add important captiveportal_* variable values to {{ iiab_ini_file }} =
-# /etc/iiab/iiab.ini at the end of main.yml here, for /usr/bin/iiab-diagnostics
+    - option: name
+      value: Captive Portal
+    - option: description
+      value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."'
+    - option: installed
+      value: "{{ captiveportal_install }}"
+    - option: enabled
+      value: "{{ captiveportal_enabled }}"

roles/captiveportal/templates/capture-wsgi.py.j2

@@ -46,9 +46,9 @@ if len(sys.argv) > 1:
       loggingLevel = "DEBUG"
       
 # set up some logging -- selectable for diagnostics
-logging.basicConfig(filename='{{ nginx_log_dir }}/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
-logger = logging.getLogger('{{ nginx_log_dir }}/portal.log')
-handler = RotatingFileHandler("{{ nginx_log_dir }}/portal.log", maxBytes=100000, backupCount=2)
+logging.basicConfig(filename='/var/log/captiveportal/captiveportal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
+logger = logging.getLogger('/var/log/captiveportal/captiveportal.log')
+handler = RotatingFileHandler("/var/log/captiveportal/captiveportal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
 PORT={{ captiveportal_port }}

roles/munin/tasks/main.yml

@@ -9,7 +9,7 @@
 - name: Assert that "munin_install is sameas true" (boolean not string etc)
   assert:
     that: munin_install is sameas true
-    fail_msg: "PLEASE SET 'munin_install: True' e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "PLEASE SET 'munin_install: True' e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
     #that: munin_install is defined and munin_install is sameas true
     #success_msg: munin_install is defined and munin_install is sameas true
@@ -17,7 +17,7 @@
 - name: Assert that "munin_enabled | type_debug == 'bool'" (boolean not string etc)
   assert:
     that: munin_enabled | type_debug == 'bool'
-    fail_msg: "PLEASE GIVE VARIABLE 'munin_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "PLEASE GIVE VARIABLE 'munin_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
     #that: munin_enabled is defined and munin_enabled | type_debug == 'bool'
     #success_msg: munin_enabled is defined and munin_enabled | type_debug == 'bool'

roles/nginx/tasks/install.yml

@@ -27,13 +27,6 @@
     - { src: 'roles/nginx/templates/server.conf.j2', dest: '/etc/nginx/server.conf' }
     - { src: 'roles/nginx/templates/nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
     - { src: 'roles/nginx/templates/ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' }
-    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' }
-
-- name: Let uwsgi (running as {{ apache_user }}) write log files
-  file: 
-    path: /var/log/uwsgi/app
-    state: directory
-    owner: "{{ apache_user }}"
 
 - name: "Add 'nginx_installed: True' to {{ iiab_state_file }}"
   lineinfile:

roles/nginx/tasks/main.yml

@@ -3,6 +3,7 @@
     path: "{{ item.path }}"
     state: absent
   with_items:
+    - { path: "/etc/systemd/system/uwsgi.service" }
     - { path: "{{ nginx_config_dir }}/usb-lib.conf" }
     - { path: "{{ nginx_config_dir }}/modules.conf" }
 

roles/nodejs/tasks/main.yml

@@ -81,10 +81,10 @@
 
 - name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm (debuntu)
   package:
-  #   name: nodejs={{ nodejs_version }}
-      name: nodejs
-      state: latest
-  #   state: present
+    #name: nodejs={{ nodejs_version }}
+    name: nodejs
+    state: latest
+    #state: present
   when: internet_available and is_debuntu
   #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
 

roles/wordpress/tasks/main.yml

@@ -11,7 +11,7 @@
 - name: Assert that "wordpress_install is sameas true" (boolean not string etc)
   assert:
     that: wordpress_install is sameas true
-    fail_msg: "PLEASE SET 'wordpress_install: True' e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "PLEASE SET 'wordpress_install: True' e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
     #that: wordpress_install is defined and wordpress_install is sameas true
     #success_msg: wordpress_install is defined and wordpress_install is sameas true
@@ -19,7 +19,7 @@
 - name: Assert that "wordpress_enabled | type_debug == 'bool'" (boolean not string etc)
   assert:
     that: wordpress_enabled | type_debug == 'bool'
-    fail_msg: "PLEASE GIVE VARIABLE 'wordpress_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml"
+    fail_msg: "PLEASE GIVE VARIABLE 'wordpress_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
     quiet: yes
     #that: wordpress_enabled is defined and wordpress_enabled | type_debug == 'bool'
     #success_msg: wordpress_enabled is defined and wordpress_enabled | type_debug == 'bool'

vars/default_vars.yml

@@ -164,7 +164,7 @@ bluetooth_term_enabled: False
 
 # Set to "False" if you want to revert to the older Dynamic Menuing system
 # (prior to IIAB 6.7, this had used https://github.com/iiab/iiab-menu)
-js_menu_install: True
+js_menu_install: True    # SEE BELOW: admin_console_install & _enabled.
 
 # UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382
 wondershaper_install: False
@@ -233,7 +233,7 @@ exFAT_enabled: True
 
 # 3-BASE-SERVER
 
-# 2020-01-13: Both vars unused
+# 2020-01-22: Both vars unused.  SEE ABOVE js_menu_install.
 admin_console_install: True
 admin_console_enabled: True
 
@@ -284,9 +284,11 @@ squid_enabled: False
 dansguardian_install: False
 dansguardian_enabled: False
 
-# PostgreSQL auto-installed by Moodle &/or Pathagar as nec, no need to touch!
-# roles/1-prep/tasks/computed_vars.yml, roles/4-server-options/tasks/main.yml
-postgresql_install: False
+# 2020-01-23: postgresql_install is completely ignored as PostgreSQL is
+# installed on demand as a dependency -- by Moodle &/or Pathagar as nec --
+# but for now we set fake value 'postgresql_install: True' for
+# 'postgresql_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml
+postgresql_install: True
 postgresql_enabled: False
 
 # Common UNIX Printing System (CUPS)
@@ -316,20 +318,21 @@ nodocs: False
 # Lesser-supported XO services need additional testing.  Please contact
 # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test.
 
-xo_services_install: False
-xo_services_enabled: False
-
-activity_server_install: False
-activity_server_enabled: False
-
-# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below
-ejabberd_xs_install: False
-ejabberd_xs_enabled: False
+# UNMAINTAINED since about 2012-2017
+xo_services_install: False    # 2020-01-23: UNUSED
+xo_services_enabled: False    # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html
 
 # UNMAINTAINED since about 2012-2017
-# Change calibre_port from 8080 to 8010 below, if you enable idmgr
-idmgr_install: False
-idmgr_enabled: False
+activity_server_install: False    # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml)
+activity_server_enabled: False    # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml)
+
+# UNMAINTAINED since about 2012-2017: consider 'ejabberd' in Stage 6-GENERIC-APPS below?
+ejabberd_xs_install: False    # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml
+ejabberd_xs_enabled: False    # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml
+
+# UNMAINTAINED since about 2012-2017: change calibre_port from 8080 to 8010 below, if you use idmgr
+idmgr_install: False    # 2020-01-23: Used in 5-xo-services/tasks/main.yml
+idmgr_enabled: False    # 2020-01-23: UNUSED
 
 
 # 6-GENERIC-APPS
@@ -378,6 +381,12 @@ mosquitto_install: False
 mosquitto_enabled: False
 mosquitto_port: 1883
 
+# 2020-01-23: nodejs_install is completely ignored as Node.js is installed on
+# demand as a dependency -- by Node-RED, Sugarizer and/or Internet Archive --
+# but for now we set fake value 'nodejs_install: True' for
+# 'nodejs_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml
+nodejs_install: True
+nodejs_enabled: False
 # Node.js version used by roles/nodejs/tasks/main.yml for 3 roles:
 # nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer)
 nodejs_version: 12.x    # was 8.x until 2019-02-02, was 10.x until 2019-12-21
@@ -444,18 +453,18 @@ moodle_install: False
 moodle_enabled: False
 # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER
 
-# MongoDB (/library/dbdata/mongodb) is used by Sugarizer:
-# The mongodb playbook itself is later invoked by roles/sugarizer/meta/main.yml
-# 2019-07-08: mongodb_install is completely ignored as it is installed on demand as a dependency.
-# 2020-01-23 set to True for installed: True test
+# MongoDB (/library/dbdata/mongodb) greatly enhances the Sugarizer experience.
+# The roles/mongodb playbook (was?) invoked by roles/sugarizer/meta/main.yml
+# 2020-01-23: mongodb_install is completely ignored as MongoDB is installed on
+# demand as a dependency -- by Sugarizer -- but for now we set fake value
+# 'mongodb_install: True' for 'mongodb_installed is defined' tests e.g. in
+# 0-init/tasks/validate_vars.yml
 mongodb_install: True
-
-# FYI mongodb_enabled: False works when sugarizer is disabled and required by mongodb/tasks/enable.yml
-# to shutdown the service and log status but that is misleading as Sugarizer starts mongodb's systemd
-# svc on its own due to requires=mongodb.service within sugarizer.service file
+# FYI 'mongodb_enabled: False' works when Sugarizer is disabled.  Required by
+# mongodb/tasks/enable.yml to shut down the service and log status, but that is
+# misleading as Sugarizer starts mongodb's systemd service on its own, due to
+# 'Requires=mongodb.service' within /etc/systemd/system/sugarizer.service
 mongodb_enabled: False
-
-# port assignment
 mongodb_port: 27018
 
 # Regional OSM vector maps use far less disk space than bitmap/raster versions.