diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index b115afdc4..2fbab88b8 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -1,9 +1,14 @@ # 2020-01-21: Ansible Input Validation (basic sanity checking for now) to check # that *_install and *_enabled variables (as set in places like -# /etc/iiab/local_vars.yml) appear coherent i.e. (1) are confirmed defined, (2) -# have type boolean (Ansible often inverts logic when boolean vars are +# /etc/iiab/local_vars.yml) appear coherent i.e. (1) are confirmed defined, +# (2) have type boolean (Ansible often inverts logic when boolean vars are # accidentally declared as strings, see below!) and (3) have plausible values. +# 2020-01-23: *_installed variables (incrementally saved to +# /etc/iiab/iiab_state.yml) are not required to be boolean (or even defined!) +# for now. However if any of these are defined, the corresponding value of +# *_install must be True, as IIAB does not currently support uninstalling! + # Stricter validation is needed later, when roles/playbooks/tasks are invoked # by various scripts, possibly bypassing 0-init? Either way, risks abound :/ @@ -32,10 +37,11 @@ # I want to perform input validation for Ansible playbooks" # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -# 2020-01-21: checks 46+46 vars...for now...expect this to change! Should we -# remove idmgr as it's officially now UNMAINTAINED in default_vars.yml and +# 2020-01-23: checks 53 + 53 + 53 vars...for now...expect this to change! +# Should we remove {xo_services, activity_server, ejabberd_xs, idmgr} as these +# are officially now UNMAINTAINED in default_vars.yml and # https://github.com/iiab/iiab/blob/master/unmaintained-roles.txt etc? -- name: Set vars_checklist for ~46 + ~46 vars ("XYZ_install" + "XYZ_enabled") to be checked +- name: Set vars_checklist for 53 + 53 + 53 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd @@ -47,6 +53,7 @@ - wondershaper - sshd - openvpn + - admin_console - nginx - apache - mysql @@ -55,6 +62,10 @@ - postgresql - cups - samba + - usb_lib + - xo_services + - activity_server + - ejabberd_xs - idmgr - azuracast - dokuwiki @@ -64,6 +75,7 @@ - lokole - mediawiki - mosquitto + - nodejs - nodered - nextcloud - pbx @@ -74,6 +86,7 @@ - moodle - mongodb - sugarizer + - osm_vector_maps - transmission - awstats - monit @@ -88,7 +101,7 @@ - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined assert: that: "{{ item }}_install is defined" - fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes loop: "{{ vars_checklist }}" #register: install_vars_defined @@ -96,7 +109,7 @@ - name: Assert that {{ vars_checklist | length }} "XYZ_enabled" vars are all... defined assert: that: "{{ item }}_enabled is defined" - fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes loop: "{{ vars_checklist }}" #register: enabled_vars_defined @@ -104,7 +117,7 @@ - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... type boolean (NOT type string, which can invert logic!) assert: that: "{{ item }}_install | type_debug == 'bool'" - fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes loop: "{{ vars_checklist }}" #register: install_vars_boolean @@ -112,7 +125,7 @@ - name: Assert that {{ vars_checklist | length }} "XYZ_enabled" vars are all... type boolean (NOT type string, which can invert logic!) assert: that: "{{ item }}_enabled | type_debug == 'bool'" - fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "PLEASE GIVE THIS VARIABLE A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes loop: "{{ vars_checklist }}" #register: enabled_vars_boolean @@ -120,15 +133,15 @@ - name: 'DISALLOW "XYZ_install: False" WITH "XYZ_enabled: True" ...for all {{ vars_checklist | length }} var pairs' assert: that: "{{ item }}_install or not {{ item }}_enabled" - fail_msg: "PLEASE VERIFY THESE 2 VARIABLES e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "IIAB DOES NOT SUPPORT UNINSTALLS. PLEASE VERIFY {{ item }}_install AND {{ item }}_enabled e.g. IN: /etc/iiab/local_vars.yml" #fail_msg: '{{ item }}_install or not {{ item }}_enabled {{ item }}_install is {{ {{ item }}_install }} {{ item }}_enabled is {{ {{ item }}_enabled }}' # Is there a way to output var values ? quiet: yes loop: "{{ vars_checklist }}" #register: var_pairs_validation -- name: 'DISALLOW "XYZ_install: False" WITH "XYZ_installed: True" ...for all {{ vars_checklist | length }} var pairs' +- name: 'DISALLOW "XYZ_install: False" WHEN "XYZ_installed is defined" IN /etc/iiab/iiab_state.yml ...for all {{ vars_checklist | length }} var pairs' assert: that: "{{ item }}_install or {{ item }}_installed is undefined" - fail_msg: "{{ item }} already installed please set to True in: /etc/iiab/local_vars.yml" + fail_msg: "{{ item }} ALREADY INSTALLED. IIAB DOES NOT SUPPORT UNINSTALLS. PLEASE SET '{{ item }}_install: True' e.g. IN: /etc/iiab/local_vars.yml" quiet: yes loop: "{{ vars_checklist }}" diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml index 21038dd3d..2676d9b3a 100644 --- a/roles/2-common/tasks/fl.yml +++ b/roles/2-common/tasks/fl.yml @@ -37,14 +37,3 @@ src: "{{ doc_root }}/common/fonts" # /library/www/html path: "{{ doc_root }}/common/webfonts" state: link - -- name: File Layout - Create log file directories {{ apache_log_dir }} & {{ nginx_log_dir }} - file: - path: "{{ item }}" - owner: "{{ apache_user }}" # www-data - group: "{{ apache_user }}" # www-data - mode: '0770' - state: directory - with_items: - - "{{ apache_log_dir }}" # /var/log/apache2 typically, as set in /opt/iiab/iiab/vars/.yml - - "{{ nginx_log_dir }}" # /var/log/nginx diff --git a/roles/captiveportal/tasks/enable-or-disable.yml b/roles/captiveportal/tasks/enable-or-disable.yml new file mode 100644 index 000000000..504467114 --- /dev/null +++ b/roles/captiveportal/tasks/enable-or-disable.yml @@ -0,0 +1,65 @@ +# 2020-01-22: Package 'uwsgi' is installed by nginx/tasks/install.yml for +# Captive Portal (responds to browsers trying to detect a Captive Portal) and +# also for Admin Console. + +# IIAB makes the 'uwsgi' service mandatory for now (see Line 45) but this could +# perhaps be auto-disabled in future (or never installed?) e.g. if Captive +# Portal + Admin Console are both unneeded...and impact of uWSGI is too high ? + +- name: Stop 'uwsgi' systemd service (may include 3 child processes for Captive Portal, and 3 child processes for Admin Console) + systemd: + name: uwsgi + state: stopped + +- name: Install /etc/uwsgi/apps-enabled/captiveportal.ini from template (if captiveportal_enabled) + template: + src: captiveportal.ini.j2 + dest: /etc/uwsgi/apps-enabled/captiveportal.ini + when: captiveportal_enabled | bool + +- name: Delete /etc/uwsgi/apps-enabled/captiveportal.ini (if not captiveportal_enabled) + file: + path: /etc/uwsgi/apps-enabled/captiveportal.ini + state: absent + when: not captiveportal_enabled + +- name: Symlink /etc/nginx/sites-enabled/capture.conf -> /etc/nginx/sites-available/capture.conf to enable NGINX to service the sites in checkurls list (if captiveportal_enabled) + file: + src: /etc/nginx/sites-available/capture.conf + path: /etc/nginx/sites-enabled/capture.conf + state: link + when: captiveportal_enabled | bool + +- name: Delete symlink /etc/nginx/sites-enabled/capture.conf to disable NGINX to location definitions for checkurls (if not captiveportal_enabled) + file: + path: /etc/nginx/sites-enabled/capture.conf + state: absent + when: not captiveportal_enabled + +- name: Delete /etc/dnsmasq.d/capture to make sure dnsmasq is not diverting (if not captiveportal_enabled) + file: + path: /etc/dnsmasq.d/capture + state: absent + when: not captiveportal_enabled + +# Let's assume (for now) that Admin Console was/will be installed. Disabling of +# uWSGI's service can be implemented later as nec, e.g. if CP+AC both disabled? +- name: Start & Enable 'uwsgi' systemd service (may include 3 child processes for Captive Portal, and 3 child processes for Admin Console) + systemd: + name: uwsgi + daemon_reload: yes + state: started + enabled: true + +# Unify 2 stanzas below ('state: restarted') when we end Ubuntu 16.04 support. +- name: Stop 'dnsmasq' systemd service (if dnsmasq_enabled) + systemd: + name: dnsmasq + state: stopped + when: dnsmasq_enabled | bool + +- name: Start 'dnsmasq' systemd service (if dnsmasq_enabled) + systemd: + name: dnsmasq + state: started + when: dnsmasq_enabled | bool diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml new file mode 100644 index 000000000..5d684e198 --- /dev/null +++ b/roles/captiveportal/tasks/install.yml @@ -0,0 +1,59 @@ +- name: "Download & install packages: python3-dateutil, python3-jinja2" + package: + name: "{{ item }}" + state: present + with_items: + - python3-dateutil + - python3-jinja2 + +- name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }} + file: + path: /opt/iiab/captiveportal + state: directory + owner: "{{ apache_user }}" + +- name: mkdir /var/log/captiveportal for logs, set ownership {{ apache_user }}:{{ apache_user }}, set mode '0750' + file: + path: /var/log/captiveportal + state: directory + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: '0750' # Same as /var/log/apache2 + +- name: "Install 3 scripts from template: /opt/iiab/captiveportal/checkurls, /usr/sbin/iiab-divert-to-nginx, /usr/sbin/iiab-make-cp-servers.py" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' } + - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' } + - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' } + +- name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server) + template: + src: capture-wsgi.py.j2 + dest: /opt/iiab/captiveportal/capture-wsgi.py + mode: '0755' + +- name: Copy files {simple.template, mac.template} into /opt/iiab/captiveportal/ + copy: + src: "{{ item }}" + dest: /opt/iiab/captiveportal/ + with_items: + - simple.template + - mac.template + +- name: Run iiab-divert-to-nginx to generate diversion lists for NGINX + shell: /usr/sbin/iiab-divert-to-nginx + +- name: Run iiab-make-cp-servers.py to generate NGINX servers from /opt/iiab/captiveportal/checkurls input list (creates /etc/nginx/sites-available/capture.conf) + command: /usr/sbin/iiab-make-cp-servers.py + args: + creates: /etc/nginx/sites-available/capture.conf + +- name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}" + lineinfile: + dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^captiveportal_installed' + line: 'captiveportal_installed: True' diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml index 27c0a1760..3659fa6e7 100644 --- a/roles/captiveportal/tasks/main.yml +++ b/roles/captiveportal/tasks/main.yml @@ -1,128 +1,46 @@ -# TO DO: move ~7 stanzas below into tasks/install.yml +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- name: "Download & install packages: python3-dateutil, python3-jinja2" - package: - name: "{{ item }}" - state: present +# If 0-init/tasks/validate_vars.yml has DEFINITELY been run (?) perhaps no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "captiveportal_install is sameas true" (boolean not string etc) + assert: + that: captiveportal_install is sameas true + fail_msg: "PLEASE SET 'captiveportal_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + #that: captiveportal_install is defined and captiveportal_install is sameas true + #success_msg: captiveportal_install is defined and captiveportal_install is sameas true + +- name: Assert that "captiveportal_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: captiveportal_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'captiveportal_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + #that: captiveportal_enabled is defined and captiveportal_enabled | type_debug == 'bool' + #success_msg: captiveportal_enabled is defined and captiveportal_enabled | type_debug == 'bool' + +- name: Install Captive Portal if 'captiveportal_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: captiveportal_installed is undefined + +- name: Enable or Disable Captive Portal + include_tasks: enable-or-disable.yml + +- name: Add 'captiveportal' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: captiveportal + option: "{{ item.option }}" + value: "{{ item.value | string }}" with_items: - - python3-dateutil - - python3-jinja2 - -- name: Create directory /opt/iiab/captiveportal for scripts & templates; set owner to {{ apache_user }} - file: - path: /opt/iiab/captiveportal - state: directory - owner: "{{ apache_user }}" - -- name: "Install 3 scripts from template: /opt/iiab/captiveportal/checkurls, /usr/sbin/iiab-make-cp-servers.py, /usr/sbin/iiab-divert-to-nginx" - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' } - - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' } - - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' } - -- name: Install /opt/iiab/captiveportal/capture-wsgi.py from template (creates the server) - template: - src: capture-wsgi.py.j2 - #src: roles/captiveportal/templates/capture-wsgi.py.j2 - dest: /opt/iiab/captiveportal/capture-wsgi.py - mode: '0755' - -- name: Copy files {simple.template, mac.template} into /opt/iiab/captiveportal/ - copy: - src: "{{ item }}" - dest: /opt/iiab/captiveportal/ - with_items: - - simple.template - #- roles/captiveportal/files/simple.template - - mac.template - #- roles/captiveportal/files/mac.template - -- name: Install uWSGI config file /opt/iiab/captiveportal/captiveportal.ini from template - template: - src: captiveportal.ini.j2 - #src: roles/captiveportal/templates/captiveportal.ini.j2 - dest: /opt/iiab/captiveportal/captiveportal.ini - -- name: "Add 'captiveportal_installed: True' to {{ iiab_state_file }}" - lineinfile: - dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^captiveportal_installed' - line: 'captiveportal_installed: True' - -# TO DO: move most/all 7-10 stanzas below into enable-or-disable.yml - -- name: Install /etc/systemd/system/uwsgi-captiveportal.service from template - template: - src: uwsgi-captiveportal.service - #src: roles/captiveportal/templates/uwsgi-captiveportal.service - dest: /etc/systemd/system/ - -- name: Restart & Enable 'uwsgi-captiveportal' systemd service (uWSGI server) that responds to browsers trying to detect a Captive Portal - systemd: - name: uwsgi-captiveportal - daemon_reload: yes - state: restarted - enabled: True - when: captiveportal_enabled | bool - -- name: Stop & Disable 'uwsgi-captiveportal' systemd service (uWSGI server) if Captive Portal has been disabled - systemd: - name: uwsgi-captiveportal - state: stopped - enabled: False - when: not captiveportal_enabled - -- name: Run iiab-divert-to-nginx to generate diversion lists for NGINX - shell: /usr/sbin/iiab-divert-to-nginx - -- name: Run iiab-make-cp-servers.py to generate NGINX servers from checkurls input list (creates /etc/nginx/sites-available/capture.conf) - command: /usr/sbin/iiab-make-cp-servers.py - args: - creates: /etc/nginx/sites-available/capture.conf - -- name: Symlink /etc/nginx/sites-enabled/capture.conf -> /etc/nginx/sites-available/capture.conf, to enable NGINX to service the sites in checkurls list - file: - src: /etc/nginx/sites-available/capture.conf - path: /etc/nginx/sites-enabled/capture.conf - state: link - when: captiveportal_enabled | bool - -- name: Delete symlink /etc/nginx/sites-enabled/capture.conf, to disable NGINX to location definitions for checkurls - file: - #src: /etc/nginx/sites-available/capture.conf - path: /etc/nginx/sites-enabled/capture.conf - state: absent - when: not captiveportal_enabled - -- name: Make sure dnsmasq is not diverting if not captiveportal_enabled - file: - path: /etc/dnsmasq.d/capture - state: absent - when: not captiveportal_enabled - -#- name: Restart dnsmasq -# systemd: -# name: dnsmasq -# state: restarted -# when: dnsmasq_enabled | bool - -# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!) - -- name: Stop 'dnsmasq' systemd service - systemd: - name: dnsmasq - state: stopped - when: dnsmasq_enabled | bool - -- name: Start 'dnsmasq' systemd service - systemd: - name: dnsmasq - state: started - when: dnsmasq_enabled | bool - -# TO DO: add important captiveportal_* variable values to {{ iiab_ini_file }} = -# /etc/iiab/iiab.ini at the end of main.yml here, for /usr/bin/iiab-diagnostics + - option: name + value: Captive Portal + - option: description + value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' + - option: installed + value: "{{ captiveportal_install }}" + - option: enabled + value: "{{ captiveportal_enabled }}" diff --git a/roles/captiveportal/templates/capture-wsgi.py.j2 b/roles/captiveportal/templates/capture-wsgi.py.j2 index 944ee556e..e240b827a 100755 --- a/roles/captiveportal/templates/capture-wsgi.py.j2 +++ b/roles/captiveportal/templates/capture-wsgi.py.j2 @@ -46,9 +46,9 @@ if len(sys.argv) > 1: loggingLevel = "DEBUG" # set up some logging -- selectable for diagnostics -logging.basicConfig(filename='{{ nginx_log_dir }}/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel) -logger = logging.getLogger('{{ nginx_log_dir }}/portal.log') -handler = RotatingFileHandler("{{ nginx_log_dir }}/portal.log", maxBytes=100000, backupCount=2) +logging.basicConfig(filename='/var/log/captiveportal/captiveportal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel) +logger = logging.getLogger('/var/log/captiveportal/captiveportal.log') +handler = RotatingFileHandler("/var/log/captiveportal/captiveportal.log", maxBytes=100000, backupCount=2) logger.addHandler(handler) PORT={{ captiveportal_port }} diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index cfc6d7046..bc250c367 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -9,7 +9,7 @@ - name: Assert that "munin_install is sameas true" (boolean not string etc) assert: that: munin_install is sameas true - fail_msg: "PLEASE SET 'munin_install: True' e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "PLEASE SET 'munin_install: True' e.g. IN: /etc/iiab/local_vars.yml" quiet: yes #that: munin_install is defined and munin_install is sameas true #success_msg: munin_install is defined and munin_install is sameas true @@ -17,7 +17,7 @@ - name: Assert that "munin_enabled | type_debug == 'bool'" (boolean not string etc) assert: that: munin_enabled | type_debug == 'bool' - fail_msg: "PLEASE GIVE VARIABLE 'munin_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "PLEASE GIVE VARIABLE 'munin_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes #that: munin_enabled is defined and munin_enabled | type_debug == 'bool' #success_msg: munin_enabled is defined and munin_enabled | type_debug == 'bool' diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 301120a65..d59224e0f 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -27,13 +27,6 @@ - { src: 'roles/nginx/templates/server.conf.j2', dest: '/etc/nginx/server.conf' } - { src: 'roles/nginx/templates/nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - { src: 'roles/nginx/templates/ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } - - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' } - -- name: Let uwsgi (running as {{ apache_user }}) write log files - file: - path: /var/log/uwsgi/app - state: directory - owner: "{{ apache_user }}" - name: "Add 'nginx_installed: True' to {{ iiab_state_file }}" lineinfile: diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index e5c4c6a18..d2f57ffe3 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -3,6 +3,7 @@ path: "{{ item.path }}" state: absent with_items: + - { path: "/etc/systemd/system/uwsgi.service" } - { path: "{{ nginx_config_dir }}/usb-lib.conf" } - { path: "{{ nginx_config_dir }}/modules.conf" } diff --git a/roles/nginx/templates/admin-console-apache.conf b/roles/nginx/templates/admin-console-apache.conf.unused similarity index 100% rename from roles/nginx/templates/admin-console-apache.conf rename to roles/nginx/templates/admin-console-apache.conf.unused diff --git a/roles/nginx/templates/admin-console-nginx.conf b/roles/nginx/templates/admin-console-nginx.conf.unused similarity index 100% rename from roles/nginx/templates/admin-console-nginx.conf rename to roles/nginx/templates/admin-console-nginx.conf.unused diff --git a/roles/nginx/templates/admin-console.ini b/roles/nginx/templates/admin-console.ini.unused similarity index 100% rename from roles/nginx/templates/admin-console.ini rename to roles/nginx/templates/admin-console.ini.unused diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service.unused similarity index 100% rename from roles/nginx/templates/uwsgi.service rename to roles/nginx/templates/uwsgi.service.unused diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index 86e318a44..95b17d8e3 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -81,10 +81,10 @@ - name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm (debuntu) package: - # name: nodejs={{ nodejs_version }} - name: nodejs - state: latest - # state: present + #name: nodejs={{ nodejs_version }} + name: nodejs + state: latest + #state: present when: internet_available and is_debuntu #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 172a128c7..16e3f9ed0 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -11,7 +11,7 @@ - name: Assert that "wordpress_install is sameas true" (boolean not string etc) assert: that: wordpress_install is sameas true - fail_msg: "PLEASE SET 'wordpress_install: True' e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "PLEASE SET 'wordpress_install: True' e.g. IN: /etc/iiab/local_vars.yml" quiet: yes #that: wordpress_install is defined and wordpress_install is sameas true #success_msg: wordpress_install is defined and wordpress_install is sameas true @@ -19,7 +19,7 @@ - name: Assert that "wordpress_enabled | type_debug == 'bool'" (boolean not string etc) assert: that: wordpress_enabled | type_debug == 'bool' - fail_msg: "PLEASE GIVE VARIABLE 'wordpress_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. in: /etc/iiab/local_vars.yml" + fail_msg: "PLEASE GIVE VARIABLE 'wordpress_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes #that: wordpress_enabled is defined and wordpress_enabled | type_debug == 'bool' #success_msg: wordpress_enabled is defined and wordpress_enabled | type_debug == 'bool' diff --git a/vars/default_vars.yml b/vars/default_vars.yml index aabe3b0a9..230a3a449 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -164,7 +164,7 @@ bluetooth_term_enabled: False # Set to "False" if you want to revert to the older Dynamic Menuing system # (prior to IIAB 6.7, this had used https://github.com/iiab/iiab-menu) -js_menu_install: True +js_menu_install: True # SEE BELOW: admin_console_install & _enabled. # UNMAINTAINED as of October 2017: https://github.com/iiab/iiab/pull/382 wondershaper_install: False @@ -233,7 +233,7 @@ exFAT_enabled: True # 3-BASE-SERVER -# 2020-01-13: Both vars unused +# 2020-01-22: Both vars unused. SEE ABOVE js_menu_install. admin_console_install: True admin_console_enabled: True @@ -284,9 +284,11 @@ squid_enabled: False dansguardian_install: False dansguardian_enabled: False -# PostgreSQL auto-installed by Moodle &/or Pathagar as nec, no need to touch! -# roles/1-prep/tasks/computed_vars.yml, roles/4-server-options/tasks/main.yml -postgresql_install: False +# 2020-01-23: postgresql_install is completely ignored as PostgreSQL is +# installed on demand as a dependency -- by Moodle &/or Pathagar as nec -- +# but for now we set fake value 'postgresql_install: True' for +# 'postgresql_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml +postgresql_install: True postgresql_enabled: False # Common UNIX Printing System (CUPS) @@ -316,20 +318,21 @@ nodocs: False # Lesser-supported XO services need additional testing. Please contact # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. -xo_services_install: False -xo_services_enabled: False - -activity_server_install: False -activity_server_enabled: False - -# Please instead consider 'ejabberd' in Stage 6-GENERIC-APPS below -ejabberd_xs_install: False -ejabberd_xs_enabled: False +# UNMAINTAINED since about 2012-2017 +xo_services_install: False # 2020-01-23: UNUSED +xo_services_enabled: False # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html # UNMAINTAINED since about 2012-2017 -# Change calibre_port from 8080 to 8010 below, if you enable idmgr -idmgr_install: False -idmgr_enabled: False +activity_server_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml) +activity_server_enabled: False # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml) + +# UNMAINTAINED since about 2012-2017: consider 'ejabberd' in Stage 6-GENERIC-APPS below? +ejabberd_xs_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml +ejabberd_xs_enabled: False # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml + +# UNMAINTAINED since about 2012-2017: change calibre_port from 8080 to 8010 below, if you use idmgr +idmgr_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml +idmgr_enabled: False # 2020-01-23: UNUSED # 6-GENERIC-APPS @@ -378,6 +381,12 @@ mosquitto_install: False mosquitto_enabled: False mosquitto_port: 1883 +# 2020-01-23: nodejs_install is completely ignored as Node.js is installed on +# demand as a dependency -- by Node-RED, Sugarizer and/or Internet Archive -- +# but for now we set fake value 'nodejs_install: True' for +# 'nodejs_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml +nodejs_install: True +nodejs_enabled: False # Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: # nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer) nodejs_version: 12.x # was 8.x until 2019-02-02, was 10.x until 2019-12-21 @@ -444,18 +453,18 @@ moodle_install: False moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER -# MongoDB (/library/dbdata/mongodb) is used by Sugarizer: -# The mongodb playbook itself is later invoked by roles/sugarizer/meta/main.yml -# 2019-07-08: mongodb_install is completely ignored as it is installed on demand as a dependency. -# 2020-01-23 set to True for installed: True test +# MongoDB (/library/dbdata/mongodb) greatly enhances the Sugarizer experience. +# The roles/mongodb playbook (was?) invoked by roles/sugarizer/meta/main.yml +# 2020-01-23: mongodb_install is completely ignored as MongoDB is installed on +# demand as a dependency -- by Sugarizer -- but for now we set fake value +# 'mongodb_install: True' for 'mongodb_installed is defined' tests e.g. in +# 0-init/tasks/validate_vars.yml mongodb_install: True - -# FYI mongodb_enabled: False works when sugarizer is disabled and required by mongodb/tasks/enable.yml -# to shutdown the service and log status but that is misleading as Sugarizer starts mongodb's systemd -# svc on its own due to requires=mongodb.service within sugarizer.service file +# FYI 'mongodb_enabled: False' works when Sugarizer is disabled. Required by +# mongodb/tasks/enable.yml to shut down the service and log status, but that is +# misleading as Sugarizer starts mongodb's systemd service on its own, due to +# 'Requires=mongodb.service' within /etc/systemd/system/sugarizer.service mongodb_enabled: False - -# port assignment mongodb_port: 27018 # Regional OSM vector maps use far less disk space than bitmap/raster versions.