diff --git a/install-support b/install-support
index 24785214a..aad78fe93 100755
--- a/install-support
+++ b/install-support
@@ -1,6 +1,14 @@
#!/bin/bash
-PLAYBOOK="iiab-support.yml"
+echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n"
+
+read -p "Continue? [y/N] " ans
+if [ "$ans" != "y" ]; then
+ echo
+ exit
+fi
+
+PLAYBOOK="install-support.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
@@ -12,7 +20,7 @@ if [ ! -f $PLAYBOOK ]; then
exit 1
fi
-sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml
-sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" /etc/iiab/local_vars.yml
+sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml
+sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local
diff --git a/iiab-support.yml b/install-support.yml
similarity index 58%
rename from iiab-support.yml
rename to install-support.yml
index 170d0cf24..b7a9faf75 100644
--- a/iiab-support.yml
+++ b/install-support.yml
@@ -1,4 +1,3 @@
----
- hosts: all
become: yes
@@ -11,4 +10,5 @@
- { role: 0-init, tags: ['0-init'] }
#- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] }
- { role: 1-prep, tags: ['1-prep'] }
- #- { role: openvpn, tags: ['openvpn'] } # no longer nec, as 1-prep calls role openvpn (2018-09-19)
+ #- { role: openvpn, tags: ['openvpn'] } # FASTER ALTERNATIVE THAN 1-prep (if 1-prep was already run!)
+ # BETTER YET, SEE: /usr/bin/iiab-support for a much friendlier UX, that only runs 1-prep when necessary.
diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml
index 1c5ec2081..517936aa0 100644
--- a/roles/0-init/defaults/main.yml
+++ b/roles/0-init/defaults/main.yml
@@ -1,6 +1,7 @@
-# Use these to tag a release at a point in time, for {{ iiab_env_file }}
-iiab_base_ver: 7.0
-iiab_revision: 0
+# (PRE-)release version number, for {{ iiab_env_file }} = /etc/iiab/iiab.env
+# iiab_base_ver: 7.0
+# iiab_revision: 0
+# ABOVE MOVED TO /opt/iiab/iiab/vars/default_vars.yml
# These entries should never be changed in this file.
# These are defaults for boolean routines.
@@ -8,7 +9,7 @@ first_run: False
rpi_model: none
is_rpi: False
xo_model: none
-gw_active: none
+gw_active: False
internet_available: False
discovered_wan_iface: none
diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml
index 289b5a66e..603b280e1 100644
--- a/roles/0-init/tasks/hostname.yml
+++ b/roles/0-init/tasks/hostname.yml
@@ -13,7 +13,7 @@
- name: 'Turn the crank for systemd: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" (debuntu)'
shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
- when: is_debuntu
+ when: is_debuntu | bool
- name: Install /etc/sysconfig/network from template (redhat)
template:
@@ -22,7 +22,7 @@
owner: root
group: root
mode: 0644
- when: is_redhat
+ when: is_redhat | bool
- name: Put hostnames "127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}" in /etc/hosts
lineinfile:
diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml
index a16a68a29..48954b796 100644
--- a/roles/0-init/tasks/main.yml
+++ b/roles/0-init/tasks/main.yml
@@ -14,7 +14,7 @@
# sections once and only once to preserve the install date and git hash.
- name: Create IIAB directory structure and {{ iiab_ini_file }}, if first_run
include_tasks: first_run.yml
- when: first_run
+ when: first_run | bool
#- name: Loading computed_vars
# include_tasks: roles/0-init/tasks/computed_vars.yml
@@ -92,7 +92,7 @@
- name: Set port 443 for Admin Console if adm_cons_force_ssl
set_fact:
gui_port: 443
- when: adm_cons_force_ssl
+ when: adm_cons_force_ssl | bool
- name: Turn on both vars for MySQL (mandatory in Stage 3!)
set_fact:
@@ -109,7 +109,7 @@
# set_fact:
# mongodb_install: True
# mongodb_enabled: True
-# when: sugarizer_enabled
+# when: sugarizer_enabled | bool
# There might be other db's
- name: Turn on both vars for PostgreSQL if moodle_enabled or pathagar_enabled
@@ -127,12 +127,12 @@
- name: "Set python_path: /lib/python2.7/site-packages/ (redhat)"
set_fact:
python_path: /lib/python2.7/site-packages/
- when: is_redhat
+ when: is_redhat | bool
- name: "Set python_path: /usr/local/lib/python2.7/dist-packages/ (debuntu)"
set_fact:
python_path: /usr/local/lib/python2.7/dist-packages/
- when: is_debuntu
+ when: is_debuntu | bool
# For various reasons the mysql service cannot be enabled on Fedora 20, but
# 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'.
@@ -154,7 +154,7 @@
#- name: "Set mysql_service: mysql (debuntu)"
# set_fact:
# mysql_service: mysql
-# when: is_debuntu
+# when: is_debuntu | bool
- name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}"
set_fact:
@@ -168,7 +168,7 @@
- name: Set hostname if FQDN_changed
include_tasks: hostname.yml
- when: FQDN_changed
+ when: FQDN_changed | bool
- name: Add 'runtime' variable values to {{ iiab_ini_file }}
ini_file:
@@ -202,21 +202,21 @@
- option: product_id
value: "{{ ansible_product_uuid }}"
- option: gw_active
- value: "{{ gw_active }}"
+ value: "{{ gw_active }}"
- option: internet_available
- value: "{{ internet_available }}"
+ value: "{{ internet_available }}"
- option: is_rpi
- value: "{{ is_rpi }}"
+ value: "{{ is_rpi }}"
- option: first_run
- value: "{{ first_run }}"
+ value: "{{ first_run }}"
- option: local_tz
- value: "{{ local_tz }}"
+ value: "{{ local_tz }}"
- option: no_NM_reload
value: "{{ no_NM_reload }}"
- option: is_F18
value: "{{ is_F18 }}"
- option: FQDN_changed
- value: "{{ FQDN_changed }}"
+ value: "{{ FQDN_changed }}"
- name: Add 'runtime' variable 'is_VM' value if defined, to {{ iiab_ini_file }}
ini_file:
@@ -226,7 +226,7 @@
value: "{{ item.value }}"
with_items:
- option: is_VM
- value: "yes"
+ value: "yes"
when: is_VM is defined
- name: STAGE 0 HAS COMPLETED ======================================
diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml
index e518689c4..9cdb8ebd6 100644
--- a/roles/1-prep/tasks/main.yml
+++ b/roles/1-prep/tasks/main.yml
@@ -9,7 +9,7 @@
- uuid-runtime
- sudo
state: present
- when: is_debuntu
+ when: is_debuntu | bool
- name: Does /etc/iiab/uuid file exist?
stat:
@@ -44,8 +44,8 @@
- name: Does 'ubermix' exist in /etc/lsb-release?
shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?
register: grep_ubermix
- failed_when: false # Universal way to hide alarmist red errors!
- #ignore_errors: true
+ failed_when: False # Universal way to hide alarmist red errors!
+ #ignore_errors: True
#check_mode: no
#- debug:
@@ -77,7 +77,7 @@
- name: OPENVPN
include_role:
name: openvpn
- when: openvpn_install
+ when: openvpn_install | bool
tags: openvpn
# for rpi, without rtc, we need time as soon as possible
@@ -100,14 +100,14 @@
# https://wiki.debian.org/AppArmor/HowToUse
# https://packages.debian.org/buster/apparmor
# Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10
-# pre-releases, during @floydianslips' March 2019 testing anyway!
+# pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387
- name: Disable AppArmor -- override OS default (ubuntu)
service:
name: apparmor
enabled: False
state: stopped
- when: is_ubuntu
- ignore_errors: true
+ when: is_ubuntu | bool
+ ignore_errors: True
- name: Disable SELinux on next boot (OS's other than debuntu)
selinux:
@@ -127,7 +127,7 @@
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
register: usb_NUC6
- ignore_errors: true
+ ignore_errors: True
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
get_url:
diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml
index 564228a95..22efe6934 100644
--- a/roles/1-prep/tasks/raspberry_pi.yml
+++ b/roles/1-prep/tasks/raspberry_pi.yml
@@ -37,14 +37,14 @@
path: /etc/dphys-swapfile
regexp: "^CONF_SWAPSIZE"
line: CONF_SWAPSIZE=500
- when: is_debuntu
+ when: is_debuntu | bool
- name: Restart swap service "dphys-swapfile" (debuntu)
#command: /etc/init.d/dphys-swapfile restart
service: # A rare/legacy service that is NOT systemd
name: dphys-swapfile
state: restarted
- when: is_debuntu
+ when: is_debuntu | bool
- name: Install RPi rootfs resizing (iiab-rpi-max-rootfs.sh) and its systemd service (iiab-rpi-root-resize.service), from templates
template:
diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml
index 157c2b5a9..a0c1d9554 100644
--- a/roles/2-common/tasks/fl.yml
+++ b/roles/2-common/tasks/fl.yml
@@ -14,8 +14,10 @@
- "{{ downloads_dir }}"
- /library/downloads/zims
- /library/downloads/rachel
+ - /library/downloads/maps
- /library/working/zims
- /library/working/rachel
+ - /library/working/maps
- "{{ iiab_zim_path }}/content"
- "{{ iiab_zim_path }}/index"
- "{{ doc_root }}/local_content"
diff --git a/roles/2-common/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml
index 02db8ee97..7a1729b77 100644
--- a/roles/2-common/tasks/iptables.yml
+++ b/roles/2-common/tasks/iptables.yml
@@ -35,7 +35,7 @@
package:
name: iptables-persistent
state: present
- when: is_debuntu
+ when: is_debuntu | bool
tags:
- download
@@ -60,4 +60,4 @@
src: iptables
dest: /etc/network/if-pre-up.d/iptables
mode: 0755
- when: is_debuntu
+ when: is_debuntu | bool
diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 348fa0524..e47e6b095 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -12,7 +12,7 @@
- xml-common
- yum-utils
state: present
- when: is_redhat
+ when: is_redhat | bool
- name: Install {{ iiab_download_url }}/usbmount_0.0.14.1_all.deb, missing from Debian (debian-9 or debian-10, if NOT rpi)
apt:
@@ -31,7 +31,7 @@
- libnss-mdns
- wpasupplicant
state: present
- when: is_debuntu
+ when: is_debuntu | bool
- name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget"
package:
diff --git a/roles/2-common/tasks/yum-historical.yml b/roles/2-common/tasks/yum-historical.yml
index 8db268c37..a91498b81 100644
--- a/roles/2-common/tasks/yum-historical.yml
+++ b/roles/2-common/tasks/yum-historical.yml
@@ -13,18 +13,18 @@
- name: get the createrepo program
package: name=createrepo
state=present
- when: is_redhat
+ when: is_redhat | bool
- name: Create local repo
shell: createrepo {{ yum_packages_dir }}
- when: is_redhat
+ when: is_redhat | bool
- name: Install local repo file.
template: dest=/etc/yum.repos.d/iiab-local.repo
src=local.repo
owner=root
mode=0644
- when: is_redhat
+ when: is_redhat | bool
- name: Install yum packages
package: name={{ item }}
@@ -36,7 +36,7 @@
- linux-firmware
- syslog
- xml-common
- when: is_redhat
+ when: is_redhat | bool
- name: Install yum packages for Debian
package: name={{ item }}
@@ -44,7 +44,7 @@
with_items:
- inetutils-syslogd
- wpasupplicant
- when: is_debuntu
+ when: is_debuntu | bool
- name: Install common packages
package: name={{ item }}
@@ -82,7 +82,7 @@
- glibc # CVE-2015-7547
- bash
- iptables
- when: is_redhat
+ when: is_redhat | bool
- name: Update common packages (debian)
package: name={{ item }}
@@ -91,7 +91,7 @@
- libc6
- bash
- iptables
- when: is_debuntu
+ when: is_debuntu | bool
# instuctions state to start with a fully updated system before starting, stop using
diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml
index 4c56b0572..eca44a6fb 100644
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@@ -5,27 +5,27 @@
- name: Install dnsmasq
include_tasks: roles/network/tasks/dnsmasq.yml
- when: dnsmasq_install
+ when: dnsmasq_install | bool
tags: base, domain, dnsmasq, network
- name: Install named / BIND
include_tasks: roles/network/tasks/named.yml
- when: named_install
+ when: named_install | bool
tags: base, named, network, domain
- name: Installing captive portal
include_tasks: roles/captive-portal/tasks/main.yml
- when: captive_portal_install
+ when: captive_portal_install | bool
tags: base, captive-portal, network, domain
- name: Installing dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
- when: dhcpd_install
+ when: dhcpd_install | bool
tags: base, dhcpd, network, domain
- name: Install Squid (and DansGuardian if dansguardian_install)
include_tasks: roles/network/tasks/squid.yml
- when: squid_install
+ when: squid_install | bool
tags: base, squid, network, domain
# NETWORK moved to the very end, after Stage 9 (9-LOCAL-ADDONS)
@@ -47,7 +47,7 @@
- name: POSTGRESQL
include_role:
name: postgresql
- when: postgresql_install
+ when: postgresql_install | bool
tags: postgresql, pathagar, moodle
# UNMAINTAINED
@@ -60,19 +60,19 @@
- name: CUPS
include_role:
name: cups
- when: cups_install
+ when: cups_install | bool
tags: cups
- name: SAMBA
include_role:
name: samba
- when: samba_install
+ when: samba_install | bool
tags: samba
- name: USB-LIB
include_role:
name: usb-lib
- when: usb_lib_install
+ when: usb_lib_install | bool
tags: usb-lib
- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml)
diff --git a/roles/5-xo-services/tasks/main.yml b/roles/5-xo-services/tasks/main.yml
index c1645d5be..80fc5146d 100644
--- a/roles/5-xo-services/tasks/main.yml
+++ b/roles/5-xo-services/tasks/main.yml
@@ -6,19 +6,19 @@
- name: ACTIVITY-SERVER
include_role:
name: activity-server
- when: activity_server_install
+ when: activity_server_install | bool
tags: olpc, activity-server
- name: EJABBERD_XS
include_role:
name: ejabberd_xs
- when: ejabberd_xs_install
+ when: ejabberd_xs_install | bool
tags: olpc, ejabberd-xs
- name: IDMGR
include_role:
name: idmgr
- when: idmgr_install
+ when: idmgr_install | bool
tags: olpc, idmgr
- name: Recording STAGE 5 HAS COMPLETED =====================
diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml
index a0eff2ca3..b90927af7 100644
--- a/roles/6-generic-apps/tasks/main.yml
+++ b/roles/6-generic-apps/tasks/main.yml
@@ -6,73 +6,73 @@
- name: DOKUWIKI
include_role:
name: dokuwiki
- when: dokuwiki_install
+ when: dokuwiki_install | bool
tags: dokuwiki
- name: MEDIAWIKI
include_role:
name: mediawiki
- when: mediawiki_install
+ when: mediawiki_install | bool
tags: mediawiki
- name: EJABBERD
include_role:
name: ejabberd
- when: ejabberd_install
+ when: ejabberd_install | bool
tags: ejabberd
- name: ELGG
include_role:
name: elgg
- when: elgg_install
+ when: elgg_install | bool
tags: elgg
- name: GITEA
include_role:
name: gitea
- when: gitea_install
+ when: gitea_install | bool
tags: gitea
- name: LOKOLE
include_role:
name: lokole
- when: lokole_install
+ when: lokole_install | bool
tags: lokole
- name: MOSQUITTO
include_role:
name: mosquitto
- when: mosquitto_install
+ when: mosquitto_install | bool
tags: mosquitto
- name: NODE-RED
include_role:
name: nodered
- when: nodered_install
+ when: nodered_install | bool
tags: nodered
- name: NEXTCLOUD
include_role:
name: nextcloud
- when: nextcloud_install
+ when: nextcloud_install | bool
tags: nextcloud
#- name: OWNCLOUD
# include_role:
# name: owncloud
-# when: owncloud_install
+# when: owncloud_install | bool
# tags: owncloud
- name: PBX
include_role:
name: pbx
- when: pbx_install
+ when: pbx_install | bool
tags: pbx
- name: WORDPRESS
include_role:
name: wordpress
- when: wordpress_install
+ when: wordpress_install | bool
tags: wordpress
- name: Recording STAGE 6 HAS COMPLETED ====================
diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml
index 688455ffa..7c6d89823 100644
--- a/roles/7-edu-apps/tasks/main.yml
+++ b/roles/7-edu-apps/tasks/main.yml
@@ -6,39 +6,39 @@
- name: KALITE
include_role:
name: kalite
- when: kalite_install
+ when: kalite_install | bool
tags: kalite
- name: KOLIBRI
include_role:
name: kolibri
- when: kolibri_install
+ when: kolibri_install | bool
tags: kolibri
- name: KIWIX
include_role:
name: kiwix
- when: kiwix_install
+ when: kiwix_install | bool
tags: kiwix
- name: MOODLE
include_role:
name: moodle
- when: moodle_install
+ when: moodle_install | bool
tags: olpc, moodle
-- name: OSM_VECTOR
+- name: OSM-VECTOR-MAPS
include_role:
- name: osm-vector
- when: osm_vector_install is defined and osm_vector_install
- tags: osm
+ name: osm-vector-maps
+ when: osm_vector_maps_install | bool
+ tags: osm, maps
# UNMAINTAINED
- name: OSM
include_role:
name: osm
when: osm_install is defined and osm_install
- tags: osm
+ tags: osm, maps
# UNMAINTAINED
- name: PATHAGAR
@@ -50,7 +50,7 @@
- name: SUGARIZER
include_role:
name: sugarizer
- when: sugarizer_install
+ when: sugarizer_install | bool
tags: sugarizer
- name: Recording STAGE 7 HAS COMPLETED ========================
diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml
index f0522a44a..806b24f8f 100644
--- a/roles/8-mgmt-tools/tasks/main.yml
+++ b/roles/8-mgmt-tools/tasks/main.yml
@@ -6,31 +6,31 @@
- name: TRANSMISSION
include_role:
name: transmission
- when: transmission_install
+ when: transmission_install | bool
tags: transmission
- name: AWSTATS
include_role:
name: awstats
- when: awstats_install
+ when: awstats_install | bool
tags: awstats
- name: MONIT
include_role:
name: monit
- when: monit_install
+ when: monit_install | bool
tags: monit
- name: MUNIN
include_role:
name: munin
- when: munin_install
+ when: munin_install | bool
tags: munin
- name: PHPMYADMIN
include_role:
name: phpmyadmin
- when: phpmyadmin_install
+ when: phpmyadmin_install | bool
tags: phpmyadmin
# UNMAINTAINED
@@ -50,7 +50,7 @@
- name: VNSTAT
include_role:
name: vnstat
- when: vnstat_install
+ when: vnstat_install | bool
tags: vnstat
# UNMAINTAINED
diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml
index 1281fa680..13e910378 100644
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@@ -6,19 +6,19 @@
- name: CALIBRE
include_role:
name: calibre
- when: calibre_install
+ when: calibre_install | bool
tags: calibre
- name: CALIBRE-WEB
include_role:
name: calibre-web
- when: calibreweb_install
+ when: calibreweb_install | bool
tags: calibre-web
- name: MINETEST
include_role:
name: minetest
- when: minetest_install
+ when: minetest_install | bool
tags: minetest
- name: INTERNETARCHIVE
diff --git a/roles/activity-server/tasks/main.yml b/roles/activity-server/tasks/main.yml
index b0593a613..cf4c5917b 100644
--- a/roles/activity-server/tasks/main.yml
+++ b/roles/activity-server/tasks/main.yml
@@ -79,7 +79,7 @@
- name: enable mod_expires for debian
command: a2enmod expires
- when: is_debuntu
+ when: is_debuntu | bool
- name: create the link which enables the site
file: src=/etc/apache2/sites-available/xs-activity-server.conf
diff --git a/roles/ajenti/tasks/ajenti-wondershaper.yml b/roles/ajenti/tasks/ajenti-wondershaper.yml
index 4b4d28fe1..76713a470 100644
--- a/roles/ajenti/tasks/ajenti-wondershaper.yml
+++ b/roles/ajenti/tasks/ajenti-wondershaper.yml
@@ -1,3 +1,3 @@
- name: Install wondershaper ajenti plugin
pip: name="{{ iiab_download_url }}"/ajenti-plugin-wondershaper-0.3.tar.gz
- when: internet_available
+ when: internet_available | bool
diff --git a/roles/ajenti/tasks/main.yml b/roles/ajenti/tasks/main.yml
index e5a03096a..e33b40e65 100644
--- a/roles/ajenti/tasks/main.yml
+++ b/roles/ajenti/tasks/main.yml
@@ -45,7 +45,7 @@
service: name=ajenti
enabled=yes
state=restarted
- when: ajenti_enabled
+ when: ajenti_enabled | bool
- name: Add 'ajenti' variable values to {{ iiab_ini_file }}
ini_file:
diff --git a/roles/authserver/tasks/main.yml b/roles/authserver/tasks/main.yml
index 00ec12408..ea188e976 100644
--- a/roles/authserver/tasks/main.yml
+++ b/roles/authserver/tasks/main.yml
@@ -4,7 +4,7 @@
- name: Install xs-authserver from pypi
pip: name=xs-authserver
- when: internet_available
+ when: internet_available | bool
- name: install gunicorn
package: name=python-gunicorn
@@ -48,7 +48,7 @@
service: name=xs-authserver
state=restarted
enabled=yes
- when: authserver_enabled
+ when: authserver_enabled | bool
- name: Add 'authserver' variable values to {{ iiab_ini_file }}
ini_file:
diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml
index 8109a5453..9ae8e6fe5 100644
--- a/roles/awstats/tasks/install.yml
+++ b/roles/awstats/tasks/install.yml
@@ -14,13 +14,13 @@
- libapache2-mod-authnz-external
- apache2-utils
state: present
- when: is_debuntu
+ when: is_debuntu | bool
tags:
- download
- name: Enable cgi execution (debuntu)
command: a2enmod cgi
- when: is_debuntu
+ when: is_debuntu | bool
- name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}' # /library/awstats & /var/log/apache2 typically
file:
@@ -29,8 +29,8 @@
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
state: directory
- recurse: true
- force: true
+ recurse: yes
+ force: yes
with_items:
- "{{ awstats_data_dir }}"
- "{{ apache_log_dir }}"
@@ -57,7 +57,7 @@
template:
src: logrotate.d.apache2
dest: /etc/logrotate.d/apache2
- when: is_debuntu
+ when: is_debuntu | bool
- name: Check if package installed /etc/awstats/awstats.conf
stat:
@@ -94,14 +94,14 @@
owner: root
group: root
mode: 0644
- when: awstats_enabled
+ when: awstats_enabled | bool
- name: Create a symlink /etc/awstats/awstats.conf for access by IP address
file:
src: /etc/awstats/awstats.schoolserver.conf
path: /etc/awstats/awstats.conf
state: link
- when: awstats_enabled
+ when: awstats_enabled | bool
- name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu)
shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml
index 212fef1ca..26b53df88 100644
--- a/roles/awstats/tasks/main.yml
+++ b/roles/awstats/tasks/main.yml
@@ -1,6 +1,6 @@
- name: Install AWStats if awstats_install
include_tasks: install.yml
- when: awstats_install
+ when: awstats_install | bool
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
ini_file:
diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml
index fb2657188..3448752ea 100644
--- a/roles/calibre-web/tasks/main.yml
+++ b/roles/calibre-web/tasks/main.yml
@@ -3,7 +3,7 @@
name:
- imagemagick
state: present
- when: is_debuntu
+ when: is_debuntu | bool
- name: Allow ImageMagick to read PDFs (debuntu)
lineinfile:
@@ -12,7 +12,7 @@
backrefs: yes
line: ' '
state: present
- when: is_debuntu
+ when: is_debuntu | bool
- name: Create 3 Calibre-Web folders to store data and configuration files
file:
@@ -35,7 +35,7 @@
#update: yes
depth: 1
version: master
- when: internet_available
+ when: internet_available | bool
## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed)
#- name: Download calibre-web dependencies into vendor subdirectory.
@@ -51,7 +51,7 @@
requirements: "{{ calibreweb_venv_path }}/requirements.txt"
virtualenv: "{{ calibreweb_venv_path }}"
virtualenv_site_packages: no
- when: internet_available
+ when: internet_available | bool
- name: Symlink {{ calibreweb_venv_path }}/vendor to {{ calibreweb_venv_path }}/lib/python2.7/site-packages to keep cps.py happy
file:
@@ -87,7 +87,7 @@
- roles/calibre-web/files/metadata.db
- roles/calibre-web/files/metadata_db_prefs_backup.json
when: not metadatadb.stat.exists
- #when: calibreweb_provision
+ #when: calibreweb_provision | bool
- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist # {{ calibreweb_config }} is /library/calibre-web/config
copy:
@@ -98,7 +98,7 @@
mode: 0644
backup: yes
when: not metadatadb.stat.exists
- #when: calibreweb_provision
+ #when: calibreweb_provision | bool
- name: Enable & Restart 'calibre-web' systemd service
systemd:
@@ -106,17 +106,17 @@
daemon_reload: yes
enabled: yes
state: restarted
- when: calibreweb_enabled
+ when: calibreweb_enabled | bool
# Default: http://box/books
# SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
- name: Enable http://box{{ calibreweb_url }} with Apache
command: a2ensite calibre-web.conf
- when: calibreweb_enabled
+ when: calibreweb_enabled | bool
#- name: Restart Apache after enabling calibre-web httpd2 site
# command: apachectl -k graceful
-# when: calibreweb_enabled
+# when: calibreweb_enabled | bool
- name: Disable 'calibre-web' systemd service
systemd:
diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml
index 86a3d5afa..b327558e4 100644
--- a/roles/calibre/tasks/main.yml
+++ b/roles/calibre/tasks/main.yml
@@ -64,7 +64,7 @@
state: stopped
#enabled: no
#register: command_result # gist.github.com/tyrells/0a79681de339237cb04c
- #failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!)
+ #failed_when: False # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!)
#when: calibre_svc.stat.exists
# 3. CREATE USER DATABASE
@@ -121,7 +121,7 @@
name: calibre-serve
enabled: yes
state: started
- when: calibre_enabled
+ when: calibre_enabled | bool
#async: 900
#poll: 5
diff --git a/roles/calibre/tasks/py-installer.yml b/roles/calibre/tasks/py-installer.yml
index 29f9b3265..85dca3f3f 100644
--- a/roles/calibre/tasks/py-installer.yml
+++ b/roles/calibre/tasks/py-installer.yml
@@ -12,7 +12,7 @@
backup: yes
timeout: "{{ download_timeout }}"
register: calibre_download_output
- when: internet_available
+ when: internet_available | bool
# ALWAYS DEFINED, DESPITE get_url DOCUMENTATION CLAIM...
# - debug:
@@ -53,4 +53,4 @@
shell: "{{ downloads_dir }}/calibre-installer.py >> /dev/null"
#args:
# creates: /usr/bin/calibre-uninstall
- when: internet_available
+ when: internet_available | bool
diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml
index 6c0d8cdda..c593816dc 100644
--- a/roles/captive-portal/tasks/main.yml
+++ b/roles/captive-portal/tasks/main.yml
@@ -10,7 +10,7 @@
package:
name: libapache2-mod-wsgi
state: present
- when: is_debuntu
+ when: is_debuntu | bool
- name: Install mod_wsgi (not debuntu)
package:
@@ -70,7 +70,7 @@
owner: root
group: root
mode: 0644
- when: captive_portal_enabled
+ when: captive_portal_enabled | bool
- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu)
file:
@@ -92,7 +92,7 @@
# daemon-reload: yes
# enabled: yes
# state: started
-# when: captive_portal_enabled
+# when: captive_portal_enabled | bool
#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
# systemd:
@@ -128,7 +128,7 @@
# systemd:
# name: dnsmasq
# state: restarted
-# when: dnsmasq_enabled
+# when: dnsmasq_enabled | bool
# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
@@ -136,11 +136,11 @@
systemd:
name: dnsmasq
state: stopped
- when: dnsmasq_enabled
+ when: dnsmasq_enabled | bool
- name: Start dnsmasq
systemd:
name: dnsmasq
state: started
- when: dnsmasq_enabled
+ when: dnsmasq_enabled | bool
diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml
index 2174487ea..6b6ee6992 100644
--- a/roles/cups/tasks/main.yml
+++ b/roles/cups/tasks/main.yml
@@ -3,7 +3,7 @@
package:
name: cups
state: present
- when: cups_install
+ when: cups_install | bool
tags:
- download
@@ -43,7 +43,7 @@
- name: Permit headless admin of CUPS -- only works when CUPS daemon is running
shell: "cupsctl --remote-admin"
- when: cups_enabled
+ when: cups_enabled | bool
- name: Disable both CUPS services (OS's other than Fedora 18)
systemd:
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 7763054db..128f87b21 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -4,7 +4,7 @@
with_items:
- docker
- python-docker-py
- when: docker_install
+ when: docker_install | bool
tags: download
- name: put the systemd startup file in place
@@ -32,7 +32,7 @@
service: name=docker
state=started
enabled=true
- when: docker_enabled
+ when: docker_enabled | bool
- name: Disable docker
service: name=docker
diff --git a/roles/dokuwiki/tasks/install.yml b/roles/dokuwiki/tasks/install.yml
index a1c3cfa30..9aab6692c 100644
--- a/roles/dokuwiki/tasks/install.yml
+++ b/roles/dokuwiki/tasks/install.yml
@@ -3,7 +3,7 @@
url: "{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz"
dest: "{{ downloads_dir }}/"
timeout: "{{ download_timeout }}"
- when: internet_available
+ when: internet_available | bool
- name: Unarchive (unpack) it to /library/{{ dokuwiki_version }}
unarchive:
@@ -25,7 +25,7 @@
template:
src: dokuwiki.conf.j2
dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf"
- when: dokuwiki_enabled
+ when: dokuwiki_enabled | bool
- name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
file:
diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml
index e14aba6e7..15824df31 100644
--- a/roles/dokuwiki/tasks/main.yml
+++ b/roles/dokuwiki/tasks/main.yml
@@ -1,6 +1,6 @@
- name: Install DokuWiki
include_tasks: install.yml
- when: dokuwiki_install
+ when: dokuwiki_install | bool
- name: Add 'dokuwiki' variable values to {{ iiab_ini_file }}
ini_file:
diff --git a/roles/ejabberd/tasks/main.yml b/roles/ejabberd/tasks/main.yml
index f9b14642b..5818ac4e0 100644
--- a/roles/ejabberd/tasks/main.yml
+++ b/roles/ejabberd/tasks/main.yml
@@ -36,7 +36,7 @@
# src: ejabberd-iiab.init
# dest: /etc/init.d/ejabberd-iiab
# mode: 0755
-# when: is_debuntu
+# when: is_debuntu | bool
#- name: Put the startup script in place - non debian
# template:
@@ -73,7 +73,7 @@
#name: ejabberd-iiab
state: restarted
enabled: yes
- when: ejabberd_enabled
+ when: ejabberd_enabled | bool
#when: ejabberd_config.changed and ejabberd_enabled
#- name: Wait for ejabberd service start
diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml
index 9cab2c00d..6461ebca1 100644
--- a/roles/elgg/tasks/main.yml
+++ b/roles/elgg/tasks/main.yml
@@ -9,7 +9,7 @@
url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip"
dest: "{{ downloads_dir }}"
timeout: "{{ download_timeout }}"
- when: internet_available
+ when: internet_available | bool
- name: Check for existence of /opt/elgg-{{ elgg_version }}/index.php
stat:
@@ -34,7 +34,7 @@
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
state: link
- force: true
+ force: yes
- name: 'Install /opt/elgg/elgg-config/settings.php from template (WARNING: overwrites manual settings!)'
template:
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index 8eccf4881..b3579fff7 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -8,7 +8,7 @@
# https://git.coolaj86.com/coolaj86/gitea-installer.sh
# Information needed to install Gitea
-gitea_version: 1.8.0
+gitea_version: 1.7.6
iset_suffixes:
i386: 386
x86_64: amd64
@@ -54,4 +54,4 @@ gitea_log_root: "{{ gitea_root_directory }}/log"
# Extra configuration
gitea_display_name: Internet-in-a-Box Gitea
-skip_install_screen: true
+skip_install_screen: true # lowercase for Gitea's own /etc/gitea/app.ini
diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml
index ac61ce342..f67bee787 100644
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@@ -59,7 +59,7 @@
mode: 0775
tags:
- install
- when: internet_available
+ when: internet_available | bool
- name: Download Gitea GPG signature
get_url:
@@ -68,7 +68,7 @@
tags:
- never
- verify
- when: internet_available
+ when: internet_available | bool
- name: Verify Gitea binary with GPG signature
shell: |
@@ -131,7 +131,7 @@
name: gitea
enabled: yes
state: restarted
- when: gitea_enabled
+ when: gitea_enabled | bool
- name: Disable 'gitea' service
systemd:
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index e75a9f12a..28e34380f 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -1,3 +1,3 @@
- name: Install Gitea {{ gitea_version }} if gitea_install
include_tasks: install.yml
- when: gitea_install
+ when: gitea_install | bool
diff --git a/roles/homepage/tasks/main.yml b/roles/homepage/tasks/main.yml
index 67cc2c64a..71a6fcf2b 100644
--- a/roles/homepage/tasks/main.yml
+++ b/roles/homepage/tasks/main.yml
@@ -16,4 +16,4 @@
src: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
path: /etc/apache2/sites-enabled/iiab-homepage.conf
state: link
- when: is_debuntu
+ when: is_debuntu | bool
diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml
index 740a93839..fe761e180 100644
--- a/roles/httpd/tasks/main.yml
+++ b/roles/httpd/tasks/main.yml
@@ -7,7 +7,7 @@
- "php{{ php_version }}"
- "php{{ php_version }}-curl"
state: present
- when: is_debian
+ when: is_debian | bool
tags:
- download
@@ -19,7 +19,7 @@
- apache2
- php
state: present
- when: is_ubuntu
+ when: is_ubuntu | bool
tags:
- download
@@ -44,7 +44,7 @@
- php
- php-curl
state: present
- when: is_redhat
+ when: is_redhat | bool
tags:
- download
@@ -68,7 +68,7 @@
path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
- when: apache_high_php_limits
+ when: apache_high_php_limits | bool
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }
@@ -84,7 +84,7 @@
with_items:
- mpm_event.conf
- mpm_event.load
- when: is_debuntu
+ when: is_debuntu | bool
- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu)
file:
@@ -94,7 +94,7 @@
with_items:
- mpm_prefork.conf
- mpm_prefork.load
- when: is_debuntu
+ when: is_debuntu | bool
- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)'
command: a2enmod {{ item }}
@@ -103,14 +103,14 @@
- proxy_html
- headers
- rewrite
- when: is_debuntu
+ when: is_debuntu | bool
- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/010-iiab.conf"
path: /etc/apache2/sites-enabled/010-iiab.conf
state: link
- when: is_debuntu
+ when: is_debuntu | bool
- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu)
file:
@@ -119,7 +119,7 @@
with_items:
- /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere?
- /etc/apache2/sites-enabled/000-default.conf
- when: is_debuntu
+ when: is_debuntu | bool
- name: Create Apache's pid dir /var/run/{{ apache_user }}
file:
@@ -178,7 +178,7 @@
path: /etc/apache2/sites-enabled/osm.conf
#path: "/etc/{{ apache_service }}/sites-enabled/osm.conf"
state: link
- when: is_debuntu
+ when: is_debuntu | bool
- include_tasks: html.yml
tags:
@@ -200,7 +200,7 @@
src: 020_apache_poweroff.j2
dest: /etc/sudoers.d/020_apache_poweroff
mode: 0755
- when: apache_allow_sudo
+ when: apache_allow_sudo | bool
- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff
file:
diff --git a/roles/httpd/tasks/php-stem.yml b/roles/httpd/tasks/php-stem.yml
index 1869d5981..ad943f436 100644
--- a/roles/httpd/tasks/php-stem.yml
+++ b/roles/httpd/tasks/php-stem.yml
@@ -5,7 +5,7 @@
#- name: Download php-stem.rpi.tar
# command: cd /; wget http://download.iiab.io/packages/php-stem.rpi.tar
-# when: is_rpi
+# when: is_rpi | bool
#- name: Download php-stem.x86.tar
# command: cd /; wget http://download.iiab.io/packages/php-stem.x64.tar
@@ -19,7 +19,7 @@
group: root
#mode: ????
remote_src: yes
- when: is_rpi
+ when: is_rpi | bool
- name: Unarchive http://download.iiab.io/packages/php-stem.x64.tar to / (debian-9 on x86_64 only)
unarchive:
diff --git a/roles/idmgr/tasks/main.yml b/roles/idmgr/tasks/main.yml
index 7d70dd11e..c8e05bee4 100644
--- a/roles/idmgr/tasks/main.yml
+++ b/roles/idmgr/tasks/main.yml
@@ -44,7 +44,7 @@
with_items:
- idmgr
- xinetd
- when: xo_services_enabled
+ when: xo_services_enabled | bool
- name: Disable idmgr service
service: name={{ item }}
diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml
index 4970a646d..2d1dd0c99 100644
--- a/roles/iiab-admin/tasks/admin-user.yml
+++ b/roles/iiab-admin/tasks/admin-user.yml
@@ -14,7 +14,7 @@
group:
name: sudo
state: present
- when: is_redhat
+ when: is_redhat | bool
- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo'
user:
diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml
index 10e3e1b1c..d89f4e446 100644
--- a/roles/iiab-admin/tasks/main.yml
+++ b/roles/iiab-admin/tasks/main.yml
@@ -1,7 +1,7 @@
- include_tasks: admin-user.yml
tags:
- base
- when: iiab_admin_user_install
+ when: iiab_admin_user_install | bool
- include_tasks: access.yml
tags:
diff --git a/roles/kalite/tasks/install-f18.yml b/roles/kalite/tasks/install-f18.yml
index 7d38866fc..28cd4cb1c 100644
--- a/roles/kalite/tasks/install-f18.yml
+++ b/roles/kalite/tasks/install-f18.yml
@@ -7,7 +7,7 @@
with_items:
- python-psutil
- expect
- when: is_F18
+ when: is_F18 | bool
- name: Install dependent pip packages (Fedora 18)
pip:
diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml
index 31507e645..6ccd12943 100644
--- a/roles/kalite/tasks/install.yml
+++ b/roles/kalite/tasks/install.yml
@@ -12,7 +12,7 @@
url: "{{ kalite_requirements }}"
dest: "{{ pip_packages_dir }}/kalite.txt"
timeout: "{{ download_timeout }}"
- when: internet_available
+ when: internet_available | bool
#- name: Install KA Lite non-static + reqs file with pip - (debuntu)
# pip: requirements={{ pip_packages_dir }}/kalite.txt
diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml
index 3be716a1b..d067c6041 100644
--- a/roles/kalite/tasks/main.yml
+++ b/roles/kalite/tasks/main.yml
@@ -5,7 +5,7 @@
- name: Set KA Lite's SQLite filename (Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite"
- when: is_F18
+ when: is_F18 | bool
- name: Set KA Lite's SQLite filename (OS's other than Fedora 18)
set_fact:
diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml
index e9fbd0f7d..b4832ab97 100644
--- a/roles/kiwix/defaults/main.yml
+++ b/roles/kiwix/defaults/main.yml
@@ -10,9 +10,9 @@
# Which kiwix-tools to download from http://download.iiab.io/packages/
# As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/
-kiwix_version_armhf: "kiwix-tools_linux-armhf-1.2.0"
-kiwix_version_linux64: "kiwix-tools_linux-x86_64-1.2.0"
-kiwix_version_i686: "kiwix-tools_linux-i586-1.2.0"
+kiwix_version_armhf: "kiwix-tools_linux-armhf-1.2.1"
+kiwix_version_linux64: "kiwix-tools_linux-x86_64-1.2.1"
+kiwix_version_i686: "kiwix-tools_linux-i586-1.2.1"
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")
# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier:
diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml
index 430e4d73c..309b53530 100644
--- a/roles/kiwix/tasks/kiwix_install.yml
+++ b/roles/kiwix/tasks/kiwix_install.yml
@@ -47,7 +47,7 @@
owner: root
group: root
force: no
- when: kiwix_force_install
+ when: kiwix_force_install | bool
- name: Create {{ kiwix_path }}/bin directory # /opt/iiab/kiwix/bin
file:
@@ -65,11 +65,11 @@
dest: /tmp
owner: root
group: root
- when: kiwix_force_install
+ when: kiwix_force_install | bool
- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686)
shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/"
- when: kiwix_force_install
+ when: kiwix_force_install | bool
# 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
@@ -81,7 +81,7 @@
- proxy_html
- proxy_http
- rewrite
- when: is_debuntu
+ when: is_debuntu | bool
# 4. CREATE/ENABLE/RESTART (OR DISABLE) KIWIX SERVICE & ITS CRON JOB
@@ -106,14 +106,14 @@
src: /etc/apache2/sites-available/kiwix.conf
path: /etc/apache2/sites-enabled/kiwix.conf
state: link
- when: is_debuntu
+ when: is_debuntu | bool
- name: Enable & Restart 'kiwix-serve' service
service:
name: kiwix-serve
enabled: yes
state: restarted
- when: kiwix_enabled
+ when: kiwix_enabled | bool
- name: Disable 'kiwix-serve' service
service:
diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml
index 2b1756bb3..2ffd410d5 100644
--- a/roles/kiwix/tasks/main.yml
+++ b/roles/kiwix/tasks/main.yml
@@ -28,7 +28,7 @@
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}"
dest: "{{ downloads_dir }}/{{ kiwix_src_file }}"
timeout: "{{ download_timeout }}"
- when: internet_available
+ when: internet_available | bool
- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }}
stat:
diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml
index aab67c8f0..77e40cf64 100644
--- a/roles/kolibri/tasks/main.yml
+++ b/roles/kolibri/tasks/main.yml
@@ -27,17 +27,17 @@
virtualenv_site_packages: no
state: latest
extra_args: --no-cache-dir
- when: internet_available
+ when: internet_available | bool
- name: Run Kolibri migrations
shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate
ignore_errors: yes
- when: kolibri_provision
+ when: kolibri_provision | bool
- name: Set Kolibri default language
shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}"
ignore_errors: yes
- when: kolibri_provision
+ when: kolibri_provision | bool
- name: Create Kolibri default facility name, admin account and language
shell: >
@@ -46,7 +46,7 @@
--superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}"
--preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput
ignore_errors: yes
- when: kolibri_provision
+ when: kolibri_provision | bool
- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }}
file:
@@ -72,12 +72,12 @@
enabled: yes
state: restarted
daemon_reload: yes
- when: kolibri_enabled
+ when: kolibri_enabled | bool
# Default: http://box/kolibri
- name: Enable http://box{{ kolibri_url }} with Apache
command: a2ensite kolibri.conf
- when: kolibri_enabled
+ when: kolibri_enabled | bool
- name: Disable kolibri service
systemd:
diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml
index 0fdda9872..93389659d 100644
--- a/roles/lokole/defaults/main.yml
+++ b/roles/lokole/defaults/main.yml
@@ -5,7 +5,7 @@
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
# Info needed to install Lokole
-lokole_version: 0.1.41
+lokole_version: 0.4.2
lokole_admin_user: admin # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!)
lokole_admin_password: changeme
lokole_install_path: "{{ content_base }}/lokole" # /library/lokole
diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml
index 988a3bf7e..1d98096cd 100644
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@@ -20,7 +20,7 @@
virtualenv_command: python3 -m venv "{{ lokole_venv }}"
tags:
- install
- when: internet_available
+ when: internet_available | bool
- name: Compile translations
shell: |
@@ -73,7 +73,7 @@
name: lokole
enabled: yes
state: restarted
- when: lokole_enabled
+ when: lokole_enabled | bool
- name: Disable 'lokole' service, if not lokole_enabled
systemd:
diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml
index e33261101..5f05bd4a3 100644
--- a/roles/lokole/tasks/main.yml
+++ b/roles/lokole/tasks/main.yml
@@ -1,3 +1,3 @@
- name: Install Lokole {{ lokole_version }} if lokole_install
include_tasks: install.yml
- when: lokole_install
+ when: lokole_install | bool
diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml
index 5c265bc6a..db90e1e6c 100644
--- a/roles/mediawiki/tasks/install.yml
+++ b/roles/mediawiki/tasks/install.yml
@@ -14,7 +14,7 @@
timeout: "{{ download_timeout }}"
#force: yes
#backup: yes
- when: internet_available
+ when: internet_available | bool
- name: Unpack it to permanent location {{ mediawiki_abs_path }}
unarchive:
diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml
index 2a33dc83c..bf0a4d795 100644
--- a/roles/mediawiki/tasks/main.yml
+++ b/roles/mediawiki/tasks/main.yml
@@ -1,3 +1,3 @@
- name: Install MediaWiki {{ mediawiki_version }} if mediawiki_install
include_tasks: install.yml
- when: mediawiki_install
+ when: mediawiki_install | bool
diff --git a/roles/minetest/tasks/calc_vars.yml b/roles/minetest/tasks/calc_vars.yml
index a6fa9340f..54c381efa 100644
--- a/roles/minetest/tasks/calc_vars.yml
+++ b/roles/minetest/tasks/calc_vars.yml
@@ -7,7 +7,7 @@
# only works if server run as root
minetest_runas_user: root
minetest_runas_group: root
- when: is_rpi
+ when: is_rpi | bool
# For other installs
- name: Set some facts for other platforms
diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml
index 0c9ad6f6f..042dccde9 100644
--- a/roles/minetest/tasks/main.yml
+++ b/roles/minetest/tasks/main.yml
@@ -78,7 +78,7 @@
name: minetest-server
enabled: yes
state: restarted
- when: minetest_enabled
+ when: minetest_enabled | bool
- name: Disable 'minetest-server' service
systemd:
diff --git a/roles/minetest/tasks/minetest_install.yml b/roles/minetest/tasks/minetest_install.yml
index 354907526..c2685b059 100644
--- a/roles/minetest/tasks/minetest_install.yml
+++ b/roles/minetest/tasks/minetest_install.yml
@@ -24,7 +24,7 @@
line: "{{ item.line }}"
with_items:
- { regexp: '^mg_name = ', line: 'mg_name = flat' }
- when: minetest_flat_world
+ when: minetest_flat_world | bool
- name: Create /library/games/minetest/worlds/world
file:
diff --git a/roles/minetest/tasks/rpi_minetest_install.yml b/roles/minetest/tasks/rpi_minetest_install.yml
index 780145ca1..311e51cf7 100644
--- a/roles/minetest/tasks/rpi_minetest_install.yml
+++ b/roles/minetest/tasks/rpi_minetest_install.yml
@@ -49,4 +49,4 @@
with_items:
- { src: 'minetest.conf.j2', dest: '/etc/minetest/minetest.conf' }
- { src: 'minetest-server.service.j2', dest: '/etc/systemd/system/minetest-server.service' }
- when: minetest_install
+ when: minetest_install | bool
diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml
index aed5d4a1c..6b4eb0deb 100644
--- a/roles/mongodb/tasks/main.yml
+++ b/roles/mongodb/tasks/main.yml
@@ -90,7 +90,7 @@
group:
name: mongodb
state: present
- when: is_rpi
+ when: is_rpi | bool
- name: Create Linux user mongodb (rpi)
user:
@@ -99,7 +99,7 @@
groups: mongodb
home: /var/lib/mongodb
shell: /usr/sbin/nologin
- when: is_rpi
+ when: is_rpi | bool
# 2. CONFIGURE FOR IIAB
@@ -137,7 +137,7 @@
daemon_reload: yes
enabled: yes
state: restarted
- when: mongodb_enabled
+ when: mongodb_enabled | bool
- name: Disable 'mongodb' service, if not mongodb_enabled
systemd:
diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml
index cea1637e1..0075bc245 100644
--- a/roles/monit/tasks/main.yml
+++ b/roles/monit/tasks/main.yml
@@ -22,7 +22,7 @@
group: root
mode: 0600
-- name: Install config file /etc/monit.d/watchdog from template
+- name: Install config file /etc/monit.d/watchdog from template (NEVER RUNS, WHY?)
template:
src: watchdog
dest: /etc/monit.d/watchdog
@@ -31,7 +31,7 @@
force: yes
mode: 0755
register: monit_config
- when: false
+ when: False # IS THIS A BUG ?
until: monit_config | success
retries: 5
delay: 1
diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml
index 352c48ad9..f86785f5a 100644
--- a/roles/moodle/tasks/main.yml
+++ b/roles/moodle/tasks/main.yml
@@ -18,7 +18,7 @@
# mbstring is now included in php-cli
- php{{ php_version }}-cli
state: present
- when: is_debuntu
+ when: is_debuntu | bool
- name: "Install package: php{{ php_version }}-zip (ubuntu or debian-9+)"
package:
@@ -28,7 +28,7 @@
- name: "Install package: php-pclzip (debian-8)"
package:
name: php-pclzip
- when: is_debian_8
+ when: is_debian_8 | bool
- name: Determine if Moodle is already downloaded
stat:
@@ -80,7 +80,7 @@
owner: root
group: root
mode: 0644
- when: moodle_enabled
+ when: moodle_enabled | bool
- name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu)
file:
@@ -131,7 +131,7 @@
name: postgresql-iiab
state: restarted
enabled: yes
- when: moodle_enabled
+ when: moodle_enabled | bool
- name: Restart Apache service ({{ apache_service }})
service:
diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml
index 4e6a05130..53ef14998 100644
--- a/roles/mosquitto/tasks/main.yml
+++ b/roles/mosquitto/tasks/main.yml
@@ -5,7 +5,7 @@
with_items:
- mosquitto
- mosquitto-clients
- when: mosquitto_install
+ when: mosquitto_install | bool
tags: download
- name: Disable & Stop 'mosquitto' service
@@ -13,18 +13,18 @@
name: mosquitto
enabled: no
state: stopped
- when: mosquitto_install
+ when: mosquitto_install | bool
- name: Create (touch) file /etc/mosquitto/passwd
file:
path: /etc/mosquitto/passwd
state: touch
mode: "u=rw,g=r,o=r" # 0644
- when: mosquitto_install
+ when: mosquitto_install | bool
- name: Populate /etc/mosquitto/passwd with actual username/password
shell: mosquitto_passwd -b /etc/mosquitto/passwd "{{ mosquitto_user }}" "{{ mosquitto_password }}"
- when: mosquitto_install
+ when: mosquitto_install | bool
- name: Install /etc/mosquitto/conf.d/websockets.conf from template
template:
@@ -34,7 +34,7 @@
owner: root
group: root
mode: 0755
- when: mosquitto_install
+ when: mosquitto_install | bool
- name: Enable & Start 'mosquitto' service
systemd:
@@ -42,4 +42,4 @@
name: mosquitto
enabled: yes
state: started
- when: mosquitto_enabled
+ when: mosquitto_enabled | bool
diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml
index 4bcbe360b..83c1afc7b 100644
--- a/roles/munin/tasks/main.yml
+++ b/roles/munin/tasks/main.yml
@@ -9,7 +9,7 @@
state: present
tags:
- download
- when: is_debuntu
+ when: is_debuntu | bool
- name: "Install 2 packages: munin, munin-node (OS's other than debuntu)"
package:
@@ -45,7 +45,7 @@
name: munin-node
enabled: yes
state: started
- when: munin_enabled
+ when: munin_enabled | bool
- name: Create symlink munin24.conf from sites-enabled to sites-available (debuntu)
file:
@@ -79,7 +79,7 @@
- /usr/share/munin/plugins/mysql_queries
- /usr/share/munin/plugins/mysql_slowqueries
- /usr/share/munin/plugins/mysql_threads
- when: mysql_enabled
+ when: mysql_enabled | bool
- name: Add 'munin' variable values to {{ iiab_ini_file }}
ini_file:
diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml
index 8331c32cb..51a76533c 100644
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@@ -14,7 +14,7 @@
#- php{{ php_version }}-xml
- php{{ php_version }}-xmlrpc
state: present
- when: is_debuntu
+ when: is_debuntu | bool
tags:
- download
@@ -28,7 +28,7 @@
package:
name: php-xml-parser
state: present
- when: is_debian_8
+ when: is_debian_8 | bool
- name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
package:
@@ -64,13 +64,13 @@
systemd:
name: "{{ mysql_service }}"
state: started
- when: mysql_enabled
+ when: mysql_enabled | bool
- name: Enable MySQL systemd service (upon subsequent boots) if mysql_enabled
systemd:
name: "{{ mysql_service }}"
enabled: yes
- when: mysql_enabled
+ when: mysql_enabled | bool
# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
@@ -81,7 +81,7 @@
host: localhost
password: "{{ mysql_root_password }}"
priv: "*.*:ALL,GRANT"
- when: mysql_enabled
+ when: mysql_enabled | bool
- name: Install .my.cnf file from template, with root password credentials, if mysql_enabled
template:
@@ -89,7 +89,7 @@
dest: /root/.my.cnf
owner: root
mode: 0600
- when: mysql_enabled
+ when: mysql_enabled | bool
- name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1) if mysql_enabled
mysql_user:
@@ -101,26 +101,26 @@
#- "{{ iiab_hostname }}.{{ iiab_domain }}"
- 127.0.0.1
- ::1
- when: mysql_enabled
+ when: mysql_enabled | bool
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}, if mysql_enabled
mysql_user:
user: ""
host: "{{ ansible_hostname }}"
state: absent
- when: mysql_enabled
+ when: mysql_enabled | bool
- name: Delete anonymous MySQL server user for localhost, if mysql_enabled
mysql_user:
user: ""
state: absent
- when: mysql_enabled
+ when: mysql_enabled | bool
- name: Remove the MySQL 'test' database, if mysql_enabled
mysql_db:
db: test
state: absent
- when: mysql_enabled
+ when: mysql_enabled | bool
# we had to start mysql in order to configure it, now turn if off if not enabled
- name: Config is done but now DISABLE MySQL service, if not mysql_enabled
diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml
index 414a9d1a9..b632e6491 100644
--- a/roles/network/tasks/avahi.yml
+++ b/roles/network/tasks/avahi.yml
@@ -3,7 +3,7 @@
name: avahi
createhome: no
shell: /bin/false
- when: is_debuntu
+ when: is_debuntu | bool
- name: Install avahi announce config file /etc/avahi/services/schoolserver.service
template:
@@ -12,13 +12,19 @@
owner: avahi
group: avahi
mode: 0640
- when: 'gui_wan == True'
+ #when: 'gui_wan == True'
+ when: ports_externally_visible|int >= 2
+ # Where "2" means "ssh + http-or-https (for Admin Console's box.lan/admin too)"
+ # SEE ~18 line explanation in box near:
+ # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L3-L20
+ # IF >= 2, Admin Console $gui_port from 0-init determines which port (http-or-https) is opened here:
+ # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L133-L138
- name: Find avahi_ver for clean copy of ssh.service (not debuntu)
shell: "ls /usr/share/doc/ | grep avahi | head -n1"
register: avahi_ver
ignore_errors: True
- changed_when: false
+ changed_when: False
# when: not is_debuntu # would cause failures 6 lines below
- name: Grab a clean copy of ssh.service (not debuntu)
@@ -31,7 +37,7 @@
copy:
src: /usr/share/doc/avahi-daemon/examples/ssh.service
dest: /etc/avahi/services/
- when: is_debuntu
+ when: is_debuntu | bool
- name: Set ssh port for avahi
lineinfile:
diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml
index 57b48ba06..51b65497d 100644
--- a/roles/network/tasks/computed_network.yml
+++ b/roles/network/tasks/computed_network.yml
@@ -60,7 +60,8 @@
- name: Checking iiab_wan_enabled
set_fact:
user_wan_iface: "none"
- when: 'not iiab_wan_enabled'
+ when: not iiab_wan_enabled
+ #when: 'not iiab_wan_enabled'
# gui wants LanController # keeps ifcfg-WAN but onboot=no
# the change over might be a little bumpy ATM.
@@ -141,7 +142,7 @@
set_fact:
iiab_lan_iface: "br0"
iiab_wireless_lan_iface: "wlan0"
- when: is_rpi
+ when: is_rpi | bool
- name: Enable hostapd if discovered_wireless_iface is not WAN
set_fact:
diff --git a/roles/network/tasks/dansguardian.yml b/roles/network/tasks/dansguardian.yml
index 4433716fc..7f76cfb5b 100644
--- a/roles/network/tasks/dansguardian.yml
+++ b/roles/network/tasks/dansguardian.yml
@@ -21,7 +21,7 @@
owner: dansguardian
group: dansguardian
mode: 0640
- when: is_debuntu
+ when: is_debuntu | bool
- name: Install /etc/dansguardian/dansguardian.conf from template (CentOS)
template:
diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml
index 1f9101e9c..0c18c323b 100644
--- a/roles/network/tasks/debian.yml
+++ b/roles/network/tasks/debian.yml
@@ -73,13 +73,13 @@
service:
name: dhcpd
state: stopped
- when: dhcpd_install
+ when: dhcpd_install | bool
- name: dhcpd_server may be affected - stopping dnsmasq
service:
name: dnsmasq
state: stopped
- when: dnsmasq_install
+ when: dnsmasq_install | bool
- name: Reload systemd
systemd:
diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml
index 11fb3bcfa..457947b84 100644
--- a/roles/network/tasks/detected_network.yml
+++ b/roles/network/tasks/detected_network.yml
@@ -17,7 +17,7 @@
- name: Red Hat network detection (redhat)
include_tasks: detected_redhat.yml
- when: is_redhat
+ when: is_redhat | bool
- name: Setting dhcpcd_test results
set_fact:
@@ -40,7 +40,7 @@
- name: Check /etc/network/interfaces for gateway
shell: grep {{ device_gw }} /etc/network/interfaces | wc -l
- when: is_debuntu
+ when: is_debuntu | bool
register: wan_file
- name: Setting wan_in_interfaces
diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml
index 2a7aee006..9d04cd820 100644
--- a/roles/network/tasks/dhcpd.yml
+++ b/roles/network/tasks/dhcpd.yml
@@ -2,7 +2,7 @@
package:
name: isc-dhcp-server
state: present
- when: is_debuntu
+ when: is_debuntu | bool
tags:
- download
@@ -18,21 +18,22 @@
user:
name: dhcpd
createhome: no
- when: is_debuntu
+ when: is_debuntu | bool
- name: Disable stock dhcp_service (debuntu)
service:
name: "{{ dhcp_service }}"
enabled: no
state: stopped
- when: is_debuntu
+ when: is_debuntu | bool
-- name: Disable stock dhcp_service ipv6 (ubuntu-18)
+- name: Disable stock dhcp_service ipv6 (ubuntu-18 and higher)
service:
name: "{{ dhcp_service }}6"
enabled: no
state: stopped
- when: is_ubuntu_18
+ when: is_ubuntu and not is_ubuntu_16
+ #when: is_ubuntu_18 | bool
- name: Install systemd unit file to /etc/systemd/system/dhcpd.service
template:
@@ -48,7 +49,7 @@
command: touch /var/lib/dhcpd/dhcpd.leases
args:
creates: /var/lib/dhcpd/dhcpd.leases
- when: is_redhat
+ when: is_redhat | bool
- name: Set dhcpd.leases permissions/ownership (redhat)
file:
@@ -57,4 +58,4 @@
group: dhcpd
mode: 0644
state: file
- when: is_redhat
+ when: is_redhat | bool
diff --git a/roles/network/tasks/down-debian.yml b/roles/network/tasks/down-debian.yml
index c5954a72a..fb5589d0f 100644
--- a/roles/network/tasks/down-debian.yml
+++ b/roles/network/tasks/down-debian.yml
@@ -16,10 +16,10 @@
service:
name: dhcpd
state: stopped
- when: dhcpd_install
+ when: dhcpd_install | bool
- name: dhcpd_server may be affected - stopping dnsmasq
service:
name: dnsmasq
state: stopped
- when: dnsmasq_install
+ when: dnsmasq_install | bool
diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml
index f44cce108..3447c2b6b 100644
--- a/roles/network/tasks/hostapd.yml
+++ b/roles/network/tasks/hostapd.yml
@@ -31,7 +31,7 @@
owner: root
group: root
mode: 0755
- when: is_rpi
+ when: is_rpi | bool
- name: Create /usr/bin/iiab-hotspot-off from template
template:
@@ -40,7 +40,7 @@
owner: root
group: root
mode: 0755
- when: is_rpi
+ when: is_rpi | bool
- name: Disable the Access Point 'hostapd' service
systemd:
diff --git a/roles/network/tasks/ifcfg_mods.yml b/roles/network/tasks/ifcfg_mods.yml
index 444f3241f..98073f580 100644
--- a/roles/network/tasks/ifcfg_mods.yml
+++ b/roles/network/tasks/ifcfg_mods.yml
@@ -36,13 +36,13 @@
service:
name: dhcpd
state: stopped
- when: dhcpd_install
+ when: dhcpd_install | bool
- name: dhcpd_server may be affected - stopping dnsmasq
service:
name: dnsmasq
state: stopped
- when: dnsmasq_install
+ when: dnsmasq_install | bool
- name: Stop the LAN/Bridge deleting iiab-LAN
shell: nmcli con delete id iiab-LAN
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
index 5f2fa02a5..a97cdab28 100644
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@@ -57,7 +57,7 @@
- name: Configure wondershaper
include_tasks: wondershaper.yml
- when: wondershaper_install
+ when: wondershaper_install | bool
tags:
- network
- wondershaper
@@ -99,7 +99,7 @@
#### Start network layout
- name: Redhat networking
include_tasks: ifcfg_mods.yml
- when: is_redhat
+ when: is_redhat | bool
#and not installing
tags:
- network
@@ -107,7 +107,7 @@
- name: Netplan in use on Ubuntu 18.04+
include_tasks: netplan.yml
when: is_ubuntu and not is_ubuntu_16
- #when: is_ubuntu_18
+ #when: is_ubuntu_18 | bool
#and not installing
tags:
- network
diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml
index d3b03382f..37343c9fa 100644
--- a/roles/network/tasks/named.yml
+++ b/roles/network/tasks/named.yml
@@ -4,7 +4,7 @@
- bind9
- bind9utils
state: present
- when: is_debuntu
+ when: is_debuntu | bool
tags:
- download
@@ -79,7 +79,7 @@
template:
src: roles/network/templates/named/dns-jail.conf
dest: "/etc/{{ apache_config_dir }}/"
- when: dns_jail_enabled
+ when: dns_jail_enabled | bool
- name: Create symlink dns-jail.conf from sites-enabled to sites-available (if debuntu and dns_jail_enabled)
file:
diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml
index b9fd2bd40..69959b77f 100644
--- a/roles/network/tasks/netplan.yml
+++ b/roles/network/tasks/netplan.yml
@@ -27,7 +27,7 @@
enabled: yes
with_items:
- systemd-networkd-wait-online
- when: systemd_networkd_active
+ when: systemd_networkd_active | bool
# ICO will always set gui_static_wan_ip away from the default of 'unset' while
# gui_static_wan turns dhcp on/off through wan_ip in computed_network and
diff --git a/roles/network/tasks/redetect.yml b/roles/network/tasks/redetect.yml
index 47cf687d3..dd01ada0d 100644
--- a/roles/network/tasks/redetect.yml
+++ b/roles/network/tasks/redetect.yml
@@ -57,7 +57,7 @@
shell: nmcli conn up id iiab-WAN
register: dhcp_WAN
ignore_errors: yes
- when: has_WAN
+ when: has_WAN | bool
- name: BAD ifcfg-WAN
debug:
@@ -117,7 +117,7 @@
register: ifcfg_dhcp_device
ignore_errors: True
changed_when: False
- when: dhcp_good
+ when: dhcp_good | bool
- name: Setting has ifcfg gw based on device if found
set_fact:
diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml
index fd9ee0d49..b1b052ca4 100644
--- a/roles/network/tasks/restart.yml
+++ b/roles/network/tasks/restart.yml
@@ -15,13 +15,13 @@
name: "{{ proxy }}"
state: stopped
async: 120
- when: squid_install
+ when: squid_install | bool
- name: Stop DansGuardian
systemd:
name: dansguardian
state: stopped
- when: dansguardian_install
+ when: dansguardian_install | bool
- name: Restart DansGuardian service (dansguardian) except Ubuntu which needs reboot to activate
systemd:
@@ -40,7 +40,7 @@
systemd:
name: wondershaper
state: restarted
- when: wondershaper_enabled
+ when: wondershaper_enabled | bool
- name: Restart Avahi service (avahi-daemon)
systemd:
diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml
index 6b71e882c..55cb28fcd 100644
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@@ -9,7 +9,7 @@
- name: "Bigger hammer for Ubuntu, run: /etc/init.d/squid stop"
command: /etc/init.d/squid stop
- when: is_ubuntu
+ when: is_ubuntu | bool
- name: Stop Squid
service:
@@ -79,7 +79,7 @@
state: directory
- include_tasks: roles/network/tasks/dansguardian.yml
- when: dansguardian_install
+ when: dansguardian_install | bool
# {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
- name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }}
diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml
index bfacace0d..7bc70071b 100644
--- a/roles/network/tasks/sysd-netd-debian.yml
+++ b/roles/network/tasks/sysd-netd-debian.yml
@@ -33,11 +33,12 @@
wan_cidr: "{{ CIDR.stdout }}"
when: wan_ip != "dhcp"
-- name: Supply static WAN template
+- name: Supply static WAN template (ubuntu-16)
template:
dest: /etc/systemd/network/IIAB-Static.network
src: network/systemd-static-net.j2
- when: wan_ip != "dhcp" and not is_ubuntu_18
+ when: wan_ip != "dhcp" and is_ubuntu_16
+ #when: wan_ip != "dhcp" and not is_ubuntu_18
- name: Stopping services
include_tasks: down-debian.yml
diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
index a4a417fe3..f8fbbaf67 100755
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@@ -1,5 +1,31 @@
#!/bin/bash -x
-source {{ iiab_env_file }}
+
+################################################################################
+# #
+# IF YOU NEED TO CHANGE ports_externally_visible DO THAT IN: #
+# #
+# /etc/iiab/local_vars.yml #
+# #
+# This firewall variable must be an integer {0...5} as follows: #
+# #
+# 0 = none #
+# 1 = ssh only #
+# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) #
+# 3 = ssh + http-or-https + common IIAB services <-- THIS IS THE DEFAULT #
+# 4 = ssh + http-or-https + common IIAB services + Samba #
+# 5 = all but databases #
+# #
+# Then enable it with iptables by running: cd /opt/iiab/iiab; ./iiab-network #
+# #
+################################################################################
+
+# To further customize your iptables firewall, it's generally best to edit:
+# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables
+# And then run: cd /opt/iiab/iiab; ./iiab-network
+
+# IIAB Networking Doc:
+# https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables
+
{% if is_debuntu %}
IPTABLES=/sbin/iptables
IPTABLES_DATA=/etc/iptables.up.rules
@@ -7,152 +33,184 @@ IPTABLES_DATA=/etc/iptables.up.rules
IPTABLES=/usr/sbin/iptables
IPTABLES_DATA=/etc/sysconfig/iptables
{% endif %}
-LANIF=$IIAB_LAN_DEVICE
-WANIF=$IIAB_WAN_DEVICE
-MODE=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'`
-clear_fw() {
-$IPTABLES -F
-$IPTABLES -t nat -F
-$IPTABLES -X
+source {{ iiab_env_file }}
+lan=$IIAB_LAN_DEVICE
+wan=$IIAB_WAN_DEVICE
+echo -e "\nLAN: $lan"
+echo -e "WAN: $wan\n"
+#network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'`
+#echo -e "Network Mode: $network_mode\n"
-# first match wins
-# Always accept loopback traffic
-$IPTABLES -A INPUT -i lo -j ACCEPT
-
-# Always drop rpc
-$IPTABLES -A INPUT -p tcp --dport 111 -j DROP
-$IPTABLES -A INPUT -p udp --dport 111 -j DROP
-# mysql
-$IPTABLES -A INPUT -p tcp --dport 3306 -j DROP
-$IPTABLES -A INPUT -p udp --dport 3306 -j DROP
-# postgres - not needed listens on lo only
-$IPTABLES -A INPUT -p tcp --dport 5432 -j DROP
-$IPTABLES -A INPUT -p udp --dport 5432 -j DROP
-# couchdb
-$IPTABLES -A INPUT -p tcp --dport 5984 -j DROP
-$IPTABLES -A INPUT -p udp --dport 5984 -j DROP
-}
-
-if [ "x$WANIF" == "xnone" ] || [ "$MODE" == "Appliance" ]; then
- clear_fw
- # save the rule set
- {% if is_debuntu %}
- netfilter-persistent save
- {% else %}
- iptables-save > $IPTABLES_DATA
- {% endif %}
- exit 0
-fi
-lan=$LANIF
-wan=$WANIF
-
-# Good thing we replace this file should be treated like squid below
+# "Good thing we replace this file; should be treated like Squid below" ?
+ports_externally_visible={{ ports_externally_visible }}
+#services_externally_visible={{ services_externally_visible }}
gw_block_https={{ gw_block_https }}
ssh_port={{ ssh_port }}
-gui_wan={{ gui_wan }}
+#gui_wan={{ gui_wan }}
gui_port={{ gui_port }}
iiab_gateway_enabled={{ iiab_gateway_enabled }}
-services_externally_visible={{ services_externally_visible }}
+block_DNS={{ block_DNS }}
+
calibre_port={{ calibre_port }}
calibreweb_port={{ calibreweb_port }}
-kiwix_port={{ kiwix_port }}
-kalite_server_port={{ kalite_server_port }}
-kolibri_http_port={{ kolibri_http_port }}
cups_port={{ cups_port }}
-transmission_http_port={{ transmission_http_port }}
-transmission_peer_port={{ transmission_peer_port }}
-sugarizer_port={{ sugarizer_port }}
internetarchive_port={{ internetarchive_port }}
-nodered_port={{ nodered_port }}
-mosquitto_port={{ mosquitto_port }}
+kalite_server_port={{ kalite_server_port }}
+kiwix_port={{ kiwix_port }}
+kolibri_http_port={{ kolibri_http_port }}
minetest_port={{ minetest_port }}
+mosquitto_port={{ mosquitto_port }}
+nodered_port={{ nodered_port }}
+pbx_enabled={{ pbx_enabled }}
pbx_signaling_ports_chan_sip={{ pbx_signaling_ports_chan_sip }}
pbx_signaling_ports_chan_pjsip={{ pbx_signaling_ports_chan_pjsip }}
pbx_data_ports={{ pbx_data_ports }}
-pbx_enabled={{ pbx_enabled }}
-block_DNS={{ block_DNS }}
+sugarizer_port={{ sugarizer_port }}
+transmission_http_port={{ transmission_http_port }}
+transmission_peer_port={{ transmission_peer_port }}
-echo "LAN is $lan and WAN is $wan"
-#
-# delete all existing rules.
-#
+samba_udp_ports={{ samba_udp_ports }}
+samba_tcp_mports={{ samba_tcp_mports }}
+echo -e "\nports_externally_visible: "$ports_externally_visible"\n"
+if ! [ "$ports_externally_visible" -eq "$ports_externally_visible" ] 2> /dev/null; then
+ echo "EXITING: an integer is required"
+ exit 1
+elif [ "$ports_externally_visible" -lt 0 ] || [ "$ports_externally_visible" -gt 5 ]; then
+ echo "EXITING: it must be in the range {0...5}"
+ exit 1
+fi
+
+#if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then
+# Load iptables kernel modules
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_nat
-clear_fw
+#fi
+
+# Delete all existing firewall rules
+$IPTABLES -F
+$IPTABLES -t nat -F
+$IPTABLES -X
+
+# FIRST MATCH WINS - establish iptable rules, starting at the top:
+# (verify the resulting rule set by running 'iptables -L -v')
+# New to iptables? Run/read 'man iptables' & 'man iptables-extensions'
+
+# Always accept loopback traffic
+$IPTABLES -A INPUT -i lo -j ACCEPT
+
+# Disable access to databases, on LAN-side and WAN-side
+# SunRPC
+$IPTABLES -A INPUT -p tcp --dport 111 -j DROP
+$IPTABLES -A INPUT -p udp --dport 111 -j DROP
+# MySQL
+$IPTABLES -A INPUT -p tcp --dport 3306 -j DROP
+$IPTABLES -A INPUT -p udp --dport 3306 -j DROP
+# PostgreSQL - not needed listens on lo only
+$IPTABLES -A INPUT -p tcp --dport 5432 -j DROP
+$IPTABLES -A INPUT -p udp --dport 5432 -j DROP
+# CouchDB
+$IPTABLES -A INPUT -p tcp --dport 5984 -j DROP
+$IPTABLES -A INPUT -p udp --dport 5984 -j DROP
# Allow established connections, and those not coming from the outside
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-$IPTABLES -A INPUT -m state --state NEW -i $lan -j ACCEPT
+$IPTABLES -A INPUT -m state --state NEW -i $lan -j ACCEPT
-# Allow mDNS
+# Allow mDNS from WAN-side too (ON PURPOSE? WHY OUT OF CURIOSITY?)
$IPTABLES -A INPUT -p udp --dport 5353 -j ACCEPT
-#when run as gateway
-$IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT
+#if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then
+if [ "$wan" != "none" ]; then
-if [ "$gui_wan" == "True" ]; then
- $IPTABLES -A INPUT -p tcp --dport $gui_port -m state --state NEW -i $wan -j ACCEPT
-fi
+ # 1 = ssh only
+ if [ "$ports_externally_visible" -ge 1 ]; then
+ $IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT
+ fi
-if [ "$services_externally_visible" == "True" ]; then
- $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $calibreweb_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $cups_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $internetarchive_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $nodered_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $mosquitto_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p udp --dport $minetest_port -m state --state NEW -i $wan -j ACCEPT
+ # 2 = ssh + http-or-https (for Admin Console's box.lan/admin too)
+ if [ "$ports_externally_visible" -ge 2 ]; then
+ # For now this is implemented using Admin Console variable "gui_port" from:
+ # https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/main.yml#L87-L95
+ $IPTABLES -A INPUT -p tcp --dport $gui_port -m state --state NEW -i $wan -j ACCEPT
+ fi
- if [ "$pbx_enabled" == "True" ]; then
- $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_sip -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT
- $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT
+ # 3 = ssh + http-or-https + common IIAB services
+ if [ "$ports_externally_visible" -ge 3 ]; then
+ $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $calibreweb_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $cups_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $internetarchive_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p udp --dport $minetest_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $mosquitto_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $nodered_port -m state --state NEW -i $wan -j ACCEPT
+
+ if [ "$pbx_enabled" == "True" ]; then
+ $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_sip -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT
+ fi
+
+ $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT
+ fi
+
+ # 4 = ssh + http-or-https + common IIAB services + Samba
+ if [ "$ports_externally_visible" -ge 4 ]; then
+ $IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT
+ $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT
+ fi
+
+ if [ "$lan" != "none" ]; then
+ # Typically False, to keep client machines (e.g. students) off the Internet
+ if [ "$iiab_gateway_enabled" == "True" ]; then
+ $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE
+ fi
+
+ # 3 or 4 IP forwarding rules
+ $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT
+ # Block https traffic except if directed at server
+ if [ "$gw_block_https" == "True" ]; then
+ $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP
+ fi
+ # Allow outgoing connections from the LAN side
+ $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
+ # Don't forward from the outside to the inside
+ $IPTABLES -A FORWARD -i $wan -o $lan -j DROP
+ # Enable routing (kernel IP forwarding)
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+ fi
+
+ # 5 = "all but databases"
+ if [ "$ports_externally_visible" -lt 5 ]; then
+ # Drop everything else arriving via WAN
+ $IPTABLES -A INPUT -i $wan -j DROP
fi
fi
-if [ "$iiab_gateway_enabled" == "True" ]; then
- $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE
-fi
-
-$IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-#Block https traffic except if directed at server
-if [ "$gw_block_https" == "True" ]; then
- $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP
-fi
-
-# Allow outgoing connections from the LAN side.
-$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
-
-# Don't forward from the outside to the inside.
-$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
-$IPTABLES -A INPUT -i $wan -j DROP
-
+# TCP & UDP block of DNS port 53 if truly nec
if [ "$block_DNS" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
fi
+# If Squid enabled, as indicated by "HTTPCACHE_ON=True" in /etc/iiab/iiab.env
if [ "$HTTPCACHE_ON" == "True" ]; then
- $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
+ $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
fi
-# Enable routing.
-echo 1 > /proc/sys/net/ipv4/ip_forward
-# save the whole rule set now
+# Save the whole rule set
{% if is_debuntu %}
netfilter-persistent save
{% else %}
iptables-save > $IPTABLES_DATA
{% endif %}
+
exit 0
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
index c3b2ed683..38392bbb5 100644
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@@ -11,7 +11,11 @@ nextcloud_url: /nextcloud
nextcloud_prefix: /opt
nextcloud_data_dir: "{{ content_base }}/nextcloud/data"
nextcloud_dl_url: https://download.nextcloud.com/server/releases
-nextcloud_orig_src_file: latest-15.tar.bz2 # 2019-04-25: nextcloud-16.0.0.tar.bz2 requires PHP 7.1+ and so fails on current Raspbian and Debian 9 "Stretch". 2019-09-27 aside: latest-16.tar.bz2 oddly still not yet published at https://download.nextcloud.com/server/releases/
+
+# 2019-05-11: latest-16.tar.bz2 finally published to https://download.nextcloud.com/server/releases/ (nextcloud/server#15502) e.g. for Ubuntu 18.04 & Debian 10
+nextcloud_orig_src_file_old: latest-15.tar.bz2 # 2019-05-16: for legacy OS's Debian 9 & Raspbian 9 where PHP 7.1+ isn't available
+nextcloud_src_file_old: nextcloud_{{ nextcloud_orig_src_file_old }}
+nextcloud_orig_src_file: latest-16.tar.bz2 # 2019-05-16: for all other OS's e.g. Debian 10 & Ubuntu 18.04 where PHP 7.1+ is hopefully available!
nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }}
# we install on mysql with these setting or those from default_vars, etc.
diff --git a/roles/nextcloud/tasks/F18.yml b/roles/nextcloud/tasks/F18.yml
index 5e76d45c4..3b1dbe51d 100644
--- a/roles/nextcloud/tasks/F18.yml
+++ b/roles/nextcloud/tasks/F18.yml
@@ -9,7 +9,7 @@
url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}"
dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
timeout: "{{ download_timeout }}"
- when: internet_available
+ when: internet_available | bool
- name: Copy it to permanent location /opt
unarchive:
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index b7eb5f2f7..2487b1e91 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -14,18 +14,31 @@
# - debug:
# msg: "nextcloud_force_install: {{ nextcloud_force_install }}"
-- name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }} to {{ downloads_dir }}/{{ nextcloud_src_file }}
+- name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file_old }} to {{ downloads_dir }}/{{ nextcloud_src_file_old }} on older OS's lacking PHP 7.1+
+ get_url:
+ url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file_old }}"
+ dest: "{{ downloads_dir }}/{{ nextcloud_src_file_old }}"
+ timeout: "{{ download_timeout }}"
+ force: yes
+ #validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
+ #async: 1800
+ #poll: 10
+ tags:
+ - download
+ when: internet_available and nextcloud_force_install and (is_debian_9 or is_raspbian_9)
+
+- name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }} to {{ downloads_dir }}/{{ nextcloud_src_file }} on newer OS's that have PHP 7.1+
get_url:
url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}"
dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
timeout: "{{ download_timeout }}"
force: yes
#validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
- when: internet_available and nextcloud_force_install
#async: 1800
#poll: 10
tags:
- download
+ when: internet_available and nextcloud_force_install and not (is_debian_9 or is_raspbian_9)
# Ubuntu and Debian treat names differently
- name: Install 3 php packages (debian)
@@ -35,7 +48,7 @@
- "php{{ php_version }}-mbstring"
- "php{{ php_version }}-zip"
state: present
- when: is_debian
+ when: is_debian | bool
# Ubuntu and Debian treat names differently
- name: Install 4 php packages (ubuntu)
@@ -46,7 +59,7 @@
- php-zip
- php-mbstring
state: present
- when: is_ubuntu
+ when: is_ubuntu | bool
- name: Install 5 more php packages (debuntu)
package:
@@ -57,7 +70,7 @@
- "php{{ php_version }}-curl"
- "php{{ php_version }}-intl"
state: present
- when: is_debuntu
+ when: is_debuntu | bool
- name: 'Install php{{ php_version }}-mcrypt IF this is a "pre-2018" distro in the debuntu family. NOTE: PHP 7.1 deprecated mcrypt 1-Dec-2016 and PHP 7.2 dropped it completely 30-Nov-2017, as it should no longer be nec.'
package:
@@ -83,20 +96,27 @@
# CentOS does not have a package for php-imagick
#- php-imagick
state: present
- when: is_redhat
+ when: is_redhat | bool
-- name: Unarchive {{ nextcloud_src_file }} to permanent location {{ nextcloud_prefix }}/nextcloud # e.g. unpack nextcloud_latest-14.tar.bz2 to /opt/nextcloud
+- name: Unarchive {{ nextcloud_src_file_old }} to permanent location {{ nextcloud_prefix }}/nextcloud on older OS's lacking PHP 7.1+ # e.g. unpack nextcloud_latest-15.tar.bz2 to /opt/nextcloud
+ unarchive:
+ src: "{{ downloads_dir }}/{{ nextcloud_src_file_old }}"
+ dest: "{{ nextcloud_prefix }}"
+ #creates: "{{ nextcloud_prefix }}/nextcloud/version.php"
+ when: nextcloud_force_install and (is_debian_9 or is_raspbian_9)
+
+- name: Unarchive {{ nextcloud_src_file }} to permanent location {{ nextcloud_prefix }}/nextcloud on newer OS's that have PHP 7.1+ # e.g. unpack nextcloud_latest-16.tar.bz2 to /opt/nextcloud
unarchive:
src: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
dest: "{{ nextcloud_prefix }}"
#creates: "{{ nextcloud_prefix }}/nextcloud/version.php"
- when: nextcloud_force_install
+ when: nextcloud_force_install and not (is_debian_9 or is_raspbian_9)
- name: Create dir /etc/nextcloud (centos) for a subsequent config dir that's symlinked to /etc/nextcloud ?
file:
path: /etc/nextcloud
state: directory
- when: is_centos
+ when: is_centos | bool
- name: Install {{ nextcloud_prefix }}/nextcloud/config/autoconfig.php from template (centos)
template:
@@ -105,7 +125,7 @@
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: 0640
- when: is_centos
+ when: is_centos | bool
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ nextcloud_prefix }}/nextcloud
file:
@@ -146,7 +166,7 @@
# service:
# name: "{{ apache_service }}"
# state: restarted
-## when: nextcloud_enabled # taken care of by nextcloud_enabled.yml below
+## when: nextcloud_enabled | bool # taken care of by nextcloud_enabled.yml below
# when: not nextcloud_enabled
# Enables or disable Nextcloud!
diff --git a/roles/nextcloud/tasks/nextcloud_enabled.yml b/roles/nextcloud/tasks/nextcloud_enabled.yml
index daf63e576..ab8df116b 100644
--- a/roles/nextcloud/tasks/nextcloud_enabled.yml
+++ b/roles/nextcloud/tasks/nextcloud_enabled.yml
@@ -11,7 +11,7 @@
owner: root
group: root
mode: 0644
- when: nextcloud_enabled
+ when: nextcloud_enabled | bool
- name: Create symlink nextcloud.conf from sites-enabled to sites-available for http://box/nextcloud (debuntu)
file:
diff --git a/roles/nodered/meta/main.yml b/roles/nodered/meta/main.yml
index 7848a81de..718e787e8 100644
--- a/roles/nodered/meta/main.yml
+++ b/roles/nodered/meta/main.yml
@@ -1,3 +1,2 @@
dependencies:
- - { role: nodejs, tags: ['nodejs'], when: nodered_install }
-
+ - { role: nodejs, tags: ['nodejs'], when: nodered_install | bool }
diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml
index 8b37c6b41..a95c64efa 100644
--- a/roles/nodered/tasks/main.yml
+++ b/roles/nodered/tasks/main.yml
@@ -14,7 +14,7 @@
package:
name: nodered
state: absent
- when: nodered_install
+ when: nodered_install | bool
# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED
# environment, inspired by:
@@ -159,7 +159,7 @@
owner: root
group: root
mode: 0666
- when: nodered_install
+ when: nodered_install | bool
- name: Install Apache's sites-available/nodered.conf from template
template:
@@ -169,7 +169,7 @@
owner: root
group: root
mode: 0666
- when: nodered_install
+ when: nodered_install | bool
- name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled)
file:
@@ -178,7 +178,7 @@
owner: root
group: root
state: link
- when: nodered_enabled
+ when: nodered_enabled | bool
- name: Remove symlink /etc/apache2/sites-enabled/nodered.conf (if not nodered_enabled)
file:
@@ -190,14 +190,14 @@
apache2_module:
state: present
name: proxy_wstunnel
- when: nodered_install
+ when: nodered_install | bool
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered)
systemd:
#daemon_reload: yes
name: "{{ apache_service }}" # httpd or apache2
state: restarted
- when: nodered_install
+ when: nodered_install | bool
- name: Enable & (Re)start 'nodered' systemd service (if nodered_enabled)
systemd:
@@ -205,7 +205,7 @@
name: nodered
enabled: yes
state: restarted
- when: nodered_enabled
+ when: nodered_enabled | bool
- name: Disable & Stop 'nodered' systemd service (if not nodered_enabled)
systemd:
diff --git a/roles/nodogsplash/tasks/main.yml b/roles/nodogsplash/tasks/main.yml
index 909fca4b1..59d10fa26 100644
--- a/roles/nodogsplash/tasks/main.yml
+++ b/roles/nodogsplash/tasks/main.yml
@@ -1,3 +1,3 @@
- name: Install nodogsplash (Raspbian only)
include_tasks: rpi.yml
- when: is_rpi
+ when: is_rpi | bool
diff --git a/roles/nodogsplash/tasks/rpi.yml b/roles/nodogsplash/tasks/rpi.yml
index 56d180f0f..617208d46 100644
--- a/roles/nodogsplash/tasks/rpi.yml
+++ b/roles/nodogsplash/tasks/rpi.yml
@@ -8,7 +8,7 @@
url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}"
dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}"
timeout: "{{ download_timeout }}"
- when: internet_available
+ when: internet_available | bool
#async: 300
#poll: 5
@@ -43,7 +43,7 @@
name: nodogsplash
enabled: yes
state: started
- when: nodogsplash_enabled
+ when: nodogsplash_enabled | bool
- name: Disable 'nodogsplash' systemd service, if not nodogsplash_enabled
systemd:
diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml
index e29db28d8..adc23ec2b 100644
--- a/roles/openvpn/defaults/main.yml
+++ b/roles/openvpn/defaults/main.yml
@@ -1,12 +1,15 @@
-openvpn_install: True
-openvpn_enable: False
+# openvpn_install: True
+# openvpn_enabled: False
# For /etc/iiab/openvpn_handle
-openvpn_handle: ""
+# openvpn_handle: ""
# cron seems necessary on CentOS:
-openvpn_cron_enabled: False
+# openvpn_cron_enabled: False
-openvpn_server: xscenet.net
-openvpn_server_virtual_ip: 10.8.0.1
-openvpn_server_port: 1194
+# openvpn_server: xscenet.net
+# openvpn_server_virtual_ip: 10.8.0.1
+# openvpn_server_port: 1194
+
+# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
+# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
index 6d6b51e6e..57ee97b5d 100644
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@@ -13,7 +13,7 @@
regexp: "{{ item.regexp }}"
path: /root/.ssh/authorized_keys
#backup: yes
- when: openvpn_install
+ when: openvpn_install | bool
with_items:
- regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody
pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s="
@@ -72,9 +72,10 @@
- { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' }
- { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' }
- { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' }
+ - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' }
+ - { src: 'iiab-support', dest: '/usr/bin/iiab-support', mode: '0755' }
- { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' }
- { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' }
- - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' }
# Comment out in future? Not recommended as of August 2018:
- { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' }
# Obsolete & unused for ~2 years as of August 2018:
@@ -86,6 +87,18 @@
# Obsolete & unused for ~2 years as of August 2018:
#- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' }
+- name: Create iiab-support-on (symlink to iiab-support for now)
+ file:
+ src: /usr/bin/iiab-support
+ path: /usr/bin/iiab-support-on
+ state: link
+
+- name: Create iiab-support-off (symlink to iiab-remote-off for now)
+ file:
+ src: /usr/bin/iiab-remote-off
+ path: /usr/bin/iiab-support-off
+ state: link
+
- name: Create iiab-vpn-on (symlink to iiab-remote-on for now)
file:
src: /usr/bin/iiab-remote-on
@@ -104,17 +117,16 @@
# template:
# src: up_wan
# dest: /usr/lib/iiab/up_wan
-# when: is_debuntu
+# when: is_debuntu | bool
-# Comment out in future? Contained serious bug (15-openvpn called
-# up-wan instead of up_wan in /usr/lib/iiab/ as of August 2018) so
-# evidently unused for ~2 years:
-- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet)
- template:
- src: 15-openvpn
- dest: /etc/NetworkManager/dispatcher.d/
- #when: not is_debuntu # CONDITION APPEARS TOO BROAD
- when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?)
+# Contained serious bug (15-openvpn called up-wan instead of up_wan in
+# /usr/lib/iiab/ as of August 2018) so evidently unused for ~2 years:
+#- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet)
+# template:
+# src: 15-openvpn
+# dest: /etc/NetworkManager/dispatcher.d/
+# #when: not is_debuntu # CONDITION APPEARS TOO BROAD
+# when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?)
# Was obsolete/unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf)
#- name: Check for manually configured OpenVPN tunnel
@@ -166,7 +178,7 @@
daemon_reload: yes
enabled: yes
state: restarted # 2018-09-02: Should we be concerned that "systemctl status openvpn" often shows "active (exited)" ? If so we might consider "state: started" or "state: reloaded" instead?
- when: openvpn_enabled
+ when: openvpn_enabled | bool
- name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?)
lineinfile:
diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2
index 7eb842b45..157d653e5 100755
--- a/roles/openvpn/templates/iiab-handle.j2
+++ b/roles/openvpn/templates/iiab-handle.j2
@@ -1,20 +1,35 @@
#!/bin/bash
-# DEPRECATED interactive script (over)writes /etc/iiab/openvpn_handle file, identifying client to server
-echo -e '\nCORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml'
-echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n'
+echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n"
-echo -e "Or, for a temporary solution until the next time Ansible is run,"
-read -p "what OpenVPN handle do you want to use? " ans
+echo -e 'This older script TEMPORARILY (over)writes /etc/iiab/openvpn_handle to'
+echo -e 'identify IIAB to the upstream OpenVPN server, until Ansible next runs.\n'
+
+#echo -e 'CORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml'
+#echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n'
+
+echo -e 'PLEASE NOW TYPE CTRL-C TO QUIT. Or, if you really want it temporary until the'
+read -p 'next time Ansible is run, what OpenVPN handle do you want? ' ans
echo
-if [ "$ans" == "" ]; then
- if [ -f /etc/iiab/openvpn_handle ]; then
- rm -f /etc/iiab/openvpn_handle
- fi
-else
+if [ "$ans" != "" ]; then
echo $ans > /etc/iiab/openvpn_handle
+ echo -e "\nYour machine's openvpn_handle is TEMPORARILY now set... \n"
+else
+ echo -e "\nWARNING: your machine's openvpn_handle remains unchanged...\n"
fi
+
+echo -e "Restarting OpenVPN daemon...\n"
+
+# 2019-05-09: removing /etc/iiab/openvpn_handle (or setting it to "") are both very bad practices
+#if [ "$ans" == "" ]; then
+# if [ -f /etc/iiab/openvpn_handle ]; then
+# rm -f /etc/iiab/openvpn_handle
+# fi
+#else
+# echo $ans > /etc/iiab/openvpn_handle
+#fi
+
{{ systemctl_program }} restart openvpn@xscenet
# This would also work: (but would bounce all VPN connections, if others exist, causing unnec disruption if so)
#{{ systemctl_program }} restart openvpn
diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/openvpn/templates/iiab-remote-on.j2
index 8771cb94f..d9702ef8e 100644
--- a/roles/openvpn/templates/iiab-remote-on.j2
+++ b/roles/openvpn/templates/iiab-remote-on.j2
@@ -3,11 +3,14 @@
# /usr/bin/iiab-remote-on should turn on multiple remote support services like
# OpenVPN and others, for remote support, so they work even after reboot.
-echo -e '\nWARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n'
+echo -e "\n\n\e[44m CONSIDER RUNNING 'iiab-support' INSTEAD \e[0m\n\n"
+
+echo -e 'WARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n'
echo -e '1) Set these variables in /etc/local/local_vars.yml'
echo -e ' openvpn_install: True'
-echo -e ' openvpn_enabled: True\n'
+echo -e ' openvpn_enabled: True'
+echo -e ' openvpn_handle: \n'
echo -e '2) Run:'
echo -e ' cd /opt/iiab/iiab'
diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support
new file mode 100644
index 000000000..fe294bb38
--- /dev/null
+++ b/roles/openvpn/templates/iiab-support
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+# openvpn_handle is stored in 2 files on disk, one slightly stripped down (from
+# the other) due to Ansible. So we emulate Ansible's behavior, when reading from
+# (and later writing to) disk, removing outer cruft as explained on Lines 27-29:
+handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
+echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1"
+if [ -f /etc/iiab/openvpn_handle ]; then
+ handle2=$(cat /etc/iiab/openvpn_handle)
+ echo -e "/etc/iiab/openvpn_handle for openvpn daemon: $handle2\n"
+else
+ echo -e "/etc/iiab/openvpn_handle for openvpn daemon: [FILE DOESN'T YET EXIST]\n"
+fi
+
+echo -e "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n"
+
+echo -e " cape-town-school-36-rpi-2019-05-31\n"
+
+echo -en "Or hit [Enter] to keep the existing name:\e[0m "
+read ans < /dev/tty
+
+#if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then
+# -v (below) checks if var's defined: equivalent to file existence test above
+if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then
+ if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then
+ sed -i "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml
+ else
+ echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml
+ fi
+
+ # BEHAVIOR JUST LIKE ANSIBLE'S: create /etc/iiab/openvpn_handle from the
+ # "^openvpn_handle:" line in /etc/iiab/local_vars.yml by (1) removing outer
+ # spacing IF NEC, then (2) removing 1 pair of matching outer quotes IF NEC:
+ ans=$(echo $ans | sed -e "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
+ echo $ans > /etc/iiab/openvpn_handle
+ echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n"
+elif [ "$handle1" != "$handle2" ]; then # Sloppily, but conveniently here,
+ # bash treats "$handle2" as "" when var undefined, catching all conflicts!
+ echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m"
+ echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n"
+ exit 1
+else
+ echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n"
+fi
+
+if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then
+ echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
+else
+ echo -e "Please wait a few minutes as IIAB Stage 1 (1-prep) & OpenVPN are installed...\n"
+ if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then
+ sed -i "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml
+ else
+ echo "openvpn_install: True" >> /etc/iiab/local_vars.yml
+ fi
+ cd /opt/iiab/iiab
+ ./runrole 1-prep
+ echo
+fi
+
+echo -e "Now let's (re)enable OpenVPN...\n"
+if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then
+ sed -i "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml
+else
+ echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml
+fi
+systemctl enable openvpn
+
+echo -e "\nNow let's restart OpenVPN..."
+#systemctl start openvpn
+systemctl restart openvpn
+
+echo -en "\n "
+for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
+echo -en " OpenVPN TIPS "
+for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
+
+echo -e "\n\n 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'"
+echo -e " 2. Check your OpenVPN connection: run 'ping 10.8.0.1'"
+echo -e " 3. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x"
+echo -e " 4. If necessary, run 'systemctl restart openvpn' which should"
+echo -e " run 'systemctl restart openvpn@xscenet' for you."
+echo -e " 5. Sometimes waiting a minute helps -- retry steps 2 and 3 to monitor."
+echo -e " 6. If in future you want to disable OpenVPN connections to-and-from your"
+echo -e " Internet-in-a-Box (IIAB) please run 'iiab-support-off' at that time."
+echo -e " 7. Read 'How can I remotely manage my Internet-in-a-Box?' at"
+echo -e " http://FAQ.IIAB.IO to learn about DIY remote support alternatives"
+echo -e " like ngrok, serveo, remot3.it and TeamViewer.\n"
+
+echo -en " "
+for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
+echo -en " OpenVPN TIPS "
+for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
+
+echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs that (or more!)"
+sleep 15
+
+echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m"
+cat /etc/iiab/openvpn_handle
+echo -en "\e[0m"
+
+vpnip=$(ip a | grep tun0$ | awk '{print $2}')
+if [ "$vpnip" != "" ]; then
+ echo -e "\nYour OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n"
+else
+ echo -e "\n \e[41m ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS \e[0m\n"
+fi
diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml
new file mode 100644
index 000000000..71404b928
--- /dev/null
+++ b/roles/osm-vector-maps/defaults/main.yml
@@ -0,0 +1,8 @@
+# osm_vector_maps_install: True
+# osm_vector_maps_enabled: True
+
+# iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden
+# vector_map_path: "{{ content_base }}/www/osm-vector-maps"
+
+# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
+# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
diff --git a/roles/osm-vector/files/countries.json b/roles/osm-vector-maps/files/countries.json
similarity index 100%
rename from roles/osm-vector/files/countries.json
rename to roles/osm-vector-maps/files/countries.json
diff --git a/roles/osm-vector/files/en-map_test.json b/roles/osm-vector-maps/files/en-map_test.json
similarity index 100%
rename from roles/osm-vector/files/en-map_test.json
rename to roles/osm-vector-maps/files/en-map_test.json
diff --git a/roles/osm-vector/files/osm_functions.js b/roles/osm-vector-maps/files/map_functions.js
similarity index 79%
rename from roles/osm-vector/files/osm_functions.js
rename to roles/osm-vector-maps/files/map_functions.js
index 819b76ee1..1de34793d 100644
--- a/roles/osm-vector/files/osm_functions.js
+++ b/roles/osm-vector-maps/files/map_functions.js
@@ -1,16 +1,16 @@
-// osm_functions.js -- (non authoritative see below) src = iiab/roles/files/
+// map_functions.js -- (non authoritative see below) src = iiab/roles/files/
// copyright 2019 George Hunt
-// CAUTION -- this file is duplicate to admin-console/console/files/js/osm_fuctions.js -- please think of admin-console as authoritative
+// CAUTION -- this file is duplicate to admin-console/console/files/js/map_functions.js -- please think of admin-console as authoritative
// Placed here in duplicate to ease debugging, and simplify dependences
var regionGeojson = {};
var regionList = [];
var regionInstalled = [];
var commonAssetsDir = '/common/assets/';
-var mapAssetsDir = '/osm-vector/maplist/assets/';
+var mapAssetsDir = '/osm-vector-maps/maplist/assets/';
var iiab_config_dir = '/etc/iiab/';
var onChangeFunc = "setSize";
-var osmCatalog = {};
+var mapCatalog = {};
// following 2 lines an experiment to see if test page and console can be common
//var jquery = require("./assets/jquery.min");
@@ -19,7 +19,7 @@ var osmCatalog = {};
function getOsmStat(){
// called during the init
console.log('in getOsmStat');
- readOsmCatalog( true ); // we want checkboxes
+ readMapCatalog( true ); // we want checkboxes
readOsmIdx();
}
@@ -27,25 +27,25 @@ function readOsmIdx(){
//consoleLog ("in readOsmIdx");
var resp = $.ajax({
type: 'GET',
- url: consoleJsonDir + 'osm-vector-idx.json',
+ url: consoleJsonDir + 'osm-vector-maps-idx.json',
dataType: 'json'
})
.done(function( data ) {
- osmInstalled = data['regions'];
+ mapInstalled = data['regions'];
regionInstalled = [];
for (region in data['regions']) {
if (data['regions'].hasOwnProperty(region)) {
regionInstalled.push(region);
}
}
- //consoleLog(osmInstalled + '');
+ //consoleLog(mapInstalled + '');
})
.fail(jsonErrhandler);
return resp;
}
-function readOsmCatalog(checkbox){
+function readMapCatalog(checkbox){
checkbox = checkbox || true;
console.log ("in readOsmCalalog");
regionList = [];
@@ -56,11 +56,11 @@ function readOsmCatalog(checkbox){
})
.done(function( data ) {
regionJson = data;
- osmCatalog = regionJson['regions'];
- for(var key in osmCatalog){
- //console.log(key + ' ' + osmCatalog[key]['title']);
- osmCatalog[key]['name'] = key;
- regionList.push(osmCatalog[key]);
+ mapCatalog = regionJson['regions'];
+ for(var key in mapCatalog){
+ //console.log(key + ' ' + mapCatalog[key]['title']);
+ mapCatalog[key]['name'] = key;
+ regionList.push(mapCatalog[key]);
}
})
.fail(jsonErrhandler);
@@ -120,13 +120,13 @@ function genRegionItem(region,checkbox) {
function instOsmItem(name) {
var command = "INST-OSM-VECT-SET";
var cmd_args = {};
- cmd_args['osm_vect_id'] = name;
+ cmd_args['map_vect_id'] = name;
cmd = command + " " + JSON.stringify(cmd_args);
sendCmdSrvCmd(cmd, genericCmdHandler);
- osmDownloading.push(name);
- if ( osmWip.indexOf(name) != -1 )
- osmWip.push(osmCatalog[name]);
- console.log('osmWip: ' + osmWip);
+ mapDownloading.push(name);
+ if ( mapWip.indexOf(name) != -1 )
+ mapWip.push(mapCatalog[name]);
+ console.log('mapWip: ' + mapWip);
return true;
}
@@ -161,19 +161,19 @@ function updateOsmSpace(cb){
}
function updateOsmSpaceUtil(region, checked){
- var size = parseInt(osmCatalog[region].size);
+ var size = parseInt(mapCatalog[region].size);
var modIdx = selectedOsmItems.indexOf(region);
if (checked){
if (regionInstalled.indexOf(region) == -1){ // only update if not already installed mods
- sysStorage.osm_selected_size += size;
+ sysStorage.map_selected_size += size;
selectedOsmItems.push(region);
}
}
else {
if (modIdx != -1){
- sysStorage.osm_selected_size -= size;
+ sysStorage.map_selected_size -= size;
selectedOsmItems.splice(modIdx, 1);
}
}
@@ -188,29 +188,29 @@ function totalSpace(){
$( ".extract" ).each(function(ind,elem){
var data = JSON.parse($(this).attr('data-region'));
var region = data.name;
- var size = parseInt(osmCatalog[region]['size']);
+ var size = parseInt(mapCatalog[region]['size']);
var chk = $( this ).find(':checkbox').prop("checked") == true;
if (chk && typeof size !== 'undefined')
sum += size;
});
var ksize = sum / 1000;
- $( "#osmDiskSpace" ).html(readableSize(ksize));
+ $( "#mapDiskSpace" ).html(readableSize(ksize));
}
$( '#instOsmRegion').on('click', function(evnt){
- readOsmCatalog();
- osm.render();
+ readMapCatalog();
+ map.render();
});
*/
function renderOsm(){
console.log('in renderOsm');
- window.map.setTarget($("#osm-container")[0]);
+ window.map.setTarget($("#map-container")[0]);
window.map.render();
renderRegionList(true);
}
function initOsm(){
var dummy = 0;
- sysStorage.osm_selected_size = 0;
- $.when(readOsmCatalog(true)).then(renderRegionList);
+ sysStorage.map_selected_size = 0;
+ $.when(readMapCatalog(true)).then(renderRegionList);
}
diff --git a/roles/osm-vector-maps/files/test-index.redirect b/roles/osm-vector-maps/files/test-index.redirect
new file mode 100644
index 000000000..9ad3694cc
--- /dev/null
+++ b/roles/osm-vector-maps/files/test-index.redirect
@@ -0,0 +1,4 @@
+
+
+
+
diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml
new file mode 100644
index 000000000..a16962f8b
--- /dev/null
+++ b/roles/osm-vector-maps/tasks/main.yml
@@ -0,0 +1,85 @@
+- name: Make sure the osm-vector-maps directory exists
+ file:
+ path: '{{ vector_map_path }}/maplist/assets'
+ state: directory
+ owner: '{{ apache_user }}'
+ group: '{{ apache_user }}'
+ mode: '0755'
+
+- name: Fetch the catalog for osm maps
+ get_url:
+ url: "{{ iiab_map_url }}/assets/regions.json"
+ dest: '{{ vector_map_path }}/maplist/assets/'
+
+- name: Create a link to osm catalog in /common/assets
+ file:
+ src: "{{ vector_map_path }}/maplist/assets/regions.json"
+ dest: "{{ doc_root }}/common/assets/regions.json"
+ state: link
+
+- name: Fetch the javascript bundle with openlayers for test page
+ get_url:
+ url: "{{ iiab_map_url }}/../main.js"
+ dest: '{{ vector_map_path }}/maplist/'
+
+- name: Fetch the index.html for test page
+ template:
+ src: "index.html"
+ dest: '{{ vector_map_path }}/maplist/index.html'
+
+# Bboxes (bounding boxes) are currently square. But geofabrik has non-rectangular bboxes.
+# So bring the bounding box definition from cloud (bboxes.geojson is big)
+- name: Fetch the bounding box description for osm maps
+ get_url:
+ url: "{{ iiab_map_url }}/assets/bboxes.geojson"
+ dest: '{{ vector_map_path }}/maplist/assets/'
+
+- name: Install python-geojson package, that helps with geojson
+ package:
+ name: python-geojson
+ state: present
+
+- name: Install the script to update osm catalog
+ template:
+ src: iiab-update-map
+ dest: /usr/bin/iiab-update-map
+ mode: "0755"
+
+# This depends on iiab-admin-console which is not yet installed
+#- name: Run the script that does osm-vector-maps housekeeping
+# shell: /usr/bin/iiab-update-map
+
+- name: Copy the Countries geojson to assets
+ copy:
+ src: countries.json
+ dest: '{{ vector_map_path }}/maplist/assets'
+
+# It is too complicated to use a single file for both iiab and admin-console
+- name: Copy the duplicated javascript to assets
+ copy:
+ src: map_functions.js
+ dest: '{{ vector_map_path }}/maplist/assets'
+
+- name: Install /etc/{{ apache_config_dir }}/osm-vector-maps.conf from template
+ template:
+ src: osm-vector-maps.conf
+ dest: "/etc/{{ apache_config_dir }}/osm-vector-maps.conf"
+
+- name: Create symlink osm-vector-maps.conf from sites-enabled to sites-available (debuntu, not nec for redhat)
+ file:
+ src: /etc/apache2/sites-available/osm-vector-maps.conf
+ path: /etc/apache2/sites-enabled/osm-vector-maps.conf
+ state: link
+ when: osm_vector_maps_enabled and is_debuntu
+
+- name: Remove symlink /etc/apache2/sites-enabled/osm-vector-maps.conf (debuntu)
+ file:
+ path: /etc/apache2/sites-enabled/osm-vector-maps.conf
+ state: absent
+ when: not osm_vector_maps_enabled and is_debuntu
+
+- name: Copy the redirect to the test page -- delete this if more than one map
+ copy:
+ src: test-index.redirect
+ dest: "{{ vector_map_path }}/index.html"
+
diff --git a/roles/osm-vector/templates/iiab-update-osm b/roles/osm-vector-maps/templates/iiab-update-map
similarity index 76%
rename from roles/osm-vector/templates/iiab-update-osm
rename to roles/osm-vector-maps/templates/iiab-update-map
index 8d8758e21..0e312d705 100755
--- a/roles/osm-vector/templates/iiab-update-osm
+++ b/roles/osm-vector-maps/templates/iiab-update-map
@@ -1,5 +1,5 @@
#!/usr/bin/env python
-# Scan the osm-vector directory, update the osm-vector-idx.json, add menu-defs
+# Scan the osm-vector-maps directory, update the osm-vector-maps-idx.json, add menu-defs
from geojson import Feature, Point, FeatureCollection, Polygon
import geojson
@@ -8,6 +8,7 @@ import os
import sys
import fnmatch
import re
+from datetime import date
IIAB_PATH='/etc/iiab'
if not IIAB_PATH in sys.path:
@@ -25,30 +26,34 @@ else:
doc_root = get_iiab_env('WWWROOT')
menuDefs = doc_root + "/js-menu/menu-files/menu-defs/"
-osm_vector_idx_dir = doc_root + "/common/assets"
-#map_doc_root = '{{ osm_vector_path }}'
-map_doc_root = '/library/www/osm-vector'
+vector_map_idx_dir = doc_root + "/common/assets"
+#map_doc_root = '{{ vector_map_path }}'
+map_doc_root = '/library/www/osm-vector-maps'
# map_catalog will be global, assumed always available
map_catalog = {}
map_menu_def_list = []
+previous_idx = {} # track new regions so we don't thrash on adding to menu
def main():
global map_menu_def_list
+ global previous_idx
+
get_map_catalog()
#print(json.dumps(map_catalog,indent=2))
-
+
map_menu_def_list = get_menu_def_names()
print(json.dumps(map_menu_def_list,indent=2))
+ read_vector_map_idx()
+
installed_maps = get_installed_regions()
print(installed_maps)
- write_osm_vector_idx(installed_maps)
+ write_vector_map_idx(installed_maps)
# For installed regions, check that a menu def exists, and it's on home page
for fname in installed_maps:
region = extract_region_from_filename(fname)
- print('checking for %s region'%region)
if region == 'maplist': # it is the splash page, display only if no others
menu_ref = 'en-map_test'
item = { "perma_ref" : "en-map_test" }
@@ -58,13 +63,13 @@ def main():
else:
item = map_catalog['regions'][region]
menu_ref = item['perma_ref']
- if not (region in map_menu_def_list):
+ if not (menu_ref in map_menu_def_list):
print('creating menu def for %s'%item['perma_ref'])
create_menu_def(region,item['perma_ref'] + '.json')
- if fetch_menu_json_value('autoupdate_menu'):
+ # if autoupdate allowed and this is a new region then add to home menu
+ if fetch_menu_json_value('autoupdate_menu') and item['perma_ref'] not in previous_idx:
print('autoudate of menu items is enabled:%s. Adding %s'%(\
fetch_menu_json_value('autoupdate_menu'),region,))
- # verify this menu def is on home page
menus.update_menu_json(menu_ref)
def get_map_catalog():
@@ -76,7 +81,7 @@ def get_map_catalog():
#print(json.dumps(map_catalog,indent=2))
def get_menu_def_names(intended_use='map'):
- menu_def_list =[]
+ menu_def_list =[]
os.chdir(menuDefs)
for filename in os.listdir('.'):
if fnmatch.fnmatch(filename, '*.json'):
@@ -89,9 +94,9 @@ def get_menu_def_names(intended_use='map'):
print(readstr)
if data.get('intended_use','') != intended_use:
continue
- map_name = data.get('name','')
+ map_name = data.get('map_name','')
if map_name != '':
- menu_def_list.append(data['name'])
+ menu_def_list.append(map_name)
return menu_def_list
def get_installed_regions():
@@ -99,15 +104,24 @@ def get_installed_regions():
os.chdir(map_doc_root)
for filename in os.listdir('.'):
if fnmatch.fnmatch(filename, '??-osm-omt*'):
- region = re.sub(r'^..-osm-omt_(.*)',r'\1',filename)
+ region = re.sub(r'^..-osm-..._(.*)',r'\1',filename)
installed.append(region)
# add the splash page if no other maps are present
if len(installed) == 0:
installed.append('maplist')
return installed
-def write_osm_vector_idx(installed_maps):
- map_dict ={}
+def read_vector_map_idx():
+ global previous_idx
+ try: # will fail first time
+ with open(vector_map_idx_dir + '/vector-map-idx.json','r') as idx:
+ str = idx.read()
+ previous_idx = json.loads(str)
+ except:
+ pass
+
+def write_vector_map_idx(installed_maps):
+ map_dict ={}
idx_dict = {}
for fname in installed_maps:
region = extract_region_from_filename(fname)
@@ -117,7 +131,7 @@ def write_osm_vector_idx(installed_maps):
# Create the idx file in format required bo js-menu system
item = map_dict['perma_ref']
- idx_dict[item] = {}
+ idx_dict[item] = {}
idx_dict[item]['file_name'] = os.path.basename(map_dict['url'][:-4])
idx_dict[item]['menu_item'] = map_dict['perma_ref']
idx_dict[item]['size'] = map_dict['size']
@@ -125,8 +139,8 @@ def write_osm_vector_idx(installed_maps):
idx_dict[item]['region'] = region
idx_dict[item]['language'] = map_dict['perma_ref'][:2]
- with open(osm_vector_idx_dir + '/osm_version_idx.json','w') as idx:
- idx.write(json.dumps(idx_dict,indent=2))
+ with open(vector_map_idx_dir + '/vector-map-idx.json','w') as idx:
+ idx.write(json.dumps(idx_dict,indent=2))
def create_menu_def(region,default_name,intended_use='map'):
item = map_catalog['regions'][region]
@@ -145,11 +159,13 @@ def create_menu_def(region,default_name,intended_use='map'):
menuDef["menu_item_name"] = default_name
menuDef["title"] = "OpenStreetMap: 18 Levels of Zoom for " + item.get('title','ERROR') + ''
menuDef["map_name"] = item['perma_ref']
- menuDef["file_name"] = lang + '-osm-omt_' + region + '_' + \
- os.path.basename(item['url'])[:-4]
+ # the following is in the idx json
+ #menuDef["file_name"] = lang + '-osm-omt_' + region + '_' + os.path.basename(item['url'])[:-4]
menuDef["description"] = 'Resolution of the Whole World to 5 KM. OpenStreetMap data for ' + item.get('title','') + ' with details down to 5 Meters
'
menuDef["extra_html"] = ""
- menuDef["automatically_generated"] = "true"
+ #menuDef["automatically_generated"] = "true"
+ menuDef["change_ref"] = "generated"
+ menuDef["change_date"] = str(date.today())
if not os.path.isfile(menuDefs + default_name): # logic to here can still overwrite existing menu def
print("creating %s"%menuDefs + default_name)
with open(menuDefs + default_name,'w') as menufile:
@@ -175,15 +191,14 @@ def fetch_menu_json_value(key):
return data.get(key,'')
def extract_region_from_filename(fname):
- substitutions = { "north": "north_america",\
- "central": "central_america",\
- "southeast": "southeast_asia",
- "south": "south_america" }
- # wish I had used - as separator between key and date
- nibble = fname.split('_')[0]
- nibble = substitutions.get(nibble,nibble)
- return(nibble)
-
+ # find the index of the date
+ nibble = re.search(r"\d{4}-\d{2}-\d{2}",fname)
+ if nibble:
+ fname = fname[:nibble.start()-1]
+ return fname
+ else:
+ return("maplist")
+
if __name__ == '__main__':
if console_installed:
main()
diff --git a/roles/osm-vector/templates/index.html b/roles/osm-vector-maps/templates/index.html
similarity index 89%
rename from roles/osm-vector/templates/index.html
rename to roles/osm-vector-maps/templates/index.html
index ee7592eea..62615ae84 100644
--- a/roles/osm-vector/templates/index.html
+++ b/roles/osm-vector-maps/templates/index.html
@@ -46,12 +46,12 @@
return (bytes / Math.pow(1024, e)).toFixed(2) + " " + s[e];
}
-
+
-
+