From d43bd64c0c49fd52684f9d4bd209a7da8a6c88d8 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 28 Apr 2019 16:23:48 -0700 Subject: [PATCH 001/143] test menu for osm should be in console --- roles/osm-vector/defaults/main.yml | 1 - roles/osm-vector/tasks/main.yml | 16 ---------------- 2 files changed, 17 deletions(-) diff --git a/roles/osm-vector/defaults/main.yml b/roles/osm-vector/defaults/main.yml index 797585c3f..b89c6a5bd 100644 --- a/roles/osm-vector/defaults/main.yml +++ b/roles/osm-vector/defaults/main.yml @@ -5,5 +5,4 @@ osm_vector_path: '{{ content_base }}/www/osm-vector' # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -menu_def_dir: '{{ doc_root }}/js-menu/menu-files/menu-defs' iiab_osm_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden diff --git a/roles/osm-vector/tasks/main.yml b/roles/osm-vector/tasks/main.yml index e8542f62c..ce489cfa9 100644 --- a/roles/osm-vector/tasks/main.yml +++ b/roles/osm-vector/tasks/main.yml @@ -82,19 +82,3 @@ src: test-index.redirect dest: "{{ osm_vector_path }}/index.html" -- name: Create a directory for map menu-def - file: - path: '{{ menu_def_dir }}' - state: directory - -- name: Determine status of splash menu def - stat: - path: '{{ menu_def_dir }}/en-map_test.json' - ignore_errors: True - register: menu_def - -- name: Do not overwrite if it already exists - copy: - src: en-map_test.json - dest: '{{ menu_def_dir }}/en-map_test.json' - when: menu_def.stat.exists is defined and not menu_def.stat.exists From 4396116a7e86396f1c9ae91dd25bed8fffc9ff15 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 19:32:00 -0700 Subject: [PATCH 002/143] freeze some progress --- .../defaults/main.yml | 6 +-- .../files/countries.json | 0 .../files/en-map_test.json | 0 .../files/osm_functions.js | 4 +- roles/map-vector/files/test-index.redirect | 4 ++ .../{osm-vector => map-vector}/tasks/main.yml | 40 +++++++++---------- .../templates/iiab-update-osm | 14 +++---- .../templates/index.html | 4 +- .../templates/main.js | 0 .../templates/osm-vector.conf | 6 +-- roles/osm-vector/files/test-index.redirect | 4 -- vars/default_vars.yml | 6 +-- vars/local_vars_big.yml | 4 +- vars/local_vars_medium.yml | 4 +- vars/local_vars_min.yml | 4 +- 15 files changed, 50 insertions(+), 50 deletions(-) rename roles/{osm-vector => map-vector}/defaults/main.yml (69%) rename roles/{osm-vector => map-vector}/files/countries.json (100%) rename roles/{osm-vector => map-vector}/files/en-map_test.json (100%) rename roles/{osm-vector => map-vector}/files/osm_functions.js (98%) create mode 100644 roles/map-vector/files/test-index.redirect rename roles/{osm-vector => map-vector}/tasks/main.yml (62%) rename roles/{osm-vector => map-vector}/templates/iiab-update-osm (95%) rename roles/{osm-vector => map-vector}/templates/index.html (94%) rename roles/{osm-vector => map-vector}/templates/main.js (100%) rename roles/{osm-vector => map-vector}/templates/osm-vector.conf (56%) delete mode 100644 roles/osm-vector/files/test-index.redirect diff --git a/roles/osm-vector/defaults/main.yml b/roles/map-vector/defaults/main.yml similarity index 69% rename from roles/osm-vector/defaults/main.yml rename to roles/map-vector/defaults/main.yml index b89c6a5bd..1b51987f2 100644 --- a/roles/osm-vector/defaults/main.yml +++ b/roles/map-vector/defaults/main.yml @@ -1,6 +1,6 @@ -osm_vector_install: True -osm_vector_enabled: True -osm_vector_path: '{{ content_base }}/www/osm-vector' +map_vector_install: True +map_vector_enabled: True +map_vector_path: '{{ content_base }}/www/map-vector' # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/osm-vector/files/countries.json b/roles/map-vector/files/countries.json similarity index 100% rename from roles/osm-vector/files/countries.json rename to roles/map-vector/files/countries.json diff --git a/roles/osm-vector/files/en-map_test.json b/roles/map-vector/files/en-map_test.json similarity index 100% rename from roles/osm-vector/files/en-map_test.json rename to roles/map-vector/files/en-map_test.json diff --git a/roles/osm-vector/files/osm_functions.js b/roles/map-vector/files/osm_functions.js similarity index 98% rename from roles/osm-vector/files/osm_functions.js rename to roles/map-vector/files/osm_functions.js index 819b76ee1..a0f958dc2 100644 --- a/roles/osm-vector/files/osm_functions.js +++ b/roles/map-vector/files/osm_functions.js @@ -7,7 +7,7 @@ var regionGeojson = {}; var regionList = []; var regionInstalled = []; var commonAssetsDir = '/common/assets/'; -var mapAssetsDir = '/osm-vector/maplist/assets/'; +var mapAssetsDir = '/map-vector/maplist/assets/'; var iiab_config_dir = '/etc/iiab/'; var onChangeFunc = "setSize"; var osmCatalog = {}; @@ -27,7 +27,7 @@ function readOsmIdx(){ //consoleLog ("in readOsmIdx"); var resp = $.ajax({ type: 'GET', - url: consoleJsonDir + 'osm-vector-idx.json', + url: consoleJsonDir + 'map-vector-idx.json', dataType: 'json' }) .done(function( data ) { diff --git a/roles/map-vector/files/test-index.redirect b/roles/map-vector/files/test-index.redirect new file mode 100644 index 000000000..5b2af4a6f --- /dev/null +++ b/roles/map-vector/files/test-index.redirect @@ -0,0 +1,4 @@ + + + + diff --git a/roles/osm-vector/tasks/main.yml b/roles/map-vector/tasks/main.yml similarity index 62% rename from roles/osm-vector/tasks/main.yml rename to roles/map-vector/tasks/main.yml index ce489cfa9..3a09b2f9a 100644 --- a/roles/osm-vector/tasks/main.yml +++ b/roles/map-vector/tasks/main.yml @@ -1,6 +1,6 @@ -- name: Make sure the osm-vector directory exists +- name: Make sure the map-vector directory exists file: - path: '{{ osm_vector_path }}/maplist/assets' + path: '{{ map_vector_path }}/maplist/assets' state: directory owner: '{{ apache_user }}' group: '{{ apache_user }}' @@ -9,30 +9,30 @@ - name: Fetch the catalog for osm maps get_url: url: "{{ iiab_osm_url }}/assets/regions.json" - dest: '{{ osm_vector_path }}/maplist/assets/' + dest: '{{ map_vector_path }}/maplist/assets/' - name: Create a link to osm catalog in /common/assets file: - src: "{{ osm_vector_path }}/maplist/assets/regions.json" + src: "{{ map_vector_path }}/maplist/assets/regions.json" dest: "{{ doc_root }}/common/assets/regions.json" state: link - name: Fetch the javascript bundle with openlayers for test page get_url: url: "{{ iiab_osm_url }}/../main.js" - dest: '{{ osm_vector_path }}/maplist/' + dest: '{{ map_vector_path }}/maplist/' - name: Fetch the index.html for test page template: src: "index.html" - dest: '{{ osm_vector_path }}/maplist/index.html' + dest: '{{ map_vector_path }}/maplist/index.html' # Bboxes (bounding boxes) are currently square. But geofabrik has non-rectangular bboxes. # So bring the bounding box definition from cloud (bboxes.geojson is big) - name: Fetch the bounding box description for osm maps get_url: url: "{{ iiab_osm_url }}/assets/bboxes.geojson" - dest: '{{ osm_vector_path }}/maplist/assets/' + dest: '{{ map_vector_path }}/maplist/assets/' - name: Install python-geojson package, that helps with geojson package: @@ -45,40 +45,40 @@ dest: /usr/bin/iiab-update-osm mode: "0755" -- name: Run the script that does osm-vector housekeeping +- name: Run the script that does map-vector housekeeping shell: /usr/bin/iiab-update-osm - name: Copy the Countries geojson to assets copy: src: countries.json - dest: '{{ osm_vector_path }}/maplist/assets' + dest: '{{ map_vector_path }}/maplist/assets' # It is too complicated to use a single file for both iiab and admin-console - name: Copy the duplicated javascript to assets copy: src: osm_functions.js - dest: '{{ osm_vector_path }}/maplist/assets' + dest: '{{ map_vector_path }}/maplist/assets' - name: Install /etc/{{ apache_config_dir }}/osm-vect.conf from template template: - src: osm-vector.conf - dest: "/etc/{{ apache_config_dir }}/osm-vector.conf" + src: map-vector.conf + dest: "/etc/{{ apache_config_dir }}/map-vector.conf" -- name: Create symlink osm-vector.conf from sites-enabled to sites-available (debuntu, not nec for redhat) +- name: Create symlink map-vector.conf from sites-enabled to sites-available (debuntu, not nec for redhat) file: - src: /etc/apache2/sites-available/osm-vector.conf - path: /etc/apache2/sites-enabled/osm-vector.conf + src: /etc/apache2/sites-available/map-vector.conf + path: /etc/apache2/sites-enabled/map-vector.conf state: link - when: osm_vector_enabled and is_debuntu + when: map_vector_enabled and is_debuntu -- name: Remove symlink /etc/apache2/sites-enabled/osm-vector.conf (debuntu) +- name: Remove symlink /etc/apache2/sites-enabled/map-vector.conf (debuntu) file: - path: /etc/apache2/sites-enabled/osm-vector.conf + path: /etc/apache2/sites-enabled/map-vector.conf state: absent - when: not osm_vector_enabled and is_debuntu + when: not map_vector_enabled and is_debuntu - name: Copy the redirect to the test page -- delete this if more than one map copy: src: test-index.redirect - dest: "{{ osm_vector_path }}/index.html" + dest: "{{ map_vector_path }}/index.html" diff --git a/roles/osm-vector/templates/iiab-update-osm b/roles/map-vector/templates/iiab-update-osm similarity index 95% rename from roles/osm-vector/templates/iiab-update-osm rename to roles/map-vector/templates/iiab-update-osm index 8d8758e21..4e5ed7905 100755 --- a/roles/osm-vector/templates/iiab-update-osm +++ b/roles/map-vector/templates/iiab-update-osm @@ -1,5 +1,5 @@ #!/usr/bin/env python -# Scan the osm-vector directory, update the osm-vector-idx.json, add menu-defs +# Scan the map-vector directory, update the map-vector-idx.json, add menu-defs from geojson import Feature, Point, FeatureCollection, Polygon import geojson @@ -25,9 +25,9 @@ else: doc_root = get_iiab_env('WWWROOT') menuDefs = doc_root + "/js-menu/menu-files/menu-defs/" -osm_vector_idx_dir = doc_root + "/common/assets" -#map_doc_root = '{{ osm_vector_path }}' -map_doc_root = '/library/www/osm-vector' +map_vector_idx_dir = doc_root + "/common/assets" +#map_doc_root = '{{ map_vector_path }}' +map_doc_root = '/library/www/map-vector' # map_catalog will be global, assumed always available map_catalog = {} map_menu_def_list = [] @@ -43,7 +43,7 @@ def main(): installed_maps = get_installed_regions() print(installed_maps) - write_osm_vector_idx(installed_maps) + write_map_vector_idx(installed_maps) # For installed regions, check that a menu def exists, and it's on home page for fname in installed_maps: @@ -106,7 +106,7 @@ def get_installed_regions(): installed.append('maplist') return installed -def write_osm_vector_idx(installed_maps): +def write_map_vector_idx(installed_maps): map_dict ={} idx_dict = {} for fname in installed_maps: @@ -125,7 +125,7 @@ def write_osm_vector_idx(installed_maps): idx_dict[item]['region'] = region idx_dict[item]['language'] = map_dict['perma_ref'][:2] - with open(osm_vector_idx_dir + '/osm_version_idx.json','w') as idx: + with open(map_vector_idx_dir + '/osm_version_idx.json','w') as idx: idx.write(json.dumps(idx_dict,indent=2)) def create_menu_def(region,default_name,intended_use='map'): diff --git a/roles/osm-vector/templates/index.html b/roles/map-vector/templates/index.html similarity index 94% rename from roles/osm-vector/templates/index.html rename to roles/map-vector/templates/index.html index ee7592eea..bef8adf46 100644 --- a/roles/osm-vector/templates/index.html +++ b/roles/map-vector/templates/index.html @@ -46,12 +46,12 @@ return (bytes / Math.pow(1024, e)).toFixed(2) + " " + s[e]; } - + - + diff --git a/roles/osm-vector/templates/main.js b/roles/map-vector/templates/main.js similarity index 100% rename from roles/osm-vector/templates/main.js rename to roles/map-vector/templates/main.js diff --git a/roles/osm-vector/templates/osm-vector.conf b/roles/map-vector/templates/osm-vector.conf similarity index 56% rename from roles/osm-vector/templates/osm-vector.conf rename to roles/map-vector/templates/osm-vector.conf index da390760f..e03739186 100644 --- a/roles/osm-vector/templates/osm-vector.conf +++ b/roles/map-vector/templates/osm-vector.conf @@ -1,7 +1,7 @@ # For downloadable regional vector tilesets -Alias /maps {{ osm_vector_path }} -Alias /osm-vector {{ osm_vector_path }} - +Alias /maps {{ map_vector_path }} +Alias /map-vector {{ map_vector_path }} + Options Indexes FollowSymLinks AllowOverride All Require all granted diff --git a/roles/osm-vector/files/test-index.redirect b/roles/osm-vector/files/test-index.redirect deleted file mode 100644 index bc2310bcc..000000000 --- a/roles/osm-vector/files/test-index.redirect +++ /dev/null @@ -1,4 +0,0 @@ - - - - diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a9d58fbf7..c1fc1881c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -352,9 +352,9 @@ mongodb_enabled: False mongodb_port: 27018 # Regional OSM vector maps use much less disk space than bitmap/raster versions -osm_vector_install: True -osm_vector_enabled: True -osm_vector_path: '{{ content_base }}/www/osm-vector' +map_vector_install: True +map_vector_enabled: True +map_vector_path: '{{ content_base }}/www/map-vector' # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 3ae4f871f..7830a81e7 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -230,8 +230,8 @@ moodle_enabled: True # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -osm_vector_install: True -osm_vector_enabled: True +map_vector_install: True +map_vector_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 9449bedbc..943a12283 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -230,8 +230,8 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -osm_vector_install: True -osm_vector_enabled: True +map_vector_install: True +map_vector_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 0dff67b30..957f8cbe4 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -230,8 +230,8 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -osm_vector_install: True -osm_vector_enabled: True +map_vector_install: True +map_vector_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 From e773447f9a263bb57acc1e9d913f1840696f157b Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 21:39:53 -0700 Subject: [PATCH 003/143] file name change map-vector.conf --- roles/map-vector/templates/{osm-vector.conf => map-vector.conf} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/map-vector/templates/{osm-vector.conf => map-vector.conf} (100%) diff --git a/roles/map-vector/templates/osm-vector.conf b/roles/map-vector/templates/map-vector.conf similarity index 100% rename from roles/map-vector/templates/osm-vector.conf rename to roles/map-vector/templates/map-vector.conf From a191c706791b223b49c905a51b9931d980a1168d Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 22:01:08 -0700 Subject: [PATCH 004/143] include the map role --- roles/4-server-options/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 4c56b0572..842c6066f 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -18,6 +18,11 @@ when: captive_portal_install tags: base, captive-portal, network, domain +- name: Installing vector maps + include_tasks: roles/map-vector/tasks/main.yml + when: map_vector_install + tags: base, map + - name: Installing dhcpd include_tasks: roles/network/tasks/dhcpd.yml when: dhcpd_install From 2088c408105427fd8fcdc7516c4e06388b5d9746 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 22:22:29 -0700 Subject: [PATCH 005/143] lost the last commit, 4-server-options include map --- roles/4-server-options/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 4c56b0572..dd7d40233 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -13,6 +13,11 @@ when: named_install tags: base, named, network, domain +- name: Installing vector map test page + include_role: roles/map-vector + when: map_vector_install + tags: base, map, map-vector + - name: Installing captive portal include_tasks: roles/captive-portal/tasks/main.yml when: captive_portal_install From 522be2c2ec48a1ac4d5e92f47aa94374a61d12a1 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 22:24:37 -0700 Subject: [PATCH 006/143] duplicated commit --- roles/4-server-options/tasks/main.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index f1fab8c3b..0640820bf 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -16,18 +16,13 @@ - name: Installing vector map test page include_role: roles/map-vector when: map_vector_install - tags: base, map, map-vector + tags: base, map - name: Installing captive portal include_tasks: roles/captive-portal/tasks/main.yml when: captive_portal_install tags: base, captive-portal, network, domain -- name: Installing vector maps - include_tasks: roles/map-vector/tasks/main.yml - when: map_vector_install - tags: base, map - - name: Installing dhcpd include_tasks: roles/network/tasks/dhcpd.yml when: dhcpd_install From aea7f1704bca935c95c90397bbd93080e7c99f07 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 22:37:43 -0700 Subject: [PATCH 007/143] typo on include_role --- roles/4-server-options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 0640820bf..31642295d 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -14,7 +14,7 @@ tags: base, named, network, domain - name: Installing vector map test page - include_role: roles/map-vector + include_role: map-vector when: map_vector_install tags: base, map From 582385d47f2468bb31951b6c5357bc51214ccd5e Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 22:41:37 -0700 Subject: [PATCH 008/143] wrong syntax for include_role --- roles/4-server-options/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 31642295d..b51360ae4 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -14,7 +14,8 @@ tags: base, named, network, domain - name: Installing vector map test page - include_role: map-vector + include_role: + name: map-vector when: map_vector_install tags: base, map From b9f466c0f62888161c5ec4fd945c2b76dff3154a Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 23:04:32 -0700 Subject: [PATCH 009/143] map-vector->vector-map --- roles/4-server-options/tasks/main.yml | 4 +-- roles/map-vector/defaults/main.yml | 6 ++-- roles/map-vector/files/osm_functions.js | 4 +-- roles/map-vector/files/test-index.redirect | 2 +- roles/map-vector/tasks/main.yml | 40 +++++++++++----------- roles/map-vector/templates/iiab-update-osm | 14 ++++---- roles/map-vector/templates/index.html | 4 +-- roles/map-vector/templates/map-vector.conf | 6 ++-- vars/default_vars.yml | 6 ++-- vars/local_vars_big.yml | 4 +-- vars/local_vars_medium.yml | 4 +-- vars/local_vars_min.yml | 4 +-- 12 files changed, 49 insertions(+), 49 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index b51360ae4..48b036cfc 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -15,8 +15,8 @@ - name: Installing vector map test page include_role: - name: map-vector - when: map_vector_install + name: vector-map + when: vector_map_install tags: base, map - name: Installing captive portal diff --git a/roles/map-vector/defaults/main.yml b/roles/map-vector/defaults/main.yml index 1b51987f2..d68b225b3 100644 --- a/roles/map-vector/defaults/main.yml +++ b/roles/map-vector/defaults/main.yml @@ -1,6 +1,6 @@ -map_vector_install: True -map_vector_enabled: True -map_vector_path: '{{ content_base }}/www/map-vector' +vector_map_install: True +vector_map_enabled: True +vector_map_path: '{{ content_base }}/www/vector-map' # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/map-vector/files/osm_functions.js b/roles/map-vector/files/osm_functions.js index a0f958dc2..ed59e4807 100644 --- a/roles/map-vector/files/osm_functions.js +++ b/roles/map-vector/files/osm_functions.js @@ -7,7 +7,7 @@ var regionGeojson = {}; var regionList = []; var regionInstalled = []; var commonAssetsDir = '/common/assets/'; -var mapAssetsDir = '/map-vector/maplist/assets/'; +var mapAssetsDir = '/vector-map/maplist/assets/'; var iiab_config_dir = '/etc/iiab/'; var onChangeFunc = "setSize"; var osmCatalog = {}; @@ -27,7 +27,7 @@ function readOsmIdx(){ //consoleLog ("in readOsmIdx"); var resp = $.ajax({ type: 'GET', - url: consoleJsonDir + 'map-vector-idx.json', + url: consoleJsonDir + 'vector-map-idx.json', dataType: 'json' }) .done(function( data ) { diff --git a/roles/map-vector/files/test-index.redirect b/roles/map-vector/files/test-index.redirect index 5b2af4a6f..68cd166c6 100644 --- a/roles/map-vector/files/test-index.redirect +++ b/roles/map-vector/files/test-index.redirect @@ -1,4 +1,4 @@ - + diff --git a/roles/map-vector/tasks/main.yml b/roles/map-vector/tasks/main.yml index 3a09b2f9a..e15b7d30d 100644 --- a/roles/map-vector/tasks/main.yml +++ b/roles/map-vector/tasks/main.yml @@ -1,6 +1,6 @@ -- name: Make sure the map-vector directory exists +- name: Make sure the vector-map directory exists file: - path: '{{ map_vector_path }}/maplist/assets' + path: '{{ vector_map_path }}/maplist/assets' state: directory owner: '{{ apache_user }}' group: '{{ apache_user }}' @@ -9,30 +9,30 @@ - name: Fetch the catalog for osm maps get_url: url: "{{ iiab_osm_url }}/assets/regions.json" - dest: '{{ map_vector_path }}/maplist/assets/' + dest: '{{ vector_map_path }}/maplist/assets/' - name: Create a link to osm catalog in /common/assets file: - src: "{{ map_vector_path }}/maplist/assets/regions.json" + src: "{{ vector_map_path }}/maplist/assets/regions.json" dest: "{{ doc_root }}/common/assets/regions.json" state: link - name: Fetch the javascript bundle with openlayers for test page get_url: url: "{{ iiab_osm_url }}/../main.js" - dest: '{{ map_vector_path }}/maplist/' + dest: '{{ vector_map_path }}/maplist/' - name: Fetch the index.html for test page template: src: "index.html" - dest: '{{ map_vector_path }}/maplist/index.html' + dest: '{{ vector_map_path }}/maplist/index.html' # Bboxes (bounding boxes) are currently square. But geofabrik has non-rectangular bboxes. # So bring the bounding box definition from cloud (bboxes.geojson is big) - name: Fetch the bounding box description for osm maps get_url: url: "{{ iiab_osm_url }}/assets/bboxes.geojson" - dest: '{{ map_vector_path }}/maplist/assets/' + dest: '{{ vector_map_path }}/maplist/assets/' - name: Install python-geojson package, that helps with geojson package: @@ -45,40 +45,40 @@ dest: /usr/bin/iiab-update-osm mode: "0755" -- name: Run the script that does map-vector housekeeping +- name: Run the script that does vector-map housekeeping shell: /usr/bin/iiab-update-osm - name: Copy the Countries geojson to assets copy: src: countries.json - dest: '{{ map_vector_path }}/maplist/assets' + dest: '{{ vector_map_path }}/maplist/assets' # It is too complicated to use a single file for both iiab and admin-console - name: Copy the duplicated javascript to assets copy: src: osm_functions.js - dest: '{{ map_vector_path }}/maplist/assets' + dest: '{{ vector_map_path }}/maplist/assets' - name: Install /etc/{{ apache_config_dir }}/osm-vect.conf from template template: - src: map-vector.conf - dest: "/etc/{{ apache_config_dir }}/map-vector.conf" + src: vector-map.conf + dest: "/etc/{{ apache_config_dir }}/vector-map.conf" -- name: Create symlink map-vector.conf from sites-enabled to sites-available (debuntu, not nec for redhat) +- name: Create symlink vector-map.conf from sites-enabled to sites-available (debuntu, not nec for redhat) file: - src: /etc/apache2/sites-available/map-vector.conf - path: /etc/apache2/sites-enabled/map-vector.conf + src: /etc/apache2/sites-available/vector-map.conf + path: /etc/apache2/sites-enabled/vector-map.conf state: link - when: map_vector_enabled and is_debuntu + when: vector_map_enabled and is_debuntu -- name: Remove symlink /etc/apache2/sites-enabled/map-vector.conf (debuntu) +- name: Remove symlink /etc/apache2/sites-enabled/vector-map.conf (debuntu) file: - path: /etc/apache2/sites-enabled/map-vector.conf + path: /etc/apache2/sites-enabled/vector-map.conf state: absent - when: not map_vector_enabled and is_debuntu + when: not vector_map_enabled and is_debuntu - name: Copy the redirect to the test page -- delete this if more than one map copy: src: test-index.redirect - dest: "{{ map_vector_path }}/index.html" + dest: "{{ vector_map_path }}/index.html" diff --git a/roles/map-vector/templates/iiab-update-osm b/roles/map-vector/templates/iiab-update-osm index 4e5ed7905..817e6e6cd 100755 --- a/roles/map-vector/templates/iiab-update-osm +++ b/roles/map-vector/templates/iiab-update-osm @@ -1,5 +1,5 @@ #!/usr/bin/env python -# Scan the map-vector directory, update the map-vector-idx.json, add menu-defs +# Scan the vector-map directory, update the vector-map-idx.json, add menu-defs from geojson import Feature, Point, FeatureCollection, Polygon import geojson @@ -25,9 +25,9 @@ else: doc_root = get_iiab_env('WWWROOT') menuDefs = doc_root + "/js-menu/menu-files/menu-defs/" -map_vector_idx_dir = doc_root + "/common/assets" -#map_doc_root = '{{ map_vector_path }}' -map_doc_root = '/library/www/map-vector' +vector_map_idx_dir = doc_root + "/common/assets" +#map_doc_root = '{{ vector_map_path }}' +map_doc_root = '/library/www/vector-map' # map_catalog will be global, assumed always available map_catalog = {} map_menu_def_list = [] @@ -43,7 +43,7 @@ def main(): installed_maps = get_installed_regions() print(installed_maps) - write_map_vector_idx(installed_maps) + write_vector_map_idx(installed_maps) # For installed regions, check that a menu def exists, and it's on home page for fname in installed_maps: @@ -106,7 +106,7 @@ def get_installed_regions(): installed.append('maplist') return installed -def write_map_vector_idx(installed_maps): +def write_vector_map_idx(installed_maps): map_dict ={} idx_dict = {} for fname in installed_maps: @@ -125,7 +125,7 @@ def write_map_vector_idx(installed_maps): idx_dict[item]['region'] = region idx_dict[item]['language'] = map_dict['perma_ref'][:2] - with open(map_vector_idx_dir + '/osm_version_idx.json','w') as idx: + with open(vector_map_idx_dir + '/osm_version_idx.json','w') as idx: idx.write(json.dumps(idx_dict,indent=2)) def create_menu_def(region,default_name,intended_use='map'): diff --git a/roles/map-vector/templates/index.html b/roles/map-vector/templates/index.html index bef8adf46..b00310b1a 100644 --- a/roles/map-vector/templates/index.html +++ b/roles/map-vector/templates/index.html @@ -46,12 +46,12 @@ return (bytes / Math.pow(1024, e)).toFixed(2) + " " + s[e]; } - + - + diff --git a/roles/map-vector/templates/map-vector.conf b/roles/map-vector/templates/map-vector.conf index e03739186..378127778 100644 --- a/roles/map-vector/templates/map-vector.conf +++ b/roles/map-vector/templates/map-vector.conf @@ -1,7 +1,7 @@ # For downloadable regional vector tilesets -Alias /maps {{ map_vector_path }} -Alias /map-vector {{ map_vector_path }} - +Alias /maps {{ vector_map_path }} +Alias /vector-map {{ vector_map_path }} + Options Indexes FollowSymLinks AllowOverride All Require all granted diff --git a/vars/default_vars.yml b/vars/default_vars.yml index c1fc1881c..b9f33c77c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -352,9 +352,9 @@ mongodb_enabled: False mongodb_port: 27018 # Regional OSM vector maps use much less disk space than bitmap/raster versions -map_vector_install: True -map_vector_enabled: True -map_vector_path: '{{ content_base }}/www/map-vector' +vector_map_install: True +vector_map_enabled: True +vector_map_path: '{{ content_base }}/www/vector-map' # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 7830a81e7..b62f272af 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -230,8 +230,8 @@ moodle_enabled: True # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -map_vector_install: True -map_vector_enabled: True +vector_map_install: True +vector_map_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 943a12283..e14f320a4 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -230,8 +230,8 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -map_vector_install: True -map_vector_enabled: True +vector_map_install: True +vector_map_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 957f8cbe4..324651c26 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -230,8 +230,8 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -map_vector_install: True -map_vector_enabled: True +vector_map_install: True +vector_map_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 From ee85ecab219f57aefa78afc95e09584a9ba5e89a Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 23:10:47 -0700 Subject: [PATCH 010/143] change role name --- roles/{map-vector => vector-map}/defaults/main.yml | 0 roles/{map-vector => vector-map}/files/countries.json | 0 roles/{map-vector => vector-map}/files/en-map_test.json | 0 roles/{map-vector => vector-map}/files/osm_functions.js | 0 roles/{map-vector => vector-map}/files/test-index.redirect | 0 roles/{map-vector => vector-map}/tasks/main.yml | 0 roles/{map-vector => vector-map}/templates/iiab-update-osm | 0 roles/{map-vector => vector-map}/templates/index.html | 0 roles/{map-vector => vector-map}/templates/main.js | 0 roles/{map-vector => vector-map}/templates/map-vector.conf | 0 10 files changed, 0 insertions(+), 0 deletions(-) rename roles/{map-vector => vector-map}/defaults/main.yml (100%) rename roles/{map-vector => vector-map}/files/countries.json (100%) rename roles/{map-vector => vector-map}/files/en-map_test.json (100%) rename roles/{map-vector => vector-map}/files/osm_functions.js (100%) rename roles/{map-vector => vector-map}/files/test-index.redirect (100%) rename roles/{map-vector => vector-map}/tasks/main.yml (100%) rename roles/{map-vector => vector-map}/templates/iiab-update-osm (100%) rename roles/{map-vector => vector-map}/templates/index.html (100%) rename roles/{map-vector => vector-map}/templates/main.js (100%) rename roles/{map-vector => vector-map}/templates/map-vector.conf (100%) diff --git a/roles/map-vector/defaults/main.yml b/roles/vector-map/defaults/main.yml similarity index 100% rename from roles/map-vector/defaults/main.yml rename to roles/vector-map/defaults/main.yml diff --git a/roles/map-vector/files/countries.json b/roles/vector-map/files/countries.json similarity index 100% rename from roles/map-vector/files/countries.json rename to roles/vector-map/files/countries.json diff --git a/roles/map-vector/files/en-map_test.json b/roles/vector-map/files/en-map_test.json similarity index 100% rename from roles/map-vector/files/en-map_test.json rename to roles/vector-map/files/en-map_test.json diff --git a/roles/map-vector/files/osm_functions.js b/roles/vector-map/files/osm_functions.js similarity index 100% rename from roles/map-vector/files/osm_functions.js rename to roles/vector-map/files/osm_functions.js diff --git a/roles/map-vector/files/test-index.redirect b/roles/vector-map/files/test-index.redirect similarity index 100% rename from roles/map-vector/files/test-index.redirect rename to roles/vector-map/files/test-index.redirect diff --git a/roles/map-vector/tasks/main.yml b/roles/vector-map/tasks/main.yml similarity index 100% rename from roles/map-vector/tasks/main.yml rename to roles/vector-map/tasks/main.yml diff --git a/roles/map-vector/templates/iiab-update-osm b/roles/vector-map/templates/iiab-update-osm similarity index 100% rename from roles/map-vector/templates/iiab-update-osm rename to roles/vector-map/templates/iiab-update-osm diff --git a/roles/map-vector/templates/index.html b/roles/vector-map/templates/index.html similarity index 100% rename from roles/map-vector/templates/index.html rename to roles/vector-map/templates/index.html diff --git a/roles/map-vector/templates/main.js b/roles/vector-map/templates/main.js similarity index 100% rename from roles/map-vector/templates/main.js rename to roles/vector-map/templates/main.js diff --git a/roles/map-vector/templates/map-vector.conf b/roles/vector-map/templates/map-vector.conf similarity index 100% rename from roles/map-vector/templates/map-vector.conf rename to roles/vector-map/templates/map-vector.conf From 3be9c87f3a7ef440c12897506656b48001f3ac55 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 4 May 2019 23:21:34 -0700 Subject: [PATCH 011/143] rename file --- roles/vector-map/templates/{map-vector.conf => vector-map.conf} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/vector-map/templates/{map-vector.conf => vector-map.conf} (100%) diff --git a/roles/vector-map/templates/map-vector.conf b/roles/vector-map/templates/vector-map.conf similarity index 100% rename from roles/vector-map/templates/map-vector.conf rename to roles/vector-map/templates/vector-map.conf From 66b9e844bdc1566bf182ee37da10e3bfc2c3d77b Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 5 May 2019 18:51:34 -0700 Subject: [PATCH 012/143] vector-map -> vector-maps --- roles/vector-map/files/test-index.redirect | 4 ---- .../defaults/main.yml | 2 +- .../files/countries.json | 0 .../files/en-map_test.json | 0 .../files/osm_functions.js | 4 ++-- roles/vector-maps/files/test-index.redirect | 4 ++++ .../{vector-map => vector-maps}/tasks/main.yml | 18 +++++++++--------- .../templates/iiab-update-osm | 4 ++-- .../templates/index.html | 4 ++-- .../templates/main.js | 0 .../templates/vector-map.conf | 2 +- 11 files changed, 21 insertions(+), 21 deletions(-) delete mode 100644 roles/vector-map/files/test-index.redirect rename roles/{vector-map => vector-maps}/defaults/main.yml (84%) rename roles/{vector-map => vector-maps}/files/countries.json (100%) rename roles/{vector-map => vector-maps}/files/en-map_test.json (100%) rename roles/{vector-map => vector-maps}/files/osm_functions.js (98%) create mode 100644 roles/vector-maps/files/test-index.redirect rename roles/{vector-map => vector-maps}/tasks/main.yml (79%) rename roles/{vector-map => vector-maps}/templates/iiab-update-osm (98%) rename roles/{vector-map => vector-maps}/templates/index.html (92%) rename roles/{vector-map => vector-maps}/templates/main.js (100%) rename roles/{vector-map => vector-maps}/templates/vector-map.conf (83%) diff --git a/roles/vector-map/files/test-index.redirect b/roles/vector-map/files/test-index.redirect deleted file mode 100644 index 68cd166c6..000000000 --- a/roles/vector-map/files/test-index.redirect +++ /dev/null @@ -1,4 +0,0 @@ - - - - diff --git a/roles/vector-map/defaults/main.yml b/roles/vector-maps/defaults/main.yml similarity index 84% rename from roles/vector-map/defaults/main.yml rename to roles/vector-maps/defaults/main.yml index d68b225b3..980765644 100644 --- a/roles/vector-map/defaults/main.yml +++ b/roles/vector-maps/defaults/main.yml @@ -1,6 +1,6 @@ vector_map_install: True vector_map_enabled: True -vector_map_path: '{{ content_base }}/www/vector-map' +vector_map_path: '{{ content_base }}/www/vector-maps' # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/vector-map/files/countries.json b/roles/vector-maps/files/countries.json similarity index 100% rename from roles/vector-map/files/countries.json rename to roles/vector-maps/files/countries.json diff --git a/roles/vector-map/files/en-map_test.json b/roles/vector-maps/files/en-map_test.json similarity index 100% rename from roles/vector-map/files/en-map_test.json rename to roles/vector-maps/files/en-map_test.json diff --git a/roles/vector-map/files/osm_functions.js b/roles/vector-maps/files/osm_functions.js similarity index 98% rename from roles/vector-map/files/osm_functions.js rename to roles/vector-maps/files/osm_functions.js index ed59e4807..ba448ca01 100644 --- a/roles/vector-map/files/osm_functions.js +++ b/roles/vector-maps/files/osm_functions.js @@ -7,7 +7,7 @@ var regionGeojson = {}; var regionList = []; var regionInstalled = []; var commonAssetsDir = '/common/assets/'; -var mapAssetsDir = '/vector-map/maplist/assets/'; +var mapAssetsDir = '/vector-maps/maplist/assets/'; var iiab_config_dir = '/etc/iiab/'; var onChangeFunc = "setSize"; var osmCatalog = {}; @@ -27,7 +27,7 @@ function readOsmIdx(){ //consoleLog ("in readOsmIdx"); var resp = $.ajax({ type: 'GET', - url: consoleJsonDir + 'vector-map-idx.json', + url: consoleJsonDir + 'vector-maps-idx.json', dataType: 'json' }) .done(function( data ) { diff --git a/roles/vector-maps/files/test-index.redirect b/roles/vector-maps/files/test-index.redirect new file mode 100644 index 000000000..3d86d5480 --- /dev/null +++ b/roles/vector-maps/files/test-index.redirect @@ -0,0 +1,4 @@ + + + + diff --git a/roles/vector-map/tasks/main.yml b/roles/vector-maps/tasks/main.yml similarity index 79% rename from roles/vector-map/tasks/main.yml rename to roles/vector-maps/tasks/main.yml index e15b7d30d..b9d6dd1eb 100644 --- a/roles/vector-map/tasks/main.yml +++ b/roles/vector-maps/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Make sure the vector-map directory exists +- name: Make sure the vector-maps directory exists file: path: '{{ vector_map_path }}/maplist/assets' state: directory @@ -45,7 +45,7 @@ dest: /usr/bin/iiab-update-osm mode: "0755" -- name: Run the script that does vector-map housekeeping +- name: Run the script that does vector-maps housekeeping shell: /usr/bin/iiab-update-osm - name: Copy the Countries geojson to assets @@ -61,19 +61,19 @@ - name: Install /etc/{{ apache_config_dir }}/osm-vect.conf from template template: - src: vector-map.conf - dest: "/etc/{{ apache_config_dir }}/vector-map.conf" + src: vector-maps.conf + dest: "/etc/{{ apache_config_dir }}/vector-maps.conf" -- name: Create symlink vector-map.conf from sites-enabled to sites-available (debuntu, not nec for redhat) +- name: Create symlink vector-maps.conf from sites-enabled to sites-available (debuntu, not nec for redhat) file: - src: /etc/apache2/sites-available/vector-map.conf - path: /etc/apache2/sites-enabled/vector-map.conf + src: /etc/apache2/sites-available/vector-maps.conf + path: /etc/apache2/sites-enabled/vector-maps.conf state: link when: vector_map_enabled and is_debuntu -- name: Remove symlink /etc/apache2/sites-enabled/vector-map.conf (debuntu) +- name: Remove symlink /etc/apache2/sites-enabled/vector-maps.conf (debuntu) file: - path: /etc/apache2/sites-enabled/vector-map.conf + path: /etc/apache2/sites-enabled/vector-maps.conf state: absent when: not vector_map_enabled and is_debuntu diff --git a/roles/vector-map/templates/iiab-update-osm b/roles/vector-maps/templates/iiab-update-osm similarity index 98% rename from roles/vector-map/templates/iiab-update-osm rename to roles/vector-maps/templates/iiab-update-osm index 817e6e6cd..bebb8d81a 100755 --- a/roles/vector-map/templates/iiab-update-osm +++ b/roles/vector-maps/templates/iiab-update-osm @@ -1,5 +1,5 @@ #!/usr/bin/env python -# Scan the vector-map directory, update the vector-map-idx.json, add menu-defs +# Scan the vector-maps directory, update the vector-maps-idx.json, add menu-defs from geojson import Feature, Point, FeatureCollection, Polygon import geojson @@ -27,7 +27,7 @@ doc_root = get_iiab_env('WWWROOT') menuDefs = doc_root + "/js-menu/menu-files/menu-defs/" vector_map_idx_dir = doc_root + "/common/assets" #map_doc_root = '{{ vector_map_path }}' -map_doc_root = '/library/www/vector-map' +map_doc_root = '/library/www/vector-maps' # map_catalog will be global, assumed always available map_catalog = {} map_menu_def_list = [] diff --git a/roles/vector-map/templates/index.html b/roles/vector-maps/templates/index.html similarity index 92% rename from roles/vector-map/templates/index.html rename to roles/vector-maps/templates/index.html index b00310b1a..45573d3de 100644 --- a/roles/vector-map/templates/index.html +++ b/roles/vector-maps/templates/index.html @@ -46,12 +46,12 @@ return (bytes / Math.pow(1024, e)).toFixed(2) + " " + s[e]; } - + - + diff --git a/roles/vector-map/templates/main.js b/roles/vector-maps/templates/main.js similarity index 100% rename from roles/vector-map/templates/main.js rename to roles/vector-maps/templates/main.js diff --git a/roles/vector-map/templates/vector-map.conf b/roles/vector-maps/templates/vector-map.conf similarity index 83% rename from roles/vector-map/templates/vector-map.conf rename to roles/vector-maps/templates/vector-map.conf index 378127778..dd3d32050 100644 --- a/roles/vector-map/templates/vector-map.conf +++ b/roles/vector-maps/templates/vector-map.conf @@ -1,6 +1,6 @@ # For downloadable regional vector tilesets Alias /maps {{ vector_map_path }} -Alias /vector-map {{ vector_map_path }} +Alias /vector-maps {{ vector_map_path }} Options Indexes FollowSymLinks AllowOverride All From 812c46ada0cd6ae281e010176ab320b1d43b9bf2 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 5 May 2019 19:05:32 -0700 Subject: [PATCH 013/143] vector-map -> vector-maps --- roles/4-server-options/tasks/main.yml | 4 ++-- roles/vector-maps/defaults/main.yml | 4 ++-- roles/vector-maps/tasks/main.yml | 4 ++-- vars/default_vars.yml | 4 ++-- vars/local_vars_big.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_min.yml | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 48b036cfc..8da054002 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -15,8 +15,8 @@ - name: Installing vector map test page include_role: - name: vector-map - when: vector_map_install + name: vector-maps + when: vector_maps_install tags: base, map - name: Installing captive portal diff --git a/roles/vector-maps/defaults/main.yml b/roles/vector-maps/defaults/main.yml index 980765644..a25fa2f0e 100644 --- a/roles/vector-maps/defaults/main.yml +++ b/roles/vector-maps/defaults/main.yml @@ -1,5 +1,5 @@ -vector_map_install: True -vector_map_enabled: True +vector_maps_install: True +vector_maps_enabled: True vector_map_path: '{{ content_base }}/www/vector-maps' # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml diff --git a/roles/vector-maps/tasks/main.yml b/roles/vector-maps/tasks/main.yml index b9d6dd1eb..653c583c8 100644 --- a/roles/vector-maps/tasks/main.yml +++ b/roles/vector-maps/tasks/main.yml @@ -69,13 +69,13 @@ src: /etc/apache2/sites-available/vector-maps.conf path: /etc/apache2/sites-enabled/vector-maps.conf state: link - when: vector_map_enabled and is_debuntu + when: vector_maps_enabled and is_debuntu - name: Remove symlink /etc/apache2/sites-enabled/vector-maps.conf (debuntu) file: path: /etc/apache2/sites-enabled/vector-maps.conf state: absent - when: not vector_map_enabled and is_debuntu + when: not vector_maps_enabled and is_debuntu - name: Copy the redirect to the test page -- delete this if more than one map copy: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b9f33c77c..1bac4bbdb 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -352,8 +352,8 @@ mongodb_enabled: False mongodb_port: 27018 # Regional OSM vector maps use much less disk space than bitmap/raster versions -vector_map_install: True -vector_map_enabled: True +vector_maps_install: True +vector_maps_enabled: True vector_map_path: '{{ content_base }}/www/vector-map' # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index b62f272af..a4db50618 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -230,8 +230,8 @@ moodle_enabled: True # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -vector_map_install: True -vector_map_enabled: True +vector_maps_install: True +vector_maps_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index e14f320a4..a36c7db6e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -230,8 +230,8 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -vector_map_install: True -vector_map_enabled: True +vector_maps_install: True +vector_maps_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 324651c26..548d7adc9 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -230,8 +230,8 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -vector_map_install: True -vector_map_enabled: True +vector_maps_install: True +vector_maps_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 From 28828136b66799c3c626ba5fe2c5cc027dd8b060 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 5 May 2019 20:27:45 -0700 Subject: [PATCH 014/143] vector-map ->maps --- roles/vector-maps/templates/{iiab-update-osm => iiab-update-map} | 0 roles/vector-maps/templates/{vector-map.conf => vector-maps.conf} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename roles/vector-maps/templates/{iiab-update-osm => iiab-update-map} (100%) rename roles/vector-maps/templates/{vector-map.conf => vector-maps.conf} (100%) diff --git a/roles/vector-maps/templates/iiab-update-osm b/roles/vector-maps/templates/iiab-update-map similarity index 100% rename from roles/vector-maps/templates/iiab-update-osm rename to roles/vector-maps/templates/iiab-update-map diff --git a/roles/vector-maps/templates/vector-map.conf b/roles/vector-maps/templates/vector-maps.conf similarity index 100% rename from roles/vector-maps/templates/vector-map.conf rename to roles/vector-maps/templates/vector-maps.conf From 1350fbe1e54b56fa0f153aaa44f53659582899f6 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 5 May 2019 20:41:48 -0700 Subject: [PATCH 015/143] map_url --- roles/vector-maps/defaults/main.yml | 2 +- roles/vector-maps/tasks/main.yml | 16 ++++++++-------- vars/default_vars.yml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/vector-maps/defaults/main.yml b/roles/vector-maps/defaults/main.yml index a25fa2f0e..9679a6337 100644 --- a/roles/vector-maps/defaults/main.yml +++ b/roles/vector-maps/defaults/main.yml @@ -5,4 +5,4 @@ vector_map_path: '{{ content_base }}/www/vector-maps' # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -iiab_osm_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden +iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden diff --git a/roles/vector-maps/tasks/main.yml b/roles/vector-maps/tasks/main.yml index 653c583c8..7cc56e962 100644 --- a/roles/vector-maps/tasks/main.yml +++ b/roles/vector-maps/tasks/main.yml @@ -8,7 +8,7 @@ - name: Fetch the catalog for osm maps get_url: - url: "{{ iiab_osm_url }}/assets/regions.json" + url: "{{ iiab_map_url }}/assets/regions.json" dest: '{{ vector_map_path }}/maplist/assets/' - name: Create a link to osm catalog in /common/assets @@ -19,7 +19,7 @@ - name: Fetch the javascript bundle with openlayers for test page get_url: - url: "{{ iiab_osm_url }}/../main.js" + url: "{{ iiab_map_url }}/../main.js" dest: '{{ vector_map_path }}/maplist/' - name: Fetch the index.html for test page @@ -31,7 +31,7 @@ # So bring the bounding box definition from cloud (bboxes.geojson is big) - name: Fetch the bounding box description for osm maps get_url: - url: "{{ iiab_osm_url }}/assets/bboxes.geojson" + url: "{{ iiab_map_url }}/assets/bboxes.geojson" dest: '{{ vector_map_path }}/maplist/assets/' - name: Install python-geojson package, that helps with geojson @@ -41,12 +41,12 @@ - name: Install the script to update osm catalog template: - src: iiab-update-osm - dest: /usr/bin/iiab-update-osm + src: iiab-update-map + dest: /usr/bin/iiab-update-map mode: "0755" - name: Run the script that does vector-maps housekeeping - shell: /usr/bin/iiab-update-osm + shell: /usr/bin/iiab-update-map - name: Copy the Countries geojson to assets copy: @@ -56,10 +56,10 @@ # It is too complicated to use a single file for both iiab and admin-console - name: Copy the duplicated javascript to assets copy: - src: osm_functions.js + src: map_functions.js dest: '{{ vector_map_path }}/maplist/assets' -- name: Install /etc/{{ apache_config_dir }}/osm-vect.conf from template +- name: Install /etc/{{ apache_config_dir }}/vector-maps.conf from template template: src: vector-maps.conf dest: "/etc/{{ apache_config_dir }}/vector-maps.conf" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1bac4bbdb..576945d9c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -15,7 +15,7 @@ pip_packages_dir: "{{ iiab_base }}/pip-packages" yum_packages_dir: "{{ iiab_base }}/yum-packages" downloads_dir: "{{ iiab_base }}/downloads" iiab_download_url: http://download.iiab.io/packages -iiab_osm_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden +iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden content_base: "/library" doc_base: "{{ content_base }}/www" From e22e79bceb474416c00c80978977bc190e9a1400 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 5 May 2019 20:51:45 -0700 Subject: [PATCH 016/143] map_functions.js --- roles/vector-maps/files/{osm_functions.js => map_functions.js} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/vector-maps/files/{osm_functions.js => map_functions.js} (100%) diff --git a/roles/vector-maps/files/osm_functions.js b/roles/vector-maps/files/map_functions.js similarity index 100% rename from roles/vector-maps/files/osm_functions.js rename to roles/vector-maps/files/map_functions.js From 3032b583894c8f6de487a330f15002a338dc6145 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 5 May 2019 21:18:41 -0700 Subject: [PATCH 017/143] tedious --- roles/vector-maps/files/map_functions.js | 54 ++++++++++++------------ roles/vector-maps/templates/index.html | 4 +- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/roles/vector-maps/files/map_functions.js b/roles/vector-maps/files/map_functions.js index ba448ca01..956ca01ac 100644 --- a/roles/vector-maps/files/map_functions.js +++ b/roles/vector-maps/files/map_functions.js @@ -1,6 +1,6 @@ -// osm_functions.js -- (non authoritative see below) src = iiab/roles/files/ +// map_functions.js -- (non authoritative see below) src = iiab/roles/files/ // copyright 2019 George Hunt -// CAUTION -- this file is duplicate to admin-console/console/files/js/osm_fuctions.js -- please think of admin-console as authoritative +// CAUTION -- this file is duplicate to admin-console/console/files/js/map_fuctions.js -- please think of admin-console as authoritative // Placed here in duplicate to ease debugging, and simplify dependences var regionGeojson = {}; @@ -10,7 +10,7 @@ var commonAssetsDir = '/common/assets/'; var mapAssetsDir = '/vector-maps/maplist/assets/'; var iiab_config_dir = '/etc/iiab/'; var onChangeFunc = "setSize"; -var osmCatalog = {}; +var mapCatalog = {}; // following 2 lines an experiment to see if test page and console can be common //var jquery = require("./assets/jquery.min"); @@ -19,7 +19,7 @@ var osmCatalog = {}; function getOsmStat(){ // called during the init console.log('in getOsmStat'); - readOsmCatalog( true ); // we want checkboxes + readMapCatalog( true ); // we want checkboxes readOsmIdx(); } @@ -31,21 +31,21 @@ function readOsmIdx(){ dataType: 'json' }) .done(function( data ) { - osmInstalled = data['regions']; + mapInstalled = data['regions']; regionInstalled = []; for (region in data['regions']) { if (data['regions'].hasOwnProperty(region)) { regionInstalled.push(region); } } - //consoleLog(osmInstalled + ''); + //consoleLog(mapInstalled + ''); }) .fail(jsonErrhandler); return resp; } -function readOsmCatalog(checkbox){ +function readMapCatalog(checkbox){ checkbox = checkbox || true; console.log ("in readOsmCalalog"); regionList = []; @@ -56,11 +56,11 @@ function readOsmCatalog(checkbox){ }) .done(function( data ) { regionJson = data; - osmCatalog = regionJson['regions']; - for(var key in osmCatalog){ - //console.log(key + ' ' + osmCatalog[key]['title']); - osmCatalog[key]['name'] = key; - regionList.push(osmCatalog[key]); + mapCatalog = regionJson['regions']; + for(var key in mapCatalog){ + //console.log(key + ' ' + mapCatalog[key]['title']); + mapCatalog[key]['name'] = key; + regionList.push(mapCatalog[key]); } }) .fail(jsonErrhandler); @@ -120,13 +120,13 @@ function genRegionItem(region,checkbox) { function instOsmItem(name) { var command = "INST-OSM-VECT-SET"; var cmd_args = {}; - cmd_args['osm_vect_id'] = name; + cmd_args['map_vect_id'] = name; cmd = command + " " + JSON.stringify(cmd_args); sendCmdSrvCmd(cmd, genericCmdHandler); - osmDownloading.push(name); - if ( osmWip.indexOf(name) != -1 ) - osmWip.push(osmCatalog[name]); - console.log('osmWip: ' + osmWip); + mapDownloading.push(name); + if ( mapWip.indexOf(name) != -1 ) + mapWip.push(mapCatalog[name]); + console.log('mapWip: ' + mapWip); return true; } @@ -161,19 +161,19 @@ function updateOsmSpace(cb){ } function updateOsmSpaceUtil(region, checked){ - var size = parseInt(osmCatalog[region].size); + var size = parseInt(mapCatalog[region].size); var modIdx = selectedOsmItems.indexOf(region); if (checked){ if (regionInstalled.indexOf(region) == -1){ // only update if not already installed mods - sysStorage.osm_selected_size += size; + sysStorage.map_selected_size += size; selectedOsmItems.push(region); } } else { if (modIdx != -1){ - sysStorage.osm_selected_size -= size; + sysStorage.map_selected_size -= size; selectedOsmItems.splice(modIdx, 1); } } @@ -188,29 +188,29 @@ function totalSpace(){ $( ".extract" ).each(function(ind,elem){ var data = JSON.parse($(this).attr('data-region')); var region = data.name; - var size = parseInt(osmCatalog[region]['size']); + var size = parseInt(mapCatalog[region]['size']); var chk = $( this ).find(':checkbox').prop("checked") == true; if (chk && typeof size !== 'undefined') sum += size; }); var ksize = sum / 1000; - $( "#osmDiskSpace" ).html(readableSize(ksize)); + $( "#mapDiskSpace" ).html(readableSize(ksize)); } $( '#instOsmRegion').on('click', function(evnt){ - readOsmCatalog(); - osm.render(); + readMapCatalog(); + map.render(); }); */ function renderOsm(){ console.log('in renderOsm'); - window.map.setTarget($("#osm-container")[0]); + window.map.setTarget($("#map-container")[0]); window.map.render(); renderRegionList(true); } function initOsm(){ var dummy = 0; - sysStorage.osm_selected_size = 0; - $.when(readOsmCatalog(true)).then(renderRegionList); + sysStorage.map_selected_size = 0; + $.when(readMapCatalog(true)).then(renderRegionList); } diff --git a/roles/vector-maps/templates/index.html b/roles/vector-maps/templates/index.html index 45573d3de..3e6123818 100644 --- a/roles/vector-maps/templates/index.html +++ b/roles/vector-maps/templates/index.html @@ -46,10 +46,10 @@ return (bytes / Math.pow(1024, e)).toFixed(2) + " " + s[e]; } - + From 0a115233d2dcd7d07179f967fdc3bf54ef36e635 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 5 May 2019 21:54:08 -0700 Subject: [PATCH 018/143] vector_map_path in ii --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 576945d9c..e610ce4f2 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -354,7 +354,7 @@ mongodb_port: 27018 # Regional OSM vector maps use much less disk space than bitmap/raster versions vector_maps_install: True vector_maps_enabled: True -vector_map_path: '{{ content_base }}/www/vector-map' +vector_map_path: '{{ content_base }}/www/vector-maps' # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 From ba071002200648841d07a63f87734b287558bad9 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Mon, 6 May 2019 07:23:16 -0700 Subject: [PATCH 019/143] ->osm-vector-maps --- roles/4-server-options/tasks/main.yml | 4 ++-- roles/vector-maps/defaults/main.yml | 6 ++--- roles/vector-maps/files/map_functions.js | 4 ++-- roles/vector-maps/files/test-index.redirect | 2 +- roles/vector-maps/tasks/main.yml | 24 ++++++++++---------- roles/vector-maps/templates/iiab-update-map | 4 ++-- roles/vector-maps/templates/index.html | 4 ++-- roles/vector-maps/templates/vector-maps.conf | 2 +- vars/default_vars.yml | 6 ++--- vars/local_vars_big.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_min.yml | 4 ++-- 12 files changed, 34 insertions(+), 34 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8da054002..8974085e3 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -15,8 +15,8 @@ - name: Installing vector map test page include_role: - name: vector-maps - when: vector_maps_install + name: osm-vector-maps + when: osm_vector_maps_install tags: base, map - name: Installing captive portal diff --git a/roles/vector-maps/defaults/main.yml b/roles/vector-maps/defaults/main.yml index 9679a6337..07882b688 100644 --- a/roles/vector-maps/defaults/main.yml +++ b/roles/vector-maps/defaults/main.yml @@ -1,6 +1,6 @@ -vector_maps_install: True -vector_maps_enabled: True -vector_map_path: '{{ content_base }}/www/vector-maps' +osm_vector_maps_install: True +osm_vector_maps_enabled: True +vector_map_path: '{{ content_base }}/www/osm-vector-maps' # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/vector-maps/files/map_functions.js b/roles/vector-maps/files/map_functions.js index 956ca01ac..23ab66746 100644 --- a/roles/vector-maps/files/map_functions.js +++ b/roles/vector-maps/files/map_functions.js @@ -7,7 +7,7 @@ var regionGeojson = {}; var regionList = []; var regionInstalled = []; var commonAssetsDir = '/common/assets/'; -var mapAssetsDir = '/vector-maps/maplist/assets/'; +var mapAssetsDir = '/osm-vector-maps/maplist/assets/'; var iiab_config_dir = '/etc/iiab/'; var onChangeFunc = "setSize"; var mapCatalog = {}; @@ -27,7 +27,7 @@ function readOsmIdx(){ //consoleLog ("in readOsmIdx"); var resp = $.ajax({ type: 'GET', - url: consoleJsonDir + 'vector-maps-idx.json', + url: consoleJsonDir + 'osm-vector-maps-idx.json', dataType: 'json' }) .done(function( data ) { diff --git a/roles/vector-maps/files/test-index.redirect b/roles/vector-maps/files/test-index.redirect index 3d86d5480..9ad3694cc 100644 --- a/roles/vector-maps/files/test-index.redirect +++ b/roles/vector-maps/files/test-index.redirect @@ -1,4 +1,4 @@ - + diff --git a/roles/vector-maps/tasks/main.yml b/roles/vector-maps/tasks/main.yml index 7cc56e962..ca3cd9276 100644 --- a/roles/vector-maps/tasks/main.yml +++ b/roles/vector-maps/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Make sure the vector-maps directory exists +- name: Make sure the osm-vector-maps directory exists file: path: '{{ vector_map_path }}/maplist/assets' state: directory @@ -45,7 +45,7 @@ dest: /usr/bin/iiab-update-map mode: "0755" -- name: Run the script that does vector-maps housekeeping +- name: Run the script that does osm-vector-maps housekeeping shell: /usr/bin/iiab-update-map - name: Copy the Countries geojson to assets @@ -59,23 +59,23 @@ src: map_functions.js dest: '{{ vector_map_path }}/maplist/assets' -- name: Install /etc/{{ apache_config_dir }}/vector-maps.conf from template +- name: Install /etc/{{ apache_config_dir }}/osm-vector-maps.conf from template template: - src: vector-maps.conf - dest: "/etc/{{ apache_config_dir }}/vector-maps.conf" + src: osm-vector-maps.conf + dest: "/etc/{{ apache_config_dir }}/osm-vector-maps.conf" -- name: Create symlink vector-maps.conf from sites-enabled to sites-available (debuntu, not nec for redhat) +- name: Create symlink osm-vector-maps.conf from sites-enabled to sites-available (debuntu, not nec for redhat) file: - src: /etc/apache2/sites-available/vector-maps.conf - path: /etc/apache2/sites-enabled/vector-maps.conf + src: /etc/apache2/sites-available/osm-vector-maps.conf + path: /etc/apache2/sites-enabled/osm-vector-maps.conf state: link - when: vector_maps_enabled and is_debuntu + when: osm_vector_maps_enabled and is_debuntu -- name: Remove symlink /etc/apache2/sites-enabled/vector-maps.conf (debuntu) +- name: Remove symlink /etc/apache2/sites-enabled/osm-vector-maps.conf (debuntu) file: - path: /etc/apache2/sites-enabled/vector-maps.conf + path: /etc/apache2/sites-enabled/osm-vector-maps.conf state: absent - when: not vector_maps_enabled and is_debuntu + when: not osm_vector_maps_enabled and is_debuntu - name: Copy the redirect to the test page -- delete this if more than one map copy: diff --git a/roles/vector-maps/templates/iiab-update-map b/roles/vector-maps/templates/iiab-update-map index bebb8d81a..23a5869c3 100755 --- a/roles/vector-maps/templates/iiab-update-map +++ b/roles/vector-maps/templates/iiab-update-map @@ -1,5 +1,5 @@ #!/usr/bin/env python -# Scan the vector-maps directory, update the vector-maps-idx.json, add menu-defs +# Scan the osm-vector-maps directory, update the osm-vector-maps-idx.json, add menu-defs from geojson import Feature, Point, FeatureCollection, Polygon import geojson @@ -27,7 +27,7 @@ doc_root = get_iiab_env('WWWROOT') menuDefs = doc_root + "/js-menu/menu-files/menu-defs/" vector_map_idx_dir = doc_root + "/common/assets" #map_doc_root = '{{ vector_map_path }}' -map_doc_root = '/library/www/vector-maps' +map_doc_root = '/library/www/osm-vector-maps' # map_catalog will be global, assumed always available map_catalog = {} map_menu_def_list = [] diff --git a/roles/vector-maps/templates/index.html b/roles/vector-maps/templates/index.html index 3e6123818..62615ae84 100644 --- a/roles/vector-maps/templates/index.html +++ b/roles/vector-maps/templates/index.html @@ -46,12 +46,12 @@ return (bytes / Math.pow(1024, e)).toFixed(2) + " " + s[e]; } - + - + diff --git a/roles/vector-maps/templates/vector-maps.conf b/roles/vector-maps/templates/vector-maps.conf index dd3d32050..765de9874 100644 --- a/roles/vector-maps/templates/vector-maps.conf +++ b/roles/vector-maps/templates/vector-maps.conf @@ -1,6 +1,6 @@ # For downloadable regional vector tilesets Alias /maps {{ vector_map_path }} -Alias /vector-maps {{ vector_map_path }} +Alias /osm-vector-maps {{ vector_map_path }} Options Indexes FollowSymLinks AllowOverride All diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e610ce4f2..fe5c32155 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -352,9 +352,9 @@ mongodb_enabled: False mongodb_port: 27018 # Regional OSM vector maps use much less disk space than bitmap/raster versions -vector_maps_install: True -vector_maps_enabled: True -vector_map_path: '{{ content_base }}/www/vector-maps' +osm_vector_maps_install: True +osm_vector_maps_enabled: True +vector_map_path: '{{ content_base }}/www/osm-vector-maps' # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index a4db50618..016feb675 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -230,8 +230,8 @@ moodle_enabled: True # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -vector_maps_install: True -vector_maps_enabled: True +osm_vector_maps_install: True +osm_vector_maps_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a36c7db6e..42ce9030d 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -230,8 +230,8 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -vector_maps_install: True -vector_maps_enabled: True +osm_vector_maps_install: True +osm_vector_maps_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 548d7adc9..66384a974 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -230,8 +230,8 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # Regional OSM vector maps use much less disk space than bitmap/raster versions -vector_maps_install: True -vector_maps_enabled: True +osm_vector_maps_install: True +osm_vector_maps_enabled: True # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957 From 612032da31991e28a3015004f83e45049546f79a Mon Sep 17 00:00:00 2001 From: George Hunt Date: Mon, 6 May 2019 07:29:44 -0700 Subject: [PATCH 020/143] change directory name --- roles/{vector-maps => osm-vector-maps}/defaults/main.yml | 0 roles/{vector-maps => osm-vector-maps}/files/countries.json | 0 roles/{vector-maps => osm-vector-maps}/files/en-map_test.json | 0 roles/{vector-maps => osm-vector-maps}/files/map_functions.js | 0 roles/{vector-maps => osm-vector-maps}/files/test-index.redirect | 0 roles/{vector-maps => osm-vector-maps}/tasks/main.yml | 0 roles/{vector-maps => osm-vector-maps}/templates/iiab-update-map | 0 roles/{vector-maps => osm-vector-maps}/templates/index.html | 0 roles/{vector-maps => osm-vector-maps}/templates/main.js | 0 roles/{vector-maps => osm-vector-maps}/templates/vector-maps.conf | 0 10 files changed, 0 insertions(+), 0 deletions(-) rename roles/{vector-maps => osm-vector-maps}/defaults/main.yml (100%) rename roles/{vector-maps => osm-vector-maps}/files/countries.json (100%) rename roles/{vector-maps => osm-vector-maps}/files/en-map_test.json (100%) rename roles/{vector-maps => osm-vector-maps}/files/map_functions.js (100%) rename roles/{vector-maps => osm-vector-maps}/files/test-index.redirect (100%) rename roles/{vector-maps => osm-vector-maps}/tasks/main.yml (100%) rename roles/{vector-maps => osm-vector-maps}/templates/iiab-update-map (100%) rename roles/{vector-maps => osm-vector-maps}/templates/index.html (100%) rename roles/{vector-maps => osm-vector-maps}/templates/main.js (100%) rename roles/{vector-maps => osm-vector-maps}/templates/vector-maps.conf (100%) diff --git a/roles/vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml similarity index 100% rename from roles/vector-maps/defaults/main.yml rename to roles/osm-vector-maps/defaults/main.yml diff --git a/roles/vector-maps/files/countries.json b/roles/osm-vector-maps/files/countries.json similarity index 100% rename from roles/vector-maps/files/countries.json rename to roles/osm-vector-maps/files/countries.json diff --git a/roles/vector-maps/files/en-map_test.json b/roles/osm-vector-maps/files/en-map_test.json similarity index 100% rename from roles/vector-maps/files/en-map_test.json rename to roles/osm-vector-maps/files/en-map_test.json diff --git a/roles/vector-maps/files/map_functions.js b/roles/osm-vector-maps/files/map_functions.js similarity index 100% rename from roles/vector-maps/files/map_functions.js rename to roles/osm-vector-maps/files/map_functions.js diff --git a/roles/vector-maps/files/test-index.redirect b/roles/osm-vector-maps/files/test-index.redirect similarity index 100% rename from roles/vector-maps/files/test-index.redirect rename to roles/osm-vector-maps/files/test-index.redirect diff --git a/roles/vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml similarity index 100% rename from roles/vector-maps/tasks/main.yml rename to roles/osm-vector-maps/tasks/main.yml diff --git a/roles/vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map similarity index 100% rename from roles/vector-maps/templates/iiab-update-map rename to roles/osm-vector-maps/templates/iiab-update-map diff --git a/roles/vector-maps/templates/index.html b/roles/osm-vector-maps/templates/index.html similarity index 100% rename from roles/vector-maps/templates/index.html rename to roles/osm-vector-maps/templates/index.html diff --git a/roles/vector-maps/templates/main.js b/roles/osm-vector-maps/templates/main.js similarity index 100% rename from roles/vector-maps/templates/main.js rename to roles/osm-vector-maps/templates/main.js diff --git a/roles/vector-maps/templates/vector-maps.conf b/roles/osm-vector-maps/templates/vector-maps.conf similarity index 100% rename from roles/vector-maps/templates/vector-maps.conf rename to roles/osm-vector-maps/templates/vector-maps.conf From 84220ddbb717aa1f10a64b1a40c025f2d03ec99d Mon Sep 17 00:00:00 2001 From: George Hunt Date: Mon, 6 May 2019 07:32:09 -0700 Subject: [PATCH 021/143] apache conf file --- .../templates/{vector-maps.conf => osm-vector-maps.conf} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/osm-vector-maps/templates/{vector-maps.conf => osm-vector-maps.conf} (100%) diff --git a/roles/osm-vector-maps/templates/vector-maps.conf b/roles/osm-vector-maps/templates/osm-vector-maps.conf similarity index 100% rename from roles/osm-vector-maps/templates/vector-maps.conf rename to roles/osm-vector-maps/templates/osm-vector-maps.conf From c90da038daab8a377580e8784cddae0e9b2b1761 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Mon, 6 May 2019 12:22:57 -0700 Subject: [PATCH 022/143] buster patch in local_facts --- scripts/local_facts.fact | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 40d6bec1d..ce3dcce09 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -14,7 +14,12 @@ OS=${OS//\"/} VERSION_ID=`grep VERSION_ID /etc/*elease | cut -d= -f2` VERSION_ID=${VERSION_ID//\"/} VERSION_ID=${VERSION_ID%%.*} -OS_VER=$OS-$VERSION_ID +grep PRETTY_NAME /etc/*ease|grep buster +if [ $? -eq 0 ];then + OS_VER=debian-10 +else + OS_VER=$OS-$VERSION_ID +fi DHCPCD_PATH=`which dhcpcd` NM_PATH=`which NetworkManager` From 478d291320cb75af904caecbfb5e44734d865816 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Mon, 6 May 2019 14:08:20 -0700 Subject: [PATCH 023/143] enable internetarchive --- vars/local_vars_min.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 548d7adc9..51603b9f0 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -346,3 +346,5 @@ minetest_enabled: False # Unmaintained # xovis_install: False # xovis_enabled: False +internetarchive_install: True +internetarchive_enabled: True From e261f48d9a3e5be6ecb66bc2278152932a47a127 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Tue, 7 May 2019 20:38:49 -0700 Subject: [PATCH 024/143] remove testing code --- scripts/local_facts.fact | 7 +------ vars/local_vars_min.yml | 2 -- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index ce3dcce09..40d6bec1d 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -14,12 +14,7 @@ OS=${OS//\"/} VERSION_ID=`grep VERSION_ID /etc/*elease | cut -d= -f2` VERSION_ID=${VERSION_ID//\"/} VERSION_ID=${VERSION_ID%%.*} -grep PRETTY_NAME /etc/*ease|grep buster -if [ $? -eq 0 ];then - OS_VER=debian-10 -else - OS_VER=$OS-$VERSION_ID -fi +OS_VER=$OS-$VERSION_ID DHCPCD_PATH=`which dhcpcd` NM_PATH=`which NetworkManager` diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 9bcaf333f..66384a974 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -346,5 +346,3 @@ minetest_enabled: False # Unmaintained # xovis_install: False # xovis_enabled: False -internetarchive_install: True -internetarchive_enabled: True From bf9e96c8cf08cfe51e6013e3b222804af5e115ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 8 May 2019 02:12:18 -0400 Subject: [PATCH 025/143] Lokole 0.1.41 -> 0.1.39 due to #1638 upstream regression --- roles/lokole/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 0fdda9872..bc8a1ca9c 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Info needed to install Lokole -lokole_version: 0.1.41 +lokole_version: 0.1.39 lokole_admin_user: admin # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!) lokole_admin_password: changeme lokole_install_path: "{{ content_base }}/lokole" # /library/lokole From 1392dddcf005b5af43685779d1ad0ea1e0d0445e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 00:43:47 -0400 Subject: [PATCH 026/143] cleanup of roles/openvpn/defaults/main.yml --- roles/openvpn/defaults/main.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index e29db28d8..86f83ba74 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -1,12 +1,15 @@ -openvpn_install: True -openvpn_enable: False +# openvpn_install: True +# openvpn_enable: False # For /etc/iiab/openvpn_handle -openvpn_handle: "" +# openvpn_handle: "" # cron seems necessary on CentOS: -openvpn_cron_enabled: False +# openvpn_cron_enabled: False -openvpn_server: xscenet.net -openvpn_server_virtual_ip: 10.8.0.1 -openvpn_server_port: 1194 +# openvpn_server: xscenet.net +# openvpn_server_virtual_ip: 10.8.0.1 +# openvpn_server_port: 1194 + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From d55659e72d76d025cc05e3fd004ebc651c660ca2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 00:47:02 -0400 Subject: [PATCH 027/143] longstanding typo: openvpn_enable -> openvpn_enabled --- roles/openvpn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/defaults/main.yml b/roles/openvpn/defaults/main.yml index 86f83ba74..adc23ec2b 100644 --- a/roles/openvpn/defaults/main.yml +++ b/roles/openvpn/defaults/main.yml @@ -1,5 +1,5 @@ # openvpn_install: True -# openvpn_enable: False +# openvpn_enabled: False # For /etc/iiab/openvpn_handle # openvpn_handle: "" From 046e649ec54e7c4d802aa3b8e3104af9be2b1ee2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 12:15:00 -0400 Subject: [PATCH 028/143] Update main.yml --- roles/osm-vector-maps/defaults/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 07882b688..ae344b1f0 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -1,8 +1,8 @@ -osm_vector_maps_install: True -osm_vector_maps_enabled: True -vector_map_path: '{{ content_base }}/www/osm-vector-maps' +# osm_vector_maps_install: True +# osm_vector_maps_enabled: True + +# vector_map_path: '{{ content_base }}/www/osm-vector-maps' +# iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! - -iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden From 5489fd238d84c26cad6d3d6fb3db2d9d04402164 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 12:16:21 -0400 Subject: [PATCH 029/143] Update main.yml --- roles/osm-vector-maps/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index ae344b1f0..35d70c5c3 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -1,7 +1,7 @@ # osm_vector_maps_install: True # osm_vector_maps_enabled: True -# vector_map_path: '{{ content_base }}/www/osm-vector-maps' +# vector_map_path: "{{ content_base }}/www/osm-vector-maps" # iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml From caa5322dcac78e5d5b7404491db19ff7db434cec Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 12:16:37 -0400 Subject: [PATCH 030/143] Update default_vars.yml --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index b73d0b9a8..688b13dcb 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -15,7 +15,6 @@ pip_packages_dir: "{{ iiab_base }}/pip-packages" yum_packages_dir: "{{ iiab_base }}/yum-packages" downloads_dir: "{{ iiab_base }}/downloads" iiab_download_url: http://download.iiab.io/packages -iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden content_base: "/library" doc_base: "{{ content_base }}/www" @@ -354,7 +353,8 @@ mongodb_port: 27018 # Regional OSM vector maps use much less disk space than bitmap/raster versions osm_vector_maps_install: True osm_vector_maps_enabled: True -vector_map_path: '{{ content_base }}/www/osm-vector-maps' +vector_map_path: "{{ content_base }}/www/osm-vector-maps" +iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 From 25fa8a8ce9aafe61ad2a3ada0b1de6e54bbf1547 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 12:17:37 -0400 Subject: [PATCH 031/143] Update main.yml --- roles/osm-vector-maps/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 35d70c5c3..71404b928 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -1,8 +1,8 @@ # osm_vector_maps_install: True # osm_vector_maps_enabled: True -# vector_map_path: "{{ content_base }}/www/osm-vector-maps" # iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden +# vector_map_path: "{{ content_base }}/www/osm-vector-maps" # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 6cd82481bdc892704fac779723fa019ffadc8fe7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 12:18:22 -0400 Subject: [PATCH 032/143] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 688b13dcb..a9edac146 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -353,8 +353,8 @@ mongodb_port: 27018 # Regional OSM vector maps use much less disk space than bitmap/raster versions osm_vector_maps_install: True osm_vector_maps_enabled: True -vector_map_path: "{{ content_base }}/www/osm-vector-maps" iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden +vector_map_path: "{{ content_base }}/www/osm-vector-maps" # roles/sugarizer/meta/main.yml auto-invokes 2 above prereqs: mongodb & nodejs # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879 From c2b324fc5de6048397c2aad6778c36918a4feef8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 13:09:34 -0400 Subject: [PATCH 033/143] Comment map_fuctions.js -> map_functions.js thanks to @floydianslips --- roles/osm-vector-maps/files/map_functions.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/files/map_functions.js b/roles/osm-vector-maps/files/map_functions.js index 23ab66746..1de34793d 100644 --- a/roles/osm-vector-maps/files/map_functions.js +++ b/roles/osm-vector-maps/files/map_functions.js @@ -1,6 +1,6 @@ // map_functions.js -- (non authoritative see below) src = iiab/roles/files/ // copyright 2019 George Hunt -// CAUTION -- this file is duplicate to admin-console/console/files/js/map_fuctions.js -- please think of admin-console as authoritative +// CAUTION -- this file is duplicate to admin-console/console/files/js/map_functions.js -- please think of admin-console as authoritative // Placed here in duplicate to ease debugging, and simplify dependences var regionGeojson = {}; From 67a947769300fd3e29f81b82d01c943dbeb0bd7c Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Thu, 9 May 2019 15:09:40 -0400 Subject: [PATCH 034/143] add download and working dirs for maps --- roles/2-common/tasks/fl.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml index 157c2b5a9..a0c1d9554 100644 --- a/roles/2-common/tasks/fl.yml +++ b/roles/2-common/tasks/fl.yml @@ -14,8 +14,10 @@ - "{{ downloads_dir }}" - /library/downloads/zims - /library/downloads/rachel + - /library/downloads/maps - /library/working/zims - /library/working/rachel + - /library/working/maps - "{{ iiab_zim_path }}/content" - "{{ iiab_zim_path }}/index" - "{{ doc_root }}/local_content" From 9912711ec11019e62005d40a14d1a39fd8585792 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 17:57:44 -0400 Subject: [PATCH 035/143] ./install-support now prompts for openvpn_handle --- install-support | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/install-support b/install-support index 24785214a..dea25ddfb 100755 --- a/install-support +++ b/install-support @@ -12,7 +12,16 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml -sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" /etc/iiab/local_vars.yml +echo -en "\nWhat OpenVPN machine name do you want? " +read ans < /dev/tty +if [ "$ans" != "" ]; then + sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml + echo -e "\nYour machine's openvpn_handle will now be set... \n" +else + echo -e "\nWARNING: your machine's openvpn_handle will remain unchanged...\n" +fi + +sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml +sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local From 8635dbee7b1a268aa2e328023250d9320ac91b96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 17:59:04 -0400 Subject: [PATCH 036/143] speed up ./install-support to install OpenVPN alone --- iiab-support.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/iiab-support.yml b/iiab-support.yml index 170d0cf24..15f2500bb 100644 --- a/iiab-support.yml +++ b/iiab-support.yml @@ -1,4 +1,3 @@ ---- - hosts: all become: yes @@ -10,5 +9,5 @@ roles: - { role: 0-init, tags: ['0-init'] } #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] } - - { role: 1-prep, tags: ['1-prep'] } - #- { role: openvpn, tags: ['openvpn'] } # no longer nec, as 1-prep calls role openvpn (2018-09-19) + #- { role: 1-prep, tags: ['1-prep'] } + - { role: openvpn, tags: ['openvpn'] } From 397c71c698225801b6a48e264bd5bf07a022201e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 18:43:39 -0400 Subject: [PATCH 037/143] /usr/bin/iiab-handle is deprecated, but tightened up just in case --- roles/openvpn/templates/iiab-handle.j2 | 45 ++++++++++++++++++++------ 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index 7eb842b45..43543f08f 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -1,20 +1,45 @@ #!/bin/bash -# DEPRECATED interactive script (over)writes /etc/iiab/openvpn_handle file, identifying client to server -echo -e '\nCORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' -echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' -echo -e "Or, for a temporary solution until the next time Ansible is run," -read -p "what OpenVPN handle do you want to use? " ans +echo -e '\n\nDEPRECATED:\n' + +echo -e 'This interactive script TEMPORARILY (over)writes /etc/iiab/openvpn_handle' +echo -e 'to identifying client to server, until the next time Ansible runs.\n\n' + + +echo -e 'PLEASE USE THIS NEW METHOD INSTEAD:\n' + +echo -e 'cd /opt/iiab/iiab' +echo -e 'sudo ./install-support\n\n' + + +#echo -e 'CORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' +#echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' + +echo -e 'PLEASE NOW TYPE CTRL-C TO QUIT. Or, if you really want it temporary until the' +read -p 'next time Ansible is run, what OpenVPN handle do you want? ' ans echo -if [ "$ans" == "" ]; then - if [ -f /etc/iiab/openvpn_handle ]; then - rm -f /etc/iiab/openvpn_handle - fi -else + +if [ "$ans" != "" ]; then echo $ans > /etc/iiab/openvpn_handle + echo -e "\nYour machine's openvpn_handle is TEMPORARILY now set... \n" +else + echo -e "\nWARNING: your machine's openvpn_handle remains unchanged...\n" fi + +echo -e "Restarting OpenVPN daemon...\n\n" + +# 2019-05-09: removing /etc/iiab/openvpn_handle (or setting it to "") are both very bad practices +#if [ "$ans" == "" ]; then +# if [ -f /etc/iiab/openvpn_handle ]; then +# rm -f /etc/iiab/openvpn_handle +# fi +#else +# echo $ans > /etc/iiab/openvpn_handle +#fi + + {{ systemctl_program }} restart openvpn@xscenet # This would also work: (but would bounce all VPN connections, if others exist, causing unnec disruption if so) #{{ systemctl_program }} restart openvpn From 93b19d677a17980f1a02bf284d16d9895629e853 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 19:12:30 -0400 Subject: [PATCH 038/143] Friendlier UX, now also output your openvpn_handle & tun0 IP address --- install-support | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/install-support b/install-support index dea25ddfb..1320c25ad 100755 --- a/install-support +++ b/install-support @@ -12,16 +12,22 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -echo -en "\nWhat OpenVPN machine name do you want? " +echo -en "\n\nWhat OpenVPN machine name (openvpn_handle) do you want? " read ans < /dev/tty if [ "$ans" != "" ]; then sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml - echo -e "\nYour machine's openvpn_handle will now be set... \n" + echo -e "\nYour machine's openvpn_handle is now set, in /etc/iiab/local_vars.yml\n" else - echo -e "\nWARNING: your machine's openvpn_handle will remain unchanged...\n" + echo -e "\nWARNING: openvpn_handle remains unchanged in /etc/iiab/local_vars.yml\n" fi sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml +echo -e "Now let's (re)install and activate OpenVPN...\n" + ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local + +echo -en "\nYour OpenVPN handle is....... " +cat /etc/iiab/openvpn_handle +echo -e "\nYour OpenVPN IP address is... $(ip a | grep tun0$ | awk '{print $2}')\n\n" From 1bf6c82b3beacc30d048c9eea9314a36c4c31e36 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 19:49:14 -0400 Subject: [PATCH 039/143] Clarify user output string: activate -> (re)start --- install-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-support b/install-support index 1320c25ad..2df198cb1 100755 --- a/install-support +++ b/install-support @@ -24,7 +24,7 @@ fi sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml -echo -e "Now let's (re)install and activate OpenVPN...\n" +echo -e "Now let's (re)install and (re)start OpenVPN...\n" ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local From 9566f444d5c5662e64997341e1be7236dae4496b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 9 May 2019 20:16:14 -0400 Subject: [PATCH 040/143] Clarify user output verbiage --- roles/openvpn/templates/iiab-handle.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index 43543f08f..d3a29e91b 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -4,7 +4,7 @@ echo -e '\n\nDEPRECATED:\n' echo -e 'This interactive script TEMPORARILY (over)writes /etc/iiab/openvpn_handle' -echo -e 'to identifying client to server, until the next time Ansible runs.\n\n' +echo -e 'to identify IIAB to the upstream OpenVPN server, until Ansible next runs.\n\n' echo -e 'PLEASE USE THIS NEW METHOD INSTEAD:\n' From 69473690235b74e81436c3cc262812350427e813 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Sat, 11 May 2019 10:21:31 -0400 Subject: [PATCH 041/143] name change --- roles/osm-vector-maps/templates/iiab-update-map | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 23a5869c3..8221ae56d 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -36,7 +36,7 @@ def main(): global map_menu_def_list get_map_catalog() #print(json.dumps(map_catalog,indent=2)) - + map_menu_def_list = get_menu_def_names() print(json.dumps(map_menu_def_list,indent=2)) @@ -76,7 +76,7 @@ def get_map_catalog(): #print(json.dumps(map_catalog,indent=2)) def get_menu_def_names(intended_use='map'): - menu_def_list =[] + menu_def_list =[] os.chdir(menuDefs) for filename in os.listdir('.'): if fnmatch.fnmatch(filename, '*.json'): @@ -107,7 +107,7 @@ def get_installed_regions(): return installed def write_vector_map_idx(installed_maps): - map_dict ={} + map_dict ={} idx_dict = {} for fname in installed_maps: region = extract_region_from_filename(fname) @@ -117,7 +117,7 @@ def write_vector_map_idx(installed_maps): # Create the idx file in format required bo js-menu system item = map_dict['perma_ref'] - idx_dict[item] = {} + idx_dict[item] = {} idx_dict[item]['file_name'] = os.path.basename(map_dict['url'][:-4]) idx_dict[item]['menu_item'] = map_dict['perma_ref'] idx_dict[item]['size'] = map_dict['size'] @@ -125,8 +125,8 @@ def write_vector_map_idx(installed_maps): idx_dict[item]['region'] = region idx_dict[item]['language'] = map_dict['perma_ref'][:2] - with open(vector_map_idx_dir + '/osm_version_idx.json','w') as idx: - idx.write(json.dumps(idx_dict,indent=2)) + with open(vector_map_idx_dir + 'vector-map-idx.json','w') as idx: + idx.write(json.dumps(idx_dict,indent=2)) def create_menu_def(region,default_name,intended_use='map'): item = map_catalog['regions'][region] @@ -183,7 +183,7 @@ def extract_region_from_filename(fname): nibble = fname.split('_')[0] nibble = substitutions.get(nibble,nibble) return(nibble) - + if __name__ == '__main__': if console_installed: main() From a055d756867400e35f45043fd511a44ecb879993 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Sat, 11 May 2019 10:30:02 -0400 Subject: [PATCH 042/143] missed the / --- roles/osm-vector-maps/templates/iiab-update-map | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 8221ae56d..62ad5b2a1 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -125,7 +125,7 @@ def write_vector_map_idx(installed_maps): idx_dict[item]['region'] = region idx_dict[item]['language'] = map_dict['perma_ref'][:2] - with open(vector_map_idx_dir + 'vector-map-idx.json','w') as idx: + with open(vector_map_idx_dir + '/vector-map-idx.json','w') as idx: idx.write(json.dumps(idx_dict,indent=2)) def create_menu_def(region,default_name,intended_use='map'): From c9e6c2103d2271855479b77ecde24bc8f8a78e62 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Sat, 11 May 2019 12:05:18 -0400 Subject: [PATCH 043/143] change auto generate reference --- roles/osm-vector-maps/templates/iiab-update-map | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 62ad5b2a1..07b1119db 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -8,6 +8,7 @@ import os import sys import fnmatch import re +from datetime import date IIAB_PATH='/etc/iiab' if not IIAB_PATH in sys.path: @@ -149,7 +150,9 @@ def create_menu_def(region,default_name,intended_use='map'): os.path.basename(item['url'])[:-4] menuDef["description"] = '

Resolution of the Whole World to 5 KM. OpenStreetMap data for ' + item.get('title','') + ' with details down to 5 Meters

' menuDef["extra_html"] = "" - menuDef["automatically_generated"] = "true" + #menuDef["automatically_generated"] = "true" + menuDef["change_ref"] = "generated" + menuDef["change_date"] = str(date.today()) if not os.path.isfile(menuDefs + default_name): # logic to here can still overwrite existing menu def print("creating %s"%menuDefs + default_name) with open(menuDefs + default_name,'w') as menufile: From 1bd4ac5fbac77619b71b991c55f0320facf57eb5 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Sat, 11 May 2019 13:01:03 -0400 Subject: [PATCH 044/143] don't write file to menu def --- roles/osm-vector-maps/templates/iiab-update-map | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 07b1119db..ffd7de2db 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -146,8 +146,8 @@ def create_menu_def(region,default_name,intended_use='map'): menuDef["menu_item_name"] = default_name menuDef["title"] = "OpenStreetMap: 18 Levels of Zoom for " + item.get('title','ERROR') + '' menuDef["map_name"] = item['perma_ref'] - menuDef["file_name"] = lang + '-osm-omt_' + region + '_' + \ - os.path.basename(item['url'])[:-4] + # the following is in the idx json + #menuDef["file_name"] = lang + '-osm-omt_' + region + '_' + os.path.basename(item['url'])[:-4] menuDef["description"] = '

Resolution of the Whole World to 5 KM. OpenStreetMap data for ' + item.get('title','') + ' with details down to 5 Meters

' menuDef["extra_html"] = "" #menuDef["automatically_generated"] = "true" From 37a4646e9031b0b9e3bc80731503a77d0853acae Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 15:10:25 -0400 Subject: [PATCH 045/143] OpenVPN warning+TIPS for those who use ./install-support --- install-support | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/install-support b/install-support index 2df198cb1..2c4d98875 100755 --- a/install-support +++ b/install-support @@ -26,8 +26,26 @@ sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.ym echo -e "Now let's (re)install and (re)start OpenVPN...\n" + ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local -echo -en "\nYour OpenVPN handle is....... " + +echo -en "\nYour OpenVPN machine name (openvpn_handle) is: " cat /etc/iiab/openvpn_handle -echo -e "\nYour OpenVPN IP address is... $(ip a | grep tun0$ | awk '{print $2}')\n\n" + +vpnip=$(ip a | grep tun0$ | awk '{print $2}') + +if [ "$vpnip" != "" ]; then + echo -e "\nYour OpenVPN IP address (which can change) is: $vpnip\n\n" +else + echo -e "\nWARNING: OpenVPN IP ADDRESS NOT FOUND!\n\n" +fi + + +echo -e "OpenVPN TIPS:\n" + +echo -e " 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'" +echo -e " 2. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" +echo -e " 3. Check your OpenVPN connection: run 'ping 10.8.0.1'" +echo -e " 4. Sometimes waiting a minute helps -- then retry steps 2 and 3" +echo -e " 5. If necessary, run 'systemctl restart openvpn@xscenet'\n\n" From d7ea019f5f0e6e550ffe27942d61610fcda9f5f6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 15:28:43 -0400 Subject: [PATCH 046/143] Mention alternatives like ngrok, serveo, remot3.it & TeamViewer --- install-support | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/install-support b/install-support index 2c4d98875..a80fc83a0 100755 --- a/install-support +++ b/install-support @@ -48,4 +48,7 @@ echo -e " 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.e echo -e " 2. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" echo -e " 3. Check your OpenVPN connection: run 'ping 10.8.0.1'" echo -e " 4. Sometimes waiting a minute helps -- then retry steps 2 and 3" -echo -e " 5. If necessary, run 'systemctl restart openvpn@xscenet'\n\n" +echo -e " 5. If necessary, run 'systemctl restart openvpn@xscenet'" +echo -e " 6. Read 'How can I remotely manage my Internet-in-a-Box?' at" +echo -e " http://FAQ.IIAB.IO to learn about alternatives like ngrok," +echo -e " serveo, remot3.it and TeamViewer\n\n" From 041bd2205634298affdb2da6421ecd2102c9cf35 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 22:22:00 -0400 Subject: [PATCH 047/143] /usr/bin/iiab-support = friendlier way to set up OpenVPN --- roles/openvpn/templates/iiab-support | 90 ++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 roles/openvpn/templates/iiab-support diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support new file mode 100644 index 000000000..a31691338 --- /dev/null +++ b/roles/openvpn/templates/iiab-support @@ -0,0 +1,90 @@ +#!/bin/bash + +handle1=$(grep "^openvpn_handle:.*" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//" | cut -d'"' -f2 | cut -d"'" -f2) +if [ -f /etc/iiab/openvpn_handle ]; then + handle2=$(cat /etc/iiab/openvpn_handle) +else + handle2= +fi +echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" +echo -e "/etc/iiab/openvpn_handle for openvpn daemon: $handle2\n" + +echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " +read ans < /dev/tty +if [ "$ans" != "" ]; then + if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then + sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml + else + echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml + fi + echo $ans > /etc/iiab/openvpn_handle + echo -e "\n\e[1mYour openvpn_handle was saved into both above files.\e[0m\n" +else + if [ "$handle1" != "$handle2" ]; then + echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" + echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n" + exit 1 + fi + echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n" +fi + +if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then + echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n" +else + echo -e "Please wait a few minutes as IIAB Stage 1 (1-prep) & OpenVPN are installed...\n" + if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then + sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml + else + echo "openvpn_install: True" >> /etc/iiab/local_vars.yml + fi + cd /opt/iiab/iiab + ./runrole 1-prep + echo +fi + +echo -e "Now let's (re)enable OpenVPN...\n" +if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then + sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml +else + echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml +fi +systemctl enable openvpn + +echo -e "\nNow let's restart OpenVPN..." +#systemctl start openvpn +systemctl restart openvpn + +echo -en "\n " +for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done +echo -en " OpenVPN TIPS " +for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done + +echo -e "\n\n 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'" +echo -e " 2. Check your OpenVPN connection: run 'ping 10.8.0.1'" +echo -e " 3. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" +echo -e " 4. If necessary, run 'systemctl restart openvpn' which will" +echo -e " effectively run 'systemctl restart openvpn@xscenet' for you." +echo -e " 5. Sometimes waiting a minute helps -- retry steps 2 and 3 to monitor." +echo -e " 6. Read 'How can I remotely manage my Internet-in-a-Box?' at" +echo -e " http://FAQ.IIAB.IO to learn about DIY remote support alternatives" +echo -e " like ngrok, serveo, remot3.it and TeamViewer.\n" + +echo -en " " +for i in {16..40} ; do echo -en "\e[48;5;${i}m \e[0m" ; done +echo -en " OpenVPN TIPS " +for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done + +echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs that (or more!)" + +sleep 15 + +echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m" +cat /etc/iiab/openvpn_handle +echo -en "\e[0m" + +vpnip=$(ip a | grep tun0$ | awk '{print $2}') +if [ "$vpnip" != "" ]; then + echo -e "\nYour OpenVPN IP address (which can change) is: \e[32m$vpnip\e[0m\n" +else + echo -e "\n \e[41m ERROR: OpenVPN IP address not ready - PLEASE TRY THE ABOVE TIPS \e[0m\n" +fi From 3dad45fd5a907c197bd3415eeddaa03add90d5fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 23:25:51 -0400 Subject: [PATCH 048/143] Update iiab-handle.j2 --- roles/openvpn/templates/iiab-handle.j2 | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2 index d3a29e91b..157d653e5 100755 --- a/roles/openvpn/templates/iiab-handle.j2 +++ b/roles/openvpn/templates/iiab-handle.j2 @@ -1,17 +1,9 @@ #!/bin/bash +echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n" -echo -e '\n\nDEPRECATED:\n' - -echo -e 'This interactive script TEMPORARILY (over)writes /etc/iiab/openvpn_handle' -echo -e 'to identify IIAB to the upstream OpenVPN server, until Ansible next runs.\n\n' - - -echo -e 'PLEASE USE THIS NEW METHOD INSTEAD:\n' - -echo -e 'cd /opt/iiab/iiab' -echo -e 'sudo ./install-support\n\n' - +echo -e 'This older script TEMPORARILY (over)writes /etc/iiab/openvpn_handle to' +echo -e 'identify IIAB to the upstream OpenVPN server, until Ansible next runs.\n' #echo -e 'CORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml' #echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n' @@ -20,7 +12,6 @@ echo -e 'PLEASE NOW TYPE CTRL-C TO QUIT. Or, if you really want it temporary un read -p 'next time Ansible is run, what OpenVPN handle do you want? ' ans echo - if [ "$ans" != "" ]; then echo $ans > /etc/iiab/openvpn_handle echo -e "\nYour machine's openvpn_handle is TEMPORARILY now set... \n" @@ -28,7 +19,7 @@ else echo -e "\nWARNING: your machine's openvpn_handle remains unchanged...\n" fi -echo -e "Restarting OpenVPN daemon...\n\n" +echo -e "Restarting OpenVPN daemon...\n" # 2019-05-09: removing /etc/iiab/openvpn_handle (or setting it to "") are both very bad practices #if [ "$ans" == "" ]; then @@ -39,7 +30,6 @@ echo -e "Restarting OpenVPN daemon...\n\n" # echo $ans > /etc/iiab/openvpn_handle #fi - {{ systemctl_program }} restart openvpn@xscenet # This would also work: (but would bounce all VPN connections, if others exist, causing unnec disruption if so) #{{ systemctl_program }} restart openvpn From a2125b78435cbdafcc66e0ceaea6b9cd04ba9fdb Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 11 May 2019 23:58:13 -0400 Subject: [PATCH 049/143] Encourage use of /usr/bin/iiab-support instead of ./install-support --- install-support | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/install-support b/install-support index a80fc83a0..7c45fa219 100755 --- a/install-support +++ b/install-support @@ -1,5 +1,13 @@ #!/bin/bash +echo -e "\n\n\e[41m DEPRECATED PLEASE RUN 'iiab-support' INSTEAD \e[0m\n\n" + +read -p "Continue? [y/N] " ans +if [ "$ans" != "y" ]; then + echo + exit +fi + PLAYBOOK="iiab-support.yml" INVENTORY="ansible_hosts" CWD=`pwd` @@ -12,43 +20,7 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -echo -en "\n\nWhat OpenVPN machine name (openvpn_handle) do you want? " -read ans < /dev/tty -if [ "$ans" != "" ]; then - sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml - echo -e "\nYour machine's openvpn_handle is now set, in /etc/iiab/local_vars.yml\n" -else - echo -e "\nWARNING: openvpn_handle remains unchanged in /etc/iiab/local_vars.yml\n" -fi - sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml -echo -e "Now let's (re)install and (re)start OpenVPN...\n" - - ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local - - -echo -en "\nYour OpenVPN machine name (openvpn_handle) is: " -cat /etc/iiab/openvpn_handle - -vpnip=$(ip a | grep tun0$ | awk '{print $2}') - -if [ "$vpnip" != "" ]; then - echo -e "\nYour OpenVPN IP address (which can change) is: $vpnip\n\n" -else - echo -e "\nWARNING: OpenVPN IP ADDRESS NOT FOUND!\n\n" -fi - - -echo -e "OpenVPN TIPS:\n" - -echo -e " 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'" -echo -e " 2. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" -echo -e " 3. Check your OpenVPN connection: run 'ping 10.8.0.1'" -echo -e " 4. Sometimes waiting a minute helps -- then retry steps 2 and 3" -echo -e " 5. If necessary, run 'systemctl restart openvpn@xscenet'" -echo -e " 6. Read 'How can I remotely manage my Internet-in-a-Box?' at" -echo -e " http://FAQ.IIAB.IO to learn about alternatives like ngrok," -echo -e " serveo, remot3.it and TeamViewer\n\n" From c58eef04b34ec0ed7d781f2830176d659fd7d572 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:01:16 -0400 Subject: [PATCH 050/143] openvpn_handle: "" -> openvpn_handle: --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a9edac146..1a1d150ca 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -165,7 +165,7 @@ sshd_enabled: True openvpn_install: True openvpn_enabled: False # For /etc/iiab/openvpn_handle -openvpn_handle: "" +openvpn_handle: # cron seems necessary on CentOS: openvpn_cron_enabled: False # General OpenVPN settings From c4791c37b7d89418d9ac5fb2d1174da3c45bea80 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:02:18 -0400 Subject: [PATCH 051/143] openvpn_handle: "" -> openvpn_handle: --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 66384a974..05f0b0ce6 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -88,7 +88,7 @@ js_menu_install: True openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +openvpn_handle: # The following seems necessary on CentOS: # openvpn_cron_enabled: True From b5c0ca470c9dc624e20e86bd63f6edb48a581d96 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:02:38 -0400 Subject: [PATCH 052/143] openvpn_handle: "" -> openvpn_handle: --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 42ce9030d..ee49de897 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -88,7 +88,7 @@ js_menu_install: True openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +openvpn_handle: # The following seems necessary on CentOS: # openvpn_cron_enabled: True From d49da390ee04d6b6c1da810759b647b2aa1ae946 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:02:56 -0400 Subject: [PATCH 053/143] openvpn_handle: "" -> openvpn_handle: --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 016feb675..844dfb909 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -88,7 +88,7 @@ js_menu_install: True openvpn_install: True openvpn_enabled: False # Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" +openvpn_handle: # The following seems necessary on CentOS: # openvpn_cron_enabled: True From e29fe7828f0ce11ef4b04d2dab4a6ff416f10769 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:13:15 -0400 Subject: [PATCH 054/143] Restore legacy mode (all of 1-prep) for deprecated command ./install-support --- iiab-support.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/iiab-support.yml b/iiab-support.yml index 15f2500bb..b7a9faf75 100644 --- a/iiab-support.yml +++ b/iiab-support.yml @@ -9,5 +9,6 @@ roles: - { role: 0-init, tags: ['0-init'] } #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] } - #- { role: 1-prep, tags: ['1-prep'] } - - { role: openvpn, tags: ['openvpn'] } + - { role: 1-prep, tags: ['1-prep'] } + #- { role: openvpn, tags: ['openvpn'] } # FASTER ALTERNATIVE THAN 1-prep (if 1-prep was already run!) + # BETTER YET, SEE: /usr/bin/iiab-support for a much friendlier UX, that only runs 1-prep when necessary. From dda10ca31201f11099659b3b7da182d6bdc6c6ea Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:29:15 -0400 Subject: [PATCH 055/143] Encourage use of /usr/bin/iiab-support --- roles/openvpn/templates/iiab-remote-on.j2 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/openvpn/templates/iiab-remote-on.j2 index 8771cb94f..d9702ef8e 100644 --- a/roles/openvpn/templates/iiab-remote-on.j2 +++ b/roles/openvpn/templates/iiab-remote-on.j2 @@ -3,11 +3,14 @@ # /usr/bin/iiab-remote-on should turn on multiple remote support services like # OpenVPN and others, for remote support, so they work even after reboot. -echo -e '\nWARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n' +echo -e "\n\n\e[44m CONSIDER RUNNING 'iiab-support' INSTEAD \e[0m\n\n" + +echo -e 'WARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n' echo -e '1) Set these variables in /etc/local/local_vars.yml' echo -e ' openvpn_install: True' -echo -e ' openvpn_enabled: True\n' +echo -e ' openvpn_enabled: True' +echo -e ' openvpn_handle: \n' echo -e '2) Run:' echo -e ' cd /opt/iiab/iiab' From 34539a64f7e23165a4ce8f9697c5c28b24614d07 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 00:37:43 -0400 Subject: [PATCH 056/143] Put /usr/bin/iiab-support & symlinks into place --- roles/openvpn/tasks/main.yml | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 6d6b51e6e..70e943bbe 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -72,9 +72,10 @@ - { src: 'announcer.j2', dest: '/etc/openvpn/scripts/announcer', mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/silence', mode: '0755' } - { src: 'xscenet.conf.j2', dest: '/etc/openvpn/xscenet.conf', mode: '0644' } + - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } + - { src: 'iiab-support', dest: '/usr/bin/iiab-support', mode: '0755' } - { src: 'iiab-remote-on.j2', dest: '/usr/bin/iiab-remote-on', mode: '0755' } - { src: 'iiab-remote-off', dest: '/usr/bin/iiab-remote-off', mode: '0755' } - - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' } # Comment out in future? Not recommended as of August 2018: - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } # Obsolete & unused for ~2 years as of August 2018: @@ -86,6 +87,18 @@ # Obsolete & unused for ~2 years as of August 2018: #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } +- name: Create iiab-support-on (symlink to iiab-support for now) + file: + src: /usr/bin/iiab-support + path: /usr/bin/iiab-support-on + state: link + +- name: Create iiab-support-off (symlink to iiab-remote-off for now) + file: + src: /usr/bin/iiab-remote-off + path: /usr/bin/iiab-support-off + state: link + - name: Create iiab-vpn-on (symlink to iiab-remote-on for now) file: src: /usr/bin/iiab-remote-on @@ -106,15 +119,14 @@ # dest: /usr/lib/iiab/up_wan # when: is_debuntu -# Comment out in future? Contained serious bug (15-openvpn called -# up-wan instead of up_wan in /usr/lib/iiab/ as of August 2018) so -# evidently unused for ~2 years: -- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet) - template: - src: 15-openvpn - dest: /etc/NetworkManager/dispatcher.d/ - #when: not is_debuntu # CONDITION APPEARS TOO BROAD - when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?) +# Contained serious bug (15-openvpn called up-wan instead of up_wan in +# /usr/lib/iiab/ as of August 2018) so evidently unused for ~2 years: +#- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet) +# template: +# src: 15-openvpn +# dest: /etc/NetworkManager/dispatcher.d/ +# #when: not is_debuntu # CONDITION APPEARS TOO BROAD +# when: False # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?) # Was obsolete/unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf) #- name: Check for manually configured OpenVPN tunnel From 59a4df170f5455594fb0fc7c133f156d4377fbab Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 01:06:53 -0400 Subject: [PATCH 057/143] 1-prep: tidying for Debian 10 Buster release (soon) --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index e518689c4..635112ac0 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -100,7 +100,7 @@ # https://wiki.debian.org/AppArmor/HowToUse # https://packages.debian.org/buster/apparmor # Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10 -# pre-releases, during @floydianslips' March 2019 testing anyway! +# pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387 - name: Disable AppArmor -- override OS default (ubuntu) service: name: apparmor From e36635322d1f36e2e44a94de11949fd44d707c21 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 01:11:47 -0400 Subject: [PATCH 058/143] iiab-support.yml -> install-support.yml --- install-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-support b/install-support index 7c45fa219..aad78fe93 100755 --- a/install-support +++ b/install-support @@ -8,7 +8,7 @@ if [ "$ans" != "y" ]; then exit fi -PLAYBOOK="iiab-support.yml" +PLAYBOOK="install-support.yml" INVENTORY="ansible_hosts" CWD=`pwd` From fdda1958238246ca873c4e19181b09ad776d6670 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 01:12:15 -0400 Subject: [PATCH 059/143] Rename iiab-support.yml to install-support.yml --- iiab-support.yml => install-support.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename iiab-support.yml => install-support.yml (100%) diff --git a/iiab-support.yml b/install-support.yml similarity index 100% rename from iiab-support.yml rename to install-support.yml From 320136cc69e467533bbc0e15f1cf4264d2ca9ff0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 02:55:44 -0400 Subject: [PATCH 060/143] /usr/bin/iiab-support: handle missing file /etc/iiab/openvpn_handle --- roles/openvpn/templates/iiab-support | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index a31691338..68763083f 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -1,24 +1,24 @@ #!/bin/bash -handle1=$(grep "^openvpn_handle:.*" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//" | cut -d'"' -f2 | cut -d"'" -f2) +handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//" | cut -d'"' -f2 | cut -d"'" -f2) +echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then handle2=$(cat /etc/iiab/openvpn_handle) + echo -e "/etc/iiab/openvpn_handle for openvpn daemon: $handle2\n" else - handle2= + echo -e "/etc/iiab/openvpn_handle for openvpn daemon: [FILE DOESN'T YET EXIST]\n" fi -echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" -echo -e "/etc/iiab/openvpn_handle for openvpn daemon: $handle2\n" echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty -if [ "$ans" != "" ]; then +if [ "$ans" != "" ] || [ ! -v handle2 ]; then if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml else echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml fi echo $ans > /etc/iiab/openvpn_handle - echo -e "\n\e[1mYour openvpn_handle was saved into both above files.\e[0m\n" + echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" else if [ "$handle1" != "$handle2" ]; then echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" From 52900ba3308f398af0f497582d1a2badbe71e683 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 04:05:57 -0400 Subject: [PATCH 061/143] Mandate existence of /etc/iiab/openvpn_handle --- roles/openvpn/templates/iiab-support | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 68763083f..61c7f1593 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -11,16 +11,18 @@ fi echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty -if [ "$ans" != "" ] || [ ! -v handle2 ]; then + +#if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then +if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # equivalent to above if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then - sed -i -e "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml + sed -i "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml else echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml fi echo $ans > /etc/iiab/openvpn_handle echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" else - if [ "$handle1" != "$handle2" ]; then + if [ "$handle1" != "$handle2" ]; then # sloppily (but conveniently here) bash treats "$handle2" as "" when var's not defined! echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n" exit 1 @@ -33,7 +35,7 @@ if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then else echo -e "Please wait a few minutes as IIAB Stage 1 (1-prep) & OpenVPN are installed...\n" if grep -q '^openvpn_install:' /etc/iiab/local_vars.yml; then - sed -i -e "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml + sed -i "s/^openvpn_install:.*/openvpn_install: True/" /etc/iiab/local_vars.yml else echo "openvpn_install: True" >> /etc/iiab/local_vars.yml fi @@ -44,7 +46,7 @@ fi echo -e "Now let's (re)enable OpenVPN...\n" if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then - sed -i -e "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml + sed -i "s/^openvpn_enabled:.*/openvpn_enabled: True/" /etc/iiab/local_vars.yml else echo "openvpn_enabled: True" >> /etc/iiab/local_vars.yml fi From 3afc93b5ae94a29df28ee4905d16346f74247852 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 06:00:46 -0400 Subject: [PATCH 062/143] bash speed matching the regex behavior of Ansible --- roles/openvpn/templates/iiab-support | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 61c7f1593..868f30ac6 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -1,6 +1,6 @@ #!/bin/bash -handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//" | cut -d'"' -f2 | cut -d"'" -f2) +handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed "s/^openvpn_handle:\s*\(['\"]\)\(.*\)\1\s*$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then handle2=$(cat /etc/iiab/openvpn_handle) @@ -11,6 +11,7 @@ fi echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty +ans=$(echo $ans | sed "s/^\s*\(['\"]\)\(.*\)\1\s*$/\2/") #if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # equivalent to above From b39ecacde29cbccb1df416d2a39d7bb961b622e8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 06:55:50 -0400 Subject: [PATCH 063/143] Properly emulate ./runrole openvpn + comment code --- roles/openvpn/templates/iiab-support | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 868f30ac6..037d08afb 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -1,5 +1,8 @@ #!/bin/bash +# openvpn_handle is stored in 2 files on disk, one slightly stripped down (from +# the other) due to Ansible. So we emulate Ansible's behavior, when reading from +# (and later writing to) disk, removing outer cruft as explained on Lines 28-30 handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed "s/^openvpn_handle:\s*\(['\"]\)\(.*\)\1\s*$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then @@ -11,23 +14,28 @@ fi echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty -ans=$(echo $ans | sed "s/^\s*\(['\"]\)\(.*\)\1\s*$/\2/") #if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then -if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # equivalent to above +# -v (below) checks if var's defined: equivalent to file existence test above +if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then if grep -q '^openvpn_handle:' /etc/iiab/local_vars.yml; then sed -i "s/^openvpn_handle:.*/openvpn_handle: $ans/" /etc/iiab/local_vars.yml else echo "openvpn_handle: $ans" >> /etc/iiab/local_vars.yml fi + + # BEHAVIOR JUST LIKE ANSIBLE'S: create /etc/iiab/openvpn_handle from the + # "^openvpn_handle:" line in /etc/iiab/local_vars.yml by (1) removing outer + # spacing IF NEC, then (2) removing 1 pair of matching outer quotes IF NEC. + ans=$(echo $ans | sed "s/^\s*\(['\"]\)\(.*\)\1\s*$/\2/") echo $ans > /etc/iiab/openvpn_handle echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" +elif [ "$handle1" != "$handle2" ]; then # Sloppily, but conveniently here, + # bash treats "$handle2" as "" when var undefined, catching all conflicts! + echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" + echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n" + exit 1 else - if [ "$handle1" != "$handle2" ]; then # sloppily (but conveniently here) bash treats "$handle2" as "" when var's not defined! - echo -e "\n\e[41mYou MUST specify an OpenVPN machine name (openvpn_handle) to resolve the above\e[0m" - echo -e "\e[41mnaming conflict. Please rerun to proceed.\e[0m\n" - exit 1 - fi echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n" fi From 53c3c0e3d110290cd4a88485e2a9937bacf63dd4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 07:29:58 -0400 Subject: [PATCH 064/143] Revert regex over-optimization --- roles/openvpn/templates/iiab-support | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 037d08afb..91715e599 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -3,7 +3,7 @@ # openvpn_handle is stored in 2 files on disk, one slightly stripped down (from # the other) due to Ansible. So we emulate Ansible's behavior, when reading from # (and later writing to) disk, removing outer cruft as explained on Lines 28-30 -handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed "s/^openvpn_handle:\s*\(['\"]\)\(.*\)\1\s*$/\2/") +handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then handle2=$(cat /etc/iiab/openvpn_handle) @@ -27,7 +27,7 @@ if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # BEHAVIOR JUST LIKE ANSIBLE'S: create /etc/iiab/openvpn_handle from the # "^openvpn_handle:" line in /etc/iiab/local_vars.yml by (1) removing outer # spacing IF NEC, then (2) removing 1 pair of matching outer quotes IF NEC. - ans=$(echo $ans | sed "s/^\s*\(['\"]\)\(.*\)\1\s*$/\2/") + ans=$(echo $ans | sed -e "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") echo $ans > /etc/iiab/openvpn_handle echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" elif [ "$handle1" != "$handle2" ]; then # Sloppily, but conveniently here, From 4d0a49f5d4a9241ef9f8a0210a84dc66cbe8df41 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 07:50:10 -0400 Subject: [PATCH 065/143] Comment cleanup --- roles/openvpn/templates/iiab-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 91715e599..35a5ae4f9 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -2,7 +2,7 @@ # openvpn_handle is stored in 2 files on disk, one slightly stripped down (from # the other) due to Ansible. So we emulate Ansible's behavior, when reading from -# (and later writing to) disk, removing outer cruft as explained on Lines 28-30 +# (and later writing to) disk, removing outer cruft as explained on Lines 27-29 handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then From 91f0ba8ab03541e5e2a35c8a12bbff565c952645 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 21:43:51 -0400 Subject: [PATCH 066/143] Update main.yml --- roles/nextcloud/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index c3b2ed683..d2ff224ec 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -11,7 +11,7 @@ nextcloud_url: /nextcloud nextcloud_prefix: /opt nextcloud_data_dir: "{{ content_base }}/nextcloud/data" nextcloud_dl_url: https://download.nextcloud.com/server/releases -nextcloud_orig_src_file: latest-15.tar.bz2 # 2019-04-25: nextcloud-16.0.0.tar.bz2 requires PHP 7.1+ and so fails on current Raspbian and Debian 9 "Stretch". 2019-09-27 aside: latest-16.tar.bz2 oddly still not yet published at https://download.nextcloud.com/server/releases/ +nextcloud_orig_src_file: latest-15.tar.bz2 # 2019-04-24: nextcloud-16.0.0.tar.bz2 requires PHP 7.1+ and so fails on current Raspbian 9 and Debian 9 "Stretch". 2019-05-11: latest-16.tar.bz2 finally published to https://download.nextcloud.com/server/releases/ (nextcloud/server#15502) e.g. for Ubuntu 18.04+ nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} # we install on mysql with these setting or those from default_vars, etc. From f21f637b87c92941a85378f512555ffae9dafdf1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 22:23:01 -0400 Subject: [PATCH 067/143] Establish /opt/iiab/sugarizer-server-1.1.0 for v1.1.0 --- roles/sugarizer/defaults/main.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/sugarizer/defaults/main.yml b/roles/sugarizer/defaults/main.yml index a049fe066..e5aef7d91 100644 --- a/roles/sugarizer/defaults/main.yml +++ b/roles/sugarizer/defaults/main.yml @@ -13,10 +13,7 @@ sugarizer_dir_version: sugarizer-1.1.0 # WAS: sugarizer-1.0, sugarizer-master sugarizer_git_version: v1.1.0 # WAS: v1.0.1, master # PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases -sugarizer_server_dir_version: sugarizer-server-dev # WAS: sugarizer-server-1.0, sugarizer-server-master -sugarizer_server_git_version: f27bf6acd56aba6d99116ef471ca713b0f0dfed3 # WAS: v1.0.1, master, dev -# Above commit (githash f27bf6a... for iiab/iiab PR #1430 from 'dev' branch of -# https://github.com/llaske/sugarizer-server) well-tested Jan 29 - Feb 12 2019. -# +sugarizer_server_dir_version: sugarizer-server-1.1.0 # WAS: sugarizer-server-1.0, sugarizer-server-master, sugarizer-server-dev +sugarizer_server_git_version: v1.1.0 # WAS: v1.0.1, master, dev, f27bf6acd56aba6d99116ef471ca713b0f0dfed3 # PLEASE HELP MONITOR https://github.com/llaske/sugarizer-server/commits/dev # AND https://github.com/llaske/sugarizer-server/releases From 895a13d88c74a5f04bdb47a2c95510640c2d484c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 12 May 2019 22:26:17 -0400 Subject: [PATCH 068/143] Remove years-old comment that's no longer relevant --- roles/sugarizer/tasks/main.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 0c23b3aeb..706e0d79e 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -3,14 +3,6 @@ msg: "Sugarizer install cannot proceeed, as it currently requires Node.js 10.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" when: sugarizer_install and (nodejs_version != "10.x") -# 0. CLEAN UP PRIOR VERSIONS OF SUGARIZER (NEEDS WORK!) - -# - name: Wipe /library/www/html/sugarizer* if installing sugarizer-1.0 -# shell: "rm -rf {{ doc_root }}/sugarizer*" -# args: -# warn: no -# when: sugarizer_dir_version == "sugarizer-1.0" - # 1. DOWNLOAD+LINK /opt/iiab/sugarizer From 403d4a2ebc23493caa27553a29602fc0c26fb48b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 May 2019 11:42:28 -0400 Subject: [PATCH 069/143] Rename ansible-2.6.x to ansible-2.6.x-deprecated --- scripts/{ansible-2.6.x => ansible-2.6.x-deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scripts/{ansible-2.6.x => ansible-2.6.x-deprecated} (100%) diff --git a/scripts/ansible-2.6.x b/scripts/ansible-2.6.x-deprecated similarity index 100% rename from scripts/ansible-2.6.x rename to scripts/ansible-2.6.x-deprecated From 72e21fad87aabd2b4aae4a0c964ba7f3654fc997 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 May 2019 11:43:36 -0400 Subject: [PATCH 070/143] Create ansible-2.8.x --- scripts/ansible-2.8.x | 104 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 scripts/ansible-2.8.x diff --git a/scripts/ansible-2.8.x b/scripts/ansible-2.8.x new file mode 100644 index 000000000..6b7105225 --- /dev/null +++ b/scripts/ansible-2.8.x @@ -0,0 +1,104 @@ +#!/bin/bash -e + +CURR_VER="undefined" # Ansible version you currently have installed +GOOD_VER="2.8.0" # For XO laptops (pip install) & CentOS (yum install rpm) +# On other OS's we attempt the latest from PPA, which might be more recent + +export DEBIAN_FRONTEND=noninteractive + +echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible-2.8.x (TO INSTALL ANSIBLE)" +echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible ("for the very latest Ansible")\n' + +echo -e "RECOMMENDED PREREQUISITES:" +echo -e "(1) Verify you're online" +echo -e "(2) Remove all prior versions of Ansible using" +echo -e " 'apt purge ansible' and/or 'pip uninstall ansible'" +echo -e "(3) Remove all lines containing 'ansible' from" +echo -e " /etc/apt/sources.list and /etc/apt/sources.list.d/*\n" + +echo -e "COMPLETE INSTALL INSTRUCTIONS:" +echo -e "https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n" + +if [ $(command -v ansible-playbook) ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd" + CURR_VER=`ansible --version | head -1 | awk '{print $2}'` # To match iiab-install. Was: CURR_VER=`ansible --version | head -n 1 | cut -f 2 -d " "` + echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER -- LET'S TRY TO UPGRADE IT!" + echo -e "(Internet-in-a-Box requests Ansible $GOOD_VER or higher)\n" + if [ -f /etc/centos-release ] || [ -f /etc/fedora-release ]; then + echo "Please use your system's package manager (or pip if nec) to update Ansible.\n" + exit 0 + elif [ -f /etc/olpc-release ]; then + echo "Please use pip package manager to update Ansible.\n" + exit 0 + fi +else + echo -e "ANSIBLE NOT FOUND ON THIS COMPUTER -- LET'S TRY TO INSTALL IT!" + echo -e "(Internet-in-a-Box requests Ansible $GOOD_VER or higher)\n" +fi + +if [ -f /etc/olpc-release ]; then + yum -y install ca-certificates nss + yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python + yum -y install python-pip python-setuptools python-wheel patch + # Can above 3 lines be merged into 1 line? + pip install --upgrade pip setuptools wheel #EOL just do it + pip install ansible==$GOOD_VER --disable-pip-version-check +elif [ -f /etc/centos-release ]; then + yum -y install ansible +# 2018-09-07: the next 4 lines aren't needed according to https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#latest-release-via-dnf-or-yum +# yum -y install ca-certificates nss epel-release +# yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python +# yum -y install python-pip python-setuptools python-wheel patch +# yum -y install https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-$GOOD_VER-1.el7.ans.noarch.rpm +#elif [ -f /etc/fedora-release ]; then +# CURR_VER=`grep VERSION_ID /etc/*elease | cut -d= -f2` +# URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$CURR_VER.yml +# dnf -y install ansible git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python +# dnf -y install python-pip python-setuptools python-wheel patch +## Parens are optional, but greatly clarify :) +#elif (grep -qi ubuntu /etc/lsb-release 2> /dev/null) || (grep -qi ubuntu /etc/os-release); then +# apt update +# #apt -y install python-pip python-setuptools python-wheel patch # 2018-09-05: fails on @kananigit's Ubuntu 18.04/Server. Fix @ https://github.com/iiab/iiab/pull/1091 +# apt -y install software-properties-common # adds command "apt-add-repository" +# apt-add-repository -y ppa:ansible/ansible # adds correct line to correct file e.g. adds line "deb http://ppa.launchpad.net/ansible/ansible/ubuntu bionic main" to /etc/apt/sources.list.d/ansible-ubuntu-ansible-bionic.list +## elif UBUNTU MUST REMAIN ABOVE (as Ubuntu ALSO contains /etc/debian_version, which would trigger the line just below) +#elif [ -f /etc/debian_version ] || (grep -qi raspbian /etc/*elease) ; then +#elif [ ! -f /etc/centos-release ] && [ ! -f /etc/fedora-release ] && [ ! -f /etc/olpc-release ]; then +elif [ -f /etc/debian_version ]; then # Includes Debian, Ubuntu & Raspbian + + echo -e "\napt update; install dirmngr; PPA to /etc/apt/sources.list.d/iiab-ansible.list\n" + apt update + apt -y install dirmngr # Raspbian needs. Formerly: python-pip python-setuptools python-wheel patch + echo "deb http://ppa.launchpad.net/ansible/ansible-2.7/ubuntu xenial main" \ + > /etc/apt/sources.list.d/iiab-ansible.list + + echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n' + apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367 + + echo -e "\napt update; apt install ansible\n" + apt update + apt -y --allow-downgrades install ansible + echo -e "\nSUCCESS: verify Ansible using 'ansible --version' and/or 'apt -a list ansible'\n\n" + + # TEMPORARILY USE ANSIBLE 2.4.4 (REMOVE IT WITH "pip uninstall ansible") + #pip install ansible==2.4.4 + + # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. DETAILS @ https://github.com/iiab/iiab/issues/669 + #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" + #cd /tmp + #wget http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb + #apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb + + echo -e 'PPA source "deb http://ppa.launchpad.net/ansible/ansible-2.7/ubuntu xenial main"' + echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" + + echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" + echo -e "ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n" + grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) +else + echo -e "\nEXITING: Could not detect your OS (unsupported?)\n" + exit 1 +fi + +# Needed? +mkdir -p /etc/ansible +echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts From 2d03c202f0503400d198d3b77727cbf545e2ff90 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 13 May 2019 11:59:12 -0400 Subject: [PATCH 071/143] scripts/ansible-2.8.x 644 -> 755 --- scripts/ansible-2.8.x | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/ansible-2.8.x diff --git a/scripts/ansible-2.8.x b/scripts/ansible-2.8.x old mode 100644 new mode 100755 From 359e35f5361a44a0d4c7585495dc91a1543e0833 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 13 May 2019 12:08:01 -0400 Subject: [PATCH 072/143] fix PPA URL's from ansible-2.7 -> ansible-2.8 --- scripts/ansible-2.8.x | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible-2.8.x b/scripts/ansible-2.8.x index 6b7105225..ddb3621a3 100755 --- a/scripts/ansible-2.8.x +++ b/scripts/ansible-2.8.x @@ -68,7 +68,7 @@ elif [ -f /etc/debian_version ]; then # Includes Debian, Ubuntu & Raspbian echo -e "\napt update; install dirmngr; PPA to /etc/apt/sources.list.d/iiab-ansible.list\n" apt update apt -y install dirmngr # Raspbian needs. Formerly: python-pip python-setuptools python-wheel patch - echo "deb http://ppa.launchpad.net/ansible/ansible-2.7/ubuntu xenial main" \ + echo "deb http://ppa.launchpad.net/ansible/ansible-2.8/ubuntu xenial main" \ > /etc/apt/sources.list.d/iiab-ansible.list echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n' @@ -88,7 +88,7 @@ elif [ -f /etc/debian_version ]; then # Includes Debian, Ubuntu & Raspbian #wget http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb #apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb - echo -e 'PPA source "deb http://ppa.launchpad.net/ansible/ansible-2.7/ubuntu xenial main"' + echo -e 'PPA source "deb http://ppa.launchpad.net/ansible/ansible-2.8/ubuntu xenial main"' echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" From 45769b15b820b465d476411083e2ba905803dd27 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Mon, 13 May 2019 14:02:25 -0400 Subject: [PATCH 073/143] don't add to menu unless new --- .../osm-vector-maps/templates/iiab-update-map | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index ffd7de2db..02ca0e02d 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -32,15 +32,20 @@ map_doc_root = '/library/www/osm-vector-maps' # map_catalog will be global, assumed always available map_catalog = {} map_menu_def_list = [] +previous_idx = {} # track new regions so we don't thrash on adding to menu def main(): global map_menu_def_list + global previous_idx + get_map_catalog() #print(json.dumps(map_catalog,indent=2)) map_menu_def_list = get_menu_def_names() print(json.dumps(map_menu_def_list,indent=2)) + read_vector_map_idx() + installed_maps = get_installed_regions() print(installed_maps) @@ -59,13 +64,13 @@ def main(): else: item = map_catalog['regions'][region] menu_ref = item['perma_ref'] - if not (region in map_menu_def_list): + if not (menu_ref in map_menu_def_list): print('creating menu def for %s'%item['perma_ref']) create_menu_def(region,item['perma_ref'] + '.json') - if fetch_menu_json_value('autoupdate_menu'): + # if autoupdate allowed and this is a new region then add to home menu + if fetch_menu_json_value('autoupdate_menu') and item['perma_ref'] not in previous_idx: print('autoudate of menu items is enabled:%s. Adding %s'%(\ fetch_menu_json_value('autoupdate_menu'),region,)) - # verify this menu def is on home page menus.update_menu_json(menu_ref) def get_map_catalog(): @@ -90,9 +95,9 @@ def get_menu_def_names(intended_use='map'): print(readstr) if data.get('intended_use','') != intended_use: continue - map_name = data.get('name','') + map_name = data.get('map_name','') if map_name != '': - menu_def_list.append(data['name']) + menu_def_list.append(map_name) return menu_def_list def get_installed_regions(): @@ -107,6 +112,12 @@ def get_installed_regions(): installed.append('maplist') return installed +def read_vector_map_idx(): + global previous_idx + with open(vector_map_idx_dir + '/vector-map-idx.json','r') as idx: + str = idx.read() + previous_idx = json.loads(str) + def write_vector_map_idx(installed_maps): map_dict ={} idx_dict = {} From fadba3c7b35acab3d117d4cf41f9dc72b6619c6d Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Mon, 13 May 2019 14:23:14 -0400 Subject: [PATCH 074/143] handle first time when idx file does not exist --- roles/osm-vector-maps/templates/iiab-update-map | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 02ca0e02d..3d72bba62 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -114,9 +114,12 @@ def get_installed_regions(): def read_vector_map_idx(): global previous_idx - with open(vector_map_idx_dir + '/vector-map-idx.json','r') as idx: - str = idx.read() - previous_idx = json.loads(str) + try: # will fail first time + with open(vector_map_idx_dir + '/vector-map-idx.json','r') as idx: + str = idx.read() + previous_idx = json.loads(str) + except: + pass def write_vector_map_idx(installed_maps): map_dict ={} From 3d4ba0166912ce9fd9126d44ca6fd440f3de6b05 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Wed, 15 May 2019 10:01:38 -0400 Subject: [PATCH 075/143] open samba ports --- roles/network/templates/gateway/iiab-gen-iptables | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 858786a14..9c6585e61 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -70,6 +70,10 @@ pbx_signaling_ports_chan_sip={{ pbx_signaling_ports_chan_sip }} pbx_signaling_ports_chan_pjsip={{ pbx_signaling_ports_chan_pjsip }} pbx_data_ports={{ pbx_data_ports }} pbx_enabled={{ pbx_enabled }} +samba_enabled={{ samba_enabled }} +samba_udp_ports={{ samba_udp_ports }} +samba_tcp_mports={{ samba_tcp_mports }} + block_DNS={{ block_DNS }} echo "LAN is $lan and WAN is $wan" @@ -116,6 +120,11 @@ if [ "$services_externally_visible" == "True" ]; then $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT fi + + if [ "$samba_enabled" == "True" ]; then + $IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT + fi fi if [ "$iiab_gateway_enabled" == "True" ]; then From 94eba076368ff21a5e7fcdd22dd55f723a690235 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Wed, 15 May 2019 10:36:58 -0400 Subject: [PATCH 076/143] forgot the other half --- vars/default_vars.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1a1d150ca..1838114aa 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -165,7 +165,7 @@ sshd_enabled: True openvpn_install: True openvpn_enabled: False # For /etc/iiab/openvpn_handle -openvpn_handle: +openvpn_handle: # cron seems necessary on CentOS: openvpn_cron_enabled: False # General OpenVPN settings @@ -229,6 +229,8 @@ cups_port: 631 # Samba. Do a security audit seriously before deploying this. samba_install: False samba_enabled: False +samba_udp_ports: "137:138" +samba_tcp_mports: "139,445" shared_dir : "{{ content_base }}/public" # /library/public # usb-lib From f65ee3e598d9f9f38b6db054d8e1d69e2680a48b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2019 14:23:44 -0400 Subject: [PATCH 077/143] Lokole 0.1.39 -> 0.4.0 --- roles/lokole/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index bc8a1ca9c..9c34df898 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Info needed to install Lokole -lokole_version: 0.1.39 +lokole_version: 0.4.0 lokole_admin_user: admin # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!) lokole_admin_password: changeme lokole_install_path: "{{ content_base }}/lokole" # /library/lokole From 3716d3d3045245406d933e6012d7ebcfa362cf6a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2019 15:48:19 -0400 Subject: [PATCH 078/143] Nextcloud 16 on Debian 10 & Ubuntu 18.04; Nextcloud 15 on Debian 9 & Raspian 9 --- roles/nextcloud/defaults/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index d2ff224ec..31a49c889 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -11,8 +11,12 @@ nextcloud_url: /nextcloud nextcloud_prefix: /opt nextcloud_data_dir: "{{ content_base }}/nextcloud/data" nextcloud_dl_url: https://download.nextcloud.com/server/releases -nextcloud_orig_src_file: latest-15.tar.bz2 # 2019-04-24: nextcloud-16.0.0.tar.bz2 requires PHP 7.1+ and so fails on current Raspbian 9 and Debian 9 "Stretch". 2019-05-11: latest-16.tar.bz2 finally published to https://download.nextcloud.com/server/releases/ (nextcloud/server#15502) e.g. for Ubuntu 18.04+ + +# 2019-05-11: latest-16.tar.bz2 finally published to https://download.nextcloud.com/server/releases/ (nextcloud/server#15502) e.g. for Ubuntu 18.04 & Debian 10 +nextcloud_orig_src_file: latest-16.tar.bz2 # 2019-05-16: for Debian 10 & Ubuntu 18.04 where PHP 7.1+ is available nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} +nextcloud_orig_src_file_old: latest-15.tar.bz2 # 2019-05-16: for Debian 9 & Raspbian 9 where PHP 7.1+ isn't available +nextcloud_src_file_old: nextcloud_{{ nextcloud_orig_src_file }} # we install on mysql with these setting or those from default_vars, etc. nextcloud_dbname: nextcloud From 506cfd04b7eebd2d2b123943b6c27fd73542178b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2019 16:01:32 -0400 Subject: [PATCH 079/143] Nextcloud 16 on Debian 10 & Ubuntu 18.04; Nextcloud 15 on Debian 9 & Raspbian 9 --- roles/nextcloud/tasks/main.yml | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index b7eb5f2f7..d3d96a578 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -14,7 +14,21 @@ # - debug: # msg: "nextcloud_force_install: {{ nextcloud_force_install }}" -- name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }} to {{ downloads_dir }}/{{ nextcloud_src_file }} +- name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file_old }} to {{ downloads_dir }}/{{ nextcloud_src_file_old }} on older OS's lacking PHP 7.1+ + get_url: + url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file_old }}" + dest: "{{ downloads_dir }}/{{ nextcloud_src_file_old }}" + timeout: "{{ download_timeout }}" + force: yes + #validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954 + when: internet_available and nextcloud_force_install + #async: 1800 + #poll: 10 + tags: + - download + when: is_debian_9 or is_raspbian_9 + +- name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }} to {{ downloads_dir }}/{{ nextcloud_src_file }} on newer OS's that have PHP 7.1+ get_url: url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}" dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}" @@ -26,6 +40,7 @@ #poll: 10 tags: - download + when: not (is_debian_9 or is_raspbian_9) # Ubuntu and Debian treat names differently - name: Install 3 php packages (debian) @@ -85,12 +100,19 @@ state: present when: is_redhat -- name: Unarchive {{ nextcloud_src_file }} to permanent location {{ nextcloud_prefix }}/nextcloud # e.g. unpack nextcloud_latest-14.tar.bz2 to /opt/nextcloud +- name: Unarchive {{ nextcloud_src_file_old }} to permanent location {{ nextcloud_prefix }}/nextcloud on older OS's lacking PHP 7.1+ # e.g. unpack nextcloud_latest-15.tar.bz2 to /opt/nextcloud + unarchive: + src: "{{ downloads_dir }}/{{ nextcloud_src_file_old }}" + dest: "{{ nextcloud_prefix }}" + #creates: "{{ nextcloud_prefix }}/nextcloud/version.php" + when: nextcloud_force_install and (is_debian_9 or is_raspbian_9) + +- name: Unarchive {{ nextcloud_src_file }} to permanent location {{ nextcloud_prefix }}/nextcloud on newer OS's that have PHP 7.1+ # e.g. unpack nextcloud_latest-16.tar.bz2 to /opt/nextcloud unarchive: src: "{{ downloads_dir }}/{{ nextcloud_src_file }}" dest: "{{ nextcloud_prefix }}" #creates: "{{ nextcloud_prefix }}/nextcloud/version.php" - when: nextcloud_force_install + when: nextcloud_force_install and not (is_debian_9 or is_raspbian_9) - name: Create dir /etc/nextcloud (centos) for a subsequent config dir that's symlinked to /etc/nextcloud ? file: From 1bf146ff2fd4ab9ede9ffd4dd177e9529c7ad1fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2019 17:00:32 -0400 Subject: [PATCH 080/143] Missed one: nextcloud_orig_src_file -> nextcloud_orig_src_file_old --- roles/nextcloud/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 31a49c889..e49769f72 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -16,7 +16,7 @@ nextcloud_dl_url: https://download.nextcloud.com/server/releases nextcloud_orig_src_file: latest-16.tar.bz2 # 2019-05-16: for Debian 10 & Ubuntu 18.04 where PHP 7.1+ is available nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} nextcloud_orig_src_file_old: latest-15.tar.bz2 # 2019-05-16: for Debian 9 & Raspbian 9 where PHP 7.1+ isn't available -nextcloud_src_file_old: nextcloud_{{ nextcloud_orig_src_file }} +nextcloud_src_file_old: nextcloud_{{ nextcloud_orig_src_file_old }} # we install on mysql with these setting or those from default_vars, etc. nextcloud_dbname: nextcloud From 77d7dfa958f3e242ec0d131754ff28f8ab76e2ce Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2019 17:05:06 -0400 Subject: [PATCH 081/143] Clarify in comment: PHP 7.1+ issue on diff distros --- roles/nextcloud/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index e49769f72..38392bbb5 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -13,10 +13,10 @@ nextcloud_data_dir: "{{ content_base }}/nextcloud/data" nextcloud_dl_url: https://download.nextcloud.com/server/releases # 2019-05-11: latest-16.tar.bz2 finally published to https://download.nextcloud.com/server/releases/ (nextcloud/server#15502) e.g. for Ubuntu 18.04 & Debian 10 -nextcloud_orig_src_file: latest-16.tar.bz2 # 2019-05-16: for Debian 10 & Ubuntu 18.04 where PHP 7.1+ is available -nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} -nextcloud_orig_src_file_old: latest-15.tar.bz2 # 2019-05-16: for Debian 9 & Raspbian 9 where PHP 7.1+ isn't available +nextcloud_orig_src_file_old: latest-15.tar.bz2 # 2019-05-16: for legacy OS's Debian 9 & Raspbian 9 where PHP 7.1+ isn't available nextcloud_src_file_old: nextcloud_{{ nextcloud_orig_src_file_old }} +nextcloud_orig_src_file: latest-16.tar.bz2 # 2019-05-16: for all other OS's e.g. Debian 10 & Ubuntu 18.04 where PHP 7.1+ is hopefully available! +nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} # we install on mysql with these setting or those from default_vars, etc. nextcloud_dbname: nextcloud From 24b7ef4b5b0d43c80df98643bd153e0f7b6b6bb9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2019 19:04:39 -0400 Subject: [PATCH 082/143] Revert "Disable Calibre-Web in MEDIUM-sized & BIG-sized IIAB installs, until #1624 is fixed" --- vars/local_vars_big.yml | 4 ++-- vars/local_vars_medium.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 844dfb909..587d40713 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -296,8 +296,8 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # program, so we recommend you also install Calibre (above!) # Calibre-Web alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url: /books diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index ee49de897..583df4276 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -296,8 +296,8 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # program, so we recommend you also install Calibre (above!) # Calibre-Web alternative to Calibre, offers a clean/modern UX -calibreweb_install: False -calibreweb_enabled: False +calibreweb_install: True +calibreweb_enabled: True calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) # http://box/books works. Add {box/libros, box/livres, box/livros, box/liv} etc? calibreweb_url: /books From cc407e212c4a9f2583ed10fe9c49a4642df033be Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 16 May 2019 23:11:15 -0400 Subject: [PATCH 083/143] Ansible GOOD_VER 2.7.10 -> 2.8.0 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 5896773b6..5f222555d 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -1,7 +1,7 @@ #!/bin/bash -e CURR_VER="undefined" # Ansible version you currently have installed -GOOD_VER="2.7.10" # For XO laptops (pip install) & CentOS (yum install rpm) +GOOD_VER="2.8.0" # For XO laptops (pip install) & CentOS (yum install rpm) # On other OS's we attempt the latest from PPA, which might be more recent export DEBIAN_FRONTEND=noninteractive From 148883867a3c8b07816c983ba52c7646cfc32a91 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 May 2019 00:32:03 -0400 Subject: [PATCH 084/143] /usr/bin/iiab-support (better) explains OpenVPN --- roles/openvpn/templates/iiab-support | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 35a5ae4f9..18d0b7be9 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -73,10 +73,12 @@ for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done echo -e "\n\n 1. Check your Internet connection: run 'ping 8.8.8.8' and 'ping mit.edu'" echo -e " 2. Check your OpenVPN connection: run 'ping 10.8.0.1'" echo -e " 3. Run 'ip a' and look for a 'tun0' IP address like 10.8.0.x" -echo -e " 4. If necessary, run 'systemctl restart openvpn' which will" -echo -e " effectively run 'systemctl restart openvpn@xscenet' for you." +echo -e " 4. If necessary, run 'systemctl restart openvpn' which should" +echo -e " run 'systemctl restart openvpn@xscenet' for you." echo -e " 5. Sometimes waiting a minute helps -- retry steps 2 and 3 to monitor." -echo -e " 6. Read 'How can I remotely manage my Internet-in-a-Box?' at" +echo -e " 6. If in future you want to disable OpenVPN connections to-and-from your" +echo -e " Internet-in-a-Box (IIAB) please run 'iiab-support-off' at that time." +echo -e " 7. Read 'How can I remotely manage my Internet-in-a-Box?' at" echo -e " http://FAQ.IIAB.IO to learn about DIY remote support alternatives" echo -e " like ngrok, serveo, remot3.it and TeamViewer.\n" From f8c9d4cc98e5ef76f29abaed61acc5df3ca2c47a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 May 2019 01:09:22 -0400 Subject: [PATCH 085/143] minor code readability tweaks --- roles/openvpn/templates/iiab-support | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/templates/iiab-support b/roles/openvpn/templates/iiab-support index 18d0b7be9..fe294bb38 100644 --- a/roles/openvpn/templates/iiab-support +++ b/roles/openvpn/templates/iiab-support @@ -2,7 +2,7 @@ # openvpn_handle is stored in 2 files on disk, one slightly stripped down (from # the other) due to Ansible. So we emulate Ansible's behavior, when reading from -# (and later writing to) disk, removing outer cruft as explained on Lines 27-29 +# (and later writing to) disk, removing outer cruft as explained on Lines 27-29: handle1=$(grep "^openvpn_handle:" /etc/iiab/local_vars.yml | sed -e "s/^openvpn_handle://; s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") echo -e "\n/etc/iiab/local_vars.yml source/master copy: $handle1" if [ -f /etc/iiab/openvpn_handle ]; then @@ -12,7 +12,11 @@ else echo -e "/etc/iiab/openvpn_handle for openvpn daemon: [FILE DOESN'T YET EXIST]\n" fi -echo -en "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n\n cape-town-school-36-rpi-2019-05-31\n\nOr hit [Enter] to keep the existing name:\e[0m " +echo -e "\e[1mPlease type a descriptive OpenVPN machine name (openvpn_handle) such as:\n" + +echo -e " cape-town-school-36-rpi-2019-05-31\n" + +echo -en "Or hit [Enter] to keep the existing name:\e[0m " read ans < /dev/tty #if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -f /etc/iiab/openvpn_handle ] ); then @@ -26,7 +30,7 @@ if [ "$ans" != "" ] || ( [ "$handle1" = "" ] && [ ! -v handle2 ] ); then # BEHAVIOR JUST LIKE ANSIBLE'S: create /etc/iiab/openvpn_handle from the # "^openvpn_handle:" line in /etc/iiab/local_vars.yml by (1) removing outer - # spacing IF NEC, then (2) removing 1 pair of matching outer quotes IF NEC. + # spacing IF NEC, then (2) removing 1 pair of matching outer quotes IF NEC: ans=$(echo $ans | sed -e "s/^\s*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") echo $ans > /etc/iiab/openvpn_handle echo -e "\n\e[1mSAVED: openvpn_handle recorded into both above files.\e[0m\n" @@ -88,7 +92,6 @@ echo -en " OpenVPN TIPS " for i in {40..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done echo -e "\n\nNow let's wait 15 seconds, as OpenVPN handshake sometimes needs that (or more!)" - sleep 15 echo -en "\nYour OpenVPN machine name (openvpn_handle) is: \e[32m" From 7abdecf7da3abb55fdb86e06f87955180fddc91a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 May 2019 01:35:13 -0400 Subject: [PATCH 086/143] Gitea 1.8.0 -> 1.8.1 --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 8eccf4881..345b44f35 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -8,7 +8,7 @@ # https://git.coolaj86.com/coolaj86/gitea-installer.sh # Information needed to install Gitea -gitea_version: 1.8.0 +gitea_version: 1.8.1 iset_suffixes: i386: 386 x86_64: amd64 From 8eeb38f799c028e1b4cf3c8b89832d02f6319648 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 17 May 2019 19:14:19 -0400 Subject: [PATCH 087/143] Revert Gitea 1.8.1 to 1.7.6 for RPi --- roles/gitea/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 345b44f35..b50fc4ce5 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -8,7 +8,7 @@ # https://git.coolaj86.com/coolaj86/gitea-installer.sh # Information needed to install Gitea -gitea_version: 1.8.1 +gitea_version: 1.7.6 iset_suffixes: i386: 386 x86_64: amd64 From abc8fb8947d87b92faaed3a23cc663235c796cb9 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Fri, 17 May 2019 19:09:53 -0700 Subject: [PATCH 088/143] replace extract_region_from_filename- use re --- roles/osm-vector-maps/templates/iiab-update-map | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 3d72bba62..837bc9e85 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -192,14 +192,11 @@ def fetch_menu_json_value(key): return data.get(key,'') def extract_region_from_filename(fname): - substitutions = { "north": "north_america",\ - "central": "central_america",\ - "southeast": "southeast_asia", - "south": "south_america" } - # wish I had used - as separator between key and date - nibble = fname.split('_')[0] - nibble = substitutions.get(nibble,nibble) - return(nibble) + nibble = re.search(r"^.._osm_..._(.*)_[0-9]{4}",fname) + if not nibble: + return("maplist") + resp = nibble.group(1) + return(resp) if __name__ == '__main__': if console_installed: From 7eae142a62aed1954cb02e27a3e4e4fbfacb0a02 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Fri, 17 May 2019 21:53:57 -0700 Subject: [PATCH 089/143] use regular expressions to break apart filename --- roles/osm-vector-maps/templates/iiab-update-map | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 837bc9e85..278352cfd 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -54,7 +54,6 @@ def main(): # For installed regions, check that a menu def exists, and it's on home page for fname in installed_maps: region = extract_region_from_filename(fname) - print('checking for %s region'%region) if region == 'maplist': # it is the splash page, display only if no others menu_ref = 'en-map_test' item = { "perma_ref" : "en-map_test" } @@ -128,6 +127,7 @@ def write_vector_map_idx(installed_maps): region = extract_region_from_filename(fname) if map == 'maplist': continue # not a real region map_dict = map_catalog['regions'].get(region,'') + print('check for %s in %s'%(region,map_dict)) if map_dict == '': continue # Create the idx file in format required bo js-menu system @@ -192,11 +192,13 @@ def fetch_menu_json_value(key): return data.get(key,'') def extract_region_from_filename(fname): - nibble = re.search(r"^.._osm_..._(.*)_[0-9]{4}",fname) - if not nibble: + # find the index of the date + nibble = re.search(r"\d{4}-\d{2}-\d{2}",fname) + if nibble: + fname = fname[:nibble.start()-1] + return fname + else: return("maplist") - resp = nibble.group(1) - return(resp) if __name__ == '__main__': if console_installed: From e2c8b5cde6595fac5d618fc83fbcd348e2aa55c4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 18 May 2019 18:13:39 -0400 Subject: [PATCH 090/143] Comments/spacing readability --- .../templates/gateway/iiab-gen-iptables | 33 +++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 9c6585e61..4c63bfbe3 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -1,4 +1,5 @@ #!/bin/bash -x + source {{ iiab_env_file }} {% if is_debuntu %} IPTABLES=/sbin/iptables @@ -16,27 +17,27 @@ $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -X -# first match wins +# First match wins # Always accept loopback traffic $IPTABLES -A INPUT -i lo -j ACCEPT # Always drop rpc $IPTABLES -A INPUT -p tcp --dport 111 -j DROP $IPTABLES -A INPUT -p udp --dport 111 -j DROP -# mysql +# MySQL $IPTABLES -A INPUT -p tcp --dport 3306 -j DROP $IPTABLES -A INPUT -p udp --dport 3306 -j DROP -# postgres - not needed listens on lo only +# PostgreSQL - not needed listens on lo only $IPTABLES -A INPUT -p tcp --dport 5432 -j DROP $IPTABLES -A INPUT -p udp --dport 5432 -j DROP -# couchdb +# CouchDB $IPTABLES -A INPUT -p tcp --dport 5984 -j DROP $IPTABLES -A INPUT -p udp --dport 5984 -j DROP } -if [ "x$WANIF" == "xnone" ] || [ "$MODE" == "Appliance" ]; then +if [ "x$WANIF" == "xnone" ] || [ "$MODE" == "Appliance" ]; then clear_fw - # save the rule set + # Save the rule set {% if is_debuntu %} netfilter-persistent save {% else %} @@ -47,7 +48,7 @@ fi lan=$LANIF wan=$WANIF -# Good thing we replace this file should be treated like squid below +# Good thing we replace this file; should be treated like Squid (that used to be?) below gw_block_https={{ gw_block_https }} ssh_port={{ ssh_port }} gui_wan={{ gui_wan }} @@ -77,10 +78,8 @@ samba_tcp_mports={{ samba_tcp_mports }} block_DNS={{ block_DNS }} echo "LAN is $lan and WAN is $wan" -# -# delete all existing rules. -# +# Delete all existing rules /sbin/modprobe ip_tables /sbin/modprobe iptable_filter /sbin/modprobe ip_conntrack @@ -94,7 +93,7 @@ $IPTABLES -A INPUT -m state --state NEW -i $lan -j ACCEPT # Allow mDNS $IPTABLES -A INPUT -p udp --dport 5353 -j ACCEPT -#when run as gateway +# When run as gateway $IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT if [ "$gui_wan" == "True" ]; then @@ -133,15 +132,15 @@ fi $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT -#Block https traffic except if directed at server -if [ "$gw_block_https" == "True" ]; then +# Block https traffic except if directed at server +if [ "$gw_block_https" == "True" ]; then $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP fi -# Allow outgoing connections from the LAN side. +# Allow outgoing connections from the LAN side $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT -# Don't forward from the outside to the inside. +# Don't forward from the outside to the inside $IPTABLES -A FORWARD -i $wan -o $lan -j DROP $IPTABLES -A INPUT -i $wan -j DROP @@ -154,9 +153,9 @@ if [ "$HTTPCACHE_ON" == "True" ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128 fi -# Enable routing. +# Enable routing echo 1 > /proc/sys/net/ipv4/ip_forward -# save the whole rule set now +# Save the whole rule set now {% if is_debuntu %} netfilter-persistent save {% else %} From 916fad85887517530b91f08568bd379865144966 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 18 May 2019 19:11:57 -0400 Subject: [PATCH 091/143] default_vars.yml readability --- vars/default_vars.yml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1838114aa..032388990 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -217,10 +217,6 @@ dansguardian_enabled: False postgresql_install: False postgresql_enabled: False -# Unmaintained -# authserver_install: False -# authserver_enabled: False - # Common UNIX Printing System (CUPS) cups_install: False cups_enabled: False @@ -470,6 +466,13 @@ minetest_default_game: carbone-ng # only carbone-ng and minetest are supporte minetest_flat_world: False +# ============================================================================= +# UNMAINTAINED LEGACY VARIABLES: YOU'RE TAKING BIG RISKS IF YOU USE ANY HERE... + +# Unmaintained +# authserver_install: False +# authserver_enabled: False + # CONSIDER THESE 2 NEW OPENSTREETMAP (OSM) APPROACHES INSTEAD, AS OF 2018: # - http://download.iiab.io/content/OSM/vector-tiles/ # - http://oer2go.org/viewmod/en-worldmap-10 @@ -534,13 +537,14 @@ minetest_flat_world: False # rachel_content_found: False # #rachel_url: /rachel # rachel_doc_root: "{{ doc_root }}/modules" +# ============================================================================= -# ================================================================ -# Platforms - turn all off and let /opt/iiab/iiab/vars/.yml turn on as appropriate +# PLATFORMS: +# TURN ALL OFF AND LET /opt/iiab/iiab/vars/.yml TURN ON AS APPROPRIATE... # Wide to narrow (insofar as poss) -is_debuntu: False # covers all 3: Ubuntu, Debian, Raspbian +is_debuntu: False # Covers all 3: Ubuntu, Debian, Raspbian is_ubuntu: False is_ubuntu_19: False @@ -548,18 +552,18 @@ is_ubuntu_18: False is_ubuntu_17: False is_ubuntu_16: False -is_debian: False # covers both: Debian, Raspbian +is_debian: False # Covers both: Debian, Raspbian is_debian_10: False is_debian_9: False is_debian_8: False -is_raspbian: False # covers RPi HW and non-RPi HW versions of Raspbian +is_raspbian: False # Covers RPi HW and non-RPi HW versions of Raspbian is_raspbian_10: False is_raspbian_9: False is_raspbian_8: False -is_rpi: False # 2019-03-23 - doesn't yet test for RPi HW, but hopefully soon: https://github.com/iiab/iiab/issues/1406 +is_rpi: False # 2019-03-23: Doesn't yet test for RPi HW, but hopefully soon: https://github.com/iiab/iiab/issues/1406 -is_redhat: False # not well supported as of 2019, see: https://github.com/iiab/iiab/issues/1434 +is_redhat: False # Not well supported as of 2019, see: https://github.com/iiab/iiab/issues/1434 is_centos: False is_centos_7: False is_fedora: False From ec9834f7d775ce5a00e0d0b1178188ac29e3a242 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 05:42:58 -0400 Subject: [PATCH 092/143] iiab-gen-iptables uses ports_externally_visible {0...5} --- .../templates/gateway/iiab-gen-iptables | 194 +++++++++++------- 1 file changed, 117 insertions(+), 77 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 4c63bfbe3..adc780315 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -1,6 +1,5 @@ #!/bin/bash -x -source {{ iiab_env_file }} {% if is_debuntu %} IPTABLES=/sbin/iptables IPTABLES_DATA=/etc/iptables.up.rules @@ -8,53 +7,25 @@ IPTABLES_DATA=/etc/iptables.up.rules IPTABLES=/usr/sbin/iptables IPTABLES_DATA=/etc/sysconfig/iptables {% endif %} -LANIF=$IIAB_LAN_DEVICE -WANIF=$IIAB_WAN_DEVICE -MODE=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` -clear_fw() { -$IPTABLES -F -$IPTABLES -t nat -F -$IPTABLES -X +source {{ iiab_env_file }} +lan=$IIAB_LAN_DEVICE +wan=$IIAB_WAN_DEVICE +network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` +echo -e "\nLAN: $lan" +echo -e "WAN: $wan" +echo -e "Network Mode: $network_mode\n" -# First match wins -# Always accept loopback traffic -$IPTABLES -A INPUT -i lo -j ACCEPT - -# Always drop rpc -$IPTABLES -A INPUT -p tcp --dport 111 -j DROP -$IPTABLES -A INPUT -p udp --dport 111 -j DROP -# MySQL -$IPTABLES -A INPUT -p tcp --dport 3306 -j DROP -$IPTABLES -A INPUT -p udp --dport 3306 -j DROP -# PostgreSQL - not needed listens on lo only -$IPTABLES -A INPUT -p tcp --dport 5432 -j DROP -$IPTABLES -A INPUT -p udp --dport 5432 -j DROP -# CouchDB -$IPTABLES -A INPUT -p tcp --dport 5984 -j DROP -$IPTABLES -A INPUT -p udp --dport 5984 -j DROP -} - -if [ "x$WANIF" == "xnone" ] || [ "$MODE" == "Appliance" ]; then - clear_fw - # Save the rule set - {% if is_debuntu %} - netfilter-persistent save - {% else %} - iptables-save > $IPTABLES_DATA - {% endif %} - exit 0 -fi -lan=$LANIF -wan=$WANIF - -# Good thing we replace this file; should be treated like Squid (that used to be?) below +# "Good thing we replace this file; should be treated like Squid below" ? +ports_externally_visible={{ ports_externally_visible }} +#services_externally_visible={{ services_externally_visible }} gw_block_https={{ gw_block_https }} ssh_port={{ ssh_port }} -gui_wan={{ gui_wan }} +#gui_wan={{ gui_wan }} gui_port={{ gui_port }} iiab_gateway_enabled={{ iiab_gateway_enabled }} -services_externally_visible={{ services_externally_visible }} +block_DNS={{ block_DNS }} + calibre_port={{ calibre_port }} calibreweb_port={{ calibreweb_port }} kiwix_port={{ kiwix_port }} @@ -67,40 +38,107 @@ sugarizer_port={{ sugarizer_port }} nodered_port={{ nodered_port }} mosquitto_port={{ mosquitto_port }} minetest_port={{ minetest_port }} +pbx_enabled={{ pbx_enabled }} pbx_signaling_ports_chan_sip={{ pbx_signaling_ports_chan_sip }} pbx_signaling_ports_chan_pjsip={{ pbx_signaling_ports_chan_pjsip }} pbx_data_ports={{ pbx_data_ports }} -pbx_enabled={{ pbx_enabled }} -samba_enabled={{ samba_enabled }} samba_udp_ports={{ samba_udp_ports }} samba_tcp_mports={{ samba_tcp_mports }} -block_DNS={{ block_DNS }} +################################################################################ +# # +# IF YOU NEED TO CHANGE ports_externally_visible DO THAT IN: # +# # +# /etc/iiab/local_vars.yml # +# # +# It must be an integer {0...5} as follows: # +# # +# 0 = none # +# 1 = ssh only # +# 2 = ssh + Admin Console # +# 3 = ssh + Admin Console + common IIAB services <-- THIS IS THE DEFAULT # +# 4 = ssh + Admin Console + common IIAB services + Samba # +# 5 = all but databases # +# # +# Then enable it in iptables by running 'cd /opt/iiab/iiab; ./iiab-network' # +# # +################################################################################ -echo "LAN is $lan and WAN is $wan" +echo -e "\nports_externally_visible: "$ports_externally_visible"\n" +if ! [ "$ports_externally_visible" -eq "$ports_externally_visible" ] 2> /dev/null; then + echo "EXITING: an integer is required" + exit 1 +elif [ "$ports_externally_visible" -lt 0 ] || [ "$ports_externally_visible" -gt 5 ]; then + echo "EXITING: it must be in the range {0...5}" + exit 1 +fi -# Delete all existing rules -/sbin/modprobe ip_tables -/sbin/modprobe iptable_filter -/sbin/modprobe ip_conntrack -/sbin/modprobe iptable_nat -clear_fw +if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then + # Load iptables kernel modules + /sbin/modprobe ip_tables + /sbin/modprobe iptable_filter + /sbin/modprobe ip_conntrack + /sbin/modprobe iptable_nat +fi + +# Delete all existing firewall rules +$IPTABLES -F +$IPTABLES -t nat -F +$IPTABLES -X + +# First Match Wins - establish iptable rules, starting at the top: +# (you can verify the resulting rule set by running 'iptables -L -v') + +# Always accept loopback traffic +$IPTABLES -A INPUT -i lo -j ACCEPT + +# Disable access to databases, on LAN-side and WAN-side +# SunRPC +$IPTABLES -A INPUT -p tcp --dport 111 -j DROP +$IPTABLES -A INPUT -p udp --dport 111 -j DROP +# MySQL +$IPTABLES -A INPUT -p tcp --dport 3306 -j DROP +$IPTABLES -A INPUT -p udp --dport 3306 -j DROP +# PostgreSQL - not needed listens on lo only +$IPTABLES -A INPUT -p tcp --dport 5432 -j DROP +$IPTABLES -A INPUT -p udp --dport 5432 -j DROP +# CouchDB +$IPTABLES -A INPUT -p tcp --dport 5984 -j DROP +$IPTABLES -A INPUT -p udp --dport 5984 -j DROP + +save_rules_and_exit() { +{% if is_debuntu %} + netfilter-persistent save +{% else %} + iptables-save > $IPTABLES_DATA +{% endif %} + + exit 0 +} + +if [ "$wan" == "none" ] || [ "$network_mode" == "Appliance" ]; then + save_rules_and_exit +fi # Allow established connections, and those not coming from the outside $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -$IPTABLES -A INPUT -m state --state NEW -i $lan -j ACCEPT +$IPTABLES -A INPUT -m state --state NEW -i $lan -j ACCEPT -# Allow mDNS +# Allow mDNS from WAN-side too (WHY OUT OF CURIOSITY?) $IPTABLES -A INPUT -p udp --dport 5353 -j ACCEPT -# When run as gateway -$IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT +# 1 = ssh only +if [ "$ports_externally_visible" -ge 1 ]; then + $IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT +fi -if [ "$gui_wan" == "True" ]; then +# 2 = ssh + Admin Console +if [ "$ports_externally_visible" -ge 2 ]; then $IPTABLES -A INPUT -p tcp --dport $gui_port -m state --state NEW -i $wan -j ACCEPT fi -if [ "$services_externally_visible" == "True" ]; then +# 3 = ssh + Admin Console + common IIAB services +if [ "$ports_externally_visible" -ge 3 ]; then $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT @@ -119,46 +157,48 @@ if [ "$services_externally_visible" == "True" ]; then $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT fi - - if [ "$samba_enabled" == "True" ]; then - $IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT - fi fi +# 4 = ssh + Admin Console + common IIAB services + Samba +if [ "$ports_externally_visible" -ge 4 ]; then + $IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT +fi + +# Typically False, to keep students off the Internet if [ "$iiab_gateway_enabled" == "True" ]; then $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE fi +# 3 or 4 IP forwarding rules $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT - # Block https traffic except if directed at server if [ "$gw_block_https" == "True" ]; then $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP fi - # Allow outgoing connections from the LAN side $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT - # Don't forward from the outside to the inside $IPTABLES -A FORWARD -i $wan -o $lan -j DROP -$IPTABLES -A INPUT -i $wan -j DROP +# Enable routing (kernel IP forwarding) +echo 1 > /proc/sys/net/ipv4/ip_forward +# 5 = "all but databases" +if [ "$ports_externally_visible" -lt 5 ]; then + # Drop everything else arriving via WAN + $IPTABLES -A INPUT -i $wan -j DROP +fi + +# TCP & UDP block of DNS port 53 if truly nec if [ "$block_DNS" == "True" ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53 $IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53 fi +# If Squid enabled, indicated by /etc/iiab/iiab.env if [ "$HTTPCACHE_ON" == "True" ]; then - $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128 + $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128 fi -# Enable routing -echo 1 > /proc/sys/net/ipv4/ip_forward -# Save the whole rule set now -{% if is_debuntu %} -netfilter-persistent save -{% else %} -iptables-save > $IPTABLES_DATA -{% endif %} -exit 0 +# Save the whole rule set +save_rules_and_exit From 669dcf7a6e5da3ae5487c0c6e847d2dcfbe8b2b1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 05:45:16 -0400 Subject: [PATCH 093/143] gui_wan -> ports_externally_visible >= 2 in avahi.yml --- roles/network/tasks/avahi.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 414a9d1a9..7dac2ca7e 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -12,7 +12,10 @@ owner: avahi group: avahi mode: 0640 - when: 'gui_wan == True' + #when: 'gui_wan == True' + when: ports_externally_visible|int >= 2 + # Where "2" means "ssh + Admin Console" + # SEE: https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L65 - name: Find avahi_ver for clean copy of ssh.service (not debuntu) shell: "ls /usr/share/doc/ | grep avahi | head -n1" From 0926624f6df2911dce5c32219c04ed1c6f1b6e47 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 06:13:38 -0400 Subject: [PATCH 094/143] ports_externally_visible {0...5} in default_vars for iiab-gen-iptables --- vars/default_vars.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1838114aa..27ee027db 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -91,10 +91,20 @@ gui_wan: True adm_cons_force_ssl: False adm_cons_allow_downloads: False -# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or -# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables -# within github.com/iiab/iiab/blob/master/roles/ -services_externally_visible: True +# Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite +# (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server. +# Only 1 of the 6 lines below should be uncommented: +# +#ports_externally_visible: 0 # none +#ports_externally_visible: 1 # ssh only +#ports_externally_visible: 2 # ssh + Admin Console +ports_externally_visible: 3 # ssh + Admin Console + common IIAB services +#ports_externally_visible: 4 # ssh + Admin Console + common IIAB services + Samba +#ports_externally_visible: 5 # all but databases +# +# Or further customize your iptables firewall by editing: +# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables +# And then run: cd /opt/iiab/iiab; ./iiab-network # Gateway and Filters # Most all implementations use "iiab_gateway_enabled: False" within From d2af10b7ea2ff32be0ccdf800e5d76cc644e3a2d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 06:18:16 -0400 Subject: [PATCH 095/143] ports_externally_visible {0...5} in local_vars_min for iiab-gen-iptables --- vars/local_vars_min.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 05f0b0ce6..b39b3e02d 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -40,10 +40,20 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or -# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables -# within github.com/iiab/iiab/blob/master/roles/ -services_externally_visible: True +# Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite +# (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server. +# Only 1 of the 6 lines below should be uncommented: +# +#ports_externally_visible: 0 # none +#ports_externally_visible: 1 # ssh only +#ports_externally_visible: 2 # ssh + Admin Console +ports_externally_visible: 3 # ssh + Admin Console + common IIAB services +#ports_externally_visible: 4 # ssh + Admin Console + common IIAB services + Samba +#ports_externally_visible: 5 # all but databases +# +# Or further customize your iptables firewall by editing: +# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables +# And then run: cd /opt/iiab/iiab; ./iiab-network # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False From 57bfa0c20a7de5b1095d220a90d3960417d974cb Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 06:18:22 -0400 Subject: [PATCH 096/143] ports_externally_visible {0...5} in local_vars_medium for iiab-gen-iptables --- vars/local_vars_medium.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 583df4276..7caca0830 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -40,10 +40,20 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or -# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables -# within github.com/iiab/iiab/blob/master/roles/ -services_externally_visible: True +# Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite +# (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server. +# Only 1 of the 6 lines below should be uncommented: +# +#ports_externally_visible: 0 # none +#ports_externally_visible: 1 # ssh only +#ports_externally_visible: 2 # ssh + Admin Console +ports_externally_visible: 3 # ssh + Admin Console + common IIAB services +#ports_externally_visible: 4 # ssh + Admin Console + common IIAB services + Samba +#ports_externally_visible: 5 # all but databases +# +# Or further customize your iptables firewall by editing: +# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables +# And then run: cd /opt/iiab/iiab; ./iiab-network # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False From ab613eaed3a5cd909fd7b52190e22009a4e96fb8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 06:18:27 -0400 Subject: [PATCH 097/143] ports_externally_visible {0...5} in local_vars_big for iiab-gen-iptables --- vars/local_vars_big.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 587d40713..8a61ff121 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -40,10 +40,20 @@ host_channel: 6 hostapd_secure: False hostapd_password: changeme -# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or -# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables -# within github.com/iiab/iiab/blob/master/roles/ -services_externally_visible: True +# Enable "campus access" to ~10 common IIAB services like Kiwix (3000), KA Lite +# (8008) and Calibre (8010 or 8080) etc, on the WAN side of your IIAB server. +# Only 1 of the 6 lines below should be uncommented: +# +#ports_externally_visible: 0 # none +#ports_externally_visible: 1 # ssh only +#ports_externally_visible: 2 # ssh + Admin Console +ports_externally_visible: 3 # ssh + Admin Console + common IIAB services +#ports_externally_visible: 4 # ssh + Admin Console + common IIAB services + Samba +#ports_externally_visible: 5 # all but databases +# +# Or further customize your iptables firewall by editing: +# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables +# And then run: cd /opt/iiab/iiab; ./iiab-network # Make this True if client machines should have access to WAN/Internet: iiab_gateway_enabled: False From 12885ad5f86155aeb447eacea1c7cb1e9ef90704 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 06:30:16 -0400 Subject: [PATCH 098/143] How to edit iiab-gen-iptables --- roles/network/templates/gateway/iiab-gen-iptables | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index adc780315..50d5b061c 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -1,5 +1,9 @@ #!/bin/bash -x +# To customize your iptables firewall, it's best to edit: +# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables +# And then run: cd /opt/iiab/iiab; ./iiab-network + {% if is_debuntu %} IPTABLES=/sbin/iptables IPTABLES_DATA=/etc/iptables.up.rules From b3d837b182c199e2aefdca039acfff40f08c48d4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 06:31:42 -0400 Subject: [PATCH 099/143] Comment fixed in network/tasks/avahi.yml --- roles/network/tasks/avahi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 7dac2ca7e..55f312004 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -15,7 +15,7 @@ #when: 'gui_wan == True' when: ports_externally_visible|int >= 2 # Where "2" means "ssh + Admin Console" - # SEE: https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L48-L65 + # SEE: https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L52-L69 - name: Find avahi_ver for clean copy of ssh.service (not debuntu) shell: "ls /usr/share/doc/ | grep avahi | head -n1" From 33c64d23379425d2e8ab0bd8eb1e7a5e3cf822fa Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 06:45:23 -0400 Subject: [PATCH 100/143] Comment aligned w/ local_vars files & default_vars --- roles/network/templates/gateway/iiab-gen-iptables | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 50d5b061c..e46278641 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ samba_tcp_mports={{ samba_tcp_mports }} # 4 = ssh + Admin Console + common IIAB services + Samba # # 5 = all but databases # # # -# Then enable it in iptables by running 'cd /opt/iiab/iiab; ./iiab-network' # +# Then enable it in iptables by running: cd /opt/iiab/iiab; ./iiab-network # # # ################################################################################ From 043e6c8166ac280ff2ea6f5170d6fea1d22d2217 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 06:49:30 -0400 Subject: [PATCH 101/143] Explanation better --- roles/network/templates/gateway/iiab-gen-iptables | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index e46278641..6e554aab9 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -55,7 +55,7 @@ samba_tcp_mports={{ samba_tcp_mports }} # # # /etc/iiab/local_vars.yml # # # -# It must be an integer {0...5} as follows: # +# This firewall variable must be an integer {0...5} as follows: # # # # 0 = none # # 1 = ssh only # @@ -64,7 +64,7 @@ samba_tcp_mports={{ samba_tcp_mports }} # 4 = ssh + Admin Console + common IIAB services + Samba # # 5 = all but databases # # # -# Then enable it in iptables by running: cd /opt/iiab/iiab; ./iiab-network # +# Then enable it with iptables by running: cd /opt/iiab/iiab; ./iiab-network # # # ################################################################################ From 867828055149a1122743a67add2070b0bc9b9293 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Sun, 19 May 2019 12:53:55 -0400 Subject: [PATCH 102/143] various fixes --- roles/7-edu-apps/tasks/main.yml | 6 +++--- roles/osm-vector-maps/tasks/main.yml | 15 ++++++++------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 688455ffa..4d3db3278 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -27,10 +27,10 @@ when: moodle_install tags: olpc, moodle -- name: OSM_VECTOR +- name: OSM_VECTOR_MAPS include_role: - name: osm-vector - when: osm_vector_install is defined and osm_vector_install + name: osm-vector-maps + when: osm_vector_maps_install tags: osm # UNMAINTAINED diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index ca3cd9276..a16962f8b 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -1,5 +1,5 @@ - name: Make sure the osm-vector-maps directory exists - file: + file: path: '{{ vector_map_path }}/maplist/assets' state: directory owner: '{{ apache_user }}' @@ -45,17 +45,18 @@ dest: /usr/bin/iiab-update-map mode: "0755" -- name: Run the script that does osm-vector-maps housekeeping - shell: /usr/bin/iiab-update-map - +# This depends on iiab-admin-console which is not yet installed +#- name: Run the script that does osm-vector-maps housekeeping +# shell: /usr/bin/iiab-update-map + - name: Copy the Countries geojson to assets - copy: + copy: src: countries.json dest: '{{ vector_map_path }}/maplist/assets' # It is too complicated to use a single file for both iiab and admin-console - name: Copy the duplicated javascript to assets - copy: + copy: src: map_functions.js dest: '{{ vector_map_path }}/maplist/assets' @@ -78,7 +79,7 @@ when: not osm_vector_maps_enabled and is_debuntu - name: Copy the redirect to the test page -- delete this if more than one map - copy: + copy: src: test-index.redirect dest: "{{ vector_map_path }}/index.html" From ff9cbf68f2cc6988ca158cf37a020c8c825aa515 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 13:27:47 -0400 Subject: [PATCH 103/143] Move osm-vector-maps install to 7-edu-apps stage ? --- roles/4-server-options/tasks/main.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8974085e3..4c56b0572 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -13,12 +13,6 @@ when: named_install tags: base, named, network, domain -- name: Installing vector map test page - include_role: - name: osm-vector-maps - when: osm_vector_maps_install - tags: base, map - - name: Installing captive portal include_tasks: roles/captive-portal/tasks/main.yml when: captive_portal_install From 2e8a1afb3dbf84ef6be54c459670a5b641e0448a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 13:29:19 -0400 Subject: [PATCH 104/143] Moving osm-vector-maps install from 4-server-options? --- roles/7-edu-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 4d3db3278..30b1ac489 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -27,7 +27,7 @@ when: moodle_install tags: olpc, moodle -- name: OSM_VECTOR_MAPS +- name: OSM-VECTOR-MAPS include_role: name: osm-vector-maps when: osm_vector_maps_install From 6abc8e0d5bdd6eadf0595a5cd80583c46eacc8b1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 13:35:31 -0400 Subject: [PATCH 105/143] Ansible tags osm & maps (it was 3 tags, now it's 2!) --- roles/7-edu-apps/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 30b1ac489..6acb282d9 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -31,14 +31,14 @@ include_role: name: osm-vector-maps when: osm_vector_maps_install - tags: osm + tags: osm, maps # UNMAINTAINED - name: OSM include_role: name: osm when: osm_install is defined and osm_install - tags: osm + tags: osm, maps # UNMAINTAINED - name: PATHAGAR From 20dacbb8fa8b9b5b22d85992f1c670189e76a545 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 14:02:53 -0400 Subject: [PATCH 106/143] 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) --- roles/network/templates/gateway/iiab-gen-iptables | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 6e554aab9..1d12d1895 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -59,9 +59,9 @@ samba_tcp_mports={{ samba_tcp_mports }} # # # 0 = none # # 1 = ssh only # -# 2 = ssh + Admin Console # -# 3 = ssh + Admin Console + common IIAB services <-- THIS IS THE DEFAULT # -# 4 = ssh + Admin Console + common IIAB services + Samba # +# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) # +# 3 = ssh + http-or-https + common IIAB services <-- THIS IS THE DEFAULT # +# 4 = ssh + http-or-https + common IIAB services + Samba # # 5 = all but databases # # # # Then enable it with iptables by running: cd /opt/iiab/iiab; ./iiab-network # @@ -136,12 +136,15 @@ if [ "$ports_externally_visible" -ge 1 ]; then $IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT fi -# 2 = ssh + Admin Console +# For now this is implemented using Admin Console variable "gui_port" from: +# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/main.yml#L87-L95 +# +# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) if [ "$ports_externally_visible" -ge 2 ]; then $IPTABLES -A INPUT -p tcp --dport $gui_port -m state --state NEW -i $wan -j ACCEPT fi -# 3 = ssh + Admin Console + common IIAB services +# 3 = ssh + http-or-https + common IIAB services if [ "$ports_externally_visible" -ge 3 ]; then $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT @@ -163,7 +166,7 @@ if [ "$ports_externally_visible" -ge 3 ]; then fi fi -# 4 = ssh + Admin Console + common IIAB services + Samba +# 4 = ssh + http-or-https + common IIAB services + Samba if [ "$ports_externally_visible" -ge 4 ]; then $IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT From c74053ef527a5560ee5240e0fdbca75b29f75bf6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 14:04:14 -0400 Subject: [PATCH 107/143] also clarify "ports_externally_visible: 2" means http-or-https in avahi.yml --- roles/network/tasks/avahi.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 55f312004..7eafb5385 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -14,8 +14,11 @@ mode: 0640 #when: 'gui_wan == True' when: ports_externally_visible|int >= 2 - # Where "2" means "ssh + Admin Console" - # SEE: https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L52-L69 + # Where "2" means "ssh + http-or-https (for Admin Console's box.lan/admin too)" + # SEE ~18 line explanation in box near: + # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L52-L69 + # FOR NOW, $gui_port is used to open Admin Console port (http-or-https) here: + # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L139-L145 - name: Find avahi_ver for clean copy of ssh.service (not debuntu) shell: "ls /usr/share/doc/ | grep avahi | head -n1" From 72a7fead217bb9aa4ff9ccb507a2453a237a1f30 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 19 May 2019 19:25:03 -0400 Subject: [PATCH 108/143] kiwix-tools 1.2.0 -> 1.2.1 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index e9fbd0f7d..b4832ab97 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -10,9 +10,9 @@ # Which kiwix-tools to download from http://download.iiab.io/packages/ # As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/ -kiwix_version_armhf: "kiwix-tools_linux-armhf-1.2.0" -kiwix_version_linux64: "kiwix-tools_linux-x86_64-1.2.0" -kiwix_version_i686: "kiwix-tools_linux-i586-1.2.0" +kiwix_version_armhf: "kiwix-tools_linux-armhf-1.2.1" +kiwix_version_linux64: "kiwix-tools_linux-x86_64-1.2.1" +kiwix_version_i686: "kiwix-tools_linux-i586-1.2.1" # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") # v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier: From a5088f063d1e171d57cdd99f7bf4d56031ac1eef Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 19 May 2019 17:07:01 -0700 Subject: [PATCH 109/143] permit omt and sat to be used in filename --- roles/osm-vector-maps/templates/iiab-update-map | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 837bc9e85..d38bb0b7d 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -105,7 +105,7 @@ def get_installed_regions(): os.chdir(map_doc_root) for filename in os.listdir('.'): if fnmatch.fnmatch(filename, '??-osm-omt*'): - region = re.sub(r'^..-osm-omt_(.*)',r'\1',filename) + region = re.sub(r'^..-osm-..._(.*)',r'\1',filename) installed.append(region) # add the splash page if no other maps are present if len(installed) == 0: From 9a899b43141af853a12bcb8ae30ed21f88237e16 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sun, 19 May 2019 17:12:49 -0700 Subject: [PATCH 110/143] remove debug print statement --- roles/osm-vector-maps/templates/iiab-update-map | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index e80d869ae..0e312d705 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -127,7 +127,6 @@ def write_vector_map_idx(installed_maps): region = extract_region_from_filename(fname) if map == 'maplist': continue # not a real region map_dict = map_catalog['regions'].get(region,'') - print('check for %s in %s'%(region,map_dict)) if map_dict == '': continue # Create the idx file in format required bo js-menu system From 52fdf8983b27a5dfc86d3e1c5af3054edaaaab91 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 May 2019 02:06:47 -0400 Subject: [PATCH 111/143] add WAN-side rules even if Appliance (if WAN exists!) --- .../templates/gateway/iiab-gen-iptables | 159 +++++++++--------- 1 file changed, 78 insertions(+), 81 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 1d12d1895..9d25a9109 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -77,13 +77,13 @@ elif [ "$ports_externally_visible" -lt 0 ] || [ "$ports_externally_visible" -gt exit 1 fi -if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then - # Load iptables kernel modules - /sbin/modprobe ip_tables - /sbin/modprobe iptable_filter - /sbin/modprobe ip_conntrack - /sbin/modprobe iptable_nat -fi +#if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then +# Load iptables kernel modules +/sbin/modprobe ip_tables +/sbin/modprobe iptable_filter +/sbin/modprobe ip_conntrack +/sbin/modprobe iptable_nat +#fi # Delete all existing firewall rules $IPTABLES -F @@ -110,90 +110,81 @@ $IPTABLES -A INPUT -p udp --dport 5432 -j DROP $IPTABLES -A INPUT -p tcp --dport 5984 -j DROP $IPTABLES -A INPUT -p udp --dport 5984 -j DROP -save_rules_and_exit() { -{% if is_debuntu %} - netfilter-persistent save -{% else %} - iptables-save > $IPTABLES_DATA -{% endif %} - - exit 0 -} - -if [ "$wan" == "none" ] || [ "$network_mode" == "Appliance" ]; then - save_rules_and_exit -fi - # Allow established connections, and those not coming from the outside $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A INPUT -m state --state NEW -i $lan -j ACCEPT -# Allow mDNS from WAN-side too (WHY OUT OF CURIOSITY?) +# Allow mDNS from WAN-side too (ON PURPOSE? WHY OUT OF CURIOSITY?) $IPTABLES -A INPUT -p udp --dport 5353 -j ACCEPT -# 1 = ssh only -if [ "$ports_externally_visible" -ge 1 ]; then - $IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT -fi +#if [ "$wan" != "none" ] && [ "$network_mode" != "Appliance" ]; then +if [ "$wan" != "none" ]; then -# For now this is implemented using Admin Console variable "gui_port" from: -# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/main.yml#L87-L95 -# -# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) -if [ "$ports_externally_visible" -ge 2 ]; then - $IPTABLES -A INPUT -p tcp --dport $gui_port -m state --state NEW -i $wan -j ACCEPT -fi - -# 3 = ssh + http-or-https + common IIAB services -if [ "$ports_externally_visible" -ge 3 ]; then - $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $calibreweb_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $cups_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $nodered_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $mosquitto_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p udp --dport $minetest_port -m state --state NEW -i $wan -j ACCEPT - - if [ "$pbx_enabled" == "True" ]; then - $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_sip -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT + # 1 = ssh only + if [ "$ports_externally_visible" -ge 1 ]; then + $IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT fi -fi -# 4 = ssh + http-or-https + common IIAB services + Samba -if [ "$ports_externally_visible" -ge 4 ]; then - $IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT -fi + # For now this is implemented using Admin Console variable "gui_port" from: + # https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/main.yml#L87-L95 + # + # 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) + if [ "$ports_externally_visible" -ge 2 ]; then + $IPTABLES -A INPUT -p tcp --dport $gui_port -m state --state NEW -i $wan -j ACCEPT + fi -# Typically False, to keep students off the Internet -if [ "$iiab_gateway_enabled" == "True" ]; then - $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE -fi + # 3 = ssh + http-or-https + common IIAB services + if [ "$ports_externally_visible" -ge 3 ]; then + $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $calibreweb_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $cups_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $nodered_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $mosquitto_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p udp --dport $minetest_port -m state --state NEW -i $wan -j ACCEPT -# 3 or 4 IP forwarding rules -$IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT -# Block https traffic except if directed at server -if [ "$gw_block_https" == "True" ]; then - $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP -fi -# Allow outgoing connections from the LAN side -$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT -# Don't forward from the outside to the inside -$IPTABLES -A FORWARD -i $wan -o $lan -j DROP -# Enable routing (kernel IP forwarding) -echo 1 > /proc/sys/net/ipv4/ip_forward + if [ "$pbx_enabled" == "True" ]; then + $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_sip -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT + fi + fi + + # 4 = ssh + http-or-https + common IIAB services + Samba + if [ "$ports_externally_visible" -ge 4 ]; then + $IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT + fi + + # Typically False, to keep client machines (e.g. students) off the Internet + if [ "$iiab_gateway_enabled" == "True" ]; then + $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE + fi + + # 3 or 4 IP forwarding rules + $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT + # Block https traffic except if directed at server + if [ "$gw_block_https" == "True" ]; then + $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP + fi + # Allow outgoing connections from the LAN side + $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT + # Don't forward from the outside to the inside + $IPTABLES -A FORWARD -i $wan -o $lan -j DROP + # Enable routing (kernel IP forwarding) + echo 1 > /proc/sys/net/ipv4/ip_forward + + # 5 = "all but databases" + if [ "$ports_externally_visible" -lt 5 ]; then + # Drop everything else arriving via WAN + $IPTABLES -A INPUT -i $wan -j DROP + fi -# 5 = "all but databases" -if [ "$ports_externally_visible" -lt 5 ]; then - # Drop everything else arriving via WAN - $IPTABLES -A INPUT -i $wan -j DROP fi # TCP & UDP block of DNS port 53 if truly nec @@ -202,10 +193,16 @@ if [ "$block_DNS" == "True" ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53 fi -# If Squid enabled, indicated by /etc/iiab/iiab.env +# If Squid enabled, as indicated by "HTTPCACHE_ON=True" in /etc/iiab/iiab.env if [ "$HTTPCACHE_ON" == "True" ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128 fi # Save the whole rule set -save_rules_and_exit +{% if is_debuntu %} +netfilter-persistent save +{% else %} +iptables-save > $IPTABLES_DATA +{% endif %} + +exit 0 From 071d5987b70ea10d9e866411ece9ce0bfc4d04b7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 May 2019 02:43:43 -0400 Subject: [PATCH 112/143] http-vs-https clarified in network/tasks/avahi.yml --- roles/network/tasks/avahi.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 7eafb5385..3358492cf 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -17,8 +17,8 @@ # Where "2" means "ssh + http-or-https (for Admin Console's box.lan/admin too)" # SEE ~18 line explanation in box near: # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L52-L69 - # FOR NOW, $gui_port is used to open Admin Console port (http-or-https) here: - # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L139-L145 + # IF >= 2, Admin Console $gui_port from 0-init determines which port (http-or-https) is opened here: + # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L128-L134 - name: Find avahi_ver for clean copy of ssh.service (not debuntu) shell: "ls /usr/share/doc/ | grep avahi | head -n1" From 68676ef4448f30e01ec4fbf248dd16cb7b32b7f2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 May 2019 03:09:58 -0400 Subject: [PATCH 113/143] Comment points to iptables docs --- roles/network/templates/gateway/iiab-gen-iptables | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 9d25a9109..4fd46a2b9 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -90,8 +90,9 @@ $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -X -# First Match Wins - establish iptable rules, starting at the top: -# (you can verify the resulting rule set by running 'iptables -L -v') +# FIRST MATCH WINS - establish iptable rules, starting at the top: +# (verify the resulting rule set by running 'iptables -L -v') +# New to iptables? Run/read 'man iptables' & 'man iptables-extensions' # Always accept loopback traffic $IPTABLES -A INPUT -i lo -j ACCEPT From f5ed9d6966724083e776f8e397d11d8f11ef1d97 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 May 2019 03:30:40 -0400 Subject: [PATCH 114/143] iptables $gui_port comment --- roles/network/templates/gateway/iiab-gen-iptables | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 4fd46a2b9..cbaefa3aa 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -126,11 +126,10 @@ if [ "$wan" != "none" ]; then $IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT fi - # For now this is implemented using Admin Console variable "gui_port" from: - # https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/main.yml#L87-L95 - # # 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) if [ "$ports_externally_visible" -ge 2 ]; then + # For now this is implemented using Admin Console variable "gui_port" from: + # https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/main.yml#L87-L95 $IPTABLES -A INPUT -p tcp --dport $gui_port -m state --state NEW -i $wan -j ACCEPT fi From efd317d62f6ac82a0c9c8c8a3743e6ac635d714c Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 May 2019 03:31:28 -0400 Subject: [PATCH 115/143] Line number fix in comment --- roles/network/tasks/avahi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 3358492cf..179a0c16a 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -18,7 +18,7 @@ # SEE ~18 line explanation in box near: # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L52-L69 # IF >= 2, Admin Console $gui_port from 0-init determines which port (http-or-https) is opened here: - # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L128-L134 + # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L129-L134 - name: Find avahi_ver for clean copy of ssh.service (not debuntu) shell: "ls /usr/share/doc/ | grep avahi | head -n1" From b221473d644ffb42239911b1da6022b336738171 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 May 2019 03:57:04 -0400 Subject: [PATCH 116/143] iiab-gen-iptables 15+ core port rules alphabetized --- .../templates/gateway/iiab-gen-iptables | 34 ++++++++++--------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index cbaefa3aa..a91fa7b4f 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -32,20 +32,21 @@ block_DNS={{ block_DNS }} calibre_port={{ calibre_port }} calibreweb_port={{ calibreweb_port }} -kiwix_port={{ kiwix_port }} -kalite_server_port={{ kalite_server_port }} -kolibri_http_port={{ kolibri_http_port }} cups_port={{ cups_port }} -transmission_http_port={{ transmission_http_port }} -transmission_peer_port={{ transmission_peer_port }} -sugarizer_port={{ sugarizer_port }} -nodered_port={{ nodered_port }} -mosquitto_port={{ mosquitto_port }} +kalite_server_port={{ kalite_server_port }} +kiwix_port={{ kiwix_port }} +kolibri_http_port={{ kolibri_http_port }} minetest_port={{ minetest_port }} +mosquitto_port={{ mosquitto_port }} +nodered_port={{ nodered_port }} pbx_enabled={{ pbx_enabled }} pbx_signaling_ports_chan_sip={{ pbx_signaling_ports_chan_sip }} pbx_signaling_ports_chan_pjsip={{ pbx_signaling_ports_chan_pjsip }} pbx_data_ports={{ pbx_data_ports }} +sugarizer_port={{ sugarizer_port }} +transmission_http_port={{ transmission_http_port }} +transmission_peer_port={{ transmission_peer_port }} + samba_udp_ports={{ samba_udp_ports }} samba_tcp_mports={{ samba_tcp_mports }} @@ -135,24 +136,25 @@ if [ "$wan" != "none" ]; then # 3 = ssh + http-or-https + common IIAB services if [ "$ports_externally_visible" -ge 3 ]; then - $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $calibreweb_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $cups_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $nodered_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $mosquitto_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT - $IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $minetest_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $mosquitto_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $nodered_port -m state --state NEW -i $wan -j ACCEPT if [ "$pbx_enabled" == "True" ]; then $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_sip -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT fi + + $IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT + $IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT fi # 4 = ssh + http-or-https + common IIAB services + Samba From 98049544b16aba873a21e84547f922a1d3349c42 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 May 2019 04:03:39 -0400 Subject: [PATCH 117/143] Lines numbers fixed in comment --- roles/network/tasks/avahi.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 179a0c16a..d6dc43b11 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -16,9 +16,9 @@ when: ports_externally_visible|int >= 2 # Where "2" means "ssh + http-or-https (for Admin Console's box.lan/admin too)" # SEE ~18 line explanation in box near: - # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L52-L69 + # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L53-L70 # IF >= 2, Admin Console $gui_port from 0-init determines which port (http-or-https) is opened here: - # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L129-L134 + # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L130-L135 - name: Find avahi_ver for clean copy of ssh.service (not debuntu) shell: "ls /usr/share/doc/ | grep avahi | head -n1" From c137b60a571a73b0310776165498bd4c2b821de6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 21 May 2019 04:29:24 -0400 Subject: [PATCH 118/143] Lokole 0.4.0 -> 0.4.1 --- roles/lokole/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 9c34df898..e4aed76dc 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Info needed to install Lokole -lokole_version: 0.4.0 +lokole_version: 0.4.1 lokole_admin_user: admin # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!) lokole_admin_password: changeme lokole_install_path: "{{ content_base }}/lokole" # /library/lokole From 8b7ac36f813cf00009bac280a7264bfe93933ef1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 22 May 2019 17:37:43 -0400 Subject: [PATCH 119/143] Lokole 0.4.1 -> 0.4.2 --- roles/lokole/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index e4aed76dc..93389659d 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Info needed to install Lokole -lokole_version: 0.4.1 +lokole_version: 0.4.2 lokole_admin_user: admin # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!) lokole_admin_password: changeme lokole_install_path: "{{ content_base }}/lokole" # /library/lokole From 7fa7d1d40abc494a2d6ecd6d6aae1588fea6cd88 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 11:25:55 -0400 Subject: [PATCH 120/143] Enable masquerade only when "$lan" != "none" --- roles/network/templates/gateway/iiab-gen-iptables | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index a91fa7b4f..43cd5d4b7 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -15,10 +15,10 @@ IPTABLES_DATA=/etc/sysconfig/iptables source {{ iiab_env_file }} lan=$IIAB_LAN_DEVICE wan=$IIAB_WAN_DEVICE -network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` echo -e "\nLAN: $lan" echo -e "WAN: $wan" -echo -e "Network Mode: $network_mode\n" +#network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` +#echo -e "Network Mode: $network_mode\n" # "Good thing we replace this file; should be treated like Squid below" ? ports_externally_visible={{ ports_externally_visible }} @@ -164,7 +164,7 @@ if [ "$wan" != "none" ]; then fi # Typically False, to keep client machines (e.g. students) off the Internet - if [ "$iiab_gateway_enabled" == "True" ]; then + if [ "$iiab_gateway_enabled" == "True" ] && [ "$lan" == "none" ]; then $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE fi From df3455b1efbdddfbd2891293c61fe8c0fd907a63 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 16:37:23 -0400 Subject: [PATCH 121/143] Recommend 2.7.11 if running scripts/ansible-2.7.x --- scripts/ansible-2.7.x | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible-2.7.x b/scripts/ansible-2.7.x index 462d23e92..30a324c59 100755 --- a/scripts/ansible-2.7.x +++ b/scripts/ansible-2.7.x @@ -1,7 +1,7 @@ #!/bin/bash -e CURR_VER="undefined" # Ansible version you currently have installed -GOOD_VER="2.7.10" # For XO laptops (pip install) & CentOS (yum install rpm) +GOOD_VER="2.7.11" # For XO laptops (pip install) & CentOS (yum install rpm) # On other OS's we attempt the latest from PPA, which might be more recent export DEBIAN_FRONTEND=noninteractive From a55c7150e8e1af11dcfbad1f452cfc3322b301ce Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 17:00:27 -0400 Subject: [PATCH 122/143] enable masquerade only when "$lan" != "none" (typo fixed) --- roles/network/templates/gateway/iiab-gen-iptables | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 43cd5d4b7..e74fcc7e7 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -164,7 +164,7 @@ if [ "$wan" != "none" ]; then fi # Typically False, to keep client machines (e.g. students) off the Internet - if [ "$iiab_gateway_enabled" == "True" ] && [ "$lan" == "none" ]; then + if [ "$iiab_gateway_enabled" == "True" ] && [ "$lan" != "none" ]; then $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE fi From e8cc7b489755920d723e01dcc80351c0933a6734 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 17:50:40 -0400 Subject: [PATCH 123/143] Clarify http-or-https (for Admin Console's box.lan/admin too) --- vars/default_vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 27ee027db..de72bd389 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -97,9 +97,9 @@ adm_cons_allow_downloads: False # #ports_externally_visible: 0 # none #ports_externally_visible: 1 # ssh only -#ports_externally_visible: 2 # ssh + Admin Console -ports_externally_visible: 3 # ssh + Admin Console + common IIAB services -#ports_externally_visible: 4 # ssh + Admin Console + common IIAB services + Samba +#ports_externally_visible: 2 # ssh + http-or-https (for Admin Console's box.lan/admin too) +ports_externally_visible: 3 # ssh + http-or-https + common IIAB services +#ports_externally_visible: 4 # ssh + http-or-https + common IIAB services + Samba #ports_externally_visible: 5 # all but databases # # Or further customize your iptables firewall by editing: From dffe5bf120e46be940bad64880c67ccded7b5ce0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 17:50:51 -0400 Subject: [PATCH 124/143] Clarify http-or-https (for Admin Console's box.lan/admin too) --- vars/local_vars_min.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index b39b3e02d..c56d93e0a 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -46,9 +46,9 @@ hostapd_password: changeme # #ports_externally_visible: 0 # none #ports_externally_visible: 1 # ssh only -#ports_externally_visible: 2 # ssh + Admin Console -ports_externally_visible: 3 # ssh + Admin Console + common IIAB services -#ports_externally_visible: 4 # ssh + Admin Console + common IIAB services + Samba +#ports_externally_visible: 2 # ssh + http-or-https (for Admin Console's box.lan/admin too) +ports_externally_visible: 3 # ssh + http-or-https + common IIAB services +#ports_externally_visible: 4 # ssh + http-or-https + common IIAB services + Samba #ports_externally_visible: 5 # all but databases # # Or further customize your iptables firewall by editing: From 4f23ca93bd8de1a51228ce51d0e2c24e34076736 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 17:51:03 -0400 Subject: [PATCH 125/143] Clarify http-or-https (for Admin Console's box.lan/admin too) --- vars/local_vars_medium.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 7caca0830..20bece052 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -46,9 +46,9 @@ hostapd_password: changeme # #ports_externally_visible: 0 # none #ports_externally_visible: 1 # ssh only -#ports_externally_visible: 2 # ssh + Admin Console -ports_externally_visible: 3 # ssh + Admin Console + common IIAB services -#ports_externally_visible: 4 # ssh + Admin Console + common IIAB services + Samba +#ports_externally_visible: 2 # ssh + http-or-https (for Admin Console's box.lan/admin too) +ports_externally_visible: 3 # ssh + http-or-https + common IIAB services +#ports_externally_visible: 4 # ssh + http-or-https + common IIAB services + Samba #ports_externally_visible: 5 # all but databases # # Or further customize your iptables firewall by editing: From 7012946f1b192b73e1c5913cffa10c6bdbea9f33 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 17:52:03 -0400 Subject: [PATCH 126/143] Clarify http-or-https (for Admin Console's box.lan/admin too) --- vars/local_vars_big.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 8a61ff121..b1c704e1b 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -46,9 +46,9 @@ hostapd_password: changeme # #ports_externally_visible: 0 # none #ports_externally_visible: 1 # ssh only -#ports_externally_visible: 2 # ssh + Admin Console -ports_externally_visible: 3 # ssh + Admin Console + common IIAB services -#ports_externally_visible: 4 # ssh + Admin Console + common IIAB services + Samba +#ports_externally_visible: 2 # ssh + http-or-https (for Admin Console's box.lan/admin too) +ports_externally_visible: 3 # ssh + http-or-https + common IIAB services +#ports_externally_visible: 4 # ssh + http-or-https + common IIAB services + Samba #ports_externally_visible: 5 # all but databases # # Or further customize your iptables firewall by editing: From f826c138b8a72a2e219bf19328b217aabb0d9313 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 19:39:44 -0400 Subject: [PATCH 127/143] iptables doc tweak --- .../templates/gateway/iiab-gen-iptables | 43 ++++++++++--------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index e74fcc7e7..b1da75c35 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -1,9 +1,31 @@ #!/bin/bash -x -# To customize your iptables firewall, it's best to edit: +################################################################################ +# # +# IF YOU NEED TO CHANGE ports_externally_visible DO THAT IN: # +# # +# /etc/iiab/local_vars.yml # +# # +# This firewall variable must be an integer {0...5} as follows: # +# # +# 0 = none # +# 1 = ssh only # +# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) # +# 3 = ssh + http-or-https + common IIAB services <-- THIS IS THE DEFAULT # +# 4 = ssh + http-or-https + common IIAB services + Samba # +# 5 = all but databases # +# # +# Then enable it with iptables by running: cd /opt/iiab/iiab; ./iiab-network # +# # +################################################################################ + +# To further customize your iptables firewall, it's generally best to edit: # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables # And then run: cd /opt/iiab/iiab; ./iiab-network +# IIAB Networking Doc: +# https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables + {% if is_debuntu %} IPTABLES=/sbin/iptables IPTABLES_DATA=/etc/iptables.up.rules @@ -50,25 +72,6 @@ transmission_peer_port={{ transmission_peer_port }} samba_udp_ports={{ samba_udp_ports }} samba_tcp_mports={{ samba_tcp_mports }} -################################################################################ -# # -# IF YOU NEED TO CHANGE ports_externally_visible DO THAT IN: # -# # -# /etc/iiab/local_vars.yml # -# # -# This firewall variable must be an integer {0...5} as follows: # -# # -# 0 = none # -# 1 = ssh only # -# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) # -# 3 = ssh + http-or-https + common IIAB services <-- THIS IS THE DEFAULT # -# 4 = ssh + http-or-https + common IIAB services + Samba # -# 5 = all but databases # -# # -# Then enable it with iptables by running: cd /opt/iiab/iiab; ./iiab-network # -# # -################################################################################ - echo -e "\nports_externally_visible: "$ports_externally_visible"\n" if ! [ "$ports_externally_visible" -eq "$ports_externally_visible" ] 2> /dev/null; then echo "EXITING: an integer is required" From 3d976bebec8451aedcebff1ebfbc090be29d39cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 19:42:40 -0400 Subject: [PATCH 128/143] iptables doc tweak --- roles/network/tasks/avahi.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index d6dc43b11..b3db97db1 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -16,9 +16,9 @@ when: ports_externally_visible|int >= 2 # Where "2" means "ssh + http-or-https (for Admin Console's box.lan/admin too)" # SEE ~18 line explanation in box near: - # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L53-L70 + # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L3-L20 # IF >= 2, Admin Console $gui_port from 0-init determines which port (http-or-https) is opened here: - # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L130-L135 + # https://github.com/iiab/iiab/blob/master/roles/network/templates/gateway/iiab-gen-iptables#L133-L138 - name: Find avahi_ver for clean copy of ssh.service (not debuntu) shell: "ls /usr/share/doc/ | grep avahi | head -n1" From a68ae48b4e9ef7c95ebae6139fd2de7f3e18f0cd Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 May 2019 23:42:55 -0400 Subject: [PATCH 129/143] Apply @jvonau's "$lan" != "none" to fwd'ing (not just masq'ing) --- .../templates/gateway/iiab-gen-iptables | 33 ++++++++++--------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index e74fcc7e7..345be99c7 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -163,30 +163,31 @@ if [ "$wan" != "none" ]; then $IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT fi - # Typically False, to keep client machines (e.g. students) off the Internet - if [ "$iiab_gateway_enabled" == "True" ] && [ "$lan" != "none" ]; then - $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE - fi + if [ "$lan" != "none" ]; then + # Typically False, to keep client machines (e.g. students) off the Internet + if [ "$iiab_gateway_enabled" == "True" ]; then + $IPTABLES -A POSTROUTING -t nat -o $wan -j MASQUERADE + fi - # 3 or 4 IP forwarding rules - $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT - # Block https traffic except if directed at server - if [ "$gw_block_https" == "True" ]; then - $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP + # 3 or 4 IP forwarding rules + $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACCEPT + # Block https traffic except if directed at server + if [ "$gw_block_https" == "True" ]; then + $IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP + fi + # Allow outgoing connections from the LAN side + $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT + # Don't forward from the outside to the inside + $IPTABLES -A FORWARD -i $wan -o $lan -j DROP + # Enable routing (kernel IP forwarding) + echo 1 > /proc/sys/net/ipv4/ip_forward fi - # Allow outgoing connections from the LAN side - $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT - # Don't forward from the outside to the inside - $IPTABLES -A FORWARD -i $wan -o $lan -j DROP - # Enable routing (kernel IP forwarding) - echo 1 > /proc/sys/net/ipv4/ip_forward # 5 = "all but databases" if [ "$ports_externally_visible" -lt 5 ]; then # Drop everything else arriving via WAN $IPTABLES -A INPUT -i $wan -j DROP fi - fi # TCP & UDP block of DNS port 53 if truly nec From be5bbe8e5e37ab05b9bdfd68c93540e99f4fe6fa Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 May 2019 00:03:21 -0400 Subject: [PATCH 130/143] output tweak --- roles/network/templates/gateway/iiab-gen-iptables | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 744cd2c54..6bb396bb4 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -38,7 +38,7 @@ source {{ iiab_env_file }} lan=$IIAB_LAN_DEVICE wan=$IIAB_WAN_DEVICE echo -e "\nLAN: $lan" -echo -e "WAN: $wan" +echo -e "WAN: $wan\n" #network_mode=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" From 2ea775848a2bb923708fad87336c1c33186779b5 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 24 May 2019 01:51:03 -0400 Subject: [PATCH 131/143] Add |bool in network/tasks/restart.yml --- roles/network/tasks/restart.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index fd9ee0d49..b1b052ca4 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -15,13 +15,13 @@ name: "{{ proxy }}" state: stopped async: 120 - when: squid_install + when: squid_install | bool - name: Stop DansGuardian systemd: name: dansguardian state: stopped - when: dansguardian_install + when: dansguardian_install | bool - name: Restart DansGuardian service (dansguardian) except Ubuntu which needs reboot to activate systemd: @@ -40,7 +40,7 @@ systemd: name: wondershaper state: restarted - when: wondershaper_enabled + when: wondershaper_enabled | bool - name: Restart Avahi service (avahi-daemon) systemd: From 3eccbd9d60aa7acbbd478e2042e9ac39ee6cc770 Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 03:06:43 -0400 Subject: [PATCH 132/143] '| bool' for Ansible 2.8; prep U18+ --- roles/network/tasks/avahi.yml | 4 ++-- roles/network/tasks/computed_network.yml | 4 ++-- roles/network/tasks/dansguardian.yml | 2 +- roles/network/tasks/debian.yml | 4 ++-- roles/network/tasks/detected_network.yml | 4 ++-- roles/network/tasks/dhcpd.yml | 14 +++++++------- roles/network/tasks/down-debian.yml | 4 ++-- roles/network/tasks/hostapd.yml | 4 ++-- roles/network/tasks/ifcfg_mods.yml | 4 ++-- roles/network/tasks/main.yml | 4 ++-- roles/network/tasks/named.yml | 4 ++-- roles/network/tasks/netplan.yml | 2 +- roles/network/tasks/redetect.yml | 4 ++-- roles/network/tasks/squid.yml | 4 ++-- roles/network/tasks/sysd-netd-debian.yml | 5 +++-- 15 files changed, 34 insertions(+), 33 deletions(-) diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index b3db97db1..8639e7758 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -3,7 +3,7 @@ name: avahi createhome: no shell: /bin/false - when: is_debuntu + when: is_debuntu | bool - name: Install avahi announce config file /etc/avahi/services/schoolserver.service template: @@ -37,7 +37,7 @@ copy: src: /usr/share/doc/avahi-daemon/examples/ssh.service dest: /etc/avahi/services/ - when: is_debuntu + when: is_debuntu | bool - name: Set ssh port for avahi lineinfile: diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 57b48ba06..9f2fed302 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -60,7 +60,7 @@ - name: Checking iiab_wan_enabled set_fact: user_wan_iface: "none" - when: 'not iiab_wan_enabled' + when: not iiab_wan_enabled # gui wants LanController # keeps ifcfg-WAN but onboot=no # the change over might be a little bumpy ATM. @@ -141,7 +141,7 @@ set_fact: iiab_lan_iface: "br0" iiab_wireless_lan_iface: "wlan0" - when: is_rpi + when: is_rpi | bool - name: Enable hostapd if discovered_wireless_iface is not WAN set_fact: diff --git a/roles/network/tasks/dansguardian.yml b/roles/network/tasks/dansguardian.yml index 4433716fc..7f76cfb5b 100644 --- a/roles/network/tasks/dansguardian.yml +++ b/roles/network/tasks/dansguardian.yml @@ -21,7 +21,7 @@ owner: dansguardian group: dansguardian mode: 0640 - when: is_debuntu + when: is_debuntu | bool - name: Install /etc/dansguardian/dansguardian.conf from template (CentOS) template: diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 1f9101e9c..0c18c323b 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -73,13 +73,13 @@ service: name: dhcpd state: stopped - when: dhcpd_install + when: dhcpd_install | bool - name: dhcpd_server may be affected - stopping dnsmasq service: name: dnsmasq state: stopped - when: dnsmasq_install + when: dnsmasq_install | bool - name: Reload systemd systemd: diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 11fb3bcfa..457947b84 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -17,7 +17,7 @@ - name: Red Hat network detection (redhat) include_tasks: detected_redhat.yml - when: is_redhat + when: is_redhat | bool - name: Setting dhcpcd_test results set_fact: @@ -40,7 +40,7 @@ - name: Check /etc/network/interfaces for gateway shell: grep {{ device_gw }} /etc/network/interfaces | wc -l - when: is_debuntu + when: is_debuntu | bool register: wan_file - name: Setting wan_in_interfaces diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml index 2a7aee006..1b46b0238 100644 --- a/roles/network/tasks/dhcpd.yml +++ b/roles/network/tasks/dhcpd.yml @@ -2,7 +2,7 @@ package: name: isc-dhcp-server state: present - when: is_debuntu + when: is_debuntu | bool tags: - download @@ -18,21 +18,21 @@ user: name: dhcpd createhome: no - when: is_debuntu + when: is_debuntu | bool - name: Disable stock dhcp_service (debuntu) service: name: "{{ dhcp_service }}" enabled: no state: stopped - when: is_debuntu + when: is_debuntu | bool -- name: Disable stock dhcp_service ipv6 (ubuntu-18) +- name: Disable stock dhcp_service ipv6 (ubuntu-18 and higher) service: name: "{{ dhcp_service }}6" enabled: no state: stopped - when: is_ubuntu_18 + when: is_ubuntu and not is_ubuntu_16 - name: Install systemd unit file to /etc/systemd/system/dhcpd.service template: @@ -48,7 +48,7 @@ command: touch /var/lib/dhcpd/dhcpd.leases args: creates: /var/lib/dhcpd/dhcpd.leases - when: is_redhat + when: is_redhat | bool - name: Set dhcpd.leases permissions/ownership (redhat) file: @@ -57,4 +57,4 @@ group: dhcpd mode: 0644 state: file - when: is_redhat + when: is_redhat | bool diff --git a/roles/network/tasks/down-debian.yml b/roles/network/tasks/down-debian.yml index c5954a72a..fb5589d0f 100644 --- a/roles/network/tasks/down-debian.yml +++ b/roles/network/tasks/down-debian.yml @@ -16,10 +16,10 @@ service: name: dhcpd state: stopped - when: dhcpd_install + when: dhcpd_install | bool - name: dhcpd_server may be affected - stopping dnsmasq service: name: dnsmasq state: stopped - when: dnsmasq_install + when: dnsmasq_install | bool diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index f44cce108..3447c2b6b 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -31,7 +31,7 @@ owner: root group: root mode: 0755 - when: is_rpi + when: is_rpi | bool - name: Create /usr/bin/iiab-hotspot-off from template template: @@ -40,7 +40,7 @@ owner: root group: root mode: 0755 - when: is_rpi + when: is_rpi | bool - name: Disable the Access Point 'hostapd' service systemd: diff --git a/roles/network/tasks/ifcfg_mods.yml b/roles/network/tasks/ifcfg_mods.yml index 444f3241f..98073f580 100644 --- a/roles/network/tasks/ifcfg_mods.yml +++ b/roles/network/tasks/ifcfg_mods.yml @@ -36,13 +36,13 @@ service: name: dhcpd state: stopped - when: dhcpd_install + when: dhcpd_install | bool - name: dhcpd_server may be affected - stopping dnsmasq service: name: dnsmasq state: stopped - when: dnsmasq_install + when: dnsmasq_install | bool - name: Stop the LAN/Bridge deleting iiab-LAN shell: nmcli con delete id iiab-LAN diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 5f2fa02a5..d44449973 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -57,7 +57,7 @@ - name: Configure wondershaper include_tasks: wondershaper.yml - when: wondershaper_install + when: wondershaper_install | bool tags: - network - wondershaper @@ -99,7 +99,7 @@ #### Start network layout - name: Redhat networking include_tasks: ifcfg_mods.yml - when: is_redhat + when: is_redhat | bool #and not installing tags: - network diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index d3b03382f..37343c9fa 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -4,7 +4,7 @@ - bind9 - bind9utils state: present - when: is_debuntu + when: is_debuntu | bool tags: - download @@ -79,7 +79,7 @@ template: src: roles/network/templates/named/dns-jail.conf dest: "/etc/{{ apache_config_dir }}/" - when: dns_jail_enabled + when: dns_jail_enabled | bool - name: Create symlink dns-jail.conf from sites-enabled to sites-available (if debuntu and dns_jail_enabled) file: diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index b9fd2bd40..69959b77f 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -27,7 +27,7 @@ enabled: yes with_items: - systemd-networkd-wait-online - when: systemd_networkd_active + when: systemd_networkd_active | bool # ICO will always set gui_static_wan_ip away from the default of 'unset' while # gui_static_wan turns dhcp on/off through wan_ip in computed_network and diff --git a/roles/network/tasks/redetect.yml b/roles/network/tasks/redetect.yml index 47cf687d3..dd01ada0d 100644 --- a/roles/network/tasks/redetect.yml +++ b/roles/network/tasks/redetect.yml @@ -57,7 +57,7 @@ shell: nmcli conn up id iiab-WAN register: dhcp_WAN ignore_errors: yes - when: has_WAN + when: has_WAN | bool - name: BAD ifcfg-WAN debug: @@ -117,7 +117,7 @@ register: ifcfg_dhcp_device ignore_errors: True changed_when: False - when: dhcp_good + when: dhcp_good | bool - name: Setting has ifcfg gw based on device if found set_fact: diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 6b71e882c..55cb28fcd 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -9,7 +9,7 @@ - name: "Bigger hammer for Ubuntu, run: /etc/init.d/squid stop" command: /etc/init.d/squid stop - when: is_ubuntu + when: is_ubuntu | bool - name: Stop Squid service: @@ -79,7 +79,7 @@ state: directory - include_tasks: roles/network/tasks/dansguardian.yml - when: dansguardian_install + when: dansguardian_install | bool # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8 - name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }} diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index bfacace0d..7bc70071b 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -33,11 +33,12 @@ wan_cidr: "{{ CIDR.stdout }}" when: wan_ip != "dhcp" -- name: Supply static WAN template +- name: Supply static WAN template (ubuntu-16) template: dest: /etc/systemd/network/IIAB-Static.network src: network/systemd-static-net.j2 - when: wan_ip != "dhcp" and not is_ubuntu_18 + when: wan_ip != "dhcp" and is_ubuntu_16 + #when: wan_ip != "dhcp" and not is_ubuntu_18 - name: Stopping services include_tasks: down-debian.yml From 2e3c4b7b2e318ebf73a48d702b0dc9a09a8a46c9 Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 03:13:52 -0400 Subject: [PATCH 133/143] comments preserve hardcoded U18 clauses --- roles/network/tasks/computed_network.yml | 1 + roles/network/tasks/dhcpd.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 9f2fed302..51b65497d 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -61,6 +61,7 @@ set_fact: user_wan_iface: "none" when: not iiab_wan_enabled + #when: 'not iiab_wan_enabled' # gui wants LanController # keeps ifcfg-WAN but onboot=no # the change over might be a little bumpy ATM. diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml index 1b46b0238..b00d659fd 100644 --- a/roles/network/tasks/dhcpd.yml +++ b/roles/network/tasks/dhcpd.yml @@ -33,6 +33,7 @@ enabled: no state: stopped when: is_ubuntu and not is_ubuntu_16 + #when: is_ubuntu_18 - name: Install systemd unit file to /etc/systemd/system/dhcpd.service template: From 4652d3505a75593535372dcb866616c1692d3276 Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 03:26:21 -0400 Subject: [PATCH 134/143] @holta --- roles/0-init/tasks/hostname.yml | 4 ++-- roles/0-init/tasks/main.yml | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 289b5a66e..603b280e1 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -13,7 +13,7 @@ - name: 'Turn the crank for systemd: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" (debuntu)' shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" - when: is_debuntu + when: is_debuntu | bool - name: Install /etc/sysconfig/network from template (redhat) template: @@ -22,7 +22,7 @@ owner: root group: root mode: 0644 - when: is_redhat + when: is_redhat | bool - name: Put hostnames "127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}" in /etc/hosts lineinfile: diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index a16a68a29..fe8f9a1e1 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -14,7 +14,7 @@ # sections once and only once to preserve the install date and git hash. - name: Create IIAB directory structure and {{ iiab_ini_file }}, if first_run include_tasks: first_run.yml - when: first_run + when: first_run | bool #- name: Loading computed_vars # include_tasks: roles/0-init/tasks/computed_vars.yml @@ -92,7 +92,7 @@ - name: Set port 443 for Admin Console if adm_cons_force_ssl set_fact: gui_port: 443 - when: adm_cons_force_ssl + when: adm_cons_force_ssl | bool - name: Turn on both vars for MySQL (mandatory in Stage 3!) set_fact: @@ -127,12 +127,12 @@ - name: "Set python_path: /lib/python2.7/site-packages/ (redhat)" set_fact: python_path: /lib/python2.7/site-packages/ - when: is_redhat + when: is_redhat | bool - name: "Set python_path: /usr/local/lib/python2.7/dist-packages/ (debuntu)" set_fact: python_path: /usr/local/lib/python2.7/dist-packages/ - when: is_debuntu + when: is_debuntu | bool # For various reasons the mysql service cannot be enabled on Fedora 20, but # 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'. @@ -154,7 +154,7 @@ #- name: "Set mysql_service: mysql (debuntu)" # set_fact: # mysql_service: mysql -# when: is_debuntu +# when: is_debuntu | bool - name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}" set_fact: @@ -168,7 +168,7 @@ - name: Set hostname if FQDN_changed include_tasks: hostname.yml - when: FQDN_changed + when: FQDN_changed | bool - name: Add 'runtime' variable values to {{ iiab_ini_file }} ini_file: From eb7d5ea706d5fab78cbb065df397d92666a3c51c Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 May 2019 04:54:00 -0400 Subject: [PATCH 135/143] roles/0-init/tasks/main.yml indentation --- roles/0-init/tasks/main.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index fe8f9a1e1..196569b2d 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -202,21 +202,21 @@ - option: product_id value: "{{ ansible_product_uuid }}" - option: gw_active - value: "{{ gw_active }}" + value: "{{ gw_active }}" - option: internet_available - value: "{{ internet_available }}" + value: "{{ internet_available }}" - option: is_rpi - value: "{{ is_rpi }}" + value: "{{ is_rpi }}" - option: first_run - value: "{{ first_run }}" + value: "{{ first_run }}" - option: local_tz - value: "{{ local_tz }}" + value: "{{ local_tz }}" - option: no_NM_reload value: "{{ no_NM_reload }}" - option: is_F18 value: "{{ is_F18 }}" - option: FQDN_changed - value: "{{ FQDN_changed }}" + value: "{{ FQDN_changed }}" - name: Add 'runtime' variable 'is_VM' value if defined, to {{ iiab_ini_file }} ini_file: @@ -226,7 +226,7 @@ value: "{{ item.value }}" with_items: - option: is_VM - value: "yes" + value: "yes" when: is_VM is defined - name: STAGE 0 HAS COMPLETED ====================================== From 58637ef3fa32c6ac486d1f98ba8e21c7c404e07e Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 04:56:10 -0400 Subject: [PATCH 136/143] Proper boolean values for var gw_active --- roles/0-init/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 1c5ec2081..945996088 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -8,7 +8,7 @@ first_run: False rpi_model: none is_rpi: False xo_model: none -gw_active: none +gw_active: False internet_available: False discovered_wan_iface: none From 6d7adf00a2278ced1316329bbb8a001cf0de13ab Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 14:04:14 -0400 Subject: [PATCH 137/143] (PRE-)release version# more visible --- roles/0-init/defaults/main.yml | 7 ++++--- vars/default_vars.yml | 8 +++++++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 945996088..517936aa0 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -1,6 +1,7 @@ -# Use these to tag a release at a point in time, for {{ iiab_env_file }} -iiab_base_ver: 7.0 -iiab_revision: 0 +# (PRE-)release version number, for {{ iiab_env_file }} = /etc/iiab/iiab.env +# iiab_base_ver: 7.0 +# iiab_revision: 0 +# ABOVE MOVED TO /opt/iiab/iiab/vars/default_vars.yml # These entries should never be changed in this file. # These are defaults for boolean routines. diff --git a/vars/default_vars.yml b/vars/default_vars.yml index aa86dde14..da6ea653c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -4,8 +4,14 @@ # By convention we use True/False to indicate boolean values. -# Configuration Files +# (PRE-)release version number, for {{ iiab_env_file }} +iiab_base_ver: 7.0 +iiab_revision: 0 + +# Main configuration file iiab_local_vars_file: /etc/iiab/local_vars.yml + +# Installation status files iiab_env_file: /etc/iiab/iiab.env iiab_ini_file: /etc/iiab/iiab.ini From 87fa63baba99e2a18cbfa6bc4cc56b3f046242ef Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 May 2019 14:17:17 -0400 Subject: [PATCH 138/143] Mention IIAB at top of default_vars.yml --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index da6ea653c..3ffff9dd9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -2,9 +2,9 @@ # PUT YOUR CUSTOMIZATIONS HERE: /etc/iiab/local_vars.yml # READ "What is local_vars.yml and how do I customize it?" IN http://FAQ.IIAB.IO -# By convention we use True/False to indicate boolean values. +# Internet-in-a-Box (IIAB) uses True/False to indicate boolean values. -# (PRE-)release version number, for {{ iiab_env_file }} +# IIAB (PRE-)release version number, for {{ iiab_env_file }} iiab_base_ver: 7.0 iiab_revision: 0 From 3a1ccf3638ffe971410a08c0842c8c8151d95744 Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 18:33:10 -0400 Subject: [PATCH 139/143] 'when: X' -> 'when: X | bool' for Ansibl 2.8 --- roles/0-init/tasks/main.yml | 2 +- roles/1-prep/tasks/main.yml | 6 ++--- roles/1-prep/tasks/raspberry_pi.yml | 4 ++-- roles/2-common/tasks/iptables.yml | 4 ++-- roles/2-common/tasks/packages.yml | 4 ++-- roles/2-common/tasks/yum-historical.yml | 14 +++++------ roles/4-server-options/tasks/main.yml | 18 +++++++------- roles/5-xo-services/tasks/main.yml | 6 ++--- roles/6-generic-apps/tasks/main.yml | 24 +++++++++---------- roles/7-edu-apps/tasks/main.yml | 12 +++++----- roles/8-mgmt-tools/tasks/main.yml | 12 +++++----- roles/9-local-addons/tasks/main.yml | 6 ++--- roles/activity-server/tasks/main.yml | 2 +- roles/ajenti/tasks/ajenti-wondershaper.yml | 2 +- roles/ajenti/tasks/main.yml | 2 +- roles/authserver/tasks/main.yml | 4 ++-- roles/awstats/tasks/install.yml | 10 ++++---- roles/awstats/tasks/main.yml | 2 +- roles/calibre-web/tasks/main.yml | 18 +++++++------- roles/calibre/tasks/main.yml | 2 +- roles/calibre/tasks/py-installer.yml | 4 ++-- roles/captive-portal/tasks/main.yml | 12 +++++----- roles/cups/tasks/main.yml | 4 ++-- roles/docker/tasks/main.yml | 4 ++-- roles/dokuwiki/tasks/install.yml | 4 ++-- roles/dokuwiki/tasks/main.yml | 2 +- roles/ejabberd/tasks/main.yml | 4 ++-- roles/elgg/tasks/main.yml | 2 +- roles/gitea/tasks/install.yml | 6 ++--- roles/gitea/tasks/main.yml | 2 +- roles/homepage/tasks/main.yml | 2 +- roles/httpd/tasks/main.yml | 22 ++++++++--------- roles/httpd/tasks/php-stem.yml | 4 ++-- roles/idmgr/tasks/main.yml | 2 +- roles/iiab-admin/tasks/admin-user.yml | 2 +- roles/iiab-admin/tasks/main.yml | 2 +- roles/kalite/tasks/install-f18.yml | 2 +- roles/kalite/tasks/install.yml | 2 +- roles/kalite/tasks/main.yml | 2 +- roles/kiwix/tasks/kiwix_install.yml | 12 +++++----- roles/kiwix/tasks/main.yml | 2 +- roles/kolibri/tasks/main.yml | 12 +++++----- roles/lokole/tasks/install.yml | 4 ++-- roles/lokole/tasks/main.yml | 2 +- roles/mediawiki/tasks/install.yml | 2 +- roles/mediawiki/tasks/main.yml | 2 +- roles/minetest/tasks/calc_vars.yml | 2 +- roles/minetest/tasks/main.yml | 2 +- roles/minetest/tasks/minetest_install.yml | 2 +- roles/minetest/tasks/rpi_minetest_install.yml | 2 +- roles/mongodb/tasks/main.yml | 6 ++--- roles/monit/tasks/main.yml | 2 +- roles/moodle/tasks/main.yml | 8 +++---- roles/mosquitto/tasks/main.yml | 12 +++++----- roles/munin/tasks/main.yml | 6 ++--- roles/mysql/tasks/main.yml | 20 ++++++++-------- roles/network/tasks/dhcpd.yml | 2 +- roles/network/tasks/main.yml | 2 +- roles/nextcloud/tasks/F18.yml | 2 +- roles/nextcloud/tasks/main.yml | 12 +++++----- roles/nextcloud/tasks/nextcloud_enabled.yml | 2 +- roles/nodered/tasks/main.yml | 14 +++++------ roles/nodogsplash/tasks/main.yml | 2 +- roles/nodogsplash/tasks/rpi.yml | 4 ++-- roles/openvpn/tasks/main.yml | 6 ++--- roles/osm/tasks/main.yml | 8 +++---- roles/owncloud/tasks/main.yml | 8 +++---- roles/pathagar/tasks/main.yml | 4 ++-- roles/pbx/tasks/asterisk.yml | 2 +- roles/pbx/tasks/chan_dongle.yml | 2 +- roles/pbx/tasks/freepbx.yml | 4 ++-- roles/pbx/tasks/freepbx_enable.yml | 2 +- roles/pbx/tasks/main.yml | 2 +- roles/phpmyadmin/tasks/main.yml | 4 ++-- roles/postgresql/tasks/main.yml | 10 ++++---- roles/samba/tasks/main.yml | 4 ++-- roles/schooltool/tasks/main.yml | 4 ++-- roles/sshd/tasks/main.yml | 10 ++++---- roles/sugar-stats/tasks/main.yml | 2 +- .../tasks/statistics-consolidation.yml | 2 +- roles/sugarizer/tasks/main.yml | 12 +++++----- roles/teamviewer/tasks/install.yml | 2 +- roles/teamviewer/tasks/main.yml | 2 +- roles/transmission/tasks/main.yml | 2 +- roles/usb-lib/tasks/main.yml | 8 +++---- roles/wordpress/tasks/install.yml | 2 +- roles/wordpress/tasks/main.yml | 2 +- roles/xovis/tasks/main.yml | 14 +++++------ vars/default_vars.yml | 2 +- 89 files changed, 248 insertions(+), 248 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 196569b2d..48954b796 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -109,7 +109,7 @@ # set_fact: # mongodb_install: True # mongodb_enabled: True -# when: sugarizer_enabled +# when: sugarizer_enabled | bool # There might be other db's - name: Turn on both vars for PostgreSQL if moodle_enabled or pathagar_enabled diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 635112ac0..44ac1f6d2 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -9,7 +9,7 @@ - uuid-runtime - sudo state: present - when: is_debuntu + when: is_debuntu | bool - name: Does /etc/iiab/uuid file exist? stat: @@ -77,7 +77,7 @@ - name: OPENVPN include_role: name: openvpn - when: openvpn_install + when: openvpn_install | bool tags: openvpn # for rpi, without rtc, we need time as soon as possible @@ -106,7 +106,7 @@ name: apparmor enabled: False state: stopped - when: is_ubuntu + when: is_ubuntu | bool ignore_errors: true - name: Disable SELinux on next boot (OS's other than debuntu) diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml index 564228a95..22efe6934 100644 --- a/roles/1-prep/tasks/raspberry_pi.yml +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -37,14 +37,14 @@ path: /etc/dphys-swapfile regexp: "^CONF_SWAPSIZE" line: CONF_SWAPSIZE=500 - when: is_debuntu + when: is_debuntu | bool - name: Restart swap service "dphys-swapfile" (debuntu) #command: /etc/init.d/dphys-swapfile restart service: # A rare/legacy service that is NOT systemd name: dphys-swapfile state: restarted - when: is_debuntu + when: is_debuntu | bool - name: Install RPi rootfs resizing (iiab-rpi-max-rootfs.sh) and its systemd service (iiab-rpi-root-resize.service), from templates template: diff --git a/roles/2-common/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml index 02db8ee97..7a1729b77 100644 --- a/roles/2-common/tasks/iptables.yml +++ b/roles/2-common/tasks/iptables.yml @@ -35,7 +35,7 @@ package: name: iptables-persistent state: present - when: is_debuntu + when: is_debuntu | bool tags: - download @@ -60,4 +60,4 @@ src: iptables dest: /etc/network/if-pre-up.d/iptables mode: 0755 - when: is_debuntu + when: is_debuntu | bool diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 348fa0524..e47e6b095 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -12,7 +12,7 @@ - xml-common - yum-utils state: present - when: is_redhat + when: is_redhat | bool - name: Install {{ iiab_download_url }}/usbmount_0.0.14.1_all.deb, missing from Debian (debian-9 or debian-10, if NOT rpi) apt: @@ -31,7 +31,7 @@ - libnss-mdns - wpasupplicant state: present - when: is_debuntu + when: is_debuntu | bool - name: "Install 22 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget" package: diff --git a/roles/2-common/tasks/yum-historical.yml b/roles/2-common/tasks/yum-historical.yml index 8db268c37..a91498b81 100644 --- a/roles/2-common/tasks/yum-historical.yml +++ b/roles/2-common/tasks/yum-historical.yml @@ -13,18 +13,18 @@ - name: get the createrepo program package: name=createrepo state=present - when: is_redhat + when: is_redhat | bool - name: Create local repo shell: createrepo {{ yum_packages_dir }} - when: is_redhat + when: is_redhat | bool - name: Install local repo file. template: dest=/etc/yum.repos.d/iiab-local.repo src=local.repo owner=root mode=0644 - when: is_redhat + when: is_redhat | bool - name: Install yum packages package: name={{ item }} @@ -36,7 +36,7 @@ - linux-firmware - syslog - xml-common - when: is_redhat + when: is_redhat | bool - name: Install yum packages for Debian package: name={{ item }} @@ -44,7 +44,7 @@ with_items: - inetutils-syslogd - wpasupplicant - when: is_debuntu + when: is_debuntu | bool - name: Install common packages package: name={{ item }} @@ -82,7 +82,7 @@ - glibc # CVE-2015-7547 - bash - iptables - when: is_redhat + when: is_redhat | bool - name: Update common packages (debian) package: name={{ item }} @@ -91,7 +91,7 @@ - libc6 - bash - iptables - when: is_debuntu + when: is_debuntu | bool # instuctions state to start with a fully updated system before starting, stop using diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 4c56b0572..eca44a6fb 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -5,27 +5,27 @@ - name: Install dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml - when: dnsmasq_install + when: dnsmasq_install | bool tags: base, domain, dnsmasq, network - name: Install named / BIND include_tasks: roles/network/tasks/named.yml - when: named_install + when: named_install | bool tags: base, named, network, domain - name: Installing captive portal include_tasks: roles/captive-portal/tasks/main.yml - when: captive_portal_install + when: captive_portal_install | bool tags: base, captive-portal, network, domain - name: Installing dhcpd include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install + when: dhcpd_install | bool tags: base, dhcpd, network, domain - name: Install Squid (and DansGuardian if dansguardian_install) include_tasks: roles/network/tasks/squid.yml - when: squid_install + when: squid_install | bool tags: base, squid, network, domain # NETWORK moved to the very end, after Stage 9 (9-LOCAL-ADDONS) @@ -47,7 +47,7 @@ - name: POSTGRESQL include_role: name: postgresql - when: postgresql_install + when: postgresql_install | bool tags: postgresql, pathagar, moodle # UNMAINTAINED @@ -60,19 +60,19 @@ - name: CUPS include_role: name: cups - when: cups_install + when: cups_install | bool tags: cups - name: SAMBA include_role: name: samba - when: samba_install + when: samba_install | bool tags: samba - name: USB-LIB include_role: name: usb-lib - when: usb_lib_install + when: usb_lib_install | bool tags: usb-lib - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) diff --git a/roles/5-xo-services/tasks/main.yml b/roles/5-xo-services/tasks/main.yml index c1645d5be..80fc5146d 100644 --- a/roles/5-xo-services/tasks/main.yml +++ b/roles/5-xo-services/tasks/main.yml @@ -6,19 +6,19 @@ - name: ACTIVITY-SERVER include_role: name: activity-server - when: activity_server_install + when: activity_server_install | bool tags: olpc, activity-server - name: EJABBERD_XS include_role: name: ejabberd_xs - when: ejabberd_xs_install + when: ejabberd_xs_install | bool tags: olpc, ejabberd-xs - name: IDMGR include_role: name: idmgr - when: idmgr_install + when: idmgr_install | bool tags: olpc, idmgr - name: Recording STAGE 5 HAS COMPLETED ===================== diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index a0eff2ca3..b90927af7 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -6,73 +6,73 @@ - name: DOKUWIKI include_role: name: dokuwiki - when: dokuwiki_install + when: dokuwiki_install | bool tags: dokuwiki - name: MEDIAWIKI include_role: name: mediawiki - when: mediawiki_install + when: mediawiki_install | bool tags: mediawiki - name: EJABBERD include_role: name: ejabberd - when: ejabberd_install + when: ejabberd_install | bool tags: ejabberd - name: ELGG include_role: name: elgg - when: elgg_install + when: elgg_install | bool tags: elgg - name: GITEA include_role: name: gitea - when: gitea_install + when: gitea_install | bool tags: gitea - name: LOKOLE include_role: name: lokole - when: lokole_install + when: lokole_install | bool tags: lokole - name: MOSQUITTO include_role: name: mosquitto - when: mosquitto_install + when: mosquitto_install | bool tags: mosquitto - name: NODE-RED include_role: name: nodered - when: nodered_install + when: nodered_install | bool tags: nodered - name: NEXTCLOUD include_role: name: nextcloud - when: nextcloud_install + when: nextcloud_install | bool tags: nextcloud #- name: OWNCLOUD # include_role: # name: owncloud -# when: owncloud_install +# when: owncloud_install | bool # tags: owncloud - name: PBX include_role: name: pbx - when: pbx_install + when: pbx_install | bool tags: pbx - name: WORDPRESS include_role: name: wordpress - when: wordpress_install + when: wordpress_install | bool tags: wordpress - name: Recording STAGE 6 HAS COMPLETED ==================== diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 6acb282d9..7c6d89823 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -6,31 +6,31 @@ - name: KALITE include_role: name: kalite - when: kalite_install + when: kalite_install | bool tags: kalite - name: KOLIBRI include_role: name: kolibri - when: kolibri_install + when: kolibri_install | bool tags: kolibri - name: KIWIX include_role: name: kiwix - when: kiwix_install + when: kiwix_install | bool tags: kiwix - name: MOODLE include_role: name: moodle - when: moodle_install + when: moodle_install | bool tags: olpc, moodle - name: OSM-VECTOR-MAPS include_role: name: osm-vector-maps - when: osm_vector_maps_install + when: osm_vector_maps_install | bool tags: osm, maps # UNMAINTAINED @@ -50,7 +50,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install + when: sugarizer_install | bool tags: sugarizer - name: Recording STAGE 7 HAS COMPLETED ======================== diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index f0522a44a..806b24f8f 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -6,31 +6,31 @@ - name: TRANSMISSION include_role: name: transmission - when: transmission_install + when: transmission_install | bool tags: transmission - name: AWSTATS include_role: name: awstats - when: awstats_install + when: awstats_install | bool tags: awstats - name: MONIT include_role: name: monit - when: monit_install + when: monit_install | bool tags: monit - name: MUNIN include_role: name: munin - when: munin_install + when: munin_install | bool tags: munin - name: PHPMYADMIN include_role: name: phpmyadmin - when: phpmyadmin_install + when: phpmyadmin_install | bool tags: phpmyadmin # UNMAINTAINED @@ -50,7 +50,7 @@ - name: VNSTAT include_role: name: vnstat - when: vnstat_install + when: vnstat_install | bool tags: vnstat # UNMAINTAINED diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index fa65a7f2f..e7cc59aef 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -6,19 +6,19 @@ - name: CALIBRE include_role: name: calibre - when: calibre_install + when: calibre_install | bool tags: calibre - name: CALIBRE-WEB include_role: name: calibre-web - when: calibreweb_install + when: calibreweb_install | bool tags: calibre-web - name: MINETEST include_role: name: minetest - when: minetest_install + when: minetest_install | bool tags: minetest - name: Recording STAGE 9 HAS COMPLETED ==================== diff --git a/roles/activity-server/tasks/main.yml b/roles/activity-server/tasks/main.yml index b0593a613..cf4c5917b 100644 --- a/roles/activity-server/tasks/main.yml +++ b/roles/activity-server/tasks/main.yml @@ -79,7 +79,7 @@ - name: enable mod_expires for debian command: a2enmod expires - when: is_debuntu + when: is_debuntu | bool - name: create the link which enables the site file: src=/etc/apache2/sites-available/xs-activity-server.conf diff --git a/roles/ajenti/tasks/ajenti-wondershaper.yml b/roles/ajenti/tasks/ajenti-wondershaper.yml index 4b4d28fe1..76713a470 100644 --- a/roles/ajenti/tasks/ajenti-wondershaper.yml +++ b/roles/ajenti/tasks/ajenti-wondershaper.yml @@ -1,3 +1,3 @@ - name: Install wondershaper ajenti plugin pip: name="{{ iiab_download_url }}"/ajenti-plugin-wondershaper-0.3.tar.gz - when: internet_available + when: internet_available | bool diff --git a/roles/ajenti/tasks/main.yml b/roles/ajenti/tasks/main.yml index e5a03096a..e33b40e65 100644 --- a/roles/ajenti/tasks/main.yml +++ b/roles/ajenti/tasks/main.yml @@ -45,7 +45,7 @@ service: name=ajenti enabled=yes state=restarted - when: ajenti_enabled + when: ajenti_enabled | bool - name: Add 'ajenti' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/authserver/tasks/main.yml b/roles/authserver/tasks/main.yml index 00ec12408..ea188e976 100644 --- a/roles/authserver/tasks/main.yml +++ b/roles/authserver/tasks/main.yml @@ -4,7 +4,7 @@ - name: Install xs-authserver from pypi pip: name=xs-authserver - when: internet_available + when: internet_available | bool - name: install gunicorn package: name=python-gunicorn @@ -48,7 +48,7 @@ service: name=xs-authserver state=restarted enabled=yes - when: authserver_enabled + when: authserver_enabled | bool - name: Add 'authserver' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 8109a5453..166106952 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -14,13 +14,13 @@ - libapache2-mod-authnz-external - apache2-utils state: present - when: is_debuntu + when: is_debuntu | bool tags: - download - name: Enable cgi execution (debuntu) command: a2enmod cgi - when: is_debuntu + when: is_debuntu | bool - name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}' # /library/awstats & /var/log/apache2 typically file: @@ -57,7 +57,7 @@ template: src: logrotate.d.apache2 dest: /etc/logrotate.d/apache2 - when: is_debuntu + when: is_debuntu | bool - name: Check if package installed /etc/awstats/awstats.conf stat: @@ -94,14 +94,14 @@ owner: root group: root mode: 0644 - when: awstats_enabled + when: awstats_enabled | bool - name: Create a symlink /etc/awstats/awstats.conf for access by IP address file: src: /etc/awstats/awstats.schoolserver.conf path: /etc/awstats/awstats.conf state: link - when: awstats_enabled + when: awstats_enabled | bool - name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu) shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index 212fef1ca..26b53df88 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -1,6 +1,6 @@ - name: Install AWStats if awstats_install include_tasks: install.yml - when: awstats_install + when: awstats_install | bool - name: Add 'awstats' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index fb2657188..3448752ea 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -3,7 +3,7 @@ name: - imagemagick state: present - when: is_debuntu + when: is_debuntu | bool - name: Allow ImageMagick to read PDFs (debuntu) lineinfile: @@ -12,7 +12,7 @@ backrefs: yes line: ' ' state: present - when: is_debuntu + when: is_debuntu | bool - name: Create 3 Calibre-Web folders to store data and configuration files file: @@ -35,7 +35,7 @@ #update: yes depth: 1 version: master - when: internet_available + when: internet_available | bool ## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) #- name: Download calibre-web dependencies into vendor subdirectory. @@ -51,7 +51,7 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" virtualenv_site_packages: no - when: internet_available + when: internet_available | bool - name: Symlink {{ calibreweb_venv_path }}/vendor to {{ calibreweb_venv_path }}/lib/python2.7/site-packages to keep cps.py happy file: @@ -87,7 +87,7 @@ - roles/calibre-web/files/metadata.db - roles/calibre-web/files/metadata_db_prefs_backup.json when: not metadatadb.stat.exists - #when: calibreweb_provision + #when: calibreweb_provision | bool - name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist # {{ calibreweb_config }} is /library/calibre-web/config copy: @@ -98,7 +98,7 @@ mode: 0644 backup: yes when: not metadatadb.stat.exists - #when: calibreweb_provision + #when: calibreweb_provision | bool - name: Enable & Restart 'calibre-web' systemd service systemd: @@ -106,17 +106,17 @@ daemon_reload: yes enabled: yes state: restarted - when: calibreweb_enabled + when: calibreweb_enabled | bool # Default: http://box/books # SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy - name: Enable http://box{{ calibreweb_url }} with Apache command: a2ensite calibre-web.conf - when: calibreweb_enabled + when: calibreweb_enabled | bool #- name: Restart Apache after enabling calibre-web httpd2 site # command: apachectl -k graceful -# when: calibreweb_enabled +# when: calibreweb_enabled | bool - name: Disable 'calibre-web' systemd service systemd: diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index 86a3d5afa..5de6ad3ce 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -121,7 +121,7 @@ name: calibre-serve enabled: yes state: started - when: calibre_enabled + when: calibre_enabled | bool #async: 900 #poll: 5 diff --git a/roles/calibre/tasks/py-installer.yml b/roles/calibre/tasks/py-installer.yml index 29f9b3265..85dca3f3f 100644 --- a/roles/calibre/tasks/py-installer.yml +++ b/roles/calibre/tasks/py-installer.yml @@ -12,7 +12,7 @@ backup: yes timeout: "{{ download_timeout }}" register: calibre_download_output - when: internet_available + when: internet_available | bool # ALWAYS DEFINED, DESPITE get_url DOCUMENTATION CLAIM... # - debug: @@ -53,4 +53,4 @@ shell: "{{ downloads_dir }}/calibre-installer.py >> /dev/null" #args: # creates: /usr/bin/calibre-uninstall - when: internet_available + when: internet_available | bool diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml index 6c0d8cdda..c593816dc 100644 --- a/roles/captive-portal/tasks/main.yml +++ b/roles/captive-portal/tasks/main.yml @@ -10,7 +10,7 @@ package: name: libapache2-mod-wsgi state: present - when: is_debuntu + when: is_debuntu | bool - name: Install mod_wsgi (not debuntu) package: @@ -70,7 +70,7 @@ owner: root group: root mode: 0644 - when: captive_portal_enabled + when: captive_portal_enabled | bool - name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu) file: @@ -92,7 +92,7 @@ # daemon-reload: yes # enabled: yes # state: started -# when: captive_portal_enabled +# when: captive_portal_enabled | bool #- name: Disable & Stop captive-portal.service if not captive_portal_enabled # systemd: @@ -128,7 +128,7 @@ # systemd: # name: dnsmasq # state: restarted -# when: dnsmasq_enabled +# when: dnsmasq_enabled | bool # ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!) @@ -136,11 +136,11 @@ systemd: name: dnsmasq state: stopped - when: dnsmasq_enabled + when: dnsmasq_enabled | bool - name: Start dnsmasq systemd: name: dnsmasq state: started - when: dnsmasq_enabled + when: dnsmasq_enabled | bool diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 2174487ea..6b6ee6992 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -3,7 +3,7 @@ package: name: cups state: present - when: cups_install + when: cups_install | bool tags: - download @@ -43,7 +43,7 @@ - name: Permit headless admin of CUPS -- only works when CUPS daemon is running shell: "cupsctl --remote-admin" - when: cups_enabled + when: cups_enabled | bool - name: Disable both CUPS services (OS's other than Fedora 18) systemd: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 7763054db..128f87b21 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -4,7 +4,7 @@ with_items: - docker - python-docker-py - when: docker_install + when: docker_install | bool tags: download - name: put the systemd startup file in place @@ -32,7 +32,7 @@ service: name=docker state=started enabled=true - when: docker_enabled + when: docker_enabled | bool - name: Disable docker service: name=docker diff --git a/roles/dokuwiki/tasks/install.yml b/roles/dokuwiki/tasks/install.yml index a1c3cfa30..9aab6692c 100644 --- a/roles/dokuwiki/tasks/install.yml +++ b/roles/dokuwiki/tasks/install.yml @@ -3,7 +3,7 @@ url: "{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" dest: "{{ downloads_dir }}/" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool - name: Unarchive (unpack) it to /library/{{ dokuwiki_version }} unarchive: @@ -25,7 +25,7 @@ template: src: dokuwiki.conf.j2 dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf" - when: dokuwiki_enabled + when: dokuwiki_enabled | bool - name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu) file: diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index e14aba6e7..15824df31 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -1,6 +1,6 @@ - name: Install DokuWiki include_tasks: install.yml - when: dokuwiki_install + when: dokuwiki_install | bool - name: Add 'dokuwiki' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/ejabberd/tasks/main.yml b/roles/ejabberd/tasks/main.yml index f9b14642b..5818ac4e0 100644 --- a/roles/ejabberd/tasks/main.yml +++ b/roles/ejabberd/tasks/main.yml @@ -36,7 +36,7 @@ # src: ejabberd-iiab.init # dest: /etc/init.d/ejabberd-iiab # mode: 0755 -# when: is_debuntu +# when: is_debuntu | bool #- name: Put the startup script in place - non debian # template: @@ -73,7 +73,7 @@ #name: ejabberd-iiab state: restarted enabled: yes - when: ejabberd_enabled + when: ejabberd_enabled | bool #when: ejabberd_config.changed and ejabberd_enabled #- name: Wait for ejabberd service start diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 9cab2c00d..54d29bca5 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -9,7 +9,7 @@ url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip" dest: "{{ downloads_dir }}" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool - name: Check for existence of /opt/elgg-{{ elgg_version }}/index.php stat: diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index ac61ce342..f67bee787 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -59,7 +59,7 @@ mode: 0775 tags: - install - when: internet_available + when: internet_available | bool - name: Download Gitea GPG signature get_url: @@ -68,7 +68,7 @@ tags: - never - verify - when: internet_available + when: internet_available | bool - name: Verify Gitea binary with GPG signature shell: | @@ -131,7 +131,7 @@ name: gitea enabled: yes state: restarted - when: gitea_enabled + when: gitea_enabled | bool - name: Disable 'gitea' service systemd: diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index e75a9f12a..28e34380f 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,3 +1,3 @@ - name: Install Gitea {{ gitea_version }} if gitea_install include_tasks: install.yml - when: gitea_install + when: gitea_install | bool diff --git a/roles/homepage/tasks/main.yml b/roles/homepage/tasks/main.yml index 67cc2c64a..71a6fcf2b 100644 --- a/roles/homepage/tasks/main.yml +++ b/roles/homepage/tasks/main.yml @@ -16,4 +16,4 @@ src: "/etc/{{ apache_config_dir }}/iiab-homepage.conf" path: /etc/apache2/sites-enabled/iiab-homepage.conf state: link - when: is_debuntu + when: is_debuntu | bool diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 740a93839..fe761e180 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -7,7 +7,7 @@ - "php{{ php_version }}" - "php{{ php_version }}-curl" state: present - when: is_debian + when: is_debian | bool tags: - download @@ -19,7 +19,7 @@ - apache2 - php state: present - when: is_ubuntu + when: is_ubuntu | bool tags: - download @@ -44,7 +44,7 @@ - php - php-curl state: present - when: is_redhat + when: is_redhat | bool tags: - download @@ -68,7 +68,7 @@ path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" regexp: "{{ item.regexp }}" line: "{{ item.line }}" - when: apache_high_php_limits + when: apache_high_php_limits | bool with_items: - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } @@ -84,7 +84,7 @@ with_items: - mpm_event.conf - mpm_event.load - when: is_debuntu + when: is_debuntu | bool - name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu) file: @@ -94,7 +94,7 @@ with_items: - mpm_prefork.conf - mpm_prefork.load - when: is_debuntu + when: is_debuntu | bool - name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)' command: a2enmod {{ item }} @@ -103,14 +103,14 @@ - proxy_html - headers - rewrite - when: is_debuntu + when: is_debuntu | bool - name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu) file: src: "/etc/{{ apache_config_dir }}/010-iiab.conf" path: /etc/apache2/sites-enabled/010-iiab.conf state: link - when: is_debuntu + when: is_debuntu | bool - name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu) file: @@ -119,7 +119,7 @@ with_items: - /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere? - /etc/apache2/sites-enabled/000-default.conf - when: is_debuntu + when: is_debuntu | bool - name: Create Apache's pid dir /var/run/{{ apache_user }} file: @@ -178,7 +178,7 @@ path: /etc/apache2/sites-enabled/osm.conf #path: "/etc/{{ apache_service }}/sites-enabled/osm.conf" state: link - when: is_debuntu + when: is_debuntu | bool - include_tasks: html.yml tags: @@ -200,7 +200,7 @@ src: 020_apache_poweroff.j2 dest: /etc/sudoers.d/020_apache_poweroff mode: 0755 - when: apache_allow_sudo + when: apache_allow_sudo | bool - name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff file: diff --git a/roles/httpd/tasks/php-stem.yml b/roles/httpd/tasks/php-stem.yml index 1869d5981..ad943f436 100644 --- a/roles/httpd/tasks/php-stem.yml +++ b/roles/httpd/tasks/php-stem.yml @@ -5,7 +5,7 @@ #- name: Download php-stem.rpi.tar # command: cd /; wget http://download.iiab.io/packages/php-stem.rpi.tar -# when: is_rpi +# when: is_rpi | bool #- name: Download php-stem.x86.tar # command: cd /; wget http://download.iiab.io/packages/php-stem.x64.tar @@ -19,7 +19,7 @@ group: root #mode: ???? remote_src: yes - when: is_rpi + when: is_rpi | bool - name: Unarchive http://download.iiab.io/packages/php-stem.x64.tar to / (debian-9 on x86_64 only) unarchive: diff --git a/roles/idmgr/tasks/main.yml b/roles/idmgr/tasks/main.yml index 7d70dd11e..c8e05bee4 100644 --- a/roles/idmgr/tasks/main.yml +++ b/roles/idmgr/tasks/main.yml @@ -44,7 +44,7 @@ with_items: - idmgr - xinetd - when: xo_services_enabled + when: xo_services_enabled | bool - name: Disable idmgr service service: name={{ item }} diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index 4970a646d..2d1dd0c99 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -14,7 +14,7 @@ group: name: sudo state: present - when: is_redhat + when: is_redhat | bool - name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo' user: diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 10e3e1b1c..d89f4e446 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -1,7 +1,7 @@ - include_tasks: admin-user.yml tags: - base - when: iiab_admin_user_install + when: iiab_admin_user_install | bool - include_tasks: access.yml tags: diff --git a/roles/kalite/tasks/install-f18.yml b/roles/kalite/tasks/install-f18.yml index 7d38866fc..28cd4cb1c 100644 --- a/roles/kalite/tasks/install-f18.yml +++ b/roles/kalite/tasks/install-f18.yml @@ -7,7 +7,7 @@ with_items: - python-psutil - expect - when: is_F18 + when: is_F18 | bool - name: Install dependent pip packages (Fedora 18) pip: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 31507e645..6ccd12943 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -12,7 +12,7 @@ url: "{{ kalite_requirements }}" dest: "{{ pip_packages_dir }}/kalite.txt" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool #- name: Install KA Lite non-static + reqs file with pip - (debuntu) # pip: requirements={{ pip_packages_dir }}/kalite.txt diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 3be716a1b..d067c6041 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -5,7 +5,7 @@ - name: Set KA Lite's SQLite filename (Fedora 18) set_fact: kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite" - when: is_F18 + when: is_F18 | bool - name: Set KA Lite's SQLite filename (OS's other than Fedora 18) set_fact: diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 430e4d73c..309b53530 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -47,7 +47,7 @@ owner: root group: root force: no - when: kiwix_force_install + when: kiwix_force_install | bool - name: Create {{ kiwix_path }}/bin directory # /opt/iiab/kiwix/bin file: @@ -65,11 +65,11 @@ dest: /tmp owner: root group: root - when: kiwix_force_install + when: kiwix_force_install | bool - name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686) shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" - when: kiwix_force_install + when: kiwix_force_install | bool # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU @@ -81,7 +81,7 @@ - proxy_html - proxy_http - rewrite - when: is_debuntu + when: is_debuntu | bool # 4. CREATE/ENABLE/RESTART (OR DISABLE) KIWIX SERVICE & ITS CRON JOB @@ -106,14 +106,14 @@ src: /etc/apache2/sites-available/kiwix.conf path: /etc/apache2/sites-enabled/kiwix.conf state: link - when: is_debuntu + when: is_debuntu | bool - name: Enable & Restart 'kiwix-serve' service service: name: kiwix-serve enabled: yes state: restarted - when: kiwix_enabled + when: kiwix_enabled | bool - name: Disable 'kiwix-serve' service service: diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 2b1756bb3..2ffd410d5 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -28,7 +28,7 @@ url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool - name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} stat: diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index aab67c8f0..77e40cf64 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -27,17 +27,17 @@ virtualenv_site_packages: no state: latest extra_args: --no-cache-dir - when: internet_available + when: internet_available | bool - name: Run Kolibri migrations shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate ignore_errors: yes - when: kolibri_provision + when: kolibri_provision | bool - name: Set Kolibri default language shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" ignore_errors: yes - when: kolibri_provision + when: kolibri_provision | bool - name: Create Kolibri default facility name, admin account and language shell: > @@ -46,7 +46,7 @@ --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput ignore_errors: yes - when: kolibri_provision + when: kolibri_provision | bool - name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} file: @@ -72,12 +72,12 @@ enabled: yes state: restarted daemon_reload: yes - when: kolibri_enabled + when: kolibri_enabled | bool # Default: http://box/kolibri - name: Enable http://box{{ kolibri_url }} with Apache command: a2ensite kolibri.conf - when: kolibri_enabled + when: kolibri_enabled | bool - name: Disable kolibri service systemd: diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 988a3bf7e..1d98096cd 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -20,7 +20,7 @@ virtualenv_command: python3 -m venv "{{ lokole_venv }}" tags: - install - when: internet_available + when: internet_available | bool - name: Compile translations shell: | @@ -73,7 +73,7 @@ name: lokole enabled: yes state: restarted - when: lokole_enabled + when: lokole_enabled | bool - name: Disable 'lokole' service, if not lokole_enabled systemd: diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index e33261101..5f05bd4a3 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -1,3 +1,3 @@ - name: Install Lokole {{ lokole_version }} if lokole_install include_tasks: install.yml - when: lokole_install + when: lokole_install | bool diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 5c265bc6a..db90e1e6c 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -14,7 +14,7 @@ timeout: "{{ download_timeout }}" #force: yes #backup: yes - when: internet_available + when: internet_available | bool - name: Unpack it to permanent location {{ mediawiki_abs_path }} unarchive: diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index 2a33dc83c..bf0a4d795 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -1,3 +1,3 @@ - name: Install MediaWiki {{ mediawiki_version }} if mediawiki_install include_tasks: install.yml - when: mediawiki_install + when: mediawiki_install | bool diff --git a/roles/minetest/tasks/calc_vars.yml b/roles/minetest/tasks/calc_vars.yml index a6fa9340f..54c381efa 100644 --- a/roles/minetest/tasks/calc_vars.yml +++ b/roles/minetest/tasks/calc_vars.yml @@ -7,7 +7,7 @@ # only works if server run as root minetest_runas_user: root minetest_runas_group: root - when: is_rpi + when: is_rpi | bool # For other installs - name: Set some facts for other platforms diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml index 0c9ad6f6f..042dccde9 100644 --- a/roles/minetest/tasks/main.yml +++ b/roles/minetest/tasks/main.yml @@ -78,7 +78,7 @@ name: minetest-server enabled: yes state: restarted - when: minetest_enabled + when: minetest_enabled | bool - name: Disable 'minetest-server' service systemd: diff --git a/roles/minetest/tasks/minetest_install.yml b/roles/minetest/tasks/minetest_install.yml index 354907526..c2685b059 100644 --- a/roles/minetest/tasks/minetest_install.yml +++ b/roles/minetest/tasks/minetest_install.yml @@ -24,7 +24,7 @@ line: "{{ item.line }}" with_items: - { regexp: '^mg_name = ', line: 'mg_name = flat' } - when: minetest_flat_world + when: minetest_flat_world | bool - name: Create /library/games/minetest/worlds/world file: diff --git a/roles/minetest/tasks/rpi_minetest_install.yml b/roles/minetest/tasks/rpi_minetest_install.yml index 780145ca1..311e51cf7 100644 --- a/roles/minetest/tasks/rpi_minetest_install.yml +++ b/roles/minetest/tasks/rpi_minetest_install.yml @@ -49,4 +49,4 @@ with_items: - { src: 'minetest.conf.j2', dest: '/etc/minetest/minetest.conf' } - { src: 'minetest-server.service.j2', dest: '/etc/systemd/system/minetest-server.service' } - when: minetest_install + when: minetest_install | bool diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index aed5d4a1c..6b4eb0deb 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -90,7 +90,7 @@ group: name: mongodb state: present - when: is_rpi + when: is_rpi | bool - name: Create Linux user mongodb (rpi) user: @@ -99,7 +99,7 @@ groups: mongodb home: /var/lib/mongodb shell: /usr/sbin/nologin - when: is_rpi + when: is_rpi | bool # 2. CONFIGURE FOR IIAB @@ -137,7 +137,7 @@ daemon_reload: yes enabled: yes state: restarted - when: mongodb_enabled + when: mongodb_enabled | bool - name: Disable 'mongodb' service, if not mongodb_enabled systemd: diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index cea1637e1..3148f4224 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -31,7 +31,7 @@ force: yes mode: 0755 register: monit_config - when: false + when: false | bool until: monit_config | success retries: 5 delay: 1 diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 352c48ad9..f86785f5a 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -18,7 +18,7 @@ # mbstring is now included in php-cli - php{{ php_version }}-cli state: present - when: is_debuntu + when: is_debuntu | bool - name: "Install package: php{{ php_version }}-zip (ubuntu or debian-9+)" package: @@ -28,7 +28,7 @@ - name: "Install package: php-pclzip (debian-8)" package: name: php-pclzip - when: is_debian_8 + when: is_debian_8 | bool - name: Determine if Moodle is already downloaded stat: @@ -80,7 +80,7 @@ owner: root group: root mode: 0644 - when: moodle_enabled + when: moodle_enabled | bool - name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu) file: @@ -131,7 +131,7 @@ name: postgresql-iiab state: restarted enabled: yes - when: moodle_enabled + when: moodle_enabled | bool - name: Restart Apache service ({{ apache_service }}) service: diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml index 4e6a05130..53ef14998 100644 --- a/roles/mosquitto/tasks/main.yml +++ b/roles/mosquitto/tasks/main.yml @@ -5,7 +5,7 @@ with_items: - mosquitto - mosquitto-clients - when: mosquitto_install + when: mosquitto_install | bool tags: download - name: Disable & Stop 'mosquitto' service @@ -13,18 +13,18 @@ name: mosquitto enabled: no state: stopped - when: mosquitto_install + when: mosquitto_install | bool - name: Create (touch) file /etc/mosquitto/passwd file: path: /etc/mosquitto/passwd state: touch mode: "u=rw,g=r,o=r" # 0644 - when: mosquitto_install + when: mosquitto_install | bool - name: Populate /etc/mosquitto/passwd with actual username/password shell: mosquitto_passwd -b /etc/mosquitto/passwd "{{ mosquitto_user }}" "{{ mosquitto_password }}" - when: mosquitto_install + when: mosquitto_install | bool - name: Install /etc/mosquitto/conf.d/websockets.conf from template template: @@ -34,7 +34,7 @@ owner: root group: root mode: 0755 - when: mosquitto_install + when: mosquitto_install | bool - name: Enable & Start 'mosquitto' service systemd: @@ -42,4 +42,4 @@ name: mosquitto enabled: yes state: started - when: mosquitto_enabled + when: mosquitto_enabled | bool diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 4bcbe360b..83c1afc7b 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -9,7 +9,7 @@ state: present tags: - download - when: is_debuntu + when: is_debuntu | bool - name: "Install 2 packages: munin, munin-node (OS's other than debuntu)" package: @@ -45,7 +45,7 @@ name: munin-node enabled: yes state: started - when: munin_enabled + when: munin_enabled | bool - name: Create symlink munin24.conf from sites-enabled to sites-available (debuntu) file: @@ -79,7 +79,7 @@ - /usr/share/munin/plugins/mysql_queries - /usr/share/munin/plugins/mysql_slowqueries - /usr/share/munin/plugins/mysql_threads - when: mysql_enabled + when: mysql_enabled | bool - name: Add 'munin' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 8331c32cb..51a76533c 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -14,7 +14,7 @@ #- php{{ php_version }}-xml - php{{ php_version }}-xmlrpc state: present - when: is_debuntu + when: is_debuntu | bool tags: - download @@ -28,7 +28,7 @@ package: name: php-xml-parser state: present - when: is_debian_8 + when: is_debian_8 | bool - name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)" package: @@ -64,13 +64,13 @@ systemd: name: "{{ mysql_service }}" state: started - when: mysql_enabled + when: mysql_enabled | bool - name: Enable MySQL systemd service (upon subsequent boots) if mysql_enabled systemd: name: "{{ mysql_service }}" enabled: yes - when: mysql_enabled + when: mysql_enabled | bool # 'localhost' needs to be the last item for idempotency, see # http://ansible.cc/docs/modules.html#mysql-user @@ -81,7 +81,7 @@ host: localhost password: "{{ mysql_root_password }}" priv: "*.*:ALL,GRANT" - when: mysql_enabled + when: mysql_enabled | bool - name: Install .my.cnf file from template, with root password credentials, if mysql_enabled template: @@ -89,7 +89,7 @@ dest: /root/.my.cnf owner: root mode: 0600 - when: mysql_enabled + when: mysql_enabled | bool - name: Update MySQL root password for all remaining root accounts (127.0.0.1, ::1) if mysql_enabled mysql_user: @@ -101,26 +101,26 @@ #- "{{ iiab_hostname }}.{{ iiab_domain }}" - 127.0.0.1 - ::1 - when: mysql_enabled + when: mysql_enabled | bool - name: Delete anonymous MySQL server user for {{ ansible_hostname }}, if mysql_enabled mysql_user: user: "" host: "{{ ansible_hostname }}" state: absent - when: mysql_enabled + when: mysql_enabled | bool - name: Delete anonymous MySQL server user for localhost, if mysql_enabled mysql_user: user: "" state: absent - when: mysql_enabled + when: mysql_enabled | bool - name: Remove the MySQL 'test' database, if mysql_enabled mysql_db: db: test state: absent - when: mysql_enabled + when: mysql_enabled | bool # we had to start mysql in order to configure it, now turn if off if not enabled - name: Config is done but now DISABLE MySQL service, if not mysql_enabled diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml index b00d659fd..9d04cd820 100644 --- a/roles/network/tasks/dhcpd.yml +++ b/roles/network/tasks/dhcpd.yml @@ -33,7 +33,7 @@ enabled: no state: stopped when: is_ubuntu and not is_ubuntu_16 - #when: is_ubuntu_18 + #when: is_ubuntu_18 | bool - name: Install systemd unit file to /etc/systemd/system/dhcpd.service template: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d44449973..a97cdab28 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -107,7 +107,7 @@ - name: Netplan in use on Ubuntu 18.04+ include_tasks: netplan.yml when: is_ubuntu and not is_ubuntu_16 - #when: is_ubuntu_18 + #when: is_ubuntu_18 | bool #and not installing tags: - network diff --git a/roles/nextcloud/tasks/F18.yml b/roles/nextcloud/tasks/F18.yml index 5e76d45c4..3b1dbe51d 100644 --- a/roles/nextcloud/tasks/F18.yml +++ b/roles/nextcloud/tasks/F18.yml @@ -9,7 +9,7 @@ url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}" dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool - name: Copy it to permanent location /opt unarchive: diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index d3d96a578..ee809707e 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -50,7 +50,7 @@ - "php{{ php_version }}-mbstring" - "php{{ php_version }}-zip" state: present - when: is_debian + when: is_debian | bool # Ubuntu and Debian treat names differently - name: Install 4 php packages (ubuntu) @@ -61,7 +61,7 @@ - php-zip - php-mbstring state: present - when: is_ubuntu + when: is_ubuntu | bool - name: Install 5 more php packages (debuntu) package: @@ -72,7 +72,7 @@ - "php{{ php_version }}-curl" - "php{{ php_version }}-intl" state: present - when: is_debuntu + when: is_debuntu | bool - name: 'Install php{{ php_version }}-mcrypt IF this is a "pre-2018" distro in the debuntu family. NOTE: PHP 7.1 deprecated mcrypt 1-Dec-2016 and PHP 7.2 dropped it completely 30-Nov-2017, as it should no longer be nec.' package: @@ -98,7 +98,7 @@ # CentOS does not have a package for php-imagick #- php-imagick state: present - when: is_redhat + when: is_redhat | bool - name: Unarchive {{ nextcloud_src_file_old }} to permanent location {{ nextcloud_prefix }}/nextcloud on older OS's lacking PHP 7.1+ # e.g. unpack nextcloud_latest-15.tar.bz2 to /opt/nextcloud unarchive: @@ -118,7 +118,7 @@ file: path: /etc/nextcloud state: directory - when: is_centos + when: is_centos | bool - name: Install {{ nextcloud_prefix }}/nextcloud/config/autoconfig.php from template (centos) template: @@ -127,7 +127,7 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: 0640 - when: is_centos + when: is_centos | bool - name: chown -R {{ apache_user }}:{{ apache_user }} {{ nextcloud_prefix }}/nextcloud file: diff --git a/roles/nextcloud/tasks/nextcloud_enabled.yml b/roles/nextcloud/tasks/nextcloud_enabled.yml index daf63e576..ab8df116b 100644 --- a/roles/nextcloud/tasks/nextcloud_enabled.yml +++ b/roles/nextcloud/tasks/nextcloud_enabled.yml @@ -11,7 +11,7 @@ owner: root group: root mode: 0644 - when: nextcloud_enabled + when: nextcloud_enabled | bool - name: Create symlink nextcloud.conf from sites-enabled to sites-available for http://box/nextcloud (debuntu) file: diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 8b37c6b41..a95c64efa 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -14,7 +14,7 @@ package: name: nodered state: absent - when: nodered_install + when: nodered_install | bool # 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # environment, inspired by: @@ -159,7 +159,7 @@ owner: root group: root mode: 0666 - when: nodered_install + when: nodered_install | bool - name: Install Apache's sites-available/nodered.conf from template template: @@ -169,7 +169,7 @@ owner: root group: root mode: 0666 - when: nodered_install + when: nodered_install | bool - name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled) file: @@ -178,7 +178,7 @@ owner: root group: root state: link - when: nodered_enabled + when: nodered_enabled | bool - name: Remove symlink /etc/apache2/sites-enabled/nodered.conf (if not nodered_enabled) file: @@ -190,14 +190,14 @@ apache2_module: state: present name: proxy_wstunnel - when: nodered_install + when: nodered_install | bool - name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered) systemd: #daemon_reload: yes name: "{{ apache_service }}" # httpd or apache2 state: restarted - when: nodered_install + when: nodered_install | bool - name: Enable & (Re)start 'nodered' systemd service (if nodered_enabled) systemd: @@ -205,7 +205,7 @@ name: nodered enabled: yes state: restarted - when: nodered_enabled + when: nodered_enabled | bool - name: Disable & Stop 'nodered' systemd service (if not nodered_enabled) systemd: diff --git a/roles/nodogsplash/tasks/main.yml b/roles/nodogsplash/tasks/main.yml index 909fca4b1..59d10fa26 100644 --- a/roles/nodogsplash/tasks/main.yml +++ b/roles/nodogsplash/tasks/main.yml @@ -1,3 +1,3 @@ - name: Install nodogsplash (Raspbian only) include_tasks: rpi.yml - when: is_rpi + when: is_rpi | bool diff --git a/roles/nodogsplash/tasks/rpi.yml b/roles/nodogsplash/tasks/rpi.yml index 56d180f0f..617208d46 100644 --- a/roles/nodogsplash/tasks/rpi.yml +++ b/roles/nodogsplash/tasks/rpi.yml @@ -8,7 +8,7 @@ url: "{{ iiab_download_url }}/{{ nodogsplash_arm_deb }}" dest: "{{ downloads_dir }}/{{ nodogsplash_arm_deb }}" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool #async: 300 #poll: 5 @@ -43,7 +43,7 @@ name: nodogsplash enabled: yes state: started - when: nodogsplash_enabled + when: nodogsplash_enabled | bool - name: Disable 'nodogsplash' systemd service, if not nodogsplash_enabled systemd: diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 70e943bbe..57ee97b5d 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -13,7 +13,7 @@ regexp: "{{ item.regexp }}" path: /root/.ssh/authorized_keys #backup: yes - when: openvpn_install + when: openvpn_install | bool with_items: - regexp: "LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=$" # Tim Moody pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhlQIh8ZPx4awdM0O6QNcPbx3qIZ39FHjF2YJ2SX3z7iLnYiz03Ek6Bux9P4HvaVAqlApiz2I68Vq8TfU2s/+LvCSAAcfYIdZPR4ePVpVUZ/IbkGjpQSoRMa5HuVjMO3cZNR27ptqjNjq2husJOyhMFCOBTzo4thioGyTpBr4u3s=" @@ -117,7 +117,7 @@ # template: # src: up_wan # dest: /usr/lib/iiab/up_wan -# when: is_debuntu +# when: is_debuntu | bool # Contained serious bug (15-openvpn called up-wan instead of up_wan in # /usr/lib/iiab/ as of August 2018) so evidently unused for ~2 years: @@ -178,7 +178,7 @@ daemon_reload: yes enabled: yes state: restarted # 2018-09-02: Should we be concerned that "systemctl status openvpn" often shows "active (exited)" ? If so we might consider "state: started" or "state: reloaded" instead? - when: openvpn_enabled + when: openvpn_enabled | bool - name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?) lineinfile: diff --git a/roles/osm/tasks/main.yml b/roles/osm/tasks/main.yml index 49ccb8574..1c8112e69 100644 --- a/roles/osm/tasks/main.yml +++ b/roles/osm/tasks/main.yml @@ -7,7 +7,7 @@ - libapache2-mod-wsgi - libapache2-mod-xsendfile state: present - when: is_debuntu + when: is_debuntu | bool - name: Install 6 OSM required packages (not debuntu) package: @@ -110,7 +110,7 @@ group: root mode: 0644 backup: no - when: osm_enabled + when: osm_enabled | bool - name: Create softlink osm.conf from sites-enabled to sites-available (debuntu) file: @@ -144,7 +144,7 @@ owner: root group: root state: link - when: osm_enabled + when: osm_enabled | bool - name: Create dir /library/knowledge/modules file: @@ -165,7 +165,7 @@ - { src: 'map.html', dest: "{{ osm_path }}/static/map.html" } - { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" } - { src: "{{ osm_path }}/static/map.html", dest: "{{ osm_path }}/static/index.html" } - when: osm_enabled + when: osm_enabled | bool - name: Restart httpd service service: diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml index 488c6680f..27d5c64b5 100644 --- a/roles/owncloud/tasks/main.yml +++ b/roles/owncloud/tasks/main.yml @@ -4,7 +4,7 @@ - name: add a repo def for ubuntu template: dest=/etc/apt/sources.list.d/ src=owncloud.list - when: is_ubuntu + when: is_ubuntu | bool - name: See if the owncloud startup page exists stat: path={{ owncloud_prefix }}/owncloud/index.php @@ -40,7 +40,7 @@ - name: Get the owncloud software get_url: url={{ iiab_download_url }}/{{ owncloud_src_file }} dest={{ downloads_dir }}/{{ owncloud_src_file }} - when: internet_available + when: internet_available | bool async: 300 poll: 5 @@ -54,7 +54,7 @@ - name: Copy it to permanent location /opt unarchive: src={{ downloads_dir }}/{{ owncloud_src_file }} dest={{ owncloud_prefix }} - when: is_F18 + when: is_F18 | bool - name: in Centos, the following config dir is symlink to /etc/owncloud file: path=/etc/owncloud @@ -103,7 +103,7 @@ # Enable owncloud by copying template to httpd config - include_tasks: owncloud_enabled.yml - when: owncloud_enabled + when: owncloud_enabled | bool - name: Add 'owncloud' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/pathagar/tasks/main.yml b/roles/pathagar/tasks/main.yml index ef4f895db..07420c4c0 100644 --- a/roles/pathagar/tasks/main.yml +++ b/roles/pathagar/tasks/main.yml @@ -20,7 +20,7 @@ - libapache2-mod-wsgi - libxml2-dev - libxslt-dev - when: is_debuntu + when: is_debuntu | bool - name: Install Pathagar prerequisites (not debuntu) package: @@ -69,7 +69,7 @@ - django-tagging==0.3.1 - django-sendfile==0.3.6 - lxml==3.4.4 - when: internet_available + when: internet_available | bool - name: Install Pathagar requirements in a virtualenv pip: diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 032a2f9bf..d2e6c763e 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -6,7 +6,7 @@ url: "{{ asterisk_url }}/{{ asterisk_src_file }}" dest: "{{ downloads_dir }}/{{ asterisk_src_file }}" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool - name: Asterisk - Check for /opt/iiab/downloads/{{ asterisk_src_file }} stat: diff --git a/roles/pbx/tasks/chan_dongle.yml b/roles/pbx/tasks/chan_dongle.yml index 5cef9861f..20696e8c4 100644 --- a/roles/pbx/tasks/chan_dongle.yml +++ b/roles/pbx/tasks/chan_dongle.yml @@ -3,7 +3,7 @@ url: "{{ chan_dongle_url }}/{{ chan_dongle_src_file }}" dest: "{{ downloads_dir }}/{{ chan_dongle_src_file }}" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool - name: chan_dongle - Check for /opt/iiab/downloads/{{ chan_dongle_src_file }} stat: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 158398650..55e5063d8 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -6,7 +6,7 @@ url: "{{ freepbx_url }}/{{ freepbx_src_file }}" dest: "{{ downloads_dir }}/{{ freepbx_src_file }}" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool - name: FreePBX - Check for {{ downloads_dir }}/{{ freepbx_src_file }} stat: @@ -121,7 +121,7 @@ src: /etc/apache2/sites-available/freepbx.conf dest: /etc/apache2/sites-enabled/freepbx.conf state: link - when: pbx_enabled + when: pbx_enabled | bool - name: FreePBX - Remove symlink /etc/apache2/sites-enabled/freepbx.conf (if not pbx_enabled) file: diff --git a/roles/pbx/tasks/freepbx_enable.yml b/roles/pbx/tasks/freepbx_enable.yml index 1c865a3b9..18dc7a713 100644 --- a/roles/pbx/tasks/freepbx_enable.yml +++ b/roles/pbx/tasks/freepbx_enable.yml @@ -4,7 +4,7 @@ name: freepbx enabled: yes state: restarted - when: pbx_enabled + when: pbx_enabled | bool - name: FreePBX - Disable & Stop 'freepbx' systemd service (if not pbx_enabled) systemd: diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index eb288f10e..77831bd12 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -44,4 +44,4 @@ - name: Asterisk - Install chan_dongle include: chan_dongle.yml - when: asterisk_chan_dongle + when: asterisk_chan_dongle | bool diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index 7fc1e5e3e..324ffb28b 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -4,7 +4,7 @@ dest: "{{ downloads_dir }}" timeout: "{{ download_timeout }}" #register: phpmyadmin_dl_output - when: internet_available + when: internet_available | bool - name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist? # e.g. /opt/iiab/downloads/phpMyAdmin-4.8.3-all-languages.zip stat: @@ -50,7 +50,7 @@ template: src: phpmyadmin.j2 dest: "/etc/{{ apache_config_dir }}/phpmyadmin.conf" - when: phpmyadmin_enabled + when: phpmyadmin_enabled | bool - name: Create symlink phpmyadmin.conf from sites-enabled to sites-available (debuntu) file: diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index bb7ca4478..cea159fd0 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -9,7 +9,7 @@ package: name: postgresql-client state: present - when: is_debuntu + when: is_debuntu | bool tags: - download @@ -41,11 +41,11 @@ lineinfile: dest: /etc/locale.gen line: "{{ postgresql_locale }} UTF-8" - when: is_debuntu + when: is_debuntu | bool - name: Generate locales (debuntu) command: /usr/sbin/locale-gen - when: is_debuntu + when: is_debuntu | bool - name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (debuntu) #command: su - postgres -c "/usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab" @@ -54,7 +54,7 @@ creates: /library/pgsql-iiab/pg_hba.conf become: yes become_user: postgres - when: is_debuntu + when: is_debuntu | bool - name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (OS's other than debuntu) #command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab" @@ -91,7 +91,7 @@ name: postgresql-iiab state: started enabled: yes - when: postgresql_enabled + when: postgresql_enabled | bool - name: Disable postgresql-iiab service, if not postgresql_enabled systemd: diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 54241cac4..f80ee9941 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -37,7 +37,7 @@ enabled: yes tags: - samba - when: samba_enabled + when: samba_enabled | bool - name: Enable & Start NetBIOS name server ({{ nmb_service }}) service: @@ -46,7 +46,7 @@ enabled: yes tags: - samba - when: samba_enabled + when: samba_enabled | bool - name: Disable Samba if not samba_enabled service: diff --git a/roles/schooltool/tasks/main.yml b/roles/schooltool/tasks/main.yml index dceda132e..f47d1f333 100644 --- a/roles/schooltool/tasks/main.yml +++ b/roles/schooltool/tasks/main.yml @@ -41,13 +41,13 @@ service: name=docker state=restarted enabled=yes - when: schooltool_enabled + when: schooltool_enabled | bool - name: Enable schooltool service: name=schooltool state=started enabled=yes - when: schooltool_enabled + when: schooltool_enabled | bool - name: Disable schooltool service: name=schooltool diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index c470206da..cf34e87f9 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -2,7 +2,7 @@ package: name: "{{ sshd_package }}" state: present - when: sshd_enabled + when: sshd_enabled | bool - name: Disable root login with password lineinfile: @@ -10,7 +10,7 @@ regexp: '^PermitRootLogin' line: 'PermitRootLogin without-password' state: present - when: sshd_enabled + when: sshd_enabled | bool #TODO: use handler to reload ssh - name: Create root .ssh @@ -20,7 +20,7 @@ group: root mode: 0700 state: directory - when: sshd_enabled + when: sshd_enabled | bool - name: Install dummy root keys as placeholder copy: @@ -30,14 +30,14 @@ group: root mode: 0600 force: no - when: sshd_enabled + when: sshd_enabled | bool - name: Enable & start ssh daemon service: name: "{{ sshd_service }}" enabled: yes state: started - when: sshd_enabled + when: sshd_enabled | bool - name: Disable ssh daemon service: diff --git a/roles/sugar-stats/tasks/main.yml b/roles/sugar-stats/tasks/main.yml index c2b6a9819..04e40d97e 100644 --- a/roles/sugar-stats/tasks/main.yml +++ b/roles/sugar-stats/tasks/main.yml @@ -31,7 +31,7 @@ - name: Enable sugar-stats service service: name=sugar-stats-server enabled=yes - when: sugar_stats_enabled + when: sugar_stats_enabled | bool - name: Disable sugar-stats service service: name=sugar-stats-server diff --git a/roles/sugar-stats/tasks/statistics-consolidation.yml b/roles/sugar-stats/tasks/statistics-consolidation.yml index 13a04cbfb..7ec8a9359 100644 --- a/roles/sugar-stats/tasks/statistics-consolidation.yml +++ b/roles/sugar-stats/tasks/statistics-consolidation.yml @@ -4,7 +4,7 @@ - name: Install statistics-consolidation with pip pip: name=stats-consolidation version=2.1.2 - when: internet_available + when: internet_available | bool - name: Install required libraries package: name={{ item }} diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 706e0d79e..24a6de629 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -13,7 +13,7 @@ version: "{{ sugarizer_git_version }}" force: yes depth: 1 - when: internet_available + when: internet_available | bool - name: Create symlink /opt/iiab/sugarizer -> /opt/iiab/{{ sugarizer_dir_version }} file: @@ -46,7 +46,7 @@ version: "{{ sugarizer_server_git_version }}" force: yes depth: 1 - when: internet_available + when: internet_available | bool - name: Create symlink /opt/iiab/sugarizer-server -> /opt/iiab/{{ sugarizer_server_dir_version }} file: @@ -133,7 +133,7 @@ command: npm install --allow-root --unsafe-perm=true path-prefix-proxy args: chdir: "{{ iiab_base }}/sugarizer-server" - when: internet_available + when: internet_available | bool # 5. CONFIG FILES @@ -244,7 +244,7 @@ daemon_reload: yes enabled: yes state: restarted - when: sugarizer_enabled + when: sugarizer_enabled | bool - name: Disable & Stop 'sugarizer' systemd service (if not sugarizer_enabled) systemd: @@ -258,7 +258,7 @@ systemd: name: "{{ apache_service }}" # httpd or apache2 state: restarted - #when: sugarizer_enabled + #when: sugarizer_enabled | bool #- name: Enable services (all OS's) # service: @@ -268,7 +268,7 @@ # with_items: ## - { name: mongodb } # 2018-07-14: NICE TRY, but still doesn't bring http://box:8089 to life reliably, as a reboot usually does! (Is a "systemctl daemon-reload" or some such nec?) # - { name: sugarizer } -# when: sugarizer_enabled +# when: sugarizer_enabled | bool #- name: Disable service (all OS's) # service: diff --git a/roles/teamviewer/tasks/install.yml b/roles/teamviewer/tasks/install.yml index f6c375460..95ae6b975 100644 --- a/roles/teamviewer/tasks/install.yml +++ b/roles/teamviewer/tasks/install.yml @@ -28,7 +28,7 @@ url: "{{ teamviewer_url }}/{{ teamviewer_rpm_file }}" dest: "{{ yum_packages_dir }}/{{ teamviewer_rpm_file }}" timeout: "{{ download_timeout }}" - when: internet_available + when: internet_available | bool tags: - download diff --git a/roles/teamviewer/tasks/main.yml b/roles/teamviewer/tasks/main.yml index e8dfce7a6..65fb0bfbf 100644 --- a/roles/teamviewer/tasks/main.yml +++ b/roles/teamviewer/tasks/main.yml @@ -6,7 +6,7 @@ - name: Install Teamviewer if intel include_tasks: install.yml - when: teamviewer_install + when: teamviewer_install | bool - name: Add 'teamviewer' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index 724876b15..00f8b2773 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -33,7 +33,7 @@ daemon_reload: yes enabled: yes state: restarted - when: transmission_enabled + when: transmission_enabled | bool - name: Add PAUSED KA Lite torrent(s) to transmission-daemon's queue shell: > diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index de0df7a79..48c18d457 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -13,7 +13,7 @@ owner: root group: root mode: 0751 - when: usb_lib_enabled + when: usb_lib_enabled | bool - name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb-lib-show-all-on, /usr/bin/iiab-usb-lib-show-all-off' template: @@ -39,7 +39,7 @@ owner: root group: root mode: 0751 - when: usb_lib_enabled + when: usb_lib_enabled | bool - name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled file: @@ -63,14 +63,14 @@ template: src: content_dir.conf dest: "/etc/{{ apache_config_dir }}" - when: usb_lib_enabled + when: usb_lib_enabled | bool - name: Create symlink content_dir.conf from sites-enabled to sites-available (debuntu) file: src: "/etc/{{ apache_config_dir }}/content_dir.conf" dest: /etc/apache2/sites-enabled/content_dir.conf state: link - when: is_debuntu + when: is_debuntu | bool - name: Remove symlink content_dir.conf from /etc/apache2/sites-enabled (debuntu) file: diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index bf696de58..995af2a1b 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -19,7 +19,7 @@ # force: yes # backup: yes register: wp_download_output - when: internet_available + when: internet_available | bool - name: Create symlink from /opt/iiab/downloads/wordpress.tar.gz to {{ wp_download_output.dest }} file: diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 742089d18..5ff00bb3a 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -2,4 +2,4 @@ - name: Install WordPress if wordpress_install include_tasks: install.yml - when: wordpress_install + when: wordpress_install | bool diff --git a/roles/xovis/tasks/main.yml b/roles/xovis/tasks/main.yml index 5d89c0e64..ffdad5828 100644 --- a/roles/xovis/tasks/main.yml +++ b/roles/xovis/tasks/main.yml @@ -7,7 +7,7 @@ - python-pip - nodejs - npm - when: internet_available + when: internet_available | bool - name: Determine if xovis is already downloaded stat: path={{ downloadds_dir }}/xovis/xxx @@ -23,7 +23,7 @@ npm: name=kanso global=yes path={{ downloads_dir }} - when: internet_available + when: internet_available | bool - name: move the xovis repo into place shell: "cp -rp {{ downloads_dir }}/xovis {{ xovis_root }}" @@ -37,7 +37,7 @@ - name: Install the xovis python dependencies pip: requirements={{ xovis_root }}/process_stats/requirements.txt - when: internet_available + when: internet_available | bool - name: Update xovis repo with Chart Heading lineinfile: dest="{{ xovis_root }}/index.html" regexp='(.+)

(.*)

' line='\1

{{ xovis_chart_heading }}

' backrefs=yes @@ -49,17 +49,17 @@ service: name=couchdb enabled=yes state=started - when: xovis_enabled + when: xovis_enabled | bool - name: Wait for CouchDB to become ready wait_for: port=5984 delay=1 timeout=5 - when: xovis_enabled + when: xovis_enabled | bool - name: Add admin user command: curl -X PUT {{ xovis_target_host }}/_config/admins/{{ xovis_db_user }} -d "\"{{ xovis_db_password }}\"" - when: xovis_enabled + when: xovis_enabled | bool - name: Check if db exists shell: "kanso listdb | grep {{ xovis_db_name }}" @@ -79,7 +79,7 @@ -d {{ xovis_backup_dir }} --deployment {{ xovis_deployment_name }} --server http://{{ xovis_db_login }}@{{ xovis_target_host }}" - when: xovis_enabled + when: xovis_enabled | bool - name: Add 'xovis' variable values to {{ iiab_ini_file }} ini_file: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3ffff9dd9..0a8d6e079 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -358,7 +358,7 @@ moodle_enabled: False # If using Moodle intensively, set apache_high_php_limits in 3-BASE-SERVER # MongoDB (/library/dbdata/mongodb) is used by Sugarizer: -# Its 2 settings below are auto-set to True (in roles/0-init/tasks/main.yml) when: sugarizer_enabled +# Its 2 settings below are auto-set to True (in roles/0-init/tasks/main.yml) when: sugarizer_enabled | bool # The mongodb playbook itself is later invoked by roles/sugarizer/meta/main.yml mongodb_install: False mongodb_enabled: False From 9543a10d82078bab47901902cba58a04f74d46ed Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 19:29:41 -0400 Subject: [PATCH 140/143] ': false' to ': False' + ': true' to ': True' or ': yes' --- roles/1-prep/tasks/main.yml | 8 ++++---- roles/awstats/tasks/install.yml | 4 ++-- roles/calibre/tasks/main.yml | 2 +- roles/elgg/tasks/main.yml | 2 +- roles/gitea/defaults/main.yml | 2 +- roles/monit/tasks/main.yml | 4 ++-- roles/network/tasks/avahi.yml | 2 +- roles/sugarizer/tasks/main.yml | 2 +- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 44ac1f6d2..9cdb8ebd6 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -44,8 +44,8 @@ - name: Does 'ubermix' exist in /etc/lsb-release? shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors? register: grep_ubermix - failed_when: false # Universal way to hide alarmist red errors! - #ignore_errors: true + failed_when: False # Universal way to hide alarmist red errors! + #ignore_errors: True #check_mode: no #- debug: @@ -107,7 +107,7 @@ enabled: False state: stopped when: is_ubuntu | bool - ignore_errors: true + ignore_errors: True - name: Disable SELinux on next boot (OS's other than debuntu) selinux: @@ -127,7 +127,7 @@ - name: Check if the identifier for Intel's NUC6 built-in WiFi is present shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" register: usb_NUC6 - ignore_errors: true + ignore_errors: True - name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages get_url: diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 166106952..9ae8e6fe5 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -29,8 +29,8 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" state: directory - recurse: true - force: true + recurse: yes + force: yes with_items: - "{{ awstats_data_dir }}" - "{{ apache_log_dir }}" diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index 5de6ad3ce..b327558e4 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -64,7 +64,7 @@ state: stopped #enabled: no #register: command_result # gist.github.com/tyrells/0a79681de339237cb04c - #failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!) + #failed_when: False # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!) #when: calibre_svc.stat.exists # 3. CREATE USER DATABASE diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 54d29bca5..6461ebca1 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -34,7 +34,7 @@ owner: "{{ apache_user }}" group: "{{ apache_user }}" state: link - force: true + force: yes - name: 'Install /opt/elgg/elgg-config/settings.php from template (WARNING: overwrites manual settings!)' template: diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index b50fc4ce5..b3579fff7 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -54,4 +54,4 @@ gitea_log_root: "{{ gitea_root_directory }}/log" # Extra configuration gitea_display_name: Internet-in-a-Box Gitea -skip_install_screen: true +skip_install_screen: true # lowercase for Gitea's own /etc/gitea/app.ini diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index 3148f4224..0075bc245 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -22,7 +22,7 @@ group: root mode: 0600 -- name: Install config file /etc/monit.d/watchdog from template +- name: Install config file /etc/monit.d/watchdog from template (NEVER RUNS, WHY?) template: src: watchdog dest: /etc/monit.d/watchdog @@ -31,7 +31,7 @@ force: yes mode: 0755 register: monit_config - when: false | bool + when: False # IS THIS A BUG ? until: monit_config | success retries: 5 delay: 1 diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 8639e7758..b632e6491 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -24,7 +24,7 @@ shell: "ls /usr/share/doc/ | grep avahi | head -n1" register: avahi_ver ignore_errors: True - changed_when: false + changed_when: False # when: not is_debuntu # would cause failures 6 lines below - name: Grab a clean copy of ssh.service (not debuntu) diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 24a6de629..d89a9a17f 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -73,7 +73,7 @@ # stat: # path: "{{ iiab_base }}/sugarizer-server/node_modules" # register: nmtest -# ignore_errors: true +# ignore_errors: True # #- name: Set a flag to prevent re-running of "npm install" # set_fact: From 2bed0c94044fe32fb7b6b5deb68e55bc155de5d0 Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 19:39:10 -0400 Subject: [PATCH 141/143] 'when: X #' -> 'when: X | bool #' for Ansible 2.8 --- roles/nextcloud/tasks/main.yml | 2 +- roles/sugarizer/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index ee809707e..5dc4276b9 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -168,7 +168,7 @@ # service: # name: "{{ apache_service }}" # state: restarted -## when: nextcloud_enabled # taken care of by nextcloud_enabled.yml below +## when: nextcloud_enabled | bool # taken care of by nextcloud_enabled.yml below # when: not nextcloud_enabled # Enables or disable Nextcloud! diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index d89a9a17f..53a674878 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -116,7 +116,7 @@ args: chdir: "{{ iiab_base }}/sugarizer-server" #creates: "{{ iiab_base }}/sugarizer-server/node_modules" # OLD WAY 2 - when: internet_available # "npm install" generally requires Internet access + when: internet_available | bool # "npm install" generally requires Internet access # when: internet_available and git_sug_server_output.changed # OLD WAY 3 # when: internet_available and not is_F18 and not node_modules_exists # OLD WAY 1 From 2f73f599c5944f1d8742cb3f8a2b5b2a51c1ff43 Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 24 May 2019 19:57:35 -0400 Subject: [PATCH 142/143] 'when: X }' -> 'when: X | bool }' in both meta/main.yml --- roles/nodered/meta/main.yml | 3 +-- roles/sugarizer/meta/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/nodered/meta/main.yml b/roles/nodered/meta/main.yml index 7848a81de..718e787e8 100644 --- a/roles/nodered/meta/main.yml +++ b/roles/nodered/meta/main.yml @@ -1,3 +1,2 @@ dependencies: - - { role: nodejs, tags: ['nodejs'], when: nodered_install } - + - { role: nodejs, tags: ['nodejs'], when: nodered_install | bool } diff --git a/roles/sugarizer/meta/main.yml b/roles/sugarizer/meta/main.yml index 33cae65ca..d0298987b 100644 --- a/roles/sugarizer/meta/main.yml +++ b/roles/sugarizer/meta/main.yml @@ -1,3 +1,3 @@ dependencies: - - { role: mongodb, tags: ['generic','mongodb'], when: sugarizer_install } - - { role: nodejs, tags: ['nodejs'], when: sugarizer_install } + - { role: mongodb, tags: ['generic','mongodb'], when: sugarizer_install | bool } + - { role: nodejs, tags: ['nodejs'], when: sugarizer_install | bool } From f3812754ec519b18c0f04ba4d11e2618b32dd5c3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 24 May 2019 20:19:26 -0400 Subject: [PATCH 143/143] dupl when: 's fixed in nextcloud/tasks/main.yml --- roles/nextcloud/tasks/main.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 5dc4276b9..2487b1e91 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -21,12 +21,11 @@ timeout: "{{ download_timeout }}" force: yes #validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954 - when: internet_available and nextcloud_force_install #async: 1800 #poll: 10 tags: - download - when: is_debian_9 or is_raspbian_9 + when: internet_available and nextcloud_force_install and (is_debian_9 or is_raspbian_9) - name: Download {{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }} to {{ downloads_dir }}/{{ nextcloud_src_file }} on newer OS's that have PHP 7.1+ get_url: @@ -35,12 +34,11 @@ timeout: "{{ download_timeout }}" force: yes #validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954 - when: internet_available and nextcloud_force_install #async: 1800 #poll: 10 tags: - download - when: not (is_debian_9 or is_raspbian_9) + when: internet_available and nextcloud_force_install and not (is_debian_9 or is_raspbian_9) # Ubuntu and Debian treat names differently - name: Install 3 php packages (debian)