From 8ea20d9b6812d63d3e39052fba367941c154be2e Mon Sep 17 00:00:00 2001 From: Arky Date: Mon, 16 Jul 2018 00:36:05 +0700 Subject: [PATCH 1/6] Kolibri role Add Kolibri role for IIAB 6.6 Preview --- roles/kolibri/README.rst | 65 +++++++++++++++ roles/kolibri/defaults/main.yml | 34 ++++++++ roles/kolibri/tasks/main.yml | 97 ++++++++++++++++++++++ roles/kolibri/templates/kolibri.service.j2 | 16 ++++ 4 files changed, 212 insertions(+) create mode 100644 roles/kolibri/README.rst create mode 100644 roles/kolibri/defaults/main.yml create mode 100644 roles/kolibri/tasks/main.yml create mode 100644 roles/kolibri/templates/kolibri.service.j2 diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst new file mode 100644 index 000000000..eb0b5d4ee --- /dev/null +++ b/roles/kolibri/README.rst @@ -0,0 +1,65 @@ +============== +Kolibri README +============== + +This role install Kolibri, an open-source educational platform specially designed +to provide offline access to a wide range of quality, openly licensed educational +contents in low-resource contexts like rural schools, refugee camps, orphanages, +and also in non-formal school programs. + +Access +------ + +If enabled and with the default settings Kolibri should be accessible at http://box:8009/ + +To login to Kolibri enter + + User Name: Admin + + Password: changeme + +Configuration Parameters +------------------------ + +Please look in defaults/main.yml for the default values of the various install parameters. Everything +in this readme assumes the default values. + +Automatic Device Provisioning +----------------------------- +When kolibri_provision is enabled, the installation will setup the following settings: + + Kolibri Facility name: 'Kolibri-in-a-Box' + + Kolibri Preset type: formal (Other options are nonformal, informal) + + Kolibri default language: en (Otherwise language are ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu) + + Kolibri Admin User: Admin + + Kolibri Admin password: changeme + +Cloning content +--------------- +In Kolibri 0.10 introduced `kolibri manage deprovision` which will remove +user configuration, leaving content intact. You can then copy/clone /library/kolibri +to a new location. + + +Trouble Shooting +---------------- + +You can run the server manually with the following commands: + + systemctl stop kolibri (make sure the systemd service is not running) + + export KOLIBRI_HOME=/library/kolibri + + export KOLIBRI_HTTP_PORT=8009 (other Kolibri will run on default port 8080) + + kolibri start + +To return to using the systemd unit: + + kolibri stop + + systemctl start kolibri diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml new file mode 100644 index 000000000..769604cd1 --- /dev/null +++ b/roles/kolibri/defaults/main.yml @@ -0,0 +1,34 @@ +# The values here are defaults. +# To override them edit the main var definitions in iiab/vars + +# Installation Variables +kolibri_install: True +kolibri_enabled: True + +# Kolibri folder to store its data and configuration files. +kolibri_home: "{{ content_base }}/kolibri" + +kolibri_http_port: 8009 +kolibri_url: /kolibri/ +kolibri_path: "{{ iiab_base }}/kolibri" +kolibri_exec_path: /usr/local/bin/kolibri + +# Kolibri system user +kolibri_user: kolibri + +# Kolibri setup will be provisioned with default administration account, preset and +# language. You could turn this to 'False' while reinstalling kolibri. +kolibri_provision: True + +# Kolibri Facility name +kolibri_facility: 'Kolibri-in-a-Box' + +# Kolibri Preset type: formal, nonformal, informal +kolibri_preset: 'formal' + +# Kolibri default language (ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu) +kolibri_language: 'en' + +# Kolibri admin account +kolibri_admin_user: 'Admin' +kolibri_admin_password: 'changeme' diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml new file mode 100644 index 000000000..89ce010d6 --- /dev/null +++ b/roles/kolibri/tasks/main.yml @@ -0,0 +1,97 @@ +--- +- name: Create a Kolibri system user and to www-data, disk groups + user: + name: "{{ kolibri_user }}" + groups: + - "{{ apache_user }}" + - disk + state: present + shell: /bin/false + system: yes + create_home: no + +- name: Create Kolibri folder to store data and configuration files. + file: + path: "{{ item }}" + owner: "{{ kolibri_user }}" + group: "{{ apache_user }}" + mode: 0755 + state: directory + with_items: + - "{{ kolibri_home }}" + + +- name: Install kolibri using pip on all OS's + pip: + name: kolibri + state: latest + when: internet_available + +- name: Create kolibri systemd service file + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'kolibri.service.j2' , dest: '/etc/systemd/system/kolibri.service', mode: '0644' } + +- name: Set kolibri default language. + shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" + ignore_errors: yes + when: kolibri_provision + +- name: Create kolibri default facility name, admin account and language. + shell: > + export KOLIBRI_HOME="{{ kolibri_home }}" && + "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" + --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" + --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput + ignore_errors: yes + when: kolibri_provision + +- name: Change /library/kolibri directory permissions. + file: + path: "{{ kolibri_home }}" + owner: "{{ kolibri_user }}" + group: "{{ apache_user }}" + recurse: yes + +- name: Enable kolibri service. + service: + name: "{{ item.name }}" + enabled: yes + state: restarted + with_items: + - { name: kolibri } + when: kolibri_enabled + +- name: Disable kolibri service. + service: + name: "{{ item.name }}" + enabled: no + state: stopped + with_items: + - { name: kolibri } + when: not kolibri_enabled + +- name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: kolibri + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: kolibri + - option: description + value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' + - option: kolibri_url + value: "{{ kolibri_url }}" + - option: kolibri_path + value: "{{ kolibri_path }}" + - option: kolibri_port + value: "{{ kolibri_http_port }}" + - option: enabled + value: "{{ kolibri_enabled }}" diff --git a/roles/kolibri/templates/kolibri.service.j2 b/roles/kolibri/templates/kolibri.service.j2 new file mode 100644 index 000000000..ef420c4a1 --- /dev/null +++ b/roles/kolibri/templates/kolibri.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Kolibri + +[Service] +Type=oneshot +RemainAfterExit=yes +Environment=KOLIBRI_USER={{ kolibri_user }} +Environment=KOLIBRI_HOME={{ kolibri_home }} +Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }} +User={{ kolibri_user }} +Group={{ apache_user }} +ExecStart={{ kolibri_exec_path }} start +ExecStop={{ kolibri_exec_path }} stop + +[Install] +WantedBy=multi-user.target From e0cb0b4f55e0538fb531c9675f3c5a75a64527aa Mon Sep 17 00:00:00 2001 From: Arky Date: Mon, 16 Jul 2018 01:17:39 +0700 Subject: [PATCH 2/6] [Debian 10] Add vars/debian-10 file --- vars/debian-10.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 vars/debian-10.yml diff --git a/vars/debian-10.yml b/vars/debian-10.yml new file mode 100644 index 000000000..b80d9e39f --- /dev/null +++ b/vars/debian-10.yml @@ -0,0 +1,24 @@ +is_debuntu: True +is_debian: True +is_debian_10: True +dns_service: bind9 +dhcp_service: isc-dhcp-server +dns_user: bind +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_config_dir: apache2/sites-available +apache_user: www-data +apache_log_dir: /var/log/apache2 +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +apache_log: /var/log/apache2/access.log +sshd_service: ssh +php_version: 7.2 +postgresql_version: 10 +systemd_location: /lib/systemd/system +# Upgrade OS's own Calibre to very latest: +calibre_via_debs: True +calibre_via_python: False From 4b2f6c295664224d3f388358cb24f43b1b812692 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 15 Jul 2018 18:50:19 -0400 Subject: [PATCH 3/6] --unsafe-perm=true (for npm 5.6.0 on RPi) --- roles/sugarizer/tasks/main.yml | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index a2d7fc8ac..ea4398783 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -6,7 +6,7 @@ # 1. DOWNLOAD+LINK /opt/iiab/sugarizer -- name: Clone llaske/sugarizer ({{ sugarizer_git_version }}) from GitHub to /opt/iiab (CAN TAKE SEVERAL MINUTES) +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }}) from GitHub to /opt/iiab (MAY DOWNLOAD 600+ MB) git: repo: https://github.com/llaske/sugarizer dest: "{{ sugarizer_location }}/{{ sugarizer_version }}" @@ -119,27 +119,32 @@ # is better than 5.6.0. which is better than Ubuntu 18.04's 3.5.2). # 2018-07-15: TK Kang & Holt confirmed sudo-driven "npm install" maxes out CPU -# for hours, on diff OS's using npm 5.6.0 and 6.2.0. Error code EACCES, -# errno -13 (permission denied): +# for hours, on diff OS's using npm 5.6.0 and 6.2.0. Hours later you get +# error: code EACCES, errno -13 (permission denied), # "Missing write access to /opt/iiab/sugarizer-server-1.0/node_modules" # -# SOLUTION: Implement '--allow-root' below, as is critical for 1st run of -# sudo-driven 'npm install' (causing it to create /root/.npm cache & lock -# files owned by root:root instead of iiab-admin:iiab-admin) permitting it -# and IIAB install scripts to actually complete :) +# SOLUTION: Implement '--allow-root --unsafe-perm=true' below, as is critical +# for 1st run of sudo-driven 'npm install' especially: # -# CLARIF 1: Something like 'chown -R root:root /root/.npm' cannot happen -# synchronously with the 1st run of 'npm install' (when it's needed!) -# Nor is 'chown' functionality nec, now that --allow-root does the job. +# ON DEBIAN: npm 5.6.0's --allow-root is sufficient: causing creation of +# /root/.npm cache & lock files to owned by root:root instead of +# iiab-admin:iiab-admin...thus permitting it & IIAB installs to complete! +# +# ON RASPBIAN: npm 5.6.0's --unsafe-perm=true is required, so that npm install +# actually finished (in about 5 minutes). +# +# CLARIF 1: Something like 'chown -R root:root /root/.npm' would do the job, +# but cannot happen synchronously with the 1st run of 'npm install' (when +# it's needed!) Similar to what --allow-root does on Debian. # # CLARIF 2: Ubuntu 18.04 is currently unaffected due to its ancient # npm 3.5.2, which instead uses /home/iiab-admin/.npm (these remain owned -# by iiab-admin:iiab-admin, even with the new "npm install --allow-root", -# but thankfully still get the job done, for now!) +# by iiab-admin:iiab-admin, even with '--allow-root', but thankfully still +# gets the job done, for now!) #- name: Create the express framework for Node.js (OS's other than Fedora 18) -- name: Run 'npm install --allow-root' to create /opt/iiab/{{ sugarizer_server_version }}/node_modules (CAN TAKE SEVERAL MINUTES) - command: npm install --allow-root # "command:" a bit safer than "shell:" +- name: Run 'npm install --allow-root --unsafe-perm=true' to create /opt/iiab/{{ sugarizer_server_version }}/node_modules (CAN TAKE ~3 MINUTES) + command: npm install --allow-root --unsafe-perm=true # "command:" a bit safer than "shell:" args: chdir: "{{ sugarizer_location }}/{{ sugarizer_server_version }}" #creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules" # OLD WAY 2 From c2afd5d9beffb3f6d5f11919c7f41410289b284b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 15 Jul 2018 18:56:20 -0400 Subject: [PATCH 4/6] Update main.yml --- roles/sugarizer/tasks/main.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index ea4398783..e4622d8d4 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -126,19 +126,21 @@ # SOLUTION: Implement '--allow-root --unsafe-perm=true' below, as is critical # for 1st run of sudo-driven 'npm install' especially: # -# ON DEBIAN: npm 5.6.0's --allow-root is sufficient: causing creation of -# /root/.npm cache & lock files to owned by root:root instead of +# ON DEBIAN: npm 5.6.0's --allow-root would be sufficient: causing creation +# of /root/.npm cache & lock files to owned by root:root instead of # iiab-admin:iiab-admin...thus permitting it & IIAB installs to complete! # -# ON RASPBIAN: npm 5.6.0's --unsafe-perm=true is required, so that npm install -# actually finished (in about 5 minutes). +# ON RASPBIAN: npm 5.6.0's --unsafe-perm=true is *required* so that npm +# install actually finished (in about 5 minutes). It's possible we should +# remove --allow-root in favore of --unsafe-perm=true alone. But this needs +# testing on different Linuxes before proceeding. # # CLARIF 1: Something like 'chown -R root:root /root/.npm' would do the job, -# but cannot happen synchronously with the 1st run of 'npm install' (when -# it's needed!) Similar to what --allow-root does on Debian. +# but cannot happen synchronously throughout the 1st run of 'npm install' +# (when it's needed!) Similar to what --allow-root does on Debian. # # CLARIF 2: Ubuntu 18.04 is currently unaffected due to its ancient -# npm 3.5.2, which instead uses /home/iiab-admin/.npm (these remain owned +# npm 3.5.2, which instead uses /home/iiab-admin/.npm (which remains owned # by iiab-admin:iiab-admin, even with '--allow-root', but thankfully still # gets the job done, for now!) From 7dc67810fbeddf5cc1cb14d32498780bc997d4d5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 15 Jul 2018 19:04:48 -0400 Subject: [PATCH 5/6] Update main.yml --- roles/sugarizer/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index e4622d8d4..0b33f1f1a 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -119,8 +119,8 @@ # is better than 5.6.0. which is better than Ubuntu 18.04's 3.5.2). # 2018-07-15: TK Kang & Holt confirmed sudo-driven "npm install" maxes out CPU -# for hours, on diff OS's using npm 5.6.0 and 6.2.0. Hours later you get -# error: code EACCES, errno -13 (permission denied), +# for hours, on diff OS's using npm 5.6.0 and 6.2.0. Hours later you may get +# error: code EACCES, errno -13 (permission denied), # "Missing write access to /opt/iiab/sugarizer-server-1.0/node_modules" # # SOLUTION: Implement '--allow-root --unsafe-perm=true' below, as is critical From a6e8d8e79e0c3befc3a57347afc841634af3d7b6 Mon Sep 17 00:00:00 2001 From: Arky Date: Mon, 16 Jul 2018 01:22:30 +0700 Subject: [PATCH 6/6] [Debian 10]Add case switch for debian-10 Fixes #902 --- scripts/local_facts.fact | 1 + vars/debian-10.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index d08dc9f3a..b83d5305a 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -23,6 +23,7 @@ case $OS_VER in "fedora-22" | \ "debian-8" | \ "debian-9" | \ + "debian-10" | \ "ubuntu-16" | \ "ubuntu-17" | \ "ubuntu-18" | \ diff --git a/vars/debian-10.yml b/vars/debian-10.yml index b80d9e39f..bf4245c86 100644 --- a/vars/debian-10.yml +++ b/vars/debian-10.yml @@ -16,7 +16,7 @@ systemctl_program: /bin/systemctl mysql_service: mariadb apache_log: /var/log/apache2/access.log sshd_service: ssh -php_version: 7.2 +php_version: 7.1 postgresql_version: 10 systemd_location: /lib/systemd/system # Upgrade OS's own Calibre to very latest: