WIP: Extricate IIAB from 2 web servers complexity

2025-03-09 15:40:17 +00:00 · 2021-07-07 00:13:52 -04:00 · 2021-07-07 00:13:52 -04:00 · 435450f31e
commit 435450f31e
parent 69b23fa07d
22 changed files with 88 additions and 86 deletions
--- a/roles/0-DEPRECATED-ROLES/httpd/README.md
+++ b/roles/0-DEPRECATED-ROLES/httpd/README.md
--- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml
+++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml
--- a/roles/0-DEPRECATED-ROLES/httpd/tasks/homepage.yml
+++ b/roles/0-DEPRECATED-ROLES/httpd/tasks/homepage.yml
--- a/roles/0-DEPRECATED-ROLES/httpd/tasks/install.yml
+++ b/roles/0-DEPRECATED-ROLES/httpd/tasks/install.yml
--- a/roles/0-DEPRECATED-ROLES/httpd/tasks/main.yml
+++ b/roles/0-DEPRECATED-ROLES/httpd/tasks/main.yml
--- a/roles/0-DEPRECATED-ROLES/httpd/templates/010-iiab.conf.j2
+++ b/roles/0-DEPRECATED-ROLES/httpd/templates/010-iiab.conf.j2
--- a/roles/0-DEPRECATED-ROLES/httpd/templates/iiab-homepage.conf
+++ b/roles/0-DEPRECATED-ROLES/httpd/templates/iiab-homepage.conf
--- a/roles/0-DEPRECATED-ROLES/httpd/templates/proxy_ajp.conf.j2
+++ b/roles/0-DEPRECATED-ROLES/httpd/templates/proxy_ajp.conf.j2
--- a/roles/0-init/tasks/validate_vars.yml
+++ b/roles/0-init/tasks/validate_vars.yml
@ -61,9 +61,9 @@
 # https://github.com/iiab/iiab/blob/master/tests/test.yml
 # https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml
 #
-# 2020-11-04: Fix validation of 5 core dependencies, for ./runrole etc
+# 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc

- name: Set vars_checklist for 46 + 46 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
+- name: Set vars_checklist for 45 + 45 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
  set_fact:
    vars_checklist:
      - hostapd
@ -76,7 +76,7 @@
      - openvpn
      - admin_console
      #- nginx              # MANDATORY
-      - apache              # Dependency - excluded from _installed check below
+      ###- apache           ### Dependency - excluded from _installed check below
      #- mysql              # MANDATORY
      - squid
      - dansguardian
@ -162,5 +162,5 @@
    that: "{{ item }}_install or {{ item }}_installed is undefined"
    fail_msg: "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?"
    quiet: yes
-  when: item != 'apache' and item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn'    # Exclude auto-installed dependencies
+  when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn'    # Exclude auto-installed dependencies
  loop: "{{ vars_checklist }}"
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@ -6,12 +6,12 @@
    state: stopped
  ignore_errors: yes

- name: Ensure group gitea exists
+- name: Ensure group 'gitea' exists
  group:
    name: gitea
    state: present

- name: Create user gitea
+- name: Create user 'gitea'
  user:
    name: gitea
    comment: Gitea daemon account
@ -26,7 +26,7 @@
    group: gitea
  with_items: "{{ gitea_subdirectories }}"

- name: Make directories data, indexers, and log writable
+- name: Make directories data, indexers, and log writable (0750)
  file:
    path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
    mode: '0750'
@ -98,7 +98,7 @@

 # 4. Create systemd service & prepare NGINX for http://box/gitea

- name: "Install from template: /etc/systemd/system/gitea.service"
+- name: "Install from template: /etc/systemd/system/gitea.service (by default 0644)"
  template:
    src: gitea.service.j2
    dest: /etc/systemd/system/gitea.service
--- a/roles/jupyterhub/tasks/install.yml
+++ b/roles/jupyterhub/tasks/install.yml
@ -13,22 +13,22 @@
  when: nodejs_installed is undefined


- name: Make the directories to hold JupyterHub config
+- name: Make 3 directories to hold JupyterHub config
  file:
    state: directory
    path: "{{ item }}"
  with_items:
-    - "{{ jupyterhub_venv }}/etc/jupyter"
+    - "{{ jupyterhub_venv }}/etc/jupyter"    # /opt/iiab/jupyterhub
    - "{{ jupyterhub_venv }}/etc/jupyterhub"
    - "{{ jupyterhub_venv }}/etc/systemd"

- name: Use npm to install configurable-http-proxy
+- name: Use npm to install 'configurable-http-proxy'
  npm:
    name: configurable-http-proxy
    global: yes
    state: latest

- name: "Use pip to install into a virtual environment: {{ jupyterhub_venv }} (~229 MB)"
+- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~229 MB)"
  pip:
    name:
      - pip
--- a/roles/kalite/tasks/install.yml
+++ b/roles/kalite/tasks/install.yml
@ -53,11 +53,11 @@

 # Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work
 # (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache
- name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)"
-  template:
-    src: kalite.conf
-    dest: "/etc/{{ apache_conf_dir }}"    # apache2/sites-available on debuntu
-  when: apache_installed is defined
+# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)"
+#   template:
+#     src: kalite.conf
+#     dest: "/etc/{{ apache_conf_dir }}"    # apache2/sites-available on debuntu
+#   when: apache_installed is defined

 - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20
  replace:
@ -89,6 +89,8 @@
  poll: 10


+# RECORD KA Lite AS INSTALLED
+
 - name: "Set 'kalite_installed: True'"
  set_fact:
    kalite_installed: True
--- a/roles/munin/tasks/install.yml
+++ b/roles/munin/tasks/install.yml
@ -1,4 +1,4 @@
- name: "Install 5 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl"
+- name: "Install 4 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl"
  package:
    name:
      - munin
--- a/roles/nginx/tasks/enable-or-disable.yml
+++ b/roles/nginx/tasks/enable-or-disable.yml
@ -1,29 +1,29 @@
- name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap
-  systemd:
-    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
-    state: stopped
-  ignore_errors: yes
-  # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!)
+# - name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap
+#   systemd:
+#     name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
+#     state: stopped
+#   ignore_errors: yes
+#   # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!)

- name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
-  template:
-    src: ports.conf.j2
-    dest: "/etc/{{ apache_service }}/ports.conf"
-  when: nginx_enabled
+# - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
+#   template:
+#     src: ports.conf.j2
+#     dest: "/etc/{{ apache_service }}/ports.conf"
+#   when: nginx_enabled

- name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
-  template:
-    src: stock-apache-ports.conf
-    dest: "/etc/{{ apache_service }}/ports.conf"
-  when: not nginx_enabled
+# - name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
+#   template:
+#     src: stock-apache-ports.conf
+#     dest: "/etc/{{ apache_service }}/ports.conf"
+#   when: not nginx_enabled

- name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it
-  systemd:
-    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
-    daemon_reload: yes
-    state: restarted
-    enabled: true
-  when: apache_installed is defined and apache_enabled    # or not nginx_enabled
+# - name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it
+#   systemd:
+#     name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
+#     daemon_reload: yes
+#     state: restarted
+#     enabled: true
+#   when: apache_installed is defined and apache_enabled    # or not nginx_enabled


 - name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@ -1,16 +1,16 @@
- name: Stop '{{ apache_service }}' systemd service
-  systemd:
-    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
-    state: stopped
-  ignore_errors: yes
-  # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2
+# - name: Stop '{{ apache_service }}' systemd service
+#   systemd:
+#     name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
+#     state: stopped
+#   ignore_errors: yes
+#   # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2

 - name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3'
  package:
    name:
      - libnginx-mod-http-subs-filter
      - nginx-extras
-      - php{{ php_version }}-fpm    # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
+      - php{{ php_version }}-fpm    # INSTALLS [0] /etc/apache2/conf-available/php{{ php_version }}-fpm.conf AND DRAGS IN [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
      - uwsgi                   # Admin Console & roles/captiveportal should really install
      - uwsgi-plugin-python3    # these 2 packages on demand (not every IIAB needs these).
    state: present
@ -35,7 +35,7 @@
    - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
    - { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' }
    #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' }    # Moved to enable-or-disable.yml
-    #- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }    # Moved into homepage.yml below
+    #- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }    # Moved into homepage.yml, later invoked by roles/www_options/tasks/main.yml

 - debug:
    msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
@ -45,7 +45,6 @@
  systemd:
    name: "php{{ php_version }}-fpm"
    state: restarted
-  #when: nginx_enabled


 # RECORD NGINX AS INSTALLED
--- a/roles/phpmyadmin/tasks/enable-or-disable.yml
+++ b/roles/phpmyadmin/tasks/enable-or-disable.yml
@ -1,9 +1,9 @@
- name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
-  command: a2ensite phpmyadmin.conf
-  when: phpmyadmin_enabled
-  #when: apache_installed is defined and phpmyadmin_enabled
+# - name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
+#   command: a2ensite phpmyadmin.conf
+#   when: phpmyadmin_enabled
+#   #when: apache_installed is defined and phpmyadmin_enabled

- name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
-  command: a2dissite phpmyadmin.conf
-  when: not phpmyadmin_enabled
-  #when: apache_installed is defined and not phpmyadmin_enabled
+# - name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
+#   command: a2dissite phpmyadmin.conf
+#   when: not phpmyadmin_enabled
+#   #when: apache_installed is defined and not phpmyadmin_enabled
--- a/roles/phpmyadmin/tasks/install.yml
+++ b/roles/phpmyadmin/tasks/install.yml
@ -1,17 +1,17 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
-  set_fact:
-    apache_install: True
-    apache_enabled: True
-
- name: APACHE - run 'httpd' role
-  include_role:
-    name: httpd
+# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
+#   set_fact:
+#     apache_install: True
+#     apache_enabled: True
+#
+# - name: APACHE - run 'httpd' role
+#   include_role:
+#     name: httpd


 - name: Unarchive {{ phpmyadmin_dl_url }} (7+ MB) to /opt (60+ MB)
  unarchive:
    remote_src: yes    # Overwrite even if "already exists on the target"
-    src: "{{ phpmyadmin_dl_url }}"    # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.tar.xv
+    src: "{{ phpmyadmin_dl_url }}"    # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.tar.xv
    dest: /opt
    owner: "{{ apache_user }}"    # www-data on debuntu
    group: "{{ apache_user }}"
@ -33,11 +33,11 @@
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"

- name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template
-  template:
-    src: phpmyadmin.j2
-    dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
-  #when: apache_installed is defined
+# - name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template
+#   template:
+#     src: phpmyadmin.j2
+#     dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
+#   #when: apache_installed is defined


 # RECORD phpMyAdmin AS INSTALLED
--- a/roles/phpmyadmin/tasks/main.yml
+++ b/roles/phpmyadmin/tasks/main.yml
@ -19,12 +19,13 @@
    quiet: yes


- name: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+- name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
  include_tasks: install.yml
  when: phpmyadmin_installed is undefined


- include_tasks: enable-or-disable.yml
+- name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06
+  include_tasks: enable-or-disable.yml


 - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }}
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@ -45,7 +45,7 @@ download_timeout: 200

 # Languages (for Apache)
 default_language: en
-language_priority: en es fr
+###language_priority: en es fr

 # Real-time clock: set RTC chip family here.  Future auto-detection plausible?
 # rtc_id: ds3231
@ -277,12 +277,12 @@ apache_allow_sudo: True
 #
 # 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Apache is installed on demand as
 # a dependency -- by CUPS, Elgg, Lokole, Moodle, Node-RED, PBX &/or phpMyAdmin
-apache_install: False
-apache_enabled: False
+###apache_install: False
+###apache_enabled: False
 #
 # NGINX proxies to Apache for legacy IIAB services, using:
-apache_port: 8090
-apache_interface: 127.0.0.1    # 2020-01-13: Var unused
+###apache_port: 8090
+###apache_interface: 127.0.0.1    # 2020-01-13: Var unused


 # 4-SERVER-OPTIONS
@ -562,7 +562,7 @@ watchdog:
  - sshd
  - idmgr
  - ejabberd
-  - httpd
+  ###- httpd
  - postgresql
  - squid

--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@ -17,7 +17,7 @@ download_timeout: 200

 # Languages (for Apache)
 default_language: en
-language_priority: en es fr
+###language_priority: en es fr

 # Real-time clock: set RTC chip family here.  Future auto-detection plausible?
 # rtc_id: ds3231
@ -247,8 +247,8 @@ azuracast_enabled: False    # This var is currently IGNORED.
 # ejabberd_install: False
 # ejabberd_enabled: False

-elgg_install: True
-elgg_enabled: True
+elgg_install: False
+elgg_enabled: False

 # Gitea (lightweight self-hosted "GitHub") from https://gitea.io
 gitea_install: True
@ -368,7 +368,7 @@ munin_install: True
 munin_enabled: True

 # Handy for maintaining tables, but DANGEROUS if not locked down
-phpmyadmin_install: True
+phpmyadmin_install: False
 phpmyadmin_enabled: False

 vnstat_install: True
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@ -17,7 +17,7 @@ download_timeout: 200

 # Languages (for Apache)
 default_language: en
-language_priority: en es fr
+###language_priority: en es fr

 # Real-time clock: set RTC chip family here.  Future auto-detection plausible?
 # rtc_id: ds3231
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@ -17,7 +17,7 @@ download_timeout: 200

 # Languages (for Apache)
 default_language: en
-language_priority: en es fr
+###language_priority: en es fr

 # Real-time clock: set RTC chip family here.  Future auto-detection plausible?
 # rtc_id: ds3231