From 413ff011327dd39404a83553ab3d0836bb7a201a Mon Sep 17 00:00:00 2001 From: root Date: Sat, 1 Feb 2020 18:20:22 -0500 Subject: [PATCH 1/5] Cleaner Gitea playbook + 2 tasks/main.yml's --- roles/gitea/README.rst | 2 +- roles/gitea/defaults/main.yml | 28 ++++++----- roles/gitea/tasks/apache.yml | 12 +++++ roles/gitea/tasks/enable.yml | 69 -------------------------- roles/gitea/tasks/install.yml | 19 ++++---- roles/gitea/tasks/main.yml | 72 +++++++++++++++++++++++++--- roles/gitea/tasks/nginx.yml | 16 +++++++ roles/lokole/tasks/main.yml | 6 +-- roles/osm-vector-maps/tasks/main.yml | 3 -- 9 files changed, 124 insertions(+), 103 deletions(-) create mode 100644 roles/gitea/tasks/apache.yml delete mode 100644 roles/gitea/tasks/enable.yml create mode 100644 roles/gitea/tasks/nginx.yml diff --git a/roles/gitea/README.rst b/roles/gitea/README.rst index 4adf7fb78..366dc6947 100644 --- a/roles/gitea/README.rst +++ b/roles/gitea/README.rst @@ -2,7 +2,7 @@ Gitea README ============ -This Ansible role installs Gitea - a self-hosted Git service written in Go. +This Ansible role installs Gitea — a self-hosted Git service written in Go. Using It -------- diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index c0d34d05e..441104d01 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -7,7 +7,8 @@ # Using @coolaj86's script as a template # https://git.coolaj86.com/coolaj86/gitea-installer.sh -# Information needed to install Gitea +# Info needed to install Gitea: + gitea_version: 1.10.3 iset_suffixes: i386: 386 @@ -20,7 +21,7 @@ gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown') gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}" gitea_integrity_url: "{{ gitea_download_url }}.asc" -gitea_root_directory: /library/gitea +gitea_root_directory: "{{ content_base }}/gitea" # /library/gitea gitea_subdirectories: - bin - custom @@ -31,19 +32,9 @@ gitea_subdirectories: gitea_install_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}" gitea_checksum_path: "{{ gitea_root_directory }}/bin/gitea-{{ gitea_version }}.asc" -gitea_link_path: "{{ gitea_root_directory }}/gitea" - -# Information needed to verify Gitea +# Info needed to verify Gitea gitea_gpg_key: 7C9E68152594688862D62AF62D9AE806EC1592E2 -# Information needed to run Gitea -gitea_user: gitea -gitea_home: "/home/{{ gitea_user }}" # SSH credentials stored here -gitea_run_directory: "{{ gitea_root_directory }}" - -gitea_url: /gitea -gitea_port: 61734 # leet for GITEA - # Data locations gitea_db_path: "{{ gitea_root_directory }}/data/gitea.db" gitea_repo_root: "{{ gitea_root_directory }}/data/repositories" @@ -55,3 +46,14 @@ gitea_log_root: "{{ gitea_root_directory }}/log" # Extra configuration gitea_display_name: Internet-in-a-Box Gitea skip_install_screen: true # lowercase for Gitea's own /etc/gitea/app.ini + +gitea_link_path: "{{ gitea_root_directory }}/gitea" + +# Info needed to run Gitea: + +gitea_user: gitea +gitea_home: "/home/{{ gitea_user }}" # SSH credentials stored here +gitea_run_directory: "{{ gitea_root_directory }}" + +gitea_url: /gitea +gitea_port: 61734 # leet for GITEA diff --git a/roles/gitea/tasks/apache.yml b/roles/gitea/tasks/apache.yml new file mode 100644 index 000000000..9c4214c86 --- /dev/null +++ b/roles/gitea/tasks/apache.yml @@ -0,0 +1,12 @@ +- name: Enable http://box{{ gitea_url }} via Apache # http://box/gitea + command: a2ensite gitea.conf + when: gitea_enabled | bool + +- name: Disable http://box{{ gitea_url }} via Apache # http://box/gitea + command: a2dissite gitea.conf + when: not gitea_enabled + +- name: Restart '{{ apache_service }}' systemd service + systemd: + name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml + state: restarted diff --git a/roles/gitea/tasks/enable.yml b/roles/gitea/tasks/enable.yml deleted file mode 100644 index c72f5f065..000000000 --- a/roles/gitea/tasks/enable.yml +++ /dev/null @@ -1,69 +0,0 @@ -- name: Enable & Restart 'gitea' systemd service - systemd: - name: gitea - daemon_reload: yes - enabled: yes - state: restarted - when: gitea_enabled | bool - -- name: Disable & Restart 'gitea' systemd service - systemd: - name: gitea - enabled: no - state: stopped - when: not gitea_enabled - -# Apache - -- name: Enable http://box{{ gitea_url }} via Apache # i.e. http://box/gitea - command: a2ensite gitea.conf - when: apache_install and gitea_enabled - -- name: Disable http://box{{ gitea_url }} via Apache - command: a2dissite gitea.conf - when: apache_install and not gitea_enabled - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml - state: restarted - when: apache_enabled | bool - -# NGINX - -- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template - template: - src: gitea-nginx.conf.j2 - dest: "{{ nginx_conf_dir }}/gitea-nginx.conf" - when: nginx_install and gitea_enabled - -- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf - file: - path: "{{ nginx_conf_dir }}/gitea-nginx.conf" - state: absent - when: nginx_install and not gitea_enabled - -- name: Restart 'nginx' systemd service - systemd: - name: nginx - state: restarted - when: nginx_enabled | bool - - -- name: Add 'gitea' to list of services at {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: gitea - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Gitea - - option: description - value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' - - option: gitea_run_directory - value: "{{ gitea_run_directory }}" - - option: gitea_url - value: "{{ gitea_url }}" - - option: gitea_enabled - value: "{{ gitea_enabled }}" diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 7f3b94815..9b8ea9868 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -1,4 +1,4 @@ -# Prepare to install Gitea: create user and directory structure +# 1. Prepare to install Gitea: create user and directory structure - name: Shut down existing Gitea instance (if we're reinstalling) systemd: @@ -16,11 +16,11 @@ name: gitea comment: Gitea daemon account groups: gitea - home: "{{ gitea_home }}" + home: "{{ gitea_home }}" # /home/gitea - name: Create Gitea directory structure file: - path: "{{ gitea_root_directory }}/{{ item }}" + path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea state: directory owner: gitea group: gitea @@ -28,14 +28,15 @@ - name: Make directories data, indexers, and log writable file: - path: "{{ gitea_root_directory }}/{{ item }}" + path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea mode: '0750' with_items: - data - indexers - log -# Download, verify, and link Gitea binary + +# 2. Download, verify, and link Gitea binary - name: Fail if we detect unknown architecture fail: @@ -69,7 +70,8 @@ group: gitea state: link -# Configure Gitea + +# 3. Configure Gitea # For security reasons, the Gitea developers recommend removing group write # permissions from /etc/gitea/ and /etc/gitea/app.ini after the first run of @@ -92,7 +94,8 @@ group: gitea mode: '0664' -# Create systemd service & prepare Apache for http://box/gitea + +# 4. Create systemd service & prepare Apache for http://box/gitea - name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf" template: @@ -103,7 +106,7 @@ - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" } -# RECORD Gitea AS INSTALLED +# 5. RECORD Gitea AS INSTALLED - name: "Set 'gitea_installed: True'" set_fact: diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 94caaffe5..e62580de6 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,7 +1,67 @@ -- name: Install Gitea {{ gitea_version }} if gitea_install - include_tasks: install.yml - when: gitea_install and not (gitea_installed is defined) +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- name: Enable Gitea {{ gitea_version }} if gitea_install - include_tasks: enable.yml - when: gitea_install or gitea_installed is defined +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "gitea_install is sameas true" (boolean not string etc) + assert: + that: gitea_install is sameas true + fail_msg: "PLEASE SET 'gitea_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "gitea_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: gitea_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'gitea_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: gitea_installed is undefined + + +- name: Enable & Restart 'gitea' systemd service, if gitea_enabled + systemd: + name: gitea + daemon_reload: yes + enabled: yes + state: restarted + when: gitea_enabled | bool + +- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled + systemd: + name: gitea + enabled: no + state: stopped + when: not gitea_enabled + +- name: Enable/Disable/Restart Apache if primary + include_tasks: apache.yml + when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool + + +- name: Add 'gitea' to list of services at {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml + section: gitea + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Gitea + - option: description + value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' + - option: gitea_run_directory + value: "{{ gitea_run_directory }}" + - option: gitea_url + value: "{{ gitea_url }}" + - option: gitea_enabled + value: "{{ gitea_enabled }}" diff --git a/roles/gitea/tasks/nginx.yml b/roles/gitea/tasks/nginx.yml new file mode 100644 index 000000000..e0a16c567 --- /dev/null +++ b/roles/gitea/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template + template: + src: gitea-nginx.conf.j2 + dest: "{{ nginx_conf_dir }}/gitea-nginx.conf" # /etc/nginx/conf.d + when: gitea_enabled | bool + +- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_conf_dir }}/gitea-nginx.conf + file: + path: "{{ nginx_conf_dir }}/gitea-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not gitea_enabled + +- name: Restart 'nginx' systemd service + systemd: + name: nginx + state: restarted diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index ba6321aed..603982713 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -19,12 +19,12 @@ quiet: yes -- name: Install Lokole {{ lokole_version }} if lokole_installed is not defined +- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: lokole_installed is undefined -- name: Enable & Restart 'lokole' systemd service +- name: Enable & Restart 'lokole' systemd service, if lokole_enabled systemd: name: lokole daemon_reload: yes @@ -32,7 +32,7 @@ state: restarted when: lokole_enabled | bool -- name: Disable & Stop 'lokole' systemd service +- name: Disable & Stop 'lokole' systemd service, if not lokole_enabled systemd: name: lokole enabled: no diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index 9aeb1945e..1a0d5d6e6 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -24,9 +24,6 @@ when: osm_vector_maps_installed is undefined -#- name: Install countries.json, map_functions.js & 2 index.html's under-or-in {{ vector_map_path }}/maplist # /library/www/osm-vector-maps -# include_tasks: enable-or-disable.yml - - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled include_tasks: nginx.yml when: nginx_enabled | bool From 84c02adf7c161fd30ac004cb820c4b2199ac1d69 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 1 Feb 2020 18:33:52 -0500 Subject: [PATCH 2/5] Screen output of gitea/tasks/install.yml --- roles/gitea/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 9b8ea9868..7ccb3350c 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -43,7 +43,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" @@ -78,7 +78,7 @@ # Gitea. User gitea needs write permissions during the first run but not # subsequent runs. -- name: Create Gitea config directory +- name: mkdir /etc/gitea file: state: directory path: /etc/gitea @@ -86,7 +86,7 @@ group: gitea mode: '0770' -- name: Create app.ini +- name: Install /etc/gitea/app.ini from template template: src: app.ini.j2 dest: /etc/gitea/app.ini From 5f8004c126735b526d96d0c7a98ca2ea6e91086c Mon Sep 17 00:00:00 2001 From: root Date: Sat, 1 Feb 2020 18:39:51 -0500 Subject: [PATCH 3/5] rm enable-or-disable.yml.deprecated --- .../tasks/enable-or-disable.yml.deprecated | 32 ------------------- 1 file changed, 32 deletions(-) delete mode 100644 roles/osm-vector-maps/tasks/enable-or-disable.yml.deprecated diff --git a/roles/osm-vector-maps/tasks/enable-or-disable.yml.deprecated b/roles/osm-vector-maps/tasks/enable-or-disable.yml.deprecated deleted file mode 100644 index 58c6bea5e..000000000 --- a/roles/osm-vector-maps/tasks/enable-or-disable.yml.deprecated +++ /dev/null @@ -1,32 +0,0 @@ -# This depends on iiab-admin-console which is not yet installed -#- name: Run the script that does osm-vector-maps housekeeping -# shell: /usr/bin/iiab-update-map - -- name: Copy countries.json (geojson) to {{ vector_map_path }}/maplist/assets - copy: - src: countries.json - dest: "{{ vector_map_path }}/maplist/assets" # /library/www/osm-vector-maps - -# It is too complicated to use a single file for both iiab and admin-console -- name: Copy map_functions.js (duplicated JavaScript) to {{ vector_map_path }}/maplist/assets - copy: - src: map_functions.js - dest: "{{ vector_map_path }}/maplist/assets" # /library/www/osm-vector-maps - -- name: Install {{ vector_map_path }}/maplist/index.html from template, for test page http://box/maps/maplist - template: - src: index.html - dest: "{{ vector_map_path }}/maplist/index.html" # /library/www/osm-vector-maps - -#- name: Does the {{ vector_map_path }}/index.html redirect already exist? -# stat: -# path: "{{ vector_map_path }}/index.html" -# register: osm_redirect - -#Copy the redirect to the test page -- delete this later if more than one map -- name: Install {{ vector_map_path }}/index.html redirect for http://box/maps -> http://box/osm-vector-maps - copy: - force: no - src: test-index.redirect - dest: "{{ vector_map_path }}/index.html" # /library/www/osm-vector-maps - #when: not osm_redirect.stat.exists From b81729bce6db2292aad083f6dedf88f4865f5c45 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 1 Feb 2020 18:52:23 -0500 Subject: [PATCH 4/5] Revise roles/nginx/README.md --- roles/nginx/README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 368e8b8ed..038b84b7e 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -1,6 +1,6 @@ ### Transition to NGINX -1. Initial testing strategy (December 2019 - January 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below. +1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below. Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below. @@ -10,13 +10,14 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2020-01-24: +3. Current state of IIAB App/Service migrations as of 2020-02-01: 1. These support "Native" NGINX but ***NOT*** Apache * Admin Console * captiveportal + * IIAB documentation (http://box/info) * osm-vector-maps - * RACHEL-like modules + * OER2Go/RACHEL modules * usb-lib 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) for your testing). @@ -31,13 +32,13 @@ * wordpress 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/0-init/tasks/main.yml#L40-L44](../0-init/tasks/main.yml#L40-L44) for a list of these IIAB Apps/Services, that auto-enable Apache. - * dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056)) * elgg * lokole * moodle * nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119)) * nodered - 4. Not Yet Dealt With! + 4. These run their own web server, each off of their own unique port(s) (IIAB's has links to these). In future we'd like mnemonic URLs for these: (http://box/calibre, http://box/archive, http://box/kalite) + * calibre (menu goes directly to port 8080) * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) * kalite (menu goes directly to ports 8006-8008) From 52e063a341bb571c3e89793737adf35ed47d637e Mon Sep 17 00:00:00 2001 From: root Date: Sat, 1 Feb 2020 19:00:31 -0500 Subject: [PATCH 5/5] roles/nginx/README.md typos, verbiage --- roles/nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 038b84b7e..853ddc9ba 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -38,7 +38,7 @@ * nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119)) * nodered - 4. These run their own web server, each off of their own unique port(s) (IIAB's has links to these). In future we'd like mnemonic URLs for these: (http://box/calibre, http://box/archive, http://box/kalite) + 4. These each run their own web server, i.e. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) * calibre (menu goes directly to port 8080) * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) * kalite (menu goes directly to ports 8006-8008)