diff --git a/LICENSING.md b/LICENSING.md index 37327894b..fac901b1d 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2020, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. diff --git a/README.md b/README.md index 21238b9ab..e3e21c389 100644 --- a/README.md +++ b/README.md @@ -35,11 +35,12 @@ Finally, you can [customize your Internet-in-a-Box home page](http://wiki.laptop Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians *and* IT/UX/QA people of all kinds! -Please see "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO) +If you would like to volunteer, please [make contact](http://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO) -To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide). FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) to install, deploy, configure and manage the various software components. + -To learn more about our open community architecture for "offline" education, start by reviewing "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)" +To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)" +FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) to install, deploy, configure and manage the various software components. *Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* diff --git a/iiab-support b/iiab-support index 66c8e54ae..91ec00a7d 100755 --- a/iiab-support +++ b/iiab-support @@ -46,7 +46,7 @@ else echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n" fi -if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then +if grep -q '^openvpn_installed: True\b' /etc/iiab/iiab_state.yml; then echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n" else echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n" @@ -58,8 +58,6 @@ else if [ -d /opt/iiab/iiab ]; then cd /opt/iiab/iiab - #CWD=`pwd` - #export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" ansible -m setup -i $INVENTORY localhost --connection=local | grep python ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local diff --git a/roles/1-prep/README.rst b/roles/1-prep/README.rst index e6dec28f7..b8fe2d884 100644 --- a/roles/1-prep/README.rst +++ b/roles/1-prep/README.rst @@ -2,7 +2,15 @@ 1-prep README ============= -This 1st stage is primarily hardware-focused, prior to OS additions/mods. +This 1st stage (1-prep) is primarily hardware-focused, prior to OS +additions/mods, but also includes critical pieces sometimes needed for +remote support: -Traditionally it included preliminaries like hostname and things specific to a -particular platform, such as the XO laptop, done before the bulk of the install. +- SSH +- `iiab-admin `_ username and group to log into Admin Console +- OpenVPN software if/as needed later for remote support + +Traditionally 1-prep also included preliminaries like hostname and +hardware-oriented things specific to a particular platform (such as +One Laptop Per Child's XO laptop) i.e. critical setup prior to the +bulk of IIAB's software install. diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index 3056e98fb..dc71f4a13 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -1,11 +1,11 @@ -- name: Install package networkd-dispatcher (OS's other than RaspOS) +- name: Install package networkd-dispatcher (OS's other than RaspiOS) package: name: networkd-dispatcher state: present when: not is_raspbian # used in the network role -- name: Install network related packages (debuntu) +- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask (debuntu)' package: name: - iproute2 @@ -15,7 +15,7 @@ state: present when: is_debuntu -- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu) +- name: Install /etc/network/if-pre-up.d/iptables from template (0755, debuntu) template: src: iptables dest: /etc/network/if-pre-up.d/iptables diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 4c8afe1c9..2711231eb 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -4,10 +4,12 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, including: -- the web server (Apache for now, possibly NGINX in future) -- administrator security (username iiab-admin by default) -- MySQL (the database underlying many/most user-facing apps) +- `MySQL `_ (database underlying many/most user-facing apps). This IIAB role also installs apt package: + - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** +- `NGINX `_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: + - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** +- `www_base `_ (similar to `www_options `_ which runs later in 4-server-options) -4-server-options follows with more diverse/optional server infra functionality. +Recap: as with 2-common, 4-server-options and 5-xo-services: this 3rd stage installs core server infra, that is not user-facing. -As in the case of 2-common, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing. +The next stage (4-server-options) brings more diverse/optional server infra functionality. diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 4a42df9e2..c364ef6b3 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,14 +3,14 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: MYSQL +- name: MYSQL + CORE PHP include_role: name: mysql #when: mysql_install -# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles: +# 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles: # -# cups, elgg, lokole, moodle, nodered, pbx, phpmyadmin +# cups, elgg, moodle, nodered, pbx, phpmyadmin # # These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files: # @@ -19,7 +19,7 @@ # # SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: NGINX +- name: NGINX + CORE PHP include_role: name: nginx #when: nginx_install diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index b65585ded..7922c4dac 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -30,6 +30,12 @@ name: calibre-web when: calibreweb_install +- name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19" + package: + name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (also installed by MediaWiki, Nextcloud, roles/pbx's FreePBX, WordPress) AND 'php{{ php_version }}-cgi' (also installed by roles/pbx's FreePBX) + state: present + when: admin_console_install + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 23e98a4b1..33c4ac8c8 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,31 +1,29 @@ # TO DO: # -# - Prepare for a possible future w/o Apache by verifying/refining below... -# - 5 'when: apache_installed is defined' -# - 1 'when: nginx_install' -# - 8 core stanzas w/o such 'when:' clauses +# Prepare for a possible future w/o Apache by verifying/refining below... +# - 5 'when: apache_installed is defined' (2021-05-21: COMMENT OUT THESE STANZAS SOON!?) +# - 1 'when: nginx_install' +# - 8 core stanzas w/o such 'when:' clauses -- name: 'Install 3 packages: awstats, openssl, pwauth' +- name: 'Install package: awstats' package: - name: - - awstats - - pwauth - - openssl + name: awstats state: present -- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external' +- name: 'Install package: pwauth (when: apache_installed is defined)' package: name: - - libapache2-mod-authnz-external - - apache2-utils + - pwauth # Auto-installs apache2-bin and libapache2-mod-authnz-external + #- apache2-utils # Unneeded? (In any case, already installed by Apache itself.) + #- openssl # Unneeded? (In any case, already installed by most every Linux distro.) state: present when: apache_installed is defined -- name: Run 'a2enmod cgi' to enable cgi execution via Apache +- name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)" command: a2enmod cgi when: apache_installed is defined -- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx +- name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)' file: state: directory recurse: yes @@ -41,7 +39,7 @@ state: directory recurse: yes path: "{{ item }}" - owner: "{{ apache_user }}" + owner: "{{ apache_user }}" # USED FOR NGINX TOO: 'www-data' on debuntu group: "{{ apache_user }}" mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits #force: yes @@ -49,13 +47,13 @@ - "{{ awstats_data_dir }}" # /library/awstats - /usr/lib/cgi-bin/awstats # create backward compatible path for awstats -- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template +- name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)' template: src: apache-awstats.conf dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu when: apache_installed is defined -- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable +- name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)" template: src: logrotate.d.apache2 dest: /etc/logrotate.d/apache2 diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index b6411b7f4..3b31b8631 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -49,7 +49,7 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no - virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} when: internet_available - name: Install /etc/systemd/system/calibre-web.service from template diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index 4db295fdc..01c1d932a 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -1,10 +1,9 @@ -- name: "Download & install packages: python3-dateutil, python3-jinja2" +- name: "Install packages: python3-dateutil, python3-jinja2" package: - name: "{{ item }}" + name: + - python3-dateutil + - python3-jinja2 state: present - with_items: - - python3-dateutil - - python3-jinja2 - name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }} file: diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index d0ccbb079..a23a1dc7b 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -1,14 +1,13 @@ -- name: 'Install 4 packages: apache2, libapache2-mod-php{{ php_version }}, php{{ php_version }}, php{{ php_version }}-curl' +- name: 'Install 2 packages: {{ apache_service }}, libapache2-mod-php{{ php_version }}' package: #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings) #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS? name: - "{{ apache_service }}" # apache2 on Debuntu - - "libapache2-mod-php{{ php_version }}" # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -# - "php{{ php_version }}" -# - "php{{ php_version }}-curl" + - libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -- 2021-06-28 FYI: this also drags in libsodium23 (likewise installed via nginx/tasks/install.yml AND moodle/tasks/install.yml) + #- "php{{ php_version }}" + #- "php{{ php_version }}-curl" state: present - when: is_debuntu # when: is_debian # - name: 'Install 2 packages: apache2, php (ubuntu)' @@ -39,29 +38,29 @@ # when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16) # #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18 -- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)' - package: - #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings) - #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS - name: - - httpd - - mod_authnz_external - - php - - php-curl - state: present - when: is_redhat +#- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)' +# package: +# #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings) +# #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS +# name: +# - httpd +# - mod_authnz_external +# - php +# - php-curl +# state: present +# when: is_redhat # Remove symlinks for mpm_event, replace with mpm_prefork -- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) +- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled file: path: "/etc/apache2/mods-enabled/{{ item }}" state: absent with_items: - mpm_event.conf - mpm_event.load - when: is_debuntu + #when: is_debuntu -- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu) +- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available file: src: "/etc/apache2/mods-available/{{ item }}" path: "/etc/apache2/mods-enabled/{{ item }}" @@ -69,9 +68,9 @@ with_items: - mpm_prefork.conf - mpm_prefork.load - when: is_debuntu + #when: is_debuntu -- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)' +- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)' apache2_module: name: "{{ item }}" with_items: @@ -80,16 +79,16 @@ - proxy_html - proxy_http - rewrite - when: is_debuntu + #when: is_debuntu -- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu) +- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled file: path: "{{ item }}" state: absent with_items: - /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere? - /etc/apache2/sites-enabled/000-default.conf - when: is_debuntu + #when: is_debuntu - name: Create Apache's pid dir /var/run/{{ apache_user }} file: diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 2dd6863d8..689851636 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,11 @@ include_role: name: nodejs -- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x, 12.x or 14.x - fail: - msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x or 14.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" - when: (nodejs_version != "10.x") and (nodejs_version != "12.x") and (nodejs_version != "14.x") +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 16.x + assert: + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('16.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 16.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" set_fact: diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 512683d6e..a03d179e8 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-4 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-4 -kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-4 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-5 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-5 +kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-5 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 1a18c25c9..12e602d3c 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -4,10 +4,10 @@ set_fact: kiwix_src_dir: False -- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71)" +- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71 or aarch64)" set_fact: kiwix_src_dir: "{{ kiwix_version_armhf }}" - when: ansible_machine == "armv7l" or ansible_machine == "armv6l" or ansible_machine == "aarch64" + when: ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64" - name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)" set_fact: diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index a111cf014..1c270711d 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -26,11 +26,11 @@ Automatic Device Provisioning When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml `_) the installation will set up the following defaults:: - Kolibri Facility name: 'Kolibri-in-a-Box' - Kolibri Preset type: formal # Options: formal, nonformal, informal - Kolibri default language: en # Options: ar, bn-bd, en, es-es, fa, fr-fr, hi-in, mr, nyn, pt-br, sw-tz, ta, te, ur-pk, yo, zu - Kolibri Admin username: Admin - Kolibri Admin password: changeme + kolibri_facility: Kolibri-in-a-Box + kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py + kolibri_preset: formal # formal, nonformal, informal + kolibri_admin_user: Admin + kolibri_admin_password: changeme *Feel free to override any of the above, by copying the relevant line from /opt/iiab/iiab/roles/kolibri/defaults/main.yml to /etc/iiab/local_vars.yml (then run 'cd /opt/iiab/iiab' followed by './runrole kolibri' per IIAB's general guidelines at http://FAQ.IIAB.IO).* @@ -42,13 +42,17 @@ Kolibri 0.10 introduced ``kolibri manage deprovision`` which will remove user co Troubleshooting --------------- -You can run the server manually with the following commands:: +This unproxied version of Kolibri can sometimes help: http://box:8009/kolibri/ + +You can run Kolibri manually with commands like:: systemctl stop kolibri # Make sure the systemd service is not running export KOLIBRI_HOME=/library/kolibri export KOLIBRI_HTTP_PORT=8009 # Otherwise Kolibri will try to run on default port 8080 kolibri start +...while you look over Kolibri's systemd unit file (`/etc/systemd/system/kolibri.service `_) for the latest parameters! + To return to using the systemd unit file:: kolibri stop diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 0214c66bb..4ee85c631 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -1,7 +1,7 @@ # kolibri_install: False # kolibri_enabled: False -# kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +# kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py # kolibri_http_port: 8009 diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 153fef682..b8f4d030f 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -20,14 +20,17 @@ lokole_admin_password: changeme lokole_install_path: "{{ content_base }}/lokole" # /library/lokole lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv +lokole_confd: /etc/supervisor/conf.d # Info needed to run Lokole: lokole_user: lokole lokole_url: /lokole lokole_uid: "2000" -lokole_run_directory: /home/{{ lokole_user }}/state -lokole_log_directory: /home/{{ lokole_user }}/log -lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock" +lokole_home_dir: /home/{{ lokole_user }} +lokole_run_dir: "{{ lokole_home_dir }}/state" +lokole_log_dir: "{{ lokole_home_dir }}/logs" +lokole_settings: "{{ lokole_run_dir }}/settings.env" +lokole_domain_socket: "{{ lokole_run_dir }}/lokole_gunicorn.sock" lokole_sim_type: LocalOnly lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" # http://box.lan/lokole diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 67d40520e..3678b98b3 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -25,6 +25,13 @@ - libjpeg-dev - libssl-dev - libopenjp2-7 # 2020-02-01: To solve bug #2221 + - supervisor + - usb-modeswitch + - usb-modeswitch-data + - mobile-broadband-provider-info + - ppp + - wvdial + state: present # For development purposes -- To install Lokole from a given commit, add the @@ -75,52 +82,63 @@ ansible.builtin.user: state: present name: "{{ lokole_user }}" + #group: "{{ lokole_user }}" + groups: dialout, dip system: yes - uid: "{{ lokole_uid }}" - home: /home/{{ lokole_user }} + #uid: "{{ lokole_uid }}" + home: "{{ lokole_home_dir }}" -- name: mkdir {{ lokole_run_directory }} +- name: mkdir {{ lokole_run_dir }} file: state: directory - path: "{{ lokole_run_directory }}" + path: "{{ lokole_run_dir }}/lokole_restarter" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" mode: g+rw -- name: mkdir /{{ lokole_user }}/log +- name: mkdir {{ lokole_log_dir }} file: state: directory - path: "{{ lokole_log_directory }}" + path: "{{ lokole_log_dir }}" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" mode: g+rw -- name: Install {{ lokole_run_directory }}/settings.env +- name: Generate key and salt + set_fact: + lokole_key: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}" + lokole_salt: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}" + +- name: Install {{ lokole_settings }} template: src: settings.env.j2 - dest: "{{ lokole_run_directory }}/settings.env" + dest: "{{ lokole_settings }}" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" - mode: a+rw + mode: g+rw -- name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole - template: - src: webapp_secrets.sh.j2 - dest: "{{ lokole_run_directory }}/webapp_secrets.sh" - mode: a+x +#- name: Fixup supervisorctl +# file: +# path: /usr/bin/supervisorctl +# owner: root +# group: "{{ lokole_user }}" +# mode: u=rw+s,g=rx,o=rx -- name: Install {{ lokole_run_directory }}/webapp.sh from template, to configure Gunicorn +- name: Install {{ lokole_confd }} templates to configure Lokole template: - src: webapp.sh.j2 - dest: "{{ lokole_run_directory }}/webapp.sh" + src: "{{ item.src }}" + dest: "{{ lokole_confd }}" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" - mode: a+x + mode: 0644 + with_items: + - { src: 'lokole_gunicorn.conf' } + - { src: 'lokole_celery_beat.conf' } + - { src: 'lokole_celery_worker.conf' } + - { src: 'lokole_restarter.conf' } - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole - shell: | - . {{ lokole_run_directory }}/webapp_secrets.sh - {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' + include_tasks: setup.yml #- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole # template: @@ -129,24 +147,12 @@ # mode: 0644 # when: apache_install -- name: Install unit files {lokole.service, celery.service, celerybeat.service, lokole_restarter.service} into /etc/systemd/system, from template - template: - src: "{{ item.src }}" - dest: "{{ item.dest}}" - mode: 0644 - with_items: - - { src: 'lokole.service.j2', dest: '/etc/systemd/system/lokole.service' } - - { src: 'celery.service.j2', dest: '/etc/systemd/system/celery.service' } - - { src: 'celerybeat.service.j2', dest: '/etc/systemd/system/celerybeat.service' } - - { src: 'lokole_restarter.service.j2', dest: '/etc/systemd/system/lokole_restarter.service' } - - -# RECORD Lokole AS INSTALLED - - name: "Set 'lokole_installed: True'" set_fact: lokole_installed: True +# RECORD Lokole AS INSTALLED + - name: "Add 'lokole_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index ff0f1836a..5d4bdc72b 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -24,43 +24,27 @@ when: lokole_installed is undefined -- name: Do a 'systemctl daemon-reload' if lokole_enabled +- name: Do a 'systemctl daemon-reload' systemd: daemon_reload: yes when: lokole_enabled -- name: Enable & Restart {lokole, celery, celerybeat, lokole_restarter} systemd services, if lokole_enabled +- name: Enable & Restart supervisor systemd service, if lokole_enabled systemd: - name: "{{ item }}" + name: supervisor enabled: yes state: restarted when: lokole_enabled - with_items: - - lokole - - celery - - celerybeat - - lokole_restarter -- name: Disable & Stop all 4 (above) systemd services, if not lokole_enabled +- name: Disable & Stop supervisor systemd service, if not lokole_enabled systemd: - name: "{{ item }}" + name: supervisor enabled: no state: stopped when: not lokole_enabled - with_items: # @jvonau prefers reverse starting order, if stopping these 4 - - lokole_restarter - - celerybeat - - celery - - lokole - -#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache -#- name: Enable/Disable/Restart Apache if primary -# include_tasks: apache.yml -# when: not nginx_enabled - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - #when: nginx_enabled - name: Add 'lokole' variable values to {{ iiab_ini_file }} @@ -79,8 +63,8 @@ value: "{{ lokole_install }}" - option: lokole_enabled value: "{{ lokole_enabled }}" - - option: lokole_run_directory - value: "{{ lokole_run_directory }}" + - option: lokole_settings + value: "{{ lokole_settings }}" - option: lokole_url value: "{{ lokole_url }}" - option: lokole_full_url diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml new file mode 100644 index 000000000..1f49661c6 --- /dev/null +++ b/roles/lokole/tasks/setup.yml @@ -0,0 +1,20 @@ +- name: start supervisor + systemd: + name: supervisor + state: started + +- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole + shell: | + while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env + {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' + +- name: Change owner of dbfiles + file: + path: "{{ item.path }}" + state: file + owner: "{{ lokole_user }}" + group: "{{ lokole_user }}" + mode: u=rw + loop: + - { path: "{{ lokole_run_dir }}/users.sqlite3" } +# - { path: "{{ lokole_run_dir }}/celery.sqlite3" } diff --git a/roles/lokole/templates/celery.service.j2 b/roles/lokole/templates/celery.service.unused similarity index 100% rename from roles/lokole/templates/celery.service.j2 rename to roles/lokole/templates/celery.service.unused diff --git a/roles/lokole/templates/celerybeat.service.j2 b/roles/lokole/templates/celerybeat.service.unused similarity index 100% rename from roles/lokole/templates/celerybeat.service.j2 rename to roles/lokole/templates/celerybeat.service.unused diff --git a/roles/lokole/templates/lokole.service.j2 b/roles/lokole/templates/lokole.service.unused similarity index 100% rename from roles/lokole/templates/lokole.service.j2 rename to roles/lokole/templates/lokole.service.unused diff --git a/roles/lokole/templates/lokole_celery_beat.conf b/roles/lokole/templates/lokole_celery_beat.conf new file mode 100644 index 000000000..b751b3453 --- /dev/null +++ b/roles/lokole/templates/lokole_celery_beat.conf @@ -0,0 +1,10 @@ +[program:lokole_celery_beat] +command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks beat --pidfile={{ lokole_run_dir }}/lokole_celery_beat.pid --loglevel=error +autostart=true +autorestart=true +startretries=3 +stopasgroup=true +stderr_logfile={{ lokole_log_dir }}/lokole_celery_beat.stderr.log +stdout_logfile={{ lokole_log_dir }}/lokole_celery_beat.stdout.log +user={{ lokole_user }} +environment=OPWEN_SETTINGS={{ lokole_settings }} diff --git a/roles/lokole/templates/lokole_celery_worker.conf b/roles/lokole/templates/lokole_celery_worker.conf new file mode 100644 index 000000000..5f25258fd --- /dev/null +++ b/roles/lokole/templates/lokole_celery_worker.conf @@ -0,0 +1,10 @@ +[program:lokole_celery_worker] +command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2 +autostart=true +autorestart=true +startretries=3 +stopasgroup=true +stderr_logfile={{ lokole_log_dir }}/lokole_celery_worker.stderr.log +stdout_logfile={{ lokole_log_dir }}/lokole_celery_worker.stdout.log +user={{ lokole_user }} +environment=OPWEN_SETTINGS={{ lokole_settings }} diff --git a/roles/lokole/templates/lokole_gunicorn.conf b/roles/lokole/templates/lokole_gunicorn.conf new file mode 100644 index 000000000..a2a940ed4 --- /dev/null +++ b/roles/lokole/templates/lokole_gunicorn.conf @@ -0,0 +1,10 @@ +[program:lokole_gunicorn] +command={{ lokole_venv }}/bin/gunicorn --bind=unix:{{ lokole_run_dir }}/lokole_gunicorn.sock --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app +autostart=true +autorestart=true +startretries=3 +stopasgroup=true +stderr_logfile={{ lokole_log_dir }}/lokole_gunicorn.stderr.log +stdout_logfile={{ lokole_log_dir }}/lokole_gunicorn.stdout.log +user={{ lokole_user }} +environment=OPWEN_SETTINGS={{ lokole_settings }} diff --git a/roles/lokole/templates/lokole_restarter.conf b/roles/lokole/templates/lokole_restarter.conf new file mode 100644 index 000000000..94f580e9c --- /dev/null +++ b/roles/lokole/templates/lokole_restarter.conf @@ -0,0 +1,10 @@ +[program:lokole_restarter] +command={{ lokole_venv }}/bin/manage.py restarter --directory={{ lokole_run_dir }}/lokole_restarter +autostart=true +autorestart=true +startretries=3 +stopasgroup=true +stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log +stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log +user=root +environment=OPWEN_SETTINGS={{ lokole_settings }} diff --git a/roles/lokole/templates/lokole_restarter.service.j2 b/roles/lokole/templates/lokole_restarter.service.unused similarity index 100% rename from roles/lokole/templates/lokole_restarter.service.j2 rename to roles/lokole/templates/lokole_restarter.service.unused diff --git a/roles/lokole/templates/settings.env.j2 b/roles/lokole/templates/settings.env.j2 index e1d15bdfc..6f87ad277 100644 --- a/roles/lokole/templates/settings.env.j2 +++ b/roles/lokole/templates/settings.env.j2 @@ -1,8 +1,11 @@ -OPWEN_SETTINGS='{{ lokole_run_directory }}/settings.env' -OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}' -OPWEN_APP_ROOT='{{ lokole_url }}/' +OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env +OPWEN_STATE_DIRECTORY={{ lokole_run_dir }} +OPWEN_APP_ROOT={{ lokole_url }}/ OPWEN_MAX_UPLOAD_SIZE_MB=10 -OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *' -OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}' -OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}' -OPWEN_SIM_TYPE='{{ lokole_sim_type }}' +OPWEN_SYNC_SCHEDULE="1,16,31,46 * * * *" +OPWEN_RESTART_PATH={{ lokole_run_dir }}/lokole_restarter/lokole_gunicorn=HUP,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_worker=,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_beat= +OPWEN_SESSION_KEY={{ lokole_key }} +OPWEN_SECRET_KEY={{ lokole_key }} +OPWEN_PASSWORD_SALT={{ lokole_salt }} +OPWEN_SIM_TYPE={{ lokole_sim_type }} +OPWEN_CLIENT_NAME={{ lokole_client_id }} diff --git a/roles/lokole/templates/webapp.sh.j2 b/roles/lokole/templates/webapp.sh.unused similarity index 100% rename from roles/lokole/templates/webapp.sh.j2 rename to roles/lokole/templates/webapp.sh.unused diff --git a/roles/lokole/templates/webapp_secrets.sh.j2 b/roles/lokole/templates/webapp_secrets.sh.unused similarity index 100% rename from roles/lokole/templates/webapp_secrets.sh.j2 rename to roles/lokole/templates/webapp_secrets.sh.unused diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index af46dae66..21ebdcf20 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.35 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_major_version: 1.36 # "1.35" also works +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 085567fbf..47edf6429 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,10 +1,23 @@ -- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring' +# https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP +- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml' package: name: - - "php{{ php_version }}-intl" - - "php{{ php_version }}-mbstring" + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-intl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + #- php{{ php_version }}-json # See stanza just below + - php{{ php_version }}-mbstring # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-xml # 2021-06-27: REQUIRED (AND ENFORCED) despite this being missing from MediaWiki's above requirements doc! Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml state: present +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') + - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }} get_url: url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}" @@ -18,7 +31,7 @@ unarchive: src: "{{ downloads_dir }}/{{ mediawiki_src }}" dest: "{{ mediawiki_install_path }}" # /library - owner: "{{ apache_user }}" + owner: "{{ apache_user }}" # www-data on debuntu group: "{{ apache_user }}" mode: u+rw,g+r,o+r # '0755' forced executable bits on files keep_newer: yes @@ -31,7 +44,7 @@ - name: Start MySQL systemd service ({{ mysql_service }}) so we can create db systemd: - name: "{{ mysql_service }}" + name: "{{ mysql_service }}" # mariadb on debuntu state: started - name: Create MySQL database {{ mediawiki_db_name }} @@ -64,7 +77,7 @@ chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z creates: "{{ mediawiki_abs_path }}/LocalSettings.php" -- name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php +- name: Configure $wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php lineinfile: path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z line: '$wgArticlePath = "/wiki/$1";' diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 367af9fa8..193c21d64 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -1,5 +1,5 @@ -# If using Moodle intensively, consider setting nginx_high_php_limits in: -# /etc/iiab/local_vars.yml +# 2021-07-02 WARNING: Stage 4's roles/www_options/tasks/main.yml FORCES +# (the equivalent of) 'nginx_high_php_limits: True' if 'moodle_install: True' # moodle_install: False # moodle_enabled: False @@ -8,7 +8,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! moodle_version: 311 -moodle_repo_url: https://github.com/moodle/moodle.git +moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab moodle_data: "{{ content_base }}/moodle" # /library diff --git a/roles/moodle/tasks/apache.yml b/roles/moodle/tasks/apache.yml.unused similarity index 100% rename from roles/moodle/tasks/apache.yml rename to roles/moodle/tasks/apache.yml.unused diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 94ee8077d..aa763be59 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -1,11 +1,10 @@ -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True +# 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by +# www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF +# 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml +# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini -- name: APACHE - run 'httpd' role - include_role: - name: httpd +# 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini +# (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" @@ -18,70 +17,55 @@ name: postgresql -- name: Install 8 php packages (debuntu) +# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: +# https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries +# https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml +- name: Install ghostscript + libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: - - php{{ php_version }}-pgsql - - php{{ php_version }}-curl - - php{{ php_version }}-zip - - php{{ php_version }}-gd - - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ - - php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ + #- php-apcu # 2021-07-02: Experiment with fewer dependencies + - ghostscript # 2021-07-02: OPTIONAL -- but useful for annotation of PDF's / assignments + - libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' + #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. + - php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL + #- php{{ php_version }}-json # 2021-07-02: Not requested by Moodle's PHP doc above. Package baked into PHP 8+. FWIW with PHP < 8, phpX.Y-json is already auto-installed by phpX.Y-fpm in 3-base-server's nginx/tasks/install.yml + #- php{{ php_version }}-opcache # 2021-07-02: Experiment with fewer dependencies + #- php{{ php_version }}-readline # 2021-07-02: Experiment with fewer dependencies - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - #- php-sodium # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"' + - php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + #- php{{ php_version }}-xmlrpc # 2021-07-02: Doesn't exist with PHP 8.0 -- officially required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc + - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present - when: is_debuntu -- name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) - stat: - path: "{{ moodle_base }}/config-dist.php" # /opt/iiab/moodle - register: moodle - -- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }} (~300 MB) +- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~350MB initially, ~371MB later) git: - repo: "{{ moodle_repo_url }}" - dest: "{{ moodle_base }}" + repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle + dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - force: yes version: "MOODLE_{{ moodle_version }}_STABLE" #version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/ #ignore_errors: yes - when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists -- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?) +- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: - state: directory path: "{{ moodle_base }}" owner: "{{ apache_user }}" # www-data + group: "{{ apache_user }}" recurse: yes -- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} - file: - state: directory - path: "{{ content_base }}/dbdata/moodle" # /library - owner: "{{ apache_user }}" - -- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}, '0770') +- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}) (by default 755 = drwxr-xr-x initially, but moodle_installer sets drwxrwsrwx below) file: state: directory path: "{{ moodle_data }}" # /library/moodle owner: "{{ apache_user }}" group: "{{ apache_user }}" - #mode: '0770' # Regardless, permissions end up as: drwxrwsrwx -- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf - file: - path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available - state: absent -# 2021-02-01: Not nec if we can hopefully migrate from Apache to NGINX soon! -- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template - template: - src: 022-moodle.j2 - dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf" - -# roles/postgresql/templates/postgresql-iiab.service WAS INSTALLED HERE: # /etc/systemd/system/postgresql-iiab.service - name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB systemd: @@ -108,38 +92,53 @@ become: yes become_user: postgres -- name: Install {{ moodle_base }}/moodle_installer from template ('0755') - template: - src: moodle_installer - dest: "{{ moodle_base }}" - mode: '0755' - - name: (Re)Start 'postgresql-iiab' systemd service systemd: name: postgresql-iiab state: restarted #enabled: yes # Service ends up enabled regardless -- name: (Re)Start '{{ apache_service }}' systemd service - systemd: - name: "{{ apache_service }}" - state: restarted -- name: Does {{ moodle_base }}/config.php exist? - stat: - path: "{{ moodle_base }}/config.php" - register: config +- name: Install {{ moodle_base }}/moodle_installer from template (0755) + template: + src: moodle_installer + dest: "{{ moodle_base }}" + mode: 0755 -- name: Execute {{ moodle_base }}/moodle_installer +- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" - when: config.stat.exists is defined and not config.stat.exists + args: + creates: "{{ moodle_base }}/config.php" -# 2021-02-01: Let's stick with Moodle's default (640) -#- name: Make {{ moodle_base }}/config.php readable, with permission '0644' -# #command: chown -R {{ apache_user }} {{ moodle_base }} -# file: -# path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle -# mode: '0644' +# 2021-07-05: For /opt/iiab/moodle, let's stick with default permissions from +# above (755 dirs & 644 files), and ownership (www-data:www-data), as we do in +# moodle/tasks/mathjax.yml + +# 2021-07-05: Seems like a good idea but Moodle's permissions recommendations +# at https://docs.moodle.org/20/en/Creating_Moodle_site_data_directory don't +# actually mandate this: +# +# - name: chmod -R o-rwx {{ moodle_data }} e.g. drwxrwsrwx to drwxrws--- +# file: +# path: "{{ moodle_data }}" # /library/moodle +# mode: o-rwx +# recurse: yes + +# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect +# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287 +- name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files" + lineinfile: + path: "{{ moodle_base }}/config.php" + line: '$CFG->{{ item.name }} = {{ item.value }};' + insertbefore: '^\$CFG->directorypermissions' + with_items: + #- { name: 'backuptempdir', value: "'{{ moodlebox_moodle_data_dir }}/backup'" } + - { name: 'xsendfile', value: "'X-Accel-Redirect'" } + - { name: 'xsendfilealiases', value: "array('/dataroot/' => $CFG->dataroot)" } + #- { name: 'customfiletypes', value: "array(\n (object)array(\n 'extension' => 'crt',\n 'icon' => 'sourcecode',\n 'type' => 'application/x-x509-ca-cert',\n 'customdescription' => 'X.509 CA certificate'\n )\n)"} + #- { name: 'showcampaigncontent', value: 'false' } + +- include_tasks: mathjax.yml # RECORD Moodle AS INSTALLED diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 621e30fb4..5c4e6bf73 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -29,19 +29,16 @@ postgresql_install: True postgresql_enabled: True # Revert just below if... -- name: "Set 'postgresql_enabled: False' if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'" +- name: "Set 'postgresql_enabled: False' if not moodle_enabled" set_fact: postgresql_enabled: False - when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled) + when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) - name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) include_role: name: postgresql -- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - include_tasks: apache.yml - - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml diff --git a/roles/moodle/tasks/mathjax.yml b/roles/moodle/tasks/mathjax.yml new file mode 100644 index 000000000..046e3f747 --- /dev/null +++ b/roles/moodle/tasks/mathjax.yml @@ -0,0 +1,27 @@ +# 2021-07-05: Thanks to https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/mathjax.yml + +# Verify this Moodle plugin after installation at: +# http://box.lan/moodle/admin/plugins.php +# http://box.lan/moodle/admin/settings.php?section=filtersettingmathjaxloader + +- name: Download (clone) MathJax library/plugin from https://github.com/mathjax/MathJax to {{ moodle_base }}/lib/MathJax + git: + repo: https://github.com/mathjax/MathJax # Or: git://github.com/mathjax/MathJax.git + dest: "{{ moodle_base }}/lib/MathJax" # /opt/iiab/moodle + #version: "{{ moodle_mathjax_version }}" # 2021-07-05: https://github.com/moodlebox/moodlebox/blob/master/default.config.yml uses 2.7.9 from 2020-08-25 -- whereas https://github.com/mathjax/MathJax/releases offers 3.2.0 from 2021-07-17 + depth: 1 + +- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/lib/MathJax + file: + path: "{{ moodle_base }}/lib/MathJax" + owner: "{{ apache_user }}" # www-data + group: "{{ apache_user }}" # MoodleBox uses {{ moodlebox_username }} set to 'moodlebox' in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml + #mode: ug+w,o-w # 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/install.yml + recurse: yes + +# SEE https://github.com/moodle/moodle/blob/master/filter/mathjaxloader/lang/en/filter_mathjaxloader.php +- name: Run {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader to change MathJax library/plugin URL + command: > + /usr/bin/php {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader --name=httpsurl --set=/lib/MathJax/MathJax.js + register: mathjax_url_result + changed_when: mathjax_url_result.rc == 0 diff --git a/roles/moodle/templates/022-moodle.j2 b/roles/moodle/templates/022-moodle.jv.unused similarity index 100% rename from roles/moodle/templates/022-moodle.j2 rename to roles/moodle/templates/022-moodle.jv.unused diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index eea1b9f39..135096c5b 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,13 +1,37 @@ -location /moodle { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:{{ apache_port }}; +# 2021-07-02: Let's monitor & learn from these 3 pages year-by-year: +# https://docs.moodle.org/311/en/Nginx +# https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml +# https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2 + +# This passes 404 pages to Moodle so they can be themed +#error_page 404 /error/index.php; error_page 403 =404 /error/index.php; + +# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect +# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287 +location /dataroot/ { + internal; + alias {{ moodle_data }}/; } -location ~ ^/moodle.*\.php$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:{{ apache_port }}; +location ~ ^/moodle(.*)\.php(.*)$ { + alias {{ moodle_base }}$1.php$2; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + fastcgi_pass php; + + fastcgi_read_timeout 300; # Default is 60s + + include fastcgi_params; # fastcgi.conf also works + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + + # Uncomment to override /etc/php//fpm/php.ini -- FYI Stage 4's + # roles/www_options/tasks/main.yml FORCES these same settings and more + # (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True' + #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; +} + +location ~ ^/moodle { + root {{ iiab_base }}; } diff --git a/roles/moodle/templates/moodle-nginx.conf.j2.native b/roles/moodle/templates/moodle-nginx.conf.j2.native deleted file mode 100644 index bbf2fabe0..000000000 --- a/roles/moodle/templates/moodle-nginx.conf.j2.native +++ /dev/null @@ -1,16 +0,0 @@ -location ^/moodle { - alias /opt/iiab/moodle; - try_files $uri $uri/ index.php =404; -} -location ~ /moodle/(.*)\.php { - root /opt/iiab/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - include fastcgi_params; - fastcgi_index index.php; - fastcgi_pass php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; -} diff --git a/roles/moodle/templates/moodle-nginx.conf.j2.unused b/roles/moodle/templates/moodle-nginx.conf.j2.unused new file mode 100644 index 000000000..eea1b9f39 --- /dev/null +++ b/roles/moodle/templates/moodle-nginx.conf.j2.unused @@ -0,0 +1,13 @@ +location /moodle { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} + +location ~ ^/moodle.*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index d28808161..be6b18bf6 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -6,17 +6,25 @@ # a capital letter, in keeping with Internet-in-a-Box's other server apps? sudo -u {{ apache_user }} \ - /usr/bin/php {{ moodle_base }}/admin/cli/install.php \ - --wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \ - --dataroot={{ moodle_data }} \ - --dbtype=pgsql \ - --dbname={{ moodle_database_name }} \ - --dbuser=Admin --dbpass=changeme \ - --fullname=Your_School \ - --shortname=School \ - --adminuser=admin --adminpass=changeme \ - --non-interactive \ - --agree-license \ - --allow-unstable # TEMPORARY DURING MAY 2018 TESTING + /usr/bin/php {{ moodle_base }}/admin/cli/install.php \ + --wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \ + --dataroot={{ moodle_data }} \ + --dbtype=pgsql \ + --dbname={{ moodle_database_name }} \ + --dbuser=Admin --dbpass=changeme \ + --fullname=Your_School \ + --shortname=School \ + --adminuser=admin --adminpass=changeme \ + --non-interactive \ + --agree-license \ + --allow-unstable # TEMPORARY DURING MAY 2018 TESTING +# 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml : +# --lang= # moodlebox_moodle_lang +# --dbtype=mariadb +# --prefix= # moodlebox_moodle_db_prefix +# --summary= # moodlebox_moodle_summary +# --adminemail= # moodlebox_moodle_username @ moodlebox_hostname .invalid +# Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml -chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php +# 2021-07-05: No longer needed +#chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 5b4d3bc34..30ed53f54 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -5,13 +5,14 @@ # - 7 DB config # - 2 record as installed -- name: 'Install MySQL packages: mariadb-server, mariadb-client (debuntu)' +- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql' package: name: - mariadb-server - mariadb-client + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present - when: is_debuntu # 2020-07-11: # 10 PHP package installs moved to roles/www_base/tasks/main.yml diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 8ef65567b..06dd8beb7 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,19 +25,20 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) -(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini: +(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini: - upload_max_filesize - post_max_size - memory_limit (Nextcloud recommends 512+ MB) - max_execution_time - max_input_time +- max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+) -Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L47-L51](../www_options/tasks/main.yml#L47-L51) +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133) -(4) If you're running Nextcloud 21+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +(4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: -- https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index af304bde5..5d28e6a4a 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -40,38 +40,51 @@ # var: php_new -# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- name: Install ffmpeg + libxml2 + 13 php packages +# 2021-06-27: Use this after Nextcloud 22 is released "2021-07-06" : +# https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: #- dnsutils # NOT REQUESTED by Nextcloud - ffmpeg # Optional (for preview generation) - libxml2 # php-libxml requires libxml2 >= 2.7.0 #- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED? - - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" - - php{{ php_version }}-bz2 # Optional (for extraction of apps) - - php{{ php_version }}-cli # Likely optional? @jvonau says this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 - - php{{ php_version }}-curl - - php{{ php_version }}-gd - - php{{ php_version }}-gmp # Optional (for SFTP storage) - - php{{ php_version }}-imagick # Optional (for preview generation) - - php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters) - - php{{ php_version }}-json + - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" -- Likewise installed in pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-bz2 # OPTIONAL (for extraction of apps) + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + #- php{{ php_version }}-exif # Optional (for image rotation in pictures app) but somehow already installed in our PHP core. + - php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-gmp # OPTIONAL (for SFTP storage) + - php-imagick # OPTIONAL (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml + - php{{ php_version }}-intl # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml + #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) - - php{{ php_version }}-mbstring - - php{{ php_version }}-mysql + - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml #- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT? - #- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php-mysql handles this on all OS's? + #- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's? #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - - php{{ php_version }}-xml # NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) - - php{{ php_version }}-zip + - php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml + - php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? state: present +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') + # https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation #- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020) # package: @@ -94,7 +107,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (~449 MB, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (434-450 MB, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" diff --git a/roles/nextcloud/tasks/nginx.yml b/roles/nextcloud/tasks/nginx.yml index 47a8868ed..a132b3249 100644 --- a/roles/nextcloud/tasks/nginx.yml +++ b/roles/nextcloud/tasks/nginx.yml @@ -16,4 +16,4 @@ state: restarted with_items: - nginx - - "php{{ php_version }}-fpm" + - php{{ php_version }}-fpm diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 80a74f597..785d8eba0 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -1,27 +1,31 @@ ### Transition to NGINX -1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below. +1. Initial testing strategy (December 2019 - February 2020) was to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below. - Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below. + Until "Native" NGINX is later implemented for each such IIAB App/Service — allowing each to move up to *Section ii.* below. + + And potentially later moving each up to *Section i.* if its Apache support is dropped! - And potentially later moving it up to *Section i.* if its Apache support is dropped! - (Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles)) 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2021-05-15: +3. Current state of IIAB App/Service migrations as of 2021-07-06: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))* 1. These support "Native" NGINX but ***NOT*** Apache + * Admin Console * captiveportal * IIAB documentation (http://box/info) * jupyterhub + * moodle + * nodered * osm-vector-maps * OER2Go/RACHEL modules * usb_lib 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: + * awstats * calibre-web * gitea @@ -34,16 +38,16 @@ * sugarizer * wordpress - 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache. + 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache. + * elgg - * moodle - * nodered 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) + * bluetooth * calibre (menu goes directly to port 8080) - * cups [(available on port 631) * shim not yet in place.] - * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*] + * cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)] + * internetarchive (menu goes directly to port 4244) [*, [PR #2120](https://github.com/iiab/iiab/pull/2120)] * kalite (menu goes directly to ports 8006-8008) * minetest * mosquitto @@ -55,4 +59,4 @@ * transmission * vnstat -[*] The 4 above starred roles could use improvement, as of 2021-05-15. +[*] The 4 above starred roles could use improvement, as of 2021-07-06. diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 1410d3277..3516825c1 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -5,16 +5,15 @@ ignore_errors: yes # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 -- name: Install required and helper packages for NGINX +- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3' package: - name: "{{ item }}" + name: + - libnginx-mod-http-subs-filter + - nginx-extras + - php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml) + - uwsgi # Admin Console & roles/captiveportal should really install + - uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these). state: present - with_items: - - nginx-extras - - uwsgi - - uwsgi-plugin-python3 - - php-fpm - - libnginx-mod-http-subs-filter # 2020-10-16: Removed per #2560 #- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console @@ -27,7 +26,7 @@ path: /etc/nginx/sites-enabled/default state: absent -- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf' +- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types' template: src: "{{ item.src }}" dest: "{{ item.dest }}" diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index bd23bd626..a3835e32f 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -1,6 +1,6 @@ # IIAB notes: -# /etc/nginx/sites-enabled is for server declarations -# /etc/nginx/conf.d is for location declarations within the main server block +# /etc/nginx/conf.d/* are included by /etc/nginx/server.conf +# /etc/nginx/sites-enabled/*.conf includes other sites user www-data; worker_processes auto; @@ -79,6 +79,13 @@ http { '' close; } + # 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple + # and LG devices: https://github.com/learningequality/kolibri/issues/8164 + # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges + # This should help all roles! RECAP: when unproxied, Kolibri videos worked + # (http://box:8009/kolibri/) but not when proxied (http://box/kolibri/). + proxy_force_ranges on; + ## # Virtual Host Configs ## diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 6b42b1c14..0272a27f8 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -1,35 +1,35 @@ server { - root {{ doc_root }}; - server_name {{ iiab_hostname }}; - listen 80; - - index index.php index.html index.htm; + root {{ doc_root }}; + server_name {{ iiab_hostname }}; + listen 80; - # let individual services drop location blocks in conf.d - include {{ nginx_conf_dir }}/*; - - location ~ .*\.php$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - fastcgi_pass php; - fastcgi_index index.php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - include fastcgi_params; - } - - location /cgi-bin { - root /usr/lib; - } + index index.php index.html index.htm; - # if you don't like seeing all the errors for missing favicon.ico in root - location = /favicon.ico { access_log off; log_not_found off; } - - # if you don't like seeing errors for a missing robots.txt in root - location = /robots.txt { access_log off; log_not_found off; } - - # this will prevent files like .htaccess .htpassword .secret etc from being served - location ~ /\. { deny all; } + # let individual services drop location blocks in conf.d + include {{ nginx_conf_dir }}/*; + + location ~ .*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; + } + + location /cgi-bin { + root /usr/lib; + } + + # if you don't like seeing all the errors for missing favicon.ico in root + location = /favicon.ico { access_log off; log_not_found off; } + + # if you don't like seeing errors for a missing robots.txt in root + location = /robots.txt { access_log off; log_not_found off; } + + # this will prevent files like .htaccess .htpassword .secret etc from being served + location ~ /\. { deny all; } } diff --git a/roles/nodejs/defaults/main.yml b/roles/nodejs/defaults/main.yml index 6e710710d..e36db5372 100644 --- a/roles/nodejs/defaults/main.yml +++ b/roles/nodejs/defaults/main.yml @@ -1,15 +1,11 @@ -# 2020-01-23: nodejs_install is completely ignored as Node.js is installed on -# demand as a dependency -- by Node-RED, Sugarizer and/or Internet Archive -- -# but for now we set fake value 'nodejs_install: True' for -# 'nodejs_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml +# 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed +# on demand as a dependency by 4 roles -- internetarchive (Internet Archive), +# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: -# nodejs_install: True +# nodejs_install: False # nodejs_enabled: False -# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: -# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer) - -# nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29 +# nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 5a7e0ae0d..ba3536c96 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -32,7 +32,7 @@ # /etc/iiab/local_vars.yml -- then re-run this IIAB installer. # when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == "" -# Forces < 12 or > 12 to be removed, ignored if file is absent +# Forces < 16.x or > 16.x to be removed, ignored if file is absent - name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }} file: state: absent @@ -40,14 +40,14 @@ when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js -# Forces < 12 or > 12 to be uninstalled +# Forces < 16.x or > 16.x to be uninstalled - name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }}) package: name: nodejs state: absent when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" -# Forces == 12 +# Forces == 16.x - name: Warn if Node.js {{ nodejs_version}} already installed & might be updated debug: msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com" diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index f736525cb..e13c68934 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -1,4 +1,4 @@ -# SEE VAR nodejs_version: 14.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR +# SEE VAR nodejs_version: 16.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR # NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml # Duplicate Node.js code unified by @jvonau. Revised by @holta. Used by: diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 2b40ff5d6..8d75cb6e9 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -1,15 +1,5 @@ -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True - -- name: APACHE - run 'httpd' role - include_role: - name: httpd - - -# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) & -# npm to roles/nodejs/tasks/main.yml +# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js [8.x at the time] +# and npm to roles/nodejs/tasks/main.yml - name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'" set_fact: @@ -48,7 +38,7 @@ state: absent when: nodered_install -# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED +# 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # environment, inspired by: # https://nodered.org/docs/hardware/raspberrypi # https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered @@ -112,18 +102,11 @@ dest: /etc/systemd/system/nodered.service # mode: '0666' -- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template - template: - backup: yes - src: nodered.conf.j2 - dest: "/etc/{{ apache_conf_dir }}/nodered.conf" - # mode: '0666' - # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml -- name: Enable proxy_wstunnel apache2 module - apache2_module: - state: present - name: proxy_wstunnel +#- name: Enable proxy_wstunnel apache2 module +# apache2_module: +# state: present +# name: proxy_wstunnel # RECORD Node-RED AS INSTALLED diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 1edf2f34b..2add807b2 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -39,14 +39,8 @@ state: stopped when: not nodered_enabled -#- name: Enable/Disable/Restart Apache if primary -- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - include_tasks: apache.yml - #when: not nginx_enabled - -- name: Enable/Disable/Restart NGINX if primary +- name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - when: nginx_enabled - name: Add 'nodered' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 index 7d4728b16..c9271959b 100644 --- a/roles/nodered/templates/nodered-nginx.conf.j2 +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -1,3 +1,26 @@ +# 'nodered_port: 1880' is set in /opt/iiab/iiab/vars/default_vars.yml +# https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services + location /nodered/ { - proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/; + proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; } + +#location /nodered/debug/ws/ { +# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws; +# +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +#} + +#location /nodered/comms/ { +# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms; +# +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +#} diff --git a/roles/nodered/templates/nodered.conf.j2 b/roles/nodered/templates/nodered.conf.j2.unused similarity index 100% rename from roles/nodered/templates/nodered.conf.j2 rename to roles/nodered/templates/nodered.conf.j2.unused diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 2e58d4516..42c063746 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -170,16 +170,17 @@ dest: "{{ vector_map_path }}/maplist/index.html" force: yes -- name: Get packages necessary for map installation +- name: "Install packages for map installation: python3-wget, php{{ php_version }}-sqlite3, python3-geojson, python3-pil" package: state: present name: - python3-wget - - "php{{ php_version }}-sqlite3" + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-sqlite3 - python3-geojson - python3-pil -- name: Copy a scripts to download tiles +- name: Copy 6 scripts to /usr/bin, for downloading tiles get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/scripts/{{ item }}" dest: /usr/bin/ diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index 52c7783ed..379236fa0 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -1,30 +1,39 @@ -- name: FreePBX - Install dependencies +- name: FreePBX - Install dependencies (run 'php -m' or 'php -i' to verify PHP modules) package: name: - wget - - git + - git - unixodbc # for Asterisk CDR (Call Detail Records) - sudo # required by FreePBX install script - net-tools # required by FWConsole (command-line utility, that controls FreePBX) - cron # required by FreePBX UCP package (User Control Panel) - sox # required for CDR web-playback - - php - - php-pear - - php-cgi - - php-common - - php-curl - - php-mbstring - - php-gd - - php-mysql -# - php-gettext - - php-bcmath - - php-zip - - php-xml - - php-imap - - php-json - - php-snmp - - php-fpm + #- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!) + - php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml + - php{{ php_version }}-cgi + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + - php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml + #- php{{ php_version }}-gettext + - php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml + - php{{ php_version }}-imap + #- php{{ php_version }}-json # See stanza just below + - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + - php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 + - php{{ php_version }}-snmp + - php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + - php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - libapache2-mod-php -# - python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 + #- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 - libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user state: latest + +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index 9cfea8dfc..e8cbd16f2 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,6 +4,6 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.1.0 +phpmyadmin_version: 5.1.1 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index e1cafdb4b..275780063 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -29,7 +29,7 @@ # 2. DOWNLOAD+LINK /opt/iiab/sugarizer -- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB) +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~469 MB) git: repo: https://github.com/llaske/sugarizer dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}" diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index cc8a613d3..2ac843cff 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -11,6 +11,33 @@ # and security enhancements using timestamps under /library/wordpress, as these # can arise without warning when WordPress is online, since WordPress ~4.8 +# 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: +# https://make.wordpress.org/hosting/handbook/server-environment/ +- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) + package: + name: + - libsodium23 # Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND moodle/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' + - php{{ php_version }}-bcmath # OPTIONAL: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php-imagick # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in nextcloud/tasks/install.yml + - php{{ php_version }}-intl # OPTIONAL: Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml + #- php{{ php_version }}-json # See stanza just below + - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + - php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + state: present + +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') + - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} get_url: url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 6d47379e9..5963997a7 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,23 +1,26 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: 'Install ~10 PHP packages (debuntu)' - package: - name: - # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - - php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec? - - php{{ php_version }}-curl - - php{{ php_version }}-gd - - php{{ php_version }}-imap - - php{{ php_version }}-ldap - - php{{ php_version }}-mysql - - php{{ php_version }}-odbc - - php-pear - # - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461. - - php{{ php_version }}-xml # Was below - - php{{ php_version }}-xmlrpc - state: present - when: is_debuntu +# 2021-06-27: Antifragile roles can become less brittle by fully declaring +# their own dependencies (i.e. for modularity, separation-of-concerns, +# encapsulation, compartmentalization, scope sanity, etc). +# +#- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify) +# package: +# name: +# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this unfortunately forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC +# - php{{ php_version }}-common # 2021-06-27: @jvonau suggested this (2020-05-21) to avoid Apache packages dragged in above. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml +# - php{{ php_version }}-curl # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml +# - php{{ php_version }}-gd # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml +# - php{{ php_version }}-imap # 2021-06-27: Installed in pbx/tasks/freepbx_dependencies.yml +# - php{{ php_version }}-ldap # 2021-06-27: Experimentally remove +# - php{{ php_version }}-mysql # 2021-06-30: Installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml +# - php{{ php_version }}-odbc # 2021-06-27: Experimentally remove +# - php-pear # 2021-06-27: REQUIRED BY ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 +# - php{{ php_version }}-sqlite3 # 2020-07-10: Installed in osm-vector-maps/tasks/install.yml as part of OSM fix PR #2464 for #2461 +# - php{{ php_version }}-xml # 2021-06-30: Installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml +# - php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove -- SEE EXPLANATION IN moodle/tasks/main.yml +# state: present - name: Using html.yml include_tasks: html.yml diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 8bf294bd8..99889b480 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -49,17 +49,17 @@ when: lxde_present.stat.exists and chromium_present.stat.exists + - debug: - msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled' + msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install' -- block: # 3-STANZA BLOCK BEGINS +- block: # 5-STANZA BLOCK BEGINS - # FYI roles/nginx has already installed package php-fpm, in 3-base-server + # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - name: Raise 2+2 PHP default values in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/Moodle/PBX (allow photos/docs up to 100MB, 100s timeouts, but preserve PHP's 128MB RAM limit) + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: - path: "/etc/php/{{ php_version }}/fpm/php.ini" - #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: @@ -68,20 +68,38 @@ - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: not nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled + - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - # 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause - # (to reset/restore PHP's defaults) is not necessary at this time. + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + lineinfile: + path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - # COMPARE apache_allow_sudo further below. + # 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional + # clauses (to reset/restore PHP's defaults) are not necessary at this time. + + # 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES* + # editing /etc/php/{{ php_version }}/cli/php.ini (below) -- even though during + # regular operation it instead uses .../apache2/php.ini or .../fpm/php.ini + # + # SEE ALSO roles/moodle/tasks/install.yml WHERE SIMILAR SURGERY'S DONE TO + # /etc/php/{{ php_version }}/apache2/php.ini UNTIL MOODLE'S PORTED TO NGINX! # WARNING: This might cause excess use of RAM/disk or other resources! - # The 5 values below were chosen by @ericnitschke and @kananigit in ~2018. - - name: Enact nginx_high_php_limits in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Nextcloud/Moodle/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, 512MB RAM limit) + # The 5 first values below were chosen by @ericnitschke and @kananigit in ~2018. + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: - path: "/etc/php/{{ php_version }}/fpm/php.ini" - #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: @@ -90,15 +108,29 @@ - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + lineinfile: + path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: - name: "php{{ php_version }}-fpm" + name: php{{ php_version }}-fpm state: restarted - when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled # 3-STANZA BLOCK ENDS + when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. # 'Is a "Rapid Power Off" button possible for low-electricity environments?' diff --git a/scripts/ansible b/scripts/ansible index 98b882729..0ec33185a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -9,31 +9,32 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.11.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.11.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) + +# 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and +# .gpg key etc) are commented out with ### below. Associated guidance/comments +# are intentionally preserved. # 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive # delays in publishing the PPA (.deb installer files) for ansible-core, this # file bypasses the apt approach (and associated PPA source) in favor of: # -# pip3 install ansible-core -# -# What the future holds for 2022+ is not yet clear. So the apt approach (with -# PPA source in /etc/apt/sources.list.d and .gpg key etc) and much associated -# guidance/comments below are NOT being commented out or deleted at this time. +# pip3 install --upgrade ansible-core -# We install the latest 'ansible-core' from PPA, using an OS 'CODENAME' below: -# https://launchpad.net/~ansible/+archive/ubuntu/ansible +# 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either +# OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible # 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED) -if grep -q buster /etc/os-release /etc/debian_version; then - CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros -else - CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) -fi +###if grep -q buster /etc/os-release /etc/debian_version; then +### CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros +###else +### CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) +###fi # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.11 # https://pypi.org/project/ansible-base/ # https://pypi.org/project/ansible-core/ # https://releases.ansible.com/ansible-base/ @@ -47,25 +48,24 @@ fi # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_10.rst # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_11.rst -# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689, #2742 or #2743 ?) +# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743) # IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below # ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible: # TEMPORARILY USE pip3 to install the latest ansible-core as listed at # https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core") -#apt install python3-pip -#pip3 install ansible-core # Then start a new shell, so /usr/local/bin works #apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv +#pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works #ansible-galaxy collection install -r collections.yml -# TEMPORARILY USE ansible-base 2.10.9 (REMOVE W/ "pip3 uninstall ansible-base") +# TEMPORARILY USE ansible-base 2.10.11 (REMOVE W/ "pip3 uninstall ansible-base") #apt install python3-pip -#pip3 install ansible-base==2.10.9 # Start new shell, so /usr/local/bin works +#pip3 install ansible-base==2.10.11 # Start new shell, so /usr/local/bin works -# TEMPORARILY USE ANSIBLE 2.9.21 (REMOVE IT WITH "pip uninstall ansible") +# TEMPORARILY USE ANSIBLE 2.9.23 (REMOVE IT WITH "pip3 uninstall ansible") #apt install python3-pip -#pip3 install ansible==2.9.21 +#pip3 install ansible==2.9.23 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" @@ -77,7 +77,7 @@ export DEBIAN_FRONTEND=noninteractive # Why 'noninteractive' appears needed: # https://github.com/iiab/iiab/issues/564#issuecomment-347264985 -echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE)\n" +echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE ETC)\n" #echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n' echo -e "RECOMMENDED PREREQUISITES:" @@ -121,8 +121,8 @@ fi #$APT_PATH/apt update #$APT_PATH/apt -y install dirmngr #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ -echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ - > /etc/apt/sources.list.d/iiab-ansible.list +###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ +### > /etc/apt/sources.list.d/iiab-ansible.list # In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined @@ -140,25 +140,26 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la # 2021-04-26: JV & @holta WIP: (see above) #echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n' #apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367 -cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg +###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg -echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' -echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" -echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" -echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' -grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) +###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' +###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" +###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" +###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' +###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) -echo -e "\napt update; apt install ansible-core and python3 dependencies explained at:" +echo -e "\napt update; apt install of python3-* / virtualenv packages explained at:" echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" $APT_PATH/apt update -$APT_PATH/apt -y install python3-pip -pip3 install ansible-core #$APT_PATH/apt -y --allow-downgrades install ansible-core \ -$APT_PATH/apt -y --allow-downgrades install \ +$APT_PATH/apt -y install \ python3-pymysql python3-psycopg2 python3-passlib python3-pip \ python3-setuptools python3-packaging python3-venv virtualenv +echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" +pip3 install --upgrade ansible-core + # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support # explicit upgrading of collections (--upgrade / -U flag) in version "2.11" @@ -178,7 +179,9 @@ ansible-galaxy collection install --force-with-deps \ #mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible #echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts -echo -e "SUCCESS INSTALLING ANSIBLE! PLEASE VERIFY WITH COMMANDS LIKE:" +echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " pip show ansible-core" -echo -e " apt -a list ansible-core\n\n" +echo -e ' apt -a list "ansible*"' +echo -e " ansible-galaxy collection list\n" +echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" diff --git a/scripts/ansible.md b/scripts/ansible.md index f43b6364f..7beafcf03 100644 --- a/scripts/ansible.md +++ b/scripts/ansible.md @@ -7,7 +7,7 @@ Starting in November 2019, IIAB's Ansible installer ([/opt/iiab/iiab/scripts/ans 1. Ansible module: [pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html) IIAB installs apt packages: - - **python3-pip** (for IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console)) + - **python3-pip** (for `pip3 install ansible-core` & IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console)) - **python3-setuptools** - **virtualenv** (is Python 3 only, for [roles/kalite](https://github.com/iiab/iiab/tree/master/roles/kalite) & [roles/calibre-web](https://github.com/iiab/iiab/tree/master/roles/calibre-web) ?) and pulls in additional packages... (`apt show virtualenv` shows "Depends: python3, python3-virtualenv") - **python3-virtualenv** and pulls in additional package... (`apt show python3-virtualenv` shows "Depends: python-pip-whl (>= 8.1.1-2), python3, python3-distutils, python3-pkg-resources") diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index f34f0fac6..ae58c28c9 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -60,8 +60,9 @@ OS_VER=$OS-$VERSION_ID # 2020-10-21: Debian 11 (Bullseye) not yet supported but adding this line to # its /etc/os-release can help testing this unreleased OS: VERSION_ID="11" -# 2020-11-14: Ubuntu 21.04 (Hirsute Hippo) not yet supported but this -# unreleased OS can help testing. +# 2021-06-19: Ubuntu 21.10 (Impish Indri) not yet supported but this +# unreleased OS can help testing. For now this means MANUALLY changing +# php_version: 7.4 to 8.0 in /opt/iiab/iiab/vars/ubuntu-21.yml case $OS_VER in "debian-10" | \ @@ -69,7 +70,8 @@ case $OS_VER in "ubuntu-20" | \ "ubuntu-21" | \ "linuxmint-20" | \ - "raspbian-10") + "raspbian-10" | \ + "raspbian-11") ;; *) OS_VER="OS_not_supported" ;; diff --git a/vars/debian-10.yml b/vars/debian-10.yml index fcfa312c3..21b553d30 100644 --- a/vars/debian-10.yml +++ b/vars/debian-10.yml @@ -1,5 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: True +is_debian: True # Opposite of is_ubuntu for now is_debian_10: True # 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True diff --git a/vars/debian-11.yml b/vars/debian-11.yml index b0856f914..57160cecb 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -1,5 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: True +is_debian: True # Opposite of is_ubuntu for now is_debian_11: True # 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 6baeccf47..b92be6933 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -265,9 +265,10 @@ nginx_log_dir: /var/log/nginx # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 -# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' +# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True @@ -392,6 +393,7 @@ lokole_enabled: False # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' # Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 lokole_sim_type: LocalOnly +lokole_client_id: None mediawiki_install: False mediawiki_enabled: False @@ -401,13 +403,12 @@ mosquitto_install: False mosquitto_enabled: False mosquitto_port: 1883 -# 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Node.js is installed on demand -# as a dependency -- by Node-RED, Sugarizer &/or Internet Archive +# 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed +# on demand as a dependency by 4 roles -- internetarchive (Internet Archive), +# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: -# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer) -nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29 +nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False @@ -432,7 +433,8 @@ nextcloud_enabled: False # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. +# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi. +# If using PBX intensively, set nginx_high_php_limits further above. pbx_install: False pbx_enabled: False asterisk_chan_dongle: False @@ -456,7 +458,7 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py kolibri_http_port: 8009 # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console @@ -473,6 +475,7 @@ kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk postgresql_install: False postgresql_enabled: False +# Warning: Moodle is a serious LMS, that takes a while to install. moodle_install: False moodle_enabled: False # If using Moodle intensively, set nginx_high_php_limits further above. @@ -719,6 +722,7 @@ is_debian_9: False is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_11: False is_raspbian_10: False is_raspbian_9: False is_raspbian_8: False diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml index 93df64985..0afc95bb0 100644 --- a/vars/linuxmint-20.yml +++ b/vars/linuxmint-20.yml @@ -1,5 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_ubuntu: True +is_ubuntu: True # Opposite of is_debian for now is_ubuntu_20: True is_linuxmint: True is_linuxmint_20: True diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 2b6cafa0b..a97ecda83 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -168,9 +168,10 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 -# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' +# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # See also Apache vars {default_language, language_priority} @ top of this file # @@ -260,9 +261,6 @@ jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: True lokole_enabled: True -# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' -# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 -lokole_sim_type: LocalOnly mediawiki_install: True mediawiki_enabled: True @@ -292,7 +290,8 @@ nextcloud_enabled: True # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. +# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi. +# If using PBX intensively, set nginx_high_php_limits further above. pbx_install: False pbx_enabled: False asterisk_chan_dongle: False @@ -310,7 +309,7 @@ kalite_enabled: True kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True @@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url3: /livres # For SHORT URL http://box/livres (French) -calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web +calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web" diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 4fb27d50a..54bec6639 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -168,9 +168,10 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 -# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' +# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # See also Apache vars {default_language, language_priority} @ top of this file # @@ -260,9 +261,6 @@ jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False lokole_enabled: False -# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' -# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 -lokole_sim_type: LocalOnly mediawiki_install: False mediawiki_enabled: False @@ -292,7 +290,8 @@ nextcloud_enabled: True # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. +# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi. +# If using PBX intensively, set nginx_high_php_limits further above. pbx_install: False pbx_enabled: False asterisk_chan_dongle: False @@ -310,7 +309,7 @@ kalite_enabled: True kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True @@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url3: /livres # For SHORT URL http://box/livres (French) -calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web +calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web" diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 14fe8dc66..afee5a6b3 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -168,9 +168,10 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 -# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' +# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # See also Apache vars {default_language, language_priority} @ top of this file # @@ -260,9 +261,6 @@ jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False lokole_enabled: False -# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' -# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 -lokole_sim_type: LocalOnly mediawiki_install: False mediawiki_enabled: False @@ -292,7 +290,8 @@ nextcloud_enabled: False # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. +# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi. +# If using PBX intensively, set nginx_high_php_limits further above. pbx_install: False pbx_enabled: False asterisk_chan_dongle: False @@ -310,7 +309,7 @@ kalite_enabled: True kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True @@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url3: /livres # For SHORT URL http://box/livres (French) -calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web +calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web" diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml index 103bc6f4a..b2f3298d8 100644 --- a/vars/raspbian-10.yml +++ b/vars/raspbian-10.yml @@ -1,5 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: True +is_debian: True # Opposite of is_ubuntu for now is_debian_10: True is_raspbian: True is_raspbian_10: True diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml new file mode 100644 index 000000000..d1d1d8672 --- /dev/null +++ b/vars/raspbian-11.yml @@ -0,0 +1,40 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_debian: True # Opposite of is_ubuntu for now +is_debian_11: True +is_raspbian: True +is_raspbian_11: True + +# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True +# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) +dns_service: bind9 +dns_user: bind +dhcp_service: isc-dhcp-server + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_conf_dir: apache2/sites-available +apache_user: www-data +apache_log_dir: /var/log/apache2 +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +apache_log: /var/log/apache2/access.log +sshd_package: ssh +sshd_service: ssh +php_version: 7.4 +postgresql_version: 13 +systemd_location: /lib/systemd/system +python_ver: 3.9 + +# Minetest for RPi +minetest_server_bin: /library/games/minetest/bin/minetestserver +minetest_working_dir: /library/games/minetest +minetest_game_dir: /library/games/minetest/games/minetest_game +minetest_rpi_src_tar: minetest.5.1.1.tar.gz +#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_untarred: Minetest diff --git a/vars/shaper.yml b/vars/shaper.yml.unused similarity index 100% rename from vars/shaper.yml rename to vars/shaper.yml.unused diff --git a/vars/ubuntu-20.yml b/vars/ubuntu-20.yml index ca994c7d8..1dd5aa3ce 100644 --- a/vars/ubuntu-20.yml +++ b/vars/ubuntu-20.yml @@ -1,5 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_ubuntu: True +is_ubuntu: True # Opposite of is_debian for now is_ubuntu_20: True # 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True diff --git a/vars/ubuntu-21.yml b/vars/ubuntu-21.yml index 0f29d4a5f..5f8b4c8d4 100644 --- a/vars/ubuntu-21.yml +++ b/vars/ubuntu-21.yml @@ -1,5 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_ubuntu: True +is_ubuntu: True # Opposite of is_debian for now is_ubuntu_21: True # 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True