From d9e3f298ed0989aa2dd9335ab7d4c5543205984f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 08:41:02 -0400 Subject: [PATCH 001/207] awstats/tasks/install.yml: sorting out Apache vs. NGINX dependencies --- roles/awstats/tasks/install.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 23e98a4b1..4bac58f8b 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -5,19 +5,17 @@ # - 1 'when: nginx_install' # - 8 core stanzas w/o such 'when:' clauses -- name: 'Install 3 packages: awstats, openssl, pwauth' +- name: 'Install package: awstats' package: - name: - - awstats - - pwauth - - openssl + name: awstats state: present -- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external' +- name: 'Install 3 packages: pwauth, apache2-utils, openssl' package: name: - - libapache2-mod-authnz-external - - apache2-utils + - pwauth # Auto-installs apache2-bin and libapache2-mod-authnz-external + - apache2-utils # Possibly not nec, due to above? + - openssl # Does NGINX need this too? state: present when: apache_installed is defined From c9d1b83ecba165985d2df5b285c530118ec6a4c9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 09:04:40 -0400 Subject: [PATCH 002/207] roles/nginx/README.md: Update doc w/ latest --- roles/nginx/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 80a74f597..186ba6b9d 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,7 +10,7 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2021-05-15: +3. Current state of IIAB App/Service migrations as of 2021-05-21: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))* 1. These support "Native" NGINX but ***NOT*** Apache * Admin Console @@ -22,7 +22,7 @@ * usb_lib 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: - * awstats + * awstats ([PR #2793](https://github.com/iiab/iiab/pull/2793)) * calibre-web * gitea * kiwix @@ -36,13 +36,13 @@ 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache. * elgg - * moodle + * moodle (PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)) * nodered 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) * bluetooth * calibre (menu goes directly to port 8080) - * cups [(available on port 631) * shim not yet in place.] + * cups [(available on port 631) * shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)] * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*] * kalite (menu goes directly to ports 8006-8008) * minetest @@ -55,4 +55,4 @@ * transmission * vnstat -[*] The 4 above starred roles could use improvement, as of 2021-05-15. +[*] The 4 above starred roles could use improvement, as of 2021-05-21. From 5ca2179b971717f5d78eabfba18b9349104778e4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 10:38:27 -0400 Subject: [PATCH 003/207] AWStats: Further clarify Apache vs. NGINX package deps --- roles/awstats/tasks/install.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 4bac58f8b..2eda64135 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,21 +1,21 @@ # TO DO: # -# - Prepare for a possible future w/o Apache by verifying/refining below... -# - 5 'when: apache_installed is defined' -# - 1 'when: nginx_install' -# - 8 core stanzas w/o such 'when:' clauses +# Prepare for a possible future w/o Apache by verifying/refining below... +# - 5 'when: apache_installed is defined' (2021-05-21: COMMENT OUT THESE STANZAS SOON!?) +# - 1 'when: nginx_install' +# - 8 core stanzas w/o such 'when:' clauses - name: 'Install package: awstats' package: name: awstats state: present -- name: 'Install 3 packages: pwauth, apache2-utils, openssl' +- name: 'Install package: pwauth' package: name: - pwauth # Auto-installs apache2-bin and libapache2-mod-authnz-external - - apache2-utils # Possibly not nec, due to above? - - openssl # Does NGINX need this too? + #- apache2-utils # Unneeded? (In any case, already installed by Apache itself.) + #- openssl # Unneeded? (In any case, already installed by most every Linux distro.) state: present when: apache_installed is defined From 30d1c5ff851e1ea6597f565ae1829f2cbfb0fa2d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 10:57:40 -0400 Subject: [PATCH 004/207] awstats/tasks/install.yml: Highlight 5 legacy/Apache stanzas --- roles/awstats/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 2eda64135..681a1ab5a 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -10,7 +10,7 @@ name: awstats state: present -- name: 'Install package: pwauth' +- name: 'Install package: pwauth (when: apache_installed is defined)' package: name: - pwauth # Auto-installs apache2-bin and libapache2-mod-authnz-external @@ -19,11 +19,11 @@ state: present when: apache_installed is defined -- name: Run 'a2enmod cgi' to enable cgi execution via Apache +- name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)" command: a2enmod cgi when: apache_installed is defined -- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx +- name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)' file: state: directory recurse: yes @@ -47,13 +47,13 @@ - "{{ awstats_data_dir }}" # /library/awstats - /usr/lib/cgi-bin/awstats # create backward compatible path for awstats -- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template +- name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)' template: src: apache-awstats.conf dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu when: apache_installed is defined -- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable +- name: 'Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)' template: src: logrotate.d.apache2 dest: /etc/logrotate.d/apache2 From ea9465b31e9724b81b06eb9b9658af7f0fcaedb1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 11:01:30 -0400 Subject: [PATCH 005/207] awstats/tasks/install.yml: ' -> " to fix syntax error --- roles/awstats/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 681a1ab5a..d15649df1 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -53,7 +53,7 @@ dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu when: apache_installed is defined -- name: 'Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)' +- name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)" template: src: logrotate.d.apache2 dest: /etc/logrotate.d/apache2 From 94ebca9d5b4c6189b1d1e3c1de2853c418f92f42 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 11:13:33 -0400 Subject: [PATCH 006/207] Clarify that {{ apache_user }} (www-data) is used for NGINX too --- roles/awstats/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index d15649df1..33c4ac8c8 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -39,7 +39,7 @@ state: directory recurse: yes path: "{{ item }}" - owner: "{{ apache_user }}" + owner: "{{ apache_user }}" # USED FOR NGINX TOO: 'www-data' on debuntu group: "{{ apache_user }}" mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits #force: yes From 811779dbd53bd414bda08784397bb1f29b3382bb Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 11:21:19 -0400 Subject: [PATCH 007/207] Update roles/nginx/README.md --- roles/nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 186ba6b9d..fef36f502 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -22,7 +22,7 @@ * usb_lib 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: - * awstats ([PR #2793](https://github.com/iiab/iiab/pull/2793)) + * awstats * calibre-web * gitea * kiwix From 77b3041532ed5c143f0a6fe272e4d54b2c6421eb Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 12:44:09 -0400 Subject: [PATCH 008/207] 3-base-server/tasks/main.yml: Document painstaking removal of Apache, month-by-month --- roles/3-base-server/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 4a42df9e2..b95c0c40b 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -8,9 +8,9 @@ name: mysql #when: mysql_install -# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles: +# 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles: # -# cups, elgg, lokole, moodle, nodered, pbx, phpmyadmin +# cups, elgg, moodle, nodered, pbx, phpmyadmin # # These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files: # From 67ee52901310ae8cce4491e5f30fbffabb25ade0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 13:24:13 -0400 Subject: [PATCH 009/207] nginx/tasks/install.yml: Fix template explanation --- roles/nginx/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 1410d3277..0cc15da0e 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -27,7 +27,7 @@ path: /etc/nginx/sites-enabled/default state: absent -- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf' +- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types' template: src: "{{ item.src }}" dest: "{{ item.dest }}" From 2c79ba09a1024677d106eb82b94f46760fdc6c6d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 13:58:54 -0400 Subject: [PATCH 010/207] roles/nginx/README.md: Doc Cleaner --- roles/nginx/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index fef36f502..61177ba63 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -34,16 +34,16 @@ * sugarizer * wordpress - 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache. + 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache. * elgg - * moodle (PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)) + * moodle [*, PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)] * nodered 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) * bluetooth * calibre (menu goes directly to port 8080) - * cups [(available on port 631) * shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)] - * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*] + * cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)] + * internetarchive (menu goes directly to port 4244) [*, [PR #2120](https://github.com/iiab/iiab/pull/2120)] * kalite (menu goes directly to ports 8006-8008) * minetest * mosquitto @@ -55,4 +55,4 @@ * transmission * vnstat -[*] The 4 above starred roles could use improvement, as of 2021-05-21. +[*] The 5 above starred roles could use improvement, as of 2021-05-21. From a019a9337fe3aa840ef083b645a3b4f294abe0d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 16:40:19 -0400 Subject: [PATCH 011/207] nginx/tasks/install.yml: Modern Ansible approach (to install packages) 77b3041 --- roles/nginx/tasks/install.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 0cc15da0e..3af0e435b 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -5,16 +5,15 @@ ignore_errors: yes # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 -- name: Install required and helper packages for NGINX +- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php-fpm, uwsgi, uwsgi-plugin-python3' package: - name: "{{ item }}" + name: + - libnginx-mod-http-subs-filter + - nginx-extras + - php-fpm + - uwsgi + - uwsgi-plugin-python3 state: present - with_items: - - nginx-extras - - uwsgi - - uwsgi-plugin-python3 - - php-fpm - - libnginx-mod-http-subs-filter # 2020-10-16: Removed per #2560 #- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console From ce613a5035a8bf01ffc9613d4a4825a7bfe158df Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 21:02:23 -0400 Subject: [PATCH 012/207] mediawiki/tasks/install.yml: Comments for context --- roles/mediawiki/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 085567fbf..d3783b2dc 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -18,7 +18,7 @@ unarchive: src: "{{ downloads_dir }}/{{ mediawiki_src }}" dest: "{{ mediawiki_install_path }}" # /library - owner: "{{ apache_user }}" + owner: "{{ apache_user }}" # www-data on debuntu group: "{{ apache_user }}" mode: u+rw,g+r,o+r # '0755' forced executable bits on files keep_newer: yes @@ -31,7 +31,7 @@ - name: Start MySQL systemd service ({{ mysql_service }}) so we can create db systemd: - name: "{{ mysql_service }}" + name: "{{ mysql_service }}" # mariadb on debuntu state: started - name: Create MySQL database {{ mediawiki_db_name }} From 7d00196313945eee573a9cb3a4bf08e57cc9679d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 21 May 2021 21:08:46 -0400 Subject: [PATCH 013/207] mediawiki/tasks/install.yml: Clarify $wgArticlePath --- roles/mediawiki/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index d3783b2dc..7ad520fce 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -64,7 +64,7 @@ chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z creates: "{{ mediawiki_abs_path }}/LocalSettings.php" -- name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php +- name: Configure $wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php lineinfile: path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z line: '$wgArticlePath = "/wiki/$1";' From aaf7707c0fab8521960f9227b04e0f08c68d6ec1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 11:01:35 -0400 Subject: [PATCH 014/207] local_vars_min.yml: Don't softcode in local_vars.yml --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 14fe8dc66..55e5d2d09 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -409,4 +409,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url3: /livres # For SHORT URL http://box/livres (French) -calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web +calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web" From d9c8d4ebd4206abf90451a3f786c7bb94e455d44 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 11:01:38 -0400 Subject: [PATCH 015/207] local_vars_medium.yml: Don't softcode in local_vars.yml --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 4fb27d50a..a1aff75e4 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -409,4 +409,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url3: /livres # For SHORT URL http://box/livres (French) -calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web +calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web" From f9643e9417ad12abe2fb292358b576292aee8ab3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 11:01:44 -0400 Subject: [PATCH 016/207] local_vars_big.yml: Don't softcode in local_vars.yml --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 2b6cafa0b..cde0c319d 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -409,4 +409,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019) calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url3: /livres # For SHORT URL http://box/livres (French) -calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web +calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web" From 96f8f0ef5c19c6b47cf71a30e7b467eb267c851d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:09:54 -0400 Subject: [PATCH 017/207] Clarif nginx_high_php_limits in default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 6baeccf47..1b855515e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -266,7 +266,7 @@ nginx_log_dir: /var/log/nginx nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # Make this False to disable http://box/common/services/power_off.php button: From e346670c91a9539490f0ff7e363532ae56e438f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:10:00 -0400 Subject: [PATCH 018/207] Clarif nginx_high_php_limits in local_vars_min.yml --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 55e5d2d09..41f16fb2f 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -169,7 +169,7 @@ pi_swap_file_size: 1024 nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # See also Apache vars {default_language, language_priority} @ top of this file From 23cd9865d63323b7625d0eea21f4f6401f21d22c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:10:05 -0400 Subject: [PATCH 019/207] Clarif nginx_high_php_limits in local_vars_medium.yml --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index a1aff75e4..3568b0321 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -169,7 +169,7 @@ pi_swap_file_size: 1024 nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # See also Apache vars {default_language, language_priority} @ top of this file From f7235be8ff92ef2eb2371005de1ccc88f7fc16c2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:10:10 -0400 Subject: [PATCH 020/207] Clarif nginx_high_php_limits in local_vars_big.yml --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index cde0c319d..fb4de082d 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -169,7 +169,7 @@ pi_swap_file_size: 1024 nginx_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # See also Apache vars {default_language, language_priority} @ top of this file From 7369ef79f6cc94922a1cdd921d2a56d67722dc70 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:42:25 -0400 Subject: [PATCH 021/207] www_options/tasks/install.yml: Mandate nginx_high_php_limits if moodle_install --- roles/www_options/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 8bf294bd8..775c8c1b6 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -56,7 +56,7 @@ # FYI roles/nginx has already installed package php-fpm, in 3-base-server - - name: Raise 2+2 PHP default values in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/Moodle/PBX (allow photos/docs up to 100MB, 100s timeouts, but preserve PHP's 128MB RAM limit) + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, BUT preserve 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: "/etc/php/{{ php_version }}/fpm/php.ini" #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" @@ -69,7 +69,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: not nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled # 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause # (to reset/restore PHP's defaults) is not necessary at this time. @@ -77,8 +77,8 @@ # COMPARE apache_allow_sudo further below. # WARNING: This might cause excess use of RAM/disk or other resources! - # The 5 values below were chosen by @ericnitschke and @kananigit in ~2018. - - name: Enact nginx_high_php_limits in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Nextcloud/Moodle/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, 512MB RAM limit) + # The 5 first values below were chosen by @ericnitschke and @kananigit in ~2018. + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: "/etc/php/{{ php_version }}/fpm/php.ini" #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" @@ -91,7 +91,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: From b626334a743b13c1d8843183c3f1a410a5d5cc80 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:55:17 -0400 Subject: [PATCH 022/207] Update default_vars.yml --- vars/default_vars.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1b855515e..9905e162f 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -264,8 +264,9 @@ nginx_log_dir: /var/log/nginx # # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False +# FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini From 62182865b4bc7cd614794e7ad881f68ce179327b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:56:22 -0400 Subject: [PATCH 023/207] Update local_vars_min.yml --- vars/local_vars_min.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 41f16fb2f..905d74974 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -167,8 +167,9 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False +# FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini From 0b08bbd6f53559746b81d687d9fd9766a44182d2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:57:35 -0400 Subject: [PATCH 024/207] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 3568b0321..551698db5 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -167,8 +167,9 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False +# FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini From ed5db665445b3dbaa84b1d3f301c190586faa546 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 16:58:55 -0400 Subject: [PATCH 025/207] Update local_vars_big.yml --- vars/local_vars_big.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index fb4de082d..e9f5e9a31 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -167,8 +167,9 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False +# FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini From 31a94122e36a0dd7e54465d269c941fe36ab8dba Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 17:09:44 -0400 Subject: [PATCH 026/207] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9905e162f..fb47adcd0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -267,7 +267,7 @@ nginx_high_php_limits: False # FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L94 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # Make this False to disable http://box/common/services/power_off.php button: From a3a5df355e1ab8ff2873cef84175fc77427ee094 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 17:10:15 -0400 Subject: [PATCH 027/207] Update local_vars_min.yml --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 905d74974..2c2a499da 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -170,7 +170,7 @@ nginx_high_php_limits: False # FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L94 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # See also Apache vars {default_language, language_priority} @ top of this file From 8ec9c8c5498d3c15c340cb4e87c50291dfb0a3e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 17:10:41 -0400 Subject: [PATCH 028/207] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 551698db5..160be65e1 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -170,7 +170,7 @@ nginx_high_php_limits: False # FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L94 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # See also Apache vars {default_language, language_priority} @ top of this file From 94c7b63ee58fb9a4ad5220e928a23c4355b45ebe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 17:11:04 -0400 Subject: [PATCH 029/207] Update local_vars_big.yml --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index e9f5e9a31..8e304f80c 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -170,7 +170,7 @@ nginx_high_php_limits: False # FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L72 +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L94 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # See also Apache vars {default_language, language_priority} @ top of this file From adcfbbc47b0c4b8534c8426b9a6efc7ab3623f75 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 17:23:00 -0400 Subject: [PATCH 030/207] www_options/tasks/main.yml: Clarif 'nginx_high_php_limits: False' --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 775c8c1b6..301a2de4e 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -56,7 +56,7 @@ # FYI roles/nginx has already installed package php-fpm, in 3-base-server - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, BUT preserve 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: "/etc/php/{{ php_version }}/fpm/php.ini" #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" From 107cc172c0f407e1aa6772c1c30adda52ace3e83 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 22:47:48 -0400 Subject: [PATCH 031/207] www_options/tasks/main.yml: 2019-2021 Apache-to-NGINX transition continues, slowly but surely --- roles/www_options/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 301a2de4e..7b4909b08 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -50,7 +50,7 @@ lxde_present.stat.exists and chromium_present.stat.exists - debug: - msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled' + msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install' - block: # 3-STANZA BLOCK BEGINS @@ -69,7 +69,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause # (to reset/restore PHP's defaults) is not necessary at this time. @@ -91,14 +91,14 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: name: "php{{ php_version }}-fpm" state: restarted - when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled # 3-STANZA BLOCK ENDS + when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 3-STANZA BLOCK ENDS # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From d72900908e69e1abb73114caabec24e26ef579fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 22 May 2021 23:08:55 -0400 Subject: [PATCH 032/207] moodle/tasks/install.yml: Clarif that nginx_high_php_limits auto-kicks in (when: moodle_install) --- roles/moodle/tasks/install.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 94ee8077d..89600b196 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -1,3 +1,10 @@ +# 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by +# www_options/tasks/main.yml#L81-L94 (as required by Moodle 3.11 with PHP 8) IF +# 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml +# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini -- which Moodle +# should take advantage of soon, as it transitions from Apache to Moodle: #2785 + + - name: "Set 'apache_install: True' and 'apache_enabled: True'" set_fact: apache_install: True From 9428108e96f83374c937dc265685dc0e5f548542 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 May 2021 20:31:28 +0000 Subject: [PATCH 033/207] supervisor files --- roles/lokole/templates/lokole_celery_beat.conf | 10 ++++++++++ roles/lokole/templates/lokole_celery_worker.conf | 10 ++++++++++ roles/lokole/templates/lokole_gunicorn.conf | 10 ++++++++++ roles/lokole/templates/lokole_restarter.conf | 10 ++++++++++ 4 files changed, 40 insertions(+) create mode 100644 roles/lokole/templates/lokole_celery_beat.conf create mode 100644 roles/lokole/templates/lokole_celery_worker.conf create mode 100644 roles/lokole/templates/lokole_gunicorn.conf create mode 100644 roles/lokole/templates/lokole_restarter.conf diff --git a/roles/lokole/templates/lokole_celery_beat.conf b/roles/lokole/templates/lokole_celery_beat.conf new file mode 100644 index 000000000..471cd96fb --- /dev/null +++ b/roles/lokole/templates/lokole_celery_beat.conf @@ -0,0 +1,10 @@ +[program:lokole_celery_beat] +command="/home/ubuntu/lokole/venv/bin/celery" --app=opwen_email_client.webapp.tasks beat --pidfile="/home/ubuntu/lokole/state/lokole_celery_beat.pid" --loglevel=error +autostart=true +autorestart=true +startretries=3 +stopasgroup=true +stderr_logfile=/home/ubuntu/lokole/logs/lokole_celery_beat.stderr.log +stdout_logfile=/home/ubuntu/lokole/logs/lokole_celery_beat.stdout.log +user=ubuntu +environment=OPWEN_SETTINGS=/home/ubuntu/lokole/state/settings.env \ No newline at end of file diff --git a/roles/lokole/templates/lokole_celery_worker.conf b/roles/lokole/templates/lokole_celery_worker.conf new file mode 100644 index 000000000..3a88fec0c --- /dev/null +++ b/roles/lokole/templates/lokole_celery_worker.conf @@ -0,0 +1,10 @@ +[program:lokole_celery_worker] +command="/home/ubuntu/lokole/venv/bin/celery" --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2 +autostart=true +autorestart=true +startretries=3 +stopasgroup=true +stderr_logfile=/home/ubuntu/lokole/logs/lokole_celery_worker.stderr.log +stdout_logfile=/home/ubuntu/lokole/logs/lokole_celery_worker.stdout.log +user=ubuntu +environment=OPWEN_SETTINGS=/home/ubuntu/lokole/state/settings.env \ No newline at end of file diff --git a/roles/lokole/templates/lokole_gunicorn.conf b/roles/lokole/templates/lokole_gunicorn.conf new file mode 100644 index 000000000..a7f652c10 --- /dev/null +++ b/roles/lokole/templates/lokole_gunicorn.conf @@ -0,0 +1,10 @@ +[program:lokole_gunicorn] +command="/home/ubuntu/lokole/venv/bin/gunicorn" --bind="unix:/home/ubuntu/lokole/state/lokole_gunicorn.sock" --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app +autostart=true +autorestart=true +startretries=3 +stopasgroup=true +stderr_logfile=/home/ubuntu/lokole/logs/lokole_gunicorn.stderr.log +stdout_logfile=/home/ubuntu/lokole/logs/lokole_gunicorn.stdout.log +user=ubuntu +environment=OPWEN_SETTINGS=/home/ubuntu/lokole/state/settings.env \ No newline at end of file diff --git a/roles/lokole/templates/lokole_restarter.conf b/roles/lokole/templates/lokole_restarter.conf new file mode 100644 index 000000000..1cea4f04d --- /dev/null +++ b/roles/lokole/templates/lokole_restarter.conf @@ -0,0 +1,10 @@ +[program:lokole_restarter] +command="/home/ubuntu/lokole/venv/bin/manage.py" restarter --directory="/home/ubuntu/lokole/state/lokole_restarter" +autostart=true +autorestart=true +startretries=3 +stopasgroup=true +stderr_logfile=/home/ubuntu/lokole/logs/lokole_restarter.stderr.log +stdout_logfile=/home/ubuntu/lokole/logs/lokole_restarter.stdout.log +user=root +environment= \ No newline at end of file From a3bcda07e7c825023d38c28935bbc705b3a2ce0e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 May 2021 10:48:53 -0500 Subject: [PATCH 034/207] ansible - install dependencies before pip pip will install the same packages but in /local/lib if the dependency is not already in the system path, fill the system path with all the dependencies before doing the local pip install. Helps avoid overlapping of apt vs pip managed files. --- scripts/ansible | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 98b882729..f93a6ff7b 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -152,12 +152,11 @@ grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | gre echo -e "\napt update; apt install ansible-core and python3 dependencies explained at:" echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" $APT_PATH/apt update -$APT_PATH/apt -y install python3-pip -pip3 install ansible-core #$APT_PATH/apt -y --allow-downgrades install ansible-core \ $APT_PATH/apt -y --allow-downgrades install \ python3-pymysql python3-psycopg2 python3-passlib python3-pip \ python3-setuptools python3-packaging python3-venv virtualenv +pip3 install ansible-core # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From 2ebe521d094525bb87316d25e091324962db1107 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 May 2021 21:03:32 +0000 Subject: [PATCH 035/207] supervisor files - templated supervisor files - defaults supervisor into play --- roles/lokole/defaults/main.yml | 8 ++-- roles/lokole/tasks/install.yml | 47 +++++++------------ roles/lokole/tasks/main.yml | 20 ++------ .../lokole/templates/lokole_celery_beat.conf | 10 ++-- .../templates/lokole_celery_worker.conf | 10 ++-- roles/lokole/templates/lokole_gunicorn.conf | 10 ++-- roles/lokole/templates/lokole_restarter.conf | 8 ++-- 7 files changed, 47 insertions(+), 66 deletions(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 153fef682..0045b8aad 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -20,14 +20,16 @@ lokole_admin_password: changeme lokole_install_path: "{{ content_base }}/lokole" # /library/lokole lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv +lokole_confd: /etc/supervisor/conf.d # Info needed to run Lokole: lokole_user: lokole lokole_url: /lokole lokole_uid: "2000" -lokole_run_directory: /home/{{ lokole_user }}/state -lokole_log_directory: /home/{{ lokole_user }}/log -lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock" +lokole_home_dir: /home/{{ lokole_user }} +lokole_run_dir: "{{ lokole_home_dir }}/state" +lokole_log_dir: "{{ lokole_home_dir }}/logs" +lokole_domain_socket: "{{ lokole_run_dir }}/lokole_gunicorn.sock" lokole_sim_type: LocalOnly lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" # http://box.lan/lokole diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index b5aec38ff..bdd9b0c75 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -25,6 +25,7 @@ - libjpeg-dev - libssl-dev - libopenjp2-7 # 2020-02-01: To solve bug #2221 + - supervisor state: present # For development purposes -- To install Lokole from a given commit, add the @@ -75,47 +76,47 @@ ansible.builtin.user: state: present name: "{{ lokole_user }}" + group: "{{ lokole_user }}" system: yes uid: "{{ lokole_uid }}" - home: /home/{{ lokole_user }} + home: "{{ lokole_home_dir }}" -- name: mkdir {{ lokole_run_directory }} +- name: mkdir {{ lokole_run_dir }} file: state: directory - path: "{{ lokole_run_directory }}" + path: "{{ lokole_run_dir }}/lokole_restarter" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" mode: g+rw -- name: mkdir /{{ lokole_user }}/log +- name: mkdir {{ lokole_log_dir }} file: state: directory - path: "{{ lokole_log_directory }}" + path: "{{ lokole_log_dir }}" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" mode: g+rw -- name: Install {{ lokole_run_directory }}/settings.env +- name: Install {{ lokole_run_dir }}/settings.env template: src: settings.env.j2 - dest: "{{ lokole_run_directory }}/settings.env" + dest: "{{ lokole_run_dir }}/settings.env" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" mode: a+rw -- name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole +- name: Install {{ lokole_confd }} templates to configure Lokole template: - src: webapp_secrets.sh.j2 - dest: "{{ lokole_run_directory }}/webapp_secrets.sh" - mode: a+x - -- name: Install {{ lokole_run_directory }}/webapp.sh from template, to configure Gunicorn - template: - src: webapp.sh.j2 - dest: "{{ lokole_run_directory }}/webapp.sh" + src: "{{ item.src }}" + dest: "{{ lokole_confd }}" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" - mode: a+x + mode: 0644 + with_items: + - { src: 'lokole_gunicorn.conf' } + - { src: 'lokole_celery_beat.conf' } + - { src: 'lokole_celery_worker.conf' } + - { src: 'lokole_restarter.conf' } - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | @@ -129,18 +130,6 @@ mode: 0644 when: apache_install -- name: Install unit files {lokole.service, celery.service, celerybeat.service, lokole_restarter.service} into /etc/systemd/system, from template - template: - src: "{{ item.src }}" - dest: "{{ item.dest}}" - mode: 0644 - with_items: - - { src: 'lokole.service.j2', dest: '/etc/systemd/system/lokole.service' } - - { src: 'celery.service.j2', dest: '/etc/systemd/system/celery.service' } - - { src: 'celerybeat.service.j2', dest: '/etc/systemd/system/celerybeat.service' } - - { src: 'lokole_restarter.service.j2', dest: '/etc/systemd/system/lokole_restarter.service' } - - # RECORD Lokole AS INSTALLED - name: "Set 'lokole_installed: True'" diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index 9f186a60e..d1955d82c 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -24,34 +24,24 @@ when: lokole_installed is undefined -- name: Do a 'systemctl daemon-reload' if lokole_enabled +- name: Do a 'systemctl daemon-reload' systemd: daemon_reload: yes when: lokole_enabled -- name: Enable & Restart {lokole, celery, celerybeat, lokole_restarter} systemd services, if lokole_enabled +- name: Enable & Restart supervisor systemd service, if lokole_enabled systemd: - name: "{{ item }}" + name: supervisor enabled: yes state: restarted when: lokole_enabled - with_items: - - lokole - - celery - - celerybeat - - lokole_restarter -- name: Disable & Stop all 4 (above) systemd services, if not lokole_enabled +- name: Disable & Stop supervisor systemd service, if not lokole_enabled systemd: - name: "{{ item }}" + name: supervisor enabled: no state: stopped when: not lokole_enabled - with_items: # @jvonau prefers reverse starting order, if stopping these 4 - - lokole_restarter - - celerybeat - - celery - - lokole #- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - name: Enable/Disable/Restart Apache if primary diff --git a/roles/lokole/templates/lokole_celery_beat.conf b/roles/lokole/templates/lokole_celery_beat.conf index 471cd96fb..517055c32 100644 --- a/roles/lokole/templates/lokole_celery_beat.conf +++ b/roles/lokole/templates/lokole_celery_beat.conf @@ -1,10 +1,10 @@ [program:lokole_celery_beat] -command="/home/ubuntu/lokole/venv/bin/celery" --app=opwen_email_client.webapp.tasks beat --pidfile="/home/ubuntu/lokole/state/lokole_celery_beat.pid" --loglevel=error +command="{{ lokole_venv }}/bin/celery" --app=opwen_email_client.webapp.tasks beat --pidfile="{{ lokole_run_dir }}/lokole_celery_beat.pid" --loglevel=error autostart=true autorestart=true startretries=3 stopasgroup=true -stderr_logfile=/home/ubuntu/lokole/logs/lokole_celery_beat.stderr.log -stdout_logfile=/home/ubuntu/lokole/logs/lokole_celery_beat.stdout.log -user=ubuntu -environment=OPWEN_SETTINGS=/home/ubuntu/lokole/state/settings.env \ No newline at end of file +stderr_logfile={{ lokole_log_dir }}/lokole_celery_beat.stderr.log +stdout_logfile={{ lokole_log_dir }}/lokole_celery_beat.stdout.log +user={{ lokole_user }} +environment=OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env diff --git a/roles/lokole/templates/lokole_celery_worker.conf b/roles/lokole/templates/lokole_celery_worker.conf index 3a88fec0c..85eb61ee0 100644 --- a/roles/lokole/templates/lokole_celery_worker.conf +++ b/roles/lokole/templates/lokole_celery_worker.conf @@ -1,10 +1,10 @@ [program:lokole_celery_worker] -command="/home/ubuntu/lokole/venv/bin/celery" --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2 +command="{{ lokole_venv }}/bin/celery" --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2 autostart=true autorestart=true startretries=3 stopasgroup=true -stderr_logfile=/home/ubuntu/lokole/logs/lokole_celery_worker.stderr.log -stdout_logfile=/home/ubuntu/lokole/logs/lokole_celery_worker.stdout.log -user=ubuntu -environment=OPWEN_SETTINGS=/home/ubuntu/lokole/state/settings.env \ No newline at end of file +stderr_logfile={{ lokole_log_dir }}/lokole_celery_worker.stderr.log +stdout_logfile={{ lokole_log_dir }}/lokole_celery_worker.stdout.log +user="{{ lokole_user }}" +environment=OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env diff --git a/roles/lokole/templates/lokole_gunicorn.conf b/roles/lokole/templates/lokole_gunicorn.conf index a7f652c10..9d927ae30 100644 --- a/roles/lokole/templates/lokole_gunicorn.conf +++ b/roles/lokole/templates/lokole_gunicorn.conf @@ -1,10 +1,10 @@ [program:lokole_gunicorn] -command="/home/ubuntu/lokole/venv/bin/gunicorn" --bind="unix:/home/ubuntu/lokole/state/lokole_gunicorn.sock" --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app +command="{{ lokole_venv }}/bin/gunicorn" --bind="unix:{{ lokole_run_dir }}/lokole_gunicorn.sock" --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app autostart=true autorestart=true startretries=3 stopasgroup=true -stderr_logfile=/home/ubuntu/lokole/logs/lokole_gunicorn.stderr.log -stdout_logfile=/home/ubuntu/lokole/logs/lokole_gunicorn.stdout.log -user=ubuntu -environment=OPWEN_SETTINGS=/home/ubuntu/lokole/state/settings.env \ No newline at end of file +stderr_logfile={{ lokole_log_dir }}/lokole_gunicorn.stderr.log +stdout_logfile={{ lokole_log_dir }}/lokole_gunicorn.stdout.log +user={{ lokole_user }} +environment=OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env diff --git a/roles/lokole/templates/lokole_restarter.conf b/roles/lokole/templates/lokole_restarter.conf index 1cea4f04d..a17133113 100644 --- a/roles/lokole/templates/lokole_restarter.conf +++ b/roles/lokole/templates/lokole_restarter.conf @@ -1,10 +1,10 @@ [program:lokole_restarter] -command="/home/ubuntu/lokole/venv/bin/manage.py" restarter --directory="/home/ubuntu/lokole/state/lokole_restarter" +command="{{ lokole_venv }}/bin/manage.py" restarter --directory="{{ lokole_run_dir }}/lokole_restarter" autostart=true autorestart=true startretries=3 stopasgroup=true -stderr_logfile=/home/ubuntu/lokole/logs/lokole_restarter.stderr.log -stdout_logfile=/home/ubuntu/lokole/logs/lokole_restarter.stdout.log +stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log +stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log user=root -environment= \ No newline at end of file +environment= From 0830129d60942d4743335c21191d0c2b5f79441e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 May 2021 22:18:34 +0000 Subject: [PATCH 036/207] modem support --- roles/lokole/tasks/install.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index bdd9b0c75..8b651e021 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -26,6 +26,12 @@ - libssl-dev - libopenjp2-7 # 2020-02-01: To solve bug #2221 - supervisor + - usb-modeswitch + - usb-modeswitch-data + - mobile-broadband-provider-info + - ppp + - wvdial + state: present # For development purposes -- To install Lokole from a given commit, add the @@ -76,7 +82,8 @@ ansible.builtin.user: state: present name: "{{ lokole_user }}" - group: "{{ lokole_user }}" + #group: "{{ lokole_user }}" + groups: dialout, dip system: yes uid: "{{ lokole_uid }}" home: "{{ lokole_home_dir }}" From ea7b661a49ec4d2a1cc9a2ff642d1675957417c2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 May 2021 05:56:39 +0000 Subject: [PATCH 037/207] unused --- .../lokole/templates/{celery.service.j2 => celery.service.unused} | 0 .../{celerybeat.service.j2 => celerybeat.service.unused} | 0 .../lokole/templates/{lokole.service.j2 => lokole.service.unused} | 0 ...okole_restarter.service.j2 => lokole_restarter.service.unused} | 0 roles/lokole/templates/{webapp.sh.j2 => webapp.sh.unused} | 0 .../templates/{webapp_secrets.sh.j2 => webapp_secrets.sh.unused} | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename roles/lokole/templates/{celery.service.j2 => celery.service.unused} (100%) rename roles/lokole/templates/{celerybeat.service.j2 => celerybeat.service.unused} (100%) rename roles/lokole/templates/{lokole.service.j2 => lokole.service.unused} (100%) rename roles/lokole/templates/{lokole_restarter.service.j2 => lokole_restarter.service.unused} (100%) rename roles/lokole/templates/{webapp.sh.j2 => webapp.sh.unused} (100%) rename roles/lokole/templates/{webapp_secrets.sh.j2 => webapp_secrets.sh.unused} (100%) diff --git a/roles/lokole/templates/celery.service.j2 b/roles/lokole/templates/celery.service.unused similarity index 100% rename from roles/lokole/templates/celery.service.j2 rename to roles/lokole/templates/celery.service.unused diff --git a/roles/lokole/templates/celerybeat.service.j2 b/roles/lokole/templates/celerybeat.service.unused similarity index 100% rename from roles/lokole/templates/celerybeat.service.j2 rename to roles/lokole/templates/celerybeat.service.unused diff --git a/roles/lokole/templates/lokole.service.j2 b/roles/lokole/templates/lokole.service.unused similarity index 100% rename from roles/lokole/templates/lokole.service.j2 rename to roles/lokole/templates/lokole.service.unused diff --git a/roles/lokole/templates/lokole_restarter.service.j2 b/roles/lokole/templates/lokole_restarter.service.unused similarity index 100% rename from roles/lokole/templates/lokole_restarter.service.j2 rename to roles/lokole/templates/lokole_restarter.service.unused diff --git a/roles/lokole/templates/webapp.sh.j2 b/roles/lokole/templates/webapp.sh.unused similarity index 100% rename from roles/lokole/templates/webapp.sh.j2 rename to roles/lokole/templates/webapp.sh.unused diff --git a/roles/lokole/templates/webapp_secrets.sh.j2 b/roles/lokole/templates/webapp_secrets.sh.unused similarity index 100% rename from roles/lokole/templates/webapp_secrets.sh.j2 rename to roles/lokole/templates/webapp_secrets.sh.unused From 3f5cc704340da1f1546d23eaeca90e92eb138a6d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 23 May 2021 22:17:44 +0000 Subject: [PATCH 038/207] SESSION -> SECRET RESTART_PATH templates --- roles/lokole/defaults/main.yml | 1 + roles/lokole/tasks/install.yml | 6 +++--- roles/lokole/tasks/main.yml | 4 ++-- roles/lokole/templates/lokole_celery_beat.conf | 4 ++-- roles/lokole/templates/lokole_celery_worker.conf | 6 +++--- roles/lokole/templates/lokole_gunicorn.conf | 4 ++-- roles/lokole/templates/lokole_restarter.conf | 6 +++--- roles/lokole/templates/settings.env.j2 | 15 ++++++++------- 8 files changed, 24 insertions(+), 22 deletions(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 0045b8aad..b8f4d030f 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -29,6 +29,7 @@ lokole_uid: "2000" lokole_home_dir: /home/{{ lokole_user }} lokole_run_dir: "{{ lokole_home_dir }}/state" lokole_log_dir: "{{ lokole_home_dir }}/logs" +lokole_settings: "{{ lokole_run_dir }}/settings.env" lokole_domain_socket: "{{ lokole_run_dir }}/lokole_gunicorn.sock" lokole_sim_type: LocalOnly diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 8b651e021..e7072c62d 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -104,13 +104,13 @@ owner: "{{ lokole_user }}" mode: g+rw -- name: Install {{ lokole_run_dir }}/settings.env +- name: Install {{ lokole_settings }} template: src: settings.env.j2 - dest: "{{ lokole_run_dir }}/settings.env" + dest: "{{ lokole_settings }}" group: "{{ lokole_user }}" owner: "{{ lokole_user }}" - mode: a+rw + mode: g+rw - name: Install {{ lokole_confd }} templates to configure Lokole template: diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index d1955d82c..396fb77bf 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -69,8 +69,8 @@ value: "{{ lokole_install }}" - option: lokole_enabled value: "{{ lokole_enabled }}" - - option: lokole_run_directory - value: "{{ lokole_run_directory }}" + - option: lokole_settings + value: "{{ lokole_settings }}" - option: lokole_url value: "{{ lokole_url }}" - option: lokole_full_url diff --git a/roles/lokole/templates/lokole_celery_beat.conf b/roles/lokole/templates/lokole_celery_beat.conf index 517055c32..b751b3453 100644 --- a/roles/lokole/templates/lokole_celery_beat.conf +++ b/roles/lokole/templates/lokole_celery_beat.conf @@ -1,5 +1,5 @@ [program:lokole_celery_beat] -command="{{ lokole_venv }}/bin/celery" --app=opwen_email_client.webapp.tasks beat --pidfile="{{ lokole_run_dir }}/lokole_celery_beat.pid" --loglevel=error +command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks beat --pidfile={{ lokole_run_dir }}/lokole_celery_beat.pid --loglevel=error autostart=true autorestart=true startretries=3 @@ -7,4 +7,4 @@ stopasgroup=true stderr_logfile={{ lokole_log_dir }}/lokole_celery_beat.stderr.log stdout_logfile={{ lokole_log_dir }}/lokole_celery_beat.stdout.log user={{ lokole_user }} -environment=OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env +environment=OPWEN_SETTINGS={{ lokole_settings }} diff --git a/roles/lokole/templates/lokole_celery_worker.conf b/roles/lokole/templates/lokole_celery_worker.conf index 85eb61ee0..5f25258fd 100644 --- a/roles/lokole/templates/lokole_celery_worker.conf +++ b/roles/lokole/templates/lokole_celery_worker.conf @@ -1,10 +1,10 @@ [program:lokole_celery_worker] -command="{{ lokole_venv }}/bin/celery" --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2 +command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2 autostart=true autorestart=true startretries=3 stopasgroup=true stderr_logfile={{ lokole_log_dir }}/lokole_celery_worker.stderr.log stdout_logfile={{ lokole_log_dir }}/lokole_celery_worker.stdout.log -user="{{ lokole_user }}" -environment=OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env +user={{ lokole_user }} +environment=OPWEN_SETTINGS={{ lokole_settings }} diff --git a/roles/lokole/templates/lokole_gunicorn.conf b/roles/lokole/templates/lokole_gunicorn.conf index 9d927ae30..a2a940ed4 100644 --- a/roles/lokole/templates/lokole_gunicorn.conf +++ b/roles/lokole/templates/lokole_gunicorn.conf @@ -1,5 +1,5 @@ [program:lokole_gunicorn] -command="{{ lokole_venv }}/bin/gunicorn" --bind="unix:{{ lokole_run_dir }}/lokole_gunicorn.sock" --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app +command={{ lokole_venv }}/bin/gunicorn --bind=unix:{{ lokole_run_dir }}/lokole_gunicorn.sock --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app autostart=true autorestart=true startretries=3 @@ -7,4 +7,4 @@ stopasgroup=true stderr_logfile={{ lokole_log_dir }}/lokole_gunicorn.stderr.log stdout_logfile={{ lokole_log_dir }}/lokole_gunicorn.stdout.log user={{ lokole_user }} -environment=OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env +environment=OPWEN_SETTINGS={{ lokole_settings }} diff --git a/roles/lokole/templates/lokole_restarter.conf b/roles/lokole/templates/lokole_restarter.conf index a17133113..9ecc43202 100644 --- a/roles/lokole/templates/lokole_restarter.conf +++ b/roles/lokole/templates/lokole_restarter.conf @@ -1,10 +1,10 @@ [program:lokole_restarter] -command="{{ lokole_venv }}/bin/manage.py" restarter --directory="{{ lokole_run_dir }}/lokole_restarter" +command={{ lokole_venv }}/bin/manage.py restarter --directory={{ lokole_run_dir }}/lokole_restarter autostart=true autorestart=true startretries=3 stopasgroup=true stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log -user=root -environment= +user={{ lokole_user }} +environment=OPWEN_SETTINGS={{ lokole_settings }} diff --git a/roles/lokole/templates/settings.env.j2 b/roles/lokole/templates/settings.env.j2 index e1d15bdfc..c4b0ccdf7 100644 --- a/roles/lokole/templates/settings.env.j2 +++ b/roles/lokole/templates/settings.env.j2 @@ -1,8 +1,9 @@ -OPWEN_SETTINGS='{{ lokole_run_directory }}/settings.env' -OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}' -OPWEN_APP_ROOT='{{ lokole_url }}/' +OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env +OPWEN_STATE_DIRECTORY={{ lokole_run_dir }} +OPWEN_APP_ROOT={{ lokole_url }}/ OPWEN_MAX_UPLOAD_SIZE_MB=10 -OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *' -OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}' -OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}' -OPWEN_SIM_TYPE='{{ lokole_sim_type }}' +OPWEN_SYNC_SCHEDULE="1,16,31,46 * * * *" +OPWEN_RESTART_PATH={{ lokole_run_dir }}/lokole_restarter/lokole_gunicorn=HUP,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_worker=,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_beat= +OPWEN_SECRET_KEY={{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }} +OPWEN_PASSWORD_SALT={{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }} +OPWEN_SIM_TYPE={{ lokole_sim_type }} From 8eaf37e328be25e20926b3eefa8ba8f5cfe0e865 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 May 2021 01:03:45 +0000 Subject: [PATCH 039/207] move admin user creation --- roles/lokole/tasks/install.yml | 8 +++----- roles/lokole/tasks/main.yml | 1 - roles/lokole/tasks/setup.yml | 16 ++++++++++++++++ 3 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 roles/lokole/tasks/setup.yml diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index e7072c62d..f2db674d4 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -126,9 +126,7 @@ - { src: 'lokole_restarter.conf' } - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole - shell: | - . {{ lokole_run_directory }}/webapp_secrets.sh - {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' + include_tasks: setup.yml - name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole template: @@ -137,12 +135,12 @@ mode: 0644 when: apache_install -# RECORD Lokole AS INSTALLED - - name: "Set 'lokole_installed: True'" set_fact: lokole_installed: True +# RECORD Lokole AS INSTALLED + - name: "Add 'lokole_installed: True' to {{ iiab_state_file }}" lineinfile: path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index 396fb77bf..cc9fc170d 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -43,7 +43,6 @@ state: stopped when: not lokole_enabled -#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - name: Enable/Disable/Restart Apache if primary include_tasks: apache.yml when: not nginx_enabled diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml new file mode 100644 index 000000000..35e505eb7 --- /dev/null +++ b/roles/lokole/tasks/setup.yml @@ -0,0 +1,16 @@ +- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole + shell: | + while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env + {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' + when: lokole_installed is undefined + +- name: Change owner of dbfiles + file: + path: "{{ item.path }}" + state: file + owner: "{{ lokole_user }}" + group: "{{ lokole_user }}" + mode: u=rw,g=rw + loop: + - { path: "{{ lokole_run_dir }}/users.sqlite3" } +# - { path: "{{ lokole_run_dir }}/celery.sqlite3" } From 7c90315d4a9f4c4bc014c25da03fbf6fb464c2a3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 24 May 2021 15:01:20 +0000 Subject: [PATCH 040/207] supervisorctl --- roles/lokole/tasks/install.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index f2db674d4..1eea60e98 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -112,6 +112,13 @@ owner: "{{ lokole_user }}" mode: g+rw +- name: Fixup supervisorctl + file: + path: /usr/bin/supervisorctl + owner: root + group: "{{ lokole_user }}" + mode: u=rw+s,g=rx,o=rx + - name: Install {{ lokole_confd }} templates to configure Lokole template: src: "{{ item.src }}" From 2097abc4a8a8543ba7056c71f95d81d88d38d085 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 May 2021 21:04:21 -0400 Subject: [PATCH 041/207] Released: ansible-core 2.11.1, ansible-base 2.10.10, ansible 2.9.22 --- scripts/ansible | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 98b882729..cdf432678 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -9,7 +9,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.11.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.11.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive # delays in publishing the PPA (.deb installer files) for ansible-core, this @@ -59,13 +59,13 @@ fi #apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv #ansible-galaxy collection install -r collections.yml -# TEMPORARILY USE ansible-base 2.10.9 (REMOVE W/ "pip3 uninstall ansible-base") +# TEMPORARILY USE ansible-base 2.10.10 (REMOVE W/ "pip3 uninstall ansible-base") #apt install python3-pip -#pip3 install ansible-base==2.10.9 # Start new shell, so /usr/local/bin works +#pip3 install ansible-base==2.10.10 # Start new shell, so /usr/local/bin works -# TEMPORARILY USE ANSIBLE 2.9.21 (REMOVE IT WITH "pip uninstall ansible") +# TEMPORARILY USE ANSIBLE 2.9.22 (REMOVE IT WITH "pip uninstall ansible") #apt install python3-pip -#pip3 install ansible==2.9.21 +#pip3 install ansible==2.9.22 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" From dfd222ef93ff201f730c25df038cfd9d693bbd20 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 May 2021 21:07:02 -0400 Subject: [PATCH 042/207] scripts/ansible: pip -> pip3 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index cdf432678..6fefcdf65 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -63,7 +63,7 @@ fi #apt install python3-pip #pip3 install ansible-base==2.10.10 # Start new shell, so /usr/local/bin works -# TEMPORARILY USE ANSIBLE 2.9.22 (REMOVE IT WITH "pip uninstall ansible") +# TEMPORARILY USE ANSIBLE 2.9.22 (REMOVE IT WITH "pip3 uninstall ansible") #apt install python3-pip #pip3 install ansible==2.9.22 From 1a58109f206bf11698c23d344f37288f4f9d8360 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 May 2021 23:01:02 -0400 Subject: [PATCH 043/207] scripts/ansible: Cleaner commentary re apt then pip --- scripts/ansible | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 0f4cbc0d4..78808009c 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -54,9 +54,8 @@ fi # TEMPORARILY USE pip3 to install the latest ansible-core as listed at # https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core") -#apt install python3-pip -#pip3 install ansible-core # Then start a new shell, so /usr/local/bin works #apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv +#pip3 install ansible-core # Then start a new shell, so /usr/local/bin works #ansible-galaxy collection install -r collections.yml # TEMPORARILY USE ansible-base 2.10.10 (REMOVE W/ "pip3 uninstall ansible-base") From 48c0430ba235e8bdd1215372c243a0d041929299 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 May 2021 23:16:26 -0400 Subject: [PATCH 044/207] scripts/ansible: Clarify new flow --- scripts/ansible | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 78808009c..27c94f6ab 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -148,8 +148,9 @@ echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) -echo -e "\napt update; apt install ansible-core and python3 dependencies explained at:" -echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" +echo -e "\napt update; apt install of python3-* / virtualenv packages explained at:" +echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md" +echo -e "Then: pip3 install ansible-core\n" $APT_PATH/apt update #$APT_PATH/apt -y --allow-downgrades install ansible-core \ $APT_PATH/apt -y --allow-downgrades install \ From 4f135cd3fff8873bb05bf76f30872e3ae1f086b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 May 2021 23:40:42 -0400 Subject: [PATCH 045/207] scripts/ansible: Update commentary --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 27c94f6ab..6ba6022d3 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -18,7 +18,7 @@ GOOD_VER=2.11.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # pip3 install ansible-core # # What the future holds for 2022+ is not yet clear. So the apt approach (with -# PPA source in /etc/apt/sources.list.d and .gpg key etc) and much associated +# PPA source in /etc/apt/sources.list.d/ and .gpg key etc) and much associated # guidance/comments below are NOT being commented out or deleted at this time. # We install the latest 'ansible-core' from PPA, using an OS 'CODENAME' below: @@ -47,7 +47,7 @@ fi # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_10.rst # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_11.rst -# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689, #2742 or #2743 ?) +# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743) # IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below # ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible: From 2a6b9dde4aec3c017c2c5475810ac2fbe924a41e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 24 May 2021 23:50:17 -0400 Subject: [PATCH 046/207] Update ansible.md --- scripts/ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible.md b/scripts/ansible.md index f43b6364f..7beafcf03 100644 --- a/scripts/ansible.md +++ b/scripts/ansible.md @@ -7,7 +7,7 @@ Starting in November 2019, IIAB's Ansible installer ([/opt/iiab/iiab/scripts/ans 1. Ansible module: [pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html) IIAB installs apt packages: - - **python3-pip** (for IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console)) + - **python3-pip** (for `pip3 install ansible-core` & IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console)) - **python3-setuptools** - **virtualenv** (is Python 3 only, for [roles/kalite](https://github.com/iiab/iiab/tree/master/roles/kalite) & [roles/calibre-web](https://github.com/iiab/iiab/tree/master/roles/calibre-web) ?) and pulls in additional packages... (`apt show virtualenv` shows "Depends: python3, python3-virtualenv") - **python3-virtualenv** and pulls in additional package... (`apt show python3-virtualenv` shows "Depends: python-pip-whl (>= 8.1.1-2), python3, python3-distutils, python3-pkg-resources") From d360e25a9cc16679c2301bc41ecab0aa5f4f95fd Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 May 2021 12:39:58 -0400 Subject: [PATCH 047/207] scripts/ansible: Clarify output --- scripts/ansible | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 6ba6022d3..a0a585faa 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -76,7 +76,7 @@ export DEBIAN_FRONTEND=noninteractive # Why 'noninteractive' appears needed: # https://github.com/iiab/iiab/issues/564#issuecomment-347264985 -echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE)\n" +echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE ETC)\n" #echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n' echo -e "RECOMMENDED PREREQUISITES:" @@ -96,7 +96,8 @@ if [ $(command -v ansible) ]; then # "command -v" is POSIX compliant; also ca # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: #CURR_VER=$(ansible --version | head -1 | awk '{print $2}') #CURR_VER=$(ansible --version | head -1 | sed -e 's/.* //') - echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER -- LET'S TRY TO UPGRADE IT!" + echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER" + #echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER -- LET'S TRY TO UPGRADE IT!" else echo -e "ANSIBLE NOT FOUND ON THIS COMPUTER -- LET'S TRY TO INSTALL IT!" fi @@ -149,13 +150,14 @@ echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) echo -e "\napt update; apt install of python3-* / virtualenv packages explained at:" -echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md" -echo -e "Then: pip3 install ansible-core\n" +echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" $APT_PATH/apt update #$APT_PATH/apt -y --allow-downgrades install ansible-core \ $APT_PATH/apt -y --allow-downgrades install \ python3-pymysql python3-psycopg2 python3-passlib python3-pip \ python3-setuptools python3-packaging python3-venv virtualenv + +echo -e "\n'pip3 install ansible-core' will now run:\n" pip3 install ansible-core # (Re)running collection installs appears safe, with --force-with-deps to force @@ -177,7 +179,8 @@ ansible-galaxy collection install --force-with-deps \ #mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible #echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts -echo -e "SUCCESS INSTALLING ANSIBLE! PLEASE VERIFY WITH COMMANDS LIKE:" +echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " pip show ansible-core" -echo -e " apt -a list ansible-core\n\n" +echo -e " apt -a list ansible-core" +echo -e "WARNING: You might need to start a new Linux shell, so /usr/local/bin works.\n\n" From 365c6b44ac01d2d1447df0f96c65a694785e54a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 May 2021 12:43:02 -0400 Subject: [PATCH 048/207] scripts/ansible: Cleaner output --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index a0a585faa..590d62bb4 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -157,7 +157,7 @@ $APT_PATH/apt -y --allow-downgrades install \ python3-pymysql python3-psycopg2 python3-passlib python3-pip \ python3-setuptools python3-packaging python3-venv virtualenv -echo -e "\n'pip3 install ansible-core' will now run:\n" +echo -e "\n\n'pip3 install ansible-core' will now run:\n" pip3 install ansible-core # (Re)running collection installs appears safe, with --force-with-deps to force @@ -182,5 +182,5 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " pip show ansible-core" -echo -e " apt -a list ansible-core" +echo -e " apt -a list ansible-core\n" echo -e "WARNING: You might need to start a new Linux shell, so /usr/local/bin works.\n\n" From 36323c3630227135792e9b98c0345dbebd2cabcb Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 May 2021 12:53:46 -0400 Subject: [PATCH 049/207] scripts/ansible: Explain how to verify Ansible --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 590d62bb4..30531ed28 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -182,5 +182,5 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " pip show ansible-core" -echo -e " apt -a list ansible-core\n" -echo -e "WARNING: You might need to start a new Linux shell, so /usr/local/bin works.\n\n" +echo -e ' apt -a list "ansible*"\n' +echo -e "WARNING: You might need to start a new Linux shell, so /usr/local/bin/ansible works.\n\n" From 071a1b500b15a862357c6827c76e0cedb4385ee9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 25 May 2021 16:55:55 +0000 Subject: [PATCH 050/207] restarter - run as root --- roles/lokole/tasks/install.yml | 12 ++++++------ roles/lokole/templates/lokole_restarter.conf | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 1eea60e98..42509d250 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -112,12 +112,12 @@ owner: "{{ lokole_user }}" mode: g+rw -- name: Fixup supervisorctl - file: - path: /usr/bin/supervisorctl - owner: root - group: "{{ lokole_user }}" - mode: u=rw+s,g=rx,o=rx +#- name: Fixup supervisorctl +# file: +# path: /usr/bin/supervisorctl +# owner: root +# group: "{{ lokole_user }}" +# mode: u=rw+s,g=rx,o=rx - name: Install {{ lokole_confd }} templates to configure Lokole template: diff --git a/roles/lokole/templates/lokole_restarter.conf b/roles/lokole/templates/lokole_restarter.conf index 9ecc43202..94f580e9c 100644 --- a/roles/lokole/templates/lokole_restarter.conf +++ b/roles/lokole/templates/lokole_restarter.conf @@ -6,5 +6,5 @@ startretries=3 stopasgroup=true stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log -user={{ lokole_user }} +user=root environment=OPWEN_SETTINGS={{ lokole_settings }} From 8e3337277d29fc8e4b6e6c869bf3dacacbc33aed Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 25 May 2021 14:43:59 +0000 Subject: [PATCH 051/207] drop uid --- roles/lokole/tasks/install.yml | 2 +- roles/lokole/tasks/setup.yml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 42509d250..15e437e3b 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -85,7 +85,7 @@ #group: "{{ lokole_user }}" groups: dialout, dip system: yes - uid: "{{ lokole_uid }}" + #uid: "{{ lokole_uid }}" home: "{{ lokole_home_dir }}" - name: mkdir {{ lokole_run_dir }} diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml index 35e505eb7..6ecdf0942 100644 --- a/roles/lokole/tasks/setup.yml +++ b/roles/lokole/tasks/setup.yml @@ -2,7 +2,6 @@ shell: | while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' - when: lokole_installed is undefined - name: Change owner of dbfiles file: @@ -10,7 +9,7 @@ state: file owner: "{{ lokole_user }}" group: "{{ lokole_user }}" - mode: u=rw,g=rw + mode: u=rw,g=r loop: - { path: "{{ lokole_run_dir }}/users.sqlite3" } # - { path: "{{ lokole_run_dir }}/celery.sqlite3" } From 57b5c451fd6bafdc4825a82e85876e7499c6f812 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 25 May 2021 07:54:01 +0000 Subject: [PATCH 052/207] weirdness use both for now --- roles/lokole/tasks/install.yml | 5 +++++ roles/lokole/templates/settings.env.j2 | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 15e437e3b..083152c9f 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -104,6 +104,11 @@ owner: "{{ lokole_user }}" mode: g+rw +- name: Generate key and salt + set_fact: + lokole_key: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}" + lokole_salt: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}" + - name: Install {{ lokole_settings }} template: src: settings.env.j2 diff --git a/roles/lokole/templates/settings.env.j2 b/roles/lokole/templates/settings.env.j2 index c4b0ccdf7..f803eb09f 100644 --- a/roles/lokole/templates/settings.env.j2 +++ b/roles/lokole/templates/settings.env.j2 @@ -4,6 +4,7 @@ OPWEN_APP_ROOT={{ lokole_url }}/ OPWEN_MAX_UPLOAD_SIZE_MB=10 OPWEN_SYNC_SCHEDULE="1,16,31,46 * * * *" OPWEN_RESTART_PATH={{ lokole_run_dir }}/lokole_restarter/lokole_gunicorn=HUP,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_worker=,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_beat= -OPWEN_SECRET_KEY={{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }} -OPWEN_PASSWORD_SALT={{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }} +OPWEN_SESSION_KEY={{ lokole_key }} +OPWEN_SECRET_KEY={{ lokole_key }} +OPWEN_PASSWORD_SALT={{ lokole_salt }} OPWEN_SIM_TYPE={{ lokole_sim_type }} From 483cdd322886f5f47e307de884a6738d4f89fb48 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 25 May 2021 18:00:09 +0000 Subject: [PATCH 053/207] move to a readme --- roles/lokole/templates/settings.env.j2 | 1 + vars/default_vars.yml | 1 + vars/local_vars_big.yml | 3 --- vars/local_vars_medium.yml | 3 --- vars/local_vars_min.yml | 3 --- 5 files changed, 2 insertions(+), 9 deletions(-) diff --git a/roles/lokole/templates/settings.env.j2 b/roles/lokole/templates/settings.env.j2 index f803eb09f..6f87ad277 100644 --- a/roles/lokole/templates/settings.env.j2 +++ b/roles/lokole/templates/settings.env.j2 @@ -8,3 +8,4 @@ OPWEN_SESSION_KEY={{ lokole_key }} OPWEN_SECRET_KEY={{ lokole_key }} OPWEN_PASSWORD_SALT={{ lokole_salt }} OPWEN_SIM_TYPE={{ lokole_sim_type }} +OPWEN_CLIENT_NAME={{ lokole_client_id }} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index fb47adcd0..80bd136f5 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -393,6 +393,7 @@ lokole_enabled: False # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' # Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 lokole_sim_type: LocalOnly +lokole_client_id: None mediawiki_install: False mediawiki_enabled: False diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 8e304f80c..e7113a35a 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -261,9 +261,6 @@ jupyterhub_enabled: True # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: True lokole_enabled: True -# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' -# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 -lokole_sim_type: LocalOnly mediawiki_install: True mediawiki_enabled: True diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 160be65e1..79a4eed23 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -261,9 +261,6 @@ jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False lokole_enabled: False -# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' -# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 -lokole_sim_type: LocalOnly mediawiki_install: False mediawiki_enabled: False diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 2c2a499da..086991c73 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -261,9 +261,6 @@ jupyterhub_enabled: False # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False lokole_enabled: False -# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' -# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 -lokole_sim_type: LocalOnly mediawiki_install: False mediawiki_enabled: False From f016f51eeb0f49048504ecd11d4fc089d1c24024 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 25 May 2021 18:59:00 +0000 Subject: [PATCH 054/207] start supervisor before Admin User creation --- roles/lokole/tasks/setup.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/lokole/tasks/setup.yml b/roles/lokole/tasks/setup.yml index 6ecdf0942..1f49661c6 100644 --- a/roles/lokole/tasks/setup.yml +++ b/roles/lokole/tasks/setup.yml @@ -1,3 +1,8 @@ +- name: start supervisor + systemd: + name: supervisor + state: started + - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env @@ -9,7 +14,7 @@ state: file owner: "{{ lokole_user }}" group: "{{ lokole_user }}" - mode: u=rw,g=r + mode: u=rw loop: - { path: "{{ lokole_run_dir }}/users.sqlite3" } # - { path: "{{ lokole_run_dir }}/celery.sqlite3" } From 6e1c3b33fb1c5b073c9bd69ef9fd5c4538fcfeff Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 May 2021 16:05:27 -0400 Subject: [PATCH 055/207] Update iiab-support --- iiab-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-support b/iiab-support index 66c8e54ae..c61656aa6 100755 --- a/iiab-support +++ b/iiab-support @@ -46,7 +46,7 @@ else echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n" fi -if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then +if grep -q '^openvpn_installed: True' /etc/iiab/iiab_state.yml; then echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n" else echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n" From 7799c84bd7e6abce39438b09095c57d6082de1ca Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 May 2021 16:15:57 -0400 Subject: [PATCH 056/207] Update iiab-support --- iiab-support | 2 -- 1 file changed, 2 deletions(-) diff --git a/iiab-support b/iiab-support index c61656aa6..11ff589d9 100755 --- a/iiab-support +++ b/iiab-support @@ -58,8 +58,6 @@ else if [ -d /opt/iiab/iiab ]; then cd /opt/iiab/iiab - #CWD=`pwd` - #export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" ansible -m setup -i $INVENTORY localhost --connection=local | grep python ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local From 29cdf2ff1135583f288582bb0e4cd5ef7e1b49b1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 May 2021 16:41:11 -0400 Subject: [PATCH 057/207] iiab-support: Check for word break using '\b' (grep -q '^openvpn_installed: True\b' /etc/iiab/iiab_state.yml) --- iiab-support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-support b/iiab-support index 11ff589d9..91ec00a7d 100755 --- a/iiab-support +++ b/iiab-support @@ -46,7 +46,7 @@ else echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n" fi -if grep -q '^openvpn_installed: True' /etc/iiab/iiab_state.yml; then +if grep -q '^openvpn_installed: True\b' /etc/iiab/iiab_state.yml; then echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n" else echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n" From 0f5fd67625707d9c589d032e64d534966b660b86 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 25 May 2021 20:18:59 -0400 Subject: [PATCH 058/207] Update README.md --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 21238b9ab..e3e21c389 100644 --- a/README.md +++ b/README.md @@ -35,11 +35,12 @@ Finally, you can [customize your Internet-in-a-Box home page](http://wiki.laptop Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians *and* IT/UX/QA people of all kinds! -Please see "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO) +If you would like to volunteer, please [make contact](http://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO) -To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide). FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) to install, deploy, configure and manage the various software components. + -To learn more about our open community architecture for "offline" education, start by reviewing "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)" +To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)" +FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) to install, deploy, configure and manage the various software components. *Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* From 89a8b106c2033eb7d3298d6fa32e0a2f0d37d65a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 May 2021 11:43:42 -0400 Subject: [PATCH 059/207] scripts/ansible attempts to upgrade of Ansible (functionality restored) --- scripts/ansible | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 30531ed28..9fe8fb330 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -55,7 +55,7 @@ fi # TEMPORARILY USE pip3 to install the latest ansible-core as listed at # https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core") #apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv -#pip3 install ansible-core # Then start a new shell, so /usr/local/bin works +#pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works #ansible-galaxy collection install -r collections.yml # TEMPORARILY USE ansible-base 2.10.10 (REMOVE W/ "pip3 uninstall ansible-base") @@ -96,8 +96,7 @@ if [ $(command -v ansible) ]; then # "command -v" is POSIX compliant; also ca # Above works with 'ansible [core 2.11.0rc2]' -- these old ways do not: #CURR_VER=$(ansible --version | head -1 | awk '{print $2}') #CURR_VER=$(ansible --version | head -1 | sed -e 's/.* //') - echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER" - #echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER -- LET'S TRY TO UPGRADE IT!" + echo -e "CURRENTLY INSTALLED ANSIBLE: $CURR_VER -- LET'S TRY TO UPGRADE IT!" else echo -e "ANSIBLE NOT FOUND ON THIS COMPUTER -- LET'S TRY TO INSTALL IT!" fi @@ -153,12 +152,12 @@ echo -e "\napt update; apt install of python3-* / virtualenv packages explained echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" $APT_PATH/apt update #$APT_PATH/apt -y --allow-downgrades install ansible-core \ -$APT_PATH/apt -y --allow-downgrades install \ +$APT_PATH/apt -y install \ python3-pymysql python3-psycopg2 python3-passlib python3-pip \ python3-setuptools python3-packaging python3-venv virtualenv -echo -e "\n\n'pip3 install ansible-core' will now run:\n" -pip3 install ansible-core +echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n" +pip3 install --upgrade ansible-core # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support From df8f3b0d455da9a76dceed9d603f89ab53e14583 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 May 2021 11:47:23 -0400 Subject: [PATCH 060/207] scripts/ansible: Doc touchup --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 9fe8fb330..7a484e338 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -15,7 +15,7 @@ GOOD_VER=2.11.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # delays in publishing the PPA (.deb installer files) for ansible-core, this # file bypasses the apt approach (and associated PPA source) in favor of: # -# pip3 install ansible-core +# pip3 install --upgrade ansible-core # # What the future holds for 2022+ is not yet clear. So the apt approach (with # PPA source in /etc/apt/sources.list.d/ and .gpg key etc) and much associated From 434d9eeaeee67209b88e6e08ee9cb621e9ba6e0f Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 May 2021 12:18:27 -0400 Subject: [PATCH 061/207] scripts/ansible: Clarify that we no longer install Ansible from PPA --- scripts/ansible | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 7a484e338..181d53211 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -21,8 +21,8 @@ GOOD_VER=2.11.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) # PPA source in /etc/apt/sources.list.d/ and .gpg key etc) and much associated # guidance/comments below are NOT being commented out or deleted at this time. -# We install the latest 'ansible-core' from PPA, using an OS 'CODENAME' below: -# https://launchpad.net/~ansible/+archive/ubuntu/ansible +# 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either +# OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible # 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED) if grep -q buster /etc/os-release /etc/debian_version; then From a85e0b6abec1eda7414c89aa0d6821b72c3b3e47 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 May 2021 12:24:54 -0400 Subject: [PATCH 062/207] Update LICENSING.md --- LICENSING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSING.md b/LICENSING.md index 37327894b..fac901b1d 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2020, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. From eb4a23c0c3f793f198e7ec56e767dac58ba9dec7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 May 2021 13:18:45 -0400 Subject: [PATCH 063/207] Warning about ansible moving from /usr/bin to /usr/local/bin --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 181d53211..d5b594e54 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -182,4 +182,4 @@ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " pip show ansible-core" echo -e ' apt -a list "ansible*"\n' -echo -e "WARNING: You might need to start a new Linux shell, so /usr/local/bin/ansible works.\n\n" +echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" From 28da43444ab87498ce5aa9ab2fd2a5e71725de54 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 May 2021 13:34:51 -0400 Subject: [PATCH 064/207] scripts/ansible: Mention 'ansible-galaxy collection list' --- scripts/ansible | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index d5b594e54..1c1f48675 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -181,5 +181,6 @@ ansible-galaxy collection install --force-with-deps \ echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n" echo -e " ansible --version" echo -e " pip show ansible-core" -echo -e ' apt -a list "ansible*"\n' +echo -e ' apt -a list "ansible*"' +echo -e " ansible-galaxy collection list\n" echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n" From c1dcf7cf0b1021f69b91863409a1062d24ac4c5a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 27 May 2021 20:51:07 -0400 Subject: [PATCH 065/207] mediawiki/defaults/main.yml: 1.35.2 -> 1.36.0 --- roles/mediawiki/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index af46dae66..1892d9259 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,8 +4,8 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.35 # "1.35" also works -mediawiki_minor_version: 2 +mediawiki_major_version: 1.36 # "1.35" also works +mediawiki_minor_version: 0 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 4e170d6ecf031d08996b94f3d95b3a284143daad Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 May 2021 01:03:53 -0400 Subject: [PATCH 066/207] 2-common/tasks/network.yml: Clarify Ansible output --- roles/2-common/tasks/network.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index 3056e98fb..dc71f4a13 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -1,11 +1,11 @@ -- name: Install package networkd-dispatcher (OS's other than RaspOS) +- name: Install package networkd-dispatcher (OS's other than RaspiOS) package: name: networkd-dispatcher state: present when: not is_raspbian # used in the network role -- name: Install network related packages (debuntu) +- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask (debuntu)' package: name: - iproute2 @@ -15,7 +15,7 @@ state: present when: is_debuntu -- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu) +- name: Install /etc/network/if-pre-up.d/iptables from template (0755, debuntu) template: src: iptables dest: /etc/network/if-pre-up.d/iptables From 25d33a7702e4b3e3e362953cd26c90e7f926a39f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 May 2021 01:38:10 -0400 Subject: [PATCH 067/207] nextcloud/tasks/install.yml: Clarify /library/www/nextcloud is ~434 MB (for Nextcloud 21.0.2) --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index af304bde5..9921837d7 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -94,7 +94,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (~449 MB, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (~434 MB, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From d0d98908c58f7ba53ee36fc787264b5779c1d4a9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 May 2021 01:42:24 -0400 Subject: [PATCH 068/207] nextcloud/tasks/install.yml: Clarify /library/www/nextcloud is 434-450 MB (for Nextcloud 21.0.2) --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 9921837d7..5cb341aae 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -94,7 +94,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (~434 MB, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (434-450 MB, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" From 2eac822fd28a39c6d262369cadb611ddd69bb770 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 May 2021 02:16:36 -0400 Subject: [PATCH 069/207] moodle/tasks/install.yml: Clarify /opt/iiab/moodle is ~288 MB (for Moodle 3.9) --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 89600b196..2e3d40638 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -45,7 +45,7 @@ path: "{{ moodle_base }}/config-dist.php" # /opt/iiab/moodle register: moodle -- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }} (~300 MB) +- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }} (~288 MB) git: repo: "{{ moodle_repo_url }}" dest: "{{ moodle_base }}" From 00df37b1a094c2d0826b9b3499c86f89837ff66f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 May 2021 02:30:44 -0400 Subject: [PATCH 070/207] osm-vector-maps/tasks/install.yml: Clarify Ansible output --- roles/osm-vector-maps/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 2e58d4516..132c3b189 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -170,7 +170,7 @@ dest: "{{ vector_map_path }}/maplist/index.html" force: yes -- name: Get packages necessary for map installation +- name: "Install packages for map installation: python3-wget, php{{ php_version }}-sqlite3, python3-geojson, python3-pil" package: state: present name: @@ -179,7 +179,7 @@ - python3-geojson - python3-pil -- name: Copy a scripts to download tiles +- name: Copy 6 scripts to /usr/bin, for downloading tiles get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/scripts/{{ item }}" dest: /usr/bin/ From 9e1151e15b4d2d8408a03fb4bfe111393bc7dc65 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 May 2021 03:12:18 -0400 Subject: [PATCH 071/207] calibre-web/tasks/install.yml: Remove space --- roles/calibre-web/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index b6411b7f4..3b31b8631 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -49,7 +49,7 @@ requirements: "{{ calibreweb_venv_path }}/requirements.txt" virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv_site_packages: no - virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} + virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} when: internet_available - name: Install /etc/systemd/system/calibre-web.service from template From a98af11395f149fb2552b7304e2ee84cf6999bd0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 28 May 2021 03:18:05 -0400 Subject: [PATCH 072/207] captiveportal/tasks/install.yml: Install 2 packages (in newer Ansible way) --- roles/captiveportal/tasks/install.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index 4db295fdc..01c1d932a 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -1,10 +1,9 @@ -- name: "Download & install packages: python3-dateutil, python3-jinja2" +- name: "Install packages: python3-dateutil, python3-jinja2" package: - name: "{{ item }}" + name: + - python3-dateutil + - python3-jinja2 state: present - with_items: - - python3-dateutil - - python3-jinja2 - name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }} file: From 1ed18418654428a5871d9c48739db0e7d674c83d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jun 2021 17:55:48 -0400 Subject: [PATCH 073/207] Update default_vars.yml --- vars/default_vars.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 80bd136f5..949b997fb 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -434,7 +434,8 @@ nextcloud_enabled: False # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. +# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi. +# If using PBX intensively, set nginx_high_php_limits further above. pbx_install: False pbx_enabled: False asterisk_chan_dongle: False @@ -475,6 +476,7 @@ kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk postgresql_install: False postgresql_enabled: False +# Warning: Moodle is a serious LMS, that takes a while to install. moodle_install: False moodle_enabled: False # If using Moodle intensively, set nginx_high_php_limits further above. From d86e4684fd8a89cfc61163f3f63c263c4f0b9266 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jun 2021 17:56:23 -0400 Subject: [PATCH 074/207] Update local_vars_min.yml --- vars/local_vars_min.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 086991c73..f9e12113b 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -290,7 +290,8 @@ nextcloud_enabled: False # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. +# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi. +# If using PBX intensively, set nginx_high_php_limits further above. pbx_install: False pbx_enabled: False asterisk_chan_dongle: False From 6054d812ab490672108cf59b46334698762f0fa2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jun 2021 17:56:29 -0400 Subject: [PATCH 075/207] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 79a4eed23..f46d6739a 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -290,7 +290,8 @@ nextcloud_enabled: True # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. +# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi. +# If using PBX intensively, set nginx_high_php_limits further above. pbx_install: False pbx_enabled: False asterisk_chan_dongle: False From 2e13f976e3cf6dda824304a0e0fac90fc1783299 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 1 Jun 2021 17:56:35 -0400 Subject: [PATCH 076/207] Update local_vars_big.yml --- vars/local_vars_big.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index e7113a35a..ddd5300b8 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -290,7 +290,8 @@ nextcloud_enabled: True # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. +# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi. +# If using PBX intensively, set nginx_high_php_limits further above. pbx_install: False pbx_enabled: False asterisk_chan_dongle: False From a46ce1fa0b79072b990a93c9db626d22eb791ed6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 3 Jun 2021 20:56:17 -0400 Subject: [PATCH 077/207] kiwix/tasks/install.yml: Clarify armhf works on aarch64 --- roles/kiwix/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 1a18c25c9..12e602d3c 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -4,10 +4,10 @@ set_fact: kiwix_src_dir: False -- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71)" +- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71 or aarch64)" set_fact: kiwix_src_dir: "{{ kiwix_version_armhf }}" - when: ansible_machine == "armv7l" or ansible_machine == "armv6l" or ansible_machine == "aarch64" + when: ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64" - name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)" set_fact: From a2277b063515adc875a1cf3296a01274dbf0f643 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 4 Jun 2021 03:56:29 -0400 Subject: [PATCH 078/207] phpMyAdmin 5.1.0 -> 5.1.1 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index 9cfea8dfc..e8cbd16f2 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,6 +4,6 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.1.0 +phpmyadmin_version: 5.1.1 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" From 9bb81e1b07d2950b1f3c85e7b03de1d04bea06c6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 10 Jun 2021 06:55:01 -0400 Subject: [PATCH 079/207] kiwix-tools 3.1.2-4 -> 3.1.2-5 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 512683d6e..a03d179e8 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-4 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-4 -kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-4 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-5 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-5 +kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-5 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From b89aa1f93f9566052ab5f62c562bfadadd457e93 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 16 Jun 2021 12:08:08 -0400 Subject: [PATCH 080/207] Clarify that download to /opt/iiab/sugarizer-1.5.0 is generally ~469M (confirmed on Debian 10 & RaspiOS) --- roles/sugarizer/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index e1cafdb4b..275780063 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -29,7 +29,7 @@ # 2. DOWNLOAD+LINK /opt/iiab/sugarizer -- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB) +- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~469 MB) git: repo: https://github.com/llaske/sugarizer dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}" From cd6a55696a613b5bc61406c982d0df487193e6fc Mon Sep 17 00:00:00 2001 From: root Date: Thu, 17 Jun 2021 05:10:09 -0400 Subject: [PATCH 081/207] Node.js 14.x -> 16.x --- roles/internetarchive/tasks/install.yml | 9 +++++---- roles/nodejs/defaults/main.yml | 2 +- roles/nodejs/tasks/main.yml | 2 +- vars/default_vars.yml | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 2dd6863d8..689851636 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -9,10 +9,11 @@ include_role: name: nodejs -- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x, 12.x or 14.x - fail: - msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x or 14.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" - when: (nodejs_version != "10.x") and (nodejs_version != "12.x") and (nodejs_version != "14.x") +- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 16.x + assert: + that: nodejs_version is version('10.x', '>=') and nodejs_version is version('16.x', '<=') + fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 16.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" + quiet: yes - name: "Set 'yarn_install: True' and 'yarn_enabled: True'" set_fact: diff --git a/roles/nodejs/defaults/main.yml b/roles/nodejs/defaults/main.yml index 6e710710d..312bf20fe 100644 --- a/roles/nodejs/defaults/main.yml +++ b/roles/nodejs/defaults/main.yml @@ -9,7 +9,7 @@ # Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: # nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer) -# nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29 +# nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index f736525cb..e13c68934 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -1,4 +1,4 @@ -# SEE VAR nodejs_version: 14.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR +# SEE VAR nodejs_version: 16.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR # NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml # Duplicate Node.js code unified by @jvonau. Revised by @holta. Used by: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 949b997fb..5b535277e 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -409,7 +409,7 @@ nodejs_install: False nodejs_enabled: False # Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: # nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer) -nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29 +nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17 # Flow-based visual programming for wiring together IoT hardware devices etc nodered_install: False From 4bfb233132c0406f69c94abec15aff417137f689 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 17 Jun 2021 13:56:03 -0400 Subject: [PATCH 082/207] default_vars.yml: Clarify 4 roles that install roles/nodejs on demand --- vars/default_vars.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 5b535277e..bdca92f18 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -403,12 +403,11 @@ mosquitto_install: False mosquitto_enabled: False mosquitto_port: 1883 -# 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Node.js is installed on demand -# as a dependency -- by Node-RED, Sugarizer &/or Internet Archive +# 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed +# on demand as a dependency by 4 roles -- internetarchive (Internet Archive), +# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: nodejs_install: False nodejs_enabled: False -# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: -# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer) nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17 # Flow-based visual programming for wiring together IoT hardware devices etc From 6eadc574702f043740896555b67be0a1de69981b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 17 Jun 2021 13:57:53 -0400 Subject: [PATCH 083/207] nodejs/defaults/main.yml: Clarify 4 roles that install roles/nodejs on demand --- roles/nodejs/defaults/main.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/roles/nodejs/defaults/main.yml b/roles/nodejs/defaults/main.yml index 312bf20fe..e36db5372 100644 --- a/roles/nodejs/defaults/main.yml +++ b/roles/nodejs/defaults/main.yml @@ -1,14 +1,10 @@ -# 2020-01-23: nodejs_install is completely ignored as Node.js is installed on -# demand as a dependency -- by Node-RED, Sugarizer and/or Internet Archive -- -# but for now we set fake value 'nodejs_install: True' for -# 'nodejs_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml +# 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed +# on demand as a dependency by 4 roles -- internetarchive (Internet Archive), +# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer: -# nodejs_install: True +# nodejs_install: False # nodejs_enabled: False -# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: -# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer) - # nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml From 10fb1823a385260f81a9dbd705fc840c5bf942f4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 17 Jun 2021 20:07:39 -0400 Subject: [PATCH 084/207] nodejs/tasks/install.yml: Stale comments need updating --- roles/nodejs/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index 5a7e0ae0d..ba3536c96 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -32,7 +32,7 @@ # /etc/iiab/local_vars.yml -- then re-run this IIAB installer. # when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == "" -# Forces < 12 or > 12 to be removed, ignored if file is absent +# Forces < 16.x or > 16.x to be removed, ignored if file is absent - name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }} file: state: absent @@ -40,14 +40,14 @@ when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js -# Forces < 12 or > 12 to be uninstalled +# Forces < 16.x or > 16.x to be uninstalled - name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }}) package: name: nodejs state: absent when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" -# Forces == 12 +# Forces == 16.x - name: Warn if Node.js {{ nodejs_version}} already installed & might be updated debug: msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com" From 71daf9012af53538309bb4432738039fd6b9fe54 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 19 Jun 2021 17:56:40 -0400 Subject: [PATCH 085/207] Create raspbian-11.yml --- vars/raspbian-11.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 vars/raspbian-11.yml diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml new file mode 100644 index 000000000..dbf3853e3 --- /dev/null +++ b/vars/raspbian-11.yml @@ -0,0 +1,38 @@ +is_debuntu: True +is_debian: True +is_debian_11: True +is_raspbian: True +is_raspbian_11: True + +# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True +# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) +dns_service: bind9 +dns_user: bind +dhcp_service: isc-dhcp-server + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_conf_dir: apache2/sites-available +apache_user: www-data +apache_log_dir: /var/log/apache2 +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +apache_log: /var/log/apache2/access.log +sshd_package: ssh +sshd_service: ssh +php_version: 7.4 +postgresql_version: 13 +systemd_location: /lib/systemd/system +python_ver: 3.9 + +# minetest for rpi +minetest_server_bin: /library/games/minetest/bin/minetestserver +minetest_working_dir: /library/games/minetest +minetest_game_dir: /library/games/minetest/games/minetest_game +minetest_rpi_src_tar: minetest.5.1.1.tar.gz +#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_untarred: Minetest From 262f7dd48465538b6088d07af08c7198b535a2a2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 19 Jun 2021 18:01:07 -0400 Subject: [PATCH 086/207] Update local_facts.fact --- scripts/local_facts.fact | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index f34f0fac6..a3fdd96a4 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -60,7 +60,7 @@ OS_VER=$OS-$VERSION_ID # 2020-10-21: Debian 11 (Bullseye) not yet supported but adding this line to # its /etc/os-release can help testing this unreleased OS: VERSION_ID="11" -# 2020-11-14: Ubuntu 21.04 (Hirsute Hippo) not yet supported but this +# 2021-06-19: Ubuntu 21.10 (Impish Indri) not yet supported but this # unreleased OS can help testing. case $OS_VER in @@ -69,7 +69,8 @@ case $OS_VER in "ubuntu-20" | \ "ubuntu-21" | \ "linuxmint-20" | \ - "raspbian-10") + "raspbian-10" | \ + "raspbian-11") ;; *) OS_VER="OS_not_supported" ;; From 66b9f469e8cad7d1299c0cccacce52bd72e67969 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 19 Jun 2021 18:33:09 -0400 Subject: [PATCH 087/207] Update local_facts.fact --- scripts/local_facts.fact | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index a3fdd96a4..b984f1d27 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -61,7 +61,8 @@ OS_VER=$OS-$VERSION_ID # its /etc/os-release can help testing this unreleased OS: VERSION_ID="11" # 2021-06-19: Ubuntu 21.10 (Impish Indri) not yet supported but this -# unreleased OS can help testing. +# unreleased OS can help testing. For now this means MANUALLY changing +# php_version: 7.4 to 8.0 in vars/ubuntu-21.yml case $OS_VER in "debian-10" | \ From 5f56267013c9889ac88e9bd7a56d2f2fd5d52cc5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 19 Jun 2021 18:39:11 -0400 Subject: [PATCH 088/207] Update raspbian-11.yml --- vars/raspbian-11.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index dbf3853e3..6225eda89 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -28,7 +28,7 @@ postgresql_version: 13 systemd_location: /lib/systemd/system python_ver: 3.9 -# minetest for rpi +# Minetest for RPi minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game From 2d82ecd8e2d93ae1a5c4e37e0aeec519933232e2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 19 Jun 2021 18:44:12 -0400 Subject: [PATCH 089/207] Update local_facts.fact --- scripts/local_facts.fact | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index b984f1d27..ae58c28c9 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -62,7 +62,7 @@ OS_VER=$OS-$VERSION_ID # 2021-06-19: Ubuntu 21.10 (Impish Indri) not yet supported but this # unreleased OS can help testing. For now this means MANUALLY changing -# php_version: 7.4 to 8.0 in vars/ubuntu-21.yml +# php_version: 7.4 to 8.0 in /opt/iiab/iiab/vars/ubuntu-21.yml case $OS_VER in "debian-10" | \ From 92fc1471dc7311a4005608861791b31d1881d2b6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 07:48:49 -0400 Subject: [PATCH 090/207] Update debian-10.yml --- vars/debian-10.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/debian-10.yml b/vars/debian-10.yml index fcfa312c3..143f09dd7 100644 --- a/vars/debian-10.yml +++ b/vars/debian-10.yml @@ -1,5 +1,6 @@ is_debuntu: True is_debian: True +is_ubuntu: False is_debian_10: True # 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True From 3c1cca45e33f25645a0d1786c3d09da806286ef4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 07:49:13 -0400 Subject: [PATCH 091/207] Update debian-11.yml --- vars/debian-11.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/debian-11.yml b/vars/debian-11.yml index b0856f914..7680abdb5 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -1,5 +1,6 @@ is_debuntu: True is_debian: True +is_ubuntu: False is_debian_11: True # 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True From 75b4a46643b134e2ca8c1e4874a31c257c6c85ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 07:50:21 -0400 Subject: [PATCH 092/207] Update linuxmint-20.yml --- vars/linuxmint-20.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml index 93df64985..8efddc5f9 100644 --- a/vars/linuxmint-20.yml +++ b/vars/linuxmint-20.yml @@ -1,4 +1,5 @@ is_debuntu: True +is_debian: False is_ubuntu: True is_ubuntu_20: True is_linuxmint: True From 6d368fb053128419736f186aa2f223f2da7185ed Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 07:51:45 -0400 Subject: [PATCH 093/207] Update raspbian-10.yml --- vars/raspbian-10.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml index 103bc6f4a..ec9ce37f6 100644 --- a/vars/raspbian-10.yml +++ b/vars/raspbian-10.yml @@ -1,5 +1,6 @@ is_debuntu: True is_debian: True +is_ubuntu: False is_debian_10: True is_raspbian: True is_raspbian_10: True From 51c60acf11955370b72b59ddeb9cf44efd95635e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 07:52:22 -0400 Subject: [PATCH 094/207] Update raspbian-11.yml --- vars/raspbian-11.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index 6225eda89..037f0a51c 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -1,5 +1,6 @@ is_debuntu: True is_debian: True +is_ubuntu: False is_debian_11: True is_raspbian: True is_raspbian_11: True From f098b19d7c6fcc296a0c6c3558fd983598a392d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 07:53:06 -0400 Subject: [PATCH 095/207] Update ubuntu-20.yml --- vars/ubuntu-20.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/ubuntu-20.yml b/vars/ubuntu-20.yml index ca994c7d8..57e35a8e3 100644 --- a/vars/ubuntu-20.yml +++ b/vars/ubuntu-20.yml @@ -1,4 +1,5 @@ is_debuntu: True +is_debian: False is_ubuntu: True is_ubuntu_20: True From 0858b3f135ee261f074aff0f709de81695933e44 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 07:53:42 -0400 Subject: [PATCH 096/207] Update ubuntu-21.yml --- vars/ubuntu-21.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/ubuntu-21.yml b/vars/ubuntu-21.yml index 0f29d4a5f..60a71014e 100644 --- a/vars/ubuntu-21.yml +++ b/vars/ubuntu-21.yml @@ -1,4 +1,5 @@ is_debuntu: True +is_debian: False is_ubuntu: True is_ubuntu_21: True From e661d4196c2610effdd9f0c1b4b87b34e28afb1a Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 09:24:54 -0400 Subject: [PATCH 097/207] Update default_vars.yml --- vars/default_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bdca92f18..1dbf64a07 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -722,6 +722,7 @@ is_debian_9: False is_debian_8: False is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) +is_raspbian_11: False is_raspbian_10: False is_raspbian_9: False is_raspbian_8: False From 9d4403515a8a8efef6707cc39b5fd059649c08e5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 09:38:16 -0400 Subject: [PATCH 098/207] Update raspbian-11.yml --- vars/raspbian-11.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index 037f0a51c..d1d1d8672 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -1,6 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: True -is_ubuntu: False +is_debian: True # Opposite of is_ubuntu for now is_debian_11: True is_raspbian: True is_raspbian_11: True From f86d632881e2499377c6bdff801c0fdfec993d62 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 09:39:04 -0400 Subject: [PATCH 099/207] Update raspbian-10.yml --- vars/raspbian-10.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml index ec9ce37f6..b2f3298d8 100644 --- a/vars/raspbian-10.yml +++ b/vars/raspbian-10.yml @@ -1,6 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: True -is_ubuntu: False +is_debian: True # Opposite of is_ubuntu for now is_debian_10: True is_raspbian: True is_raspbian_10: True From 389bc9b7a77668f62564468eb2011bc387474e64 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 09:39:44 -0400 Subject: [PATCH 100/207] Update debian-10.yml --- vars/debian-10.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/debian-10.yml b/vars/debian-10.yml index 143f09dd7..21b553d30 100644 --- a/vars/debian-10.yml +++ b/vars/debian-10.yml @@ -1,6 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: True -is_ubuntu: False +is_debian: True # Opposite of is_ubuntu for now is_debian_10: True # 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True From 5b045c155b7027f3294a289fa1ca5e7e946aab70 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 09:40:18 -0400 Subject: [PATCH 101/207] Update debian-11.yml --- vars/debian-11.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/debian-11.yml b/vars/debian-11.yml index 7680abdb5..57160cecb 100644 --- a/vars/debian-11.yml +++ b/vars/debian-11.yml @@ -1,6 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: True -is_ubuntu: False +is_debian: True # Opposite of is_ubuntu for now is_debian_11: True # 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True From 204ceaa419e832b3f60b8c84a22f2b985eb62cbb Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 09:42:01 -0400 Subject: [PATCH 102/207] Update linuxmint-20.yml --- vars/linuxmint-20.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml index 8efddc5f9..0afc95bb0 100644 --- a/vars/linuxmint-20.yml +++ b/vars/linuxmint-20.yml @@ -1,6 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: False -is_ubuntu: True +is_ubuntu: True # Opposite of is_debian for now is_ubuntu_20: True is_linuxmint: True is_linuxmint_20: True From 40a76d64ef037f527c80b193fa01f1309d5a1019 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 09:42:37 -0400 Subject: [PATCH 103/207] Update ubuntu-20.yml --- vars/ubuntu-20.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/ubuntu-20.yml b/vars/ubuntu-20.yml index 57e35a8e3..1dd5aa3ce 100644 --- a/vars/ubuntu-20.yml +++ b/vars/ubuntu-20.yml @@ -1,6 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: False -is_ubuntu: True +is_ubuntu: True # Opposite of is_debian for now is_ubuntu_20: True # 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True From e94d220f484889b086a3d44b68e50cadfe847f6b Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 09:43:09 -0400 Subject: [PATCH 104/207] Update ubuntu-21.yml --- vars/ubuntu-21.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/ubuntu-21.yml b/vars/ubuntu-21.yml index 60a71014e..5f8b4c8d4 100644 --- a/vars/ubuntu-21.yml +++ b/vars/ubuntu-21.yml @@ -1,6 +1,7 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True -is_debian: False -is_ubuntu: True +is_ubuntu: True # Opposite of is_debian for now is_ubuntu_21: True # 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True From da7728442d2044be446e4fbf741aa65dbb5f9d4f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 20 Jun 2021 17:24:30 -0400 Subject: [PATCH 105/207] Rename shaper.yml to shaper.yml.unused --- vars/{shaper.yml => shaper.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename vars/{shaper.yml => shaper.yml.unused} (100%) diff --git a/vars/shaper.yml b/vars/shaper.yml.unused similarity index 100% rename from vars/shaper.yml rename to vars/shaper.yml.unused From 861f6d1dcf6fb31b3657ed6925424b4fca0a4849 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 21 Jun 2021 19:02:12 -0400 Subject: [PATCH 106/207] Unproxied Kolibri Tip for roles/kolibri/README.rst --- roles/kolibri/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index a111cf014..2f475be12 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -42,6 +42,8 @@ Kolibri 0.10 introduced ``kolibri manage deprovision`` which will remove user co Troubleshooting --------------- +An unproxied version of Kolibri is available here if necessary: http://box:8009/kolibri/ + You can run the server manually with the following commands:: systemctl stop kolibri # Make sure the systemd service is not running From 69ffe19f7eeb3bdb94db83b2a5e56e66efeeb380 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 21 Jun 2021 19:15:57 -0400 Subject: [PATCH 107/207] Update roles/kolibri/README.rst --- roles/kolibri/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 2f475be12..9b4afdb23 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -42,7 +42,7 @@ Kolibri 0.10 introduced ``kolibri manage deprovision`` which will remove user co Troubleshooting --------------- -An unproxied version of Kolibri is available here if necessary: http://box:8009/kolibri/ +This unproxied version of Kolibri can sometimes help: http://box:8009/kolibri/ You can run the server manually with the following commands:: From 409e8bc468a07cd00f372be2e2d0a60e827eda6e Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 08:20:02 -0400 Subject: [PATCH 108/207] Recommend ansible-core 2.11.2 --- scripts/ansible | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index 1c1f48675..b190c1ec0 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -9,7 +9,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.11.1 # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER=2.11.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive # delays in publishing the PPA (.deb installer files) for ansible-core, this @@ -34,6 +34,7 @@ fi # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/releases +# https://github.com/ansible/ansible/commits/stable-2.11 # https://pypi.org/project/ansible-base/ # https://pypi.org/project/ansible-core/ # https://releases.ansible.com/ansible-base/ @@ -58,13 +59,13 @@ fi #pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works #ansible-galaxy collection install -r collections.yml -# TEMPORARILY USE ansible-base 2.10.10 (REMOVE W/ "pip3 uninstall ansible-base") +# TEMPORARILY USE ansible-base 2.10.11 (REMOVE W/ "pip3 uninstall ansible-base") #apt install python3-pip -#pip3 install ansible-base==2.10.10 # Start new shell, so /usr/local/bin works +#pip3 install ansible-base==2.10.11 # Start new shell, so /usr/local/bin works -# TEMPORARILY USE ANSIBLE 2.9.22 (REMOVE IT WITH "pip3 uninstall ansible") +# TEMPORARILY USE ANSIBLE 2.9.23 (REMOVE IT WITH "pip3 uninstall ansible") #apt install python3-pip -#pip3 install ansible==2.9.22 +#pip3 install ansible==2.9.23 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" From 16efa3c4cf44ceecdf5ff5f49bf872fc14ac2a37 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 08:40:38 -0400 Subject: [PATCH 109/207] scripts/ansible: Comment out unused code --- scripts/ansible | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/scripts/ansible b/scripts/ansible index b190c1ec0..bec364678 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -11,25 +11,25 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER=undefined # Ansible version you currently have installed GOOD_VER=2.11.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) +# 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and +# .gpg key etc) are commented out with ### below. Asociated guidance/comments +# are intentionally preserved. + # 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive # delays in publishing the PPA (.deb installer files) for ansible-core, this # file bypasses the apt approach (and associated PPA source) in favor of: # # pip3 install --upgrade ansible-core -# -# What the future holds for 2022+ is not yet clear. So the apt approach (with -# PPA source in /etc/apt/sources.list.d/ and .gpg key etc) and much associated -# guidance/comments below are NOT being commented out or deleted at this time. # 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either # OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible # 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED) -if grep -q buster /etc/os-release /etc/debian_version; then - CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros -else - CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) -fi +###if grep -q buster /etc/os-release /etc/debian_version; then +### CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros +###else +### CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) +###fi # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): # https://www.ansible.com/blog/ansible-3.0.0-qa @@ -121,8 +121,8 @@ fi #$APT_PATH/apt update #$APT_PATH/apt -y install dirmngr #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ -echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ - > /etc/apt/sources.list.d/iiab-ansible.list +###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ +### > /etc/apt/sources.list.d/iiab-ansible.list # In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined @@ -140,14 +140,14 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la # 2021-04-26: JV & @holta WIP: (see above) #echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n' #apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367 -cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg +###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg -echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' -echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" -echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" -echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' -grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) +###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' +###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" +###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" +###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' +###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) echo -e "\napt update; apt install of python3-* / virtualenv packages explained at:" echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" From 14b7e23ca0b98044f0920a0665439e499a63cbf7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 08:41:37 -0400 Subject: [PATCH 110/207] Typo in scripts/ansible --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index bec364678..0ec33185a 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -12,7 +12,7 @@ CURR_VER=undefined # Ansible version you currently have installed GOOD_VER=2.11.2 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and -# .gpg key etc) are commented out with ### below. Asociated guidance/comments +# .gpg key etc) are commented out with ### below. Associated guidance/comments # are intentionally preserved. # 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive From eb4144c08b96d73117bf814a0c14d45ea11d8c44 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 12:07:25 -0400 Subject: [PATCH 111/207] nginx/templates/nginx.conf.j2: proxy_force_ranges on; --- roles/nginx/templates/nginx.conf.j2 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index bd23bd626..758491059 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -1,6 +1,6 @@ # IIAB notes: -# /etc/nginx/sites-enabled is for server declarations -# /etc/nginx/conf.d is for location declarations within the main server block +# /etc/nginx/conf.d/* are included by /etc/nginx/server.conf +# /etc/nginx/sites-enabled/*.conf includes other sites user www-data; worker_processes auto; @@ -79,6 +79,11 @@ http { '' close; } + # 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple + # and LG devices: https://github.com/learningequality/kolibri/issues/8164 + # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges + proxy_force_ranges on; + ## # Virtual Host Configs ## From d4b388bf4d6a45d31e226b865f87d027afb5fd5a Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 12:11:45 -0400 Subject: [PATCH 112/207] Lint roles/nginx/templates/server.conf.j2 --- roles/nginx/templates/server.conf.j2 | 60 ++++++++++++++-------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 6b42b1c14..e6413c10c 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -1,35 +1,35 @@ server { - root {{ doc_root }}; - server_name {{ iiab_hostname }}; - listen 80; - - index index.php index.html index.htm; + root {{ doc_root }}; + server_name {{ iiab_hostname }}; + listen 80; - # let individual services drop location blocks in conf.d - include {{ nginx_conf_dir }}/*; - - location ~ .*\.php$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - fastcgi_pass php; - fastcgi_index index.php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - include fastcgi_params; - } - - location /cgi-bin { - root /usr/lib; - } + index index.php index.html index.htm; - # if you don't like seeing all the errors for missing favicon.ico in root - location = /favicon.ico { access_log off; log_not_found off; } + # let individual services drop location blocks in conf.d + include {{ nginx_conf_dir }}/*; + + location ~ .*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; + } - # if you don't like seeing errors for a missing robots.txt in root - location = /robots.txt { access_log off; log_not_found off; } - - # this will prevent files like .htaccess .htpassword .secret etc from being served - location ~ /\. { deny all; } + location /cgi-bin { + root /usr/lib; + } + + # if you don't like seeing all the errors for missing favicon.ico in root + location = /favicon.ico { access_log off; log_not_found off; } + + # if you don't like seeing errors for a missing robots.txt in root + location = /robots.txt { access_log off; log_not_found off; } + + # this will prevent files like .htaccess .htpassword .secret etc from being served + location ~ /\. { deny all; } } From 33d5316c35d9c1e5d4c07ad76020da8d634e11e4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 12:20:08 -0400 Subject: [PATCH 113/207] Lint roles/nginx/templates/server.conf.j2 --- roles/nginx/templates/server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index e6413c10c..0272a27f8 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -19,7 +19,7 @@ server { fastcgi_param SCRIPT_NAME $fastcgi_script_name; include fastcgi_params; } - + location /cgi-bin { root /usr/lib; } From 39a3d67256f5150b30474abd1fe3a1b145af9ba8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 12:34:21 -0400 Subject: [PATCH 114/207] Clarify byte-range fix in roles/nginx/templates/nginx.conf.j2 --- roles/nginx/templates/nginx.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index 758491059..a3835e32f 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -82,6 +82,8 @@ http { # 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple # and LG devices: https://github.com/learningequality/kolibri/issues/8164 # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges + # This should help all roles! RECAP: when unproxied, Kolibri videos worked + # (http://box:8009/kolibri/) but not when proxied (http://box/kolibri/). proxy_force_ranges on; ## From be21d4949189fa44ad8fab57bf8ef84fe67c44fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 14:25:31 -0400 Subject: [PATCH 115/207] mediawiki/defaults/main.yml: 1.36.0 -> 1.36.1 --- roles/mediawiki/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index 1892d9259..21ebdcf20 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! mediawiki_major_version: 1.36 # "1.35" also works -mediawiki_minor_version: 0 +mediawiki_minor_version: 1 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" From 84df549de4d81dc8675f0f8cf320f0809ec51f6d Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 22 Jun 2021 14:45:04 -0400 Subject: [PATCH 116/207] Update roles/kolibri/README.rst --- roles/kolibri/README.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 9b4afdb23..5b65733b5 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -44,13 +44,15 @@ Troubleshooting This unproxied version of Kolibri can sometimes help: http://box:8009/kolibri/ -You can run the server manually with the following commands:: +You can run Kolibri manually with commands like:: systemctl stop kolibri # Make sure the systemd service is not running export KOLIBRI_HOME=/library/kolibri export KOLIBRI_HTTP_PORT=8009 # Otherwise Kolibri will try to run on default port 8080 kolibri start +...while you look over Kolibri's systemd unit file (`/etc/systemd/system/kolibri.service `_) for the latest parameters! + To return to using the systemd unit file:: kolibri stop From ba7f844cb20c10ee27dca4b53e968cdf34d25671 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 07:18:16 -0400 Subject: [PATCH 117/207] Update README.rst --- roles/kolibri/README.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 5b65733b5..8de788619 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -26,11 +26,11 @@ Automatic Device Provisioning When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml `_) the installation will set up the following defaults:: - Kolibri Facility name: 'Kolibri-in-a-Box' - Kolibri Preset type: formal # Options: formal, nonformal, informal - Kolibri default language: en # Options: ar, bn-bd, en, es-es, fa, fr-fr, hi-in, mr, nyn, pt-br, sw-tz, ta, te, ur-pk, yo, zu - Kolibri Admin username: Admin - Kolibri Admin password: changeme + kolibri_facility: Kolibri-in-a-Box + kolibri_language: en # Options: see KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py + kolibri_preset: formal # Options: formal, nonformal, informal + kolibri_admin_user: Admin + kolibri_admin_password: changeme *Feel free to override any of the above, by copying the relevant line from /opt/iiab/iiab/roles/kolibri/defaults/main.yml to /etc/iiab/local_vars.yml (then run 'cd /opt/iiab/iiab' followed by './runrole kolibri' per IIAB's general guidelines at http://FAQ.IIAB.IO).* From 73ea7e8b1c1e812075e98887d8069093d310c5f0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 07:26:29 -0400 Subject: [PATCH 118/207] kolibri/defaults/main.yml: Clarify Kolibri's evolving language support --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 0214c66bb..89044ef73 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -1,7 +1,7 @@ # kolibri_install: False # kolibri_enabled: False -# kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +# kolibri_language: en # Options: see KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py # kolibri_http_port: 8009 From 2a14df29067c06815750731184464fe56f7caa0c Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 07:32:10 -0400 Subject: [PATCH 119/207] defaults_vars.yml: Clarify Kolibri's evolving language support --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1dbf64a07..e2ae12e56 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -458,7 +458,7 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +kolibri_language: en # Options: see KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py kolibri_http_port: 8009 # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From bc7b4414609f45803e74f71640a90d1a69c5498b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 07:49:14 -0400 Subject: [PATCH 120/207] local_vars_big.yml: Update kolibri_language options --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index ddd5300b8..07e95bab0 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -309,7 +309,7 @@ kalite_enabled: True kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True From 30048b16e793a65608b6c7c122bf37c29b7346ac Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 07:52:13 -0400 Subject: [PATCH 121/207] local_vars_medium.yml: Update kolibri_language options --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f46d6739a..f91481e2c 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -309,7 +309,7 @@ kalite_enabled: True kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True From dcef555f5aed5c37f5897752e54bb81e12b6df5b Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 07:54:28 -0400 Subject: [PATCH 122/207] local_vars_min.yml: Update kolibri_language options --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index f9e12113b..13a0284ca 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -309,7 +309,7 @@ kalite_enabled: True kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu +kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True From 9123ef26f54ab946a5cf742bab13331b9a94c157 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 08:06:41 -0400 Subject: [PATCH 123/207] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e2ae12e56..e6228bf5d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -458,7 +458,7 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite kolibri_install: False kolibri_enabled: False -kolibri_language: en # Options: see KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py kolibri_http_port: 8009 # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console From c8bbd1b3cf1b5bc9fd0f37dd2d1be5db1aff0ef3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 08:07:51 -0400 Subject: [PATCH 124/207] kolibri/defaults/main.yml: Tighten up comment --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 89044ef73..4ee85c631 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -1,7 +1,7 @@ # kolibri_install: False # kolibri_enabled: False -# kolibri_language: en # Options: see KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py +# kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py # kolibri_http_port: 8009 From 8f3ff85b7201cceeb1ac04ecca2636014aeec92e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 23 Jun 2021 08:11:32 -0400 Subject: [PATCH 125/207] Update roles/kolibri/README.rst --- roles/kolibri/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 8de788619..1c270711d 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -27,8 +27,8 @@ Automatic Device Provisioning When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml `_) the installation will set up the following defaults:: kolibri_facility: Kolibri-in-a-Box - kolibri_language: en # Options: see KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py - kolibri_preset: formal # Options: formal, nonformal, informal + kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py + kolibri_preset: formal # formal, nonformal, informal kolibri_admin_user: Admin kolibri_admin_password: changeme From e381691062eb0671278516e41c18e015dd836c6d Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 13:59:29 -0400 Subject: [PATCH 126/207] www_base/tasks/main.yml experiment: don't install php{{ php_version }}-xmlrpc if PHP 8+ --- roles/www_base/tasks/main.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 6d47379e9..6e5b48834 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,7 +1,7 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: 'Install ~10 PHP packages (debuntu)' +- name: Install 9 PHP packages package: name: # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC @@ -15,9 +15,14 @@ - php-pear # - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461. - php{{ php_version }}-xml # Was below - - php{{ php_version }}-xmlrpc + #- php{{ php_version }}-xmlrpc # 2021-06-25: Experimentally moved just below, to figure out if/where IIAB still needs this with PHP 8.0+ state: present - when: is_debuntu + +- name: Install php{{ php_version }}-xmlrpc if PHP < 8.0 + package: + name: php{{ php_version }}-xmlrpc + state: present + when: php_version is version('8.0', '<') - name: Using html.yml include_tasks: html.yml From bcd653ac5ea52999327e9e3fec184c44ba8af932 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 14:14:32 -0400 Subject: [PATCH 127/207] PHP tip in www_base/tasks/main.yml --- roles/www_base/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 6e5b48834..5b9d5c4ec 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,7 +1,7 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: Install 9 PHP packages +- name: Install 9 PHP packages (run 'php -m' to verify) package: name: # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC From 396584fd201b34e21a843a5ce31a59b4248081fb Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 14:19:31 -0400 Subject: [PATCH 128/207] www_base/tasks/main.yml: Clarify PHP packages --- roles/www_base/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 5b9d5c4ec..b0e9b35c6 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -4,18 +4,18 @@ - name: Install 9 PHP packages (run 'php -m' to verify) package: name: - # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC + # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec? - php{{ php_version }}-curl - - php{{ php_version }}-gd + - php{{ php_version }}-gd # nextcloud/tasks/install.yml needs this! - php{{ php_version }}-imap - php{{ php_version }}-ldap - php{{ php_version }}-mysql - php{{ php_version }}-odbc - php-pear # - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461. - - php{{ php_version }}-xml # Was below - #- php{{ php_version }}-xmlrpc # 2021-06-25: Experimentally moved just below, to figure out if/where IIAB still needs this with PHP 8.0+ + - php{{ php_version }}-xml # nextcloud/tasks/install.yml needs this! + #- php{{ php_version }}-xmlrpc # 2021-06-25: Experimentally moved just below, to figure out if/where IIAB still needs this with PHP 8.0+ state: present - name: Install php{{ php_version }}-xmlrpc if PHP < 8.0 From 557d637b5da5c487fd315ae16241e4f79bd61ed6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 14:21:03 -0400 Subject: [PATCH 129/207] nextcloud/tasks/install.yml: Ongoing prep for PHP 8.0+ --- roles/nextcloud/tasks/install.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 5cb341aae..98b182086 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -43,7 +43,7 @@ # https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- name: Install ffmpeg + libxml2 + 13 php packages +- name: Install ffmpeg + libxml2 + 9 PHP packages (run 'php -m' to verify) package: name: #- dnsutils # NOT REQUESTED by Nextcloud @@ -52,13 +52,13 @@ #- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED? - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" - php{{ php_version }}-bz2 # Optional (for extraction of apps) - - php{{ php_version }}-cli # Likely optional? @jvonau says this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 + #- php{{ php_version }}-cli # Likely optional: @jvonau said this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 ? Certainly php{{ php_version }}-common is already installed by www_base/tasks/main.yml - php{{ php_version }}-curl - - php{{ php_version }}-gd + #- php{{ php_version }}-gd # Already installed by www_base/tasks/main.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) - php{{ php_version }}-imagick # Optional (for preview generation) - php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters) - - php{{ php_version }}-json + #- php{{ php_version }}-json # Part of PHP 8.0+ core, so MOVED to stanza just below. #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) - php{{ php_version }}-mbstring - php{{ php_version }}-mysql @@ -67,11 +67,17 @@ #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - - php{{ php_version }}-xml # NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) + #- php{{ php_version }}-xml # Already installed by www_base/tasks/main.yml. NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) - php{{ php_version }}-zip #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? state: present +- name: Install php{{ php_version }}-json if PHP < 8.0 + package: + name: php{{ php_version }}-json + state: present + when: php_version is version('8.0', '<') + # https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation #- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020) # package: From a3ecbece1cf575562af702781ee45f0585cb83b5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 14:40:35 -0400 Subject: [PATCH 130/207] moodle/tasks/install.yml: PHP pkg installs --- roles/moodle/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 2e3d40638..1267e01f0 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -25,15 +25,15 @@ name: postgresql -- name: Install 8 php packages (debuntu) +- name: Install 7 PHP packages (debuntu) package: name: - php{{ php_version }}-pgsql - php{{ php_version }}-curl - php{{ php_version }}-zip - - php{{ php_version }}-gd + #- php{{ php_version }}-gd # 2021-06-25: Already installed by www_base/tasks/main.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ - - php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. + - php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ #- php-sodium # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"' From cf3453e42f4bab4cba2d11ffb9b2992c6164a44a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 14:56:59 -0400 Subject: [PATCH 131/207] moodle/tasks/install.yml: Clarify 7 PHP packages --- roles/moodle/tasks/install.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 1267e01f0..20edc61eb 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -25,7 +25,7 @@ name: postgresql -- name: Install 7 PHP packages (debuntu) +- name: Install 7 PHP packages (run 'php -m' to verify) package: name: - php{{ php_version }}-pgsql @@ -38,7 +38,6 @@ - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ #- php-sodium # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"' state: present - when: is_debuntu - name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) stat: From cbbcfe62c833d8f678d0d036302747cfc3e62e9f Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 15:35:39 -0400 Subject: [PATCH 132/207] www_base/tasks/main.yml: Clarify PHP pkg's w/ Nextcloud & Moodle --- roles/www_base/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index b0e9b35c6..11c27185d 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -6,8 +6,8 @@ name: # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec? - - php{{ php_version }}-curl - - php{{ php_version }}-gd # nextcloud/tasks/install.yml needs this! + - php{{ php_version }}-curl # nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! + - php{{ php_version }}-gd # nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! - php{{ php_version }}-imap - php{{ php_version }}-ldap - php{{ php_version }}-mysql From 7dcd2adb737669b2f92008ae61e1ebd2424ad89a Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 15:37:56 -0400 Subject: [PATCH 133/207] nextcloud/tasks/install.yml: Clarify PHP packages --- roles/nextcloud/tasks/install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 98b182086..b809ba581 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -43,7 +43,7 @@ # https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- name: Install ffmpeg + libxml2 + 9 PHP packages (run 'php -m' to verify) +- name: Install ffmpeg + libxml2 + 8 PHP packages (run 'php -m' to verify) package: name: #- dnsutils # NOT REQUESTED by Nextcloud @@ -53,8 +53,8 @@ - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" - php{{ php_version }}-bz2 # Optional (for extraction of apps) #- php{{ php_version }}-cli # Likely optional: @jvonau said this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 ? Certainly php{{ php_version }}-common is already installed by www_base/tasks/main.yml - - php{{ php_version }}-curl - #- php{{ php_version }}-gd # Already installed by www_base/tasks/main.yml + #- php{{ php_version }}-curl # ALREADY INSTALLED by www_base/tasks/main.yml + #- php{{ php_version }}-gd # ALREADY INSTALLED by www_base/tasks/main.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) - php{{ php_version }}-imagick # Optional (for preview generation) - php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters) @@ -67,7 +67,7 @@ #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - #- php{{ php_version }}-xml # Already installed by www_base/tasks/main.yml. NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) + #- php{{ php_version }}-xml # ALREADY INSTALLED by www_base/tasks/main.yml. NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) - php{{ php_version }}-zip #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? state: present From 1ba46c21d09662f7f1de2305a8e0b70eecfd61b0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 25 Jun 2021 15:39:35 -0400 Subject: [PATCH 134/207] moodle/tasks/install.yml: Clarify PHP packages --- roles/moodle/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 20edc61eb..556683b0e 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -25,13 +25,13 @@ name: postgresql -- name: Install 7 PHP packages (run 'php -m' to verify) +- name: Install 6 PHP packages (run 'php -m' to verify) package: name: - php{{ php_version }}-pgsql - - php{{ php_version }}-curl + #- php{{ php_version }}-curl # 2021-06-25: ALREADY INSTALLED by www_base/tasks/main.yml - php{{ php_version }}-zip - #- php{{ php_version }}-gd # 2021-06-25: Already installed by www_base/tasks/main.yml + #- php{{ php_version }}-gd # 2021-06-25: ALREADY INSTALLED by www_base/tasks/main.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ - php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ From 1cb924cf73f6e09832755acd892ff455e60470eb Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 26 Jun 2021 00:37:28 -0400 Subject: [PATCH 135/207] www_base/tasks/main.yml: Clarify php{{ php_version }}-xml (might benefit Nextcloud) --- roles/www_base/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 11c27185d..56c8e2710 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -5,16 +5,16 @@ package: name: # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - - php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec? - - php{{ php_version }}-curl # nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! - - php{{ php_version }}-gd # nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! + - php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache that was above. Or its superset php{{ php_version }}-cli if absolutely nec? + - php{{ php_version }}-curl # 2021-06-25: nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! + - php{{ php_version }}-gd # 2021-06-25: nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! - php{{ php_version }}-imap - php{{ php_version }}-ldap - php{{ php_version }}-mysql - php{{ php_version }}-odbc - php-pear # - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461. - - php{{ php_version }}-xml # nextcloud/tasks/install.yml needs this! + - php{{ php_version }}-xml # 2021-06-25: nextcloud/tasks/install.yml used to install this (and might still benefit!) #- php{{ php_version }}-xmlrpc # 2021-06-25: Experimentally moved just below, to figure out if/where IIAB still needs this with PHP 8.0+ state: present From ca29e5e68075d7b220fb25bef96372d37883c2d9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 26 Jun 2021 00:58:03 -0400 Subject: [PATCH 136/207] www_base/tasks/main.yml: Note 'php -m' & 'php -i' --- roles/www_base/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 56c8e2710..2d8a22f13 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,7 +1,7 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: Install 9 PHP packages (run 'php -m' to verify) +- name: Install 9 PHP packages (run 'php -m' or 'php -i' to verify) package: name: # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC From 163ff932e7816e8b8db832dc6f90e61c07e1d0e2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 26 Jun 2021 00:59:19 -0400 Subject: [PATCH 137/207] nextcloud/tasks/install.yml: Note 'php -m' & 'php -i' --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index b809ba581..b7e8c17ea 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -43,7 +43,7 @@ # https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- name: Install ffmpeg + libxml2 + 8 PHP packages (run 'php -m' to verify) +- name: Install ffmpeg + libxml2 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: #- dnsutils # NOT REQUESTED by Nextcloud From 1493005d635bdce61e7903b672aa5cb2e939d557 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 26 Jun 2021 01:00:19 -0400 Subject: [PATCH 138/207] moodle/tasks/install.yml: Note 'php -m' & 'php -i' --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 556683b0e..0d7a29d93 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -25,7 +25,7 @@ name: postgresql -- name: Install 6 PHP packages (run 'php -m' to verify) +- name: Install 6 PHP packages (run 'php -m' or 'php -i' to verify) package: name: - php{{ php_version }}-pgsql From 468836d51ea5ee84e94bf203dd0a599ada551c19 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Jun 2021 16:01:53 -0400 Subject: [PATCH 139/207] Cleanup of PHP 7.x & 8.0 dependencies --- roles/1-prep/README.rst | 13 ++++++-- roles/3-base-server/README.rst | 4 +-- roles/3-base-server/tasks/main.yml | 2 +- roles/httpd/tasks/install.yml | 5 ++- roles/mediawiki/tasks/install.yml | 6 ++-- roles/moodle/tasks/install.yml | 17 +++++----- roles/mysql/tasks/install.yml | 5 +-- roles/nextcloud/tasks/install.yml | 31 ++++++++++-------- roles/nextcloud/tasks/nginx.yml | 2 +- roles/nginx/tasks/install.yml | 6 ++-- roles/osm-vector-maps/tasks/install.yml | 3 +- roles/pbx/tasks/freepbx_dependencies.yml | 41 +++++++++++++++--------- roles/www_base/tasks/main.yml | 40 +++++++++++------------ roles/www_options/tasks/main.yml | 4 +-- 14 files changed, 102 insertions(+), 77 deletions(-) diff --git a/roles/1-prep/README.rst b/roles/1-prep/README.rst index e6dec28f7..c0197797a 100644 --- a/roles/1-prep/README.rst +++ b/roles/1-prep/README.rst @@ -2,7 +2,14 @@ 1-prep README ============= -This 1st stage is primarily hardware-focused, prior to OS additions/mods. +This 1st stage is primarily hardware-focused, prior to OS +additions/mods, but also includes critical pieces sometimes needed for +remote support: -Traditionally it included preliminaries like hostname and things specific to a -particular platform, such as the XO laptop, done before the bulk of the install. +- SSH +- Administrator security (username iiab-admin by default) +- OpenVPN software if/as needed later for remote support + +Traditionally it included preliminaries like hostname and things +specific to a particular platform, such as the XO laptop, done before +the bulk of the install. diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 4c8afe1c9..7fbea8b2b 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -4,9 +4,9 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, including: -- the web server (Apache for now, possibly NGINX in future) -- administrator security (username iiab-admin by default) - MySQL (the database underlying many/most user-facing apps) +- NGINX web server (with Apache in some lingering cases) +- *PHP core packages are installed by the above 2 roles e.g. ``php{{ php_version }}-common``, ``php{{ php_version }}-cli``, ``php{{ php_version }}-fpm``, ``php{{ php_version }}-mysql``* 4-server-options follows with more diverse/optional server infra functionality. diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index b95c0c40b..8d8453233 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,7 +3,7 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: MYSQL +- name: MYSQL + PHP CORE include_role: name: mysql #when: mysql_install diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index d0ccbb079..04df3f7bf 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -1,14 +1,13 @@ -- name: 'Install 4 packages: apache2, libapache2-mod-php{{ php_version }}, php{{ php_version }}, php{{ php_version }}-curl' +- name: 'Install 2 packages: {{ apache_service }}, libapache2-mod-php{{ php_version }}' package: #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings) #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS? name: - "{{ apache_service }}" # apache2 on Debuntu - - "libapache2-mod-php{{ php_version }}" # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" + - libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" # - "php{{ php_version }}" # - "php{{ php_version }}-curl" state: present - when: is_debuntu # when: is_debian # - name: 'Install 2 packages: apache2, php (ubuntu)' diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 7ad520fce..26efe977b 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,8 +1,10 @@ - name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring' package: name: - - "php{{ php_version }}-intl" - - "php{{ php_version }}-mbstring" + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-intl + - php{{ php_version }}-mbstring + - php{{ php_version }}-xml # state: present - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }} diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 0d7a29d93..ace7dcde6 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -25,18 +25,19 @@ name: postgresql -- name: Install 6 PHP packages (run 'php -m' or 'php -i' to verify) +- name: Install libsodium23 + 7 PHP packages (run 'php -m' or 'php -i' to verify) package: name: - - php{{ php_version }}-pgsql - #- php{{ php_version }}-curl # 2021-06-25: ALREADY INSTALLED by www_base/tasks/main.yml - - php{{ php_version }}-zip - #- php{{ php_version }}-gd # 2021-06-25: ALREADY INSTALLED by www_base/tasks/main.yml - - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ - - php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common + #- php{{ php_version }}-common # Auto-installed as an apt dependency + #- php{{ php_version }}-cli # 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common + - php{{ php_version }}-curl # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml + - php{{ php_version }}-gd # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ + - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ + - php{{ php_version }}-pgsql - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - #- php-sodium # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"' + - libsodium23 # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- this can be auto-installed by phpX.Y-fpm or phpX.Y-cgi or phpX.Y-cli, according to 'apt rdepends libsodium23 | grep php' -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- GIVEN THE AMBIGUITY, PLEASE VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' + - php{{ php_version }}-zip # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml state: present - name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 5b4d3bc34..1b28b59d4 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -5,13 +5,14 @@ # - 7 DB config # - 2 record as installed -- name: 'Install MySQL packages: mariadb-server, mariadb-client (debuntu)' +- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql' package: name: - mariadb-server - mariadb-client + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-mysql state: present - when: is_debuntu # 2020-07-11: # 10 PHP package installs moved to roles/www_base/tasks/main.yml diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index b7e8c17ea..c09bbb67a 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -40,10 +40,11 @@ # var: php_new -# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -- name: Install ffmpeg + libxml2 + 8 PHP packages (run 'php -m' or 'php -i' to verify) +# 2021-06-27: Use this after Nextcloud 22 is released "2021-07-06" : +# https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: #- dnsutils # NOT REQUESTED by Nextcloud @@ -52,13 +53,13 @@ #- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED? - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" - php{{ php_version }}-bz2 # Optional (for extraction of apps) - #- php{{ php_version }}-cli # Likely optional: @jvonau said this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 ? Certainly php{{ php_version }}-common is already installed by www_base/tasks/main.yml - #- php{{ php_version }}-curl # ALREADY INSTALLED by www_base/tasks/main.yml - #- php{{ php_version }}-gd # ALREADY INSTALLED by www_base/tasks/main.yml + #- php{{ php_version }}-common # Auto-installed as an apt dependency. @jvonau said php{{ php_version }}-cli drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 + - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml + - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) - - php{{ php_version }}-imagick # Optional (for preview generation) + - php-imagick # Optional (for preview generation). Drags in many deps (apt depends php-imagick). FYI php{{ php_version }}-imagick appears flawed: (1) 'apt depends php7.4-imagick' yields incomplete output; (2) Version-in-name package not available according to 'apt list "php*imagick"' - php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters) - #- php{{ php_version }}-json # Part of PHP 8.0+ core, so MOVED to stanza just below. + #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) - php{{ php_version }}-mbstring - php{{ php_version }}-mysql @@ -67,16 +68,20 @@ #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - #- php{{ php_version }}-xml # ALREADY INSTALLED by www_base/tasks/main.yml. NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) + - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml -- NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) + #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove - php{{ php_version }}-zip #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? state: present -- name: Install php{{ php_version }}-json if PHP < 8.0 - package: - name: php{{ php_version }}-json - state: present - when: php_version is version('8.0', '<') +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: Auto-installed by phpX.Y-fpm AND phpX.Y-cli in roles/3-base-server, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') # https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation #- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020) diff --git a/roles/nextcloud/tasks/nginx.yml b/roles/nextcloud/tasks/nginx.yml index 47a8868ed..a132b3249 100644 --- a/roles/nextcloud/tasks/nginx.yml +++ b/roles/nextcloud/tasks/nginx.yml @@ -16,4 +16,4 @@ state: restarted with_items: - nginx - - "php{{ php_version }}-fpm" + - php{{ php_version }}-fpm diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 3af0e435b..f06d0b8aa 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -5,12 +5,14 @@ ignore_errors: yes # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 -- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php-fpm, uwsgi, uwsgi-plugin-python3' +- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3 -- TEMPORARILY ALSO php-pear UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19' package: name: - libnginx-mod-http-subs-filter - nginx-extras - - php-fpm + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-fpm # Drags in php{{ php_version }}-cli + - php-pear # 2021-06-27: TEMPORARY, SEE 7 LINES ABOVE! - uwsgi - uwsgi-plugin-python3 state: present diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 132c3b189..4d6440081 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -175,7 +175,8 @@ state: present name: - python3-wget - - "php{{ php_version }}-sqlite3" + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-sqlite3 - python3-geojson - python3-pil diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index 52c7783ed..2a69e210b 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -8,23 +8,32 @@ - net-tools # required by FWConsole (command-line utility, that controls FreePBX) - cron # required by FreePBX UCP package (User Control Panel) - sox # required for CDR web-playback - - php + #- php{{ php_version }} # Drags in phpX.Y-cgi (already below!) + - php{{ php_version }}-bcmath + - php{{ php_version }}-cgi + #- php{{ php_version }}-common # Auto-installed as a dependency + - php{{ php_version }}-curl + - php{{ php_version }}-fpm + - php{{ php_version }}-gd + - php{{ php_version }}-imap + #- php{{ php_version }}-json # See stanza just below + #- php{{ php_version }}-gettext + - php{{ php_version }}-mbstring + - php{{ php_version }}-mysql - php-pear - - php-cgi - - php-common - - php-curl - - php-mbstring - - php-gd - - php-mysql -# - php-gettext - - php-bcmath - - php-zip - - php-xml - - php-imap - - php-json - - php-snmp - - php-fpm + - php{{ php_version }}-snmp + - php{{ php_version }}-xml + - php{{ php_version }}-zip - libapache2-mod-php -# - python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 + #- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 - libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user state: latest + +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: Auto-installed by phpX.Y-fpm AND phpX.Y-cli in roles/3-base-server, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 2d8a22f13..f911cd0c0 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,28 +1,26 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -- name: Install 9 PHP packages (run 'php -m' or 'php -i' to verify) - package: - name: - # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - - php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache that was above. Or its superset php{{ php_version }}-cli if absolutely nec? - - php{{ php_version }}-curl # 2021-06-25: nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! - - php{{ php_version }}-gd # 2021-06-25: nextcloud/tasks/install.yml & moodle/tasks/main.yml need this! - - php{{ php_version }}-imap - - php{{ php_version }}-ldap - - php{{ php_version }}-mysql - - php{{ php_version }}-odbc - - php-pear +# 2021-06-27: Antifragile roles can become less brittle by fully declaring +# their own dependencies (i.e. modularity, separation-of-concerns, +# encapsulation, compartmentalization, scope sanity, etc). +# +#- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify) +# package: +# name: + # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC + #- php{{ php_version }}-common # 2021-06-27: Experimentally remove. 2020-05-21: @jvonau suggests this to avoid Apache that was above. Or its superset php{{ php_version }}-cli if absolutely nec? + #- php{{ php_version }}-curl # 2021-06-27: Installed by nextcloud/tasks/install.yml & moodle/tasks/main.yml + #- php{{ php_version }}-gd # 2021-06-27: Installed by nextcloud/tasks/install.yml & moodle/tasks/main.yml + #- php{{ php_version }}-imap # 2021-06-27: Experimentally remove + #- php{{ php_version }}-ldap # 2021-06-27: Experimentally remove + #- php{{ php_version }}-mysql # 2021-06-27: Experimentally remove + #- php{{ php_version }}-odbc # 2021-06-27: Experimentally remove + #- php-pear # 2021-06-27: Experimentally remove # - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461. - - php{{ php_version }}-xml # 2021-06-25: nextcloud/tasks/install.yml used to install this (and might still benefit!) - #- php{{ php_version }}-xmlrpc # 2021-06-25: Experimentally moved just below, to figure out if/where IIAB still needs this with PHP 8.0+ - state: present - -- name: Install php{{ php_version }}-xmlrpc if PHP < 8.0 - package: - name: php{{ php_version }}-xmlrpc - state: present - when: php_version is version('8.0', '<') + #- php{{ php_version }}-xml # 2021-06-27: Installed by nextcloud/tasks/install.yml + #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove +# state: present - name: Using html.yml include_tasks: html.yml diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 7b4909b08..6ec8f61e4 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -54,7 +54,7 @@ - block: # 3-STANZA BLOCK BEGINS - # FYI roles/nginx has already installed package php-fpm, in 3-base-server + # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: @@ -95,7 +95,7 @@ - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: - name: "php{{ php_version }}-fpm" + name: php{{ php_version }}-fpm state: restarted when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 3-STANZA BLOCK ENDS From 55b37890cac425a142e9dbe0f6bc64f94ad74919 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Jun 2021 16:26:25 -0400 Subject: [PATCH 140/207] Refine roles/3-base-server/README.rst --- roles/3-base-server/README.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 7fbea8b2b..70b825196 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -4,10 +4,14 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, including: -- MySQL (the database underlying many/most user-facing apps) +- MySQL (database underlying many/most user-facing apps) - NGINX web server (with Apache in some lingering cases) -- *PHP core packages are installed by the above 2 roles e.g. ``php{{ php_version }}-common``, ``php{{ php_version }}-cli``, ``php{{ php_version }}-fpm``, ``php{{ php_version }}-mysql``* +- *A few core PHP packages are also installed by the above 2 roles, e.g.* + - php{{ php_version }}-common + - php{{ php_version }}-cli + - php{{ php_version }}-fpm + - php{{ php_version }}-mysql -4-server-options follows with more diverse/optional server infra functionality. +As with 2-common, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing. -As in the case of 2-common, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing. +The next stage (4-server-options) brings more diverse/optional server infra functionality. From 815ea55ee4f418746da85710ee6a917e7d3e34e6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Jun 2021 16:43:19 -0400 Subject: [PATCH 141/207] Clarify 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 8d8453233..c364ef6b3 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,7 +3,7 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: MYSQL + PHP CORE +- name: MYSQL + CORE PHP include_role: name: mysql #when: mysql_install @@ -19,7 +19,7 @@ # # SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: NGINX +- name: NGINX + CORE PHP include_role: name: nginx #when: nginx_install From f31677673f047e815924a7d1aab914400d9f04f2 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Jun 2021 17:58:44 -0400 Subject: [PATCH 142/207] Document PHP dependency modularity across roles --- roles/mediawiki/tasks/install.yml | 10 +++++----- roles/moodle/tasks/install.yml | 15 ++++++++------- roles/nextcloud/tasks/install.yml | 16 ++++++++-------- roles/pbx/tasks/freepbx_dependencies.yml | 24 ++++++++++++------------ roles/www_base/tasks/main.yml | 24 ++++++++++++------------ 5 files changed, 45 insertions(+), 44 deletions(-) diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 26efe977b..cc642bed7 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,10 +1,10 @@ -- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring' +- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml' package: name: - #- php{{ php_version }}-common # Auto-installed as an apt dependency - - php{{ php_version }}-intl - - php{{ php_version }}-mbstring - - php{{ php_version }}-xml # + #- php{{ php_version }}-common # Auto-installed as an apt dependency + - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml + - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml state: present - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }} diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index ace7dcde6..988b9e81d 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -28,16 +28,17 @@ - name: Install libsodium23 + 7 PHP packages (run 'php -m' or 'php -i' to verify) package: name: + - libsodium23 # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- this can be auto-installed by phpX.Y-fpm or phpX.Y-cgi or phpX.Y-cli, according to 'apt rdepends libsodium23 | grep php' -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- GIVEN THE AMBIGUITY, PLEASE VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' #- php{{ php_version }}-common # Auto-installed as an apt dependency #- php{{ php_version }}-cli # 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common - - php{{ php_version }}-curl # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml - - php{{ php_version }}-gd # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml - - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ - - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ - - php{{ php_version }}-pgsql + - php{{ php_version }}-curl # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-gd # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-intl # 2020-12-03: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- required by Moodle 3.10+ + - php{{ php_version }}-mbstring # 2020-06-15: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- required by Moodle 3.9+ + - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - - libsodium23 # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- this can be auto-installed by phpX.Y-fpm or phpX.Y-cgi or phpX.Y-cli, according to 'apt rdepends libsodium23 | grep php' -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- GIVEN THE AMBIGUITY, PLEASE VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' - - php{{ php_version }}-zip # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml + #- php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc + - php{{ php_version }}-zip # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml state: present - name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index c09bbb67a..643baa3c1 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -54,23 +54,23 @@ - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" - php{{ php_version }}-bz2 # Optional (for extraction of apps) #- php{{ php_version }}-common # Auto-installed as an apt dependency. @jvonau said php{{ php_version }}-cli drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 - - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml - - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml + - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) - php-imagick # Optional (for preview generation). Drags in many deps (apt depends php-imagick). FYI php{{ php_version }}-imagick appears flawed: (1) 'apt depends php7.4-imagick' yields incomplete output; (2) Version-in-name package not available according to 'apt list "php*imagick"' - - php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters) + - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND mediawiki/tasks/install.yml -- Optional (increases language translation performance and fixes sorting of non-ASCII characters) #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) - - php{{ php_version }}-mbstring - - php{{ php_version }}-mysql + - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-mysql # Likewise installed by mysql/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml #- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT? - #- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php-mysql handles this on all OS's? + #- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's? #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml -- NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) + - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove - - php{{ php_version }}-zip + - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? state: present diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index 2a69e210b..70210db94 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -2,28 +2,28 @@ package: name: - wget - - git + - git - unixodbc # for Asterisk CDR (Call Detail Records) - sudo # required by FreePBX install script - net-tools # required by FWConsole (command-line utility, that controls FreePBX) - cron # required by FreePBX UCP package (User Control Panel) - sox # required for CDR web-playback - #- php{{ php_version }} # Drags in phpX.Y-cgi (already below!) + #- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!) - php{{ php_version }}-bcmath - php{{ php_version }}-cgi #- php{{ php_version }}-common # Auto-installed as a dependency - - php{{ php_version }}-curl - - php{{ php_version }}-fpm - - php{{ php_version }}-gd + - php{{ php_version }}-curl # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml + - php{{ php_version }}-fpm # Likewise installed by nginx/tasks/install.yml + - php{{ php_version }}-gd # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-imap - #- php{{ php_version }}-json # See stanza just below + #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-gettext - - php{{ php_version }}-mbstring - - php{{ php_version }}-mysql - - php-pear - - php{{ php_version }}-snmp - - php{{ php_version }}-xml - - php{{ php_version }}-zip + - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml + - php{{ php_version }}-mysql # Likewise installed by mysql/tasks/install.yml AND nextcloud/tasks/install.yml + - php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 + - php{{ php_version }}-snmp + - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml + - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - libapache2-mod-php #- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 - libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index f911cd0c0..1c53bfc1a 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -8,18 +8,18 @@ #- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify) # package: # name: - # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - #- php{{ php_version }}-common # 2021-06-27: Experimentally remove. 2020-05-21: @jvonau suggests this to avoid Apache that was above. Or its superset php{{ php_version }}-cli if absolutely nec? - #- php{{ php_version }}-curl # 2021-06-27: Installed by nextcloud/tasks/install.yml & moodle/tasks/main.yml - #- php{{ php_version }}-gd # 2021-06-27: Installed by nextcloud/tasks/install.yml & moodle/tasks/main.yml - #- php{{ php_version }}-imap # 2021-06-27: Experimentally remove - #- php{{ php_version }}-ldap # 2021-06-27: Experimentally remove - #- php{{ php_version }}-mysql # 2021-06-27: Experimentally remove - #- php{{ php_version }}-odbc # 2021-06-27: Experimentally remove - #- php-pear # 2021-06-27: Experimentally remove - # - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461. - #- php{{ php_version }}-xml # 2021-06-27: Installed by nextcloud/tasks/install.yml - #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove +# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC +# - php{{ php_version }}-common # 2021-06-27: Experimentally remove. 2020-05-21: @jvonau suggests this to avoid Apache that was above. Or its superset php{{ php_version }}-cli that nginx/tasks/install.yml is installing anyways :/ +# - php{{ php_version }}-curl # 2021-06-27: Installed by nextcloud/tasks/install.yml AND moodle/tasks/main.yml +# - php{{ php_version }}-gd # 2021-06-27: Installed by nextcloud/tasks/install.yml AND moodle/tasks/main.yml +# - php{{ php_version }}-imap # 2021-06-27: Installed by pbx/tasks/freepbx_dependencies.yml +# - php{{ php_version }}-ldap # 2021-06-27: Experimentally remove +# - php{{ php_version }}-mysql # 2021-06-27: Installed by mysql/tasks/install.yml +# - php{{ php_version }}-odbc # 2021-06-27: Experimentally remove +# - php-pear # 2021-06-27: REQUIRED BY ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 +# - php{{ php_version }}-sqlite3 # 2020-07-10: Installed by osm-vector-maps/tasks/install.yml as part of OSM fix PR #2464 for #2461 +# - php{{ php_version }}-xml # 2021-06-27: Installed by nextcloud/tasks/install.yml AND mediawiki/tasks/main.yml +# - php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove -- SEE EXPLANATION IN moodle/tasks/main.yml # state: present - name: Using html.yml From b22bae14815ea235dc4ff159fdbe000cd18a1a2d Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Jun 2021 18:25:49 -0400 Subject: [PATCH 143/207] Clean PHP dependency explanations --- roles/mediawiki/tasks/install.yml | 2 +- roles/moodle/tasks/install.yml | 8 ++++---- roles/mysql/tasks/install.yml | 2 +- roles/nextcloud/tasks/install.yml | 4 ++-- roles/nginx/tasks/install.yml | 6 +++--- roles/osm-vector-maps/tasks/install.yml | 2 +- roles/pbx/tasks/freepbx_dependencies.yml | 2 +- roles/www_base/tasks/main.yml | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index cc642bed7..358966f48 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,7 +1,7 @@ - name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml' package: name: - #- php{{ php_version }}-common # Auto-installed as an apt dependency + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 988b9e81d..7e42da3d3 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -29,12 +29,12 @@ package: name: - libsodium23 # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- this can be auto-installed by phpX.Y-fpm or phpX.Y-cgi or phpX.Y-cli, according to 'apt rdepends libsodium23 | grep php' -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- GIVEN THE AMBIGUITY, PLEASE VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' - #- php{{ php_version }}-common # Auto-installed as an apt dependency - #- php{{ php_version }}-cli # 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + #- php{{ php_version }}-cli # 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common. REGARDLESS: this is installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-curl # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gd # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-intl # 2020-12-03: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- required by Moodle 3.10+ - - php{{ php_version }}-mbstring # 2020-06-15: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- required by Moodle 3.9+ + - php{{ php_version }}-intl # 2020-12-03: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- Required by Moodle 3.10+ + - php{{ php_version }}-mbstring # 2020-06-15: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- Required by Moodle 3.9+ - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ #- php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 1b28b59d4..90eabe178 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -10,7 +10,7 @@ name: - mariadb-server - mariadb-client - #- php{{ php_version }}-common # Auto-installed as an apt dependency + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-mysql state: present diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 643baa3c1..3396a8688 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -39,7 +39,7 @@ # - debug: # var: php_new - +# February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # 2021-06-27: Use this after Nextcloud 22 is released "2021-07-06" : @@ -53,7 +53,7 @@ #- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED? - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" - php{{ php_version }}-bz2 # Optional (for extraction of apps) - #- php{{ php_version }}-common # Auto-installed as an apt dependency. @jvonau said php{{ php_version }}-cli drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index f06d0b8aa..80e9bf962 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -10,9 +10,9 @@ name: - libnginx-mod-http-subs-filter - nginx-extras - #- php{{ php_version }}-common # Auto-installed as an apt dependency - - php{{ php_version }}-fpm # Drags in php{{ php_version }}-cli - - php-pear # 2021-06-27: TEMPORARY, SEE 7 LINES ABOVE! + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm just below. + - php{{ php_version }}-fpm # Drags in php{{ php_version }}-cli + - php-pear # 2021-06-27: TEMPORARY, SEE 7 LINES ABOVE! - uwsgi - uwsgi-plugin-python3 state: present diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 4d6440081..42c063746 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -175,7 +175,7 @@ state: present name: - python3-wget - #- php{{ php_version }}-common # Auto-installed as an apt dependency + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-sqlite3 - python3-geojson - python3-pil diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index 70210db94..f8ae70d20 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -11,7 +11,7 @@ #- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!) - php{{ php_version }}-bcmath - php{{ php_version }}-cgi - #- php{{ php_version }}-common # Auto-installed as a dependency + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-curl # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-fpm # Likewise installed by nginx/tasks/install.yml - php{{ php_version }}-gd # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 1c53bfc1a..acca49ac8 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -9,7 +9,7 @@ # package: # name: # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC -# - php{{ php_version }}-common # 2021-06-27: Experimentally remove. 2020-05-21: @jvonau suggests this to avoid Apache that was above. Or its superset php{{ php_version }}-cli that nginx/tasks/install.yml is installing anyways :/ +# - php{{ php_version }}-common # 2021-06-27: @jvonau suggested this (2020-05-21) to avoid Apache packages dragged in above. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml # - php{{ php_version }}-curl # 2021-06-27: Installed by nextcloud/tasks/install.yml AND moodle/tasks/main.yml # - php{{ php_version }}-gd # 2021-06-27: Installed by nextcloud/tasks/install.yml AND moodle/tasks/main.yml # - php{{ php_version }}-imap # 2021-06-27: Installed by pbx/tasks/freepbx_dependencies.yml From b3e5e2aaa91a3aafc5a57bc5595367092b9c8190 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Jun 2021 18:30:41 -0400 Subject: [PATCH 144/207] Tweak pbx/tasks/freepbx_dependencies.yml --- roles/pbx/tasks/freepbx_dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index f8ae70d20..c615a1906 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -1,4 +1,4 @@ -- name: FreePBX - Install dependencies +- name: FreePBX - Install dependencies (run 'php -m' or 'php -i' to verify PHP modules) package: name: - wget From a9e145cae9ea894956f8756e82c0470b412fa55d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Jun 2021 19:39:15 -0400 Subject: [PATCH 145/207] Link to NGINX roadmap/status in roles/3-base-server/README.rst --- roles/3-base-server/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 70b825196..5b72e8e0c 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -5,7 +5,7 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, including: - MySQL (database underlying many/most user-facing apps) -- NGINX web server (with Apache in some lingering cases) +- `NGINX `_ web server (with Apache in some lingering cases) - *A few core PHP packages are also installed by the above 2 roles, e.g.* - php{{ php_version }}-common - php{{ php_version }}-cli From 2ceb51f162a10a59823cd431bd55b4ee0d38939c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Jun 2021 19:43:22 -0400 Subject: [PATCH 146/207] nextcloud/tasks/install.yml: Explain php{{ php_version }}-xmlrpc removal --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 3396a8688..7b1aa410d 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -69,7 +69,7 @@ #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) - #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove + #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? state: present From 907b38d74f7a2a4ac54d815ce5cc844e843486f4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Jun 2021 23:15:24 -0400 Subject: [PATCH 147/207] Making roles/1-prep/README.rst approachable for newcomers --- roles/1-prep/README.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/roles/1-prep/README.rst b/roles/1-prep/README.rst index c0197797a..b8fe2d884 100644 --- a/roles/1-prep/README.rst +++ b/roles/1-prep/README.rst @@ -2,14 +2,15 @@ 1-prep README ============= -This 1st stage is primarily hardware-focused, prior to OS +This 1st stage (1-prep) is primarily hardware-focused, prior to OS additions/mods, but also includes critical pieces sometimes needed for remote support: - SSH -- Administrator security (username iiab-admin by default) +- `iiab-admin `_ username and group to log into Admin Console - OpenVPN software if/as needed later for remote support -Traditionally it included preliminaries like hostname and things -specific to a particular platform, such as the XO laptop, done before -the bulk of the install. +Traditionally 1-prep also included preliminaries like hostname and +hardware-oriented things specific to a particular platform (such as +One Laptop Per Child's XO laptop) i.e. critical setup prior to the +bulk of IIAB's software install. From cde1f85dcef1ffad7558c5a727d498475b3a24e2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Jun 2021 23:28:42 -0400 Subject: [PATCH 148/207] Clarify phpX.Y-cli as superset of phpX.Y-common (in moodle/tasks/install.yml) --- roles/moodle/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 7e42da3d3..1e1a6e778 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -29,8 +29,8 @@ package: name: - libsodium23 # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- this can be auto-installed by phpX.Y-fpm or phpX.Y-cgi or phpX.Y-cli, according to 'apt rdepends libsodium23 | grep php' -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- GIVEN THE AMBIGUITY, PLEASE VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' - #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - #- php{{ php_version }}-cli # 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. FYI php{{ php_version }}-cli is a superset of php{{ php_version }}-common. REGARDLESS: this is installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - php{{ php_version }}-curl # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gd # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-intl # 2020-12-03: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- Required by Moodle 3.10+ From b1062da2251533b93628cdf403eb4d155efdf043 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Jun 2021 23:37:02 -0400 Subject: [PATCH 149/207] nextcloud/tasks/install.yml: Readability touch-ups --- roles/nextcloud/tasks/install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 7b1aa410d..03e9aa27e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -39,6 +39,7 @@ # - debug: # var: php_new + # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -57,7 +58,7 @@ - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) - - php-imagick # Optional (for preview generation). Drags in many deps (apt depends php-imagick). FYI php{{ php_version }}-imagick appears flawed: (1) 'apt depends php7.4-imagick' yields incomplete output; (2) Version-in-name package not available according to 'apt list "php*imagick"' + - php-imagick # Optional (for preview generation). Drags in many deps (apt depends php-imagick). FYI php{{ php_version }}-imagick appears flawed: (1) 'apt depends php7.4-imagick' yields incomplete output; (2) Version-in-name package not available according to: apt list "php*imagick" - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND mediawiki/tasks/install.yml -- Optional (increases language translation performance and fixes sorting of non-ASCII characters) #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) From 868233f2eec1688c392b6c646192d13f7641ae5e Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 27 Jun 2021 23:54:35 -0400 Subject: [PATCH 150/207] pbx/tasks/freepbx_dependencies.yml: Clarify PHP modules --- roles/pbx/tasks/freepbx_dependencies.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index c615a1906..b351a528a 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -14,10 +14,10 @@ #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-curl # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-fpm # Likewise installed by nginx/tasks/install.yml + #- php{{ php_version }}-gettext - php{{ php_version }}-gd # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-imap #- php{{ php_version }}-json # See stanza just below - #- php{{ php_version }}-gettext - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml - php{{ php_version }}-mysql # Likewise installed by mysql/tasks/install.yml AND nextcloud/tasks/install.yml - php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 @@ -30,7 +30,7 @@ state: latest # For PHP >= 8.0: phpX.Y-json is baked into PHP itself. -# For PHP < 8.0: Auto-installed by phpX.Y-fpm AND phpX.Y-cli in roles/3-base-server, as confirmed by: apt rdepends phpX.Y-json +# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json # #- name: Install php{{ php_version }}-json if PHP < 8.0 # package: From 59a0db627e658f19b0a8ecdd7afb0bfadf17220b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Jun 2021 00:01:09 -0400 Subject: [PATCH 151/207] nextcloud/tasks/install.yml: Clarify php{{ php_version }}-json --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 03e9aa27e..3fef603ba 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -76,7 +76,7 @@ state: present # For PHP >= 8.0: phpX.Y-json is baked into PHP itself. -# For PHP < 8.0: Auto-installed by phpX.Y-fpm AND phpX.Y-cli in roles/3-base-server, as confirmed by: apt rdepends phpX.Y-json +# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json # #- name: Install php{{ php_version }}-json if PHP < 8.0 # package: From ce4b60c6b6d791b17de4d5457e83371833df34e5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Jun 2021 06:27:54 -0400 Subject: [PATCH 152/207] httpd/tasks/install.yml: Comment out stale code --- roles/httpd/tasks/install.yml | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index 04df3f7bf..8ba36841e 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -5,8 +5,8 @@ name: - "{{ apache_service }}" # apache2 on Debuntu - libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -# - "php{{ php_version }}" -# - "php{{ php_version }}-curl" + #- "php{{ php_version }}" + #- "php{{ php_version }}-curl" state: present # when: is_debian @@ -38,29 +38,29 @@ # when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16) # #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18 -- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)' - package: - #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings) - #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS - name: - - httpd - - mod_authnz_external - - php - - php-curl - state: present - when: is_redhat +#- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)' +# package: +# #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings) +# #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS +# name: +# - httpd +# - mod_authnz_external +# - php +# - php-curl +# state: present +# when: is_redhat # Remove symlinks for mpm_event, replace with mpm_prefork -- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) +- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled file: path: "/etc/apache2/mods-enabled/{{ item }}" state: absent with_items: - mpm_event.conf - mpm_event.load - when: is_debuntu + #when: is_debuntu -- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu) +- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available file: src: "/etc/apache2/mods-available/{{ item }}" path: "/etc/apache2/mods-enabled/{{ item }}" @@ -68,9 +68,9 @@ with_items: - mpm_prefork.conf - mpm_prefork.load - when: is_debuntu + #when: is_debuntu -- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)' +- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)' apache2_module: name: "{{ item }}" with_items: @@ -79,16 +79,16 @@ - proxy_html - proxy_http - rewrite - when: is_debuntu + #when: is_debuntu -- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu) +- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled file: path: "{{ item }}" state: absent with_items: - /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere? - /etc/apache2/sites-enabled/000-default.conf - when: is_debuntu + #when: is_debuntu - name: Create Apache's pid dir /var/run/{{ apache_user }} file: From 2dbc8336596d736e26966c447e53b050a410249b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Jun 2021 06:38:41 -0400 Subject: [PATCH 153/207] =?UTF-8?q?More=20phpX.Y-mysql=20context=E2=80=94s?= =?UTF-8?q?tarting=20in=20mysql/tasks/install.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/mysql/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 90eabe178..aad1d7c4d 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -11,7 +11,7 @@ - mariadb-server - mariadb-client #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-mysql + - php{{ php_version }}-mysql # Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml state: present # 2020-07-11: From fc1069e9371379af26c66e4ce0164e948a84c7b7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Jun 2021 07:43:20 -0400 Subject: [PATCH 154/207] nextcloud/tasks/install.yml: Clarify Nextcloud's XML reqs --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 3fef603ba..31d6ab251 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -69,7 +69,7 @@ #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) + - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- Nextcloud' official requirements include {SimpleXML, XMLReader, XMLWriter} -- on Raspbian 'php -m | grep -i xml' in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? From 8f97a918434e7d584f4487150acab878da146ecc Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 09:32:46 -0400 Subject: [PATCH 155/207] php-pear to Stage 9 for Admin Console; further clarify PHP deps --- roles/9-local-addons/tasks/main.yml | 5 +++++ roles/httpd/tasks/install.yml | 2 +- roles/mediawiki/tasks/install.yml | 2 +- roles/moodle/tasks/install.yml | 2 +- roles/nextcloud/tasks/install.yml | 2 +- roles/nginx/tasks/install.yml | 6 ++---- roles/pbx/tasks/freepbx_dependencies.yml | 2 +- 7 files changed, 12 insertions(+), 9 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index b65585ded..8b6910f39 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -30,6 +30,11 @@ name: calibre-web when: calibreweb_install +- name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19" + package: + name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (affecting MediaWiki, Nextcloud, roles/pbx's FreePBX) AND 'php{{ php_version }}-cgi' (affecting roles/pbx's FreePBX) + state: present + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: path: "{{ iiab_env_file }}" diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index 8ba36841e..a23a1dc7b 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -4,7 +4,7 @@ #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS? name: - "{{ apache_service }}" # apache2 on Debuntu - - libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" + - libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -- 2021-06-28 FYI: this also drags in libsodium23 (likewise installed via nginx/tasks/install.yml AND moodle/tasks/install.yml) #- "php{{ php_version }}" #- "php{{ php_version }}-curl" state: present diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 358966f48..48897043f 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -4,7 +4,7 @@ #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml state: present - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }} diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 1e1a6e778..c90f6a175 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -28,7 +28,7 @@ - name: Install libsodium23 + 7 PHP packages (run 'php -m' or 'php -i' to verify) package: name: - - libsodium23 # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- this can be auto-installed by phpX.Y-fpm or phpX.Y-cgi or phpX.Y-cli, according to 'apt rdepends libsodium23 | grep php' -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- GIVEN THE AMBIGUITY, PLEASE VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' + - libsodium23 # 2021-06-28: Likewise installed by nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - php{{ php_version }}-curl # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 31d6ab251..6f30ce6ca 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -69,7 +69,7 @@ #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- Nextcloud' official requirements include {SimpleXML, XMLReader, XMLWriter} -- on Raspbian 'php -m | grep -i xml' in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 80e9bf962..39b664be4 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -5,14 +5,12 @@ ignore_errors: yes # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 -- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3 -- TEMPORARILY ALSO php-pear UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19' +- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3' package: name: - libnginx-mod-http-subs-filter - nginx-extras - #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm just below. - - php{{ php_version }}-fpm # Drags in php{{ php_version }}-cli - - php-pear # 2021-06-27: TEMPORARY, SEE 7 LINES ABOVE! + - php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed by moodle/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml) - uwsgi - uwsgi-plugin-python3 state: present diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index b351a528a..d03996743 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -22,7 +22,7 @@ - php{{ php_version }}-mysql # Likewise installed by mysql/tasks/install.yml AND nextcloud/tasks/install.yml - php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 - php{{ php_version }}-snmp - - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml + - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - libapache2-mod-php #- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 From a214a021ba0439a77846a168a92e5a274c02d1cc Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 16:30:08 +0000 Subject: [PATCH 156/207] Moodle requirement phpX.Y-xml surfaced --- roles/mediawiki/tasks/install.yml | 2 +- roles/moodle/tasks/install.yml | 5 +++++ roles/nextcloud/tasks/install.yml | 2 +- roles/pbx/tasks/freepbx_dependencies.yml | 8 ++++---- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 48897043f..b7b2468ce 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -4,7 +4,7 @@ #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml + - php{{ php_version }}-xml # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml state: present - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }} diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index c90f6a175..ad8a4d472 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -37,6 +37,7 @@ - php{{ php_version }}-mbstring # 2020-06-15: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- Required by Moodle 3.9+ - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ + - php{{ php_version }}-xml # 2021-06-28: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml #- php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc - php{{ php_version }}-zip # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml state: present @@ -138,10 +139,14 @@ path: "{{ moodle_base }}/config.php" register: config +- pause: + - name: Execute {{ moodle_base }}/moodle_installer shell: "{{ moodle_base }}/moodle_installer" when: config.stat.exists is defined and not config.stat.exists +- pause: + # 2021-02-01: Let's stick with Moodle's default (640) #- name: Make {{ moodle_base }}/config.php readable, with permission '0644' # #command: chown -R {{ apache_user }} {{ moodle_base }} diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 6f30ce6ca..f4f2c511f 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -69,7 +69,7 @@ #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - - php{{ php_version }}-xml # Likewise installed by mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + - php{{ php_version }}-xml # Likewise installed by moodle/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index d03996743..3826d4dd3 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -12,17 +12,17 @@ - php{{ php_version }}-bcmath - php{{ php_version }}-cgi #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-curl # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml + - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-fpm # Likewise installed by nginx/tasks/install.yml #- php{{ php_version }}-gettext - - php{{ php_version }}-gd # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml + - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - php{{ php_version }}-imap #- php{{ php_version }}-json # See stanza just below - - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/main.yml AND nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml + - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml - php{{ php_version }}-mysql # Likewise installed by mysql/tasks/install.yml AND nextcloud/tasks/install.yml - php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 - php{{ php_version }}-snmp - - php{{ php_version }}-xml # Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml + - php{{ php_version }}-xml # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - libapache2-mod-php #- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 From 09b82b99bb0c471f73d2a4184206226b910d27bd Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 16:40:02 +0000 Subject: [PATCH 157/207] Update moodle/tasks/install.yml --- roles/moodle/tasks/install.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index ad8a4d472..7a108149d 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -139,14 +139,10 @@ path: "{{ moodle_base }}/config.php" register: config -- pause: - - name: Execute {{ moodle_base }}/moodle_installer shell: "{{ moodle_base }}/moodle_installer" when: config.stat.exists is defined and not config.stat.exists -- pause: - # 2021-02-01: Let's stick with Moodle's default (640) #- name: Make {{ moodle_base }}/config.php readable, with permission '0644' # #command: chown -R {{ apache_user }} {{ moodle_base }} From 566c43fefd6ffd1d0e72b72ca0ac1c4d97e0ef23 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 17:13:42 +0000 Subject: [PATCH 158/207] Admin Console & captiveportal deps: uwsgi*, php-pear --- roles/9-local-addons/tasks/main.yml | 1 + roles/nginx/tasks/install.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 8b6910f39..281e2d70a 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -34,6 +34,7 @@ package: name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (affecting MediaWiki, Nextcloud, roles/pbx's FreePBX) AND 'php{{ php_version }}-cgi' (affecting roles/pbx's FreePBX) state: present + when: admin_console_install - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 39b664be4..8b2686157 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -11,8 +11,8 @@ - libnginx-mod-http-subs-filter - nginx-extras - php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed by moodle/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml) - - uwsgi - - uwsgi-plugin-python3 + - uwsgi # Admin Console & roles/captiveportal should really install + - uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these). state: present # 2020-10-16: Removed per #2560 From e31010d3273e84c18a458e38d67d95b99955bb3a Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 17:21:20 +0000 Subject: [PATCH 159/207] 9-local-addons/tasks/main.yml: Clarify php-pear's side effects --- roles/9-local-addons/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 281e2d70a..21d580016 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -32,7 +32,7 @@ - name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19" package: - name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (affecting MediaWiki, Nextcloud, roles/pbx's FreePBX) AND 'php{{ php_version }}-cgi' (affecting roles/pbx's FreePBX) + name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (also installed by MediaWiki, Nextcloud, roles/pbx's FreePBX) AND 'php{{ php_version }}-cgi' (also installed by roles/pbx's FreePBX) state: present when: admin_console_install From 28279bdbbfa5f47821c970459d6dc23b58edac3b Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 17:29:58 +0000 Subject: [PATCH 160/207] apache2/php.ini fixes for Moodle e.g. 'max_input_vars = 5000' --- roles/www_options/tasks/main.yml | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 6ec8f61e4..e3885817c 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -50,9 +50,9 @@ lxde_present.stat.exists and chromium_present.stat.exists - debug: - msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install' + msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install' -- block: # 3-STANZA BLOCK BEGINS +- block: # 5-STANZA BLOCK BEGINS # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server @@ -69,7 +69,7 @@ - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause # (to reset/restore PHP's defaults) is not necessary at this time. @@ -91,14 +91,35 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - name: Restart 'php{{ php_version }}-fpm' systemd service systemd: name: php{{ php_version }}-fpm state: restarted - when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 3-STANZA BLOCK ENDS + - name: "Enact the equivalent of 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini for Moodle 3.11+" + lineinfile: + #path: "/etc/php/{{ php_version }}/fpm/php.ini" + path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' } + when: moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + + - name: Restart {{ apache_service }} systemd service + systemd: + name: "{{ apache_service }}" + state: restarted + when: moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + + when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 5afc1a0bc2e0920d6d95f05a64bd16299c8d0854 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 17:54:24 +0000 Subject: [PATCH 161/207] php-imagick can help Nextcloud BUT... --- roles/nextcloud/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f4f2c511f..194348237 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -58,7 +58,7 @@ - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) - - php-imagick # Optional (for preview generation). Drags in many deps (apt depends php-imagick). FYI php{{ php_version }}-imagick appears flawed: (1) 'apt depends php7.4-imagick' yields incomplete output; (2) Version-in-name package not available according to: apt list "php*imagick" + - php-imagick # Optional (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND mediawiki/tasks/install.yml -- Optional (increases language translation performance and fixes sorting of non-ASCII characters) #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) From 2f47074710f877342b90b49433ec7cfcde4a787e Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 21:59:28 +0000 Subject: [PATCH 162/207] fpm/php.ini + cli/php.ini + apache2/php.ini for Moodle --- roles/moodle/tasks/install.yml | 22 +++++++++- roles/www_options/tasks/main.yml | 73 ++++++++++++++++++-------------- 2 files changed, 62 insertions(+), 33 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 7a108149d..59f971f4c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -1,9 +1,12 @@ # 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by -# www_options/tasks/main.yml#L81-L94 (as required by Moodle 3.11 with PHP 8) IF +# www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF # 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml # See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini -- which Moodle # should take advantage of soon, as it transitions from Apache to Moodle: #2785 +# 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini +# (as required by Moodle's CLI installer) AND THIRDLY below (for now, until +# Moodle's ported to NGINX!) in /etc/php/{{ php_version }}/apache2/php.ini - name: "Set 'apache_install: True' and 'apache_enabled: True'" set_fact: @@ -14,6 +17,21 @@ include_role: name: httpd +- name: "Enact the equivalent of 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini for Moodle 3.11+" + lineinfile: + path: /etc/php/{{ php_version }}/{{ apache_service }}/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/cli/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + +# Apache's restarted prior to moodle_installer below, so no need right here! + - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: @@ -139,7 +157,7 @@ path: "{{ moodle_base }}/config.php" register: config -- name: Execute {{ moodle_base }}/moodle_installer +- name: Execute {{ moodle_base }}/moodle_installer -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/{{ apache_service }}/php.ini or /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" when: config.stat.exists is defined and not config.stat.exists diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index e3885817c..99889b480 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -49,6 +49,7 @@ when: lxde_present.stat.exists and chromium_present.stat.exists + - debug: msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install' @@ -58,8 +59,7 @@ - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: - path: "/etc/php/{{ php_version }}/fpm/php.ini" - #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: @@ -68,20 +68,38 @@ - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requests 5000' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - # 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause - # (to reset/restore PHP's defaults) is not necessary at this time. + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + lineinfile: + path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - # COMPARE apache_allow_sudo further below. + # 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional + # clauses (to reset/restore PHP's defaults) are not necessary at this time. + + # 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES* + # editing /etc/php/{{ php_version }}/cli/php.ini (below) -- even though during + # regular operation it instead uses .../apache2/php.ini or .../fpm/php.ini + # + # SEE ALSO roles/moodle/tasks/install.yml WHERE SIMILAR SURGERY'S DONE TO + # /etc/php/{{ php_version }}/apache2/php.ini UNTIL MOODLE'S PORTED TO NGINX! # WARNING: This might cause excess use of RAM/disk or other resources! # The 5 first values below were chosen by @ericnitschke and @kananigit in ~2018. - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: - path: "/etc/php/{{ php_version }}/fpm/php.ini" - #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: @@ -90,7 +108,21 @@ - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } + when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install + + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + lineinfile: + path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - name: Restart 'php{{ php_version }}-fpm' systemd service @@ -98,28 +130,7 @@ name: php{{ php_version }}-fpm state: restarted - - name: "Enact the equivalent of 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini for Moodle 3.11+" - lineinfile: - #path: "/etc/php/{{ php_version }}/fpm/php.ini" - path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' } - when: moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - - name: Restart {{ apache_service }} systemd service - systemd: - name: "{{ apache_service }}" - state: restarted - when: moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS + when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below. # 'Is a "Rapid Power Off" button possible for low-electricity environments?' From 2fd1ec91aae181b9490737eeb5f20a8e48b41915 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 28 Jun 2021 18:44:53 -0400 Subject: [PATCH 163/207] Update roles/nextcloud/README.md for Nextcloud 22 (imminent) --- roles/nextcloud/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 8ef65567b..06dd8beb7 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -25,19 +25,20 @@ The Nextcloud suite is divided into three main categories: To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) -(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini: +(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini: - upload_max_filesize - post_max_size - memory_limit (Nextcloud recommends 512+ MB) - max_execution_time - max_input_time +- max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+) -Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L47-L51](../www_options/tasks/main.yml#L47-L51) +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133) -(4) If you're running Nextcloud 21+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: +(4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: -- https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml ## Using It From fd31e42e0749b46c2c4e67b9e20c8bee90ebc802 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 28 Jun 2021 22:55:35 +0000 Subject: [PATCH 164/207] local_vars.yml: Check your PHP limits --- vars/default_vars.yml | 8 ++++---- vars/local_vars_big.yml | 8 ++++---- vars/local_vars_medium.yml | 8 ++++---- vars/local_vars_min.yml | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e6228bf5d..b92be6933 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -264,11 +264,11 @@ nginx_log_dir: /var/log/nginx # # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False -# FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L94 -# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' +# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 07e95bab0..a97ecda83 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -167,11 +167,11 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False -# FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L94 -# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' +# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # See also Apache vars {default_language, language_priority} @ top of this file # diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f91481e2c..54bec6639 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -167,11 +167,11 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False -# FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L94 -# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' +# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # See also Apache vars {default_language, language_priority} @ top of this file # diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 13a0284ca..afee5a6b3 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -167,11 +167,11 @@ pi_swap_file_size: 1024 # For schools that use WordPress/Nextcloud/Moodle/PBX intensively: nginx_high_php_limits: False -# FYI: roles/www_options auto-sets these high limits if 'moodle_install: True' # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 6 SETTINGS... -# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L59-L94 -# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True' +# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 +# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini # See also Apache vars {default_language, language_priority} @ top of this file # From 0772dedb9f4ac10d4a862f8810760c90cca76e38 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 29 Jun 2021 02:46:51 -0400 Subject: [PATCH 165/207] www_base/tasks/main.yml: Explain php{{ php_version }} --- roles/www_base/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index acca49ac8..1f29b4fa1 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -8,7 +8,7 @@ #- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify) # package: # name: -# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC +# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this unfortunately forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC # - php{{ php_version }}-common # 2021-06-27: @jvonau suggested this (2020-05-21) to avoid Apache packages dragged in above. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml # - php{{ php_version }}-curl # 2021-06-27: Installed by nextcloud/tasks/install.yml AND moodle/tasks/main.yml # - php{{ php_version }}-gd # 2021-06-27: Installed by nextcloud/tasks/install.yml AND moodle/tasks/main.yml From b1a62cff5962339754ef876b09c367cb2f94eac6 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 29 Jun 2021 19:34:48 -0400 Subject: [PATCH 166/207] WordPress "Recommended" + "Optional" PHP Modules --- roles/mediawiki/tasks/install.yml | 17 ++++++++++++--- roles/moodle/tasks/install.yml | 17 ++++++++------- roles/mysql/tasks/install.yml | 2 +- roles/nextcloud/tasks/install.yml | 18 ++++++++-------- roles/pbx/tasks/freepbx_dependencies.yml | 16 +++++++------- roles/wordpress/tasks/install.yml | 27 ++++++++++++++++++++++++ 6 files changed, 68 insertions(+), 29 deletions(-) diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index b7b2468ce..2efb79990 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -1,12 +1,23 @@ +# https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP - name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml' package: name: #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-xml # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml + - php{{ php_version }}-intl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + #- php{{ php_version }}-json # See stanza just below + - php{{ php_version }}-mbstring # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-xml # 2021-06-27 REQUIRED despite it being missing from MediaWiki's doc! Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml state: present +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') + - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }} get_url: url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}" diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 59f971f4c..4bbd6cd20 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -43,21 +43,22 @@ name: postgresql -- name: Install libsodium23 + 7 PHP packages (run 'php -m' or 'php -i' to verify) +# https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries +- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: - - libsodium23 # 2021-06-28: Likewise installed by nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' + - libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - - php{{ php_version }}-curl # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-gd # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-intl # 2020-12-03: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- Required by Moodle 3.10+ - - php{{ php_version }}-mbstring # 2020-06-15: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- Required by Moodle 3.9+ + - php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - - php{{ php_version }}-xml # 2021-06-28: Likewise installed by nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml + - php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} #- php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc - - php{{ php_version }}-zip # 2021-06-27: Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present - name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index aad1d7c4d..30ed53f54 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -11,7 +11,7 @@ - mariadb-server - mariadb-client #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-mysql # Likewise installed by nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present # 2020-07-11: diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 194348237..1333297f0 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -52,26 +52,26 @@ - ffmpeg # Optional (for preview generation) - libxml2 # php-libxml requires libxml2 >= 2.7.0 #- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED? - - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" + - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" -- Likewise installed in pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-bz2 # Optional (for extraction of apps) #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-gmp # Optional (for SFTP storage) - - php-imagick # Optional (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. - - php{{ php_version }}-intl # Likewise installed by moodle/tasks/install.yml AND mediawiki/tasks/install.yml -- Optional (increases language translation performance and fixes sorting of non-ASCII characters) + - php-imagick # Optional (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml + - php{{ php_version }}-intl # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) - - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-mysql # Likewise installed by mysql/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml #- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's? #- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) - - php{{ php_version }}-xml # Likewise installed by moodle/tasks/install.yml AND mediawiki/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + - php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml - - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? state: present diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index 3826d4dd3..654ef0e58 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -9,21 +9,21 @@ - cron # required by FreePBX UCP package (User Control Panel) - sox # required for CDR web-playback #- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!) - - php{{ php_version }}-bcmath + - php{{ php_version }}-bcmath # Likewise installed by pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-cgi #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-curl # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml - - php{{ php_version }}-fpm # Likewise installed by nginx/tasks/install.yml + - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + - php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml #- php{{ php_version }}-gettext - - php{{ php_version }}-gd # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml + - php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml - php{{ php_version }}-imap #- php{{ php_version }}-json # See stanza just below - - php{{ php_version }}-mbstring # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml - - php{{ php_version }}-mysql # Likewise installed by mysql/tasks/install.yml AND nextcloud/tasks/install.yml + - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml + - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 - php{{ php_version }}-snmp - - php{{ php_version }}-xml # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml AND mediawiki/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml - - php{{ php_version }}-zip # Likewise installed by moodle/tasks/install.yml AND nextcloud/tasks/install.yml + - php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + - php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - libapache2-mod-php #- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 - libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index cc8a613d3..185e7401b 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -11,6 +11,33 @@ # and security enhancements using timestamps under /library/wordpress, as these # can arise without warning when WordPress is online, since WordPress ~4.8 +# 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here: +# https://make.wordpress.org/hosting/handbook/server-environment/ +- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) + package: + name: + - libsodium23 # Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND moodle/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' + - php{{ php_version }}-bcmath # OPTIONAL: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php-imagick # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in nextcloud/tasks/install.yml + - php{{ php_version }}-intl # OPTIONAL: Likewise installed by mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml + #- php{{ php_version }}-json # See stanza just below + - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + - php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} + - php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml + state: present + +# For PHP >= 8.0: phpX.Y-json is baked into PHP itself. +# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json +# +#- name: Install php{{ php_version }}-json if PHP < 8.0 +# package: +# name: php{{ php_version }}-json +# state: present +# when: php_version is version('8.0', '<') + - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} get_url: url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" From c5f388b0a019d7b608929edf930f87675a9b3e2c Mon Sep 17 00:00:00 2001 From: root Date: Tue, 29 Jun 2021 19:39:01 -0400 Subject: [PATCH 167/207] WordPress PHP Modules: refine explanations --- roles/nginx/tasks/install.yml | 2 +- roles/pbx/tasks/freepbx_dependencies.yml | 2 +- roles/wordpress/tasks/install.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 8b2686157..5e78a93c5 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -10,7 +10,7 @@ name: - libnginx-mod-http-subs-filter - nginx-extras - - php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed by moodle/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml) + - php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml) - uwsgi # Admin Console & roles/captiveportal should really install - uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these). state: present diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index 654ef0e58..0bdc94abb 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -9,7 +9,7 @@ - cron # required by FreePBX UCP package (User Control Panel) - sox # required for CDR web-playback #- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!) - - php{{ php_version }}-bcmath # Likewise installed by pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-bcmath # Likewise installed in pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-cgi #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 185e7401b..2ac843cff 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -21,7 +21,7 @@ #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - php-imagick # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in nextcloud/tasks/install.yml - - php{{ php_version }}-intl # OPTIONAL: Likewise installed by mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml + - php{{ php_version }}-intl # OPTIONAL: Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml #- php{{ php_version }}-json # See stanza just below - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml From 34cc9e17add36fdff1fe38b31f5679d5047e4dcd Mon Sep 17 00:00:00 2001 From: root Date: Tue, 29 Jun 2021 20:14:11 -0400 Subject: [PATCH 168/207] MediaWiki hidden requirement php{{ php_version }}-xml (doc) --- roles/mediawiki/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 2efb79990..47edf6429 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -6,7 +6,7 @@ - php{{ php_version }}-intl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml #- php{{ php_version }}-json # See stanza just below - php{{ php_version }}-mbstring # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - - php{{ php_version }}-xml # 2021-06-27 REQUIRED despite it being missing from MediaWiki's doc! Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml + - php{{ php_version }}-xml # 2021-06-27: REQUIRED (AND ENFORCED) despite this being missing from MediaWiki's above requirements doc! Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml state: present # For PHP >= 8.0: phpX.Y-json is baked into PHP itself. From 539de86941d13a10b62b5c59a185b93a2de900b4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 29 Jun 2021 21:32:48 -0400 Subject: [PATCH 169/207] Update freepbx_dependencies.yml --- roles/pbx/tasks/freepbx_dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pbx/tasks/freepbx_dependencies.yml b/roles/pbx/tasks/freepbx_dependencies.yml index 0bdc94abb..379236fa0 100644 --- a/roles/pbx/tasks/freepbx_dependencies.yml +++ b/roles/pbx/tasks/freepbx_dependencies.yml @@ -9,7 +9,7 @@ - cron # required by FreePBX UCP package (User Control Panel) - sox # required for CDR web-playback #- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!) - - php{{ php_version }}-bcmath # Likewise installed in pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + - php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-cgi #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml From a7dabf8ebb69c77d5723f78b0d1896b3e7fe70ce Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 29 Jun 2021 23:04:50 -0400 Subject: [PATCH 170/207] nextcloud/tasks/install.yml: PHP module clarifs --- roles/nextcloud/tasks/install.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 1333297f0..5d28e6a4a 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -53,12 +53,13 @@ - libxml2 # php-libxml requires libxml2 >= 2.7.0 #- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED? - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" -- Likewise installed in pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - - php{{ php_version }}-bz2 # Optional (for extraction of apps) + - php{{ php_version }}-bz2 # OPTIONAL (for extraction of apps) #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml + #- php{{ php_version }}-exif # Optional (for image rotation in pictures app) but somehow already installed in our PHP core. - php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml - - php{{ php_version }}-gmp # Optional (for SFTP storage) - - php-imagick # Optional (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml + - php{{ php_version }}-gmp # OPTIONAL (for SFTP storage) + - php-imagick # OPTIONAL (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml - php{{ php_version }}-intl # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml #- php{{ php_version }}-json # See stanza just below #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) From 5aedda0e21b31bc546eca45ae5e29fe277999ec6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Jun 2021 07:29:00 -0400 Subject: [PATCH 171/207] nginx/tasks/install.yml: Clarify php{{ php_version }}-fpm --- roles/nginx/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 5e78a93c5..3516825c1 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -10,7 +10,7 @@ name: - libnginx-mod-http-subs-filter - nginx-extras - - php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml) + - php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml) - uwsgi # Admin Console & roles/captiveportal should really install - uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these). state: present From 4065951bf8b9ca3db21fbae0125e6a97baea632e Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Jun 2021 07:33:39 -0400 Subject: [PATCH 172/207] 9-local-addons/tasks/main.yml: Clarify php-pear temp code --- roles/9-local-addons/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 21d580016..7922c4dac 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -32,7 +32,7 @@ - name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19" package: - name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (also installed by MediaWiki, Nextcloud, roles/pbx's FreePBX) AND 'php{{ php_version }}-cgi' (also installed by roles/pbx's FreePBX) + name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (also installed by MediaWiki, Nextcloud, roles/pbx's FreePBX, WordPress) AND 'php{{ php_version }}-cgi' (also installed by roles/pbx's FreePBX) state: present when: admin_console_install From 9c9ea74d4e9234abaf7ea28b83eae11b5da4c0aa Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Jun 2021 07:52:09 -0400 Subject: [PATCH 173/207] www_base/tasks/main.yml: PHP module deps clarified --- roles/www_base/tasks/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 1f29b4fa1..310742591 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -10,15 +10,15 @@ # name: # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this unfortunately forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC # - php{{ php_version }}-common # 2021-06-27: @jvonau suggested this (2020-05-21) to avoid Apache packages dragged in above. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml -# - php{{ php_version }}-curl # 2021-06-27: Installed by nextcloud/tasks/install.yml AND moodle/tasks/main.yml -# - php{{ php_version }}-gd # 2021-06-27: Installed by nextcloud/tasks/install.yml AND moodle/tasks/main.yml -# - php{{ php_version }}-imap # 2021-06-27: Installed by pbx/tasks/freepbx_dependencies.yml +# - php{{ php_version }}-curl # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml +# - php{{ php_version }}-gd # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml +# - php{{ php_version }}-imap # 2021-06-27: Installed in pbx/tasks/freepbx_dependencies.yml # - php{{ php_version }}-ldap # 2021-06-27: Experimentally remove -# - php{{ php_version }}-mysql # 2021-06-27: Installed by mysql/tasks/install.yml +# - php{{ php_version }}-mysql # 2021-06-30: Installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml # - php{{ php_version }}-odbc # 2021-06-27: Experimentally remove # - php-pear # 2021-06-27: REQUIRED BY ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19 -# - php{{ php_version }}-sqlite3 # 2020-07-10: Installed by osm-vector-maps/tasks/install.yml as part of OSM fix PR #2464 for #2461 -# - php{{ php_version }}-xml # 2021-06-27: Installed by nextcloud/tasks/install.yml AND mediawiki/tasks/main.yml +# - php{{ php_version }}-sqlite3 # 2020-07-10: Installed in osm-vector-maps/tasks/install.yml as part of OSM fix PR #2464 for #2461 +# - php{{ php_version }}-xml # 2021-06-30: Installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml # - php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove -- SEE EXPLANATION IN moodle/tasks/main.yml # state: present From 3c647b652772cd49712d4a11a6a4822bf7ee04b4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 30 Jun 2021 08:03:19 -0400 Subject: [PATCH 174/207] www_base/tasks/main.yml: Antifragile roles clarified --- roles/www_base/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 310742591..5963997a7 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -2,7 +2,7 @@ # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. # 2021-06-27: Antifragile roles can become less brittle by fully declaring -# their own dependencies (i.e. modularity, separation-of-concerns, +# their own dependencies (i.e. for modularity, separation-of-concerns, # encapsulation, compartmentalization, scope sanity, etc). # #- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify) From 731a3858b1deda0858740d3e35816249bf6006d3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 14:02:16 -0500 Subject: [PATCH 175/207] drop apache --- roles/moodle/tasks/install.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 4bbd6cd20..370bff894 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -8,14 +8,14 @@ # (as required by Moodle's CLI installer) AND THIRDLY below (for now, until # Moodle's ported to NGINX!) in /etc/php/{{ php_version }}/apache2/php.ini -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True +#- name: "Set 'apache_install: True' and 'apache_enabled: True'" +# set_fact: +# apache_install: True +# apache_enabled: True -- name: APACHE - run 'httpd' role - include_role: - name: httpd +#- name: APACHE - run 'httpd' role +# include_role: +# name: httpd - name: "Enact the equivalent of 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini for Moodle 3.11+" lineinfile: From 4545856f88d471cd1ae8f8adac8973ca71167c79 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 14:05:19 -0500 Subject: [PATCH 176/207] more apache --- roles/moodle/tasks/install.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 370bff894..34390ecc1 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -98,16 +98,16 @@ group: "{{ apache_user }}" #mode: '0770' # Regardless, permissions end up as: drwxrwsrwx -- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf - file: - path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available - state: absent +#- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf +# file: +# path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available +# state: absent # 2021-02-01: Not nec if we can hopefully migrate from Apache to NGINX soon! -- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template - template: - src: 022-moodle.j2 - dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf" +#- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template +# template: +# src: 022-moodle.j2 +# dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf" # roles/postgresql/templates/postgresql-iiab.service WAS INSTALLED HERE: # /etc/systemd/system/postgresql-iiab.service @@ -148,10 +148,10 @@ state: restarted #enabled: yes # Service ends up enabled regardless -- name: (Re)Start '{{ apache_service }}' systemd service - systemd: - name: "{{ apache_service }}" - state: restarted +#- name: (Re)Start '{{ apache_service }}' systemd service +# systemd: +# name: "{{ apache_service }}" +# state: restarted - name: Does {{ moodle_base }}/config.php exist? stat: From fe933dccb3fb12627a705fea4fc1e705f7a9454c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 14:09:53 -0500 Subject: [PATCH 177/207] more apache2 --- roles/moodle/tasks/main.yml | 4 ++-- .../{022-moodle.j2 => 022-moodle.jv.unused} | 0 roles/moodle/templates/moodle-nginx.conf.j2 | 21 +++++++++++-------- .../templates/moodle-nginx.conf.j2.native | 16 -------------- .../templates/moodle-nginx.conf.j2.unused | 13 ++++++++++++ 5 files changed, 27 insertions(+), 27 deletions(-) rename roles/moodle/templates/{022-moodle.j2 => 022-moodle.jv.unused} (100%) delete mode 100644 roles/moodle/templates/moodle-nginx.conf.j2.native create mode 100644 roles/moodle/templates/moodle-nginx.conf.j2.unused diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 621e30fb4..1a618363b 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -39,8 +39,8 @@ name: postgresql -- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - include_tasks: apache.yml +#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache +# include_tasks: apache.yml - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml diff --git a/roles/moodle/templates/022-moodle.j2 b/roles/moodle/templates/022-moodle.jv.unused similarity index 100% rename from roles/moodle/templates/022-moodle.j2 rename to roles/moodle/templates/022-moodle.jv.unused diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index eea1b9f39..bbf2fabe0 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,13 +1,16 @@ -location /moodle { +location ^/moodle { + alias /opt/iiab/moodle; + try_files $uri $uri/ index.php =404; +} +location ~ /moodle/(.*)\.php { + root /opt/iiab/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:{{ apache_port }}; -} - -location ~ ^/moodle.*\.php$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:{{ apache_port }}; + include fastcgi_params; + fastcgi_index index.php; + fastcgi_pass php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; } diff --git a/roles/moodle/templates/moodle-nginx.conf.j2.native b/roles/moodle/templates/moodle-nginx.conf.j2.native deleted file mode 100644 index bbf2fabe0..000000000 --- a/roles/moodle/templates/moodle-nginx.conf.j2.native +++ /dev/null @@ -1,16 +0,0 @@ -location ^/moodle { - alias /opt/iiab/moodle; - try_files $uri $uri/ index.php =404; -} -location ~ /moodle/(.*)\.php { - root /opt/iiab/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - include fastcgi_params; - fastcgi_index index.php; - fastcgi_pass php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; -} diff --git a/roles/moodle/templates/moodle-nginx.conf.j2.unused b/roles/moodle/templates/moodle-nginx.conf.j2.unused new file mode 100644 index 000000000..eea1b9f39 --- /dev/null +++ b/roles/moodle/templates/moodle-nginx.conf.j2.unused @@ -0,0 +1,13 @@ +location /moodle { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} + +location ~ ^/moodle.*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} From c2e9f670cc7f38b5a849db0af3ec252e65a684eb Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 15:44:39 -0500 Subject: [PATCH 178/207] upstream --- roles/moodle/templates/moodle-nginx.conf.j2 | 26 ++++++++++++--------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index bbf2fabe0..a33974474 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,16 +1,20 @@ location ^/moodle { - alias /opt/iiab/moodle; - try_files $uri $uri/ index.php =404; + alias {{ moodle_base }}; + try_files $uri $uri/ index.php =404; } -location ~ /moodle/(.*)\.php { - root /opt/iiab/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; + +location /moodle/dataroot/ { + internal; + alias {{ moodle_data }}; +} + +location ~ /moodle/[^/]\.php(/|$) { include fastcgi_params; - fastcgi_index index.php; - fastcgi_pass php; fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_read_timeout 300; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; + fastcgi_param PHP_VALUE "max_execution_time={{ max_execution_time }}\n upload_max_filesize={{ upload_max_filesize }}\n post_max_size={{ post_max_size }}\n max_input_vars={{ max_input_vars }}"; } From 352743dc0451fdc912c3a9d2e3b97fcae920e91e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 23:38:42 -0500 Subject: [PATCH 179/207] full path to fastcgi_params - apt managed file --- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index a33974474..9a754f656 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -9,7 +9,7 @@ location /moodle/dataroot/ { } location ~ /moodle/[^/]\.php(/|$) { - include fastcgi_params; + include /etc/nginx/fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_read_timeout 300; fastcgi_pass php; From db04ff3852ce393e201dbd79537389e9b2c8a07e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 28 Jun 2021 23:47:38 -0500 Subject: [PATCH 180/207] list from moodlebox --- roles/moodle/tasks/install.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 34390ecc1..8ff16ba1c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -47,6 +47,8 @@ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: + - php-apcu + - ghostscript - libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. @@ -55,9 +57,12 @@ - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL + - php{{ php_version }}-json + - php{{ php_version }}-opcache + - php{{ php_version }}-readline - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} - #- php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc + - php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present From 189e8d28e109bc6a51a7a4adc46bb8ce8c6d151e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 29 Jun 2021 00:34:13 -0500 Subject: [PATCH 181/207] hardcode --- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 9a754f656..b1fe7ef7f 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -16,5 +16,5 @@ location ~ /moodle/[^/]\.php(/|$) { fastcgi_index index.php; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; - fastcgi_param PHP_VALUE "max_execution_time={{ max_execution_time }}\n upload_max_filesize={{ upload_max_filesize }}\n post_max_size={{ post_max_size }}\n max_input_vars={{ max_input_vars }}"; + fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; } From 967deea724fb0ea41f3ba7ed889c00a42780cf5a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 01:18:12 -0500 Subject: [PATCH 182/207] nginx need group set to www-data --- roles/moodle/tasks/install.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 8ff16ba1c..746d83a0a 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -87,6 +87,8 @@ state: directory path: "{{ moodle_base }}" owner: "{{ apache_user }}" # www-data + group: "{{ apache_user }}" + mode: u+rw,g+r,o+r # '0755' forced executable bits on files recurse: yes - name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} From 91774aff3ac2f1196f5edaf99e0e5f7f86159c78 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 01:19:22 -0500 Subject: [PATCH 183/207] login works nginx.conf --- roles/moodle/templates/moodle-nginx.conf.j2 | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index b1fe7ef7f..6ac1a9955 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,20 +1,21 @@ -location ^/moodle { - alias {{ moodle_base }}; - try_files $uri $uri/ index.php =404; -} - -location /moodle/dataroot/ { +location ~ ^/moodle/dataroot/ { internal; alias {{ moodle_data }}; } -location ~ /moodle/[^/]\.php(/|$) { - include /etc/nginx/fastcgi_params; +location ~ ^/moodle(.*)\.php(.*)$ { + alias {{ moodle_base }}$1.php$2; + include fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_read_timeout 300; fastcgi_pass php; fastcgi_index index.php; fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; } + + +location ~ ^/moodle/ { + root {{ iiab_base }}; +} From 0d54b497aa2a968cb6a90cc3c57426cf8fe9fb28 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 1 Jul 2021 11:19:24 -0400 Subject: [PATCH 184/207] Clarif & Cleanup of 3-base-server/README.rst --- roles/3-base-server/README.rst | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/roles/3-base-server/README.rst b/roles/3-base-server/README.rst index 5b72e8e0c..2711231eb 100644 --- a/roles/3-base-server/README.rst +++ b/roles/3-base-server/README.rst @@ -4,14 +4,12 @@ This 3rd stage installs base server infra that Internet-in-a-Box requires, including: -- MySQL (database underlying many/most user-facing apps) -- `NGINX `_ web server (with Apache in some lingering cases) -- *A few core PHP packages are also installed by the above 2 roles, e.g.* - - php{{ php_version }}-common - - php{{ php_version }}-cli - - php{{ php_version }}-fpm - - php{{ php_version }}-mysql +- `MySQL `_ (database underlying many/most user-facing apps). This IIAB role also installs apt package: + - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common** +- `NGINX `_ web server (with Apache in some lingering cases). This IIAB role also installs apt package: + - **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23** +- `www_base `_ (similar to `www_options `_ which runs later in 4-server-options) -As with 2-common, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing. +Recap: as with 2-common, 4-server-options and 5-xo-services: this 3rd stage installs core server infra, that is not user-facing. The next stage (4-server-options) brings more diverse/optional server infra functionality. From 930cf691e4c6992aac97a4991fe1ba953bb911e7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 12:08:39 -0500 Subject: [PATCH 185/207] remove useless recently added change --- roles/moodle/tasks/install.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 746d83a0a..1ffceff88 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -17,22 +17,6 @@ # include_role: # name: httpd -- name: "Enact the equivalent of 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini for Moodle 3.11+" - lineinfile: - path: /etc/php/{{ php_version }}/{{ apache_service }}/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/cli/php.ini - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } - -# Apache's restarted prior to moodle_installer below, so no need right here! - - - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: postgresql_install: True From df5e880f0e2ae3cd0d14af8fb778197614df87ef Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 13:12:24 -0500 Subject: [PATCH 186/207] based on https://github.com/iiab/iiab/issues/2154#issue-550541163 --- roles/nodered/templates/nodered-nginx.conf.j2 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 index 7d4728b16..0c678a375 100644 --- a/roles/nodered/templates/nodered-nginx.conf.j2 +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -1,3 +1,11 @@ location /nodered/ { - proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/; + proxy_pass http://127.0.0.1:1880/nodered/; +} + +location /nodered/debug/ws/ { + proxy_pass http://127.0.0.1:1880/nodered/debug/ws; +} + +location /nodered/comms/ { + proxy_pass http://127.0.0.1:1880/nodered/comms; } From 8adcd85310a105a78e86bad38c2f4d99a44967d3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 13:22:43 -0500 Subject: [PATCH 187/207] drop apache --- roles/nodered/tasks/install.yml | 32 ++++++++++++++++---------------- roles/nodered/tasks/main.yml | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 2b40ff5d6..75d341142 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -1,11 +1,11 @@ -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True +#- name: "Set 'apache_install: True' and 'apache_enabled: True'" +# set_fact: +# apache_install: True +# apache_enabled: True -- name: APACHE - run 'httpd' role - include_role: - name: httpd +#- name: APACHE - run 'httpd' role +# include_role: +# name: httpd # 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) & @@ -112,18 +112,18 @@ dest: /etc/systemd/system/nodered.service # mode: '0666' -- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template - template: - backup: yes - src: nodered.conf.j2 - dest: "/etc/{{ apache_conf_dir }}/nodered.conf" +#- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template +# template: +# backup: yes +# src: nodered.conf.j2 +# dest: "/etc/{{ apache_conf_dir }}/nodered.conf" # mode: '0666' # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml -- name: Enable proxy_wstunnel apache2 module - apache2_module: - state: present - name: proxy_wstunnel +#- name: Enable proxy_wstunnel apache2 module +# apache2_module: +# state: present +# name: proxy_wstunnel # RECORD Node-RED AS INSTALLED diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 1edf2f34b..770b53eb4 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -42,7 +42,7 @@ #- name: Enable/Disable/Restart Apache if primary - name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache include_tasks: apache.yml - #when: not nginx_enabled + when: not nginx_enabled - name: Enable/Disable/Restart NGINX if primary include_tasks: nginx.yml From b2c070fd04398acd33d1b8f4355ce62f1e3cb995 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 14:00:44 -0500 Subject: [PATCH 188/207] not quite gone yet --- roles/nodered/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 75d341142..cdd71f7ee 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -112,11 +112,11 @@ dest: /etc/systemd/system/nodered.service # mode: '0666' -#- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template -# template: -# backup: yes -# src: nodered.conf.j2 -# dest: "/etc/{{ apache_conf_dir }}/nodered.conf" +- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template + template: + backup: yes + src: nodered.conf.j2 + dest: "/etc/{{ apache_conf_dir }}/nodered.conf" # mode: '0666' # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml From 2580b21281034e7dc5e9e1110e81b4c7b2344686 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 14:06:36 -0500 Subject: [PATCH 189/207] update nginx README --- roles/nginx/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 61177ba63..732c9c5e6 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -5,7 +5,7 @@ Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below. And potentially later moving it up to *Section i.* if its Apache support is dropped! - + (Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles)) 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. @@ -33,11 +33,11 @@ * nextcloud * sugarizer * wordpress + * nodered 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache. * elgg * moodle [*, PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)] - * nodered 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) * bluetooth From c9ae808a6f1586d602e6af43094eec4e60c4aa18 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 2 Jul 2021 11:15:56 -0400 Subject: [PATCH 190/207] Experimental tightening up of Moodle on NGINX --- roles/moodle/defaults/main.yml | 4 +-- roles/moodle/tasks/install.yml | 17 ++++++------ roles/moodle/templates/moodle-nginx.conf.j2 | 30 ++++++++++++--------- 3 files changed, 29 insertions(+), 22 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 367af9fa8..9de4aee06 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -1,5 +1,5 @@ -# If using Moodle intensively, consider setting nginx_high_php_limits in: -# /etc/iiab/local_vars.yml +# 2021-07-02 WARNING: Stage 4's roles/www_options/tasks/main.yml FORCES +# (the equivalent of) 'nginx_high_php_limits: True' if 'moodle_install: True' # moodle_install: False # moodle_enabled: False diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 1ffceff88..95e700fa5 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -5,8 +5,8 @@ # should take advantage of soon, as it transitions from Apache to Moodle: #2785 # 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini -# (as required by Moodle's CLI installer) AND THIRDLY below (for now, until -# Moodle's ported to NGINX!) in /etc/php/{{ php_version }}/apache2/php.ini +# (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) + #- name: "Set 'apache_install: True' and 'apache_enabled: True'" # set_fact: @@ -17,6 +17,7 @@ # include_role: # name: httpd + - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: postgresql_install: True @@ -31,8 +32,8 @@ - name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: - - php-apcu - - ghostscript + #- php-apcu # 2021-07-02: Experiment with fewer dependencies + - ghostscript # 2021-07-02: OPTIONAL -- but useful for annotation of PDF's / assignments - libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"' #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS. @@ -41,12 +42,12 @@ - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml - php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL - - php{{ php_version }}-json - - php{{ php_version }}-opcache - - php{{ php_version }}-readline + #- php{{ php_version }}-json # 2021-07-02: Not requested by Moodle's PHP doc above. Package baked into PHP 8+. FWIW with PHP < 8, phpX.Y-json is already auto-installed by phpX.Y-fpm in 3-base-server's nginx/tasks/install.yml + #- php{{ php_version }}-opcache # 2021-07-02: Experiment with fewer dependencies + #- php{{ php_version }}-readline # 2021-07-02: Experiment with fewer dependencies - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter} - - php{{ php_version }}-xmlrpc # 2021-06-27: Required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc + #- php{{ php_version }}-xmlrpc # 2021-07-02: Doesn't exist with PHP 8.0 -- officially required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 6ac1a9955..607619f0b 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,21 +1,27 @@ -location ~ ^/moodle/dataroot/ { - internal; - alias {{ moodle_data }}; -} +#location ~ ^/moodle/dataroot/ { +# internal; +# alias {{ moodle_data }}; +#} location ~ ^/moodle(.*)\.php(.*)$ { alias {{ moodle_base }}$1.php$2; - include fastcgi.conf; + fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_read_timeout 300; - fastcgi_pass php; fastcgi_index index.php; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; + fastcgi_pass php; + + #include fastcgi.conf; + include fastcgi_params; + + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + + #fastcgi_read_timeout 300; + + # Uncomment to override /etc/php//fpm/php.ini (AND .../cli/php.ini) + #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; } - -location ~ ^/moodle/ { +location ~ ^/moodle { root {{ iiab_base }}; } From cce83897c789f9a26410a5f62986310fa3716829 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 2 Jul 2021 12:52:51 -0400 Subject: [PATCH 191/207] moodle-nginx.conf.j2: "fastcgi_read_timeout 300;" etc --- roles/moodle/templates/moodle-nginx.conf.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 607619f0b..c52957bde 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -10,15 +10,15 @@ location ~ ^/moodle(.*)\.php(.*)$ { fastcgi_index index.php; fastcgi_pass php; - #include fastcgi.conf; - include fastcgi_params; + fastcgi_read_timeout 300; # Default is 60s + include fastcgi_params; # fastcgi.conf also works fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; - #fastcgi_read_timeout 300; - - # Uncomment to override /etc/php//fpm/php.ini (AND .../cli/php.ini) + # Uncomment to override /etc/php//fpm/php.ini -- FYI Stage 4's + # roles/www_options/tasks/main.yml FORCES these same settings and more + # (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True' #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; } From 551d8633a2ee0b4611c74e71a534b83b04aa6852 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 2 Jul 2021 13:42:19 -0400 Subject: [PATCH 192/207] moodle/tasks/install.yml: Link to moodlebox.net's great pkg list --- roles/moodle/tasks/install.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 95e700fa5..b5943b10f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -28,8 +28,10 @@ name: postgresql +# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: # https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries -- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) +# https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml +- name: Install ghostscript + libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify) package: name: #- php-apcu # 2021-07-02: Experiment with fewer dependencies From 89da8c9db9bec2ab7ab6f3f718a9fb712a3d2dae Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 2 Jul 2021 14:37:00 -0400 Subject: [PATCH 193/207] moodle-nginx.conf.j2: Link to 2 critical pages for ongoing maintenance --- roles/moodle/templates/moodle-nginx.conf.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index c52957bde..2f19718e4 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,3 +1,7 @@ +# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: +# https://docs.moodle.org/311/en/Nginx +# https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2 + #location ~ ^/moodle/dataroot/ { # internal; # alias {{ moodle_data }}; From 2cfff4fd3adfb22ff4f90bf6c4c2f192bbdb2287 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 2 Jul 2021 14:59:55 -0400 Subject: [PATCH 194/207] moodle-nginx.conf.j2: Is MoodleBox using XSendfile to deliver files fast? Or not? --- roles/moodle/templates/moodle-nginx.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 2f19718e4..a005652eb 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -2,6 +2,7 @@ # https://docs.moodle.org/311/en/Nginx # https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2 +# Odd that MoodleBox.net is using only the 2nd half of https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect ? #location ~ ^/moodle/dataroot/ { # internal; # alias {{ moodle_data }}; From eeb7aac71aba97621d28e1a7142c292813acd152 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 09:07:41 -0400 Subject: [PATCH 195/207] mv moodle/tasks/apache.yml apache.yml.unused --- roles/moodle/tasks/{apache.yml => apache.yml.unused} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/moodle/tasks/{apache.yml => apache.yml.unused} (100%) diff --git a/roles/moodle/tasks/apache.yml b/roles/moodle/tasks/apache.yml.unused similarity index 100% rename from roles/moodle/tasks/apache.yml rename to roles/moodle/tasks/apache.yml.unused From c637245e97f5891e7a6b362d200ab668f917e7d8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 09:47:06 -0400 Subject: [PATCH 196/207] Future flag ideas for moodle_installer --- roles/moodle/templates/moodle_installer | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index d28808161..67e94a494 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -18,5 +18,11 @@ sudo -u {{ apache_user }} \ --non-interactive \ --agree-license \ --allow-unstable # TEMPORARY DURING MAY 2018 TESTING +# 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml : +# --lang="{{ moodlebox_moodle_lang }}" +# --dbtype=mariadb +# --prefix="{{ moodlebox_moodle_db_prefix }}" +# --summary="{{ moodlebox_moodle_summary }}" +# --adminemail="{{ moodlebox_moodle_username }}@{{ moodlebox_hostname }}.invalid" chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php From 0ac34ee395c52f9913de8533d9224978d4405edc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 10:18:28 -0400 Subject: [PATCH 197/207] moodle/tasks/install.yml: Clarify fpm/php.ini --- roles/moodle/tasks/install.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index b5943b10f..9d9e5c10c 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -1,8 +1,7 @@ # 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by # www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF # 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml -# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini -- which Moodle -# should take advantage of soon, as it transitions from Apache to Moodle: #2785 +# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini # 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini # (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) From e82cff06869ff40915221713d5df1435edfcae78 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 11:07:09 -0400 Subject: [PATCH 198/207] templates/moodle_installer: Fix instantiating comments --- roles/moodle/templates/moodle_installer | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index 67e94a494..bdf68bc37 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -19,10 +19,11 @@ sudo -u {{ apache_user }} \ --agree-license \ --allow-unstable # TEMPORARY DURING MAY 2018 TESTING # 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml : -# --lang="{{ moodlebox_moodle_lang }}" +# --lang= # moodlebox_moodle_lang # --dbtype=mariadb -# --prefix="{{ moodlebox_moodle_db_prefix }}" -# --summary="{{ moodlebox_moodle_summary }}" -# --adminemail="{{ moodlebox_moodle_username }}@{{ moodlebox_hostname }}.invalid" +# --prefix= # moodlebox_moodle_db_prefix +# --summary= # moodlebox_moodle_summary +# --adminemail= # moodlebox_moodle_username }}@{{ moodlebox_hostname }}.invalid +# Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php From bf1a5ce832a927c5e85373e0fbb03603370a25ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 11:10:51 -0400 Subject: [PATCH 199/207] templates/moodle_installer: Clean up --- roles/moodle/templates/moodle_installer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index bdf68bc37..bde8938ae 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -23,7 +23,7 @@ sudo -u {{ apache_user }} \ # --dbtype=mariadb # --prefix= # moodlebox_moodle_db_prefix # --summary= # moodlebox_moodle_summary -# --adminemail= # moodlebox_moodle_username }}@{{ moodlebox_hostname }}.invalid +# --adminemail= # moodlebox_moodle_username @ moodlebox_hostname .invalid # Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php From b5844e17b8092ea9fb81718b5894564b2cfe4885 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 5 Jul 2021 16:05:12 +0000 Subject: [PATCH 200/207] Enable MathJax library/plugin with Moodle --- roles/moodle/tasks/install.yml | 2 ++ roles/moodle/tasks/mathjax.yml | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 roles/moodle/tasks/mathjax.yml diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 9d9e5c10c..f476c8f0d 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -162,6 +162,8 @@ # path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle # mode: '0644' +- include_tasks: mathjax.yml + # RECORD Moodle AS INSTALLED diff --git a/roles/moodle/tasks/mathjax.yml b/roles/moodle/tasks/mathjax.yml new file mode 100644 index 000000000..b6714c4e4 --- /dev/null +++ b/roles/moodle/tasks/mathjax.yml @@ -0,0 +1,28 @@ +# 2021-07-05: Thanks to https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/mathjax.yml + +# Verify this Moodle plugin after installation at: +# http://box.lan/moodle/admin/plugins.php +# http://box.lan/moodle/admin/settings.php?section=filtersettingmathjaxloader + +- name: Download (clone) MathJax library/plugin from https://github.com/mathjax/MathJax to {{ moodle_base }}/lib/MathJax + git: + repo: https://github.com/mathjax/MathJax # Or: git://github.com/mathjax/MathJax.git + dest: "{{ moodle_base }}/lib/MathJax" # /opt/iiab/moodle + #version: "{{ moodle_mathjax_version }}" # 2021-07-05: https://github.com/moodlebox/moodlebox/blob/master/default.config.yml uses 2.7.9 from 2020-08-25 -- whereas https://github.com/mathjax/MathJax/releases offers 3.2.0 from 2021-07-17 + depth: 1 + +- name: chmod -R ug+w,o-w {{ moodle_base }}/lib/MathJax (dirs 755 -> 775, files 644 -> 664, {{ apache_user }}:{{ apache_user }}) + file: + path: "{{ moodle_base }}/lib/MathJax" + state: directory + owner: "{{ apache_user }}" # www-data + group: "{{ apache_user }}" # MoodleBox uses {{ moodlebox_username }} set to 'moodlebox' in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml + mode: ug+w,o-w + recurse: yes + +# SEE https://github.com/moodle/moodle/blob/master/filter/mathjaxloader/lang/en/filter_mathjaxloader.php +- name: Run {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader to change MathJax library/plugin URL + command: > + /usr/bin/php {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader --name=httpsurl --set=/lib/MathJax/MathJax.js + register: mathjax_url_result + changed_when: mathjax_url_result.rc == 0 From 134997676e80ce7a5e1f0e31c734f182629d0607 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 5 Jul 2021 17:15:12 +0000 Subject: [PATCH 201/207] XSendfile Acceleration for Moodle/NGINX --- roles/moodle/tasks/install.yml | 29 ++++++++++++++++----- roles/moodle/tasks/mathjax.yml | 5 ++-- roles/moodle/templates/moodle-nginx.conf.j2 | 16 +++++++----- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f476c8f0d..71c8d0f23 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -146,22 +146,37 @@ # name: "{{ apache_service }}" # state: restarted -- name: Does {{ moodle_base }}/config.php exist? - stat: - path: "{{ moodle_base }}/config.php" - register: config +# - name: Does {{ moodle_base }}/config.php exist? +# stat: +# path: "{{ moodle_base }}/config.php" +# register: config -- name: Execute {{ moodle_base }}/moodle_installer -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/{{ apache_service }}/php.ini or /etc/php/{{ php_version }}/fpm/php.ini during regular operation +- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" - when: config.stat.exists is defined and not config.stat.exists + args: + creates: "{{ moodle_base }}/config.php" + #when: config.stat.exists is defined and not config.stat.exists -# 2021-02-01: Let's stick with Moodle's default (640) +# 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/mathjax.yml #- name: Make {{ moodle_base }}/config.php readable, with permission '0644' # #command: chown -R {{ apache_user }} {{ moodle_base }} # file: # path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle # mode: '0644' +# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect +- name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files" + lineinfile: + path: "{{ moodle_base }}/config.php" + line: '$CFG->{{ item.name }} = {{ item.value }};' + insertbefore: '^\$CFG->directorypermissions' + with_items: + #- { name: 'backuptempdir', value: "'{{ moodlebox_moodle_data_dir }}/backup'" } + - { name: 'xsendfile', value: "'X-Accel-Redirect'" } + - { name: 'xsendfilealiases', value: "array('/dataroot/' => $CFG->dataroot)" } + #- { name: 'customfiletypes', value: "array(\n (object)array(\n 'extension' => 'crt',\n 'icon' => 'sourcecode',\n 'type' => 'application/x-x509-ca-cert',\n 'customdescription' => 'X.509 CA certificate'\n )\n)"} + #- { name: 'showcampaigncontent', value: 'false' } + - include_tasks: mathjax.yml diff --git a/roles/moodle/tasks/mathjax.yml b/roles/moodle/tasks/mathjax.yml index b6714c4e4..046e3f747 100644 --- a/roles/moodle/tasks/mathjax.yml +++ b/roles/moodle/tasks/mathjax.yml @@ -11,13 +11,12 @@ #version: "{{ moodle_mathjax_version }}" # 2021-07-05: https://github.com/moodlebox/moodlebox/blob/master/default.config.yml uses 2.7.9 from 2020-08-25 -- whereas https://github.com/mathjax/MathJax/releases offers 3.2.0 from 2021-07-17 depth: 1 -- name: chmod -R ug+w,o-w {{ moodle_base }}/lib/MathJax (dirs 755 -> 775, files 644 -> 664, {{ apache_user }}:{{ apache_user }}) +- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/lib/MathJax file: path: "{{ moodle_base }}/lib/MathJax" - state: directory owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" # MoodleBox uses {{ moodlebox_username }} set to 'moodlebox' in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml - mode: ug+w,o-w + #mode: ug+w,o-w # 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/install.yml recurse: yes # SEE https://github.com/moodle/moodle/blob/master/filter/mathjaxloader/lang/en/filter_mathjaxloader.php diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index a005652eb..a4fd67574 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -1,12 +1,16 @@ -# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year: +# 2021-07-02: Let's monitor & learn from these 3 pages year-by-year: # https://docs.moodle.org/311/en/Nginx +# https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml # https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2 -# Odd that MoodleBox.net is using only the 2nd half of https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect ? -#location ~ ^/moodle/dataroot/ { -# internal; -# alias {{ moodle_data }}; -#} +# This passes 404 pages to Moodle so they can be themed +#error_page 404 /error/index.php; error_page 403 =404 /error/index.php; + +# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect +location ~ ^/moodle/dataroot/ { + internal; + alias {{ moodle_data }}/; +} location ~ ^/moodle(.*)\.php(.*)$ { alias {{ moodle_base }}$1.php$2; From 6ec9fe8a5e220bb417d7e0195be2e32a36a71777 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 5 Jul 2021 16:57:26 -0400 Subject: [PATCH 202/207] Clean up roles/moodle + fix XSendfile so images appear --- roles/moodle/defaults/main.yml | 2 +- roles/moodle/tasks/install.yml | 87 ++++++--------------- roles/moodle/tasks/main.yml | 7 +- roles/moodle/templates/moodle-nginx.conf.j2 | 3 +- roles/moodle/templates/moodle_installer | 27 ++++--- 5 files changed, 43 insertions(+), 83 deletions(-) diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 9de4aee06..193c21d64 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -8,7 +8,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! moodle_version: 311 -moodle_repo_url: https://github.com/moodle/moodle.git +moodle_repo_url: https://github.com/moodle/moodle #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab moodle_data: "{{ content_base }}/moodle" # /library diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 71c8d0f23..12e493a1f 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -7,16 +7,6 @@ # (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!) -#- name: "Set 'apache_install: True' and 'apache_enabled: True'" -# set_fact: -# apache_install: True -# apache_enabled: True - -#- name: APACHE - run 'httpd' role -# include_role: -# name: httpd - - - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: postgresql_install: True @@ -52,57 +42,30 @@ - php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml state: present -- name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) - stat: - path: "{{ moodle_base }}/config-dist.php" # /opt/iiab/moodle - register: moodle - -- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }} (~288 MB) +- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~350MB initially, ~371MB later) git: - repo: "{{ moodle_repo_url }}" - dest: "{{ moodle_base }}" + repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle + dest: "{{ moodle_base }}" # /opt/iiab/moodle depth: 1 - force: yes version: "MOODLE_{{ moodle_version }}_STABLE" #version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/ #ignore_errors: yes - when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists -- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?) +- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644) file: - state: directory path: "{{ moodle_base }}" owner: "{{ apache_user }}" # www-data group: "{{ apache_user }}" - mode: u+rw,g+r,o+r # '0755' forced executable bits on files recurse: yes -- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} - file: - state: directory - path: "{{ content_base }}/dbdata/moodle" # /library - owner: "{{ apache_user }}" - -- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}, '0770') +- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}) (by default 755 = drwxr-xr-x initially, but moodle_installer sets drwxrwsrwx below) file: state: directory path: "{{ moodle_data }}" # /library/moodle owner: "{{ apache_user }}" group: "{{ apache_user }}" - #mode: '0770' # Regardless, permissions end up as: drwxrwsrwx -#- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf -# file: -# path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available -# state: absent -# 2021-02-01: Not nec if we can hopefully migrate from Apache to NGINX soon! -#- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template -# template: -# src: 022-moodle.j2 -# dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf" - -# roles/postgresql/templates/postgresql-iiab.service WAS INSTALLED HERE: # /etc/systemd/system/postgresql-iiab.service - name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB systemd: @@ -129,42 +92,40 @@ become: yes become_user: postgres -- name: Install {{ moodle_base }}/moodle_installer from template ('0755') - template: - src: moodle_installer - dest: "{{ moodle_base }}" - mode: '0755' - - name: (Re)Start 'postgresql-iiab' systemd service systemd: name: postgresql-iiab state: restarted #enabled: yes # Service ends up enabled regardless -#- name: (Re)Start '{{ apache_service }}' systemd service -# systemd: -# name: "{{ apache_service }}" -# state: restarted -# - name: Does {{ moodle_base }}/config.php exist? -# stat: -# path: "{{ moodle_base }}/config.php" -# register: config +- name: Install {{ moodle_base }}/moodle_installer from template (0755) + template: + src: moodle_installer + dest: "{{ moodle_base }}" + mode: 0755 - name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" args: creates: "{{ moodle_base }}/config.php" - #when: config.stat.exists is defined and not config.stat.exists -# 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/mathjax.yml -#- name: Make {{ moodle_base }}/config.php readable, with permission '0644' -# #command: chown -R {{ apache_user }} {{ moodle_base }} -# file: -# path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle -# mode: '0644' +# 2021-07-05: For /opt/iiab/moodle, let's stick with default permissions from +# above (755 dirs & 644 files), and ownership (www-data:www-data), as we do in +# moodle/tasks/mathjax.yml + +# 2021-07-05: Seems like a good idea but Moodle's permissions recommendations +# at https://docs.moodle.org/20/en/Creating_Moodle_site_data_directory don't +# actually mandate this: +# +# - name: chmod -R o-rwx {{ moodle_data }} e.g. drwxrwsrwx to drwxrws--- +# file: +# path: "{{ moodle_data }}" # /library/moodle +# mode: o-rwx +# recurse: yes # https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect +# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287 - name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files" lineinfile: path: "{{ moodle_base }}/config.php" diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 1a618363b..5c4e6bf73 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -29,19 +29,16 @@ postgresql_install: True postgresql_enabled: True # Revert just below if... -- name: "Set 'postgresql_enabled: False' if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'" +- name: "Set 'postgresql_enabled: False' if not moodle_enabled" set_fact: postgresql_enabled: False - when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled) + when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) - name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) include_role: name: postgresql -#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache -# include_tasks: apache.yml - - name: Enable/Disable/Restart NGINX include_tasks: nginx.yml diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index a4fd67574..135096c5b 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -7,7 +7,8 @@ #error_page 404 /error/index.php; error_page 403 =404 /error/index.php; # https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect -location ~ ^/moodle/dataroot/ { +# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287 +location /dataroot/ { internal; alias {{ moodle_data }}/; } diff --git a/roles/moodle/templates/moodle_installer b/roles/moodle/templates/moodle_installer index bde8938ae..be6b18bf6 100755 --- a/roles/moodle/templates/moodle_installer +++ b/roles/moodle/templates/moodle_installer @@ -6,18 +6,18 @@ # a capital letter, in keeping with Internet-in-a-Box's other server apps? sudo -u {{ apache_user }} \ - /usr/bin/php {{ moodle_base }}/admin/cli/install.php \ - --wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \ - --dataroot={{ moodle_data }} \ - --dbtype=pgsql \ - --dbname={{ moodle_database_name }} \ - --dbuser=Admin --dbpass=changeme \ - --fullname=Your_School \ - --shortname=School \ - --adminuser=admin --adminpass=changeme \ - --non-interactive \ - --agree-license \ - --allow-unstable # TEMPORARY DURING MAY 2018 TESTING + /usr/bin/php {{ moodle_base }}/admin/cli/install.php \ + --wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \ + --dataroot={{ moodle_data }} \ + --dbtype=pgsql \ + --dbname={{ moodle_database_name }} \ + --dbuser=Admin --dbpass=changeme \ + --fullname=Your_School \ + --shortname=School \ + --adminuser=admin --adminpass=changeme \ + --non-interactive \ + --agree-license \ + --allow-unstable # TEMPORARY DURING MAY 2018 TESTING # 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml : # --lang= # moodlebox_moodle_lang # --dbtype=mariadb @@ -26,4 +26,5 @@ sudo -u {{ apache_user }} \ # --adminemail= # moodlebox_moodle_username @ moodlebox_hostname .invalid # Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml -chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php +# 2021-07-05: No longer needed +#chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php From 274a4b7abf8a847af67407c98eef36497aceb5a0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 5 Jul 2021 23:26:08 -0400 Subject: [PATCH 203/207] Explain moodle_installer's cli/php.ini & LATER fpm/php.ini --- roles/moodle/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 12e493a1f..aa763be59 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -105,7 +105,7 @@ dest: "{{ moodle_base }}" mode: 0755 -- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation +- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" args: creates: "{{ moodle_base }}/config.php" From ede56d3197f7267c1a42c14c1f39dacfd980f0bd Mon Sep 17 00:00:00 2001 From: root Date: Tue, 6 Jul 2021 00:36:15 -0400 Subject: [PATCH 204/207] Refine Node-RED on NGINX w/o Apache --- roles/nginx/README.md | 12 ++++++---- roles/nodered/tasks/install.yml | 23 +++---------------- roles/nodered/tasks/main.yml | 8 +------ roles/nodered/templates/nodered-nginx.conf.j2 | 9 +++++--- roles/nodered/templates/nodered.conf.j2 | 6 ----- 5 files changed, 18 insertions(+), 40 deletions(-) delete mode 100644 roles/nodered/templates/nodered.conf.j2 diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 732c9c5e6..c85dc0eac 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,9 +10,10 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2021-05-21: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))* +3. Current state of IIAB App/Service migrations as of 2021-07-06: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))* 1. These support "Native" NGINX but ***NOT*** Apache + * Admin Console * captiveportal * IIAB documentation (http://box/info) @@ -22,6 +23,7 @@ * usb_lib 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: + * awstats * calibre-web * gitea @@ -29,17 +31,19 @@ * kolibri * lokole * mediawiki + * moodle * munin * nextcloud + * nodered * sugarizer * wordpress - * nodered 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache. + * elgg - * moodle [*, PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)] 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) + * bluetooth * calibre (menu goes directly to port 8080) * cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)] @@ -55,4 +59,4 @@ * transmission * vnstat -[*] The 5 above starred roles could use improvement, as of 2021-05-21. +[*] The 4 above starred roles could use improvement, as of 2021-07-06. diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index cdd71f7ee..8d75cb6e9 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -1,15 +1,5 @@ -#- name: "Set 'apache_install: True' and 'apache_enabled: True'" -# set_fact: -# apache_install: True -# apache_enabled: True - -#- name: APACHE - run 'httpd' role -# include_role: -# name: httpd - - -# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) & -# npm to roles/nodejs/tasks/main.yml +# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js [8.x at the time] +# and npm to roles/nodejs/tasks/main.yml - name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'" set_fact: @@ -48,7 +38,7 @@ state: absent when: nodered_install -# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED +# 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # environment, inspired by: # https://nodered.org/docs/hardware/raspberrypi # https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered @@ -112,13 +102,6 @@ dest: /etc/systemd/system/nodered.service # mode: '0666' -- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template - template: - backup: yes - src: nodered.conf.j2 - dest: "/etc/{{ apache_conf_dir }}/nodered.conf" - # mode: '0666' - # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml #- name: Enable proxy_wstunnel apache2 module # apache2_module: diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 770b53eb4..2add807b2 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -39,14 +39,8 @@ state: stopped when: not nodered_enabled -#- name: Enable/Disable/Restart Apache if primary -- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - include_tasks: apache.yml - when: not nginx_enabled - -- name: Enable/Disable/Restart NGINX if primary +- name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - when: nginx_enabled - name: Add 'nodered' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 index 0c678a375..abf1c15fb 100644 --- a/roles/nodered/templates/nodered-nginx.conf.j2 +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -1,11 +1,14 @@ +# 'nodered_port: 1880' is set in /opt/iiab/iiab/vars/default_vars.yml +# https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services + location /nodered/ { - proxy_pass http://127.0.0.1:1880/nodered/; + proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/; } location /nodered/debug/ws/ { - proxy_pass http://127.0.0.1:1880/nodered/debug/ws; + proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws; } location /nodered/comms/ { - proxy_pass http://127.0.0.1:1880/nodered/comms; + proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms; } diff --git a/roles/nodered/templates/nodered.conf.j2 b/roles/nodered/templates/nodered.conf.j2 deleted file mode 100644 index 916e1eed2..000000000 --- a/roles/nodered/templates/nodered.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ -ProxyPreserveHost On -ProxyRequests Off -ProxyPass /{{ nodered_web_path }}/debug/ws ws://localhost:{{ nodered_port }}/{{ nodered_web_path }}/debug/ws -ProxyPass /{{ nodered_web_path }}/comms ws://localhost:{{ nodered_port }}/{{ nodered_web_path }}/comms -ProxyPass /{{ nodered_web_path }} http://localhost:{{ nodered_port }}/{{ nodered_web_path }} -ProxyPassReverse /{{ nodered_web_path }} http://localhost:{{ nodered_port }}/{{ nodered_web_path }} From c4c0586bb1cacc3c6290a7e36482ebf1b4600d9b Mon Sep 17 00:00:00 2001 From: root Date: Tue, 6 Jul 2021 00:43:32 -0400 Subject: [PATCH 205/207] Residual nodered/templates/nodered.conf.j2.unused --- roles/nodered/templates/nodered.conf.j2.unused | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 roles/nodered/templates/nodered.conf.j2.unused diff --git a/roles/nodered/templates/nodered.conf.j2.unused b/roles/nodered/templates/nodered.conf.j2.unused new file mode 100644 index 000000000..916e1eed2 --- /dev/null +++ b/roles/nodered/templates/nodered.conf.j2.unused @@ -0,0 +1,6 @@ +ProxyPreserveHost On +ProxyRequests Off +ProxyPass /{{ nodered_web_path }}/debug/ws ws://localhost:{{ nodered_port }}/{{ nodered_web_path }}/debug/ws +ProxyPass /{{ nodered_web_path }}/comms ws://localhost:{{ nodered_port }}/{{ nodered_web_path }}/comms +ProxyPass /{{ nodered_web_path }} http://localhost:{{ nodered_port }}/{{ nodered_web_path }} +ProxyPassReverse /{{ nodered_web_path }} http://localhost:{{ nodered_port }}/{{ nodered_web_path }} From a2778e155ca5895c35f6b7c31c5cd1f2fbcd2fb6 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 6 Jul 2021 01:53:57 -0400 Subject: [PATCH 206/207] nodered-nginx.conf.j2: Single stanza avoids WebSocket errors?! ("Lost connection to server, reconnecting...") --- roles/nodered/templates/nodered-nginx.conf.j2 | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 index abf1c15fb..c9271959b 100644 --- a/roles/nodered/templates/nodered-nginx.conf.j2 +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -3,12 +3,24 @@ location /nodered/ { proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; } -location /nodered/debug/ws/ { - proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws; -} +#location /nodered/debug/ws/ { +# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws; +# +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +#} -location /nodered/comms/ { - proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms; -} +#location /nodered/comms/ { +# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms; +# +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +#} From 2f644da6a31a6d981a0545e7c325fa40b5c6638e Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Jul 2021 02:23:52 -0400 Subject: [PATCH 207/207] Update roles/nginx/README.md --- roles/nginx/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index c85dc0eac..785d8eba0 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -1,10 +1,10 @@ ### Transition to NGINX -1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below. +1. Initial testing strategy (December 2019 - February 2020) was to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below. - Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below. + Until "Native" NGINX is later implemented for each such IIAB App/Service — allowing each to move up to *Section ii.* below. - And potentially later moving it up to *Section i.* if its Apache support is dropped! + And potentially later moving each up to *Section i.* if its Apache support is dropped! (Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles)) @@ -18,6 +18,8 @@ * captiveportal * IIAB documentation (http://box/info) * jupyterhub + * moodle + * nodered * osm-vector-maps * OER2Go/RACHEL modules * usb_lib @@ -31,10 +33,8 @@ * kolibri * lokole * mediawiki - * moodle * munin * nextcloud - * nodered * sugarizer * wordpress