1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Merge branch 'master' into lokole-with-less-apache

This commit is contained in:
A Holt 2021-07-06 02:33:17 -04:00 committed by GitHub
commit 4a0829f215
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
81 changed files with 830 additions and 542 deletions

View file

@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file:
Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details.
All files not containing an explicit copyright notice or terms of license in All files not containing an explicit copyright notice or terms of license in
the file are Copyright © 2015-2020, Unleash Kids, and are licensed under the the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the
terms of the GPLv2 license in the file named LICENSE in the root of the terms of the GPLv2 license in the file named LICENSE in the root of the
repository. repository.

View file

@ -35,11 +35,12 @@ Finally, you can [customize your Internet-in-a-Box home page](http://wiki.laptop
Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians *and* IT/UX/QA people of all kinds! Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians *and* IT/UX/QA people of all kinds!
Please see "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO) If you would like to volunteer, please [make contact](http://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO)
To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide). FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components. <!-- To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide).-->
To learn more about our open community architecture for "offline" education, start by reviewing "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)" To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)"
FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components.
*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.* *Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.*

View file

@ -46,7 +46,7 @@ else
echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n" echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n"
fi fi
if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then if grep -q '^openvpn_installed: True\b' /etc/iiab/iiab_state.yml; then
echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n" echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
else else
echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n" echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n"
@ -58,8 +58,6 @@ else
if [ -d /opt/iiab/iiab ]; then if [ -d /opt/iiab/iiab ]; then
cd /opt/iiab/iiab cd /opt/iiab/iiab
#CWD=`pwd`
#export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log" export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log"
ansible -m setup -i $INVENTORY localhost --connection=local | grep python ansible -m setup -i $INVENTORY localhost --connection=local | grep python
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local

View file

@ -2,7 +2,15 @@
1-prep README 1-prep README
============= =============
This 1st stage is primarily hardware-focused, prior to OS additions/mods. This 1st stage (1-prep) is primarily hardware-focused, prior to OS
additions/mods, but also includes critical pieces sometimes needed for
remote support:
Traditionally it included preliminaries like hostname and things specific to a - SSH
particular platform, such as the XO laptop, done before the bulk of the install. - `iiab-admin <https://github.com/iiab/iiab/tree/master/roles/iiab-admin>`_ username and group to log into Admin Console
- OpenVPN software if/as needed later for remote support
Traditionally 1-prep also included preliminaries like hostname and
hardware-oriented things specific to a particular platform (such as
One Laptop Per Child's XO laptop) i.e. critical setup prior to the
bulk of IIAB's software install.

View file

@ -1,11 +1,11 @@
- name: Install package networkd-dispatcher (OS's other than RaspOS) - name: Install package networkd-dispatcher (OS's other than RaspiOS)
package: package:
name: networkd-dispatcher name: networkd-dispatcher
state: present state: present
when: not is_raspbian when: not is_raspbian
# used in the network role # used in the network role
- name: Install network related packages (debuntu) - name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask (debuntu)'
package: package:
name: name:
- iproute2 - iproute2
@ -15,7 +15,7 @@
state: present state: present
when: is_debuntu when: is_debuntu
- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu) - name: Install /etc/network/if-pre-up.d/iptables from template (0755, debuntu)
template: template:
src: iptables src: iptables
dest: /etc/network/if-pre-up.d/iptables dest: /etc/network/if-pre-up.d/iptables

View file

@ -4,10 +4,12 @@
This 3rd stage installs base server infra that Internet-in-a-Box requires, including: This 3rd stage installs base server infra that Internet-in-a-Box requires, including:
- the web server (Apache for now, possibly NGINX in future) - `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). This IIAB role also installs apt package:
- administrator security (username iiab-admin by default) - **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common**
- MySQL (the database underlying many/most user-facing apps) - `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package:
- **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23**
- `www_base <https://github.com/iiab/iiab/blob/master/roles/www_base>`_ (similar to `www_options <https://github.com/iiab/iiab/blob/master/roles/www_options>`_ which runs later in 4-server-options)
4-server-options follows with more diverse/optional server infra functionality. Recap: as with 2-common, 4-server-options and 5-xo-services: this 3rd stage installs core server infra, that is not user-facing.
As in the case of 2-common, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing. The next stage (4-server-options) brings more diverse/optional server infra functionality.

View file

@ -3,14 +3,14 @@
- name: ...IS BEGINNING ===================================== - name: ...IS BEGINNING =====================================
command: echo command: echo
- name: MYSQL - name: MYSQL + CORE PHP
include_role: include_role:
name: mysql name: mysql
#when: mysql_install #when: mysql_install
# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles: # 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles:
# #
# cups, elgg, lokole, moodle, nodered, pbx, phpmyadmin # cups, elgg, moodle, nodered, pbx, phpmyadmin
# #
# These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files: # These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files:
# #
@ -19,7 +19,7 @@
# #
# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md # SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
- name: NGINX - name: NGINX + CORE PHP
include_role: include_role:
name: nginx name: nginx
#when: nginx_install #when: nginx_install

View file

@ -30,6 +30,12 @@
name: calibre-web name: calibre-web
when: calibreweb_install when: calibreweb_install
- name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19"
package:
name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (also installed by MediaWiki, Nextcloud, roles/pbx's FreePBX, WordPress) AND 'php{{ php_version }}-cgi' (also installed by roles/pbx's FreePBX)
state: present
when: admin_console_install
- name: Recording STAGE 9 HAS COMPLETED ==================== - name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile: lineinfile:
path: "{{ iiab_env_file }}" path: "{{ iiab_env_file }}"

View file

@ -1,31 +1,29 @@
# TO DO: # TO DO:
# #
# - Prepare for a possible future w/o Apache by verifying/refining below... # Prepare for a possible future w/o Apache by verifying/refining below...
# - 5 'when: apache_installed is defined' # - 5 'when: apache_installed is defined' (2021-05-21: COMMENT OUT THESE STANZAS SOON!?)
# - 1 'when: nginx_install' # - 1 'when: nginx_install'
# - 8 core stanzas w/o such 'when:' clauses # - 8 core stanzas w/o such 'when:' clauses
- name: 'Install 3 packages: awstats, openssl, pwauth' - name: 'Install package: awstats'
package: package:
name: name: awstats
- awstats
- pwauth
- openssl
state: present state: present
- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external' - name: 'Install package: pwauth (when: apache_installed is defined)'
package: package:
name: name:
- libapache2-mod-authnz-external - pwauth # Auto-installs apache2-bin and libapache2-mod-authnz-external
- apache2-utils #- apache2-utils # Unneeded? (In any case, already installed by Apache itself.)
#- openssl # Unneeded? (In any case, already installed by most every Linux distro.)
state: present state: present
when: apache_installed is defined when: apache_installed is defined
- name: Run 'a2enmod cgi' to enable cgi execution via Apache - name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)"
command: a2enmod cgi command: a2enmod cgi
when: apache_installed is defined when: apache_installed is defined
- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx - name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)'
file: file:
state: directory state: directory
recurse: yes recurse: yes
@ -41,7 +39,7 @@
state: directory state: directory
recurse: yes recurse: yes
path: "{{ item }}" path: "{{ item }}"
owner: "{{ apache_user }}" owner: "{{ apache_user }}" # USED FOR NGINX TOO: 'www-data' on debuntu
group: "{{ apache_user }}" group: "{{ apache_user }}"
mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits
#force: yes #force: yes
@ -49,13 +47,13 @@
- "{{ awstats_data_dir }}" # /library/awstats - "{{ awstats_data_dir }}" # /library/awstats
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats - /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template - name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)'
template: template:
src: apache-awstats.conf src: apache-awstats.conf
dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu
when: apache_installed is defined when: apache_installed is defined
- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable - name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)"
template: template:
src: logrotate.d.apache2 src: logrotate.d.apache2
dest: /etc/logrotate.d/apache2 dest: /etc/logrotate.d/apache2

View file

@ -49,7 +49,7 @@
requirements: "{{ calibreweb_venv_path }}/requirements.txt" requirements: "{{ calibreweb_venv_path }}/requirements.txt"
virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3
virtualenv_site_packages: no virtualenv_site_packages: no
virtualenv_command: python3 -m venv {{ calibreweb_venv_path }} virtualenv_command: python3 -m venv {{ calibreweb_venv_path }}
when: internet_available when: internet_available
- name: Install /etc/systemd/system/calibre-web.service from template - name: Install /etc/systemd/system/calibre-web.service from template

View file

@ -1,10 +1,9 @@
- name: "Download & install packages: python3-dateutil, python3-jinja2" - name: "Install packages: python3-dateutil, python3-jinja2"
package: package:
name: "{{ item }}" name:
- python3-dateutil
- python3-jinja2
state: present state: present
with_items:
- python3-dateutil
- python3-jinja2
- name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }} - name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }}
file: file:

View file

@ -1,14 +1,13 @@
- name: 'Install 4 packages: apache2, libapache2-mod-php{{ php_version }}, php{{ php_version }}, php{{ php_version }}-curl' - name: 'Install 2 packages: {{ apache_service }}, libapache2-mod-php{{ php_version }}'
package: package:
#name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings) #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings)
#name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS? #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS?
name: name:
- "{{ apache_service }}" # apache2 on Debuntu - "{{ apache_service }}" # apache2 on Debuntu
- "libapache2-mod-php{{ php_version }}" # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" - libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -- 2021-06-28 FYI: this also drags in libsodium23 (likewise installed via nginx/tasks/install.yml AND moodle/tasks/install.yml)
# - "php{{ php_version }}" #- "php{{ php_version }}"
# - "php{{ php_version }}-curl" #- "php{{ php_version }}-curl"
state: present state: present
when: is_debuntu
# when: is_debian # when: is_debian
# - name: 'Install 2 packages: apache2, php (ubuntu)' # - name: 'Install 2 packages: apache2, php (ubuntu)'
@ -39,29 +38,29 @@
# when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16) # when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16)
# #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18 # #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18
- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)' #- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)'
package: # package:
#name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings) # #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings)
#name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS # #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS
name: # name:
- httpd # - httpd
- mod_authnz_external # - mod_authnz_external
- php # - php
- php-curl # - php-curl
state: present # state: present
when: is_redhat # when: is_redhat
# Remove symlinks for mpm_event, replace with mpm_prefork # Remove symlinks for mpm_event, replace with mpm_prefork
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) - name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled
file: file:
path: "/etc/apache2/mods-enabled/{{ item }}" path: "/etc/apache2/mods-enabled/{{ item }}"
state: absent state: absent
with_items: with_items:
- mpm_event.conf - mpm_event.conf
- mpm_event.load - mpm_event.load
when: is_debuntu #when: is_debuntu
- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu) - name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available
file: file:
src: "/etc/apache2/mods-available/{{ item }}" src: "/etc/apache2/mods-available/{{ item }}"
path: "/etc/apache2/mods-enabled/{{ item }}" path: "/etc/apache2/mods-enabled/{{ item }}"
@ -69,9 +68,9 @@
with_items: with_items:
- mpm_prefork.conf - mpm_prefork.conf
- mpm_prefork.load - mpm_prefork.load
when: is_debuntu #when: is_debuntu
- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)' - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
apache2_module: apache2_module:
name: "{{ item }}" name: "{{ item }}"
with_items: with_items:
@ -80,16 +79,16 @@
- proxy_html - proxy_html
- proxy_http - proxy_http
- rewrite - rewrite
when: is_debuntu #when: is_debuntu
- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu) - name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
with_items: with_items:
- /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere? - /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere?
- /etc/apache2/sites-enabled/000-default.conf - /etc/apache2/sites-enabled/000-default.conf
when: is_debuntu #when: is_debuntu
- name: Create Apache's pid dir /var/run/{{ apache_user }} - name: Create Apache's pid dir /var/run/{{ apache_user }}
file: file:

View file

@ -9,10 +9,11 @@
include_role: include_role:
name: nodejs name: nodejs
- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x, 12.x or 14.x - name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 16.x
fail: assert:
msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x or 14.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" that: nodejs_version is version('10.x', '>=') and nodejs_version is version('16.x', '<=')
when: (nodejs_version != "10.x") and (nodejs_version != "12.x") and (nodejs_version != "14.x") fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 16.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
quiet: yes
- name: "Set 'yarn_install: True' and 'yarn_enabled: True'" - name: "Set 'yarn_install: True' and 'yarn_enabled: True'"
set_fact: set_fact:

View file

@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
# http://download.kiwix.org/nightly/ # http://download.kiwix.org/nightly/
kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-4 kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-5
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-4 kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-5
kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-4 kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-5
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")

View file

@ -4,10 +4,10 @@
set_fact: set_fact:
kiwix_src_dir: False kiwix_src_dir: False
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71)" - name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71 or aarch64)"
set_fact: set_fact:
kiwix_src_dir: "{{ kiwix_version_armhf }}" kiwix_src_dir: "{{ kiwix_version_armhf }}"
when: ansible_machine == "armv7l" or ansible_machine == "armv6l" or ansible_machine == "aarch64" when: ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64"
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)" - name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)"
set_fact: set_fact:

View file

@ -26,11 +26,11 @@ Automatic Device Provisioning
When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_) the installation will set up the following defaults:: When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_) the installation will set up the following defaults::
Kolibri Facility name: 'Kolibri-in-a-Box' kolibri_facility: Kolibri-in-a-Box
Kolibri Preset type: formal # Options: formal, nonformal, informal kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
Kolibri default language: en # Options: ar, bn-bd, en, es-es, fa, fr-fr, hi-in, mr, nyn, pt-br, sw-tz, ta, te, ur-pk, yo, zu kolibri_preset: formal # formal, nonformal, informal
Kolibri Admin username: Admin kolibri_admin_user: Admin
Kolibri Admin password: changeme kolibri_admin_password: changeme
*Feel free to override any of the above, by copying the relevant line from /opt/iiab/iiab/roles/kolibri/defaults/main.yml to /etc/iiab/local_vars.yml (then run 'cd /opt/iiab/iiab' followed by './runrole kolibri' per IIAB's general guidelines at http://FAQ.IIAB.IO).* *Feel free to override any of the above, by copying the relevant line from /opt/iiab/iiab/roles/kolibri/defaults/main.yml to /etc/iiab/local_vars.yml (then run 'cd /opt/iiab/iiab' followed by './runrole kolibri' per IIAB's general guidelines at http://FAQ.IIAB.IO).*
@ -42,13 +42,17 @@ Kolibri 0.10 introduced ``kolibri manage deprovision`` which will remove user co
Troubleshooting Troubleshooting
--------------- ---------------
You can run the server manually with the following commands:: This unproxied version of Kolibri can sometimes help: http://box:8009/kolibri/
You can run Kolibri manually with commands like::
systemctl stop kolibri # Make sure the systemd service is not running systemctl stop kolibri # Make sure the systemd service is not running
export KOLIBRI_HOME=/library/kolibri export KOLIBRI_HOME=/library/kolibri
export KOLIBRI_HTTP_PORT=8009 # Otherwise Kolibri will try to run on default port 8080 export KOLIBRI_HTTP_PORT=8009 # Otherwise Kolibri will try to run on default port 8080
kolibri start kolibri start
...while you look over Kolibri's systemd unit file (`/etc/systemd/system/kolibri.service <https://github.com/iiab/iiab/blob/master/roles/kolibri/templates/kolibri.service.j2>`_) for the latest parameters!
To return to using the systemd unit file:: To return to using the systemd unit file::
kolibri stop kolibri stop

View file

@ -1,7 +1,7 @@
# kolibri_install: False # kolibri_install: False
# kolibri_enabled: False # kolibri_enabled: False
# kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu # kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
# kolibri_http_port: 8009 # kolibri_http_port: 8009

View file

@ -20,14 +20,17 @@ lokole_admin_password: changeme
lokole_install_path: "{{ content_base }}/lokole" # /library/lokole lokole_install_path: "{{ content_base }}/lokole" # /library/lokole
lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv
lokole_confd: /etc/supervisor/conf.d
# Info needed to run Lokole: # Info needed to run Lokole:
lokole_user: lokole lokole_user: lokole
lokole_url: /lokole lokole_url: /lokole
lokole_uid: "2000" lokole_uid: "2000"
lokole_run_directory: /home/{{ lokole_user }}/state lokole_home_dir: /home/{{ lokole_user }}
lokole_log_directory: /home/{{ lokole_user }}/log lokole_run_dir: "{{ lokole_home_dir }}/state"
lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock" lokole_log_dir: "{{ lokole_home_dir }}/logs"
lokole_settings: "{{ lokole_run_dir }}/settings.env"
lokole_domain_socket: "{{ lokole_run_dir }}/lokole_gunicorn.sock"
lokole_sim_type: LocalOnly lokole_sim_type: LocalOnly
lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" # http://box.lan/lokole lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" # http://box.lan/lokole

View file

@ -25,6 +25,13 @@
- libjpeg-dev - libjpeg-dev
- libssl-dev - libssl-dev
- libopenjp2-7 # 2020-02-01: To solve bug #2221 - libopenjp2-7 # 2020-02-01: To solve bug #2221
- supervisor
- usb-modeswitch
- usb-modeswitch-data
- mobile-broadband-provider-info
- ppp
- wvdial
state: present state: present
# For development purposes -- To install Lokole from a given commit, add the # For development purposes -- To install Lokole from a given commit, add the
@ -75,52 +82,63 @@
ansible.builtin.user: ansible.builtin.user:
state: present state: present
name: "{{ lokole_user }}" name: "{{ lokole_user }}"
#group: "{{ lokole_user }}"
groups: dialout, dip
system: yes system: yes
uid: "{{ lokole_uid }}" #uid: "{{ lokole_uid }}"
home: /home/{{ lokole_user }} home: "{{ lokole_home_dir }}"
- name: mkdir {{ lokole_run_directory }} - name: mkdir {{ lokole_run_dir }}
file: file:
state: directory state: directory
path: "{{ lokole_run_directory }}" path: "{{ lokole_run_dir }}/lokole_restarter"
group: "{{ lokole_user }}" group: "{{ lokole_user }}"
owner: "{{ lokole_user }}" owner: "{{ lokole_user }}"
mode: g+rw mode: g+rw
- name: mkdir /{{ lokole_user }}/log - name: mkdir {{ lokole_log_dir }}
file: file:
state: directory state: directory
path: "{{ lokole_log_directory }}" path: "{{ lokole_log_dir }}"
group: "{{ lokole_user }}" group: "{{ lokole_user }}"
owner: "{{ lokole_user }}" owner: "{{ lokole_user }}"
mode: g+rw mode: g+rw
- name: Install {{ lokole_run_directory }}/settings.env - name: Generate key and salt
set_fact:
lokole_key: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}"
lokole_salt: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}"
- name: Install {{ lokole_settings }}
template: template:
src: settings.env.j2 src: settings.env.j2
dest: "{{ lokole_run_directory }}/settings.env" dest: "{{ lokole_settings }}"
group: "{{ lokole_user }}" group: "{{ lokole_user }}"
owner: "{{ lokole_user }}" owner: "{{ lokole_user }}"
mode: a+rw mode: g+rw
- name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole #- name: Fixup supervisorctl
template: # file:
src: webapp_secrets.sh.j2 # path: /usr/bin/supervisorctl
dest: "{{ lokole_run_directory }}/webapp_secrets.sh" # owner: root
mode: a+x # group: "{{ lokole_user }}"
# mode: u=rw+s,g=rx,o=rx
- name: Install {{ lokole_run_directory }}/webapp.sh from template, to configure Gunicorn - name: Install {{ lokole_confd }} templates to configure Lokole
template: template:
src: webapp.sh.j2 src: "{{ item.src }}"
dest: "{{ lokole_run_directory }}/webapp.sh" dest: "{{ lokole_confd }}"
group: "{{ lokole_user }}" group: "{{ lokole_user }}"
owner: "{{ lokole_user }}" owner: "{{ lokole_user }}"
mode: a+x mode: 0644
with_items:
- { src: 'lokole_gunicorn.conf' }
- { src: 'lokole_celery_beat.conf' }
- { src: 'lokole_celery_worker.conf' }
- { src: 'lokole_restarter.conf' }
- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole - name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole
shell: | include_tasks: setup.yml
. {{ lokole_run_directory }}/webapp_secrets.sh
{{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
#- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole #- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole
# template: # template:
@ -129,24 +147,12 @@
# mode: 0644 # mode: 0644
# when: apache_install # when: apache_install
- name: Install unit files {lokole.service, celery.service, celerybeat.service, lokole_restarter.service} into /etc/systemd/system, from template
template:
src: "{{ item.src }}"
dest: "{{ item.dest}}"
mode: 0644
with_items:
- { src: 'lokole.service.j2', dest: '/etc/systemd/system/lokole.service' }
- { src: 'celery.service.j2', dest: '/etc/systemd/system/celery.service' }
- { src: 'celerybeat.service.j2', dest: '/etc/systemd/system/celerybeat.service' }
- { src: 'lokole_restarter.service.j2', dest: '/etc/systemd/system/lokole_restarter.service' }
# RECORD Lokole AS INSTALLED
- name: "Set 'lokole_installed: True'" - name: "Set 'lokole_installed: True'"
set_fact: set_fact:
lokole_installed: True lokole_installed: True
# RECORD Lokole AS INSTALLED
- name: "Add 'lokole_installed: True' to {{ iiab_state_file }}" - name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
lineinfile: lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml

View file

@ -24,43 +24,27 @@
when: lokole_installed is undefined when: lokole_installed is undefined
- name: Do a 'systemctl daemon-reload' if lokole_enabled - name: Do a 'systemctl daemon-reload'
systemd: systemd:
daemon_reload: yes daemon_reload: yes
when: lokole_enabled when: lokole_enabled
- name: Enable & Restart {lokole, celery, celerybeat, lokole_restarter} systemd services, if lokole_enabled - name: Enable & Restart supervisor systemd service, if lokole_enabled
systemd: systemd:
name: "{{ item }}" name: supervisor
enabled: yes enabled: yes
state: restarted state: restarted
when: lokole_enabled when: lokole_enabled
with_items:
- lokole
- celery
- celerybeat
- lokole_restarter
- name: Disable & Stop all 4 (above) systemd services, if not lokole_enabled - name: Disable & Stop supervisor systemd service, if not lokole_enabled
systemd: systemd:
name: "{{ item }}" name: supervisor
enabled: no enabled: no
state: stopped state: stopped
when: not lokole_enabled when: not lokole_enabled
with_items: # @jvonau prefers reverse starting order, if stopping these 4
- lokole_restarter
- celerybeat
- celery
- lokole
#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
#- name: Enable/Disable/Restart Apache if primary
# include_tasks: apache.yml
# when: not nginx_enabled
- name: Enable/Disable/Restart NGINX - name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml include_tasks: nginx.yml
#when: nginx_enabled
- name: Add 'lokole' variable values to {{ iiab_ini_file }} - name: Add 'lokole' variable values to {{ iiab_ini_file }}
@ -79,8 +63,8 @@
value: "{{ lokole_install }}" value: "{{ lokole_install }}"
- option: lokole_enabled - option: lokole_enabled
value: "{{ lokole_enabled }}" value: "{{ lokole_enabled }}"
- option: lokole_run_directory - option: lokole_settings
value: "{{ lokole_run_directory }}" value: "{{ lokole_settings }}"
- option: lokole_url - option: lokole_url
value: "{{ lokole_url }}" value: "{{ lokole_url }}"
- option: lokole_full_url - option: lokole_full_url

View file

@ -0,0 +1,20 @@
- name: start supervisor
systemd:
name: supervisor
state: started
- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole
shell: |
while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env
{{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
- name: Change owner of dbfiles
file:
path: "{{ item.path }}"
state: file
owner: "{{ lokole_user }}"
group: "{{ lokole_user }}"
mode: u=rw
loop:
- { path: "{{ lokole_run_dir }}/users.sqlite3" }
# - { path: "{{ lokole_run_dir }}/celery.sqlite3" }

View file

@ -0,0 +1,10 @@
[program:lokole_celery_beat]
command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks beat --pidfile={{ lokole_run_dir }}/lokole_celery_beat.pid --loglevel=error
autostart=true
autorestart=true
startretries=3
stopasgroup=true
stderr_logfile={{ lokole_log_dir }}/lokole_celery_beat.stderr.log
stdout_logfile={{ lokole_log_dir }}/lokole_celery_beat.stdout.log
user={{ lokole_user }}
environment=OPWEN_SETTINGS={{ lokole_settings }}

View file

@ -0,0 +1,10 @@
[program:lokole_celery_worker]
command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2
autostart=true
autorestart=true
startretries=3
stopasgroup=true
stderr_logfile={{ lokole_log_dir }}/lokole_celery_worker.stderr.log
stdout_logfile={{ lokole_log_dir }}/lokole_celery_worker.stdout.log
user={{ lokole_user }}
environment=OPWEN_SETTINGS={{ lokole_settings }}

View file

@ -0,0 +1,10 @@
[program:lokole_gunicorn]
command={{ lokole_venv }}/bin/gunicorn --bind=unix:{{ lokole_run_dir }}/lokole_gunicorn.sock --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app
autostart=true
autorestart=true
startretries=3
stopasgroup=true
stderr_logfile={{ lokole_log_dir }}/lokole_gunicorn.stderr.log
stdout_logfile={{ lokole_log_dir }}/lokole_gunicorn.stdout.log
user={{ lokole_user }}
environment=OPWEN_SETTINGS={{ lokole_settings }}

View file

@ -0,0 +1,10 @@
[program:lokole_restarter]
command={{ lokole_venv }}/bin/manage.py restarter --directory={{ lokole_run_dir }}/lokole_restarter
autostart=true
autorestart=true
startretries=3
stopasgroup=true
stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log
stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log
user=root
environment=OPWEN_SETTINGS={{ lokole_settings }}

View file

@ -1,8 +1,11 @@
OPWEN_SETTINGS='{{ lokole_run_directory }}/settings.env' OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env
OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}' OPWEN_STATE_DIRECTORY={{ lokole_run_dir }}
OPWEN_APP_ROOT='{{ lokole_url }}/' OPWEN_APP_ROOT={{ lokole_url }}/
OPWEN_MAX_UPLOAD_SIZE_MB=10 OPWEN_MAX_UPLOAD_SIZE_MB=10
OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *' OPWEN_SYNC_SCHEDULE="1,16,31,46 * * * *"
OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}' OPWEN_RESTART_PATH={{ lokole_run_dir }}/lokole_restarter/lokole_gunicorn=HUP,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_worker=,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_beat=
OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}' OPWEN_SESSION_KEY={{ lokole_key }}
OPWEN_SIM_TYPE='{{ lokole_sim_type }}' OPWEN_SECRET_KEY={{ lokole_key }}
OPWEN_PASSWORD_SALT={{ lokole_salt }}
OPWEN_SIM_TYPE={{ lokole_sim_type }}
OPWEN_CLIENT_NAME={{ lokole_client_id }}

View file

@ -4,8 +4,8 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
mediawiki_major_version: 1.35 # "1.35" also works mediawiki_major_version: 1.36 # "1.35" also works
mediawiki_minor_version: 2 mediawiki_minor_version: 1
mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}"
mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}" mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}"

View file

@ -1,10 +1,23 @@
- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring' # https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP
- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml'
package: package:
name: name:
- "php{{ php_version }}-intl" #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- "php{{ php_version }}-mbstring" - php{{ php_version }}-intl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-xml # 2021-06-27: REQUIRED (AND ENFORCED) despite this being missing from MediaWiki's above requirements doc! Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml
state: present state: present
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }} - name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }}
get_url: get_url:
url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}" url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}"
@ -18,7 +31,7 @@
unarchive: unarchive:
src: "{{ downloads_dir }}/{{ mediawiki_src }}" src: "{{ downloads_dir }}/{{ mediawiki_src }}"
dest: "{{ mediawiki_install_path }}" # /library dest: "{{ mediawiki_install_path }}" # /library
owner: "{{ apache_user }}" owner: "{{ apache_user }}" # www-data on debuntu
group: "{{ apache_user }}" group: "{{ apache_user }}"
mode: u+rw,g+r,o+r # '0755' forced executable bits on files mode: u+rw,g+r,o+r # '0755' forced executable bits on files
keep_newer: yes keep_newer: yes
@ -31,7 +44,7 @@
- name: Start MySQL systemd service ({{ mysql_service }}) so we can create db - name: Start MySQL systemd service ({{ mysql_service }}) so we can create db
systemd: systemd:
name: "{{ mysql_service }}" name: "{{ mysql_service }}" # mariadb on debuntu
state: started state: started
- name: Create MySQL database {{ mediawiki_db_name }} - name: Create MySQL database {{ mediawiki_db_name }}
@ -64,7 +77,7 @@
chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z
creates: "{{ mediawiki_abs_path }}/LocalSettings.php" creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
- name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php - name: Configure $wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
lineinfile: lineinfile:
path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z
line: '$wgArticlePath = "/wiki/$1";' line: '$wgArticlePath = "/wiki/$1";'

View file

@ -1,5 +1,5 @@
# If using Moodle intensively, consider setting nginx_high_php_limits in: # 2021-07-02 WARNING: Stage 4's roles/www_options/tasks/main.yml FORCES
# /etc/iiab/local_vars.yml # (the equivalent of) 'nginx_high_php_limits: True' if 'moodle_install: True'
# moodle_install: False # moodle_install: False
# moodle_enabled: False # moodle_enabled: False
@ -8,7 +8,7 @@
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
moodle_version: 311 moodle_version: 311
moodle_repo_url: https://github.com/moodle/moodle.git moodle_repo_url: https://github.com/moodle/moodle
#moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow!
moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab
moodle_data: "{{ content_base }}/moodle" # /library moodle_data: "{{ content_base }}/moodle" # /library

View file

@ -1,11 +1,10 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'" # 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by
set_fact: # www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF
apache_install: True # 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml
apache_enabled: True # See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini
- name: APACHE - run 'httpd' role # 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini
include_role: # (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!)
name: httpd
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
@ -18,70 +17,55 @@
name: postgresql name: postgresql
- name: Install 8 php packages (debuntu) # 2021-07-02: Let's monitor & learn from these 2 pages year-by-year:
# https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries
# https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml
- name: Install ghostscript + libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
package: package:
name: name:
- php{{ php_version }}-pgsql #- php-apcu # 2021-07-02: Experiment with fewer dependencies
- php{{ php_version }}-curl - ghostscript # 2021-07-02: OPTIONAL -- but useful for annotation of PDF's / assignments
- php{{ php_version }}-zip - libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
- php{{ php_version }}-gd #- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ #- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
- php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. - php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ - php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL
#- php{{ php_version }}-json # 2021-07-02: Not requested by Moodle's PHP doc above. Package baked into PHP 8+. FWIW with PHP < 8, phpX.Y-json is already auto-installed by phpX.Y-fpm in 3-base-server's nginx/tasks/install.yml
#- php{{ php_version }}-opcache # 2021-07-02: Experiment with fewer dependencies
#- php{{ php_version }}-readline # 2021-07-02: Experiment with fewer dependencies
- php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+
#- php-sodium # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"' - php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
#- php{{ php_version }}-xmlrpc # 2021-07-02: Doesn't exist with PHP 8.0 -- officially required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc
- php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
state: present state: present
when: is_debuntu
- name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed) - name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~350MB initially, ~371MB later)
stat:
path: "{{ moodle_base }}/config-dist.php" # /opt/iiab/moodle
register: moodle
- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }} (~300 MB)
git: git:
repo: "{{ moodle_repo_url }}" repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle
dest: "{{ moodle_base }}" dest: "{{ moodle_base }}" # /opt/iiab/moodle
depth: 1 depth: 1
force: yes
version: "MOODLE_{{ moodle_version }}_STABLE" version: "MOODLE_{{ moodle_version }}_STABLE"
#version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/ #version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/
#ignore_errors: yes #ignore_errors: yes
when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists
- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?) - name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644)
file: file:
state: directory
path: "{{ moodle_base }}" path: "{{ moodle_base }}"
owner: "{{ apache_user }}" # www-data owner: "{{ apache_user }}" # www-data
group: "{{ apache_user }}"
recurse: yes recurse: yes
- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} - name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}) (by default 755 = drwxr-xr-x initially, but moodle_installer sets drwxrwsrwx below)
file:
state: directory
path: "{{ content_base }}/dbdata/moodle" # /library
owner: "{{ apache_user }}"
- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}, '0770')
file: file:
state: directory state: directory
path: "{{ moodle_data }}" # /library/moodle path: "{{ moodle_data }}" # /library/moodle
owner: "{{ apache_user }}" owner: "{{ apache_user }}"
group: "{{ apache_user }}" group: "{{ apache_user }}"
#mode: '0770' # Regardless, permissions end up as: drwxrwsrwx
- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf
file:
path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available
state: absent
# 2021-02-01: Not nec if we can hopefully migrate from Apache to NGINX soon!
- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template
template:
src: 022-moodle.j2
dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf"
# roles/postgresql/templates/postgresql-iiab.service WAS INSTALLED HERE:
# /etc/systemd/system/postgresql-iiab.service # /etc/systemd/system/postgresql-iiab.service
- name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB - name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB
systemd: systemd:
@ -108,38 +92,53 @@
become: yes become: yes
become_user: postgres become_user: postgres
- name: Install {{ moodle_base }}/moodle_installer from template ('0755')
template:
src: moodle_installer
dest: "{{ moodle_base }}"
mode: '0755'
- name: (Re)Start 'postgresql-iiab' systemd service - name: (Re)Start 'postgresql-iiab' systemd service
systemd: systemd:
name: postgresql-iiab name: postgresql-iiab
state: restarted state: restarted
#enabled: yes # Service ends up enabled regardless #enabled: yes # Service ends up enabled regardless
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}"
state: restarted
- name: Does {{ moodle_base }}/config.php exist? - name: Install {{ moodle_base }}/moodle_installer from template (0755)
stat: template:
path: "{{ moodle_base }}/config.php" src: moodle_installer
register: config dest: "{{ moodle_base }}"
mode: 0755
- name: Execute {{ moodle_base }}/moodle_installer - name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation
shell: "{{ moodle_base }}/moodle_installer" shell: "{{ moodle_base }}/moodle_installer"
when: config.stat.exists is defined and not config.stat.exists args:
creates: "{{ moodle_base }}/config.php"
# 2021-02-01: Let's stick with Moodle's default (640) # 2021-07-05: For /opt/iiab/moodle, let's stick with default permissions from
#- name: Make {{ moodle_base }}/config.php readable, with permission '0644' # above (755 dirs & 644 files), and ownership (www-data:www-data), as we do in
# #command: chown -R {{ apache_user }} {{ moodle_base }} # moodle/tasks/mathjax.yml
# file:
# path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle # 2021-07-05: Seems like a good idea but Moodle's permissions recommendations
# mode: '0644' # at https://docs.moodle.org/20/en/Creating_Moodle_site_data_directory don't
# actually mandate this:
#
# - name: chmod -R o-rwx {{ moodle_data }} e.g. drwxrwsrwx to drwxrws---
# file:
# path: "{{ moodle_data }}" # /library/moodle
# mode: o-rwx
# recurse: yes
# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect
# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287
- name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files"
lineinfile:
path: "{{ moodle_base }}/config.php"
line: '$CFG->{{ item.name }} = {{ item.value }};'
insertbefore: '^\$CFG->directorypermissions'
with_items:
#- { name: 'backuptempdir', value: "'{{ moodlebox_moodle_data_dir }}/backup'" }
- { name: 'xsendfile', value: "'X-Accel-Redirect'" }
- { name: 'xsendfilealiases', value: "array('/dataroot/' => $CFG->dataroot)" }
#- { name: 'customfiletypes', value: "array(\n (object)array(\n 'extension' => 'crt',\n 'icon' => 'sourcecode',\n 'type' => 'application/x-x509-ca-cert',\n 'customdescription' => 'X.509 CA certificate'\n )\n)"}
#- { name: 'showcampaigncontent', value: 'false' }
- include_tasks: mathjax.yml
# RECORD Moodle AS INSTALLED # RECORD Moodle AS INSTALLED

View file

@ -29,19 +29,16 @@
postgresql_install: True postgresql_install: True
postgresql_enabled: True # Revert just below if... postgresql_enabled: True # Revert just below if...
- name: "Set 'postgresql_enabled: False' if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'" - name: "Set 'postgresql_enabled: False' if not moodle_enabled"
set_fact: set_fact:
postgresql_enabled: False postgresql_enabled: False
when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled) when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled)
- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) - name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL)
include_role: include_role:
name: postgresql name: postgresql
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
- name: Enable/Disable/Restart NGINX - name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml include_tasks: nginx.yml

View file

@ -0,0 +1,27 @@
# 2021-07-05: Thanks to https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/mathjax.yml
# Verify this Moodle plugin after installation at:
# http://box.lan/moodle/admin/plugins.php
# http://box.lan/moodle/admin/settings.php?section=filtersettingmathjaxloader
- name: Download (clone) MathJax library/plugin from https://github.com/mathjax/MathJax to {{ moodle_base }}/lib/MathJax
git:
repo: https://github.com/mathjax/MathJax # Or: git://github.com/mathjax/MathJax.git
dest: "{{ moodle_base }}/lib/MathJax" # /opt/iiab/moodle
#version: "{{ moodle_mathjax_version }}" # 2021-07-05: https://github.com/moodlebox/moodlebox/blob/master/default.config.yml uses 2.7.9 from 2020-08-25 -- whereas https://github.com/mathjax/MathJax/releases offers 3.2.0 from 2021-07-17
depth: 1
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/lib/MathJax
file:
path: "{{ moodle_base }}/lib/MathJax"
owner: "{{ apache_user }}" # www-data
group: "{{ apache_user }}" # MoodleBox uses {{ moodlebox_username }} set to 'moodlebox' in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml
#mode: ug+w,o-w # 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/install.yml
recurse: yes
# SEE https://github.com/moodle/moodle/blob/master/filter/mathjaxloader/lang/en/filter_mathjaxloader.php
- name: Run {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader to change MathJax library/plugin URL
command: >
/usr/bin/php {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader --name=httpsurl --set=/lib/MathJax/MathJax.js
register: mathjax_url_result
changed_when: mathjax_url_result.rc == 0

View file

@ -1,13 +1,37 @@
location /moodle { # 2021-07-02: Let's monitor & learn from these 3 pages year-by-year:
proxy_set_header X-Real-IP $remote_addr; # https://docs.moodle.org/311/en/Nginx
proxy_set_header X-Forwarded-For $remote_addr; # https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml
proxy_set_header Host $host; # https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2
proxy_pass http://127.0.0.1:{{ apache_port }};
# This passes 404 pages to Moodle so they can be themed
#error_page 404 /error/index.php; error_page 403 =404 /error/index.php;
# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect
# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287
location /dataroot/ {
internal;
alias {{ moodle_data }}/;
} }
location ~ ^/moodle.*\.php$ { location ~ ^/moodle(.*)\.php(.*)$ {
proxy_set_header X-Real-IP $remote_addr; alias {{ moodle_base }}$1.php$2;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_pass http://127.0.0.1:{{ apache_port }}; fastcgi_index index.php;
fastcgi_pass php;
fastcgi_read_timeout 300; # Default is 60s
include fastcgi_params; # fastcgi.conf also works
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
# Uncomment to override /etc/php/<VERSION>/fpm/php.ini -- FYI Stage 4's
# roles/www_options/tasks/main.yml FORCES these same settings and more
# (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True'
#fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000";
}
location ~ ^/moodle {
root {{ iiab_base }};
} }

View file

@ -1,16 +0,0 @@
location ^/moodle {
alias /opt/iiab/moodle;
try_files $uri $uri/ index.php =404;
}
location ~ /moodle/(.*)\.php {
root /opt/iiab/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}

View file

@ -0,0 +1,13 @@
location /moodle {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
}
location ~ ^/moodle.*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_port }};
}

View file

@ -6,17 +6,25 @@
# a capital letter, in keeping with Internet-in-a-Box's other server apps? # a capital letter, in keeping with Internet-in-a-Box's other server apps?
sudo -u {{ apache_user }} \ sudo -u {{ apache_user }} \
/usr/bin/php {{ moodle_base }}/admin/cli/install.php \ /usr/bin/php {{ moodle_base }}/admin/cli/install.php \
--wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \ --wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \
--dataroot={{ moodle_data }} \ --dataroot={{ moodle_data }} \
--dbtype=pgsql \ --dbtype=pgsql \
--dbname={{ moodle_database_name }} \ --dbname={{ moodle_database_name }} \
--dbuser=Admin --dbpass=changeme \ --dbuser=Admin --dbpass=changeme \
--fullname=Your_School \ --fullname=Your_School \
--shortname=School \ --shortname=School \
--adminuser=admin --adminpass=changeme \ --adminuser=admin --adminpass=changeme \
--non-interactive \ --non-interactive \
--agree-license \ --agree-license \
--allow-unstable # TEMPORARY DURING MAY 2018 TESTING --allow-unstable # TEMPORARY DURING MAY 2018 TESTING
# 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml :
# --lang= # moodlebox_moodle_lang
# --dbtype=mariadb
# --prefix= # moodlebox_moodle_db_prefix
# --summary= # moodlebox_moodle_summary
# --adminemail= # moodlebox_moodle_username @ moodlebox_hostname .invalid
# Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml
chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php # 2021-07-05: No longer needed
#chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php

View file

@ -5,13 +5,14 @@
# - 7 DB config # - 7 DB config
# - 2 record as installed # - 2 record as installed
- name: 'Install MySQL packages: mariadb-server, mariadb-client (debuntu)' - name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql'
package: package:
name: name:
- mariadb-server - mariadb-server
- mariadb-client - mariadb-client
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
state: present state: present
when: is_debuntu
# 2020-07-11: # 2020-07-11:
# 10 PHP package installs moved to roles/www_base/tasks/main.yml # 10 PHP package installs moved to roles/www_base/tasks/main.yml

View file

@ -25,19 +25,20 @@ The Nextcloud suite is divided into three main categories:
To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike> To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike>
(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini: (3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini:
- upload_max_filesize - upload_max_filesize
- post_max_size - post_max_size
- memory_limit (Nextcloud recommends 512+ MB) - memory_limit (Nextcloud recommends 512+ MB)
- max_execution_time - max_execution_time
- max_input_time - max_input_time
- max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+)
Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L47-L51](../www_options/tasks/main.yml#L47-L51) Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133)
(4) If you're running Nextcloud 21+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these: (4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these:
- https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml
## Using It ## Using It

View file

@ -40,38 +40,51 @@
# var: php_new # var: php_new
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # February 2020: See @m-anish's PR #2119 and follow-up PR #2258.
# 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs: # 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs:
# https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- name: Install ffmpeg + libxml2 + 13 php packages # 2021-06-27: Use this after Nextcloud 22 is released "2021-07-06" :
# https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
- name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify)
package: package:
name: name:
#- dnsutils # NOT REQUESTED by Nextcloud #- dnsutils # NOT REQUESTED by Nextcloud
- ffmpeg # Optional (for preview generation) - ffmpeg # Optional (for preview generation)
- libxml2 # php-libxml requires libxml2 >= 2.7.0 - libxml2 # php-libxml requires libxml2 >= 2.7.0
#- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED? #- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED?
- php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" - php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" -- Likewise installed in pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-bz2 # Optional (for extraction of apps) - php{{ php_version }}-bz2 # OPTIONAL (for extraction of apps)
- php{{ php_version }}-cli # Likely optional? @jvonau says this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258 #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-gd #- php{{ php_version }}-exif # Optional (for image rotation in pictures app) but somehow already installed in our PHP core.
- php{{ php_version }}-gmp # Optional (for SFTP storage) - php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-imagick # Optional (for preview generation) - php{{ php_version }}-gmp # OPTIONAL (for SFTP storage)
- php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters) - php-imagick # OPTIONAL (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml
- php{{ php_version }}-json - php{{ php_version }}-intl # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-json # See stanza just below
#- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php) #- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php)
- php{{ php_version }}-mbstring - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mysql - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT?
#- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php-mysql handles this on all OS's? #- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's?
#- php{{ php_version }}-redis # @m-anish future work? #- php{{ php_version }}-redis # @m-anish future work?
#- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT?
#- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration) #- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration)
- php{{ php_version }}-xml # NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?) - php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip #- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
#- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT? #- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT?
state: present state: present
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation # https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
#- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020) #- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020)
# package: # package:
@ -94,7 +107,7 @@
state: directory state: directory
path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud
- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (~449 MB, {{ apache_user }}:{{ apache_user }}) - name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (434-450 MB, {{ apache_user }}:{{ apache_user }})
unarchive: unarchive:
remote_src: yes # Overwrite even if "already exists on the target" remote_src: yes # Overwrite even if "already exists on the target"
src: "{{ nextcloud_dl_url }}" src: "{{ nextcloud_dl_url }}"

View file

@ -16,4 +16,4 @@
state: restarted state: restarted
with_items: with_items:
- nginx - nginx
- "php{{ php_version }}-fpm" - php{{ php_version }}-fpm

View file

@ -1,27 +1,31 @@
### Transition to NGINX ### Transition to NGINX
1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below. 1. Initial testing strategy (December 2019 - February 2020) was to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below.
Until "Native" NGINX is later implemented for that IIAB App/Service &mdash; allowing it to move up to *Section ii.* below. Until "Native" NGINX is later implemented for each such IIAB App/Service &mdash; allowing each to move up to *Section ii.* below.
And potentially later moving each up to *Section i.* if its Apache support is dropped!
And potentially later moving it up to *Section i.* if its Apache support is dropped!
(Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles)) (Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles))
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
3. Current state of IIAB App/Service migrations as of 2021-05-15: 3. Current state of IIAB App/Service migrations as of 2021-07-06: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
1. These support "Native" NGINX but ***NOT*** Apache 1. These support "Native" NGINX but ***NOT*** Apache
* Admin Console * Admin Console
* captiveportal * captiveportal
* IIAB documentation (http://box/info) * IIAB documentation (http://box/info)
* jupyterhub * jupyterhub
* moodle
* nodered
* osm-vector-maps * osm-vector-maps
* OER2Go/RACHEL modules * OER2Go/RACHEL modules
* usb_lib * usb_lib
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)--> 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
* awstats * awstats
* calibre-web * calibre-web
* gitea * gitea
@ -34,16 +38,16 @@
* sugarizer * sugarizer
* wordpress * wordpress
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache. 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache.
* elgg * elgg
* moodle
* nodered
4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
* bluetooth * bluetooth
* calibre (menu goes directly to port 8080) * calibre (menu goes directly to port 8080)
* cups [(available on port 631) * shim not yet in place.] * cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)]
* internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*] * internetarchive (menu goes directly to port 4244) [*, [PR #2120](https://github.com/iiab/iiab/pull/2120)]
* kalite (menu goes directly to ports 8006-8008) * kalite (menu goes directly to ports 8006-8008)
* minetest * minetest
* mosquitto * mosquitto
@ -55,4 +59,4 @@
* transmission * transmission
* vnstat * vnstat
[*] The 4 above starred roles could use improvement, as of 2021-05-15. [*] The 4 above starred roles could use improvement, as of 2021-07-06.

View file

@ -5,16 +5,15 @@
ignore_errors: yes ignore_errors: yes
# 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2
- name: Install required and helper packages for NGINX - name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3'
package: package:
name: "{{ item }}" name:
- libnginx-mod-http-subs-filter
- nginx-extras
- php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
- uwsgi # Admin Console & roles/captiveportal should really install
- uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these).
state: present state: present
with_items:
- nginx-extras
- uwsgi
- uwsgi-plugin-python3
- php-fpm
- libnginx-mod-http-subs-filter
# 2020-10-16: Removed per #2560 # 2020-10-16: Removed per #2560
#- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console #- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
@ -27,7 +26,7 @@
path: /etc/nginx/sites-enabled/default path: /etc/nginx/sites-enabled/default
state: absent state: absent
- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf' - name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types'
template: template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"

View file

@ -1,6 +1,6 @@
# IIAB notes: # IIAB notes:
# /etc/nginx/sites-enabled is for server declarations # /etc/nginx/conf.d/* are included by /etc/nginx/server.conf
# /etc/nginx/conf.d is for location declarations within the main server block # /etc/nginx/sites-enabled/*.conf includes other sites
user www-data; user www-data;
worker_processes auto; worker_processes auto;
@ -79,6 +79,13 @@ http {
'' close; '' close;
} }
# 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple
# and LG devices: https://github.com/learningequality/kolibri/issues/8164
# http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges
# This should help all roles! RECAP: when unproxied, Kolibri videos worked
# (http://box:8009/kolibri/) but not when proxied (http://box/kolibri/).
proxy_force_ranges on;
## ##
# Virtual Host Configs # Virtual Host Configs
## ##

View file

@ -1,35 +1,35 @@
server { server {
root {{ doc_root }}; root {{ doc_root }};
server_name {{ iiab_hostname }}; server_name {{ iiab_hostname }};
listen 80; listen 80;
index index.php index.html index.htm;
# let individual services drop location blocks in conf.d index index.php index.html index.htm;
include {{ nginx_conf_dir }}/*;
location ~ .*\.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
location /cgi-bin {
root /usr/lib;
}
# if you don't like seeing all the errors for missing favicon.ico in root # let individual services drop location blocks in conf.d
location = /favicon.ico { access_log off; log_not_found off; } include {{ nginx_conf_dir }}/*;
# if you don't like seeing errors for a missing robots.txt in root location ~ .*\.php$ {
location = /robots.txt { access_log off; log_not_found off; } proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
# this will prevent files like .htaccess .htpassword .secret etc from being served proxy_set_header Host $host;
location ~ /\. { deny all; } fastcgi_pass php;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
location /cgi-bin {
root /usr/lib;
}
# if you don't like seeing all the errors for missing favicon.ico in root
location = /favicon.ico { access_log off; log_not_found off; }
# if you don't like seeing errors for a missing robots.txt in root
location = /robots.txt { access_log off; log_not_found off; }
# this will prevent files like .htaccess .htpassword .secret etc from being served
location ~ /\. { deny all; }
} }

View file

@ -1,15 +1,11 @@
# 2020-01-23: nodejs_install is completely ignored as Node.js is installed on # 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed
# demand as a dependency -- by Node-RED, Sugarizer and/or Internet Archive -- # on demand as a dependency by 4 roles -- internetarchive (Internet Archive),
# but for now we set fake value 'nodejs_install: True' for # nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer:
# 'nodejs_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml
# nodejs_install: True # nodejs_install: False
# nodejs_enabled: False # nodejs_enabled: False
# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: # nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17
# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer)
# nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

View file

@ -32,7 +32,7 @@
# /etc/iiab/local_vars.yml -- then re-run this IIAB installer. # /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == "" # when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
# Forces < 12 or > 12 to be removed, ignored if file is absent # Forces < 16.x or > 16.x to be removed, ignored if file is absent
- name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }} - name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
file: file:
state: absent state: absent
@ -40,14 +40,14 @@
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js # BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
# Forces < 12 or > 12 to be uninstalled # Forces < 16.x or > 16.x to be uninstalled
- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }}) - name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }})
package: package:
name: nodejs name: nodejs
state: absent state: absent
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != "" when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# Forces == 12 # Forces == 16.x
- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated - name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
debug: debug:
msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com" msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"

View file

@ -1,4 +1,4 @@
# SEE VAR nodejs_version: 14.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR # SEE VAR nodejs_version: 16.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR
# NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml # NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml
# Duplicate Node.js code unified by @jvonau. Revised by @holta. Used by: # Duplicate Node.js code unified by @jvonau. Revised by @holta. Used by:

View file

@ -1,15 +1,5 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'" # 2019-01-16: @jvonau's PR #1403 moved installation of Node.js [8.x at the time]
set_fact: # and npm to roles/nodejs/tasks/main.yml
apache_install: True
apache_enabled: True
- name: APACHE - run 'httpd' role
include_role:
name: httpd
# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) &
# npm to roles/nodejs/tasks/main.yml
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'" - name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
set_fact: set_fact:
@ -48,7 +38,7 @@
state: absent state: absent
when: nodered_install when: nodered_install
# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED
# environment, inspired by: # environment, inspired by:
# https://nodered.org/docs/hardware/raspberrypi # https://nodered.org/docs/hardware/raspberrypi
# https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered # https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered
@ -112,18 +102,11 @@
dest: /etc/systemd/system/nodered.service dest: /etc/systemd/system/nodered.service
# mode: '0666' # mode: '0666'
- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template
template:
backup: yes
src: nodered.conf.j2
dest: "/etc/{{ apache_conf_dir }}/nodered.conf"
# mode: '0666'
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
- name: Enable proxy_wstunnel apache2 module #- name: Enable proxy_wstunnel apache2 module
apache2_module: # apache2_module:
state: present # state: present
name: proxy_wstunnel # name: proxy_wstunnel
# RECORD Node-RED AS INSTALLED # RECORD Node-RED AS INSTALLED

View file

@ -39,14 +39,8 @@
state: stopped state: stopped
when: not nodered_enabled when: not nodered_enabled
#- name: Enable/Disable/Restart Apache if primary - name: Enable/Disable/Restart NGINX
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
#when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml include_tasks: nginx.yml
when: nginx_enabled
- name: Add 'nodered' variable values to {{ iiab_ini_file }} - name: Add 'nodered' variable values to {{ iiab_ini_file }}

View file

@ -1,3 +1,26 @@
# 'nodered_port: 1880' is set in /opt/iiab/iiab/vars/default_vars.yml
# https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services
location /nodered/ { location /nodered/ {
proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/; proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
} }
#location /nodered/debug/ws/ {
# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws;
#
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
#}
#location /nodered/comms/ {
# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms;
#
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
#}

View file

@ -170,16 +170,17 @@
dest: "{{ vector_map_path }}/maplist/index.html" dest: "{{ vector_map_path }}/maplist/index.html"
force: yes force: yes
- name: Get packages necessary for map installation - name: "Install packages for map installation: python3-wget, php{{ php_version }}-sqlite3, python3-geojson, python3-pil"
package: package:
state: present state: present
name: name:
- python3-wget - python3-wget
- "php{{ php_version }}-sqlite3" #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-sqlite3
- python3-geojson - python3-geojson
- python3-pil - python3-pil
- name: Copy a scripts to download tiles - name: Copy 6 scripts to /usr/bin, for downloading tiles
get_url: get_url:
url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/scripts/{{ item }}" url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/scripts/{{ item }}"
dest: /usr/bin/ dest: /usr/bin/

View file

@ -1,30 +1,39 @@
- name: FreePBX - Install dependencies - name: FreePBX - Install dependencies (run 'php -m' or 'php -i' to verify PHP modules)
package: package:
name: name:
- wget - wget
- git - git
- unixodbc # for Asterisk CDR (Call Detail Records) - unixodbc # for Asterisk CDR (Call Detail Records)
- sudo # required by FreePBX install script - sudo # required by FreePBX install script
- net-tools # required by FWConsole (command-line utility, that controls FreePBX) - net-tools # required by FWConsole (command-line utility, that controls FreePBX)
- cron # required by FreePBX UCP package (User Control Panel) - cron # required by FreePBX UCP package (User Control Panel)
- sox # required for CDR web-playback - sox # required for CDR web-playback
- php #- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
- php-pear - php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-cgi - php{{ php_version }}-cgi
- php-common #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php-curl - php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-mbstring - php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml
- php-gd #- php{{ php_version }}-gettext
- php-mysql - php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
# - php-gettext - php{{ php_version }}-imap
- php-bcmath #- php{{ php_version }}-json # See stanza just below
- php-zip - php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-xml - php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-imap - php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
- php-json - php{{ php_version }}-snmp
- php-snmp - php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php-fpm - php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- libapache2-mod-php - libapache2-mod-php
# - python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33 #- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user - libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user
state: latest state: latest
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')

View file

@ -4,6 +4,6 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
phpmyadmin_version: 5.1.0 phpmyadmin_version: 5.1.1
phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages"
phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz"

View file

@ -29,7 +29,7 @@
# 2. DOWNLOAD+LINK /opt/iiab/sugarizer # 2. DOWNLOAD+LINK /opt/iiab/sugarizer
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB) - name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~469 MB)
git: git:
repo: https://github.com/llaske/sugarizer repo: https://github.com/llaske/sugarizer
dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}" dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}"

View file

@ -11,6 +11,33 @@
# and security enhancements using timestamps under /library/wordpress, as these # and security enhancements using timestamps under /library/wordpress, as these
# can arise without warning when WordPress is online, since WordPress ~4.8 # can arise without warning when WordPress is online, since WordPress ~4.8
# 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here:
# https://make.wordpress.org/hosting/handbook/server-environment/
- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
package:
name:
- libsodium23 # Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND moodle/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
- php{{ php_version }}-bcmath # OPTIONAL: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php-imagick # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in nextcloud/tasks/install.yml
- php{{ php_version }}-intl # OPTIONAL: Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml
#- php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
state: present
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} - name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}
get_url: get_url:
url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"

View file

@ -1,23 +1,26 @@
# Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_base" runs here, probably in 3-BASE-SERVER.
# Role "www_options" runs later, likely in 4-SERVER-OPTIONS. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS.
- name: 'Install ~10 PHP packages (debuntu)' # 2021-06-27: Antifragile roles can become less brittle by fully declaring
package: # their own dependencies (i.e. for modularity, separation-of-concerns,
name: # encapsulation, compartmentalization, scope sanity, etc).
# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC #
- php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec? #- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify)
- php{{ php_version }}-curl # package:
- php{{ php_version }}-gd # name:
- php{{ php_version }}-imap # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this unfortunately forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC
- php{{ php_version }}-ldap # - php{{ php_version }}-common # 2021-06-27: @jvonau suggested this (2020-05-21) to avoid Apache packages dragged in above. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-mysql # - php{{ php_version }}-curl # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
- php{{ php_version }}-odbc # - php{{ php_version }}-gd # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
- php-pear # - php{{ php_version }}-imap # 2021-06-27: Installed in pbx/tasks/freepbx_dependencies.yml
# - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461. # - php{{ php_version }}-ldap # 2021-06-27: Experimentally remove
- php{{ php_version }}-xml # Was below # - php{{ php_version }}-mysql # 2021-06-30: Installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
- php{{ php_version }}-xmlrpc # - php{{ php_version }}-odbc # 2021-06-27: Experimentally remove
state: present # - php-pear # 2021-06-27: REQUIRED BY ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
when: is_debuntu # - php{{ php_version }}-sqlite3 # 2020-07-10: Installed in osm-vector-maps/tasks/install.yml as part of OSM fix PR #2464 for #2461
# - php{{ php_version }}-xml # 2021-06-30: Installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
# - php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove -- SEE EXPLANATION IN moodle/tasks/main.yml
# state: present
- name: Using html.yml - name: Using html.yml
include_tasks: html.yml include_tasks: html.yml

View file

@ -49,17 +49,17 @@
when: when:
lxde_present.stat.exists and chromium_present.stat.exists lxde_present.stat.exists and chromium_present.stat.exists
- debug: - debug:
msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled' msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install'
- block: # 3-STANZA BLOCK BEGINS - block: # 5-STANZA BLOCK BEGINS
# FYI roles/nginx has already installed package php-fpm, in 3-base-server # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server
- name: Raise 2+2 PHP default values in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/Moodle/PBX (allow photos/docs up to 100MB, 100s timeouts, but preserve PHP's 128MB RAM limit) - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"
lineinfile: lineinfile:
path: "/etc/php/{{ php_version }}/fpm/php.ini" path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
#path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
line: "{{ item.line }}" line: "{{ item.line }}"
with_items: with_items:
@ -68,20 +68,38 @@
- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' } - { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' } - { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }
- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requests 5000' } - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: not nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
# 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"
# (to reset/restore PHP's defaults) is not necessary at this time. lineinfile:
path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' }
- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }
- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
# COMPARE apache_allow_sudo further below. # 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional
# clauses (to reset/restore PHP's defaults) are not necessary at this time.
# 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES*
# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- even though during
# regular operation it instead uses .../apache2/php.ini or .../fpm/php.ini
#
# SEE ALSO roles/moodle/tasks/install.yml WHERE SIMILAR SURGERY'S DONE TO
# /etc/php/{{ php_version }}/apache2/php.ini UNTIL MOODLE'S PORTED TO NGINX!
# WARNING: This might cause excess use of RAM/disk or other resources! # WARNING: This might cause excess use of RAM/disk or other resources!
# The 5 values below were chosen by @ericnitschke and @kananigit in ~2018. # The 5 first values below were chosen by @ericnitschke and @kananigit in ~2018.
- name: Enact nginx_high_php_limits in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Nextcloud/Moodle/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, 512MB RAM limit) - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
lineinfile: lineinfile:
path: "/etc/php/{{ php_version }}/fpm/php.ini" path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
#path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
line: "{{ item.line }}" line: "{{ item.line }}"
with_items: with_items:
@ -90,15 +108,29 @@
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
lineinfile:
path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
- name: Restart 'php{{ php_version }}-fpm' systemd service - name: Restart 'php{{ php_version }}-fpm' systemd service
systemd: systemd:
name: "php{{ php_version }}-fpm" name: php{{ php_version }}-fpm
state: restarted state: restarted
when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled # 3-STANZA BLOCK ENDS when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below.
# 'Is a "Rapid Power Off" button possible for low-electricity environments?' # 'Is a "Rapid Power Off" button possible for low-electricity environments?'

View file

@ -9,31 +9,32 @@
APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint
CURR_VER=undefined # Ansible version you currently have installed CURR_VER=undefined # Ansible version you currently have installed
GOOD_VER=2.11.0 # Orig for 'yum install [rpm]' & XO laptops (pip install) GOOD_VER=2.11.2 # Orig for 'yum install [rpm]' & XO laptops (pip install)
# 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and
# .gpg key etc) are commented out with ### below. Associated guidance/comments
# are intentionally preserved.
# 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive # 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive
# delays in publishing the PPA (.deb installer files) for ansible-core, this # delays in publishing the PPA (.deb installer files) for ansible-core, this
# file bypasses the apt approach (and associated PPA source) in favor of: # file bypasses the apt approach (and associated PPA source) in favor of:
# #
# pip3 install ansible-core # pip3 install --upgrade ansible-core
#
# What the future holds for 2022+ is not yet clear. So the apt approach (with
# PPA source in /etc/apt/sources.list.d and .gpg key etc) and much associated
# guidance/comments below are NOT being commented out or deleted at this time.
# We install the latest 'ansible-core' from PPA, using an OS 'CODENAME' below: # 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either
# https://launchpad.net/~ansible/+archive/ubuntu/ansible # OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible
# 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED) # 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED)
if grep -q buster /etc/os-release /etc/debian_version; then ###if grep -q buster /etc/os-release /etc/debian_version; then
CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros ### CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros
else ###else
CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC) ### CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC)
fi ###fi
# APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+): # APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+):
# https://www.ansible.com/blog/ansible-3.0.0-qa # https://www.ansible.com/blog/ansible-3.0.0-qa
# https://github.com/ansible/ansible/releases # https://github.com/ansible/ansible/releases
# https://github.com/ansible/ansible/commits/stable-2.11
# https://pypi.org/project/ansible-base/ # https://pypi.org/project/ansible-base/
# https://pypi.org/project/ansible-core/ # https://pypi.org/project/ansible-core/
# https://releases.ansible.com/ansible-base/ # https://releases.ansible.com/ansible-base/
@ -47,25 +48,24 @@ fi
# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_10.rst # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_10.rst
# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_11.rst # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_11.rst
# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689, #2742 or #2743 ?) # FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743)
# IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below # IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below
# ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible: # ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible:
# TEMPORARILY USE pip3 to install the latest ansible-core as listed at # TEMPORARILY USE pip3 to install the latest ansible-core as listed at
# https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core") # https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core")
#apt install python3-pip
#pip3 install ansible-core # Then start a new shell, so /usr/local/bin works
#apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv #apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv
#pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works
#ansible-galaxy collection install -r collections.yml #ansible-galaxy collection install -r collections.yml
# TEMPORARILY USE ansible-base 2.10.9 (REMOVE W/ "pip3 uninstall ansible-base") # TEMPORARILY USE ansible-base 2.10.11 (REMOVE W/ "pip3 uninstall ansible-base")
#apt install python3-pip #apt install python3-pip
#pip3 install ansible-base==2.10.9 # Start new shell, so /usr/local/bin works #pip3 install ansible-base==2.10.11 # Start new shell, so /usr/local/bin works
# TEMPORARILY USE ANSIBLE 2.9.21 (REMOVE IT WITH "pip uninstall ansible") # TEMPORARILY USE ANSIBLE 2.9.23 (REMOVE IT WITH "pip3 uninstall ansible")
#apt install python3-pip #apt install python3-pip
#pip3 install ansible==2.9.21 #pip3 install ansible==2.9.23
# TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669
#echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"
@ -77,7 +77,7 @@ export DEBIAN_FRONTEND=noninteractive
# Why 'noninteractive' appears needed: # Why 'noninteractive' appears needed:
# https://github.com/iiab/iiab/issues/564#issuecomment-347264985 # https://github.com/iiab/iiab/issues/564#issuecomment-347264985
echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE)\n" echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE ETC)\n"
#echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n' #echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n'
echo -e "RECOMMENDED PREREQUISITES:" echo -e "RECOMMENDED PREREQUISITES:"
@ -121,8 +121,8 @@ fi
#$APT_PATH/apt update #$APT_PATH/apt update
#$APT_PATH/apt -y install dirmngr #$APT_PATH/apt -y install dirmngr
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ #echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \ ###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
> /etc/apt/sources.list.d/iiab-ansible.list ### > /etc/apt/sources.list.d/iiab-ansible.list
# In future we might instead consider 'add-apt-repository ppa:ansible/ansible' # In future we might instead consider 'add-apt-repository ppa:ansible/ansible'
# or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined # or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined
@ -140,25 +140,26 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la
# 2021-04-26: JV & @holta WIP: (see above) # 2021-04-26: JV & @holta WIP: (see above)
#echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n' #echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n'
#apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367 #apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg ###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
#chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg #chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg
echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"' ###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n" ###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n"
echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO" ###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO"
echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n' ###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n'
grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error) ###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error)
echo -e "\napt update; apt install ansible-core and python3 dependencies explained at:" echo -e "\napt update; apt install of python3-* / virtualenv packages explained at:"
echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n" echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n"
$APT_PATH/apt update $APT_PATH/apt update
$APT_PATH/apt -y install python3-pip
pip3 install ansible-core
#$APT_PATH/apt -y --allow-downgrades install ansible-core \ #$APT_PATH/apt -y --allow-downgrades install ansible-core \
$APT_PATH/apt -y --allow-downgrades install \ $APT_PATH/apt -y install \
python3-pymysql python3-psycopg2 python3-passlib python3-pip \ python3-pymysql python3-psycopg2 python3-passlib python3-pip \
python3-setuptools python3-packaging python3-venv virtualenv python3-setuptools python3-packaging python3-venv virtualenv
echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n"
pip3 install --upgrade ansible-core
# (Re)running collection installs appears safe, with --force-with-deps to force # (Re)running collection installs appears safe, with --force-with-deps to force
# upgrade of collection and dependencies it pulls in. Note Ansible may support # upgrade of collection and dependencies it pulls in. Note Ansible may support
# explicit upgrading of collections (--upgrade / -U flag) in version "2.11" # explicit upgrading of collections (--upgrade / -U flag) in version "2.11"
@ -178,7 +179,9 @@ ansible-galaxy collection install --force-with-deps \
#mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible #mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible
#echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts #echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts
echo -e "SUCCESS INSTALLING ANSIBLE! PLEASE VERIFY WITH COMMANDS LIKE:" echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n"
echo -e " ansible --version" echo -e " ansible --version"
echo -e " pip show ansible-core" echo -e " pip show ansible-core"
echo -e " apt -a list ansible-core\n\n" echo -e ' apt -a list "ansible*"'
echo -e " ansible-galaxy collection list\n"
echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n"

View file

@ -7,7 +7,7 @@ Starting in November 2019, IIAB's Ansible installer ([/opt/iiab/iiab/scripts/ans
1. Ansible module: [pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html) 1. Ansible module: [pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html)
IIAB installs apt packages: IIAB installs apt packages:
- **python3-pip** (for IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console)) - **python3-pip** (for `pip3 install ansible-core` & IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console))
- **python3-setuptools** - **python3-setuptools**
- **virtualenv** (is Python 3 only, for [roles/kalite](https://github.com/iiab/iiab/tree/master/roles/kalite) & [roles/calibre-web](https://github.com/iiab/iiab/tree/master/roles/calibre-web) ?) and pulls in additional packages... (`apt show virtualenv` shows "Depends: python3, python3-virtualenv") - **virtualenv** (is Python 3 only, for [roles/kalite](https://github.com/iiab/iiab/tree/master/roles/kalite) & [roles/calibre-web](https://github.com/iiab/iiab/tree/master/roles/calibre-web) ?) and pulls in additional packages... (`apt show virtualenv` shows "Depends: python3, python3-virtualenv")
- **python3-virtualenv** and pulls in additional package... (`apt show python3-virtualenv` shows "Depends: python-pip-whl (>= 8.1.1-2), python3, python3-distutils, python3-pkg-resources") - **python3-virtualenv** and pulls in additional package... (`apt show python3-virtualenv` shows "Depends: python-pip-whl (>= 8.1.1-2), python3, python3-distutils, python3-pkg-resources")

View file

@ -60,8 +60,9 @@ OS_VER=$OS-$VERSION_ID
# 2020-10-21: Debian 11 (Bullseye) not yet supported but adding this line to # 2020-10-21: Debian 11 (Bullseye) not yet supported but adding this line to
# its /etc/os-release can help testing this unreleased OS: VERSION_ID="11" # its /etc/os-release can help testing this unreleased OS: VERSION_ID="11"
# 2020-11-14: Ubuntu 21.04 (Hirsute Hippo) not yet supported but this # 2021-06-19: Ubuntu 21.10 (Impish Indri) not yet supported but this
# unreleased OS can help testing. # unreleased OS can help testing. For now this means MANUALLY changing
# php_version: 7.4 to 8.0 in /opt/iiab/iiab/vars/ubuntu-21.yml
case $OS_VER in case $OS_VER in
"debian-10" | \ "debian-10" | \
@ -69,7 +70,8 @@ case $OS_VER in
"ubuntu-20" | \ "ubuntu-20" | \
"ubuntu-21" | \ "ubuntu-21" | \
"linuxmint-20" | \ "linuxmint-20" | \
"raspbian-10") "raspbian-10" | \
"raspbian-11")
;; ;;
*) OS_VER="OS_not_supported" *) OS_VER="OS_not_supported"
;; ;;

View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True is_debuntu: True
is_debian: True is_debian: True # Opposite of is_ubuntu for now
is_debian_10: True is_debian_10: True
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True # 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True

View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True is_debuntu: True
is_debian: True is_debian: True # Opposite of is_ubuntu for now
is_debian_11: True is_debian_11: True
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True # 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True

View file

@ -265,9 +265,10 @@ nginx_log_dir: /var/log/nginx
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: # For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources! # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# Make this False to disable http://box/common/services/power_off.php button: # Make this False to disable http://box/common/services/power_off.php button:
apache_allow_sudo: True apache_allow_sudo: True
@ -392,6 +393,7 @@ lokole_enabled: False
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf' # lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35 # Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
lokole_sim_type: LocalOnly lokole_sim_type: LocalOnly
lokole_client_id: None
mediawiki_install: False mediawiki_install: False
mediawiki_enabled: False mediawiki_enabled: False
@ -401,13 +403,12 @@ mosquitto_install: False
mosquitto_enabled: False mosquitto_enabled: False
mosquitto_port: 1883 mosquitto_port: 1883
# 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Node.js is installed on demand # 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed
# as a dependency -- by Node-RED, Sugarizer &/or Internet Archive # on demand as a dependency by 4 roles -- internetarchive (Internet Archive),
# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer:
nodejs_install: False nodejs_install: False
nodejs_enabled: False nodejs_enabled: False
# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17
# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer)
nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29
# Flow-based visual programming for wiring together IoT hardware devices etc # Flow-based visual programming for wiring together IoT hardware devices etc
nodered_install: False nodered_install: False
@ -432,7 +433,8 @@ nextcloud_enabled: False
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. # Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False pbx_install: False
pbx_enabled: False pbx_enabled: False
asterisk_chan_dongle: False asterisk_chan_dongle: False
@ -456,7 +458,7 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite
kolibri_install: False kolibri_install: False
kolibri_enabled: False kolibri_enabled: False
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
kolibri_http_port: 8009 kolibri_http_port: 8009
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
@ -473,6 +475,7 @@ kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk
postgresql_install: False postgresql_install: False
postgresql_enabled: False postgresql_enabled: False
# Warning: Moodle is a serious LMS, that takes a while to install.
moodle_install: False moodle_install: False
moodle_enabled: False moodle_enabled: False
# If using Moodle intensively, set nginx_high_php_limits further above. # If using Moodle intensively, set nginx_high_php_limits further above.
@ -719,6 +722,7 @@ is_debian_9: False
is_debian_8: False is_debian_8: False
is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian) is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian)
is_raspbian_11: False
is_raspbian_10: False is_raspbian_10: False
is_raspbian_9: False is_raspbian_9: False
is_raspbian_8: False is_raspbian_8: False

View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True is_debuntu: True
is_ubuntu: True is_ubuntu: True # Opposite of is_debian for now
is_ubuntu_20: True is_ubuntu_20: True
is_linuxmint: True is_linuxmint: True
is_linuxmint_20: True is_linuxmint_20: True

View file

@ -168,9 +168,10 @@ pi_swap_file_size: 1024
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: # For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources! # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file # See also Apache vars {default_language, language_priority} @ top of this file
# #
@ -260,9 +261,6 @@ jupyterhub_enabled: True
# Lokole (email for rural communities) from https://ascoderu.ca # Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: True lokole_install: True
lokole_enabled: True lokole_enabled: True
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
lokole_sim_type: LocalOnly
mediawiki_install: True mediawiki_install: True
mediawiki_enabled: True mediawiki_enabled: True
@ -292,7 +290,8 @@ nextcloud_enabled: True
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. # Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False pbx_install: False
pbx_enabled: False pbx_enabled: False
asterisk_chan_dongle: False asterisk_chan_dongle: False
@ -310,7 +309,7 @@ kalite_enabled: True
kolibri_install: True kolibri_install: True
kolibri_enabled: True kolibri_enabled: True
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: True kiwix_install: True
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url1: /books # For SHORT URL http://box/books (English)
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres # For SHORT URL http://box/livres (French) calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"

View file

@ -168,9 +168,10 @@ pi_swap_file_size: 1024
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: # For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources! # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file # See also Apache vars {default_language, language_priority} @ top of this file
# #
@ -260,9 +261,6 @@ jupyterhub_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca # Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False lokole_install: False
lokole_enabled: False lokole_enabled: False
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
lokole_sim_type: LocalOnly
mediawiki_install: False mediawiki_install: False
mediawiki_enabled: False mediawiki_enabled: False
@ -292,7 +290,8 @@ nextcloud_enabled: True
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. # Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False pbx_install: False
pbx_enabled: False pbx_enabled: False
asterisk_chan_dongle: False asterisk_chan_dongle: False
@ -310,7 +309,7 @@ kalite_enabled: True
kolibri_install: False kolibri_install: False
kolibri_enabled: False kolibri_enabled: False
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: True kiwix_install: True
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url1: /books # For SHORT URL http://box/books (English)
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres # For SHORT URL http://box/livres (French) calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"

View file

@ -168,9 +168,10 @@ pi_swap_file_size: 1024
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively: # For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
nginx_high_php_limits: False nginx_high_php_limits: False
# WARNING: Enabling this might cause excess use of RAM/disk or other resources! # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... # roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66 # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
# See also Apache vars {default_language, language_priority} @ top of this file # See also Apache vars {default_language, language_priority} @ top of this file
# #
@ -260,9 +261,6 @@ jupyterhub_enabled: False
# Lokole (email for rural communities) from https://ascoderu.ca # Lokole (email for rural communities) from https://ascoderu.ca
lokole_install: False lokole_install: False
lokole_enabled: False lokole_enabled: False
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
lokole_sim_type: LocalOnly
mediawiki_install: False mediawiki_install: False
mediawiki_enabled: False mediawiki_enabled: False
@ -292,7 +290,8 @@ nextcloud_enabled: False
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 # nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3. # Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
# If using PBX intensively, set nginx_high_php_limits further above.
pbx_install: False pbx_install: False
pbx_enabled: False pbx_enabled: False
asterisk_chan_dongle: False asterisk_chan_dongle: False
@ -310,7 +309,7 @@ kalite_enabled: True
kolibri_install: False kolibri_install: False
kolibri_enabled: False kolibri_enabled: False
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
kiwix_install: True kiwix_install: True
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
calibreweb_url1: /books # For SHORT URL http://box/books (English) calibreweb_url1: /books # For SHORT URL http://box/books (English)
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish) calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
calibreweb_url3: /livres # For SHORT URL http://box/livres (French) calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"

View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True is_debuntu: True
is_debian: True is_debian: True # Opposite of is_ubuntu for now
is_debian_10: True is_debian_10: True
is_raspbian: True is_raspbian: True
is_raspbian_10: True is_raspbian_10: True

40
vars/raspbian-11.yml Normal file
View file

@ -0,0 +1,40 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True
is_debian: True # Opposite of is_ubuntu for now
is_debian_11: True
is_raspbian: True
is_raspbian_11: True
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True
# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True)
dns_service: bind9
dns_user: bind
dhcp_service: isc-dhcp-server
proxy: squid
proxy_user: proxy
apache_service: apache2
apache_conf_dir: apache2/sites-available
apache_user: www-data
apache_log_dir: /var/log/apache2
smb_service: smbd
nmb_service: nmbd
systemctl_program: /bin/systemctl
mysql_service: mariadb
apache_log: /var/log/apache2/access.log
sshd_package: ssh
sshd_service: ssh
php_version: 7.4
postgresql_version: 13
systemd_location: /lib/systemd/system
python_ver: 3.9
# Minetest for RPi
minetest_server_bin: /library/games/minetest/bin/minetestserver
minetest_working_dir: /library/games/minetest
minetest_game_dir: /library/games/minetest/games/minetest_game
minetest_rpi_src_tar: minetest.5.1.1.tar.gz
#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}"
minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}"
minetest_rpi_src_untarred: Minetest

View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True is_debuntu: True
is_ubuntu: True is_ubuntu: True # Opposite of is_debian for now
is_ubuntu_20: True is_ubuntu_20: True
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True # 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True

View file

@ -1,5 +1,7 @@
# Every is_<OS> var is initially set to 'False' at the bottom of
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
is_debuntu: True is_debuntu: True
is_ubuntu: True is_ubuntu: True # Opposite of is_debian for now
is_ubuntu_21: True is_ubuntu_21: True
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True # 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True