mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Merge branch 'master' into lokole-with-less-apache
This commit is contained in:
commit
4a0829f215
81 changed files with 830 additions and 542 deletions
|
@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file:
|
||||||
Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details.
|
Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details.
|
||||||
|
|
||||||
All files not containing an explicit copyright notice or terms of license in
|
All files not containing an explicit copyright notice or terms of license in
|
||||||
the file are Copyright © 2015-2020, Unleash Kids, and are licensed under the
|
the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the
|
||||||
terms of the GPLv2 license in the file named LICENSE in the root of the
|
terms of the GPLv2 license in the file named LICENSE in the root of the
|
||||||
repository.
|
repository.
|
||||||
|
|
|
@ -35,11 +35,12 @@ Finally, you can [customize your Internet-in-a-Box home page](http://wiki.laptop
|
||||||
|
|
||||||
Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians *and* IT/UX/QA people of all kinds!
|
Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians *and* IT/UX/QA people of all kinds!
|
||||||
|
|
||||||
Please see "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO)
|
If you would like to volunteer, please [make contact](http://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](http://wiki.laptop.org/go/IIAB/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](http://FAQ.IIAB.IO)
|
||||||
|
|
||||||
To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide). FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components.
|
<!-- To learn about our software architecture, check out our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide).-->
|
||||||
|
|
||||||
To learn more about our open community architecture for "offline" education, start by reviewing "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)"
|
To learn more about our open community architecture for "offline" learning, check out "[What technical documentation exists?](http://wiki.laptop.org/go/IIAB/FAQ#What_technical_documentation_exists.3F)"
|
||||||
|
FYI we use [Ansible](http://wiki.laptop.org/go/IIAB/FAQ#What_is_Ansible_and_what_version_should_I_use.3F) <!--as the underlying technology--> to install, deploy, configure and manage the various software components.
|
||||||
|
|
||||||
*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.*
|
*Thank you for helping us enable offline access to the Internet's free/open knowledge jewels, as well as "Sneakernet-of-Alexandria" distribution of local/indigenous content, when mass media channels do not serve grassroots voices.*
|
||||||
|
|
||||||
|
|
|
@ -46,7 +46,7 @@ else
|
||||||
echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n"
|
echo -e "\n\e[1mWARNING: openvpn_handle remains unchanged in both above files.\e[0m\n"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if grep -q '^openvpn_install: True' /etc/iiab/local_vars.yml; then
|
if grep -q '^openvpn_installed: True\b' /etc/iiab/iiab_state.yml; then
|
||||||
echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
|
echo -e "Your IIAB installation appears normal, with OpenVPN already installed...\n"
|
||||||
else
|
else
|
||||||
echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n"
|
echo -e "Plz wait a few minutes as sshd, iiab-admin & OpenVPN are confirmed/installed...\n"
|
||||||
|
@ -58,8 +58,6 @@ else
|
||||||
|
|
||||||
if [ -d /opt/iiab/iiab ]; then
|
if [ -d /opt/iiab/iiab ]; then
|
||||||
cd /opt/iiab/iiab
|
cd /opt/iiab/iiab
|
||||||
#CWD=`pwd`
|
|
||||||
#export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
|
|
||||||
export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log"
|
export ANSIBLE_LOG_PATH="/opt/iiab/iiab/iiab-install.log"
|
||||||
ansible -m setup -i $INVENTORY localhost --connection=local | grep python
|
ansible -m setup -i $INVENTORY localhost --connection=local | grep python
|
||||||
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local
|
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local
|
||||||
|
|
|
@ -2,7 +2,15 @@
|
||||||
1-prep README
|
1-prep README
|
||||||
=============
|
=============
|
||||||
|
|
||||||
This 1st stage is primarily hardware-focused, prior to OS additions/mods.
|
This 1st stage (1-prep) is primarily hardware-focused, prior to OS
|
||||||
|
additions/mods, but also includes critical pieces sometimes needed for
|
||||||
|
remote support:
|
||||||
|
|
||||||
Traditionally it included preliminaries like hostname and things specific to a
|
- SSH
|
||||||
particular platform, such as the XO laptop, done before the bulk of the install.
|
- `iiab-admin <https://github.com/iiab/iiab/tree/master/roles/iiab-admin>`_ username and group to log into Admin Console
|
||||||
|
- OpenVPN software if/as needed later for remote support
|
||||||
|
|
||||||
|
Traditionally 1-prep also included preliminaries like hostname and
|
||||||
|
hardware-oriented things specific to a particular platform (such as
|
||||||
|
One Laptop Per Child's XO laptop) i.e. critical setup prior to the
|
||||||
|
bulk of IIAB's software install.
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
- name: Install package networkd-dispatcher (OS's other than RaspOS)
|
- name: Install package networkd-dispatcher (OS's other than RaspiOS)
|
||||||
package:
|
package:
|
||||||
name: networkd-dispatcher
|
name: networkd-dispatcher
|
||||||
state: present
|
state: present
|
||||||
when: not is_raspbian
|
when: not is_raspbian
|
||||||
|
|
||||||
# used in the network role
|
# used in the network role
|
||||||
- name: Install network related packages (debuntu)
|
- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask (debuntu)'
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- iproute2
|
- iproute2
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
state: present
|
state: present
|
||||||
when: is_debuntu
|
when: is_debuntu
|
||||||
|
|
||||||
- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
|
- name: Install /etc/network/if-pre-up.d/iptables from template (0755, debuntu)
|
||||||
template:
|
template:
|
||||||
src: iptables
|
src: iptables
|
||||||
dest: /etc/network/if-pre-up.d/iptables
|
dest: /etc/network/if-pre-up.d/iptables
|
||||||
|
|
|
@ -4,10 +4,12 @@
|
||||||
|
|
||||||
This 3rd stage installs base server infra that Internet-in-a-Box requires, including:
|
This 3rd stage installs base server infra that Internet-in-a-Box requires, including:
|
||||||
|
|
||||||
- the web server (Apache for now, possibly NGINX in future)
|
- `MySQL <https://github.com/iiab/iiab/blob/master/roles/mysql>`_ (database underlying many/most user-facing apps). This IIAB role also installs apt package:
|
||||||
- administrator security (username iiab-admin by default)
|
- **php{{ php_version }}-mysql** — which forcibly installs **php{{ php_version }}-common**
|
||||||
- MySQL (the database underlying many/most user-facing apps)
|
- `NGINX <https://github.com/iiab/iiab/blob/master/roles/nginx>`_ web server (with Apache in some lingering cases). This IIAB role also installs apt package:
|
||||||
|
- **php{{ php_version }}-fpm** — which forcibly installs **php{{ php_version }}-cli**, **php{{ php_version }}-common** and **libsodium23**
|
||||||
|
- `www_base <https://github.com/iiab/iiab/blob/master/roles/www_base>`_ (similar to `www_options <https://github.com/iiab/iiab/blob/master/roles/www_options>`_ which runs later in 4-server-options)
|
||||||
|
|
||||||
4-server-options follows with more diverse/optional server infra functionality.
|
Recap: as with 2-common, 4-server-options and 5-xo-services: this 3rd stage installs core server infra, that is not user-facing.
|
||||||
|
|
||||||
As in the case of 2-common, 4-server-options and 5-xo-services: this stage installs core server infra, that is not user-facing.
|
The next stage (4-server-options) brings more diverse/optional server infra functionality.
|
||||||
|
|
|
@ -3,14 +3,14 @@
|
||||||
- name: ...IS BEGINNING =====================================
|
- name: ...IS BEGINNING =====================================
|
||||||
command: echo
|
command: echo
|
||||||
|
|
||||||
- name: MYSQL
|
- name: MYSQL + CORE PHP
|
||||||
include_role:
|
include_role:
|
||||||
name: mysql
|
name: mysql
|
||||||
#when: mysql_install
|
#when: mysql_install
|
||||||
|
|
||||||
# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles:
|
# 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles:
|
||||||
#
|
#
|
||||||
# cups, elgg, lokole, moodle, nodered, pbx, phpmyadmin
|
# cups, elgg, moodle, nodered, pbx, phpmyadmin
|
||||||
#
|
#
|
||||||
# These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files:
|
# These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files:
|
||||||
#
|
#
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
#
|
#
|
||||||
# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
|
# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
|
||||||
|
|
||||||
- name: NGINX
|
- name: NGINX + CORE PHP
|
||||||
include_role:
|
include_role:
|
||||||
name: nginx
|
name: nginx
|
||||||
#when: nginx_install
|
#when: nginx_install
|
||||||
|
|
|
@ -30,6 +30,12 @@
|
||||||
name: calibre-web
|
name: calibre-web
|
||||||
when: calibreweb_install
|
when: calibreweb_install
|
||||||
|
|
||||||
|
- name: "2021-06-27 TEMPORARY CODE TO INSTALL 'php-pear' UNTIL ADMIN CONSOLE DECLARES ITS OWN DEPENDENCY FOR: https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19"
|
||||||
|
package:
|
||||||
|
name: php-pear # WARNING: this also drags in 'php{{ php_version }}-xml' (also installed by MediaWiki, Nextcloud, roles/pbx's FreePBX, WordPress) AND 'php{{ php_version }}-cgi' (also installed by roles/pbx's FreePBX)
|
||||||
|
state: present
|
||||||
|
when: admin_console_install
|
||||||
|
|
||||||
- name: Recording STAGE 9 HAS COMPLETED ====================
|
- name: Recording STAGE 9 HAS COMPLETED ====================
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ iiab_env_file }}"
|
path: "{{ iiab_env_file }}"
|
||||||
|
|
|
@ -1,31 +1,29 @@
|
||||||
# TO DO:
|
# TO DO:
|
||||||
#
|
#
|
||||||
# - Prepare for a possible future w/o Apache by verifying/refining below...
|
# Prepare for a possible future w/o Apache by verifying/refining below...
|
||||||
# - 5 'when: apache_installed is defined'
|
# - 5 'when: apache_installed is defined' (2021-05-21: COMMENT OUT THESE STANZAS SOON!?)
|
||||||
# - 1 'when: nginx_install'
|
# - 1 'when: nginx_install'
|
||||||
# - 8 core stanzas w/o such 'when:' clauses
|
# - 8 core stanzas w/o such 'when:' clauses
|
||||||
|
|
||||||
- name: 'Install 3 packages: awstats, openssl, pwauth'
|
- name: 'Install package: awstats'
|
||||||
package:
|
package:
|
||||||
name:
|
name: awstats
|
||||||
- awstats
|
|
||||||
- pwauth
|
|
||||||
- openssl
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external'
|
- name: 'Install package: pwauth (when: apache_installed is defined)'
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- libapache2-mod-authnz-external
|
- pwauth # Auto-installs apache2-bin and libapache2-mod-authnz-external
|
||||||
- apache2-utils
|
#- apache2-utils # Unneeded? (In any case, already installed by Apache itself.)
|
||||||
|
#- openssl # Unneeded? (In any case, already installed by most every Linux distro.)
|
||||||
state: present
|
state: present
|
||||||
when: apache_installed is defined
|
when: apache_installed is defined
|
||||||
|
|
||||||
- name: Run 'a2enmod cgi' to enable cgi execution via Apache
|
- name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)"
|
||||||
command: a2enmod cgi
|
command: a2enmod cgi
|
||||||
when: apache_installed is defined
|
when: apache_installed is defined
|
||||||
|
|
||||||
- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
|
- name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)'
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: yes
|
||||||
|
@ -41,7 +39,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: yes
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
owner: "{{ apache_user }}"
|
owner: "{{ apache_user }}" # USED FOR NGINX TOO: 'www-data' on debuntu
|
||||||
group: "{{ apache_user }}"
|
group: "{{ apache_user }}"
|
||||||
mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits
|
mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits
|
||||||
#force: yes
|
#force: yes
|
||||||
|
@ -49,13 +47,13 @@
|
||||||
- "{{ awstats_data_dir }}" # /library/awstats
|
- "{{ awstats_data_dir }}" # /library/awstats
|
||||||
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
|
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
|
||||||
|
|
||||||
- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
|
- name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)'
|
||||||
template:
|
template:
|
||||||
src: apache-awstats.conf
|
src: apache-awstats.conf
|
||||||
dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu
|
dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu
|
||||||
when: apache_installed is defined
|
when: apache_installed is defined
|
||||||
|
|
||||||
- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
|
- name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)"
|
||||||
template:
|
template:
|
||||||
src: logrotate.d.apache2
|
src: logrotate.d.apache2
|
||||||
dest: /etc/logrotate.d/apache2
|
dest: /etc/logrotate.d/apache2
|
||||||
|
|
|
@ -49,7 +49,7 @@
|
||||||
requirements: "{{ calibreweb_venv_path }}/requirements.txt"
|
requirements: "{{ calibreweb_venv_path }}/requirements.txt"
|
||||||
virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3
|
virtualenv: "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3
|
||||||
virtualenv_site_packages: no
|
virtualenv_site_packages: no
|
||||||
virtualenv_command: python3 -m venv {{ calibreweb_venv_path }}
|
virtualenv_command: python3 -m venv {{ calibreweb_venv_path }}
|
||||||
when: internet_available
|
when: internet_available
|
||||||
|
|
||||||
- name: Install /etc/systemd/system/calibre-web.service from template
|
- name: Install /etc/systemd/system/calibre-web.service from template
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
- name: "Download & install packages: python3-dateutil, python3-jinja2"
|
- name: "Install packages: python3-dateutil, python3-jinja2"
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name:
|
||||||
|
- python3-dateutil
|
||||||
|
- python3-jinja2
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
|
||||||
- python3-dateutil
|
|
||||||
- python3-jinja2
|
|
||||||
|
|
||||||
- name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }}
|
- name: mkdir /opt/iiab/captiveportal for scripts & templates, set owner to {{ apache_user }}
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,14 +1,13 @@
|
||||||
- name: 'Install 4 packages: apache2, libapache2-mod-php{{ php_version }}, php{{ php_version }}, php{{ php_version }}-curl'
|
- name: 'Install 2 packages: {{ apache_service }}, libapache2-mod-php{{ php_version }}'
|
||||||
package:
|
package:
|
||||||
#name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings)
|
#name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings)
|
||||||
#name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS?
|
#name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS?
|
||||||
name:
|
name:
|
||||||
- "{{ apache_service }}" # apache2 on Debuntu
|
- "{{ apache_service }}" # apache2 on Debuntu
|
||||||
- "libapache2-mod-php{{ php_version }}" # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}"
|
- libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -- 2021-06-28 FYI: this also drags in libsodium23 (likewise installed via nginx/tasks/install.yml AND moodle/tasks/install.yml)
|
||||||
# - "php{{ php_version }}"
|
#- "php{{ php_version }}"
|
||||||
# - "php{{ php_version }}-curl"
|
#- "php{{ php_version }}-curl"
|
||||||
state: present
|
state: present
|
||||||
when: is_debuntu
|
|
||||||
# when: is_debian
|
# when: is_debian
|
||||||
|
|
||||||
# - name: 'Install 2 packages: apache2, php (ubuntu)'
|
# - name: 'Install 2 packages: apache2, php (ubuntu)'
|
||||||
|
@ -39,29 +38,29 @@
|
||||||
# when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16)
|
# when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16)
|
||||||
# #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18
|
# #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18
|
||||||
|
|
||||||
- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)'
|
#- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)'
|
||||||
package:
|
# package:
|
||||||
#name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings)
|
# #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings)
|
||||||
#name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS
|
# #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS
|
||||||
name:
|
# name:
|
||||||
- httpd
|
# - httpd
|
||||||
- mod_authnz_external
|
# - mod_authnz_external
|
||||||
- php
|
# - php
|
||||||
- php-curl
|
# - php-curl
|
||||||
state: present
|
# state: present
|
||||||
when: is_redhat
|
# when: is_redhat
|
||||||
|
|
||||||
# Remove symlinks for mpm_event, replace with mpm_prefork
|
# Remove symlinks for mpm_event, replace with mpm_prefork
|
||||||
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu)
|
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled
|
||||||
file:
|
file:
|
||||||
path: "/etc/apache2/mods-enabled/{{ item }}"
|
path: "/etc/apache2/mods-enabled/{{ item }}"
|
||||||
state: absent
|
state: absent
|
||||||
with_items:
|
with_items:
|
||||||
- mpm_event.conf
|
- mpm_event.conf
|
||||||
- mpm_event.load
|
- mpm_event.load
|
||||||
when: is_debuntu
|
#when: is_debuntu
|
||||||
|
|
||||||
- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu)
|
- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available
|
||||||
file:
|
file:
|
||||||
src: "/etc/apache2/mods-available/{{ item }}"
|
src: "/etc/apache2/mods-available/{{ item }}"
|
||||||
path: "/etc/apache2/mods-enabled/{{ item }}"
|
path: "/etc/apache2/mods-enabled/{{ item }}"
|
||||||
|
@ -69,9 +68,9 @@
|
||||||
with_items:
|
with_items:
|
||||||
- mpm_prefork.conf
|
- mpm_prefork.conf
|
||||||
- mpm_prefork.load
|
- mpm_prefork.load
|
||||||
when: is_debuntu
|
#when: is_debuntu
|
||||||
|
|
||||||
- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)'
|
- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -80,16 +79,16 @@
|
||||||
- proxy_html
|
- proxy_html
|
||||||
- proxy_http
|
- proxy_http
|
||||||
- rewrite
|
- rewrite
|
||||||
when: is_debuntu
|
#when: is_debuntu
|
||||||
|
|
||||||
- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu)
|
- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: absent
|
state: absent
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere?
|
- /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere?
|
||||||
- /etc/apache2/sites-enabled/000-default.conf
|
- /etc/apache2/sites-enabled/000-default.conf
|
||||||
when: is_debuntu
|
#when: is_debuntu
|
||||||
|
|
||||||
- name: Create Apache's pid dir /var/run/{{ apache_user }}
|
- name: Create Apache's pid dir /var/run/{{ apache_user }}
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -9,10 +9,11 @@
|
||||||
include_role:
|
include_role:
|
||||||
name: nodejs
|
name: nodejs
|
||||||
|
|
||||||
- name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x, 12.x or 14.x
|
- name: Assert that 10.x <= nodejs_version ({{ nodejs_version }}) <= 16.x
|
||||||
fail:
|
assert:
|
||||||
msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x or 14.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
|
that: nodejs_version is version('10.x', '>=') and nodejs_version is version('16.x', '<=')
|
||||||
when: (nodejs_version != "10.x") and (nodejs_version != "12.x") and (nodejs_version != "14.x")
|
fail_msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x - 16.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml"
|
||||||
|
quiet: yes
|
||||||
|
|
||||||
- name: "Set 'yarn_install: True' and 'yarn_enabled: True'"
|
- name: "Set 'yarn_install: True' and 'yarn_enabled: True'"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
|
@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
|
||||||
# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
|
# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
|
||||||
# http://download.kiwix.org/nightly/
|
# http://download.kiwix.org/nightly/
|
||||||
|
|
||||||
kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-4
|
kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.2-5
|
||||||
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-4
|
kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.2-5
|
||||||
kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-4
|
kiwix_version_i686: kiwix-tools_linux-i586-3.1.2-5
|
||||||
|
|
||||||
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
|
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
|
||||||
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")
|
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")
|
||||||
|
|
|
@ -4,10 +4,10 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
kiwix_src_dir: False
|
kiwix_src_dir: False
|
||||||
|
|
||||||
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71)"
|
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71 or aarch64)"
|
||||||
set_fact:
|
set_fact:
|
||||||
kiwix_src_dir: "{{ kiwix_version_armhf }}"
|
kiwix_src_dir: "{{ kiwix_version_armhf }}"
|
||||||
when: ansible_machine == "armv7l" or ansible_machine == "armv6l" or ansible_machine == "aarch64"
|
when: ansible_machine == "armv6l" or ansible_machine == "armv7l" or ansible_machine == "aarch64"
|
||||||
|
|
||||||
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)"
|
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
|
@ -26,11 +26,11 @@ Automatic Device Provisioning
|
||||||
|
|
||||||
When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_) the installation will set up the following defaults::
|
When kolibri_provision is enabled (e.g. in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_) the installation will set up the following defaults::
|
||||||
|
|
||||||
Kolibri Facility name: 'Kolibri-in-a-Box'
|
kolibri_facility: Kolibri-in-a-Box
|
||||||
Kolibri Preset type: formal # Options: formal, nonformal, informal
|
kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
|
||||||
Kolibri default language: en # Options: ar, bn-bd, en, es-es, fa, fr-fr, hi-in, mr, nyn, pt-br, sw-tz, ta, te, ur-pk, yo, zu
|
kolibri_preset: formal # formal, nonformal, informal
|
||||||
Kolibri Admin username: Admin
|
kolibri_admin_user: Admin
|
||||||
Kolibri Admin password: changeme
|
kolibri_admin_password: changeme
|
||||||
|
|
||||||
*Feel free to override any of the above, by copying the relevant line from /opt/iiab/iiab/roles/kolibri/defaults/main.yml to /etc/iiab/local_vars.yml (then run 'cd /opt/iiab/iiab' followed by './runrole kolibri' per IIAB's general guidelines at http://FAQ.IIAB.IO).*
|
*Feel free to override any of the above, by copying the relevant line from /opt/iiab/iiab/roles/kolibri/defaults/main.yml to /etc/iiab/local_vars.yml (then run 'cd /opt/iiab/iiab' followed by './runrole kolibri' per IIAB's general guidelines at http://FAQ.IIAB.IO).*
|
||||||
|
|
||||||
|
@ -42,13 +42,17 @@ Kolibri 0.10 introduced ``kolibri manage deprovision`` which will remove user co
|
||||||
Troubleshooting
|
Troubleshooting
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
You can run the server manually with the following commands::
|
This unproxied version of Kolibri can sometimes help: http://box:8009/kolibri/
|
||||||
|
|
||||||
|
You can run Kolibri manually with commands like::
|
||||||
|
|
||||||
systemctl stop kolibri # Make sure the systemd service is not running
|
systemctl stop kolibri # Make sure the systemd service is not running
|
||||||
export KOLIBRI_HOME=/library/kolibri
|
export KOLIBRI_HOME=/library/kolibri
|
||||||
export KOLIBRI_HTTP_PORT=8009 # Otherwise Kolibri will try to run on default port 8080
|
export KOLIBRI_HTTP_PORT=8009 # Otherwise Kolibri will try to run on default port 8080
|
||||||
kolibri start
|
kolibri start
|
||||||
|
|
||||||
|
...while you look over Kolibri's systemd unit file (`/etc/systemd/system/kolibri.service <https://github.com/iiab/iiab/blob/master/roles/kolibri/templates/kolibri.service.j2>`_) for the latest parameters!
|
||||||
|
|
||||||
To return to using the systemd unit file::
|
To return to using the systemd unit file::
|
||||||
|
|
||||||
kolibri stop
|
kolibri stop
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# kolibri_install: False
|
# kolibri_install: False
|
||||||
# kolibri_enabled: False
|
# kolibri_enabled: False
|
||||||
|
|
||||||
# kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
|
# kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
|
||||||
|
|
||||||
# kolibri_http_port: 8009
|
# kolibri_http_port: 8009
|
||||||
|
|
||||||
|
|
|
@ -20,14 +20,17 @@ lokole_admin_password: changeme
|
||||||
|
|
||||||
lokole_install_path: "{{ content_base }}/lokole" # /library/lokole
|
lokole_install_path: "{{ content_base }}/lokole" # /library/lokole
|
||||||
lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv
|
lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv
|
||||||
|
lokole_confd: /etc/supervisor/conf.d
|
||||||
|
|
||||||
# Info needed to run Lokole:
|
# Info needed to run Lokole:
|
||||||
lokole_user: lokole
|
lokole_user: lokole
|
||||||
lokole_url: /lokole
|
lokole_url: /lokole
|
||||||
lokole_uid: "2000"
|
lokole_uid: "2000"
|
||||||
lokole_run_directory: /home/{{ lokole_user }}/state
|
lokole_home_dir: /home/{{ lokole_user }}
|
||||||
lokole_log_directory: /home/{{ lokole_user }}/log
|
lokole_run_dir: "{{ lokole_home_dir }}/state"
|
||||||
lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock"
|
lokole_log_dir: "{{ lokole_home_dir }}/logs"
|
||||||
|
lokole_settings: "{{ lokole_run_dir }}/settings.env"
|
||||||
|
lokole_domain_socket: "{{ lokole_run_dir }}/lokole_gunicorn.sock"
|
||||||
lokole_sim_type: LocalOnly
|
lokole_sim_type: LocalOnly
|
||||||
|
|
||||||
lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" # http://box.lan/lokole
|
lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" # http://box.lan/lokole
|
||||||
|
|
|
@ -25,6 +25,13 @@
|
||||||
- libjpeg-dev
|
- libjpeg-dev
|
||||||
- libssl-dev
|
- libssl-dev
|
||||||
- libopenjp2-7 # 2020-02-01: To solve bug #2221
|
- libopenjp2-7 # 2020-02-01: To solve bug #2221
|
||||||
|
- supervisor
|
||||||
|
- usb-modeswitch
|
||||||
|
- usb-modeswitch-data
|
||||||
|
- mobile-broadband-provider-info
|
||||||
|
- ppp
|
||||||
|
- wvdial
|
||||||
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
# For development purposes -- To install Lokole from a given commit, add the
|
# For development purposes -- To install Lokole from a given commit, add the
|
||||||
|
@ -75,52 +82,63 @@
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
state: present
|
state: present
|
||||||
name: "{{ lokole_user }}"
|
name: "{{ lokole_user }}"
|
||||||
|
#group: "{{ lokole_user }}"
|
||||||
|
groups: dialout, dip
|
||||||
system: yes
|
system: yes
|
||||||
uid: "{{ lokole_uid }}"
|
#uid: "{{ lokole_uid }}"
|
||||||
home: /home/{{ lokole_user }}
|
home: "{{ lokole_home_dir }}"
|
||||||
|
|
||||||
- name: mkdir {{ lokole_run_directory }}
|
- name: mkdir {{ lokole_run_dir }}
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: "{{ lokole_run_directory }}"
|
path: "{{ lokole_run_dir }}/lokole_restarter"
|
||||||
group: "{{ lokole_user }}"
|
group: "{{ lokole_user }}"
|
||||||
owner: "{{ lokole_user }}"
|
owner: "{{ lokole_user }}"
|
||||||
mode: g+rw
|
mode: g+rw
|
||||||
|
|
||||||
- name: mkdir /{{ lokole_user }}/log
|
- name: mkdir {{ lokole_log_dir }}
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: "{{ lokole_log_directory }}"
|
path: "{{ lokole_log_dir }}"
|
||||||
group: "{{ lokole_user }}"
|
group: "{{ lokole_user }}"
|
||||||
owner: "{{ lokole_user }}"
|
owner: "{{ lokole_user }}"
|
||||||
mode: g+rw
|
mode: g+rw
|
||||||
|
|
||||||
- name: Install {{ lokole_run_directory }}/settings.env
|
- name: Generate key and salt
|
||||||
|
set_fact:
|
||||||
|
lokole_key: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}"
|
||||||
|
lokole_salt: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}"
|
||||||
|
|
||||||
|
- name: Install {{ lokole_settings }}
|
||||||
template:
|
template:
|
||||||
src: settings.env.j2
|
src: settings.env.j2
|
||||||
dest: "{{ lokole_run_directory }}/settings.env"
|
dest: "{{ lokole_settings }}"
|
||||||
group: "{{ lokole_user }}"
|
group: "{{ lokole_user }}"
|
||||||
owner: "{{ lokole_user }}"
|
owner: "{{ lokole_user }}"
|
||||||
mode: a+rw
|
mode: g+rw
|
||||||
|
|
||||||
- name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
|
#- name: Fixup supervisorctl
|
||||||
template:
|
# file:
|
||||||
src: webapp_secrets.sh.j2
|
# path: /usr/bin/supervisorctl
|
||||||
dest: "{{ lokole_run_directory }}/webapp_secrets.sh"
|
# owner: root
|
||||||
mode: a+x
|
# group: "{{ lokole_user }}"
|
||||||
|
# mode: u=rw+s,g=rx,o=rx
|
||||||
|
|
||||||
- name: Install {{ lokole_run_directory }}/webapp.sh from template, to configure Gunicorn
|
- name: Install {{ lokole_confd }} templates to configure Lokole
|
||||||
template:
|
template:
|
||||||
src: webapp.sh.j2
|
src: "{{ item.src }}"
|
||||||
dest: "{{ lokole_run_directory }}/webapp.sh"
|
dest: "{{ lokole_confd }}"
|
||||||
group: "{{ lokole_user }}"
|
group: "{{ lokole_user }}"
|
||||||
owner: "{{ lokole_user }}"
|
owner: "{{ lokole_user }}"
|
||||||
mode: a+x
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- { src: 'lokole_gunicorn.conf' }
|
||||||
|
- { src: 'lokole_celery_beat.conf' }
|
||||||
|
- { src: 'lokole_celery_worker.conf' }
|
||||||
|
- { src: 'lokole_restarter.conf' }
|
||||||
|
|
||||||
- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole
|
- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole
|
||||||
shell: |
|
include_tasks: setup.yml
|
||||||
. {{ lokole_run_directory }}/webapp_secrets.sh
|
|
||||||
{{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
|
|
||||||
|
|
||||||
#- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole
|
#- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole
|
||||||
# template:
|
# template:
|
||||||
|
@ -129,24 +147,12 @@
|
||||||
# mode: 0644
|
# mode: 0644
|
||||||
# when: apache_install
|
# when: apache_install
|
||||||
|
|
||||||
- name: Install unit files {lokole.service, celery.service, celerybeat.service, lokole_restarter.service} into /etc/systemd/system, from template
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest}}"
|
|
||||||
mode: 0644
|
|
||||||
with_items:
|
|
||||||
- { src: 'lokole.service.j2', dest: '/etc/systemd/system/lokole.service' }
|
|
||||||
- { src: 'celery.service.j2', dest: '/etc/systemd/system/celery.service' }
|
|
||||||
- { src: 'celerybeat.service.j2', dest: '/etc/systemd/system/celerybeat.service' }
|
|
||||||
- { src: 'lokole_restarter.service.j2', dest: '/etc/systemd/system/lokole_restarter.service' }
|
|
||||||
|
|
||||||
|
|
||||||
# RECORD Lokole AS INSTALLED
|
|
||||||
|
|
||||||
- name: "Set 'lokole_installed: True'"
|
- name: "Set 'lokole_installed: True'"
|
||||||
set_fact:
|
set_fact:
|
||||||
lokole_installed: True
|
lokole_installed: True
|
||||||
|
|
||||||
|
# RECORD Lokole AS INSTALLED
|
||||||
|
|
||||||
- name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
|
- name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
|
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
|
||||||
|
|
|
@ -24,43 +24,27 @@
|
||||||
when: lokole_installed is undefined
|
when: lokole_installed is undefined
|
||||||
|
|
||||||
|
|
||||||
- name: Do a 'systemctl daemon-reload' if lokole_enabled
|
- name: Do a 'systemctl daemon-reload'
|
||||||
systemd:
|
systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
when: lokole_enabled
|
when: lokole_enabled
|
||||||
|
|
||||||
- name: Enable & Restart {lokole, celery, celerybeat, lokole_restarter} systemd services, if lokole_enabled
|
- name: Enable & Restart supervisor systemd service, if lokole_enabled
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: supervisor
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: restarted
|
state: restarted
|
||||||
when: lokole_enabled
|
when: lokole_enabled
|
||||||
with_items:
|
|
||||||
- lokole
|
|
||||||
- celery
|
|
||||||
- celerybeat
|
|
||||||
- lokole_restarter
|
|
||||||
|
|
||||||
- name: Disable & Stop all 4 (above) systemd services, if not lokole_enabled
|
- name: Disable & Stop supervisor systemd service, if not lokole_enabled
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: supervisor
|
||||||
enabled: no
|
enabled: no
|
||||||
state: stopped
|
state: stopped
|
||||||
when: not lokole_enabled
|
when: not lokole_enabled
|
||||||
with_items: # @jvonau prefers reverse starting order, if stopping these 4
|
|
||||||
- lokole_restarter
|
|
||||||
- celerybeat
|
|
||||||
- celery
|
|
||||||
- lokole
|
|
||||||
|
|
||||||
#- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
|
|
||||||
#- name: Enable/Disable/Restart Apache if primary
|
|
||||||
# include_tasks: apache.yml
|
|
||||||
# when: not nginx_enabled
|
|
||||||
|
|
||||||
- name: Enable/Disable/Restart NGINX
|
- name: Enable/Disable/Restart NGINX
|
||||||
include_tasks: nginx.yml
|
include_tasks: nginx.yml
|
||||||
#when: nginx_enabled
|
|
||||||
|
|
||||||
|
|
||||||
- name: Add 'lokole' variable values to {{ iiab_ini_file }}
|
- name: Add 'lokole' variable values to {{ iiab_ini_file }}
|
||||||
|
@ -79,8 +63,8 @@
|
||||||
value: "{{ lokole_install }}"
|
value: "{{ lokole_install }}"
|
||||||
- option: lokole_enabled
|
- option: lokole_enabled
|
||||||
value: "{{ lokole_enabled }}"
|
value: "{{ lokole_enabled }}"
|
||||||
- option: lokole_run_directory
|
- option: lokole_settings
|
||||||
value: "{{ lokole_run_directory }}"
|
value: "{{ lokole_settings }}"
|
||||||
- option: lokole_url
|
- option: lokole_url
|
||||||
value: "{{ lokole_url }}"
|
value: "{{ lokole_url }}"
|
||||||
- option: lokole_full_url
|
- option: lokole_full_url
|
||||||
|
|
20
roles/lokole/tasks/setup.yml
Normal file
20
roles/lokole/tasks/setup.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
- name: start supervisor
|
||||||
|
systemd:
|
||||||
|
name: supervisor
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Create Lokole admin user with password, for http://box{{ lokole_url }} # http://box/lokole
|
||||||
|
shell: |
|
||||||
|
while read envvar; do export "$envvar"; done < {{ lokole_run_dir }}/settings.env
|
||||||
|
{{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
|
||||||
|
|
||||||
|
- name: Change owner of dbfiles
|
||||||
|
file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: file
|
||||||
|
owner: "{{ lokole_user }}"
|
||||||
|
group: "{{ lokole_user }}"
|
||||||
|
mode: u=rw
|
||||||
|
loop:
|
||||||
|
- { path: "{{ lokole_run_dir }}/users.sqlite3" }
|
||||||
|
# - { path: "{{ lokole_run_dir }}/celery.sqlite3" }
|
10
roles/lokole/templates/lokole_celery_beat.conf
Normal file
10
roles/lokole/templates/lokole_celery_beat.conf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[program:lokole_celery_beat]
|
||||||
|
command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks beat --pidfile={{ lokole_run_dir }}/lokole_celery_beat.pid --loglevel=error
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
startretries=3
|
||||||
|
stopasgroup=true
|
||||||
|
stderr_logfile={{ lokole_log_dir }}/lokole_celery_beat.stderr.log
|
||||||
|
stdout_logfile={{ lokole_log_dir }}/lokole_celery_beat.stdout.log
|
||||||
|
user={{ lokole_user }}
|
||||||
|
environment=OPWEN_SETTINGS={{ lokole_settings }}
|
10
roles/lokole/templates/lokole_celery_worker.conf
Normal file
10
roles/lokole/templates/lokole_celery_worker.conf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[program:lokole_celery_worker]
|
||||||
|
command={{ lokole_venv }}/bin/celery --app=opwen_email_client.webapp.tasks worker --loglevel=error --concurrency=2
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
startretries=3
|
||||||
|
stopasgroup=true
|
||||||
|
stderr_logfile={{ lokole_log_dir }}/lokole_celery_worker.stderr.log
|
||||||
|
stdout_logfile={{ lokole_log_dir }}/lokole_celery_worker.stdout.log
|
||||||
|
user={{ lokole_user }}
|
||||||
|
environment=OPWEN_SETTINGS={{ lokole_settings }}
|
10
roles/lokole/templates/lokole_gunicorn.conf
Normal file
10
roles/lokole/templates/lokole_gunicorn.conf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[program:lokole_gunicorn]
|
||||||
|
command={{ lokole_venv }}/bin/gunicorn --bind=unix:{{ lokole_run_dir }}/lokole_gunicorn.sock --timeout=300 --workers=3 --log-level=error opwen_email_client.webapp:app
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
startretries=3
|
||||||
|
stopasgroup=true
|
||||||
|
stderr_logfile={{ lokole_log_dir }}/lokole_gunicorn.stderr.log
|
||||||
|
stdout_logfile={{ lokole_log_dir }}/lokole_gunicorn.stdout.log
|
||||||
|
user={{ lokole_user }}
|
||||||
|
environment=OPWEN_SETTINGS={{ lokole_settings }}
|
10
roles/lokole/templates/lokole_restarter.conf
Normal file
10
roles/lokole/templates/lokole_restarter.conf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[program:lokole_restarter]
|
||||||
|
command={{ lokole_venv }}/bin/manage.py restarter --directory={{ lokole_run_dir }}/lokole_restarter
|
||||||
|
autostart=true
|
||||||
|
autorestart=true
|
||||||
|
startretries=3
|
||||||
|
stopasgroup=true
|
||||||
|
stderr_logfile={{ lokole_log_dir }}/lokole_restarter.stderr.log
|
||||||
|
stdout_logfile={{ lokole_log_dir }}/lokole_restarter.stdout.log
|
||||||
|
user=root
|
||||||
|
environment=OPWEN_SETTINGS={{ lokole_settings }}
|
|
@ -1,8 +1,11 @@
|
||||||
OPWEN_SETTINGS='{{ lokole_run_directory }}/settings.env'
|
OPWEN_SETTINGS={{ lokole_run_dir }}/settings.env
|
||||||
OPWEN_STATE_DIRECTORY='{{ lokole_run_directory }}'
|
OPWEN_STATE_DIRECTORY={{ lokole_run_dir }}
|
||||||
OPWEN_APP_ROOT='{{ lokole_url }}/'
|
OPWEN_APP_ROOT={{ lokole_url }}/
|
||||||
OPWEN_MAX_UPLOAD_SIZE_MB=10
|
OPWEN_MAX_UPLOAD_SIZE_MB=10
|
||||||
OPWEN_SYNC_SCHEDULE='1,16,31,46 * * * *'
|
OPWEN_SYNC_SCHEDULE="1,16,31,46 * * * *"
|
||||||
OPWEN_SESSION_KEY='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=32') }}'
|
OPWEN_RESTART_PATH={{ lokole_run_dir }}/lokole_restarter/lokole_gunicorn=HUP,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_worker=,{{ lokole_run_dir }}/lokole_restarter/lokole_celery_beat=
|
||||||
OPWEN_PASSWORD_SALT='{{ lookup('password', '/dev/null chars=ascii_letters,digits,_ length=16') }}'
|
OPWEN_SESSION_KEY={{ lokole_key }}
|
||||||
OPWEN_SIM_TYPE='{{ lokole_sim_type }}'
|
OPWEN_SECRET_KEY={{ lokole_key }}
|
||||||
|
OPWEN_PASSWORD_SALT={{ lokole_salt }}
|
||||||
|
OPWEN_SIM_TYPE={{ lokole_sim_type }}
|
||||||
|
OPWEN_CLIENT_NAME={{ lokole_client_id }}
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
|
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
|
||||||
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
||||||
|
|
||||||
mediawiki_major_version: 1.35 # "1.35" also works
|
mediawiki_major_version: 1.36 # "1.35" also works
|
||||||
mediawiki_minor_version: 2
|
mediawiki_minor_version: 1
|
||||||
mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}"
|
mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}"
|
||||||
|
|
||||||
mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}"
|
mediawiki_download_base_url: "https://releases.wikimedia.org/mediawiki/{{ mediawiki_major_version }}"
|
||||||
|
|
|
@ -1,10 +1,23 @@
|
||||||
- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring'
|
# https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP
|
||||||
|
- name: 'Install packages: php{{ php_version }}-intl, php{{ php_version }}-mbstring, php{{ php_version }}-xml'
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- "php{{ php_version }}-intl"
|
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
||||||
- "php{{ php_version }}-mbstring"
|
- php{{ php_version }}-intl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
|
||||||
|
#- php{{ php_version }}-json # See stanza just below
|
||||||
|
- php{{ php_version }}-mbstring # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
|
- php{{ php_version }}-xml # 2021-06-27: REQUIRED (AND ENFORCED) despite this being missing from MediaWiki's above requirements doc! Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
|
||||||
|
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
|
||||||
|
#
|
||||||
|
#- name: Install php{{ php_version }}-json if PHP < 8.0
|
||||||
|
# package:
|
||||||
|
# name: php{{ php_version }}-json
|
||||||
|
# state: present
|
||||||
|
# when: php_version is version('8.0', '<')
|
||||||
|
|
||||||
- name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }}
|
- name: Download {{ mediawiki_download_base_url }}/{{ mediawiki_src }} to {{ downloads_dir }}
|
||||||
get_url:
|
get_url:
|
||||||
url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}"
|
url: "{{ mediawiki_download_base_url }}/{{ mediawiki_src }}"
|
||||||
|
@ -18,7 +31,7 @@
|
||||||
unarchive:
|
unarchive:
|
||||||
src: "{{ downloads_dir }}/{{ mediawiki_src }}"
|
src: "{{ downloads_dir }}/{{ mediawiki_src }}"
|
||||||
dest: "{{ mediawiki_install_path }}" # /library
|
dest: "{{ mediawiki_install_path }}" # /library
|
||||||
owner: "{{ apache_user }}"
|
owner: "{{ apache_user }}" # www-data on debuntu
|
||||||
group: "{{ apache_user }}"
|
group: "{{ apache_user }}"
|
||||||
mode: u+rw,g+r,o+r # '0755' forced executable bits on files
|
mode: u+rw,g+r,o+r # '0755' forced executable bits on files
|
||||||
keep_newer: yes
|
keep_newer: yes
|
||||||
|
@ -31,7 +44,7 @@
|
||||||
|
|
||||||
- name: Start MySQL systemd service ({{ mysql_service }}) so we can create db
|
- name: Start MySQL systemd service ({{ mysql_service }}) so we can create db
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ mysql_service }}"
|
name: "{{ mysql_service }}" # mariadb on debuntu
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
- name: Create MySQL database {{ mediawiki_db_name }}
|
- name: Create MySQL database {{ mediawiki_db_name }}
|
||||||
|
@ -64,7 +77,7 @@
|
||||||
chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z
|
chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z
|
||||||
creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
|
creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
|
||||||
|
|
||||||
- name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
|
- name: Configure $wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z
|
path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z
|
||||||
line: '$wgArticlePath = "/wiki/$1";'
|
line: '$wgArticlePath = "/wiki/$1";'
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# If using Moodle intensively, consider setting nginx_high_php_limits in:
|
# 2021-07-02 WARNING: Stage 4's roles/www_options/tasks/main.yml FORCES
|
||||||
# /etc/iiab/local_vars.yml
|
# (the equivalent of) 'nginx_high_php_limits: True' if 'moodle_install: True'
|
||||||
|
|
||||||
# moodle_install: False
|
# moodle_install: False
|
||||||
# moodle_enabled: False
|
# moodle_enabled: False
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
||||||
|
|
||||||
moodle_version: 311
|
moodle_version: 311
|
||||||
moodle_repo_url: https://github.com/moodle/moodle.git
|
moodle_repo_url: https://github.com/moodle/moodle
|
||||||
#moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow!
|
#moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow!
|
||||||
moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab
|
moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab
|
||||||
moodle_data: "{{ content_base }}/moodle" # /library
|
moodle_data: "{{ content_base }}/moodle" # /library
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
|
# 2021-05-22: FYI nginx_high_php_limits is effectively now auto-enabled by
|
||||||
set_fact:
|
# www_options/tasks/main.yml#L100-L112 (as required by Moodle 3.11 w/ PHP 8) IF
|
||||||
apache_install: True
|
# 'moodle_install: True'. Happens at the end of 4-server-options/tasks/main.yml
|
||||||
apache_enabled: True
|
# See the 6 settings in /etc/php/{{ php_version }}/fpm/php.ini
|
||||||
|
|
||||||
- name: APACHE - run 'httpd' role
|
# 2021-06-28: This ALSO now happens in /etc/php/{{ php_version }}/cli/php.ini
|
||||||
include_role:
|
# (as required by Moodle's CLI installer, DESPITE it using fpm/php.ini later!)
|
||||||
name: httpd
|
|
||||||
|
|
||||||
|
|
||||||
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
|
- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
|
||||||
|
@ -18,70 +17,55 @@
|
||||||
name: postgresql
|
name: postgresql
|
||||||
|
|
||||||
|
|
||||||
- name: Install 8 php packages (debuntu)
|
# 2021-07-02: Let's monitor & learn from these 2 pages year-by-year:
|
||||||
|
# https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries
|
||||||
|
# https://github.com/moodlebox/moodlebox/blob/master/roles/packages/vars/main.yml
|
||||||
|
- name: Install ghostscript + libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- php{{ php_version }}-pgsql
|
#- php-apcu # 2021-07-02: Experiment with fewer dependencies
|
||||||
- php{{ php_version }}-curl
|
- ghostscript # 2021-07-02: OPTIONAL -- but useful for annotation of PDF's / assignments
|
||||||
- php{{ php_version }}-zip
|
- libsodium23 # 2021-06-28: Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND wordpress/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium -- whereas https://www.php.net/manual/en/sodium.installation.php says it's always bundled with PHP 7.2+ -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
|
||||||
- php{{ php_version }}-gd
|
#- php{{ php_version }}-common # 2021-06-27: Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
||||||
- php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+
|
#- php{{ php_version }}-cli # 2021-06-27: Compare to php{{ php_version }}-common just above! 2020-06-15: In the past this included (below) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
|
||||||
- php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
|
- php{{ php_version }}-curl # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
- php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+
|
- php{{ php_version }}-gd # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
||||||
|
- php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
|
||||||
|
- php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ -- Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
|
- php{{ php_version }}-pgsql # 2021-06-27: Required for PostgreSQL
|
||||||
|
#- php{{ php_version }}-json # 2021-07-02: Not requested by Moodle's PHP doc above. Package baked into PHP 8+. FWIW with PHP < 8, phpX.Y-json is already auto-installed by phpX.Y-fpm in 3-base-server's nginx/tasks/install.yml
|
||||||
|
#- php{{ php_version }}-opcache # 2021-07-02: Experiment with fewer dependencies
|
||||||
|
#- php{{ php_version }}-readline # 2021-07-02: Experiment with fewer dependencies
|
||||||
- php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+
|
- php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+
|
||||||
#- php-sodium # 2021-05-17: Recommended by Moodle 3.11+ at https://docs.moodle.org/311/en/Environment_-_PHP_extension_sodium AND ALREADY PRE-ENABLED BY PHP 7.2+ https://www.php.net/manual/en/sodium.installation.php AS CONFIRMED BY 'php -i | grep sodium' AND 'apt list "*sodium*"'
|
- php{{ php_version }}-xml # 2021-06-28: Likewise installed in mediawiki/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
|
||||||
|
#- php{{ php_version }}-xmlrpc # 2021-07-02: Doesn't exist with PHP 8.0 -- officially required per https://docs.moodle.org/19/en/PHP_settings_by_Moodle_version#PHP_Extensions_and_libraries BUT UNMAINTAINED FOR YEARS (POSSIBLE SECURITY RISK) SO MOVED TO PECL: https://php.watch/versions/8.0/xmlrpc
|
||||||
|
- php{{ php_version }}-zip # 2021-06-27: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
state: present
|
state: present
|
||||||
when: is_debuntu
|
|
||||||
|
|
||||||
- name: Does {{ moodle_base }}/config-dist.php exist? (indicating Moodle is/was installed)
|
- name: Download (clone) {{ moodle_repo_url }} to {{ moodle_base }} (~350MB initially, ~371MB later)
|
||||||
stat:
|
|
||||||
path: "{{ moodle_base }}/config-dist.php" # /opt/iiab/moodle
|
|
||||||
register: moodle
|
|
||||||
|
|
||||||
- name: Clone (i.e. use git to download) {{ moodle_repo_url }} to {{ moodle_base }} (~300 MB)
|
|
||||||
git:
|
git:
|
||||||
repo: "{{ moodle_repo_url }}"
|
repo: "{{ moodle_repo_url }}" # https://github.com/moodle/moodle
|
||||||
dest: "{{ moodle_base }}"
|
dest: "{{ moodle_base }}" # /opt/iiab/moodle
|
||||||
depth: 1
|
depth: 1
|
||||||
force: yes
|
|
||||||
version: "MOODLE_{{ moodle_version }}_STABLE"
|
version: "MOODLE_{{ moodle_version }}_STABLE"
|
||||||
#version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/
|
#version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/
|
||||||
#ignore_errors: yes
|
#ignore_errors: yes
|
||||||
when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists
|
|
||||||
|
|
||||||
- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?)
|
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }} (by default dirs 755 & files 644)
|
||||||
file:
|
file:
|
||||||
state: directory
|
|
||||||
path: "{{ moodle_base }}"
|
path: "{{ moodle_base }}"
|
||||||
owner: "{{ apache_user }}" # www-data
|
owner: "{{ apache_user }}" # www-data
|
||||||
|
group: "{{ apache_user }}"
|
||||||
recurse: yes
|
recurse: yes
|
||||||
|
|
||||||
- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }}
|
- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}) (by default 755 = drwxr-xr-x initially, but moodle_installer sets drwxrwsrwx below)
|
||||||
file:
|
|
||||||
state: directory
|
|
||||||
path: "{{ content_base }}/dbdata/moodle" # /library
|
|
||||||
owner: "{{ apache_user }}"
|
|
||||||
|
|
||||||
- name: Create dir {{ moodle_data }} ({{ apache_user }}:{{ apache_user }}, '0770')
|
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: "{{ moodle_data }}" # /library/moodle
|
path: "{{ moodle_data }}" # /library/moodle
|
||||||
owner: "{{ apache_user }}"
|
owner: "{{ apache_user }}"
|
||||||
group: "{{ apache_user }}"
|
group: "{{ apache_user }}"
|
||||||
#mode: '0770' # Regardless, permissions end up as: drwxrwsrwx
|
|
||||||
|
|
||||||
- name: Remove stock /etc/{{ apache_conf_dir }}/moodle.conf
|
|
||||||
file:
|
|
||||||
path: "/etc/{{ apache_conf_dir }}/moodle.conf" # apache2/sites-available
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
# 2021-02-01: Not nec if we can hopefully migrate from Apache to NGINX soon!
|
|
||||||
- name: Install /etc/{{ apache_conf_dir }}/022-moodle.conf from template
|
|
||||||
template:
|
|
||||||
src: 022-moodle.j2
|
|
||||||
dest: "/etc/{{ apache_conf_dir }}/022-moodle.conf"
|
|
||||||
|
|
||||||
# roles/postgresql/templates/postgresql-iiab.service WAS INSTALLED HERE:
|
|
||||||
# /etc/systemd/system/postgresql-iiab.service
|
# /etc/systemd/system/postgresql-iiab.service
|
||||||
- name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB
|
- name: Start 'postgresql-iiab' systemd service, to configure Moodle's DB
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -108,38 +92,53 @@
|
||||||
become: yes
|
become: yes
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
|
||||||
- name: Install {{ moodle_base }}/moodle_installer from template ('0755')
|
|
||||||
template:
|
|
||||||
src: moodle_installer
|
|
||||||
dest: "{{ moodle_base }}"
|
|
||||||
mode: '0755'
|
|
||||||
|
|
||||||
- name: (Re)Start 'postgresql-iiab' systemd service
|
- name: (Re)Start 'postgresql-iiab' systemd service
|
||||||
systemd:
|
systemd:
|
||||||
name: postgresql-iiab
|
name: postgresql-iiab
|
||||||
state: restarted
|
state: restarted
|
||||||
#enabled: yes # Service ends up enabled regardless
|
#enabled: yes # Service ends up enabled regardless
|
||||||
|
|
||||||
- name: (Re)Start '{{ apache_service }}' systemd service
|
|
||||||
systemd:
|
|
||||||
name: "{{ apache_service }}"
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: Does {{ moodle_base }}/config.php exist?
|
- name: Install {{ moodle_base }}/moodle_installer from template (0755)
|
||||||
stat:
|
template:
|
||||||
path: "{{ moodle_base }}/config.php"
|
src: moodle_installer
|
||||||
register: config
|
dest: "{{ moodle_base }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
- name: Execute {{ moodle_base }}/moodle_installer
|
- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation
|
||||||
shell: "{{ moodle_base }}/moodle_installer"
|
shell: "{{ moodle_base }}/moodle_installer"
|
||||||
when: config.stat.exists is defined and not config.stat.exists
|
args:
|
||||||
|
creates: "{{ moodle_base }}/config.php"
|
||||||
|
|
||||||
# 2021-02-01: Let's stick with Moodle's default (640)
|
# 2021-07-05: For /opt/iiab/moodle, let's stick with default permissions from
|
||||||
#- name: Make {{ moodle_base }}/config.php readable, with permission '0644'
|
# above (755 dirs & 644 files), and ownership (www-data:www-data), as we do in
|
||||||
# #command: chown -R {{ apache_user }} {{ moodle_base }}
|
# moodle/tasks/mathjax.yml
|
||||||
# file:
|
|
||||||
# path: "{{ moodle_base }}/config.php" # /opt/iiab/moodle
|
# 2021-07-05: Seems like a good idea but Moodle's permissions recommendations
|
||||||
# mode: '0644'
|
# at https://docs.moodle.org/20/en/Creating_Moodle_site_data_directory don't
|
||||||
|
# actually mandate this:
|
||||||
|
#
|
||||||
|
# - name: chmod -R o-rwx {{ moodle_data }} e.g. drwxrwsrwx to drwxrws---
|
||||||
|
# file:
|
||||||
|
# path: "{{ moodle_data }}" # /library/moodle
|
||||||
|
# mode: o-rwx
|
||||||
|
# recurse: yes
|
||||||
|
|
||||||
|
# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect
|
||||||
|
# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287
|
||||||
|
- name: Write extra parameters to {{ moodle_base }}/config.php -- "Setting Moodle and Nginx to use XSendfile functionality is a big win as it frees PHP from delivering files allowing Nginx to do what it does best, i.e. deliver files"
|
||||||
|
lineinfile:
|
||||||
|
path: "{{ moodle_base }}/config.php"
|
||||||
|
line: '$CFG->{{ item.name }} = {{ item.value }};'
|
||||||
|
insertbefore: '^\$CFG->directorypermissions'
|
||||||
|
with_items:
|
||||||
|
#- { name: 'backuptempdir', value: "'{{ moodlebox_moodle_data_dir }}/backup'" }
|
||||||
|
- { name: 'xsendfile', value: "'X-Accel-Redirect'" }
|
||||||
|
- { name: 'xsendfilealiases', value: "array('/dataroot/' => $CFG->dataroot)" }
|
||||||
|
#- { name: 'customfiletypes', value: "array(\n (object)array(\n 'extension' => 'crt',\n 'icon' => 'sourcecode',\n 'type' => 'application/x-x509-ca-cert',\n 'customdescription' => 'X.509 CA certificate'\n )\n)"}
|
||||||
|
#- { name: 'showcampaigncontent', value: 'false' }
|
||||||
|
|
||||||
|
- include_tasks: mathjax.yml
|
||||||
|
|
||||||
|
|
||||||
# RECORD Moodle AS INSTALLED
|
# RECORD Moodle AS INSTALLED
|
||||||
|
|
|
@ -29,19 +29,16 @@
|
||||||
postgresql_install: True
|
postgresql_install: True
|
||||||
postgresql_enabled: True # Revert just below if...
|
postgresql_enabled: True # Revert just below if...
|
||||||
|
|
||||||
- name: "Set 'postgresql_enabled: False' if 'not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)'"
|
- name: "Set 'postgresql_enabled: False' if not moodle_enabled"
|
||||||
set_fact:
|
set_fact:
|
||||||
postgresql_enabled: False
|
postgresql_enabled: False
|
||||||
when: not moodle_enabled and not (pathagar_enabled is defined and pathagar_enabled)
|
when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled)
|
||||||
|
|
||||||
- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL)
|
- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL)
|
||||||
include_role:
|
include_role:
|
||||||
name: postgresql
|
name: postgresql
|
||||||
|
|
||||||
|
|
||||||
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
|
|
||||||
include_tasks: apache.yml
|
|
||||||
|
|
||||||
- name: Enable/Disable/Restart NGINX
|
- name: Enable/Disable/Restart NGINX
|
||||||
include_tasks: nginx.yml
|
include_tasks: nginx.yml
|
||||||
|
|
||||||
|
|
27
roles/moodle/tasks/mathjax.yml
Normal file
27
roles/moodle/tasks/mathjax.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
# 2021-07-05: Thanks to https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/mathjax.yml
|
||||||
|
|
||||||
|
# Verify this Moodle plugin after installation at:
|
||||||
|
# http://box.lan/moodle/admin/plugins.php
|
||||||
|
# http://box.lan/moodle/admin/settings.php?section=filtersettingmathjaxloader
|
||||||
|
|
||||||
|
- name: Download (clone) MathJax library/plugin from https://github.com/mathjax/MathJax to {{ moodle_base }}/lib/MathJax
|
||||||
|
git:
|
||||||
|
repo: https://github.com/mathjax/MathJax # Or: git://github.com/mathjax/MathJax.git
|
||||||
|
dest: "{{ moodle_base }}/lib/MathJax" # /opt/iiab/moodle
|
||||||
|
#version: "{{ moodle_mathjax_version }}" # 2021-07-05: https://github.com/moodlebox/moodlebox/blob/master/default.config.yml uses 2.7.9 from 2020-08-25 -- whereas https://github.com/mathjax/MathJax/releases offers 3.2.0 from 2021-07-17
|
||||||
|
depth: 1
|
||||||
|
|
||||||
|
- name: chown -R {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/lib/MathJax
|
||||||
|
file:
|
||||||
|
path: "{{ moodle_base }}/lib/MathJax"
|
||||||
|
owner: "{{ apache_user }}" # www-data
|
||||||
|
group: "{{ apache_user }}" # MoodleBox uses {{ moodlebox_username }} set to 'moodlebox' in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml
|
||||||
|
#mode: ug+w,o-w # 2021-07-05: Let's stick with Moodle's default (755 dirs & 644 files), as we do in moodle/tasks/install.yml
|
||||||
|
recurse: yes
|
||||||
|
|
||||||
|
# SEE https://github.com/moodle/moodle/blob/master/filter/mathjaxloader/lang/en/filter_mathjaxloader.php
|
||||||
|
- name: Run {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader to change MathJax library/plugin URL
|
||||||
|
command: >
|
||||||
|
/usr/bin/php {{ moodle_base }}/admin/cli/cfg.php --component=filter_mathjaxloader --name=httpsurl --set=/lib/MathJax/MathJax.js
|
||||||
|
register: mathjax_url_result
|
||||||
|
changed_when: mathjax_url_result.rc == 0
|
|
@ -1,13 +1,37 @@
|
||||||
location /moodle {
|
# 2021-07-02: Let's monitor & learn from these 3 pages year-by-year:
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
# https://docs.moodle.org/311/en/Nginx
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
# https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml
|
||||||
proxy_set_header Host $host;
|
# https://github.com/moodlebox/moodlebox/blob/master/roles/webserver/templates/etc/nginx/sites-available/default.j2
|
||||||
proxy_pass http://127.0.0.1:{{ apache_port }};
|
|
||||||
|
# This passes 404 pages to Moodle so they can be themed
|
||||||
|
#error_page 404 /error/index.php; error_page 403 =404 /error/index.php;
|
||||||
|
|
||||||
|
# https://docs.moodle.org/311/en/Nginx#XSendfile_aka_X-Accel-Redirect
|
||||||
|
# https://github.com/moodle/moodle/blob/master/config-dist.php#L274-L287
|
||||||
|
location /dataroot/ {
|
||||||
|
internal;
|
||||||
|
alias {{ moodle_data }}/;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/moodle.*\.php$ {
|
location ~ ^/moodle(.*)\.php(.*)$ {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
alias {{ moodle_base }}$1.php$2;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
proxy_pass http://127.0.0.1:{{ apache_port }};
|
fastcgi_index index.php;
|
||||||
|
fastcgi_pass php;
|
||||||
|
|
||||||
|
fastcgi_read_timeout 300; # Default is 60s
|
||||||
|
|
||||||
|
include fastcgi_params; # fastcgi.conf also works
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
|
||||||
|
|
||||||
|
# Uncomment to override /etc/php/<VERSION>/fpm/php.ini -- FYI Stage 4's
|
||||||
|
# roles/www_options/tasks/main.yml FORCES these same settings and more
|
||||||
|
# (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True'
|
||||||
|
#fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000";
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/moodle {
|
||||||
|
root {{ iiab_base }};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
location ^/moodle {
|
|
||||||
alias /opt/iiab/moodle;
|
|
||||||
try_files $uri $uri/ index.php =404;
|
|
||||||
}
|
|
||||||
location ~ /moodle/(.*)\.php {
|
|
||||||
root /opt/iiab/;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
fastcgi_pass php;
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
||||||
}
|
|
13
roles/moodle/templates/moodle-nginx.conf.j2.unused
Normal file
13
roles/moodle/templates/moodle-nginx.conf.j2.unused
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
location /moodle {
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://127.0.0.1:{{ apache_port }};
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/moodle.*\.php$ {
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://127.0.0.1:{{ apache_port }};
|
||||||
|
}
|
|
@ -6,17 +6,25 @@
|
||||||
# a capital letter, in keeping with Internet-in-a-Box's other server apps?
|
# a capital letter, in keeping with Internet-in-a-Box's other server apps?
|
||||||
|
|
||||||
sudo -u {{ apache_user }} \
|
sudo -u {{ apache_user }} \
|
||||||
/usr/bin/php {{ moodle_base }}/admin/cli/install.php \
|
/usr/bin/php {{ moodle_base }}/admin/cli/install.php \
|
||||||
--wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \
|
--wwwroot=http://{{ iiab_hostname }}.{{ iiab_domain }}/moodle \
|
||||||
--dataroot={{ moodle_data }} \
|
--dataroot={{ moodle_data }} \
|
||||||
--dbtype=pgsql \
|
--dbtype=pgsql \
|
||||||
--dbname={{ moodle_database_name }} \
|
--dbname={{ moodle_database_name }} \
|
||||||
--dbuser=Admin --dbpass=changeme \
|
--dbuser=Admin --dbpass=changeme \
|
||||||
--fullname=Your_School \
|
--fullname=Your_School \
|
||||||
--shortname=School \
|
--shortname=School \
|
||||||
--adminuser=admin --adminpass=changeme \
|
--adminuser=admin --adminpass=changeme \
|
||||||
--non-interactive \
|
--non-interactive \
|
||||||
--agree-license \
|
--agree-license \
|
||||||
--allow-unstable # TEMPORARY DURING MAY 2018 TESTING
|
--allow-unstable # TEMPORARY DURING MAY 2018 TESTING
|
||||||
|
# 2021-07-05 ideas from https://github.com/moodlebox/moodlebox/blob/master/roles/moodleinstall/tasks/coreinstall.yml :
|
||||||
|
# --lang= # moodlebox_moodle_lang
|
||||||
|
# --dbtype=mariadb
|
||||||
|
# --prefix= # moodlebox_moodle_db_prefix
|
||||||
|
# --summary= # moodlebox_moodle_summary
|
||||||
|
# --adminemail= # moodlebox_moodle_username @ moodlebox_hostname .invalid
|
||||||
|
# Above vars set in https://github.com/moodlebox/moodlebox/blob/master/default.config.yml
|
||||||
|
|
||||||
chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php
|
# 2021-07-05: No longer needed
|
||||||
|
#chown {{ apache_user }}:{{ apache_user }} {{ moodle_base }}/config.php
|
||||||
|
|
|
@ -5,13 +5,14 @@
|
||||||
# - 7 DB config
|
# - 7 DB config
|
||||||
# - 2 record as installed
|
# - 2 record as installed
|
||||||
|
|
||||||
- name: 'Install MySQL packages: mariadb-server, mariadb-client (debuntu)'
|
- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql'
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- mariadb-server
|
- mariadb-server
|
||||||
- mariadb-client
|
- mariadb-client
|
||||||
|
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
||||||
|
- php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
state: present
|
state: present
|
||||||
when: is_debuntu
|
|
||||||
|
|
||||||
# 2020-07-11:
|
# 2020-07-11:
|
||||||
# 10 PHP package installs moved to roles/www_base/tasks/main.yml
|
# 10 PHP package installs moved to roles/www_base/tasks/main.yml
|
||||||
|
|
|
@ -25,19 +25,20 @@ The Nextcloud suite is divided into three main categories:
|
||||||
|
|
||||||
To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike>
|
To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike>
|
||||||
|
|
||||||
(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini:
|
(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network! So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini:
|
||||||
|
|
||||||
- upload_max_filesize
|
- upload_max_filesize
|
||||||
- post_max_size
|
- post_max_size
|
||||||
- memory_limit (Nextcloud recommends 512+ MB)
|
- memory_limit (Nextcloud recommends 512+ MB)
|
||||||
- max_execution_time
|
- max_execution_time
|
||||||
- max_input_time
|
- max_input_time
|
||||||
|
- max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+)
|
||||||
|
|
||||||
Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L47-L51](../www_options/tasks/main.yml#L47-L51)
|
Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133)
|
||||||
|
|
||||||
(4) If you're running Nextcloud 21+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these:
|
(4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs. In places like these:
|
||||||
|
|
||||||
- https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
|
- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
|
||||||
- https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml
|
- https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml
|
||||||
|
|
||||||
## Using It
|
## Using It
|
||||||
|
|
|
@ -40,38 +40,51 @@
|
||||||
# var: php_new
|
# var: php_new
|
||||||
|
|
||||||
|
|
||||||
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
|
# February 2020: See @m-anish's PR #2119 and follow-up PR #2258.
|
||||||
# 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs:
|
# 2021-04-11: If you're running Nextcloud 21+ in production, carefully check the latest required AND recommended prereqs:
|
||||||
# https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
|
# https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
|
||||||
- name: Install ffmpeg + libxml2 + 13 php packages
|
# 2021-06-27: Use this after Nextcloud 22 is released "2021-07-06" :
|
||||||
|
# https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
|
||||||
|
- name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify)
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
#- dnsutils # NOT REQUESTED by Nextcloud
|
#- dnsutils # NOT REQUESTED by Nextcloud
|
||||||
- ffmpeg # Optional (for preview generation)
|
- ffmpeg # Optional (for preview generation)
|
||||||
- libxml2 # php-libxml requires libxml2 >= 2.7.0
|
- libxml2 # php-libxml requires libxml2 >= 2.7.0
|
||||||
#- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED?
|
#- libapache2-mod-php # 2020-02-15: NO LONGER NEEDED?
|
||||||
- php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility"
|
- php{{ php_version }}-bcmath # Highly recommended by Nextcloud 21 for "improved performance and better compatibility" -- Likewise installed in pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
- php{{ php_version }}-bz2 # Optional (for extraction of apps)
|
- php{{ php_version }}-bz2 # OPTIONAL (for extraction of apps)
|
||||||
- php{{ php_version }}-cli # Likely optional? @jvonau says this drags in php{{ php_version }}-common as @m-anish wanted in PR #2119 / #2258
|
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
||||||
- php{{ php_version }}-curl
|
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
- php{{ php_version }}-gd
|
#- php{{ php_version }}-exif # Optional (for image rotation in pictures app) but somehow already installed in our PHP core.
|
||||||
- php{{ php_version }}-gmp # Optional (for SFTP storage)
|
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
||||||
- php{{ php_version }}-imagick # Optional (for preview generation)
|
- php{{ php_version }}-gmp # OPTIONAL (for SFTP storage)
|
||||||
- php{{ php_version }}-intl # Optional (increases language translation performance and fixes sorting of non-ASCII characters)
|
- php-imagick # OPTIONAL (for preview generation). BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in wordpress/tasks/install.yml
|
||||||
- php{{ php_version }}-json
|
- php{{ php_version }}-intl # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml
|
||||||
|
#- php{{ php_version }}-json # See stanza just below
|
||||||
#- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php)
|
#- php{{ php_version }}-libxml # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php)
|
||||||
- php{{ php_version }}-mbstring
|
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
- php{{ php_version }}-mysql
|
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
#- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT?
|
#- php{{ php_version }}-openssl # NOT INSTALLABLE: ENABLED BY DEFAULT?
|
||||||
#- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php-mysql handles this on all OS's?
|
#- php{{ php_version }}-pdo_mysql # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's?
|
||||||
#- php{{ php_version }}-redis # @m-anish future work?
|
#- php{{ php_version }}-redis # @m-anish future work?
|
||||||
#- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT?
|
#- php{{ php_version }}-session # NOT INSTALLABLE: ENABLED BY DEFAULT?
|
||||||
#- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration)
|
#- php{{ php_version }}-smbclient # Optional (SMB/CIFS integration)
|
||||||
- php{{ php_version }}-xml # NOT FORMALLY REQUESTED by Nextcloud (BUT hopefully delivers php-simplexml if not {php-xmlreader, php-xmlwriter} on Raspbian?)
|
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- Nextcloud's official requirements include {SimpleXML, XMLReader, XMLWriter} as confirmed by 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
|
||||||
- php{{ php_version }}-zip
|
#- php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove, as explained in moodle/tasks/install.yml
|
||||||
|
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
|
||||||
#- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT?
|
#- php{{ php_version }}-zlib # NOT INSTALLABLE: ENABLED BY DEFAULT?
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
|
||||||
|
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
|
||||||
|
#
|
||||||
|
#- name: Install php{{ php_version }}-json if PHP < 8.0
|
||||||
|
# package:
|
||||||
|
# name: php{{ php_version }}-json
|
||||||
|
# state: present
|
||||||
|
# when: php_version is version('8.0', '<')
|
||||||
|
|
||||||
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
|
# https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
|
||||||
#- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020)
|
#- name: Install 9 additional php packages, if OS is not Raspbian (these are not available on Raspbian on RPi, as of Feb 2020)
|
||||||
# package:
|
# package:
|
||||||
|
@ -94,7 +107,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud
|
path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud
|
||||||
|
|
||||||
- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (~449 MB, {{ apache_user }}:{{ apache_user }})
|
- name: Unarchive {{ nextcloud_dl_url }} (100+ MB) to {{ nextcloud_root_dir }} (434-450 MB, {{ apache_user }}:{{ apache_user }})
|
||||||
unarchive:
|
unarchive:
|
||||||
remote_src: yes # Overwrite even if "already exists on the target"
|
remote_src: yes # Overwrite even if "already exists on the target"
|
||||||
src: "{{ nextcloud_dl_url }}"
|
src: "{{ nextcloud_dl_url }}"
|
||||||
|
|
|
@ -16,4 +16,4 @@
|
||||||
state: restarted
|
state: restarted
|
||||||
with_items:
|
with_items:
|
||||||
- nginx
|
- nginx
|
||||||
- "php{{ php_version }}-fpm"
|
- php{{ php_version }}-fpm
|
||||||
|
|
|
@ -1,27 +1,31 @@
|
||||||
### Transition to NGINX
|
### Transition to NGINX
|
||||||
|
|
||||||
1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below.
|
1. Initial testing strategy (December 2019 - February 2020) was to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below.
|
||||||
|
|
||||||
Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below.
|
Until "Native" NGINX is later implemented for each such IIAB App/Service — allowing each to move up to *Section ii.* below.
|
||||||
|
|
||||||
|
And potentially later moving each up to *Section i.* if its Apache support is dropped!
|
||||||
|
|
||||||
And potentially later moving it up to *Section i.* if its Apache support is dropped!
|
|
||||||
|
|
||||||
(Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles))
|
(Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles))
|
||||||
|
|
||||||
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
|
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
|
||||||
|
|
||||||
3. Current state of IIAB App/Service migrations as of 2021-05-15:
|
3. Current state of IIAB App/Service migrations as of 2021-07-06: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
|
||||||
|
|
||||||
1. These support "Native" NGINX but ***NOT*** Apache
|
1. These support "Native" NGINX but ***NOT*** Apache
|
||||||
|
|
||||||
* Admin Console
|
* Admin Console
|
||||||
* captiveportal
|
* captiveportal
|
||||||
* IIAB documentation (http://box/info)
|
* IIAB documentation (http://box/info)
|
||||||
* jupyterhub
|
* jupyterhub
|
||||||
|
* moodle
|
||||||
|
* nodered
|
||||||
* osm-vector-maps
|
* osm-vector-maps
|
||||||
* OER2Go/RACHEL modules
|
* OER2Go/RACHEL modules
|
||||||
* usb_lib
|
* usb_lib
|
||||||
|
|
||||||
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
|
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
|
||||||
|
|
||||||
* awstats
|
* awstats
|
||||||
* calibre-web
|
* calibre-web
|
||||||
* gitea
|
* gitea
|
||||||
|
@ -34,16 +38,16 @@
|
||||||
* sugarizer
|
* sugarizer
|
||||||
* wordpress
|
* wordpress
|
||||||
|
|
||||||
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache.
|
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache.
|
||||||
|
|
||||||
* elgg
|
* elgg
|
||||||
* moodle
|
|
||||||
* nodered
|
|
||||||
|
|
||||||
4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
|
4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
|
||||||
|
|
||||||
* bluetooth
|
* bluetooth
|
||||||
* calibre (menu goes directly to port 8080)
|
* calibre (menu goes directly to port 8080)
|
||||||
* cups [(available on port 631) * shim not yet in place.]
|
* cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)]
|
||||||
* internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*]
|
* internetarchive (menu goes directly to port 4244) [*, [PR #2120](https://github.com/iiab/iiab/pull/2120)]
|
||||||
* kalite (menu goes directly to ports 8006-8008)
|
* kalite (menu goes directly to ports 8006-8008)
|
||||||
* minetest
|
* minetest
|
||||||
* mosquitto
|
* mosquitto
|
||||||
|
@ -55,4 +59,4 @@
|
||||||
* transmission
|
* transmission
|
||||||
* vnstat
|
* vnstat
|
||||||
|
|
||||||
[*] The 4 above starred roles could use improvement, as of 2021-05-15.
|
[*] The 4 above starred roles could use improvement, as of 2021-07-06.
|
||||||
|
|
|
@ -5,16 +5,15 @@
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
# 'when: apache_installed is defined' insuff b/c mysql's php installs apache2
|
# 'when: apache_installed is defined' insuff b/c mysql's php installs apache2
|
||||||
|
|
||||||
- name: Install required and helper packages for NGINX
|
- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3'
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name:
|
||||||
|
- libnginx-mod-http-subs-filter
|
||||||
|
- nginx-extras
|
||||||
|
- php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
|
||||||
|
- uwsgi # Admin Console & roles/captiveportal should really install
|
||||||
|
- uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these).
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
|
||||||
- nginx-extras
|
|
||||||
- uwsgi
|
|
||||||
- uwsgi-plugin-python3
|
|
||||||
- php-fpm
|
|
||||||
- libnginx-mod-http-subs-filter
|
|
||||||
|
|
||||||
# 2020-10-16: Removed per #2560
|
# 2020-10-16: Removed per #2560
|
||||||
#- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
|
#- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
|
||||||
|
@ -27,7 +26,7 @@
|
||||||
path: /etc/nginx/sites-enabled/default
|
path: /etc/nginx/sites-enabled/default
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf'
|
- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types'
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# IIAB notes:
|
# IIAB notes:
|
||||||
# /etc/nginx/sites-enabled is for server declarations
|
# /etc/nginx/conf.d/* are included by /etc/nginx/server.conf
|
||||||
# /etc/nginx/conf.d is for location declarations within the main server block
|
# /etc/nginx/sites-enabled/*.conf includes other sites
|
||||||
|
|
||||||
user www-data;
|
user www-data;
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
|
@ -79,6 +79,13 @@ http {
|
||||||
'' close;
|
'' close;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# 2021-06-22: Enables HTTP/1.1 byte-range, so Kolibri videos play on Apple
|
||||||
|
# and LG devices: https://github.com/learningequality/kolibri/issues/8164
|
||||||
|
# http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges
|
||||||
|
# This should help all roles! RECAP: when unproxied, Kolibri videos worked
|
||||||
|
# (http://box:8009/kolibri/) but not when proxied (http://box/kolibri/).
|
||||||
|
proxy_force_ranges on;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Virtual Host Configs
|
# Virtual Host Configs
|
||||||
##
|
##
|
||||||
|
|
|
@ -1,35 +1,35 @@
|
||||||
server {
|
server {
|
||||||
root {{ doc_root }};
|
root {{ doc_root }};
|
||||||
server_name {{ iiab_hostname }};
|
server_name {{ iiab_hostname }};
|
||||||
listen 80;
|
listen 80;
|
||||||
|
|
||||||
index index.php index.html index.htm;
|
|
||||||
|
|
||||||
# let individual services drop location blocks in conf.d
|
index index.php index.html index.htm;
|
||||||
include {{ nginx_conf_dir }}/*;
|
|
||||||
|
|
||||||
location ~ .*\.php$ {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
fastcgi_pass php;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
||||||
include fastcgi_params;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /cgi-bin {
|
|
||||||
root /usr/lib;
|
|
||||||
}
|
|
||||||
|
|
||||||
# if you don't like seeing all the errors for missing favicon.ico in root
|
# let individual services drop location blocks in conf.d
|
||||||
location = /favicon.ico { access_log off; log_not_found off; }
|
include {{ nginx_conf_dir }}/*;
|
||||||
|
|
||||||
# if you don't like seeing errors for a missing robots.txt in root
|
location ~ .*\.php$ {
|
||||||
location = /robots.txt { access_log off; log_not_found off; }
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
# this will prevent files like .htaccess .htpassword .secret etc from being served
|
proxy_set_header Host $host;
|
||||||
location ~ /\. { deny all; }
|
fastcgi_pass php;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||||
|
include fastcgi_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /cgi-bin {
|
||||||
|
root /usr/lib;
|
||||||
|
}
|
||||||
|
|
||||||
|
# if you don't like seeing all the errors for missing favicon.ico in root
|
||||||
|
location = /favicon.ico { access_log off; log_not_found off; }
|
||||||
|
|
||||||
|
# if you don't like seeing errors for a missing robots.txt in root
|
||||||
|
location = /robots.txt { access_log off; log_not_found off; }
|
||||||
|
|
||||||
|
# this will prevent files like .htaccess .htpassword .secret etc from being served
|
||||||
|
location ~ /\. { deny all; }
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,11 @@
|
||||||
# 2020-01-23: nodejs_install is completely ignored as Node.js is installed on
|
# 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed
|
||||||
# demand as a dependency -- by Node-RED, Sugarizer and/or Internet Archive --
|
# on demand as a dependency by 4 roles -- internetarchive (Internet Archive),
|
||||||
# but for now we set fake value 'nodejs_install: True' for
|
# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer:
|
||||||
# 'nodejs_installed is defined' tests e.g. in 0-init/tasks/validate_vars.yml
|
|
||||||
|
|
||||||
# nodejs_install: True
|
# nodejs_install: False
|
||||||
# nodejs_enabled: False
|
# nodejs_enabled: False
|
||||||
|
|
||||||
# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles:
|
# nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17
|
||||||
# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer)
|
|
||||||
|
|
||||||
# nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29
|
|
||||||
|
|
||||||
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
|
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
|
||||||
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
# /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
|
# /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
|
||||||
# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
|
# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
|
||||||
|
|
||||||
# Forces < 12 or > 12 to be removed, ignored if file is absent
|
# Forces < 16.x or > 16.x to be removed, ignored if file is absent
|
||||||
- name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
|
- name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
|
||||||
file:
|
file:
|
||||||
state: absent
|
state: absent
|
||||||
|
@ -40,14 +40,14 @@
|
||||||
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
|
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
|
||||||
|
|
||||||
# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
|
# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
|
||||||
# Forces < 12 or > 12 to be uninstalled
|
# Forces < 16.x or > 16.x to be uninstalled
|
||||||
- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }})
|
- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING Node.js {{ nodejs_version_installed.stdout }} (IF IT'S NOT {{ nodejs_version }})
|
||||||
package:
|
package:
|
||||||
name: nodejs
|
name: nodejs
|
||||||
state: absent
|
state: absent
|
||||||
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
|
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
|
||||||
|
|
||||||
# Forces == 12
|
# Forces == 16.x
|
||||||
- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
|
- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
|
||||||
debug:
|
debug:
|
||||||
msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"
|
msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# SEE VAR nodejs_version: 14.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR
|
# SEE VAR nodejs_version: 16.x IN /opt/iiab/iiab/vars/default_vars.yml (FOR
|
||||||
# NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml
|
# NOW!) AND IF NEC OVERRIDE THIS IN /etc/iiab/local_vars.yml
|
||||||
|
|
||||||
# Duplicate Node.js code unified by @jvonau. Revised by @holta. Used by:
|
# Duplicate Node.js code unified by @jvonau. Revised by @holta. Used by:
|
||||||
|
|
|
@ -1,15 +1,5 @@
|
||||||
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
|
# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js [8.x at the time]
|
||||||
set_fact:
|
# and npm to roles/nodejs/tasks/main.yml
|
||||||
apache_install: True
|
|
||||||
apache_enabled: True
|
|
||||||
|
|
||||||
- name: APACHE - run 'httpd' role
|
|
||||||
include_role:
|
|
||||||
name: httpd
|
|
||||||
|
|
||||||
|
|
||||||
# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) &
|
|
||||||
# npm to roles/nodejs/tasks/main.yml
|
|
||||||
|
|
||||||
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
|
- name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'"
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -48,7 +38,7 @@
|
||||||
state: absent
|
state: absent
|
||||||
when: nodered_install
|
when: nodered_install
|
||||||
|
|
||||||
# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED
|
# 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED
|
||||||
# environment, inspired by:
|
# environment, inspired by:
|
||||||
# https://nodered.org/docs/hardware/raspberrypi
|
# https://nodered.org/docs/hardware/raspberrypi
|
||||||
# https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered
|
# https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered
|
||||||
|
@ -112,18 +102,11 @@
|
||||||
dest: /etc/systemd/system/nodered.service
|
dest: /etc/systemd/system/nodered.service
|
||||||
# mode: '0666'
|
# mode: '0666'
|
||||||
|
|
||||||
- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template
|
|
||||||
template:
|
|
||||||
backup: yes
|
|
||||||
src: nodered.conf.j2
|
|
||||||
dest: "/etc/{{ apache_conf_dir }}/nodered.conf"
|
|
||||||
# mode: '0666'
|
|
||||||
|
|
||||||
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
|
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
|
||||||
- name: Enable proxy_wstunnel apache2 module
|
#- name: Enable proxy_wstunnel apache2 module
|
||||||
apache2_module:
|
# apache2_module:
|
||||||
state: present
|
# state: present
|
||||||
name: proxy_wstunnel
|
# name: proxy_wstunnel
|
||||||
|
|
||||||
|
|
||||||
# RECORD Node-RED AS INSTALLED
|
# RECORD Node-RED AS INSTALLED
|
||||||
|
|
|
@ -39,14 +39,8 @@
|
||||||
state: stopped
|
state: stopped
|
||||||
when: not nodered_enabled
|
when: not nodered_enabled
|
||||||
|
|
||||||
#- name: Enable/Disable/Restart Apache if primary
|
- name: Enable/Disable/Restart NGINX
|
||||||
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
|
|
||||||
include_tasks: apache.yml
|
|
||||||
#when: not nginx_enabled
|
|
||||||
|
|
||||||
- name: Enable/Disable/Restart NGINX if primary
|
|
||||||
include_tasks: nginx.yml
|
include_tasks: nginx.yml
|
||||||
when: nginx_enabled
|
|
||||||
|
|
||||||
|
|
||||||
- name: Add 'nodered' variable values to {{ iiab_ini_file }}
|
- name: Add 'nodered' variable values to {{ iiab_ini_file }}
|
||||||
|
|
|
@ -1,3 +1,26 @@
|
||||||
|
# 'nodered_port: 1880' is set in /opt/iiab/iiab/vars/default_vars.yml
|
||||||
|
# https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services
|
||||||
|
|
||||||
location /nodered/ {
|
location /nodered/ {
|
||||||
proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/;
|
proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#location /nodered/debug/ws/ {
|
||||||
|
# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws;
|
||||||
|
#
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection "upgrade";
|
||||||
|
#}
|
||||||
|
|
||||||
|
#location /nodered/comms/ {
|
||||||
|
# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms;
|
||||||
|
#
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection "upgrade";
|
||||||
|
#}
|
||||||
|
|
|
@ -170,16 +170,17 @@
|
||||||
dest: "{{ vector_map_path }}/maplist/index.html"
|
dest: "{{ vector_map_path }}/maplist/index.html"
|
||||||
force: yes
|
force: yes
|
||||||
|
|
||||||
- name: Get packages necessary for map installation
|
- name: "Install packages for map installation: python3-wget, php{{ php_version }}-sqlite3, python3-geojson, python3-pil"
|
||||||
package:
|
package:
|
||||||
state: present
|
state: present
|
||||||
name:
|
name:
|
||||||
- python3-wget
|
- python3-wget
|
||||||
- "php{{ php_version }}-sqlite3"
|
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
||||||
|
- php{{ php_version }}-sqlite3
|
||||||
- python3-geojson
|
- python3-geojson
|
||||||
- python3-pil
|
- python3-pil
|
||||||
|
|
||||||
- name: Copy a scripts to download tiles
|
- name: Copy 6 scripts to /usr/bin, for downloading tiles
|
||||||
get_url:
|
get_url:
|
||||||
url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/scripts/{{ item }}"
|
url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/scripts/{{ item }}"
|
||||||
dest: /usr/bin/
|
dest: /usr/bin/
|
||||||
|
|
|
@ -1,30 +1,39 @@
|
||||||
- name: FreePBX - Install dependencies
|
- name: FreePBX - Install dependencies (run 'php -m' or 'php -i' to verify PHP modules)
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- wget
|
- wget
|
||||||
- git
|
- git
|
||||||
- unixodbc # for Asterisk CDR (Call Detail Records)
|
- unixodbc # for Asterisk CDR (Call Detail Records)
|
||||||
- sudo # required by FreePBX install script
|
- sudo # required by FreePBX install script
|
||||||
- net-tools # required by FWConsole (command-line utility, that controls FreePBX)
|
- net-tools # required by FWConsole (command-line utility, that controls FreePBX)
|
||||||
- cron # required by FreePBX UCP package (User Control Panel)
|
- cron # required by FreePBX UCP package (User Control Panel)
|
||||||
- sox # required for CDR web-playback
|
- sox # required for CDR web-playback
|
||||||
- php
|
#- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
|
||||||
- php-pear
|
- php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
|
||||||
- php-cgi
|
- php{{ php_version }}-cgi
|
||||||
- php-common
|
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
||||||
- php-curl
|
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
|
||||||
- php-mbstring
|
- php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml
|
||||||
- php-gd
|
#- php{{ php_version }}-gettext
|
||||||
- php-mysql
|
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
|
||||||
# - php-gettext
|
- php{{ php_version }}-imap
|
||||||
- php-bcmath
|
#- php{{ php_version }}-json # See stanza just below
|
||||||
- php-zip
|
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
|
||||||
- php-xml
|
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
|
||||||
- php-imap
|
- php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
|
||||||
- php-json
|
- php{{ php_version }}-snmp
|
||||||
- php-snmp
|
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
|
||||||
- php-fpm
|
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
|
||||||
- libapache2-mod-php
|
- libapache2-mod-php
|
||||||
# - python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
|
#- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
|
||||||
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user
|
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
|
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
|
||||||
|
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
|
||||||
|
#
|
||||||
|
#- name: Install php{{ php_version }}-json if PHP < 8.0
|
||||||
|
# package:
|
||||||
|
# name: php{{ php_version }}-json
|
||||||
|
# state: present
|
||||||
|
# when: php_version is version('8.0', '<')
|
||||||
|
|
|
@ -4,6 +4,6 @@
|
||||||
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
|
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
|
||||||
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
|
||||||
|
|
||||||
phpmyadmin_version: 5.1.0
|
phpmyadmin_version: 5.1.1
|
||||||
phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages"
|
phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages"
|
||||||
phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz"
|
phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz"
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
# 2. DOWNLOAD+LINK /opt/iiab/sugarizer
|
# 2. DOWNLOAD+LINK /opt/iiab/sugarizer
|
||||||
|
|
||||||
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~717 MB)
|
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }} branch/version) from GitHub to /opt/iiab/{{ sugarizer_dir_version }} (DOWNLOADS ~469 MB)
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/llaske/sugarizer
|
repo: https://github.com/llaske/sugarizer
|
||||||
dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}"
|
dest: "{{ iiab_base }}/{{ sugarizer_dir_version }}"
|
||||||
|
|
|
@ -11,6 +11,33 @@
|
||||||
# and security enhancements using timestamps under /library/wordpress, as these
|
# and security enhancements using timestamps under /library/wordpress, as these
|
||||||
# can arise without warning when WordPress is online, since WordPress ~4.8
|
# can arise without warning when WordPress is online, since WordPress ~4.8
|
||||||
|
|
||||||
|
# 2021-06-29: PHP modules, covering "RECOMMENDED" and "OPTIONAL" sections here:
|
||||||
|
# https://make.wordpress.org/hosting/handbook/server-environment/
|
||||||
|
- name: Install libsodium23 + 8 PHP packages (run 'php -m' or 'php -i' to verify)
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- libsodium23 # Likewise installed in nginx/tasks/install.yml via php{{ php_version }}-fpm AND httpd/tasks/install.yml via libapache2-mod-php{{ php_version }} AND moodle/tasks/install.yml -- it can ALSO be auto-installed by phpX.Y-cgi OR phpX.Y-cli as confirmed by 'apt rdepends libsodium23' -- VERIFY USING 'php -i | grep sodium' AND 'apt list "*sodium*"'
|
||||||
|
- php{{ php_version }}-bcmath # OPTIONAL: Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
||||||
|
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
||||||
|
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
||||||
|
- php-imagick # BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps. Likewise installed in nextcloud/tasks/install.yml
|
||||||
|
- php{{ php_version }}-intl # OPTIONAL: Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml
|
||||||
|
#- php{{ php_version }}-json # See stanza just below
|
||||||
|
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
||||||
|
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
||||||
|
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
|
||||||
|
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
||||||
|
state: present
|
||||||
|
|
||||||
|
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
|
||||||
|
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
|
||||||
|
#
|
||||||
|
#- name: Install php{{ php_version }}-json if PHP < 8.0
|
||||||
|
# package:
|
||||||
|
# name: php{{ php_version }}-json
|
||||||
|
# state: present
|
||||||
|
# when: php_version is version('8.0', '<')
|
||||||
|
|
||||||
- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}
|
- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}
|
||||||
get_url:
|
get_url:
|
||||||
url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
|
url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
|
||||||
|
|
|
@ -1,23 +1,26 @@
|
||||||
# Role "www_base" runs here, probably in 3-BASE-SERVER.
|
# Role "www_base" runs here, probably in 3-BASE-SERVER.
|
||||||
# Role "www_options" runs later, likely in 4-SERVER-OPTIONS.
|
# Role "www_options" runs later, likely in 4-SERVER-OPTIONS.
|
||||||
|
|
||||||
- name: 'Install ~10 PHP packages (debuntu)'
|
# 2021-06-27: Antifragile roles can become less brittle by fully declaring
|
||||||
package:
|
# their own dependencies (i.e. for modularity, separation-of-concerns,
|
||||||
name:
|
# encapsulation, compartmentalization, scope sanity, etc).
|
||||||
# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC
|
#
|
||||||
- php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec?
|
#- name: Install 10 PHP packages (run 'php -m' or 'php -i' to verify)
|
||||||
- php{{ php_version }}-curl
|
# package:
|
||||||
- php{{ php_version }}-gd
|
# name:
|
||||||
- php{{ php_version }}-imap
|
# - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this unfortunately forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC
|
||||||
- php{{ php_version }}-ldap
|
# - php{{ php_version }}-common # 2021-06-27: @jvonau suggested this (2020-05-21) to avoid Apache packages dragged in above. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
|
||||||
- php{{ php_version }}-mysql
|
# - php{{ php_version }}-curl # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
|
||||||
- php{{ php_version }}-odbc
|
# - php{{ php_version }}-gd # 2021-06-30: Installed in moodle/tasks/main.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml
|
||||||
- php-pear
|
# - php{{ php_version }}-imap # 2021-06-27: Installed in pbx/tasks/freepbx_dependencies.yml
|
||||||
# - php{{ php_version }}-sqlite3 # 2020-07-10: Experimentally install this within roles/osm-vector-maps/tasks/install.yml only, as part of OSM fix PR #2464 for #2461.
|
# - php{{ php_version }}-ldap # 2021-06-27: Experimentally remove
|
||||||
- php{{ php_version }}-xml # Was below
|
# - php{{ php_version }}-mysql # 2021-06-30: Installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
|
||||||
- php{{ php_version }}-xmlrpc
|
# - php{{ php_version }}-odbc # 2021-06-27: Experimentally remove
|
||||||
state: present
|
# - php-pear # 2021-06-27: REQUIRED BY ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
|
||||||
when: is_debuntu
|
# - php{{ php_version }}-sqlite3 # 2020-07-10: Installed in osm-vector-maps/tasks/install.yml as part of OSM fix PR #2464 for #2461
|
||||||
|
# - php{{ php_version }}-xml # 2021-06-30: Installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/main.yml
|
||||||
|
# - php{{ php_version }}-xmlrpc # 2021-06-27: Experimentally remove -- SEE EXPLANATION IN moodle/tasks/main.yml
|
||||||
|
# state: present
|
||||||
|
|
||||||
- name: Using html.yml
|
- name: Using html.yml
|
||||||
include_tasks: html.yml
|
include_tasks: html.yml
|
||||||
|
|
|
@ -49,17 +49,17 @@
|
||||||
when:
|
when:
|
||||||
lxde_present.stat.exists and chromium_present.stat.exists
|
lxde_present.stat.exists and chromium_present.stat.exists
|
||||||
|
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled'
|
msg: 'THE 5 ANSIBLE STANZAS BELOW ONLY RUN... when: moodle_install or nextcloud_install or pbx_install or wordpress_install'
|
||||||
|
|
||||||
- block: # 3-STANZA BLOCK BEGINS
|
- block: # 5-STANZA BLOCK BEGINS
|
||||||
|
|
||||||
# FYI roles/nginx has already installed package php-fpm, in 3-base-server
|
# roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server
|
||||||
|
|
||||||
- name: Raise 2+2 PHP default values in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/Moodle/PBX (allow photos/docs up to 100MB, 100s timeouts, but preserve PHP's 128MB RAM limit)
|
- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "/etc/php/{{ php_version }}/fpm/php.ini"
|
path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
|
||||||
#path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
|
|
||||||
regexp: "{{ item.regexp }}"
|
regexp: "{{ item.regexp }}"
|
||||||
line: "{{ item.line }}"
|
line: "{{ item.line }}"
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -68,20 +68,38 @@
|
||||||
- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }
|
- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }
|
||||||
- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }
|
- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }
|
||||||
- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }
|
- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }
|
||||||
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requests 5000' }
|
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
|
||||||
when: not nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled
|
when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
|
||||||
|
|
||||||
# 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause
|
- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)"
|
||||||
# (to reset/restore PHP's defaults) is not necessary at this time.
|
lineinfile:
|
||||||
|
path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
|
||||||
|
regexp: "{{ item.regexp }}"
|
||||||
|
line: "{{ item.line }}"
|
||||||
|
with_items:
|
||||||
|
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M ; default is 2M' }
|
||||||
|
- { regexp: '^post_max_size', line: 'post_max_size = 100M ; default is 8M' }
|
||||||
|
- { regexp: '^max_execution_time', line: 'max_execution_time = 100 ; default is 30' }
|
||||||
|
- { regexp: '^max_input_time', line: 'max_input_time = 100 ; default is 60' }
|
||||||
|
- { regexp: '^memory_limit', line: 'memory_limit = 128M ; default is 128M / Nextcloud requests 512M' }
|
||||||
|
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
|
||||||
|
when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
|
||||||
|
|
||||||
# COMPARE apache_allow_sudo further below.
|
# 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional
|
||||||
|
# clauses (to reset/restore PHP's defaults) are not necessary at this time.
|
||||||
|
|
||||||
|
# 2021-06-28: WITH PHP 8, MOODLE'S CLI INSTALLER UNFORTUNATELY *REQUIRES*
|
||||||
|
# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- even though during
|
||||||
|
# regular operation it instead uses .../apache2/php.ini or .../fpm/php.ini
|
||||||
|
#
|
||||||
|
# SEE ALSO roles/moodle/tasks/install.yml WHERE SIMILAR SURGERY'S DONE TO
|
||||||
|
# /etc/php/{{ php_version }}/apache2/php.ini UNTIL MOODLE'S PORTED TO NGINX!
|
||||||
|
|
||||||
# WARNING: This might cause excess use of RAM/disk or other resources!
|
# WARNING: This might cause excess use of RAM/disk or other resources!
|
||||||
# The 5 values below were chosen by @ericnitschke and @kananigit in ~2018.
|
# The 5 first values below were chosen by @ericnitschke and @kananigit in ~2018.
|
||||||
- name: Enact nginx_high_php_limits in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Nextcloud/Moodle/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, 512MB RAM limit)
|
- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "/etc/php/{{ php_version }}/fpm/php.ini"
|
path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
|
||||||
#path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
|
|
||||||
regexp: "{{ item.regexp }}"
|
regexp: "{{ item.regexp }}"
|
||||||
line: "{{ item.line }}"
|
line: "{{ item.line }}"
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -90,15 +108,29 @@
|
||||||
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
|
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
|
||||||
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
|
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
|
||||||
- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }
|
- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }
|
||||||
- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requests 5000' }
|
- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
|
||||||
when: nginx_high_php_limits # REMINDER: THIS ENTIRE 3-STANZA BLOCK IS ONLY INVOKED... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled
|
when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
|
||||||
|
|
||||||
|
- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini
|
||||||
|
regexp: "{{ item.regexp }}"
|
||||||
|
line: "{{ item.line }}"
|
||||||
|
with_items:
|
||||||
|
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }
|
||||||
|
- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }
|
||||||
|
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
|
||||||
|
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
|
||||||
|
- { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' }
|
||||||
|
- { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
|
||||||
|
when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
|
||||||
|
|
||||||
- name: Restart 'php{{ php_version }}-fpm' systemd service
|
- name: Restart 'php{{ php_version }}-fpm' systemd service
|
||||||
systemd:
|
systemd:
|
||||||
name: "php{{ php_version }}-fpm"
|
name: php{{ php_version }}-fpm
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled # 3-STANZA BLOCK ENDS
|
when: moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE apache_allow_sudo conditionals below.
|
||||||
|
|
||||||
|
|
||||||
# 'Is a "Rapid Power Off" button possible for low-electricity environments?'
|
# 'Is a "Rapid Power Off" button possible for low-electricity environments?'
|
||||||
|
|
|
@ -9,31 +9,32 @@
|
||||||
|
|
||||||
APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint
|
APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint
|
||||||
CURR_VER=undefined # Ansible version you currently have installed
|
CURR_VER=undefined # Ansible version you currently have installed
|
||||||
GOOD_VER=2.11.0 # Orig for 'yum install [rpm]' & XO laptops (pip install)
|
GOOD_VER=2.11.2 # Orig for 'yum install [rpm]' & XO laptops (pip install)
|
||||||
|
|
||||||
|
# 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and
|
||||||
|
# .gpg key etc) are commented out with ### below. Associated guidance/comments
|
||||||
|
# are intentionally preserved.
|
||||||
|
|
||||||
# 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive
|
# 2021-05-19 PR #2743: As a result of Ansible / Red Hat / IBM's extensive
|
||||||
# delays in publishing the PPA (.deb installer files) for ansible-core, this
|
# delays in publishing the PPA (.deb installer files) for ansible-core, this
|
||||||
# file bypasses the apt approach (and associated PPA source) in favor of:
|
# file bypasses the apt approach (and associated PPA source) in favor of:
|
||||||
#
|
#
|
||||||
# pip3 install ansible-core
|
# pip3 install --upgrade ansible-core
|
||||||
#
|
|
||||||
# What the future holds for 2022+ is not yet clear. So the apt approach (with
|
|
||||||
# PPA source in /etc/apt/sources.list.d and .gpg key etc) and much associated
|
|
||||||
# guidance/comments below are NOT being commented out or deleted at this time.
|
|
||||||
|
|
||||||
# We install the latest 'ansible-core' from PPA, using an OS 'CODENAME' below:
|
# 2021-02-25: Latest 'ansible-base' was being installed from PPA, using either
|
||||||
# https://launchpad.net/~ansible/+archive/ubuntu/ansible
|
# OS 'CODENAME' below: https://launchpad.net/~ansible/+archive/ubuntu/ansible
|
||||||
|
|
||||||
# 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED)
|
# 'lsb_release -sc' gives Mint 20 codename 'ulyana' etc: (TOO FINE-GRAINED)
|
||||||
if grep -q buster /etc/os-release /etc/debian_version; then
|
###if grep -q buster /etc/os-release /etc/debian_version; then
|
||||||
CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros
|
### CODENAME=bionic # Debian 10, RaspiOS 10 & Buster-like distros
|
||||||
else
|
###else
|
||||||
CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC)
|
### CODENAME=focal # Debian 11+, RaspiOS 11+, Ubuntu 20.04+, Mint 20+ (ETC)
|
||||||
fi
|
###fi
|
||||||
|
|
||||||
# APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+):
|
# APRIL 2021 - ansible-base (2.10) was renamed to ansible-core (2.11+):
|
||||||
# https://www.ansible.com/blog/ansible-3.0.0-qa
|
# https://www.ansible.com/blog/ansible-3.0.0-qa
|
||||||
# https://github.com/ansible/ansible/releases
|
# https://github.com/ansible/ansible/releases
|
||||||
|
# https://github.com/ansible/ansible/commits/stable-2.11
|
||||||
# https://pypi.org/project/ansible-base/
|
# https://pypi.org/project/ansible-base/
|
||||||
# https://pypi.org/project/ansible-core/
|
# https://pypi.org/project/ansible-core/
|
||||||
# https://releases.ansible.com/ansible-base/
|
# https://releases.ansible.com/ansible-base/
|
||||||
|
@ -47,25 +48,24 @@ fi
|
||||||
# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_10.rst
|
# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_10.rst
|
||||||
# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_11.rst
|
# https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_11.rst
|
||||||
|
|
||||||
# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689, #2742 or #2743 ?)
|
# FYI .travis.yml installs ansible-core in a slightly different way (PRs #2689 & #2743)
|
||||||
|
|
||||||
# IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below
|
# IIAB implementers might instead consider these 4 GENERAL TECHNIQUES below
|
||||||
# ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible:
|
# ("in an emergency!") e.g. if apt fails & you need a newer/older Ansible:
|
||||||
|
|
||||||
# TEMPORARILY USE pip3 to install the latest ansible-core as listed at
|
# TEMPORARILY USE pip3 to install the latest ansible-core as listed at
|
||||||
# https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core")
|
# https://pypi.org/project/ansible-core/ (REMOVE W/ "pip3 uninstall ansible-core")
|
||||||
#apt install python3-pip
|
|
||||||
#pip3 install ansible-core # Then start a new shell, so /usr/local/bin works
|
|
||||||
#apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv
|
#apt install python3-pymysql python3-psycopg2 python3-passlib python3-pip python3-setuptools python3-packaging python3-venv virtualenv
|
||||||
|
#pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works
|
||||||
#ansible-galaxy collection install -r collections.yml
|
#ansible-galaxy collection install -r collections.yml
|
||||||
|
|
||||||
# TEMPORARILY USE ansible-base 2.10.9 (REMOVE W/ "pip3 uninstall ansible-base")
|
# TEMPORARILY USE ansible-base 2.10.11 (REMOVE W/ "pip3 uninstall ansible-base")
|
||||||
#apt install python3-pip
|
#apt install python3-pip
|
||||||
#pip3 install ansible-base==2.10.9 # Start new shell, so /usr/local/bin works
|
#pip3 install ansible-base==2.10.11 # Start new shell, so /usr/local/bin works
|
||||||
|
|
||||||
# TEMPORARILY USE ANSIBLE 2.9.21 (REMOVE IT WITH "pip uninstall ansible")
|
# TEMPORARILY USE ANSIBLE 2.9.23 (REMOVE IT WITH "pip3 uninstall ansible")
|
||||||
#apt install python3-pip
|
#apt install python3-pip
|
||||||
#pip3 install ansible==2.9.21
|
#pip3 install ansible==2.9.23
|
||||||
|
|
||||||
# TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669
|
# TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669
|
||||||
#echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"
|
#echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"
|
||||||
|
@ -77,7 +77,7 @@ export DEBIAN_FRONTEND=noninteractive
|
||||||
# Why 'noninteractive' appears needed:
|
# Why 'noninteractive' appears needed:
|
||||||
# https://github.com/iiab/iiab/issues/564#issuecomment-347264985
|
# https://github.com/iiab/iiab/issues/564#issuecomment-347264985
|
||||||
|
|
||||||
echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE)\n"
|
echo -e "\n\nYOU ARE RUNNING: /opt/iiab/iiab/scripts/ansible (TO INSTALL ANSIBLE ETC)\n"
|
||||||
#echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n'
|
#echo -e 'Alternative: /opt/iiab/iiab/scripts/ansible-2.9.x ("Slow Food")\n'
|
||||||
|
|
||||||
echo -e "RECOMMENDED PREREQUISITES:"
|
echo -e "RECOMMENDED PREREQUISITES:"
|
||||||
|
@ -121,8 +121,8 @@ fi
|
||||||
#$APT_PATH/apt update
|
#$APT_PATH/apt update
|
||||||
#$APT_PATH/apt -y install dirmngr
|
#$APT_PATH/apt -y install dirmngr
|
||||||
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
|
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
|
||||||
echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
|
###echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu $CODENAME main" \
|
||||||
> /etc/apt/sources.list.d/iiab-ansible.list
|
### > /etc/apt/sources.list.d/iiab-ansible.list
|
||||||
|
|
||||||
# In future we might instead consider 'add-apt-repository ppa:ansible/ansible'
|
# In future we might instead consider 'add-apt-repository ppa:ansible/ansible'
|
||||||
# or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined
|
# or 'apt-add-repository ppa:ansible/bionic/ansible' etc, e.g. for streamlined
|
||||||
|
@ -140,25 +140,26 @@ echo "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.la
|
||||||
# 2021-04-26: JV & @holta WIP: (see above)
|
# 2021-04-26: JV & @holta WIP: (see above)
|
||||||
#echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n'
|
#echo -e '\nIF YOU FACE ERROR "signatures couldn'"'"'t be verified because the public key is not available" THEN REPEATEDLY RE-RUN "sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367"\n'
|
||||||
#apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
|
#apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
|
||||||
cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
|
###cp /opt/iiab/iiab/scripts/iiab-ansible-keyring.gpg /usr/share/keyrings/iiab-ansible-keyring.gpg
|
||||||
#chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg
|
#chmod 644 /usr/share/keyrings/iiab-ansible-keyring.gpg
|
||||||
|
|
||||||
echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
|
###echo -e 'PPA source "deb [signed-by=/usr/share/keyrings/iiab-ansible-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu '$CODENAME' main"'
|
||||||
echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n"
|
###echo -e "successfully saved to /etc/apt/sources.list.d/iiab-ansible.list\n"
|
||||||
echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO"
|
###echo -e "IF *OTHER* ANSIBLE SOURCES APPEAR BELOW, PLEASE MANUALLY REMOVE THEM TO"
|
||||||
echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n'
|
###echo -e 'ENSURE ANSIBLE UPDATES CLEANLY: (then re-run this script to be sure!)\n'
|
||||||
grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error)
|
###grep '^deb .*ansible' /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v '^/etc/apt/sources.list.d/iiab-ansible.list:' || true # Override bash -e (instead of aborting at 1st error)
|
||||||
|
|
||||||
echo -e "\napt update; apt install ansible-core and python3 dependencies explained at:"
|
echo -e "\napt update; apt install of python3-* / virtualenv packages explained at:"
|
||||||
echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n"
|
echo -e "https://github.com/iiab/iiab/blob/master/scripts/ansible.md\n"
|
||||||
$APT_PATH/apt update
|
$APT_PATH/apt update
|
||||||
$APT_PATH/apt -y install python3-pip
|
|
||||||
pip3 install ansible-core
|
|
||||||
#$APT_PATH/apt -y --allow-downgrades install ansible-core \
|
#$APT_PATH/apt -y --allow-downgrades install ansible-core \
|
||||||
$APT_PATH/apt -y --allow-downgrades install \
|
$APT_PATH/apt -y install \
|
||||||
python3-pymysql python3-psycopg2 python3-passlib python3-pip \
|
python3-pymysql python3-psycopg2 python3-passlib python3-pip \
|
||||||
python3-setuptools python3-packaging python3-venv virtualenv
|
python3-setuptools python3-packaging python3-venv virtualenv
|
||||||
|
|
||||||
|
echo -e "\n\n'pip3 install --upgrade ansible-core' will now run:\n"
|
||||||
|
pip3 install --upgrade ansible-core
|
||||||
|
|
||||||
# (Re)running collection installs appears safe, with --force-with-deps to force
|
# (Re)running collection installs appears safe, with --force-with-deps to force
|
||||||
# upgrade of collection and dependencies it pulls in. Note Ansible may support
|
# upgrade of collection and dependencies it pulls in. Note Ansible may support
|
||||||
# explicit upgrading of collections (--upgrade / -U flag) in version "2.11"
|
# explicit upgrading of collections (--upgrade / -U flag) in version "2.11"
|
||||||
|
@ -178,7 +179,9 @@ ansible-galaxy collection install --force-with-deps \
|
||||||
#mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible
|
#mkdir -p /etc/ansible # LIKELY REDUNDANT, due to above installation of Ansible
|
||||||
#echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts
|
#echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts # LIKELY REDUNDANT, due to https://github.com/iiab/iiab/blob/master/ansible_hosts
|
||||||
|
|
||||||
echo -e "SUCCESS INSTALLING ANSIBLE! PLEASE VERIFY WITH COMMANDS LIKE:"
|
echo -e "\n\nSUCCESS! PLEASE VERIFY ANSIBLE WITH COMMANDS LIKE:\n"
|
||||||
echo -e " ansible --version"
|
echo -e " ansible --version"
|
||||||
echo -e " pip show ansible-core"
|
echo -e " pip show ansible-core"
|
||||||
echo -e " apt -a list ansible-core\n\n"
|
echo -e ' apt -a list "ansible*"'
|
||||||
|
echo -e " ansible-galaxy collection list\n"
|
||||||
|
echo -e "WARNING: Start a new Linux shell, if it changed from /usr/bin to /usr/local/bin\n\n"
|
||||||
|
|
|
@ -7,7 +7,7 @@ Starting in November 2019, IIAB's Ansible installer ([/opt/iiab/iiab/scripts/ans
|
||||||
1. Ansible module: [pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html)
|
1. Ansible module: [pip](https://docs.ansible.com/ansible/latest/modules/pip_module.html)
|
||||||
|
|
||||||
IIAB installs apt packages:
|
IIAB installs apt packages:
|
||||||
- **python3-pip** (for IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console))
|
- **python3-pip** (for `pip3 install ansible-core` & IIAB's [Admin Console](https://github.com/iiab/iiab-admin-console))
|
||||||
- **python3-setuptools**
|
- **python3-setuptools**
|
||||||
- **virtualenv** (is Python 3 only, for [roles/kalite](https://github.com/iiab/iiab/tree/master/roles/kalite) & [roles/calibre-web](https://github.com/iiab/iiab/tree/master/roles/calibre-web) ?) and pulls in additional packages... (`apt show virtualenv` shows "Depends: python3, python3-virtualenv")
|
- **virtualenv** (is Python 3 only, for [roles/kalite](https://github.com/iiab/iiab/tree/master/roles/kalite) & [roles/calibre-web](https://github.com/iiab/iiab/tree/master/roles/calibre-web) ?) and pulls in additional packages... (`apt show virtualenv` shows "Depends: python3, python3-virtualenv")
|
||||||
- **python3-virtualenv** and pulls in additional package... (`apt show python3-virtualenv` shows "Depends: python-pip-whl (>= 8.1.1-2), python3, python3-distutils, python3-pkg-resources")
|
- **python3-virtualenv** and pulls in additional package... (`apt show python3-virtualenv` shows "Depends: python-pip-whl (>= 8.1.1-2), python3, python3-distutils, python3-pkg-resources")
|
||||||
|
|
|
@ -60,8 +60,9 @@ OS_VER=$OS-$VERSION_ID
|
||||||
# 2020-10-21: Debian 11 (Bullseye) not yet supported but adding this line to
|
# 2020-10-21: Debian 11 (Bullseye) not yet supported but adding this line to
|
||||||
# its /etc/os-release can help testing this unreleased OS: VERSION_ID="11"
|
# its /etc/os-release can help testing this unreleased OS: VERSION_ID="11"
|
||||||
|
|
||||||
# 2020-11-14: Ubuntu 21.04 (Hirsute Hippo) not yet supported but this
|
# 2021-06-19: Ubuntu 21.10 (Impish Indri) not yet supported but this
|
||||||
# unreleased OS can help testing.
|
# unreleased OS can help testing. For now this means MANUALLY changing
|
||||||
|
# php_version: 7.4 to 8.0 in /opt/iiab/iiab/vars/ubuntu-21.yml
|
||||||
|
|
||||||
case $OS_VER in
|
case $OS_VER in
|
||||||
"debian-10" | \
|
"debian-10" | \
|
||||||
|
@ -69,7 +70,8 @@ case $OS_VER in
|
||||||
"ubuntu-20" | \
|
"ubuntu-20" | \
|
||||||
"ubuntu-21" | \
|
"ubuntu-21" | \
|
||||||
"linuxmint-20" | \
|
"linuxmint-20" | \
|
||||||
"raspbian-10")
|
"raspbian-10" | \
|
||||||
|
"raspbian-11")
|
||||||
;;
|
;;
|
||||||
*) OS_VER="OS_not_supported"
|
*) OS_VER="OS_not_supported"
|
||||||
;;
|
;;
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
|
# Every is_<OS> var is initially set to 'False' at the bottom of
|
||||||
|
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
|
||||||
is_debuntu: True
|
is_debuntu: True
|
||||||
is_debian: True
|
is_debian: True # Opposite of is_ubuntu for now
|
||||||
is_debian_10: True
|
is_debian_10: True
|
||||||
|
|
||||||
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True
|
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
|
# Every is_<OS> var is initially set to 'False' at the bottom of
|
||||||
|
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
|
||||||
is_debuntu: True
|
is_debuntu: True
|
||||||
is_debian: True
|
is_debian: True # Opposite of is_ubuntu for now
|
||||||
is_debian_11: True
|
is_debian_11: True
|
||||||
|
|
||||||
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True
|
# 2019-01-31: These apply if-only-if named_install and/or dhcpd_install are True
|
||||||
|
|
|
@ -265,9 +265,10 @@ nginx_log_dir: /var/log/nginx
|
||||||
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
|
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
|
||||||
nginx_high_php_limits: False
|
nginx_high_php_limits: False
|
||||||
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
|
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
|
||||||
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
|
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
|
||||||
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66
|
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
|
||||||
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
|
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
|
||||||
|
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
|
||||||
|
|
||||||
# Make this False to disable http://box/common/services/power_off.php button:
|
# Make this False to disable http://box/common/services/power_off.php button:
|
||||||
apache_allow_sudo: True
|
apache_allow_sudo: True
|
||||||
|
@ -392,6 +393,7 @@ lokole_enabled: False
|
||||||
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
|
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
|
||||||
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
|
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
|
||||||
lokole_sim_type: LocalOnly
|
lokole_sim_type: LocalOnly
|
||||||
|
lokole_client_id: None
|
||||||
|
|
||||||
mediawiki_install: False
|
mediawiki_install: False
|
||||||
mediawiki_enabled: False
|
mediawiki_enabled: False
|
||||||
|
@ -401,13 +403,12 @@ mosquitto_install: False
|
||||||
mosquitto_enabled: False
|
mosquitto_enabled: False
|
||||||
mosquitto_port: 1883
|
mosquitto_port: 1883
|
||||||
|
|
||||||
# 2020-09-24: BOTH VALUES BELOW ARE IGNORED as Node.js is installed on demand
|
# 2021-06-17: BOTH VALUES BELOW ARE INITIALLY IGNORED as Node.js is installed
|
||||||
# as a dependency -- by Node-RED, Sugarizer &/or Internet Archive
|
# on demand as a dependency by 4 roles -- internetarchive (Internet Archive),
|
||||||
|
# nodered (Node-RED), pbx (Asterix, FreePBX) &/or Sugarizer:
|
||||||
nodejs_install: False
|
nodejs_install: False
|
||||||
nodejs_enabled: False
|
nodejs_enabled: False
|
||||||
# Node.js version used by roles/nodejs/tasks/main.yml for 3 roles:
|
nodejs_version: 16.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29, 14.x til 2021-06-17
|
||||||
# nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer)
|
|
||||||
nodejs_version: 14.x # was 8.x til 2019-02-02, 10.x til 2019-12-21, 12.x til 2020-10-29
|
|
||||||
|
|
||||||
# Flow-based visual programming for wiring together IoT hardware devices etc
|
# Flow-based visual programming for wiring together IoT hardware devices etc
|
||||||
nodered_install: False
|
nodered_install: False
|
||||||
|
@ -432,7 +433,8 @@ nextcloud_enabled: False
|
||||||
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
|
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
|
||||||
|
|
||||||
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
|
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
|
||||||
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
|
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
|
||||||
|
# If using PBX intensively, set nginx_high_php_limits further above.
|
||||||
pbx_install: False
|
pbx_install: False
|
||||||
pbx_enabled: False
|
pbx_enabled: False
|
||||||
asterisk_chan_dongle: False
|
asterisk_chan_dongle: False
|
||||||
|
@ -456,7 +458,7 @@ kalite_root: "{{ content_base }}/ka-lite" # /library/ka-lite
|
||||||
|
|
||||||
kolibri_install: False
|
kolibri_install: False
|
||||||
kolibri_enabled: False
|
kolibri_enabled: False
|
||||||
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
|
kolibri_language: en # See KOLIBRI_SUPPORTED_LANGUAGES at the bottom of https://github.com/learningequality/kolibri/blob/develop/kolibri/utils/i18n.py
|
||||||
kolibri_http_port: 8009
|
kolibri_http_port: 8009
|
||||||
|
|
||||||
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
|
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
|
||||||
|
@ -473,6 +475,7 @@ kiwix_apk_src: https://download.kiwix.org/release/kiwix-android/kiwix.apk
|
||||||
postgresql_install: False
|
postgresql_install: False
|
||||||
postgresql_enabled: False
|
postgresql_enabled: False
|
||||||
|
|
||||||
|
# Warning: Moodle is a serious LMS, that takes a while to install.
|
||||||
moodle_install: False
|
moodle_install: False
|
||||||
moodle_enabled: False
|
moodle_enabled: False
|
||||||
# If using Moodle intensively, set nginx_high_php_limits further above.
|
# If using Moodle intensively, set nginx_high_php_limits further above.
|
||||||
|
@ -719,6 +722,7 @@ is_debian_9: False
|
||||||
is_debian_8: False
|
is_debian_8: False
|
||||||
|
|
||||||
is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian)
|
is_raspbian: False # Covers both: RPi HW + non-RPi HW versions of Raspberry Pi OS (Raspbian)
|
||||||
|
is_raspbian_11: False
|
||||||
is_raspbian_10: False
|
is_raspbian_10: False
|
||||||
is_raspbian_9: False
|
is_raspbian_9: False
|
||||||
is_raspbian_8: False
|
is_raspbian_8: False
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
|
# Every is_<OS> var is initially set to 'False' at the bottom of
|
||||||
|
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
|
||||||
is_debuntu: True
|
is_debuntu: True
|
||||||
is_ubuntu: True
|
is_ubuntu: True # Opposite of is_debian for now
|
||||||
is_ubuntu_20: True
|
is_ubuntu_20: True
|
||||||
is_linuxmint: True
|
is_linuxmint: True
|
||||||
is_linuxmint_20: True
|
is_linuxmint_20: True
|
||||||
|
|
|
@ -168,9 +168,10 @@ pi_swap_file_size: 1024
|
||||||
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
|
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
|
||||||
nginx_high_php_limits: False
|
nginx_high_php_limits: False
|
||||||
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
|
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
|
||||||
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
|
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
|
||||||
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66
|
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
|
||||||
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
|
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
|
||||||
|
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
|
||||||
|
|
||||||
# See also Apache vars {default_language, language_priority} @ top of this file
|
# See also Apache vars {default_language, language_priority} @ top of this file
|
||||||
#
|
#
|
||||||
|
@ -260,9 +261,6 @@ jupyterhub_enabled: True
|
||||||
# Lokole (email for rural communities) from https://ascoderu.ca
|
# Lokole (email for rural communities) from https://ascoderu.ca
|
||||||
lokole_install: True
|
lokole_install: True
|
||||||
lokole_enabled: True
|
lokole_enabled: True
|
||||||
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
|
|
||||||
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
|
|
||||||
lokole_sim_type: LocalOnly
|
|
||||||
|
|
||||||
mediawiki_install: True
|
mediawiki_install: True
|
||||||
mediawiki_enabled: True
|
mediawiki_enabled: True
|
||||||
|
@ -292,7 +290,8 @@ nextcloud_enabled: True
|
||||||
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
|
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
|
||||||
|
|
||||||
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
|
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
|
||||||
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
|
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
|
||||||
|
# If using PBX intensively, set nginx_high_php_limits further above.
|
||||||
pbx_install: False
|
pbx_install: False
|
||||||
pbx_enabled: False
|
pbx_enabled: False
|
||||||
asterisk_chan_dongle: False
|
asterisk_chan_dongle: False
|
||||||
|
@ -310,7 +309,7 @@ kalite_enabled: True
|
||||||
|
|
||||||
kolibri_install: True
|
kolibri_install: True
|
||||||
kolibri_enabled: True
|
kolibri_enabled: True
|
||||||
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
|
kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
|
||||||
|
|
||||||
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
|
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
|
||||||
kiwix_install: True
|
kiwix_install: True
|
||||||
|
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
|
||||||
calibreweb_url1: /books # For SHORT URL http://box/books (English)
|
calibreweb_url1: /books # For SHORT URL http://box/books (English)
|
||||||
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
|
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
|
||||||
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
|
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
|
||||||
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web
|
calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"
|
||||||
|
|
|
@ -168,9 +168,10 @@ pi_swap_file_size: 1024
|
||||||
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
|
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
|
||||||
nginx_high_php_limits: False
|
nginx_high_php_limits: False
|
||||||
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
|
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
|
||||||
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
|
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
|
||||||
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66
|
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
|
||||||
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
|
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
|
||||||
|
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
|
||||||
|
|
||||||
# See also Apache vars {default_language, language_priority} @ top of this file
|
# See also Apache vars {default_language, language_priority} @ top of this file
|
||||||
#
|
#
|
||||||
|
@ -260,9 +261,6 @@ jupyterhub_enabled: False
|
||||||
# Lokole (email for rural communities) from https://ascoderu.ca
|
# Lokole (email for rural communities) from https://ascoderu.ca
|
||||||
lokole_install: False
|
lokole_install: False
|
||||||
lokole_enabled: False
|
lokole_enabled: False
|
||||||
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
|
|
||||||
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
|
|
||||||
lokole_sim_type: LocalOnly
|
|
||||||
|
|
||||||
mediawiki_install: False
|
mediawiki_install: False
|
||||||
mediawiki_enabled: False
|
mediawiki_enabled: False
|
||||||
|
@ -292,7 +290,8 @@ nextcloud_enabled: True
|
||||||
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
|
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
|
||||||
|
|
||||||
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
|
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
|
||||||
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
|
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
|
||||||
|
# If using PBX intensively, set nginx_high_php_limits further above.
|
||||||
pbx_install: False
|
pbx_install: False
|
||||||
pbx_enabled: False
|
pbx_enabled: False
|
||||||
asterisk_chan_dongle: False
|
asterisk_chan_dongle: False
|
||||||
|
@ -310,7 +309,7 @@ kalite_enabled: True
|
||||||
|
|
||||||
kolibri_install: False
|
kolibri_install: False
|
||||||
kolibri_enabled: False
|
kolibri_enabled: False
|
||||||
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
|
kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
|
||||||
|
|
||||||
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
|
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
|
||||||
kiwix_install: True
|
kiwix_install: True
|
||||||
|
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
|
||||||
calibreweb_url1: /books # For SHORT URL http://box/books (English)
|
calibreweb_url1: /books # For SHORT URL http://box/books (English)
|
||||||
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
|
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
|
||||||
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
|
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
|
||||||
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web
|
calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"
|
||||||
|
|
|
@ -168,9 +168,10 @@ pi_swap_file_size: 1024
|
||||||
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
|
# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
|
||||||
nginx_high_php_limits: False
|
nginx_high_php_limits: False
|
||||||
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
|
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
|
||||||
# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
|
# roles/www_options & roles/moodle FORCE high limits if 'moodle_install: True'
|
||||||
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L52-L66
|
# REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS...
|
||||||
# ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
|
# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133
|
||||||
|
# ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php/<VERSION>/*/php.ini
|
||||||
|
|
||||||
# See also Apache vars {default_language, language_priority} @ top of this file
|
# See also Apache vars {default_language, language_priority} @ top of this file
|
||||||
#
|
#
|
||||||
|
@ -260,9 +261,6 @@ jupyterhub_enabled: False
|
||||||
# Lokole (email for rural communities) from https://ascoderu.ca
|
# Lokole (email for rural communities) from https://ascoderu.ca
|
||||||
lokole_install: False
|
lokole_install: False
|
||||||
lokole_enabled: False
|
lokole_enabled: False
|
||||||
# lokole_sim_type can be: 'hologram', 'Ethernet', 'LocalOnly', or 'mkwvconf'
|
|
||||||
# Details: https://github.com/ascoderu/lokole/blob/master/install.py#L35
|
|
||||||
lokole_sim_type: LocalOnly
|
|
||||||
|
|
||||||
mediawiki_install: False
|
mediawiki_install: False
|
||||||
mediawiki_enabled: False
|
mediawiki_enabled: False
|
||||||
|
@ -292,7 +290,8 @@ nextcloud_enabled: False
|
||||||
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
|
# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
|
||||||
|
|
||||||
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
|
# A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX.
|
||||||
# Works on Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi 3.
|
# Untested since Ubuntu 18.04, Debian 9 w/ Node.js 10.x. Experimental on RPi.
|
||||||
|
# If using PBX intensively, set nginx_high_php_limits further above.
|
||||||
pbx_install: False
|
pbx_install: False
|
||||||
pbx_enabled: False
|
pbx_enabled: False
|
||||||
asterisk_chan_dongle: False
|
asterisk_chan_dongle: False
|
||||||
|
@ -310,7 +309,7 @@ kalite_enabled: True
|
||||||
|
|
||||||
kolibri_install: False
|
kolibri_install: False
|
||||||
kolibri_enabled: False
|
kolibri_enabled: False
|
||||||
kolibri_language: en # ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu
|
kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans
|
||||||
|
|
||||||
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
|
# kiwix_install: True is REQUIRED, if you install IIAB's Admin Console
|
||||||
kiwix_install: True
|
kiwix_install: True
|
||||||
|
@ -409,4 +408,4 @@ calibreweb_port: 8083 # PORT VARIABLE HAS NO EFFECT (as of January 2019)
|
||||||
calibreweb_url1: /books # For SHORT URL http://box/books (English)
|
calibreweb_url1: /books # For SHORT URL http://box/books (English)
|
||||||
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
|
calibreweb_url2: /libros # For SHORT URL http://box/libros (Spanish)
|
||||||
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
|
calibreweb_url3: /livres # For SHORT URL http://box/livres (French)
|
||||||
calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web
|
calibreweb_home: /library/calibre-web # default_vars.yml uses: "{{ content_base }}/calibre-web"
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
|
# Every is_<OS> var is initially set to 'False' at the bottom of
|
||||||
|
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
|
||||||
is_debuntu: True
|
is_debuntu: True
|
||||||
is_debian: True
|
is_debian: True # Opposite of is_ubuntu for now
|
||||||
is_debian_10: True
|
is_debian_10: True
|
||||||
is_raspbian: True
|
is_raspbian: True
|
||||||
is_raspbian_10: True
|
is_raspbian_10: True
|
||||||
|
|
40
vars/raspbian-11.yml
Normal file
40
vars/raspbian-11.yml
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
# Every is_<OS> var is initially set to 'False' at the bottom of
|
||||||
|
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
|
||||||
|
is_debuntu: True
|
||||||
|
is_debian: True # Opposite of is_ubuntu for now
|
||||||
|
is_debian_11: True
|
||||||
|
is_raspbian: True
|
||||||
|
is_raspbian_11: True
|
||||||
|
|
||||||
|
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True
|
||||||
|
# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True)
|
||||||
|
dns_service: bind9
|
||||||
|
dns_user: bind
|
||||||
|
dhcp_service: isc-dhcp-server
|
||||||
|
|
||||||
|
proxy: squid
|
||||||
|
proxy_user: proxy
|
||||||
|
apache_service: apache2
|
||||||
|
apache_conf_dir: apache2/sites-available
|
||||||
|
apache_user: www-data
|
||||||
|
apache_log_dir: /var/log/apache2
|
||||||
|
smb_service: smbd
|
||||||
|
nmb_service: nmbd
|
||||||
|
systemctl_program: /bin/systemctl
|
||||||
|
mysql_service: mariadb
|
||||||
|
apache_log: /var/log/apache2/access.log
|
||||||
|
sshd_package: ssh
|
||||||
|
sshd_service: ssh
|
||||||
|
php_version: 7.4
|
||||||
|
postgresql_version: 13
|
||||||
|
systemd_location: /lib/systemd/system
|
||||||
|
python_ver: 3.9
|
||||||
|
|
||||||
|
# Minetest for RPi
|
||||||
|
minetest_server_bin: /library/games/minetest/bin/minetestserver
|
||||||
|
minetest_working_dir: /library/games/minetest
|
||||||
|
minetest_game_dir: /library/games/minetest/games/minetest_game
|
||||||
|
minetest_rpi_src_tar: minetest.5.1.1.tar.gz
|
||||||
|
#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}"
|
||||||
|
minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}"
|
||||||
|
minetest_rpi_src_untarred: Minetest
|
|
@ -1,5 +1,7 @@
|
||||||
|
# Every is_<OS> var is initially set to 'False' at the bottom of
|
||||||
|
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
|
||||||
is_debuntu: True
|
is_debuntu: True
|
||||||
is_ubuntu: True
|
is_ubuntu: True # Opposite of is_debian for now
|
||||||
is_ubuntu_20: True
|
is_ubuntu_20: True
|
||||||
|
|
||||||
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True
|
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
|
# Every is_<OS> var is initially set to 'False' at the bottom of
|
||||||
|
# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that:
|
||||||
is_debuntu: True
|
is_debuntu: True
|
||||||
is_ubuntu: True
|
is_ubuntu: True # Opposite of is_debian for now
|
||||||
is_ubuntu_21: True
|
is_ubuntu_21: True
|
||||||
|
|
||||||
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True
|
# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue