From be7f21eb982f8a1a30c3f506e5acd8fa5eebd7d0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 1 Sep 2018 21:35:25 +0000 Subject: [PATCH 01/25] virtual environment for kolibri --- roles/kolibri/defaults/main.yml | 4 ++-- roles/kolibri/tasks/main.yml | 32 ++++++++++++++++---------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 990ac7b5e..6c1347bd5 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -10,9 +10,9 @@ kolibri_home: "{{ content_base }}/kolibri" kolibri_http_port: 8009 kolibri_url: /kolibri/ -kolibri_path: "{{ iiab_base }}/kolibri" +kolibri_venv_path: /usr/local/kolibri # 2018-07-16: IIAB recommends /usr/bin but @arky says this isn't yet possible, due to pip -kolibri_exec_path: /usr/local/bin/kolibri +kolibri_exec_path: "{{ kolibri_venv_path }}/bin/kolibri" # Kolibri system user kolibri_user: kolibri diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 9372008fd..7a6f1462e 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -18,10 +18,13 @@ state: directory with_items: - "{{ kolibri_home }}" + - "{{ kolibri_venv_path }}" - name: Install kolibri using pip on all OS's pip: name: kolibri + virtualenv: "{{ kolibri_venv_path }}" + virtualenv_site_packages: no state: latest extra_args: --no-cache-dir when: internet_available @@ -36,9 +39,20 @@ with_items: - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service', mode: '0644' } -- name: Ask systemd to reread unit files (daemon-reload) +- name: Enable kolibri service systemd: + name: kolibri + enabled: yes + state: restarted daemon_reload: yes + when: kolibri_enabled + +- name: Disable kolibri service + systemd: + name: kolibri + enabled: no + state: stopped + when: not kolibri_enabled - name: Set kolibri default language shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" @@ -61,20 +75,6 @@ group: "{{ apache_user }}" recurse: yes -- name: Enable kolibri service - service: - name: kolibri - enabled: yes - state: restarted - when: kolibri_enabled - -- name: Disable kolibri service - service: - name: kolibri - enabled: no - state: stopped - when: not kolibri_enabled - - name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" @@ -89,7 +89,7 @@ - option: kolibri_url value: "{{ kolibri_url }}" - option: kolibri_path - value: "{{ kolibri_path }}" + value: "{{ kolibri_exec_path }}" - option: kolibri_port value: "{{ kolibri_http_port }}" - option: enabled From 0dd0fd323b9cbd0fb7b93eb2ef81a1a4de088038 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 1 Sep 2018 23:32:22 +0000 Subject: [PATCH 02/25] virtual environment calibre-web --- roles/calibre-web/defaults/main.yml | 4 ++-- roles/calibre-web/tasks/main.yml | 22 ++++++++++++++-------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/roles/calibre-web/defaults/main.yml b/roles/calibre-web/defaults/main.yml index ac47008c2..fc8ebd242 100644 --- a/roles/calibre-web/defaults/main.yml +++ b/roles/calibre-web/defaults/main.yml @@ -7,8 +7,8 @@ calibreweb_enabled: False calibreweb_port: 8083 calibreweb_url: /books -calibreweb_path: "{{ iiab_base }}/calibre-web" # /opt/iiab/calibre-web -calibreweb_exec_path: "{{ calibreweb_path }}/cps.py" +calibreweb_venv_path: /usr/local/calibre-web +calibreweb_exec_path: "{{ calibreweb_venv_path }}/cps.py" # calibre-web folder to store its data files. calibreweb_home: "{{ content_base }}/calibre-web" # /library/calibre-web diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 34f2b2b60..0dac5f597 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -7,14 +7,14 @@ state: directory with_items: - "{{ calibreweb_home }}" - - "{{ calibreweb_path }}" + - "{{ calibreweb_venv_path }}" - "{{ calibreweb_config }}" ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 - name: Download calibre-web github repository git: repo: https://github.com/janeczku/calibre-web.git - dest: "{{ calibreweb_path }}" + dest: "{{ calibreweb_venv_path }}" force: yes #update: yes depth: 1 @@ -30,13 +30,19 @@ # ignore_errors: True ## # Implementing this with Ansible command module for now. -- name: Download calibre-web dependencies into vendor subdirectory - command: pip install --target vendor -r ./requirements.txt - args: - chdir: "{{ calibreweb_path }}" - ignore_errors: True +- name: Download calibre-web dependencies into virtual environment + pip: + requirements: "{{ calibreweb_venv_path }}/requirements.txt" + virtualenv: "{{ calibreweb_venv_path }}" + virtualenv_site_packages: no when: internet_available +- name: Symlink 'vendor' to site-packages for python to keep cps.py happy' + file: + state: link + src: "{{ calibreweb_venv_path }}/lib/python2.7/site-packages" + dest: "{{ calibreweb_venv_path }}/vendor" + - name: Create calibre-web systemd service unit file and calibre-web.conf for Apache template: src: "{{ item.src }}" @@ -130,7 +136,7 @@ - option: calibreweb_url value: "{{ calibreweb_url }}" - option: calibreweb_path - value: "{{ calibreweb_path }}" + value: "{{ calibreweb_venv_path }}" - option: calibreweb_home value: "{{ calibreweb_home }}" - option: calibreweb_port From 7f9e8a7cf28ba7db3c0fbccbaf4868981e21886c Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Sep 2018 22:55:29 -0400 Subject: [PATCH 03/25] Update README.rst --- roles/kolibri/README.rst | 44 +++++++++++++--------------------------- 1 file changed, 14 insertions(+), 30 deletions(-) diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 197581251..56d82afe1 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -2,66 +2,50 @@ Kolibri README ============== -This Ansible role installs Kolibri within Internet-in-a-Box. Kolibri is an -open-source educational platform specially designed to provide offline access -to a wide range of quality, openly licensed educational contents in -low-resource contexts like rural schools, refugee camps, orphanages, and also -in non-formal school programs. +This Ansible role installs Kolibri within Internet-in-a-Box. Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs. -Access ------- +Using It +-------- -If enabled and with the default settings Kolibri should be accessible at http://box:8009 +If enabled and with the default settings Kolibri should be accessible at http://box:8009 (and in future at http://box/kolibri). -To login to Kolibri enter +To login to Kolibri enter:: Username: Admin - Password: changeme Configuration Parameters ------------------------ -Please look in defaults/main.yml for the default values of the various install parameters. Everything -in this readme assumes the default values. +Please look in roles/kolibri/defaults/main.yml for the default values of the various install parameters. Everything in this README assumes the default values. Automatic Device Provisioning ----------------------------- -When kolibri_provision is enabled, the installation will setup the following settings: +When kolibri_provision is enabled, the installation will setup the following settings:: Kolibri Facility name: 'Kolibri-in-a-Box' - - Kolibri Preset type: formal (Other options are nonformal, informal) - - Kolibri default language: en (Otherwise language are ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu) - + Kolibri Preset type: formal (Other options are nonformal, informal) + Kolibri default language: en (Otherwise language are ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu) Kolibri Admin User: Admin - Kolibri Admin password: changeme Cloning content --------------- -Kolibri 0.10 introduced `kolibri manage deprovision` which will remove -user configuration, leaving content intact. You can then copy/clone /library/kolibri -to a new location. +Kolibri 0.10 introduced `kolibri manage deprovision` which will remove user configuration, leaving content intact. You can then copy/clone /library/kolibri to a new location. Troubleshooting ---------------- -You can run the server manually with the following commands: - - systemctl stop kolibri (make sure the systemd service is not running) +You can run the server manually with the following commands:: + systemctl stop kolibri # Make sure the systemd service is not running export KOLIBRI_HOME=/library/kolibri - - export KOLIBRI_HTTP_PORT=8009 (otherwise Kolibri will try to run on default port 8080) - + export KOLIBRI_HTTP_PORT=8009 # Otherwise Kolibri will try to run on default port 8080 kolibri start -To return to using the systemd unit: +To return to using the systemd unit:: kolibri stop - systemctl start kolibri From 476c44ce133b0c413418e9301dc2383de319f705 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Sep 2018 22:58:59 -0400 Subject: [PATCH 04/25] Update main.yml --- roles/kolibri/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 7a6f1462e..40cdac2e4 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -39,7 +39,7 @@ with_items: - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service', mode: '0644' } -- name: Enable kolibri service +- name: Enable & (Re)Start kolibri service systemd: name: kolibri enabled: yes From d89263850852fbd7c610c55a8236a6a213e900e3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Sep 2018 23:44:04 -0400 Subject: [PATCH 05/25] Update README.rst --- roles/kolibri/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/README.rst b/roles/kolibri/README.rst index 56d82afe1..31c840e05 100644 --- a/roles/kolibri/README.rst +++ b/roles/kolibri/README.rst @@ -33,7 +33,7 @@ When kolibri_provision is enabled, the installation will setup the following set Cloning content --------------- -Kolibri 0.10 introduced `kolibri manage deprovision` which will remove user configuration, leaving content intact. You can then copy/clone /library/kolibri to a new location. +Kolibri 0.10 introduced `kolibri manage deprovision` which will remove user configuration, leaving content intact. You can then copy/clone /library/kolibri to a new location. Troubleshooting ---------------- From d6188db20f4f29ab0d72ca08a4247463ab95cfb8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 1 Sep 2018 23:51:15 -0400 Subject: [PATCH 06/25] Update main.yml --- roles/calibre-web/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 0dac5f597..23826b79e 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -37,7 +37,7 @@ virtualenv_site_packages: no when: internet_available -- name: Symlink 'vendor' to site-packages for python to keep cps.py happy' +- name: Symlink 'vendor' to site-packages for python to keep cps.py happy file: state: link src: "{{ calibreweb_venv_path }}/lib/python2.7/site-packages" From f810b9cde68187f24402e9c42f9f32f477ddd017 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:08:58 -0400 Subject: [PATCH 07/25] Update xscenet.conf.j2 --- roles/openvpn/templates/xscenet.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/openvpn/templates/xscenet.conf.j2 index 1dc3779f1..c99d8e743 100644 --- a/roles/openvpn/templates/xscenet.conf.j2 +++ b/roles/openvpn/templates/xscenet.conf.j2 @@ -1,4 +1,4 @@ -# Sample client-side OpenVPN config file for connecting to multi-client server. +# Sample client-side OpenVPN config file for connecting to multi-client server # # Adapted from http://openvpn.sourceforge.net/20notes.html # From 370267b1d95a0923c8ea7fba513c11b5c09afc9f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:31:11 -0400 Subject: [PATCH 08/25] Update main.yml --- roles/openvpn/tasks/main.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index b3e9ff51f..f2ca8c863 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -154,9 +154,10 @@ # /etc/iiab/openvpn_handle to xscenet.net -- and # "systemctl restart openvpn@xscenet" was failing completely (no matter how # many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net -- name: Enable & (Re)Start openvpn@xscenet tunnel +- name: Enable & (Re)Start PARENT service openvpn (it starts CHILD service openvpn@xscenet & tunnel) systemd: - name: openvpn@xscenet.service + name: openvpn + daemon_reload: yes enabled: yes state: restarted when: openvpn_enabled @@ -176,9 +177,9 @@ state: absent when: not openvpn_enabled or not openvpn_cron_enabled -- name: Disable & Stop openvpn@xscenet tunnel +- name: Disable & Stop PARENT service openvpn (it stops CHILD service openvpn@xscenet & tunnel) systemd: - name: openvpn@xscenet.service + name: openvpn enabled: no state: stopped when: not openvpn_enabled From 061047950e14bd044ec9ecedab8bbeaebb84d681 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:37:00 -0400 Subject: [PATCH 09/25] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index f2ca8c863..da051154c 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -162,13 +162,13 @@ state: restarted when: openvpn_enabled -- name: Enable hourly cron job for OpenVPN +- name: Enable hourly cron job for OpenVPN (typically for CentOS only?) lineinfile: path: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" when: openvpn_enabled and openvpn_cron_enabled -- name: Remove hourly cron job for OpenVPN +- name: Remove hourly cron job for OpenVPN (typically for CentOS only?) lineinfile: path: /etc/crontab regexp: "openvpn@xscenet" @@ -208,7 +208,7 @@ - option: name value: OpenVPN - option: description - value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." + value: "OpenVPN enables live/remote support by connecting machines anywhere on the Internet, via a middleman server, using Virtual Private Network (VPN) techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" # openvpn_handle variable can no longer be left completely undefined of August 2018 (EMPTY STRING "" IS TOLERATED, in which case OpenVPN server should use /etc/iiab/uuid in lieu of the handle) From 6f9bd1d14f1a0ec203331238d265bbe187605b34 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:46:30 -0400 Subject: [PATCH 10/25] Update main.yml --- roles/openvpn/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index da051154c..3a692efcc 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -154,7 +154,7 @@ # /etc/iiab/openvpn_handle to xscenet.net -- and # "systemctl restart openvpn@xscenet" was failing completely (no matter how # many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net -- name: Enable & (Re)Start PARENT service openvpn (it starts CHILD service openvpn@xscenet & tunnel) +- name: Enable & (Re)Start PARENT service openvpn, which (re)starts CHILD service openvpn@xscenet (& actual tunnel) systemd: name: openvpn daemon_reload: yes @@ -177,7 +177,7 @@ state: absent when: not openvpn_enabled or not openvpn_cron_enabled -- name: Disable & Stop PARENT service openvpn (it stops CHILD service openvpn@xscenet & tunnel) +- name: Disable & Stop PARENT service openvpn, which stops CHILD service openvpn@xscenet (& actual tunnel) systemd: name: openvpn enabled: no From 7a3c05c2129845f796d1c04c3a59adc03274fa15 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 17:58:01 -0400 Subject: [PATCH 11/25] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 3a692efcc..e361834db 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -162,7 +162,7 @@ state: restarted when: openvpn_enabled -- name: Enable hourly cron job for OpenVPN (typically for CentOS only?) +- name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?) lineinfile: path: /etc/crontab line: "25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null" From 810b196e20e063e0dcf9ba52ef16f9be793361ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 19:12:08 -0400 Subject: [PATCH 12/25] Update main.yml --- roles/openvpn/tasks/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index e361834db..9b34f45a3 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -154,12 +154,21 @@ # /etc/iiab/openvpn_handle to xscenet.net -- and # "systemctl restart openvpn@xscenet" was failing completely (no matter how # many times it was run) to transmit /etc/iiab/openvpn_handle to xscenet.net + +# 2018-09-02: OpenVPN had been starting tunnels by accident after reboot, +# with new IIAB installs. Fix below (https://github.com/iiab/iiab/pull/1079) +# changes most all instances below from PARENT service "openvpn@xscenet" to +# CHILD service "openpvn". See these 2 critical files to understand why: +# +# /etc/default/openvpn +# /etc/openvpn/xscenet.conf + - name: Enable & (Re)Start PARENT service openvpn, which (re)starts CHILD service openvpn@xscenet (& actual tunnel) systemd: name: openvpn daemon_reload: yes enabled: yes - state: restarted + state: restarted # 2018-09-02: Should we be concerned that "systemctl status openvpn" often shows "active (exited)" ? If so we might consider "state: started" or "state: reloaded" instead? when: openvpn_enabled - name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?) From c9915b7f3f08cd590636f84f81436fd574ff14f5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 23:51:28 -0400 Subject: [PATCH 13/25] Update install-support --- install-support | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/install-support b/install-support index b5ae9a12e..24785214a 100755 --- a/install-support +++ b/install-support @@ -1,17 +1,15 @@ #!/bin/bash -PLAYBOOK="iiab-base.yml" +PLAYBOOK="iiab-support.yml" INVENTORY="ansible_hosts" CWD=`pwd` export ANSIBLE_LOG_PATH="$CWD/iiab-install.log" -if [ ! -f $PLAYBOOK ] -then - echo "IIAB Playbook not found." - echo "Please run this command from the top level of the git repo." - echo "Exiting." - exit 1 +if [ ! -f $PLAYBOOK ]; then + echo -e "\nEXITING: $PLAYBOOK not found.\n" + echo -e "Please run this command from /opt/iiab/iiab (top of git repo).\n" + exit 1 fi sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml From 7e37b0d380d246efab747814f993e1424ef61efe Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 2 Sep 2018 23:59:19 -0400 Subject: [PATCH 14/25] Update and rename iiab-base.yml to iiab-support.yml --- iiab-base.yml | 13 ------------- iiab-support.yml | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 13 deletions(-) delete mode 100644 iiab-base.yml create mode 100644 iiab-support.yml diff --git a/iiab-base.yml b/iiab-base.yml deleted file mode 100644 index de2238008..000000000 --- a/iiab-base.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- hosts: all - become: yes - - vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - roles: - - { role: 0-init, tags: ['0-init'] } - - { role: 1-prep, tags: ['1-prep','platform','base'] } - - { role: openvpn, tags: ['openvpn'] } diff --git a/iiab-support.yml b/iiab-support.yml new file mode 100644 index 000000000..22b48df3c --- /dev/null +++ b/iiab-support.yml @@ -0,0 +1,14 @@ +--- +- hosts: all + become: yes + + vars_files: + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + + roles: + - { role: 0-init, tags: ['0-init'] } + #- { role: 1-prep, tags: ['1-prep', 'platform', 'base'] } + - { role: 1-prep, tags: ['1-prep'] } + - { role: openvpn, tags: ['openvpn'] } From e8b7c31b14889fa691b6d88d805efbcb04473255 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 00:00:33 -0400 Subject: [PATCH 15/25] Update iiab-from-console.yml --- iiab-from-console.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/iiab-from-console.yml b/iiab-from-console.yml index c6275a641..9756638b9 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -9,11 +9,11 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['0-init'] } - - { role: 4-server-options, tags: ['4-server-options'] } - - { role: 5-xo-services, tags: ['5-xo-services'] } - - { role: 6-generic-apps, tags: ['6-generic-apps'] } - - { role: 7-edu-apps, tags: ['7-edu-apps'] } - - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] } - - { role: 9-local-addons, tags: ['9-local-addons'] } - - { role: network, tags: ['network'] } + - { role: 0-init, tags: ['0-init'] } + - { role: 4-server-options, tags: ['4-server-options'] } + - { role: 5-xo-services, tags: ['5-xo-services'] } + - { role: 6-generic-apps, tags: ['6-generic-apps'] } + - { role: 7-edu-apps, tags: ['7-edu-apps'] } + - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] } + - { role: 9-local-addons, tags: ['9-local-addons'] } + - { role: network, tags: ['network'] } From b35416889932b6a0749a38ed625064f28461688e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 00:00:53 -0400 Subject: [PATCH 16/25] Update iiab-network.yml --- iiab-network.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-network.yml b/iiab-network.yml index 721bedac9..01f594449 100644 --- a/iiab-network.yml +++ b/iiab-network.yml @@ -9,5 +9,5 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['network'] } - - { role: network, tags: ['network','base'] } + - { role: 0-init, tags: ['network'] } + - { role: network, tags: ['network','base'] } From 2fee404ad45f9957089df25a7e88c7d58e41ea8f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 00:01:24 -0400 Subject: [PATCH 17/25] Update run-one-role.yml --- run-one-role.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run-one-role.yml b/run-one-role.yml index abd41ff1d..5b0ce5038 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -9,5 +9,5 @@ - /etc/iiab/config_vars.yml roles: - - { role: 0-init, tags: ['0-init'] } - - { role: "{{ role_to_run }}", tags: ['run'] } + - { role: 0-init, tags: ['0-init'] } + - { role: "{{ role_to_run }}", tags: ['run'] } From 56155622f19f770da975fac1508762028dc3ce1e Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 01:31:23 -0400 Subject: [PATCH 18/25] Update main.yml --- roles/calibre/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre/defaults/main.yml b/roles/calibre/defaults/main.yml index effe32dc4..bdf88373f 100644 --- a/roles/calibre/defaults/main.yml +++ b/roles/calibre/defaults/main.yml @@ -23,7 +23,7 @@ calibre_deb_url: http://download.iiab.io/packages # Must contain both packages for the pinned version, formatted as follows: # calibre_3.30.0+dfsg-1_all (25M, 2018-08-24) # calibre-bin_3.30.0+dfsg-1_armhf (742K, 2018-08-30) -calibre_deb_pin_version: 3.30.0 +calibre_deb_pin_version: 3.30.0+dfsg-1 # USE TO TEST debs.yml (RASPBIAN APPROACH!) ON DEBIAN 9.X: (now handled by calibre_via_debs in /opt/iiab/iiab/vars/*) #calibre_debs_on_debian: True From 4a291b1d628b45e599c4c11769d5de2ca3e88f00 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 01:31:30 -0400 Subject: [PATCH 19/25] Update debs.yml --- roles/calibre/tasks/debs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/calibre/tasks/debs.yml b/roles/calibre/tasks/debs.yml index 612404a2a..e00b46e0b 100644 --- a/roles/calibre/tasks/debs.yml +++ b/roles/calibre/tasks/debs.yml @@ -42,8 +42,8 @@ #backup: no timeout: "{{ download_timeout }}" with_items: - - calibre_{{ calibre_deb_pin_version }}+dfsg-1_all.deb - - calibre-bin_{{ calibre_deb_pin_version }}+dfsg-1_armhf.deb + - calibre_{{ calibre_deb_pin_version }}_all.deb + - calibre-bin_{{ calibre_deb_pin_version }}_armhf.deb when: is_rpi and internet_available - name: Install/Upgrade both, to PINNED version {{ calibre_deb_pin_version }} while using additional .deb's from testing (rpi) From 382b58ec71fa04f0be2830645d5c5d94289910f4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 10:52:40 -0400 Subject: [PATCH 20/25] Update main.yml --- roles/openvpn/tasks/main.yml | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 9b34f45a3..b5c67c030 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -44,27 +44,17 @@ - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" -- name: Create the directory for OpenVPN keys +- name: Create 3 directories for: OpenVPN keys, scripts & up_wan file: - dest: /etc/openvpn/keys + path: "{{ item }}" state: directory owner: root group: root mode: 0755 - -- name: Create the directory for scripts - file: - dest: /etc/openvpn/scripts - state: directory - owner: root - group: root - mode: 0755 - -# Comment out in future? Might still be relevant for CentOS but unused for ~2 years as of August 2018: -- name: Create folder /usr/lib/iiab (not on path) for iiab executable up_wan - file: - path: /usr/lib/iiab - state: directory + with_items: + - /etc/openvpn/keys + - /etc/openvpn/scripts + - /usr/lib/iiab # For executable up_wan. Comment out in future? Might still be relevant for CentOS but unused for ~2 years as of August 2018. - name: Configure OpenVPN (BACKS UP FILES IF CHANGED) template: @@ -121,9 +111,9 @@ template: src: 15-openvpn dest: /etc/NetworkManager/dispatcher.d/ - when: not is_debuntu + when: not is_debuntu # SHOULD THIS CONDITION ACT ON THE PRESENCE OF NETWORKMANAGER? e.g. some Ubuntu's use NM, others don't. -# Was buggy & unused for ~2 years as of August 2018: +# Was unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf) #- name: Check for manually configured OpenVPN tunnel # stat: # path: /etc/openvpn/iiab-vpn.conf From 120d147ff0312ce5f4cb0d3d4544ba85a0a2eb0c Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 10:53:52 -0400 Subject: [PATCH 21/25] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index b5c67c030..e77304208 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -32,7 +32,7 @@ # being used (instead of the full key) as an abbreviated regexp for now. # A backslash in front of each plus sign (+) would also work. -- name: Remove ssh public keys (if openvpn_install is False) +- name: Remove those ssh public keys (if openvpn_install is False) lineinfile: regexp: "{{ item }}" path: /root/.ssh/authorized_keys From bfda336895f4c5d1b70f78be0546e401f197b707 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 11:04:40 -0400 Subject: [PATCH 22/25] Update main.yml --- roles/openvpn/tasks/main.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index e77304208..c918e9829 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -86,16 +86,6 @@ # Buggy & rarely used as of August 2018: #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } -#- name: Save openvpn_handle variable into /etc/iiab/openvpn_handle (BACKS UP FILE IF CHANGED) -# template: -# src: openvpn_handle.j2 -# dest: /etc/iiab/openvpn_handle -# owner: root -# group: root -# mode: 0644 -# backup: yes -# when: openvpn_handle is defined - # up_wan was being installed twice (also above) and was unused for ~2 years # as of August 2018: (see 15-openvpn below) #- name: Put up_wan in place (debuntu) From b50d41171cc9a33c71353fdc12570fc0e71cc979 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 11:06:20 -0400 Subject: [PATCH 23/25] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index c918e9829..29949e906 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -44,7 +44,7 @@ - "tUM4hl009fbXY4Yy3bAadWL1CquVrZmKfBBWhyhz8zLD6TQ== ghunt@ip-192-168-123-123.ec2.internal$" - "heOMXXNU6skxdPh2fcHh0bzQcaCSQ== holt@crank$" -- name: Create 3 directories for: OpenVPN keys, scripts & up_wan +- name: "Create 3 directories for: OpenVPN keys, scripts & up_wan" file: path: "{{ item }}" state: directory From cee02d2d9b698c2c5e0a8de1decdd7fa8b06b60a Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 11:12:59 -0400 Subject: [PATCH 24/25] Update main.yml --- roles/openvpn/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 29949e906..a141dea47 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -103,7 +103,7 @@ dest: /etc/NetworkManager/dispatcher.d/ when: not is_debuntu # SHOULD THIS CONDITION ACT ON THE PRESENCE OF NETWORKMANAGER? e.g. some Ubuntu's use NM, others don't. -# Was unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf) +# Was obsolete/unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf) #- name: Check for manually configured OpenVPN tunnel # stat: # path: /etc/openvpn/iiab-vpn.conf From 472e40fa5de12f73c4fff3827094d4835d7592d8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 3 Sep 2018 11:29:46 -0400 Subject: [PATCH 25/25] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index a141dea47..3aab23281 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -79,11 +79,11 @@ - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' } # Comment out in future? Might still be relevant for CentOS but unused for ~2 years as of August 2018: - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' } - # Unused for ~2 years as of August 2018: + # Obsolete & unused for ~2 years as of August 2018: #- { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' } - # Buggy & rarely used as of August 2018: + # Obsolete & unused for ~2 years as of August 2018: #- { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', mode: '0644' } - # Buggy & rarely used as of August 2018: + # Obsolete & unused for ~2 years as of August 2018: #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' } # up_wan was being installed twice (also above) and was unused for ~2 years