external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-13 03:32:12 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into bug-327

Browse source
This commit is contained in:
A Holt 2017-11-09 06:13:19 -05:00 committed by GitHub
commit 63f619ad23
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
214 changed files with 3130 additions and 2049 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/ISSUE_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,5 @@
### Expected behavior and actual behavior.
### Steps to reproduce the problem.
### Specifications like the version of the IIAB, operating system version, or hardware details.

7
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,7 @@
### Fixes Bug
### Description of changes proposed in this pull request.
### Smoke-tested in operating system.
### Mention a team member for further information or comment using @ name

5
.gitignore vendored
View file

@ -1,4 +1,7 @@
xs-config.spec
build
deprecated
.patches
.ansible
*.patches
*.log
*.retry

42
.travis.yml Normal file
View file

@ -0,0 +1,42 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible, ansible-lint and ansible-review
- pip install ansible
- pip install ansible-review
# Check ansible, version
- ansible --version
- ansible-lint --version
- ansible-review --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Continuous integration: syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check -vvv
# Continous integration: ansible-list
- ansible-lint -p *yml
# Continous integration: ansible code review
- git ls-files *yml roles/ vars/ tests/ | xargs ansible-review
# Continouse integration: ansible code review of changes between master and current branch
- git diff master | ansible-review
#notifications:
# webhooks:

143
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,143 @@
Contributing to Internet-in-a-Box (IIAB)
=======================================
Internet-in-a-Box runs on various GNU/Linux operating systems such as Fedora, Ubuntu, Debian, CentOS and Raspbian.
You can install Internet-in-a-Box on most late model desktop and laptop computers. It also supports Intel NUC, Intel Gigabyte BRIX, OLPC XO-1.5, XO-1.75, XO-4, Raspberry Pi 2 and Raspberry Pi 3. A VirtualBox VM can also used for testing purposes. Using Docker containers however is not recommended as our Ansible provisioning system requires low-level access to the operating system.
Please refer to [IIAB Platforms](https://github.com/iiab/iiab/wiki/IIAB-Platforms) for more information.
Internet-in-a-Box uses [Ansible](https://www.ansible.com/) infrastructure automation tool to deploy and configure all software packages. Ansible uses [playbooks](http://docs.ansible.com/ansible/latest/playbooks.html) a human readable instruction files in YAML format. Playbooks are divided into hosts, roles and tasks.
```
├── roles
│ ├── 1-prep
│ │ ├─ defaults
| | | ├──main.yml (lowest precedence variable definitions, overridden by <repo_root>/vars/default_vars.yml, overridden by ./vars/local_vars.yml.
│ │ ├── README.rst
│ │ ├── tasks
| | | ├──main.yml (specifies the actions to install this role
│ │ └── templates
| | | ├<(text files where ansible variables are substituted, specified via {% <variable> %} containers-(jinja2 language).
│ ├── 2-common
│ │ ├── README.rst
│ │ ├── tasks
│ │ └── templates
```
At runtime, Ansible gathers system information and makes it available (called 'facts') and combines this with playbook defined 'variables' to guide the installation process. The execution follows a sequence of cascading steps:
1. Bash script `./runansible` follows instructions in `iiab.yml` in the root directory.
2. `iiab.yml` calls 9 aggregate roles (the numbered directories under `./roles/`).
3. Each aggregate role has a `<role>/meta/main.yml` which calls the individual named roles.
Please refer to the [IIAB Architecture](https://github.com/iiab/iiab/wiki/IIAB-Architecture) and [IIAB Variables]( https://github.com/iiab/iiab/wiki/IIAB-Variables) pages for more information.
Installation
============
Before you start the installation please refer to the [hardware section of FAQ](http://wiki.laptop.org/go/IIAB/FAQ#What_hardware_should_I_use.3F) page for memory, storage and network requirements for your platform. Also note that downloading content might take a long time on slower Internet connections.
If you are a developer, please consider [building Internet-in-a-Box from scratch](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch).
Please refer to the [IIAB Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) page for more information.
Setting up development environment
===================================
( This section uses experimental development environment for Internet-in-a-Box. It is being developed in the [iiab-dev-mode repository](https://github.com/arky/iiab-dev-mode). )
This section provide a quick setup of Internet-in-a-Box (IIAB) development environment using [Vagrant](https://www.vagrantup.com/). You will need a computer with [virtualization enabled](https://www.virtualbox.org/manual/UserManual.html) and git, Vagrant (2.0 or later) and [VirtualBox](https://www.virtualbox.org/) installed.
## Requirements
* git
* [Vagrant (2.0 or later)](https://www.vagrantup.com/)
* [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
* Editor ([Atom](www.atom.io), Emacs, vi, etc)
## Setup Instructions
1. Check out the repository and its submodules onto your development machine.
`git clone --recursive git@github.com:arky/iiab-dev-mode.git`
2. Change directory into 'iiab-dev-mode' with `cd iiab-dev-mode`. You can update all the submodules to latest master using `git submodule foreach git pull origin master`
3. Set up a vagrant machine with `vagrant up` and provision it with `vagrant provision`. Please select the available bridge network interface (wlan0 or eth0) that connects your host machine to the Internet.
4. Connect to your vagrant machine with `vagrant ssh`. All your local development files available as shared folder in `/opt/iiab` directory.
5. Install IIAB itself from the Ansible playbooks by following [IIAB Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch) instructions:
```
cd /opt/iiab/iiab/scripts/
./ansible
cd /opt/iiab/iiab/
./runansible
cd /opt/iiab/iiab-admin-console/
./install
cd /opt/iiab/iiab-menu/
./cp-menus
```
6. Hack away!
7. You can commit your local changes to your personal forks of Internet-in-a-Box repository and then send pull request to IIAB project. Once you forked a repository, you change directory into that repository and setting a default git remote push setting with the following command.
`cd <repo> && git remote set-url --push origin git@github.com:<your_username>/<your_forked_iiab_repo_name>.git`
Learn more by reading blog post [Different git Push & Pull(fetch) URLs](http://blog.yuriy.tymch.uk/2012/05/different-git-push-pullfetch-urls.html) and the [Git Basics - Working with Remotes](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) chapter of Scott Chacon and Ben Straub's "Git Pro" book.
8. Once you are done, you can stop your vagrant machine with `vagrant halt` or remove it completely with `vagrant destroy`.
Debugging
=========
Here are few strategies for debugging problems during the Internet-in-a-Box installation.
* When a installation task fails, Ansible halts printing out a descriptive error message to the screen. This error information is also written to `iiab-install.log` file within `/opt/iiab/iiab`. (Look through logs to check if any preceding line contains the error).
* When an installation succeeds, the last lines printed on the screen will look like the following (failed=0):
```
PLAY RECAP *********************************************************************
127.0.0.1 : ok=405 changed=125 unreachable=0 failed=0
```
* Search through the Ansible playbooks using `egrep -rn <string from the failing step> /opt/iiab/iiab/roles/*>` to find the failed task.
* You can add additional [debug print statements](http://docs.ansible.com/ansible/latest/debug_module.html) to Ansible playbooks for debugging the problem.
* Talk to us or report a bug using the information below.
Please refer to [Ansible playbook documentation](http://docs.ansible.com/ansible/latest/playbooks.html) for more information.
Testing your code with Travis CI
=================================
To maintain the quality of the Internet-in-a-Box (IIAB) code we use [Travis Continuous Integration (CI)](https://travis-ci.org) build infrastructure. Travis CI does tests to
ensure the code syntax is correct and the code is formatted properly using `ansible` syntax checker, `ansible-lint` and `ansible-review` tools. The results of Travis CI Internet-in-a-Box (IIAB) could be seen [here](https://travis-ci.org/iiab/iiab).
Every pull request is automatically tested by Travis CI. The results of these tests are added to the pull request. This aids Internet-in-a-Box (IIAB) developers in reviewing the quality of the code in a pull request.
To test your forked repository of Internet-in-a-Box (IIAB) code. You have to enable automatic build tests in your [Travis-ci.org](https://travis-ci.org) profile page.
* Login to [Travis-ci.org](https://travis-ci.org) using your Github account.
* Go to your Travis CI profile page and enable the repository you want to build.
* The builds will start whenever a new commit is pushed to your repository.
Please refer to [Travis CI documentation](https://docs.travis-ci.com/user/getting-started/) for more information.
Reporting Bugs
==============
You can file bug reports on [GitHub](https://github.com/):
* Sign up for a [GitHub](https://github.com/) account
* Go to the [issue tracker on GitHub](https://github.com/iiab/iiab/issues)
* Search for existing issues using the search field
* If you don't find any similar issues, file a new issue!
Please consider providing a descriptive title, your operating system information, error messages and steps to reproduce the issue.
Get in touch
============
* Join our [technology](http://lists.laptop.org/listinfo/server-devel) and [learning design](https://groups.google.com/group/unleashkids) mailing lists
* Join our [live calls](http://minutes.iiab.io) most Mondays and Thursday
* Join us on IRC live chat: [#schoolserver](https://webchat.freenode.net/?channels=#schoolserver) on [freenode]( https://www.freenode.net/)
* Post an idea or question to our [community forums](http://iiab.io/)
* Read our Frequently Asked Questions ([FAQ.IIAB.IO](http://FAQ.IIAB.IO))

0
LICENSE → LICENSE.md
View file

4
README-historical.md
View file

@ -34,8 +34,8 @@ Please read the `installation`_ documentation.
See the `XSCE project`_ for more information about the project.
.. _XSCE wiki: https://github.com/XSCE/iiab/wiki
.. _installation: https://github.com/XSCE/iiab/wiki/XSCE-Installation
.. _XSCE wiki: https://github.com/XSCE/xsce/wiki
.. _installation: https://github.com/XSCE/xsce/wiki/XSCE-Installation
.. _ansible: http://www.ansibleworks.com/
.. _ansible documentation: http://www.ansibleworks.com/docs/
.. _XSCE project: http://schoolserver.org/

24
README.md
View file

@ -1,2 +1,22 @@
# iiab
Internet in a Box - NEW VERSION orig from http://github.com/iiab
# Internet-in-a-Box (IIAB) [![Build Status](https://travis-ci.org/iiab/iiab.svg?branch=master)](https://travis-ci.org/iiab/iiab)
Welcome to the Git repository of the Internet-in-a-Box (IIAB) project. This is a community-based project developed and supported by volunteers from around the world. The Internet-in-a-Box (IIAB) is small, inexpensive device which provides essential Internet resources (like Wikipedia, OpenStreetMap, Khan Academy and others) without any Internet connection. It provides a local content server of the worlds Free Knowledge.
The older version of this repository is at [github.com/xsce](http://github.com/xsce). We are using [Ansible](https://www.ansible.com) as the underlying technology to install, deploy, configure and manage the various software components.
## Installation
Please read the [Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) wiki page for details about installation of Internet-in-a-Box (IIAB).
## Built With
* [Ansible](http://www.ansible.com)
## Contributing
Please read our [Contributors Guide](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide) to learn more about contributing to Internet-in-a-Box (IIAB) repository.
## Versioning
You can track the latest Internet-in-a-Box (IIAB) [releases here](https://github.com/iiab/iiab/releases).

3
iiab-base.yml
View file

@ -8,5 +8,6 @@
- vars/local_vars.yml
roles:
- { role: 1-prep, tags: ['prep','platform','base'] }
- { role: 0-init, tags: ['0-init'] }
- { role: 1-prep, tags: ['1-prep','platform','base'] }
- { role: openvpn, tags: ['openvpn'] }

14
iiab-from-console.yml
View file

@ -9,10 +9,10 @@
- /etc/iiab/config_vars.yml
roles:
- { role: 1-prep, tags: ['prep','platform','base'] }
- { role: 4-server-options, tags: ['options'] }
- { role: 5-xo-services, tags: ['xo-services'] }
- { role: 6-generic-apps, tags: ['generic-apps'] }
- { role: 7-edu-apps, tags: ['edu-apps'] }
- { role: 8-mgmt-tools, tags: ['tools'] }
- { role: 9-local-addons, tags: ['addons'] }
- { role: 0-init, tags: ['0-init'] }
- { role: 4-server-options, tags: ['4-server-options'] }
- { role: 5-xo-services, tags: ['5-xo-services'] }
- { role: 6-generic-apps, tags: ['6-generic-apps'] }
- { role: 7-edu-apps, tags: ['7-edu-apps'] }
- { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] }
- { role: 9-local-addons, tags: ['9-local-addons'] }

90
iiab-install Executable file
View file

@ -0,0 +1,90 @@
#!/bin/bash -e
# running from a git repo
# Add cmdline options for passing to ansible
# todo add proper shift to gobble up --debug --reinstall
ARGS=""
OLD_RPI_KERN="4.9.41-v7+"
PLAYBOOK="iiab-stages.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
OS=`grep ^ID= /etc/*release|cut -d= -f2`
OS=${OS//\"/}
function version_gt() { [ "$(printf '%s\n' "$@" | sort -V | head -1)" != "$1" ]; }
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f $PLAYBOOK ]; then
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit 1
fi
if [ $OS == "raspbian" ]; then
echo "Found Raspbian"
CURRENT_KERN=`uname -r`
if version_gt $CURRENT_KERN $OLD_RPI_KERN ; then
echo "Kernel looks ok - continuing"
else
echo "Kernel "$CURRENT_KERN" is too old. Before running './iiab-install' you first need"
echo "to update your system with 'apt update' then 'apt dist-upgrade' then reboot."
echo "INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation"
exit 1
fi
fi
if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then
mkdir -p /etc/ansible/facts.d
fi
cp ./scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact
STAGE=""
if [ ! -f /etc/iiab/iiab.env ]; then
mkdir -p /etc/iiab
# ./scripts/ansible # needs discussion
else
OLD=`grep XSCE /etc/iiab/iiab.env | wc -l`
if [ "$OLD" != 0 ] || [ "$1" == "--reinstall" ]; then
echo "Found old XSCE install - re-installing from scratch"
rm /etc/iiab/iiab.env
# check ansible version here and force ansible upgrade if needed
else
source /etc/iiab/iiab.env
if [ "$1" == "--debug" ]; then
echo "Entering debug mode"
sed -i -e 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env
elif [ ! $STAGE == 9 ]; then
echo "Restarting *after* STAGE $STAGE..as soon as Stage 0 completes. Stage 9 comes last."
elif [ $STAGE == 9 ]; then
# place keeper add read response
# "offer 'Y' or stage number dialog box option to override"
echo "'iiab-install' has already been completed."
echo "Use --debug to override."
#echo "In demo mode not preventing second run"
echo "Exiting."
exit 1
fi
fi
fi
# if vars/local_vars.yml is missing, put a default one in place - First Run
if [ ! -f ./vars/local_vars.yml ]; then
case $OS in
OLPC | fedora)
cp ./vars/olpc.localvars ./vars/local_vars.yml
;;
centos | debian | ubuntu | raspbian)
cp ./vars/medium.localvars ./vars/local_vars.yml
;;
*)
echo "IIAB supports raspbian, debian, ubuntu, centos, and OLPC - exiting now..."
exit 1
;;
esac
fi
echo "Running local playbooks! "
ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null
ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local

33
iiab-network
View file

@ -1,17 +1,12 @@
#!/bin/bash
if [ -f /etc/iiab/iiab.env ]
then
. /etc/iiab/iiab.env
cd $XSCE_DIR
else
echo /etc/iiab/iiab.env is missing. Playbook has not been run.
exit 1
fi
# running from a git repo
# ansible files exist
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
if [ ! -f iiab-network.yml ]
then
echo "XSCE Playbook not found."
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit
@ -22,16 +17,24 @@ then
touch /etc/iiab/config_vars.yml
fi
export ANSIBLE_LOG_PATH="$XSCE_DIR/iiab-network.log"
Start=`date`
ansible-playbook -i ansible_hosts iiab-network.yml --connection=local
End=`date`
echo "" >> iiab-network.log
ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log
if [ ! "OS" == "debian" ]; then
ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log
nmcli d >> iiab-network.log
nmcli c >> iiab-network.log
fi
brctl show >> iiab-network.log
echo "run on:" >> iiab-network.log
date >> iiab-network.log
echo "" >> iiab-network.log
ip r >> iiab-network.log
echo "" >> iiab-network.log
brctl show br0>> iiab-network.log
echo "run start: $Start" >> iiab-network.log
echo "run end: $End" >> iiab-network.log
echo "" >> iiab-network.log
echo "" >> iiab-network.log
ip r
brctl show br0
echo "run start:$Start"
echo "run end: $End"

2
iiab-network.yml
View file

@ -9,5 +9,5 @@
- /etc/iiab/config_vars.yml
roles:
- { role: 1-prep, tags: ['prep','platform','base'] }
- { role: 0-init, tags: ['network'] }
- { role: network, tags: ['network','base'] }

70
iiab-stages.yml Normal file
View file

@ -0,0 +1,70 @@
---
- hosts: all
become: yes
vars_files:
- roles/0-init/defaults/main.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
tasks:
- name: 0-init
include_role:
name: 0-init
tags: 0-init
- name: 1-prep
include_role:
name: 1-prep
when: ansible_local.local_facts.stage|int < 1
tags: 1-prep, platform, base
- name: 2-common
include_role:
name: 2-common
when: ansible_local.local_facts.stage|int < 2
tags: 2-common, base
- name: 3-base-server
include_role:
name: 3-base-server
when: ansible_local.local_facts.stage|int < 3
tags: 3-base-server, base
- name: 4-server-options
include_role:
name: 4-server-options
when: ansible_local.local_facts.stage|int < 4
tags: 4-server-options
- name: 5-xo-services
include_role:
name: 5-xo-services
when: ansible_local.local_facts.stage|int < 5
tags: 5-xo-services
- name: 6-generic-apps
include_role:
name: 6-generic-apps
when: ansible_local.local_facts.stage|int < 6
tags: 6-generic-apps
- name: 7-edu-apps
include_role:
name: 7-edu-apps
when: ansible_local.local_facts.stage|int < 7
tags: 7-edu-apps
- name: 8-mgmt-tools
include_role:
name: 8-mgmt-tools
when: ansible_local.local_facts.stage|int < 8
tags: 8-mgmt-tools
- name: 9-local-addons
include_role:
name: 9-local-addons
when: ansible_local.local_facts.stage|int < 9
tags: 9-local-addons

22
iiab.yml
View file

@ -4,16 +4,18 @@
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver}}.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
- /etc/iiab/config_vars.yml
roles:
- { role: 1-prep, tags: ['prep','platform','base'] }
- { role: 2-common, tags: ['common','base'] }
- { role: 3-base-server, tags: ['base'] }
- { role: 4-server-options, tags: ['options'] }
# - { role: 5-xo-services, tags: ['xo-services'] }
- { role: 6-generic-apps, tags: ['generic-apps'] }
- { role: 7-edu-apps, tags: ['edu-apps'] }
- { role: 8-mgmt-tools, tags: ['tools'] }
- { role: 9-local-addons, tags: ['addons'] }
- { role: 0-init, tags: ['0-init'] }
- { role: 1-prep, tags: ['1-prep','platform','base'] }
- { role: 2-common, tags: ['2-common','base'] }
- { role: 3-base-server, tags: ['3-base-server','base'] }
- { role: 4-server-options, tags: ['4-server-options'] }
- { role: 5-xo-services, tags: ['5-xo-services'] }
- { role: 6-generic-apps, tags: ['6-generic-apps'] }
- { role: 7-edu-apps, tags: ['7-edu-apps'] }
- { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] }
- { role: 9-local-addons, tags: ['9-local-addons'] }

4
install-support
View file

@ -2,6 +2,9 @@
PLAYBOOK="iiab-base.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f $PLAYBOOK ]
then
@ -14,5 +17,4 @@ fi
sed -i -e "s/openvpn_install: False/openvpn_install: True/" vars/local_vars.yml
sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" vars/local_vars.yml
export ANSIBLE_LOG_PATH="$XSCE_DIR/iiab-install.log"
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local

32
roles/0-init/defaults/main.yml Normal file
View file

@ -0,0 +1,32 @@
# use these as a tag a release at a point in time
iiab_base_ver: 6.4
gui_version: 2
# These entries should never be changed in this file.
# These are defaults for boolean routines,
first_run: False
rpi_model: none
is_rpi: False
xo_model: none
gw_active: none
internet_available: False
discovered_wan_iface: none
# old defs
gui_port: 80
exFAT_enabled: False
is_F18: False
# Set default 1-prep discovered hardware
rtc_id: ds3231
NUC6_firmware_needed: False
# used in 2-common xo.yml
wifi_id: none
# used 3+ others
installing: False
# network
no_net_restart: False
no_NM_reload: False

221
roles/0-init/tasks/computed_vars.yml Normal file
View file

@ -0,0 +1,221 @@
- name: re-read local_facts.facts from /etc/ansible/facts.d
setup: filter=ansible_local
# set top level variables from local facts for convenience
- set_fact:
xo_model: '{{ ansible_local.local_facts.xo_model }}'
phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}'
iiab_stage: '{{ ansible_local.local_facts.stage }}'
# Networking uses a different file for the rpi
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: True
no_net_restart: True
when: ansible_local.local_facts.os == "raspbian"
- name: Set exFAT enabled for XO laptops
set_fact:
exFAT_enabled: True
when: xo_model != "none"
- name: set FQDN
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: FQDN changed
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
- name: Now check FQDN
include_tasks: roles/2-common/tasks/hostname.yml
when: FQDN_changed
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
- name: Finding gateway
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
iiab_wan_iface: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: Verify gateway present
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
when: discovered_wan_iface != "none"
register: gw_active_test
- name: Recording gateway response
set_fact:
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: Test for internet access
get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt
ignore_errors: True
# async: 10
# poll: 2
register: internet_access_test
- name: Set internet_available true if wget succeeded
set_fact:
internet_available: True
when: not internet_access_test|failed and not disregard_network
- name: Cleanup internet test file
file: path=/tmp/heart-beat.txt
state=absent
# Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC
set_fact: local_tz='UTC'
when: local_tz == ""
- name: Set port 80 for Admin Console
set_fact:
gui_port: 80
when: not adm_cons_force_ssl
- name: Set port 443 for Admin Console
set_fact:
gui_port: 443
when: adm_cons_force_ssl
- name: Require MySQL to be on
set_fact:
mysql_install: True
mysql_enabled: True
# we decided to enable mysql unconditionally
# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install
# Commenting out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427
# - name: Turn on mongodb if sugarizer enabled
# set_fact:
# mongodb_install: True
# mongodb_enabled: True
# when: sugarizer_enabled
# There might be other db's
- name: Turn on PostgreSQL if Moodle or Pathagar enabled
set_fact:
postgresql_install: True
postgresql_enabled: True
when: moodle_enabled or pathagar_enabled
- name: Turn on Docker if SchoolTool is to be installed
set_fact:
docker_install: True
docker_enabled: True
when: schooltool_enabled or schooltool_install
- name: Set python_path for is_redhat
set_fact:
python_path: /usr/lib/python2.7/site-packages/
when: is_redhat
- name: Set python_path for is_debuntu
set_fact:
python_path: /usr/local/lib/python2.7/dist-packages/
when: is_debuntu
# for various reasons the mysql service can not be enabled on fedora 20,
# but 'mariadb', which is its real name can
# on fedora 18 we need to use 'mysqld'
- name: Set mysqld_service to mariadb by default
set_fact:
mysql_service: mariadb
- name: Set mysqld_service to mysqld for Fedora 18
set_fact:
mysql_service: mysqld
no_NM_reload: True
is_F18: True
when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
- name: Set mysql_service to mysql for Debian
set_fact:
mysql_service: mysql
when: is_debuntu
# PLATFORM variables
- name: Fedora 20
set_fact:
is_F20: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "20"
- name: Fedora 21
set_fact:
is_F21: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "21"
- name: Fedora 22
set_fact:
is_F22: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "22"
- name: Fedora 23
set_fact:
is_F23: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "23"
- name: Fedora 24
set_fact:
is_F24: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "24"
- name: CentOS
set_fact:
is_CentOS: True
when: ansible_distribution == "CentOS"
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'iiab_stage'
value: '{{ iiab_stage }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'runtime_branch'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'runtime_commit'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'runtime_date'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'ansible_version'
value: '{{ ansible_local.local_facts.ansible_version }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'is_rpi'
value: '{{ is_rpi }}'
- option: 'first_run'
value: '{{ first_run }}'
- option: 'local_tz'
value: '{{ local_tz }}'
- option: 'FQDN_changed'
value: '{{ FQDN_changed }}'
- name: STAGE 0 HAS COMPLETED ======================================
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'is_VM'
value: 'yes'
when: is_VM is defined

210
roles/0-init/tasks/main.yml Normal file
View file

@ -0,0 +1,210 @@
# Initialize
- name: ...IS BEGINNING ============================================
stat: path=/etc/iiab/iiab.env
register: NewInstall
- name: Setting first run flag
set_fact:
first_run: True
when: not NewInstall.stat.exists
# we need to inialize the ini file and only write the location and version sections once and only
# once to preserve the install date and git hash.
- name: Write iiab_ini.yml for the first time
include_tasks: roles/1-prep/tasks/iiab_ini.yml
when: first_run
#- name: Loading computed_vars
# include_tasks: roles/0-init/tasks/computed_vars.yml
- name: re-read local_facts.facts from /etc/ansible/facts.d
setup: filter=ansible_local
# set top level variables from local facts for convenience
- set_fact:
xo_model: '{{ ansible_local.local_facts.xo_model }}'
phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}'
iiab_stage: '{{ ansible_local.local_facts.stage }}'
# Networking uses a different file for the rpi
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: True
# no_net_restart: True
# nobridge: True
when: ansible_local.local_facts.os == "raspbian"
- name: Set exFAT enabled for XO laptops
set_fact:
exFAT_enabled: True
when: xo_model != "none"
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
- name: Finding gateway
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
iiab_wan_iface: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: Verify gateway present
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
when: discovered_wan_iface != "none"
register: gw_active_test
- name: Recording gateway response
set_fact:
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: Test for internet access
get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt
ignore_errors: True
# async: 10
# poll: 2
register: internet_access_test
- name: Set internet_available true if wget succeeded
set_fact:
internet_available: True
when: not internet_access_test|failed and not disregard_network
- name: Cleanup internet test file
file: path=/tmp/heart-beat.txt
state=absent
# Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC
set_fact: local_tz='UTC'
when: local_tz == ""
- name: Set port 80 for Admin Console
set_fact:
gui_port: 80
when: not adm_cons_force_ssl
- name: Set port 443 for Admin Console
set_fact:
gui_port: 443
when: adm_cons_force_ssl
- name: Require MySQL to be on
set_fact:
mysql_install: True
mysql_enabled: True
# we decided to enable mysql unconditionally
# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install
# Commenting out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427
# - name: Turn on mongodb if sugarizer enabled
# set_fact:
# mongodb_install: True
# mongodb_enabled: True
# when: sugarizer_enabled
# There might be other db's
- name: Turn on PostgreSQL if Moodle or Pathagar enabled
set_fact:
postgresql_install: True
postgresql_enabled: True
when: moodle_enabled or pathagar_enabled
- name: Turn on Docker if SchoolTool is to be installed
set_fact:
docker_install: True
docker_enabled: True
when: schooltool_enabled or schooltool_install
- name: Set python_path for is_redhat
set_fact:
python_path: /usr/lib/python2.7/site-packages/
when: is_redhat
- name: Set python_path for is_debuntu
set_fact:
python_path: /usr/local/lib/python2.7/dist-packages/
when: is_debuntu
# for various reasons the mysql service can not be enabled on fedora 20,
# but 'mariadb', which is its real name can
# on fedora 18 we need to use 'mysqld'
- name: Set mysqld_service to mariadb by default
set_fact:
mysql_service: mariadb
- name: Set mysqld_service to mysqld for Fedora 18
set_fact:
mysql_service: mysqld
no_NM_reload: True
is_F18: True
when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
- name: Set mysql_service to mysql for Debian
set_fact:
mysql_service: mysql
when: is_debuntu
- name: set FQDN
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: FQDN changed
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'iiab_stage'
value: '{{ iiab_stage }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'runtime_branch'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'runtime_commit'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'runtime_date'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'ansible_version'
value: '{{ ansible_local.local_facts.ansible_version }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'is_rpi'
value: '{{ is_rpi }}'
- option: 'first_run'
value: '{{ first_run }}'
- option: 'local_tz'
value: '{{ local_tz }}'
- option: 'FQDN_changed'
value: '{{ FQDN_changed }}'
- name: Now changing FQDN
include_tasks: roles/2-common/tasks/hostname.yml
when: FQDN_changed
- name: STAGE 0 HAS COMPLETED ======================================
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'is_VM'
value: 'yes'
when: is_VM is defined

5
roles/1-prep/README.rst
View file

@ -2,5 +2,6 @@
Prep README
===========
This role is a sort on init or startup. It includes preliminaries like hostname and is where things
that are specific to a particular platform, such as the XO, are done before the bulk of the install.
This role is primarily hardware-focused, prior to OS additions/mods. Traditionally it included
preliminaries like hostname and things specific to a particular platform, such as the XO laptop,
done before the bulk of the install.

54
roles/1-prep/defaults/main.yml
View file

@ -1,54 +0,0 @@
# use these as a tag a release at a point in time
iiab_base_ver: 6.4
gui_version: 2
# These entries should never be changed in this file.
# These are defaults for boolean routines,
first_run: False
installing: False
NUC6_firmware_needed: False
exFAT_enabled: False
no_NM_reload: False
has_WAN: False
wireless_lan_present: False
strict_networking: False
iiab_demo_mode: False
gw_active: False
gui_static_wan: False
internet_available: False
is_F18: False
is_F20: False
is_F21: False
is_F22: False
is_F23: False
is_F24: False
# Set default for discovered hardware
driver_name: nl80211
rpi_model: none
is_rpi: False
xo_model: none
rtc_id: ds3231
# Set defaults for discovery process as strings
wifi1: "not found-1"
wifi2: "not found-2"
discovered_wan_iface: "none"
discovered_lan_iface: "none"
discovered_wireless_iface: "none"
iiab_wireless_lan_iface: "none"
iiab_lan_iface: "none"
iiab_wan_iface: "none"
device_gw: "none"
has_ifcfg_gw: "none"
has_wifi_gw: "none"
ap_device: "none"
device_gw2: ""
gui_port: 80
# must keep roles/iiab-admin/defaults/main.yml sync'd
admin_console_path: "{{ iiab_base }}/admin_console"
cmdsrv_path: "{{ iiab_base }}/iiab_cmdsrv"
iiab_cmdsrv_dbname : "iiab_cmdsrv.0.2.db"
wifi_id: none

141
roles/1-prep/tasks/computed_vars.yml
View file

@ -1,141 +0,0 @@
# get local vars from scripts in /etc/ansible/facts.d
# on first run, this will generate UUID
- name: re-read facts
setup: filter=ansible_local
# set top level variables from local facts for convenience
- set_fact:
xo_model: '{{ ansible_local["local_facts"]["xo_model"] }}'
phplib_dir: '{{ ansible_local["local_facts"]["phplib_dir"] }}'
- name: Set exFAT enabled for XOs
set_fact:
exFAT_enabled: True
when: xo_model != "none"
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'runtime_branch'
value: '{{ ansible_local["local_facts"]["iiab_branch"] }}'
- option: 'runtime_commit'
value: '{{ ansible_local["local_facts"]["iiab_commit"] }}'
- option: 'runtime_date'
value: '{{ ansible_date_time["iso8601"] }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
# Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC
set_fact: local_tz='UTC'
when: local_tz == ""
- name: Set port 80 for Admin Console
set_fact:
gui_port: 80
when: not adm_cons_force_ssl
- name: Set port 443 for Admin Console
set_fact:
gui_port: 443
when: adm_cons_force_ssl
- name: Turn on mysql if elgg or rachel enabled
set_fact:
mysql_install: True
mysql_enabled: True
# we decided to enable mysql unconditionally
# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install
- name: Turn on mongodb if sugarizer enabled
set_fact:
mongodb_install: True
mongodb_enabled: True
when: sugarizer_enabled
# There might be other db's
- name: Turn on postgresql if moodle or pathagar enabled
set_fact:
postgresql_install: True
postgresql_enabled: True
when: moodle_enabled or pathagar_enabled
- name: Turn on docker if schooltool is to be installed
set_fact:
docker_install: True
docker_enabled: True
when: schooltool_enabled or schooltool_install
- name: Set python_path for is_redhat
set_fact:
python_path: /usr/lib/python2.7/site-packages/
when: is_redhat
- name: Set python_path for is_debuntu
set_fact:
python_path: /usr/local/lib/python2.7/dist-packages/
when: is_debuntu
# for various reasons the mysql service can not be enabled on fedora 20,
# but 'mariadb', which is its real name can
# on fedora 18 we need to use 'mysqld'
- name: Set mysqld service name to mariadb by default
set_fact:
mysql_service: mariadb
- name: Set mysqld service name to mysqld for fedora 18
set_fact:
mysql_service: mysqld
no_NM_reload: True
is_F18: True
when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
- name: Set mysql service name to mysql for debian
set_fact:
mysql_service: mysql
when: is_debuntu
# PLATFORM variables
- name: Fedora 20
set_fact:
is_F20: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "20"
- name: Fedora 21
set_fact:
is_F21: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "21"
- name: Fedora 22
set_fact:
is_F22: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "22"
- name: Fedora 23
set_fact:
is_F23: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "23"
- name: Fedora 24
set_fact:
is_F24: True
when: ansible_distribution == "Fedora" and ansible_distribution_version == "24"
- name: CentOS
set_fact:
is_CentOS: True
when: ansible_distribution == "CentOS"

6
roles/1-prep/tasks/iiab_ini.yml
View file

@ -25,10 +25,10 @@
- option: 'arch'
value: '{{ ansible_architecture }}'
- option: 'iiab_branch'
value: '{{ ansible_local["local_facts"]["iiab_branch"] }}'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'iiab_commit'
value: '{{ ansible_local["local_facts"]["iiab_commit"] }}'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'install_date'
value: '{{ ansible_date_time["iso8601"] }}'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'install_xo'
value: '{{ xo_model }}'

68
roles/1-prep/tasks/main.yml
View file

@ -1,27 +1,14 @@
- name: Determine if runansible was run
stat: path=/etc/iiab/config_vars.yml
register: NewInstall
# Preparations (Hardware Level)
- name: Setting first run flag
set_fact:
first_run: True
when: NewInstall.stat.exists is defined and not NewInstall.stat.exists
- name: ...IS BEGINNING ============================================
command: echo
# we need to inialize the ini file
- include: iiab_ini.yml
when: first_run
- name: Set flag for fedora 18
set_fact:
is_F18: True
when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
- name: get the uuidgen program
- name: Get the uuidgen program
package: name=uuid-runtime
state=present
when: is_debuntu
- name: Test for UUID file
- name: Test for /etc/iiab/uuid file
stat: path=/etc/iiab/uuid
register: uuid_file
@ -38,11 +25,11 @@
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
when: not uuid_file.stat.exists
- name: get the uuid
- name: Get the uuid
command: cat /etc/iiab/uuid
register: stored_uuid
- name: get the value into a variable
- name: Get the value into a variable
set_fact:
uuid={{ stored_uuid.stdout_lines[0] }}
@ -61,46 +48,41 @@
dest=/etc/chrony.conf
src=chrony.conf.j2
- name: Disable apparmor -- on by default in ubuntu
- name: Disable AppArmor -- on by default in Ubuntu
service: name=apparmor enabled=False state=stopped
when: first_run and is_ubuntu
when: is_ubuntu
ignore_errors: true
- name: Disable selinux on next boot
- name: Disable SELinux on next boot
selinux: state=disabled
register: selinux_disabled
when: first_run and not is_debuntu
when: not is_debuntu
- name: Disable selinux for this session (if needed)
- name: Disable SELinux for this session (if needed)
command: setenforce Permissive
when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
## DISCOVER PLATFORMS ######
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: "True"
when: ansible_local.local_facts.os == "raspbian"
ignore_errors: true
- include: prep.yml
- include: computed_vars.yml
- include: detected_network.yml
when: not installing
- include_tasks: prep.yml
# Put conditional actions for hardware platforms here
- include: raspberry_pi_2.yml
- include_tasks: raspberry_pi_2.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for intel's NUC6 builtin wifi is present
- name: Check if the identifier for Intel's NUC6 builtin WiFi is present
shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'"
register: usb_NUC6
ignore_errors: true
when: first_run
- name: download the firmware for built in wifi on NUC6
- name: Download the firmware for built-in WiFi on NUC6
get_url: dest=/lib/firmware
url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode
when: first_run and usb_NUC6.stdout|int > 0
when: usb_NUC6.stdout|int > 0
# this script can be sourced to get IIAB location
- name: Recording STAGE 1 HAS COMPLETED ============================
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644

19
roles/1-prep/tasks/prep.yml
View file

@ -32,25 +32,6 @@
mode=0755
state=directory
# this script can be sourced to get iiab location
- name: Create iiab.env file
template: src=iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644
- name: put a python interface to iiab.env
template: src=iiab_env.py.j2
dest=/etc/iiab/iiab_env.py
- name: create ansible.d facts directory
file: path=/etc/ansible/facts.d
owner=root
group=root
mode=0750
state=directory
- name: Set XO model
set_fact:
phplib_dir: '{{ ansible_local["local_facts"]["phplib_dir"] }}'

9
roles/1-prep/tasks/raspberry_pi_2.yml
View file

@ -26,23 +26,23 @@
mode=0644
when: rtc_id != "none"
- name: pre-Install packages
- name: Pre-install packages
package: name={{ item }}
state=latest
with_items:
- ntp
- name: increase the swap file size (kalite pip download fails)
- name: Increase the swap file size (kalite pip download fails)
lineinfile: regexp="^CONF_SWAPSIZE"
line=CONF_SWAPSIZE=500
dest=/etc/dphys-swapfile
when: is_debuntu
- name: restart the swap service
- name: Restart the swap service
command: /etc/init.d/dphys-swapfile restart
when: is_debuntu
- name: Add rpi rootfs resizing service
- name: Add RPi rootfs resizing service
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
@ -55,4 +55,3 @@
- name: Enable rootfs resizing service
service: name=iiab-rpi-root-resize
enabled=yes

7
roles/1-prep/templates/iiab.env.j2
View file

@ -1,7 +1,8 @@
# This is a configuration file for XSCE
# This is a configuration file for IIAB
# It can sourced in a shell script or read into an application
XSCE_BASE_PATH={{ iiab_base }}
XSCE_DIR={{ iiab_dir }}
IIAB_BASE_PATH={{ iiab_base }}
IIAB_DIR={{ iiab_dir }}
OS={{ ansible_local.local_facts.os }}
OS_VER={{ ansible_local.local_facts.os_ver }}
WWWROOT={{ doc_root }}
STAGE=1

19
roles/2-common/tasks/centos.yml
View file

@ -13,17 +13,18 @@
with_items:
- epel-release
- name: Install XECE repo for CentOS
- name: Install IIAB repo for CentOS
template: src={{ item }} dest=/etc/yum.repos.d/ owner=root group=root mode=0644
with_items:
- iiab-centos.repo
- li.nux.ro.repo
- ansible.repo
- name: Disable updating ansible on CentOS
shell: sed -i -e '/^enabled=/a exclude=ansible' {{ item }}
with_items:
- /etc/yum.repos.d/CentOS-Base.repo
- /etc/yum.repos.d/CentOS-CR.repo
- /etc/yum.repos.d/CentOS-fasttrack.repo
- /etc/yum.repos.d/CentOS-Vault.repo
when: ansible_distribution == "CentOS"
#- name: Disable updating ansible on CentOS
# shell: sed -i -e '/^enabled=/a exclude=ansible' {{ item }}
# with_items:
# - /etc/yum.repos.d/CentOS-Base.repo
# - /etc/yum.repos.d/CentOS-CR.repo
# - /etc/yum.repos.d/CentOS-fasttrack.repo
# - /etc/yum.repos.d/CentOS-Vault.repo
# when: ansible_distribution == "CentOS"

14
roles/2-common/tasks/fedora.yml
View file

@ -14,10 +14,10 @@
shell: yum --enablerepo=rpmfusion-free-updates install exfat-utils fuse-exfat
when: exFAT_enabled == "True"
- name: Disable updating ansible on Fedora
shell: sed -i -e '/^enabled=/a exclude=ansible' {{ item }}
with_items:
- /etc/yum.repos.d/fedora.repo
- /etc/yum.repos.d/fedora-updates.repo
- /etc/yum.repos.d/fedora-updates-testing.repo
when: ansible_distribution == "Fedora"
#- name: Disable updating ansible on Fedora
# shell: sed -i -e '/^enabled=/a exclude=ansible' {{ item }}
# with_items:
# - /etc/yum.repos.d/fedora.repo
# - /etc/yum.repos.d/fedora-updates.repo
# - /etc/yum.repos.d/fedora-updates-testing.repo
# when: ansible_distribution == "Fedora"

52
roles/2-common/tasks/hostname.yml Normal file
View file

@ -0,0 +1,52 @@
- name: Create filesytem layout
include_tasks: roles/2-common/tasks/fl.yml
when: first_run
- name: Turn the crank for systemd
shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
when: is_debuntu
- name: Configure /etc/sysconfig/network
template: src=roles/network/templates/network/sysconfig.network.j2
dest=/etc/sysconfig/network
owner=root
group=root
mode=0644
when: is_redhat
- name: Configure short hostname in /etc/hosts
lineinfile: dest=/etc/hosts
regexp='^127\.0\.0\.1'
line='127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}'
owner=root
group=root
mode=0644
- name: Configuring named
include_tasks: roles/network/tasks/named.yml
tags:
- named
- network
- domain
- name: Configuring dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
tags:
- dhcpd
- network
- domain
- name: Configuring Squid
include_tasks: roles/network/tasks/squid.yml
when: squid_install
tags:
- squid
- network
- name: Re-configuring httpd - not initial install
include_tasks: roles/httpd/tasks/main.yml
when: iiab_stage|int > 3
- name: Re-configuring rest of networking - not initial install
include_tasks: roles/network/tasks/main.yml
when: iiab_stage|int > 4

2
roles/2-common/tasks/iiab_ini.yml
View file

@ -14,7 +14,7 @@
- option: 'iiab_dir'
value: '{{ iiab_dir }}'
- name: add version section
- name: Add version section
ini_file: dest='{{ iiab_config_file }}'
section=version
option='{{ item.option }}'

32
roles/2-common/tasks/main.yml
View file

@ -1,20 +1,26 @@
# Common OS-Level Additions & Mods (that only need to be performed once)
- include: iiab_ini.yml
- name: ...IS BEGINNING ==========================================
command: echo
# create the directory structure for XSCE
- include: fl.yml
#- include_tasks: iiab_ini.yml
- include: xo.yml
# create the directory structure for IIAB
#- include_tasks: fl.yml
- include_tasks: xo.yml
when: xo_model != "none" or osbuilder is defined
- include: centos.yml
- include_tasks: roles/network/tasks/iptables.yml
- include_tasks: centos.yml
when: ansible_distribution == "CentOS"
- include: fedora.yml
- include_tasks: fedora.yml
when: ansible_distribution == "Fedora"
# the following installs common packages for both debian and fedora
- include: packages.yml
- include_tasks: packages.yml
- sysctl: name=net.ipv4.ip_forward value=1 state=present
- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present
@ -28,7 +34,7 @@
- sysctl: name=net.ipv6.conf.default.disable_ipv6 value=1 state=present
- sysctl: name=net.ipv6.conf.lo.disable_ipv6 value=1 state=present
- name: Set default Timezone
- name: Set default Time Zone
shell: ln -sf /usr/share/zoneinfo/{{ iiab_TZ }} /etc/localtime
when: iiab_TZ is defined and iiab_TZ != ""
@ -39,7 +45,13 @@
mode=0644
backup=no
- include: net_mods.yml
- include_tasks: net_mods.yml
when: not is_debuntu and not is_F18
- include: udev.yml
- include_tasks: udev.yml
- name: Recording STAGE 2 HAS COMPLETED ==========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=2'
state=present

23
roles/2-common/tasks/packages.yml
View file

@ -1,16 +1,16 @@
- name: install yum deps for arm!!!
- name: Install yum deps for arm!!!
shell: dnf install -y python-urlgrabber pyxattr yum-metadata-parser
when: ansible_distribution == "Fedora" and ansible_machine == "armv7l" and ansible_distribution_version|int >= 22
- name: install yum from Fedora 23 for arm!!!
- name: Install yum from Fedora 23 for arm!!!
shell: dnf install -y https://kojipkgs.fedoraproject.org//packages/yum/3.4.3/506.fc23/noarch/yum-3.4.3-506.fc23.noarch.rpm python-dnf
when: ansible_distribution == "Fedora" and ansible_machine == "armv7l" and ansible_distribution_version|int >= 22
- name: install yum if it has been dropped from our distribution -- Fedora 22 uses dnf!!!
- name: Install yum if it has been dropped from our distribution -- Fedora 22 uses dnf!!!
shell: dnf install -y yum
when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 and ansible_machine != "armv7l"
- name: get the createrepo program
- name: Get the createrepo program
package: name=createrepo
state=present
when: is_redhat
@ -19,7 +19,7 @@
shell: createrepo {{ yum_packages_dir }}
when: is_redhat
- name: Install local repo file.
- name: Install local repo file
template: dest=/etc/yum.repos.d/iiab-local.repo
src=local.repo
owner=root
@ -36,6 +36,9 @@
- linux-firmware
- syslog
- xml-common
- nss-mdns
- avahi
- avahi-tools
when: is_redhat
- name: Download usbmount -- not in debian-9
@ -54,6 +57,9 @@
with_items:
- inetutils-syslogd
- wpasupplicant
- libnss-mdns
- avahi-daemon
- avahi-discover
when: is_debuntu
- name: Install common packages
@ -85,6 +91,7 @@
- curl
- pandoc
- lynx
- ntfs-3g
#- name: Install pip as a commonly required package management system
# command: curl https://bootstrap.pypa.io/get-pip.py -o {{ downloads_dir }}/get-pip.py
@ -92,7 +99,7 @@
#- name: Run the install script for pip
# command: python {{ downloads_dir }}/get-pip.py
- name: Install Common python packages
- name: Install common Python packages
package: name={{ item }}
state=present
with_items:
@ -100,7 +107,7 @@
- python-setuptools
- python-virtualenv
- name: Update common packages (not debian
- name: Update common packages (not Debian)
package: name={{ item }}
state=latest
with_items:
@ -110,7 +117,7 @@
- iptables
when: is_redhat
- name: Update common packages (debian)
- name: Update common packages (Debian)
package: name={{ item }}
state=latest
with_items:

7
roles/2-common/tasks/udev.yml
View file

@ -23,13 +23,12 @@
shell: systemctl daemon-reload
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
- name: restart so systemd recognizes the changes
- name: Restart so systemd recognizes the changes
shell: systemctl restart systemd-udevd.service
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
- name: reload systemd-udevd so it has rootfs open read-write
- name: Reload systemd-udevd so it has rootfs open read-write
template: src=udev-reload.service dest=/etc/systemd/system/
- name: enable the reload service
- name: Enable the reload service
shell: systemctl enable udev-reload.service

12
roles/2-common/tasks/xo.yml
View file

@ -25,7 +25,7 @@
regexp='^%_excludedocs'
state=absent
- name: pre-Install packages
- name: Pre-install packages
package: name={{ item }}
state=latest
with_items:
@ -34,7 +34,7 @@
- man-db
- man-pages
- name: re-Install packages
- name: Re-install packages
shell: yum -y reinstall sed libidn grep which util-linux wget gnupg2 groff gnash yum
when: not osbuilder is defined
@ -44,7 +44,7 @@
option=plugins
value=ifcfg-rh,keyfile
- name: check for modem config file
- name: Check for modem config file
stat: path=/etc/NetworkManager/system-connections/"Sugar Modem Connection"
register: config
@ -109,10 +109,10 @@
state=absent
- name: Download substitute software for i386 on FC18 XO1.5
get_url: url="{{ iiab_download_url }}/{{ item }}" dest={{ downloads_dir}}/{{ item }}
get_url: url="{{ iiab_download_url }}/{{ item }}" dest={{ downloads_dir }}/{{ item }}
with_items:
- hostapd_8188_i386
when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" and internet_available
when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" and internet_available
tags:
- xo
@ -131,5 +131,3 @@
ignore_errors: yes
async: 300
poll: 120

0
roles/2-common/tasks/yum.yml → roles/2-common/tasks/yum-historical.yml
View file

7
roles/2-common/templates/ansible.repo Normal file
View file

@ -0,0 +1,7 @@
[ansible]
name=ansible
failovermethod=priority
baseurl=http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
enabled=0
metadata_expire=1d
gpgcheck=0

3
roles/3-base-server/README.rst
View file

@ -6,7 +6,6 @@ This role is a place to aggregate roles that are required to create a basic web
The functionality here is not packages that are not directly consumed by users, which are in common,
nor specific applications, such as those found in the apps and tools roles.
The difference between this aggregate and server-options is that the roles here are required.
The difference between this aggregate (3-base-server) and 4-server-options is that the roles here are required.
Eventually a graphical configuration console will be added here.

3
roles/3-base-server/meta/main.yml
View file

@ -1,3 +0,0 @@
dependencies:
- { role: httpd, tags: ['services','httpd','base'] }
- { role: iiab-admin, tags: ['services','iiab-admin','base'] }

32
roles/3-base-server/tasks/main.yml
View file

@ -1,18 +1,36 @@
# Base Server
- name: ...IS BEGINNING =====================================
command: echo
- name: HTTPD
include_role:
name: httpd
# has no "when: XXXXX_install" flag
tags: base, httpd
- name: IIAB-ADMIN
include_role:
name: iiab-admin
# has no "when: XXXXX_install" flag
tags: base, iiab-admin
- name: MYSQL
include_role:
name: mysql
# has no "when: XXXXX_install" flag
tags: base, mysql
- name: Make sure there is a content directory
file: dest={{ doc_root }}/local_content
state=directory
- name: Base Server Installed
command: echo Base Server Installed
- name: Restart httpd
service: name={{ apache_service }}
state=restarted
when: not installing
# If we got here we're done
- name: Record base gui version
- name: Record STAGE 3 HAS COMPLETED ========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^BASE_VERSION=*'
line='BASE_VERSION="{{ gui_version }}"'
regexp='^STAGE=*'
line='STAGE=3'
state=present

9
roles/4-server-options/meta/main.yml
View file

@ -1,9 +0,0 @@
dependencies:
- { role: sshd, tags: ['services','sshd','base'] }
- { role: network, tags: ['services','base','network'] }
- { role: postgresql, tags: ['services','postgresql','base'], when: postgresql_install }
- { role: authserver, tags: ['services','authserver','base'], when: authserver_install }
- { role: openvpn, tags: ['options','openvpn'], when: openvpn_install }
- { role: samba, tags: ['services','samba','options'], when: samba_install }
- { role: usb-lib, tags: ['services','usb-lib','options'], when: usb_lib_install }
- { role: cups, tags: ['services','cups','options'], when: cups_install }

85
roles/4-server-options/tasks/main.yml
View file

@ -1,26 +1,71 @@
- name: Server Options Installed
command: echo Server Options Installed
# Server Options
- name: ...IS BEGINNING ==================================
command: echo
- name: Stop postgresql service
command: "/etc/init.d/postgresql stop"
ignore_errors: True
when: postgresql_install and is_debuntu
- name: SSHD
include_role:
name: sshd
# has no "when: XXXXX_install" flag
tags: base, sshd
- name: Start postgresql service
service: name=postgresql-iiab
state=restarted
enabled=yes
when: postgresql_enabled
- name: OPENVPN
include_role:
name: openvpn
when: openvpn_install
tags: openvpn
- name: Stop authserver service
service: name=xs-authserver
state=stopped
enabled=no
when: not authserver_enabled and authserver_install
- name: NETWORK
include_role:
name: network
# has no "when: XXXXX_install" flag
tags: base, network
- name: Start xs-authserver service
service: name=xs-authserver
state=restarted
when: authserver_enabled
- name: HOMEPAGE
include_role:
name: homepage
# has no "when: XXXXX_install" flag
tags: base, homepage
- name: POSTGRESQL
include_role:
name: postgresql
when: postgresql_install
tags: postgresql, pathagar, moodle
- name: AUTHSERVER
include_role:
name: authserver
when: authserver_install
tags: olpc, authserver
- name: CUPS
include_role:
name: cups
when: cups_install
tags: cups
- name: SAMBA
include_role:
name: samba
when: samba_install
tags: samba
- name: USB-LIB
include_role:
name: usb-lib
when: usb_lib_install
tags: usb-lib
- name: Create a Python interface to iiab.env
template: src=roles/1-prep/templates/iiab_env.py.j2
dest=/etc/iiab/iiab_env.py
- name: Generate the offline documents
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs
- name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=4'
state=present

3
roles/5-xo-services/README.rst
View file

@ -2,5 +2,4 @@
XO Services README
==================
This role is a place to aggregate roles that provide XO specific services.
This role is a place to aggregate roles that provide specific services for One Laptop Per Child's XO laptops.

4
roles/5-xo-services/meta/main.yml
View file

@ -1,4 +0,0 @@
dependencies:
- { role: ejabberd_xs, tags: ['olpc','ejabberd-xs','xo-services'], when: ejabberd_xs_install }
- { role: idmgr, tags: ['olpc','idmgr','xo-services'], when: idmgr_install }
- { role: activity-server, tags: ['olpc','activity-server','xo-services'], when: activity_server_install }

28
roles/5-xo-services/tasks/main.yml
View file

@ -1,3 +1,27 @@
- name: XO Services Installed
command: echo XO Services Installed
# XO Services
- name: ...IS BEGINNING =====================================
command: echo
- name: ACTIVITY-SERVER
include_role:
name: activity-server
when: activity_server_install
tags: olpc, activity-server
- name: EJABBERD_XS
include_role:
name: ejabberd_xs
when: ejabberd_xs_install
tags: olpc, ejabberd-xs
- name: IDMGR
include_role:
name: idmgr
when: idmgr_install
tags: olpc, idmgr
- name: Recording STAGE 5 HAS COMPLETED =====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=5'
state=present

6
roles/6-generic-apps/README.rst
View file

@ -2,6 +2,6 @@
Generic Apps README
===================
This role is a place to aggregate roles that install apps of a more generic nature, as opposed to educational or managment.
Content Management Systems or Chat or Wiki applications would go here.
This role is a place to aggregate roles that install apps of a more generic or collaborative nature,
as opposed to educational or managment. Content Management Systems or Chat or Wiki applications
would go here.

9
roles/6-generic-apps/meta/main.yml
View file

@ -1,9 +0,0 @@
dependencies:
- { role: mysql, tags: ['generic','mysql'], when: mysql_install }
- { role: elgg, tags: ['generic','elgg'], when: elgg_install }
- { role: owncloud, tags: ['generic','owncloud'], when: owncloud_install }
- { role: nextcloud, tags: ['generic','nextcloud'], when: nextcloud_install }
- { role: dokuwiki, tags: ['generic','dokuwiki'], when: dokuwiki_install }
- { role: wordpress, tags: ['generic','wordpress'], when: wordpress_install }
- { role: calibre, tags: ['generic','calibre'], when: calibre_install }
- { role: ejabberd, tags: ['generic','ejabberd'], when: ejabberd_install }

52
roles/6-generic-apps/tasks/main.yml
View file

@ -1,3 +1,51 @@
- name: Generic Apps Installed
command: echo Generic Apps Installed
# Generic Apps
- name: ...IS BEGINNING ====================================
command: echo
- name: CALIBRE
include_role:
name: calibre
when: calibre_install
tags: calibre
- name: DOKUWIKI
include_role:
name: dokuwiki
when: dokuwiki_install
tags: dokuwiki
- name: ELGG
include_role:
name: elgg
when: elgg_install
tags: elgg
- name: EJABBERD
include_role:
name: ejabberd
when: ejabberd_install
tags: ejabberd
- name: NEXTCLOUD
include_role:
name: nextcloud
when: nextcloud_install
tags: nextcloud
- name: OWNCLOUD
include_role:
name: owncloud
when: owncloud_install
tags: owncloud
- name: WORDPRESS
include_role:
name: wordpress
when: wordpress_install
tags: wordpress
- name: Recording STAGE 6 HAS COMPLETED ====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=6'
state=present

2
roles/7-edu-apps/README.rst
View file

@ -3,4 +3,4 @@ Educational Apps and Content README
===================================
This role is a place to aggregate roles that provide Educational Content or
are specifically targetted at pedagogical activities.
are specifically targetted at pedagogical activities.

9
roles/7-edu-apps/meta/main.yml
View file

@ -1,9 +0,0 @@
dependencies:
- { role: moodle, tags: ['olpc','moodle','edu-apps'], when: moodle_install }
- { role: osm, tags: ['osm','edu-apps'], when: osm_install }
- { role: pathagar, tags: ['pathagar','edu-apps'], when: pathagar_install }
- { role: rachel, tags: ['rachel','edu-apps'], when: rachel_install }
- { role: kalite, tags: ['kalite','edu-apps'], when: kalite_install }
- { role: kiwix, tags: ['kiwix','edu-apps'], when: kiwix_install }
- { role: sugarizer, tags: ['sugarizer','edu-apps'], when: sugarizer_install }
# - { role: debian_schooltool, tags: ['schooltool','debian_schooltool','edu-apps'], when: debian_schooltool_install and is_debuntu }

46
roles/7-edu-apps/tasks/main.yml
View file

@ -1,3 +1,45 @@
- name: Educational Apps and Content Installed
command: echo Educational Apps and Content Installed
# Educational Apps
- name: ...IS BEGINNING ========================================
command: echo
- name: KALITE
include_role:
name: kalite
when: kalite_install
tags: kalite
- name: KIWIX
include_role:
name: kiwix
when: kiwix_install
tags: kiwix
- name: MOODLE
include_role:
name: moodle
when: moodle_install
tags: olpc, moodle
- name: OSM
include_role:
name: osm
when: osm_install
tags: osm
- name: PATHAGAR
include_role:
name: pathagar
when: pathagar_install
tags: pathagar
- name: SUGARIZER
include_role:
name: sugarizer
when: sugarizer_install
tags: sugarizer
- name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=7'
state=present

10
roles/8-mgmt-tools/meta/main.yml
View file

@ -1,10 +0,0 @@
dependencies:
# - { role: sugar-stats, tags: ['olpc','sugar-stats','tools'], when: sugar_stats_install and ansible_distribution != "CentOS" }
# - { role: ajenti, tags: ['services','ajenti','tools'], when: ajenti_install }
- { role: munin, tags: ['services','munin','tools'], when: munin_install }
- { role: monit, tags: ['services','monit','tools'], when: monit_install }
- { role: vnstat, tags: ['services','vnstat','tools'], when: vnstat_install }
# - { role: xovis, tags: ['services','xovis','tools'], when: xovis_install and ansible_distribution != "CentOS" }
- { role: phpmyadmin, tags: ['services','phpmyadmin','tools'], when: phpmyadmin_install }
- { role: awstats, tags: ['services','awstats','tools'], when: awstats_install }
- { role: teamviewer, tags: ['services','teamviewer','tools'], when: teamviewer_install }

59
roles/8-mgmt-tools/tasks/main.yml
View file

@ -1,3 +1,58 @@
- name: Assessment and Monitoring Tools Installed
command: echo Assessment and Monitoring Tools Installed
# Assessment and Monitoring Tools
- name: ...IS BEGINNING ======================================
command: echo
- name: AWSTATS
include_role:
name: awstats
when: awstats_install
tags: awstats
- name: MONIT
include_role:
name: monit
when: monit_install
tags: monit
- name: MUNIN
include_role:
name: munin
when: munin_install
tags: munin
- name: PHPMYADMIN
include_role:
name: phpmyadmin
when: phpmyadmin_install
tags: phpmyadmin
- name: SUGAR-STATS
include_role:
name: sugar-stats
when: sugar_stats_install and ansible_distribution != "CentOS"
tags: olpc, sugar-stats
- name: TEAMVIEWER
include_role:
name: teamviewer
when: teamviewer_install
tags: teamviewer
- name: VNSTAT
include_role:
name: vnstat
when: vnstat_install
tags: vnstat
- name: XOVIS
include_role:
name: xovis
when: xovis_install and ansible_distribution != "CentOS"
tags: xovis
- name: Recording STAGE 8 HAS COMPLETED ======================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=8'
state=present

6
roles/9-local-addons/README.rst
View file

@ -7,15 +7,15 @@ This role is a place to aggregate roles developed by various contributors or loc
Development
-----------
Create the role you wish to add to the XSCE School Server by following the pattern of another role or any other means.
Create the role you wish to add to Internet-in-a-Box by following the pattern of another role or any other means.
Packaging
---------
Add your role into the main.yml file in the meta directory of the 7-local-addons role. It will now get installed as part of
Add your role into the main.yml file in the tasks directory of the 9-local-addons role. It will now get installed as part of
the next ansible run.
More Info
---------
Have a look at the docs section of this git repo for more detailed information.
Have a look at https://github.com/iiab/iiab/wiki/IIAB-Architecture (offline at http://box/info/IIAB-Architecture.html) for more detailed information.

3
roles/9-local-addons/meta/main.yml
View file

@ -1,3 +0,0 @@
# Add your role to this list and then uncomment dependencies. Adding a tag is handy for testing.
#dependencies:

13
roles/9-local-addons/tasks/main.yml
View file

@ -1,5 +1,10 @@
- name: Addon services installed
command: echo Addon services installed
# Local Add-ons
- name: Installation Complete
shell: echo "{}" > /etc/iiab/config_vars.yml
- name: ...IS BEGINNING ====================================
command: echo
- name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=9'
state=present

33
roles/activity-server/tasks/main.yml
View file

@ -12,29 +12,29 @@
- /library/xs-activity-server/lang_templates
- /library/xs-activity-server/www.0
- /library/xs-activity-server/tmp
# Wish synchronize worked, but it doesn't
- name: Copy language templates
command: rsync -a {{iiab_dir}}/roles/activity-server/files/lang_templates /library/xs-activity-server/
- name: Copy default index files
- name: Copy language templates
command: rsync -a {{ iiab_dir }}/roles/activity-server/files/lang_templates /library/xs-activity-server/
- name: Copy default index files
copy: src={{ item }}
dest=/library/xs-activity-server/www.0
mode=0755
owner=root
group=root
with_fileglob:
- www.0/index.html.*
- www.0/index.html.*
- name: Point www to www.0 as default
file: src=/library/xs-activity-server/www.0
dest=/library/xs-activity-server/www
dest=/library/xs-activity-server/www
owner=root
group=admin
state=link
- name: Chown language templates
state=link
- name: Chown language templates
file: path=/library/xs-activity-server/lang_templates
mode=0644
owner=root
@ -49,8 +49,8 @@
mode=0755
owner=root
group=root
state=directory
state=directory
- name: Install Python module
copy: src=xs_activities/__init__.py
dest=/usr/lib/python2.7/site-packages/xs_activities
@ -58,7 +58,7 @@
owner=root
group=root
- name: Copy scripts to /usr/bin
- name: Copy scripts to /usr/bin
copy: src={{ item }}
dest=/usr/bin
mode=0755
@ -105,7 +105,7 @@
# For it only supports client's language code
# TODO: Upload Activity via web interface
# and figure out what to do with olpc_activities.service
# and figure out what to do with olpc_activities.service
# short term addition of link for upload-activity server
# ln -sf /usr/share/xs-config/cfg/html/top/en/cntr_upl_activity.php {{ doc_root }}/upload_activity.php
@ -130,4 +130,3 @@
value: /activities
- option: enabled
value: "{{ xo_services_enabled }}"

2
roles/ajenti/tasks/main.yml
View file

@ -37,7 +37,7 @@
mode=0744
state=file
- include: ajenti-wondershaper.yml
- include_tasks: ajenti-wondershaper.yml
when: 'iiab_lan_iface != ""'
# handler doesn't fire

11
roles/authserver/tasks/main.yml
View file

@ -4,7 +4,7 @@
- name: Install xs-authserver from pypi
pip: name=xs-authserver
when: internet_available
when: internet_available
- name: install gunicorn
package: name=python-gunicorn
@ -38,8 +38,15 @@
environment:
XS_AUTHSERVER_DATABASE: /var/lib/xs-authserver/data.db
- name: Enable xs-authserver service
- name: Stop authserver service
service: name=xs-authserver
state=stopped
enabled=no
when: not authserver_enabled
- name: Start xs-authserver service
service: name=xs-authserver
state=restarted
enabled=yes
when: authserver_enabled

27
roles/awstats/tasks/install.yml
View file

@ -1,5 +1,5 @@
- name: Install awstats package
package: name={{ item }}
- name: Install AWStats package
package: name={{ item }}
state=present
with_items:
- awstats
@ -8,8 +8,8 @@
tags:
- download
- name: Install awstats package
package: name={{ item }}
- name: Install AWStats package
package: name={{ item }}
state=present
with_items:
- libapache2-mod-authnz-external
@ -22,7 +22,7 @@
command: a2enmod cgi
when: is_debuntu
- name: Create directory for awstat to use as intermediate summary storage
- name: Create directory for AWStats to use as intermediate summary storage
file: path={{ item }}
mode=0750
owner={{ apache_user }}
@ -33,7 +33,7 @@
- "{{ awstats_data_dir }}"
- "{{ apache_log_dir }}"
- name: Install the Apache config for Advanced Web Statistics
- name: Install the Apache config for AWStats
template: src=apache.conf
dest=/etc/{{ apache_config_dir }}/awstats.conf
owner=root
@ -41,7 +41,7 @@
mode=0644
when: awstats_enabled and is_debuntu
- name: Install the Apache config for Advanced Web Statistics
- name: Install the Apache config for AWStats
template: src=apache-awstats.conf
dest=/etc/{{ apache_config_dir }}/awstats.conf
owner=root
@ -63,18 +63,18 @@
command: mv /etc/awstats/awstats.conf /etc/awstats/awstats.conf.dist
when: awstats.stat.islnk is defined and not awstats.stat.islnk
- name: Enable Awstats
- name: Enable AWStats
file: src=/etc/apache2/sites-available/awstats.conf
path=/etc/apache2/sites-enabled/awstats.conf
state=link
when: awstats_enabled and is_debuntu
- name: Disable Awstats
- name: Disable AWStats
file: path=/etc/apache2/sites-enabled/awstats.conf
state=absent
when: not awstats_enabled and is_debuntu
- name: Install the awstats config for Advanced Web Statistics
- name: Install the AWStats config
template: src=awstats.schoolserver.conf.j2
dest=/etc/awstats/awstats.schoolserver.conf
owner=root
@ -82,17 +82,16 @@
mode=0644
when: awstats_enabled
- name: Create a symbolic link to use when access is by ip address
- name: Create a symbolic link to use when access is by IP address
file: src=/etc/awstats/awstats.schoolserver.conf
dest=/etc/awstats/awstats.conf
state=link
when: awstats_enabled
- name: On first enabling of awstats, summarize httpd logs up to now
- name: On first enabling of AWStats, summarize httpd logs up to now
shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
when: awstats_enabled and not is_debuntu
- name: On first enabling of awstats, summarize httpd logs up to now
- name: On first enabling of AWStats, summarize httpd logs up to now
shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
when: awstats_enabled and is_debuntu

8
roles/awstats/tasks/main.yml
View file

@ -1,7 +1,7 @@
- include: install.yml
- include_tasks: install.yml
when: awstats_install
- name: Add awstats to service list
- name: Add AWStats to service list
ini_file: dest='{{ service_filelist }}'
section=awstats
option='{{ item.option }}'
@ -10,7 +10,7 @@
- option: name
value: awstats
- option: description
value: '"Awstats is Advanced Web Statistics package written in perl which generates static or dynamic html summaries based upon web server logs"'
value: '"AWStats is Advanced Web Statistics package written in Perl which generates static or dynamic html summaries based upon web server logs"'
- option: installed
value: "{{ awstats_install }}"
- option: enabled

10
roles/calibre/tasks/main.yml
View file

@ -6,13 +6,13 @@
mode=0755
when: ansible_distribution == "CentOS"
- name: Install Calibre
- name: Install Calibre (CentOS)
shell: "{{ downloads_dir }}/calibre-installer.py >> /dev/null"
args:
creates: /usr/bin/calibre-uninstall
when: calibre_install and ansible_distribution == 'CentOS'
when: calibre_install and ansible_distribution == 'CentOS'
- name: Install Calibre rpms
- name: Install Calibre (OS's other than CentOS)
# the fedora rpm arm version, though older, takes care of dependencies, and exists
package: name={{ item }}
state=present
@ -20,7 +20,7 @@
- calibre
when: calibre_install and ansible_distribution != 'CentOS'
- name: Create Calibre service(s) and support scripts
- name: Create calibre-serve.service and calibre.conf
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
@ -52,7 +52,7 @@
state=stopped
when: not calibre_enabled
- name: Add Calibre to service list
- name: Add 'calibre-serve' to service list
ini_file: dest='{{ service_filelist }}'
section=calibre
option='{{ item.option }}'

20
roles/cups/tasks/main.yml
View file

@ -1,5 +1,5 @@
# administer this service by browsing to localhost:631
- name: get the CUPS package installed
- name: Get the CUPS package installed
package: name={{ item }}
state=present
with_items:
@ -7,8 +7,8 @@
when: cups_install
tags:
- download
- name: Put our own config file in place, to permit local lan admin
- name: Put our own config file in place, to permit local LAN admin
template: dest=/etc/cups/cupsd.conf
src=cupsd.conf
@ -22,7 +22,7 @@
state=link
when: cups_enabled and is_debuntu
- name: Enable services for cups
- name: Enable services for CUPS (OS's other than Fedora 18)
service: name={{ item }}
state=started
enabled=yes
@ -31,17 +31,17 @@
- cups-browsed
when: cups_enabled and not is_F18
- name: Enable services for cups for xo's
- name: Enable services for CUPS (Fedora 18, for XO laptops)
service: name=cups
state=started
enabled=yes
when: cups_enabled and is_F18
- name: Permit headless admin of CUPS -- only works when cups daemon is running
- name: Permit headless admin of CUPS -- only works when CUPS daemon is running
shell: "cupsctl --remote-admin"
when: cups_enabled
- name: Disable services for cups
- name: Disable services for CUPS (OS's other than Fedora 18)
service: name={{ item }}
state=stopped
enabled=no
@ -50,13 +50,13 @@
- cups-browsed
when: not cups_enabled and not is_F18
- name: Disable services for cups for xo's
- name: Disable services for CUPS (Fedora 18, for XO laptops)
service: name=cups
state=stopped
enabled=no
when: not cups_enabled and is_F18
- name: add cups to service list
- name: Add 'cups' to service list
ini_file: dest={{ service_filelist }}
section=cups
option={{ item.option }}
@ -65,7 +65,7 @@
- option: name
value: '"Common UNIX Printing System (CUPS)"'
- option: description
value: '"CUPS is a modular printing system which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
value: '"CUPS is a modular printing system which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
- option: installed
value: "{{ cups_install }}"
- option: enabled

8
roles/dokuwiki/README.rst
View file

@ -1,5 +1,5 @@
===============
Dokuwiki README
DokuWiki README
===============
DokuWiki is a simple to use and highly versatile Open Source wiki software that
@ -10,12 +10,12 @@ make DokuWiki especially useful in the enterprise context and the large number o
plugins contributed by its vibrant community allow for a broad range of use cases
beyond a traditional wiki.
http://dokuwiki.org/
http://dokuwiki.org
After Installation
------------------
Head to http://schoolserver.lan/wiki. The webpage will probably throw up an error
Head to http://box.lan/wiki. The webpage will probably throw up an error
saying you haven't run install.php yet, with a link to it. Click the link to be
taken to the install page which does the initial configuration of the wiki. After
this, you should be all set!
@ -33,4 +33,4 @@ None yet other than the basic enabled/disabled. Haven't really tested if they wo
Todo
----
* Preinstall some popular plugins.
* Additional XSCE customizations.
* Additional IIAB customizations.

19
roles/dokuwiki/tasks/install.yml
View file

@ -1,6 +1,6 @@
- name: Get the Dokuwiki software
get_url: url="{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" dest={{ downloads_dir}}/
when: internet_available
- name: Get the DokuWiki software
get_url: url="{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" dest={{ downloads_dir }}/
when: internet_available
- name: Copy it to permanent location /library
unarchive: src={{ downloads_dir }}/{{ dokuwiki_version }}.tgz dest=/library creates=/library/{{ dokuwiki_version }}/VERSION
@ -8,25 +8,24 @@
- name: Symlink /library/dokuwiki* to /library/dokuwiki
shell: if [ ! -d /library/dokuwiki ]; then ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki; fi
- name: Install config file for dokuwiki in Apache
- name: Install config file for DokuWiki in Apache
template: src=dokuwiki.conf.j2 dest=/etc/{{ apache_config_dir }}/dokuwiki.conf
when: dokuwiki_enabled
- name: enable the dokuwiki
- name: Enable the DokuWiki
file: path=/etc/apache2/sites-enabled/dokuwiki.conf
src=/etc/apache2/sites-available/dokuwiki.conf
state=link
when: dokuwiki_enabled and is_debuntu
- name: disable the dokuwiki
- name: Disable the DokuWiki
file: path=/etc/apache2/sites-enabled/dokuwiki.conf
state=absent
when: not dokuwiki_enabled and is_debuntu
- name: Change permissions on engine directory so apache can write
- name: Change permissions on engine directory so Apache can write
file: path=/library/{{ dokuwiki_version }} owner={{ apache_user }} mode=0755 state=directory recurse=yes
- name: Restart apache, so it picks up the new aliases
- name: Restart Apache, so it picks up the new aliases
service: name={{ apache_service }} state=restarted

4
roles/dokuwiki/tasks/main.yml
View file

@ -1,8 +1,8 @@
- name: Include the install playbook
include: install.yml
include_tasks: install.yml
when: dokuwiki_install
- name: Add dokuwiki to service list
- name: Add DokuWiki to service list
ini_file: dest='{{ service_filelist }}'
section=dokuwiki
option='{{ item.option }}'

47
roles/ejabberd/tasks/main.yml
View file

@ -14,25 +14,30 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'ejabberd-xs.cfg.j2', dest: '/etc/ejabberd/ejabberd-xs.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl.cfg', mode: '0644' }
- { src: 'ejabberd-xs', dest: '/etc/sysconfig/ejabberd-xs', mode: '0755' }
- { src: 'ejabberd-iiab.cfg.j2', dest: '/etc/ejabberd/ejabberd-iiab.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl-iiab.cfg', mode: '0644' }
- { src: 'ejabberd-iiab', dest: '/etc/sysconfig/ejabberd-iiab', mode: '0755' }
# - { src: 'ejabberd-domain-config', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd', mode: '0755'}
# - { src: 'ejabberd', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd' , mode: '0755' }
- { src: 'ejabberd-xs.service.j2', dest: '/etc/systemd/system/ejabberd-xs.service', mode: '0755' }
- { src: 'xs-ejabberd-srg', dest: '/usr/bin/xs-ejabberd-srg' , mode: '0755' }
- { src: '10-ejabberdmoodle', dest: '/etc/sudoers.d/10-ejabberdmoodle', mode: '0440' }
- { src: 'ejabberd-iiab.service.j2', dest: '/etc/systemd/system/ejabberd-iiab.service', mode: '0755' }
- { src: 'iiab-ejabberd-srg', dest: '/usr/bin/iiab-ejabberd-srg' , mode: '0755' }
# - { src: '10-ejabberdmoodle', dest: '/etc/sudoers.d/10-ejabberdmoodle', mode: '0440' }
- { src: 'ejabberd.tmpfiles', dest: '/etc/tmpfiles.d/ejabberd.conf', mode: '0640' }
register: ejabberd_config
- name: Stop and disable OS provided systemd ejabberd service
service: name=ejabberd
state=stopped
enabled=no
- name: Put the startup script in place - debian
template: src='ejabberd-xs.init'
dest='/etc/init.d/ejabberd-xs'
template: src='ejabberd-iiab.init'
dest='/etc/init.d/ejabberd-iiab'
when: is_debuntu
- name: Put the startup script in place - non debian
template: src='ejabberd-xs.init'
dest='/usr/libexec/ejabberd-xs'
template: src='ejabberd-iiab.init'
dest='/usr/libexec/ejabberd-iiab'
when: not is_debuntu
- name: Remove ejabberd_domain if domain changes
@ -41,14 +46,14 @@
when: ejabberd_config.changed
- name: Enable ejabberd service
file: src=/etc/systemd/system/ejabberd-xs.service
dest=/etc/systemd/system/multi-user.target.wants/ejabberd-xs.service
file: src=/etc/systemd/system/ejabberd-iiab.service
dest=/etc/systemd/system/multi-user.target.wants/ejabberd-iiab.service
owner=root
group=root
state=link
- name: Start ejabberd service
service: name=ejabberd-xs
service: name=ejabberd-iiab
state=restarted
enabled=yes
when: ejabberd_config.changed and ejabberd_enabled
@ -60,10 +65,14 @@
timeout=300
when: ejabberd_config.changed and ejabberd_enabled
- name: Create online group
shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
when: ejabberd_config.changed and not is_debuntu
# ejabberd-iiab.init has the logic for the below, needs to be done once
# and only if the group does not exist based on presence of
# /var/lib/ejabberd online_src_created
- name: Add all users to online group
shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
when: ejabberd_config.changed and not is_debuntu
#- name: Create online group
# shell: ejabberdctl srg_create Online "{{ iiab_hostname }}" Online "Online_Users" Online
# when: ejabberd_config.changed
#- name: Add all users to online group
# shell: ejabberdctl srg_user_add '@online@' "{{ iiab_hostname }}" Online "schoolserver"
# when: ejabberd_config.changed

4
roles/ejabberd/templates/ejabberd
View file

@ -3,9 +3,9 @@
#
# ejabberd now handles domain changes in the initrd script
#
SERVICE_NAME=ejabberd-xs
SERVICE_NAME=ejabberd-iiab
CONFIG_LIST="/etc/ejabberd/ejabberd-xs.cfg"
CONFIG_LIST="/etc/ejabberd/ejabberd-iiab.cfg"
# taken from ejabberd spec %post
# taken from ejabberd spec %post

2
roles/ejabberd/templates/ejabberd-xs → roles/ejabberd/templates/ejabberd-iiab
View file

@ -2,7 +2,7 @@
## Where should ejabberd find its configuration file?
#
CONFIG_FILE=/etc/ejabberd/ejabberd-xs.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-iiab.cfg
## ULIMIT_MAX_FILES alters the number of files that ejabberd is
## allowed to have open at once. If it is unset the system default

0
roles/ejabberd/templates/ejabberd-xs.cfg.j2 → roles/ejabberd/templates/ejabberd-iiab.cfg.j2
View file

24
roles/ejabberd/templates/ejabberd-xs.init → roles/ejabberd/templates/ejabberd-iiab.init
View file

@ -17,14 +17,17 @@
# Description: A distributed, fault-tolerant Jabber/XMPP server
### END INIT INFO
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
. /etc/rc.d/init.d/functions
if [ -r /etc/sysconfig/ejabberd-xs ]; then
. /etc/sysconfig/ejabberd-xs
if [ -r /etc/sysconfig/ejabberd-iiab ]; then
. /etc/sysconfig/ejabberd-iiab
fi
if [ ! "$CONFIG_FILE" ]; then
CONFIG_FILE=/etc/ejabberd/ejabberd.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-iiab.cfg
fi
# /var/run is tmpfs in fc18, so need to create every time
@ -34,25 +37,22 @@ chown ejabberd:ejabberd /var/run/ejabberd
# avoid using consolehelper, call ejabberdctl directly
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
check_domain_configured() {
if [ ! -e /etc/sysconfig/xs_domain_name ]; then
echo "Domain not configured yet" > /dev/stderr
if [ ! -e $SYS_DOMAIN_FILE ]; then
echo "Domain not configured yet 1" > /dev/stderr
exit 1;
fi
domain=`cat "$SYS_DOMAIN_FILE" `
if [ "$domain" == "random.xs.laptop.org" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 2" > /dev/stderr
exit 1;
fi
#hostname=`hostname -f`
hostname=`hostname `
if [ "$hostname" == "localhost.localdomain" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 3" > /dev/stderr
fi
# if [ "$hostname" != "schoolserver.$domain" ]; then
@ -149,7 +149,7 @@ start() {
fi
daemon --user=ejabberd $progctl start --config $CONFIG_FILE \
--ctl-config /etc/ejabberd/ejabberdctl.cfg \
--ctl-config /etc/ejabberd/ejabberdctl-iiab.cfg \
--logs "/var/log/ejabberd" \
--spool "/var/lib/ejabberd/spool" \
2>/dev/null
@ -218,5 +218,3 @@ case "$1" in
esac
exit $RETVAL

6
roles/ejabberd/templates/ejabberd-xs.service.j2 → roles/ejabberd/templates/ejabberd-iiab.service.j2
View file

@ -8,9 +8,9 @@ User=root
Group=root
LimitNOFILE=50000
RestartSec=5
EnvironmentFile=/etc/sysconfig/ejabberd-xs
ExecStart=/usr/libexec/ejabberd-xs start
ExecStop=/usr/libexec/ejabberd-xs stop
EnvironmentFile=/etc/sysconfig/ejabberd-iiab
ExecStart=/usr/libexec/ejabberd-iiab start
ExecStop=/usr/libexec/ejabberd-iiab stop
RemainAfterExit=yes
[Install]

2
roles/ejabberd/templates/xs-ejabberd-srg → roles/ejabberd/templates/iiab-ejabberd-srg
View file

@ -2,7 +2,7 @@
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
setup_online_srg() {

17
roles/ejabberd_xs/tasks/main.yml
View file

@ -34,7 +34,7 @@
mode={{ item.mode }}
with_items:
- { src: 'ejabberd-xs.cfg.j2', dest: '/etc/ejabberd/ejabberd-xs.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl.cfg', mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl-xs.cfg', mode: '0644' }
- { src: 'ejabberd-xs', dest: '/etc/sysconfig/ejabberd-xs', mode: '0755' }
# - { src: 'ejabberd-domain-config', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd', mode: '0755'}
# - { src: 'ejabberd', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd' , mode: '0755' }
@ -76,13 +76,10 @@
timeout=300
when: ejabberd_config.changed and ejabberd_xs_enabled
- name: Create online group
shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
- name: Add all users to online group
shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
#- name: Create online group
# shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
# when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
#- name: Add all users to online group
# shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
# when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled

18
roles/ejabberd_xs/templates/ejabberd-xs.init
View file

@ -17,6 +17,9 @@
# Description: A distributed, fault-tolerant Jabber/XMPP server
### END INIT INFO
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
. /etc/rc.d/init.d/functions
if [ -r /etc/sysconfig/ejabberd-xs ]; then
@ -24,7 +27,7 @@ if [ -r /etc/sysconfig/ejabberd-xs ]; then
fi
if [ ! "$CONFIG_FILE" ]; then
CONFIG_FILE=/etc/ejabberd/ejabberd.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-xs.cfg
fi
# /var/run is tmpfs in fc18, so need to create every time
@ -34,25 +37,22 @@ chown ejabberd:ejabberd /var/run/ejabberd
# avoid using consolehelper, call ejabberdctl directly
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
check_domain_configured() {
if [ ! -e /etc/sysconfig/xs_domain_name ]; then
echo "Domain not configured yet" > /dev/stderr
if [ ! -e $SYS_DOMAIN_FILE ]; then
echo "Domain not configured yet 1" > /dev/stderr
exit 1;
fi
domain=`cat "$SYS_DOMAIN_FILE" `
if [ "$domain" == "random.xs.laptop.org" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 2" > /dev/stderr
exit 1;
fi
#hostname=`hostname -f`
hostname=`hostname `
if [ "$hostname" == "localhost.localdomain" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 3" > /dev/stderr
fi
# if [ "$hostname" != "schoolserver.$domain" ]; then
@ -149,7 +149,7 @@ start() {
fi
daemon --user=ejabberd $progctl start --config $CONFIG_FILE \
--ctl-config /etc/ejabberd/ejabberdctl.cfg \
--ctl-config /etc/ejabberd/ejabberdctl-xs.cfg \
--logs "/var/log/ejabberd" \
--spool "/var/lib/ejabberd/spool" \
2>/dev/null

3
roles/elgg/meta/main.yml
View file

@ -1,3 +0,0 @@
---
dependencies:
- { role: mysql }

50
roles/elgg/tasks/main.yml
View file

@ -1,7 +1,10 @@
- name: download current version from our copy
# Assume we only get here if elgg_install: True
# Assume mysql is running
- name: Download current version from our copy
shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }}
creates={{ downloads_dir }}/elgg-{{ elgg_version }}.zip
when: internet_available
when: internet_available
- name: Determine if software is already expanded
stat: path=/opt/elgg-{{ elgg_version }}/index.php
@ -11,11 +14,11 @@
# unarchive: dest=/opt/
# src={{ downloads_dir }}/elgg-{{ elgg_version }}.zip
- name: Expand it to our location
- name: Expand it to our location unless already done
shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt"
when: elgg.stat.exists is defined and not elgg.stat.exists
- name: Create a link to the versioned elgg folder
- name: Create a link to the versioned elgg-* folder
file: src=./elgg-{{ elgg_version }}
dest=/opt/elgg
owner={{ apache_user }}
@ -25,6 +28,7 @@
# use template to fix up settings in engine/settings.php with our variables substituted
# into engine/settings.example.php
# note this will overwrite any manual settings
- name: Substitute our parameters in engine/settings.example.php
template: src="settings.php.j2"
dest="/opt/{{ elgg_xx }}/elgg-config/settings.php"
@ -32,7 +36,7 @@
group={{ apache_user }}
# The name of this file changed from 1.9 to 1.10.
- name: Copy default .htaccess to the root directory of elgg tree
- name: Copy default .htaccess to the root directory of Elgg tree
copy: src="/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
dest="/opt/{{ elgg_xx }}/.htaccess"
mode=0644
@ -47,65 +51,67 @@
insertafter='^#RewriteBase'
line="RewriteBase {{ elgg_url }}/"
- name: Change permissions on engine directory so apache can write
- name: Change permissions on engine directory so Apache can write
file: path=/opt/elgg/engine/ owner={{ apache_user }} mode=0755 state=directory
- name: Create an upload directory that Apache can write in or elgg
file: path={{ elgg_upload_path }} state=directory owner={{ apache_user }}
- name: change ownership
- name: Change ownership
file: path=/opt/elgg-{{ elgg_version }}
owner={{ apache_user }}
group={{ apache_user }}
recurse=yes
state=directory
# elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql
# tar up a mysqldump of freshly installed database and use it in the install to avoid the startup
# form, which worries me a lot. (/var/lib/mysql/elggdb)
- name: Create a MySQL database for Elgg - can be run more than once
mysql_db: name={{ dbname }}
register: create_elgg_database
- name: Create a user to access the elgg database
mysql_user: name={{ dbuser }} host={{ item }} password={{ dbpassword }} priv=*.*:ALL
- name: Create a user to access the Elgg database - can be run more than once
mysql_user: name={{ dbuser }} host={{ item }} password={{ dbpassword }} priv={{ dbname }}.*:ALL
with_items:
- 127.0.0.1
- ::1
- localhost
when: mysql_enabled and elgg_enabled and not elgg.stat.exists
- name: Create file to load database
template: src=elggdb.sql.j2
dest=/tmp/elggdb.sql
- name: Create a mysql database for elgg
mysql_db: name={{ dbname }}
when: mysql_enabled and elgg_enabled
register: create_elgg_database
# elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql
# tar up a mysqldump of freshly installed database and use it in the install to avoid the startup
# form, which worries me a lot. (/var/lib/mysql/elggdb)
- name: Load elgg database dump
mysql_db: name={{ dbname }}
state=import
target=/tmp/elggdb.sql
when: mysql_enabled and elgg_enabled and create_elgg_database.changed
when: create_elgg_database.changed
- name: Remove database dump after load
file: name=/tmp/elggdb.sql state=absent
- name: Install config file for elgg in Apache
template: src=elgg.conf dest=/etc/{{ apache_config_dir }}/elgg.conf
when: mysql_enabled and elgg_enabled
- name: enable elgg
- name: Enable Elgg for debuntu (will already be enabled above for Redhat)
file: path=/etc/apache2/sites-enabled/elgg.conf
src=/etc/apache2/sites-available/elgg.conf
state=link
when: elgg_enabled and is_debuntu
- name: disable elgg
- name: Disable Elgg for debuntu
file: path=/etc/apache2/sites-enabled/elgg.conf
state=absent
when: not elgg_enabled and is_debuntu
- name: add elgg to service list
- name: Disable Elgg for Redhat - remove config file for Elgg in Apache
file: dest=/etc/{{ apache_config_dir }}/elgg.conf
state=absent
when: not elgg_enabled and is_redhat
- name: Add Elgg to service list
ini_file: dest='{{ service_filelist }}'
section=elgg
option='{{ item.option }}'

24
roles/elgg/templates/settings.php.j2
View file

@ -35,21 +35,21 @@ if (!isset($CONFIG)) {
*
* @global string $CONFIG->dbuser
*/
$CONFIG->dbuser = '{{dbuser}}';
$CONFIG->dbuser = '{{ dbuser }}';
/**
* The database password
*
* @global string $CONFIG->dbpass
*/
$CONFIG->dbpass = '{{dbpassword}}';
$CONFIG->dbpass = '{{ dbpassword }}';
/**
* The database name
*
* @global string $CONFIG->dbname
*/
$CONFIG->dbname = '{{dbname}}';
$CONFIG->dbname = '{{ dbname }}';
/**
* The database host.
@ -58,7 +58,7 @@ $CONFIG->dbname = '{{dbname}}';
*
* @global string $CONFIG->dbhost
*/
$CONFIG->dbhost = '{{dbhost}}';
$CONFIG->dbhost = '{{ dbhost }}';
/**
* The database prefix
@ -69,7 +69,7 @@ $CONFIG->dbhost = '{{dbhost}}';
*
* @global string $CONFIG->dbprefix
*/
$CONFIG->dbprefix = '{{dbprefix}}';
$CONFIG->dbprefix = '{{ dbprefix }}';
/**
* Multiple database connections
@ -130,17 +130,17 @@ $CONFIG->dbprefix = '{{dbprefix}}';
/**
* Cookie configuration
*
* Elgg uses 2 cookies: a PHP session cookie and an extended login cookie
* Elgg uses 2 cookies: a PHP session cookie and an extended login cookie
* (also called the remember me cookie). See the PHP manual for documentation on
* each of these parameters. Possible options:
*
*
* - Set the session name to share the session across applications.
* - Set the path because Elgg is not installed in the root of the web directory.
* - Set the secure option to true if you only serve the site over HTTPS.
* - Set the expire option on the remember me cookie to change its lifetime
*
* To use, uncomment the appropriate sections below and update for your site.
*
*
* @global array $CONFIG->cookies
*/
// get the default parameters from php.ini
@ -197,16 +197,16 @@ $CONFIG->min_password_length = 6;
/**
* This is an optional script used to override Elgg's default handling of
* uncaught exceptions.
*
*
* This should be an absolute file path to a php script that will be called
* any time an uncaught exception is thrown.
*
*
* The script will have access to the following variables as part of the scope
* global $CONFIG
* $exception - the unhandled exception
*
*
* @warning - the database may not be available
*
*
* @global string $CONFIG->exception_include
*/
$CONFIG->exception_include = '';

46
roles/gateway/README.rst
View file

@ -1,46 +0,0 @@
==============
Gateway README
==============
Under the heading of Gateway are a number of services that provide dhcp addresses and NAT to the lan
and filter wan access both in terms of content and bandwidth.
LAN
---
The LAN is managed by the dhcpd service and by iptables. The configuration of iptables is complicated
and works as follows:
/etc/systemd/system/iptables.service calls
/etc/sysconfig/iptables-config which calls
/usr/bin/iiab-gen-iptables
and saves the resultant configuration to /etc/sysconfig/iptables
it then supplies additional rules to iptables
As of March 2014 the following files are obsolete
/etc/sysconfig/olpc-scripts/iptables-xs
/etc/sysconfig/olpc-scripts/ip6tables-xs
Filters
-------
Content is filtered by squid and dansguardian and there are ansible variables that control them.
There is a white list file, sites.whitelist.txt. URL patterns not in this file will not be accessible.
An additional rule to block https has been added to iptables, also controlled by an ansible variable.
**N.B. https blocking and whitelist checking are disabled by default**
To enable whitelist checking and/or https blocking edit
#Gateway Filters
gw_squid_whitelist: False
gw_block_https: False
changing False to True where appropriate and then run runtags facts, gateway
Bandwidth is filtered by wondershaper.

1
roles/gateway/tasks/main.yml
View file

@ -1 +0,0 @@
-name: placekeeper

16
roles/homepage/tasks/main.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Create home directory
file: path={{ doc_root }}/home
mode=0755
owner={{ apache_user }}
group={{ apache_user }}
state=directory
- name: Install admin homepage into apache2
template: src=iiab-homepage.conf
dest=/etc/{{ apache_config_dir }}/iiab-homepage.conf
- name: Enable the home page
file: src=/etc/{{ apache_config_dir }}/iiab-homepage.conf
dest=/etc/apache2/sites-enabled/iiab-homepage.conf
state=link
when: is_debuntu

6
roles/httpd/templates/iiab-home-page.conf → roles/homepage/templates/iiab-homepage.conf
View file

@ -1,9 +1,9 @@
# XSCE Home Page
# IIAB Home Page
# Redirect to home page on School Server
# Default is xs-portal
# Default [was] xs-portal [and is now generally] home
# RedirectMatch of root to home page
# RedirectMatch of root to homepage
# See the note in default_vars.yml
RedirectMatch ^/$ {{ iiab_home_url }}

16
roles/httpd/tasks/home-page.yml
View file

@ -1,16 +0,0 @@
- name: Create home directory
file: path={{ doc_root }}/home
mode=0755
owner={{ apache_user }}
group={{ apache_user }}
state=directory
- name: Install admin home page into apache2
template: src=iiab-home-page.conf
dest=/etc/{{ apache_config_dir }}/iiab-home-page.conf
- name: Enable the home page
file: src=/etc/{{ apache_config_dir }}/iiab-home-page.conf
dest=/etc/apache2/sites-enabled/iiab-home-page.conf
state=link
when: is_debuntu

20
roles/httpd/tasks/main.yml
View file

@ -40,7 +40,7 @@
- download
when: is_redhat
- name: remove the default apache2 config file
- name: Remove the default apache2 config file
file: path=/etc/apache2/sites-enabled/000-default.conf
src=/etc/apache2/sites-available/000-default.conf
state=absent
@ -67,7 +67,7 @@
- mpm_event.load
when: is_debuntu
- name: create symlinks for mpm-prefork
- name: Create symlinks for mpm-prefork
file: path=/etc/apache2/mods-enabled/{{ item }}
src=/etc/apache2/mods-available/{{ item }}
state=link
@ -76,7 +76,7 @@
- mpm_prefork.load
when: is_debuntu
- name: turn on mod_proxy
- name: Turn on mod_proxy
command: a2enmod {{ item }}
with_items:
- proxy
@ -85,7 +85,7 @@
- rewrite
when: is_debuntu
- name: create symlinks for enabling our site
- name: Create symlinks for enabling our site
file: path=/etc/apache2/sites-enabled/{{ item }}
src=/etc/apache2/sites-available/{{ item }}
state=link
@ -105,7 +105,7 @@
group=root
state=directory
- name: create admin group
- name: Create admin group
group: name=admin
state=present
@ -142,21 +142,15 @@
state=absent
when: is_debuntu
- include: html.yml
- include_tasks: html.yml
tags:
- base
- include: home-page.yml
- name: place the script to generate home pages
- name: Place the script to generate homepages
template: src=refresh-wiki-docs.sh
dest=/usr/bin/iiab-refresh-wiki-docs
mode=0755
- name: generate the offline documents
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs
- name: Give apache_user permission for poweroff
template: src=020_apache_poweroff.j2
dest=/etc/sudoers.d/020_apache_poweroff

1
roles/httpd/templates/iiab-console.conf.j2
View file

@ -1 +0,0 @@
/opt/schoolserver/xsce/roles/xsce-admin/templates/console/xs-console.conf.j2

116
roles/httpd/templates/refresh-wiki-docs.sh
View file

@ -1,81 +1,73 @@
#!/bin/bash -x
# pull down repo wiki, and use to create offline docs
# Pull down repo's entire wiki (and similar) to create offline docs
set -e
source /etc/iiab/iiab.env
REPONAME=iiab
REPO=https://github.com/iiab
WIKI=iiab-wiki
TARGET_URL=/info
WWWROOT=/library/www/html
INPUT=/tmp/${WIKI}
OUTPUT=/tmp/${WIKI}.out
# this script is located in the scritps/ directory in the local repo
SCRIPTDIR=$(dirname $0)
pushd $SCRIPTDIR
INPUT=/tmp/iiab-wiki
OUTPUT=/tmp/iiab-wiki.out
DESTPATH=/library/www/html/info
rm -rf $INPUT
rm -rf $OUTPUT
mkdir -p $INPUT
mkdir -p $OUTPUT
mkdir -p $WWWROOT$TARGET_URL/html
git clone $REPO/$REPONAME.wiki.git $INPUT
git clone https://github.com/iiab/iiab.wiki.git $INPUT
# To Do find more links to rewrite, especially after moving from xsce to iiab
for f in `ls /tmp/${WIKI}`; do
for f in `ls $INPUT`; do
FTRIMMED=${f%.md}
if [ $FTRIMMED = "Home" ]; then FTRIMMED=index;fi
pandoc -s /tmp/${WIKI}/$f -o $OUTPUT/$FTRIMMED.html
# make links refer to local directory
sed -i -r "/.*#.*/ s|$REPO/$REPONAME/wiki/(.*)(#.*)\">|./\1.html\2\">|" $OUTPUT/$FTRIMMED.html
sed -i -r "/.*#.*/! s|$REPO/$REPONAME/wiki/(.*)\">|./\1.html\">|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|http://schoolserver.org/faq|/info/html/FAQ.html|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|http://wiki.laptop.org/go/IIAB/FAQ|/info/html/FAQ.html|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|/info/html/FAQ.html|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|http://FAQ.IIAB.IO|/info/html/FAQ.html|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|http://faq.iiab.io|/info/html/FAQ.html|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\.md\">|./\1.html\">|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|https://github.com/xsce/xsce/wiki/\(.*\)\">|./\1.html\">|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|wiki.laptop.org/go/IIAB/FAQ|box/info/html/FAQ.html|" $OUTPUT/$FTRIMMED.html
sed -i -e "s|wiki.laptop.org/go/IIAB/Security|box/info/html/Security.html|" $OUTPUT/$FTRIMMED.html
if [ $FTRIMMED = "Home" ]; then FTRIMMED=index; fi
pandoc -s $INPUT/$f -o $OUTPUT/$FTRIMMED.html
done
rsync -av $OUTPUT/ $WWWROOT$TARGET_URL
rsync -av $OUTPUT/ $DESTPATH
# copy the faq and other things
lynx -reload -source http://wiki.laptop.org/go/IIAB/FAQ > $WWWROOT$TARGET_URL/html/FAQ.html
lynx -reload -source http://wiki.laptop.org/go/IIAB/Security > $WWWROOT$TARGET_URL/html/Security.html
lynx -reload -source http://wiki.laptop.org/go/IIAB/local_vars.yml > $WWWROOT$TARGET_URL/html/local_vars.yml
# To Do: find more pages to d/l and offline links to fix, based on "fieldback" from truly remote implementer/operators
# fetch the recent release notes
lynx -reload -source https://github.com/XSCE/xsce/wiki/IIAB-6.2-Release-Notes> $WWWROOT$TARGET_URL/IIAB-6.2-Release-Notes.html
lynx -reload -source https://github.com/XSCE/xsce/blob/release-6.2/ReleaseNotes6.0.md > $WWWROOT$TARGET_URL/ReleaseNotes6.0.html
lynx -reload -source https://github.com/XSCE/xsce/blob/release-6.2/ReleaseNotes6.1.md> $WWWROOT$TARGET_URL/ReleaseNotes6.1.html
# Download FAQ etc
lynx -reload -source http://wiki.laptop.org/go/IIAB/FAQ > $DESTPATH/FAQ.html
lynx -reload -source http://wiki.laptop.org/go/IIAB/Security > $DESTPATH/Security.html
lynx -reload -source http://wiki.laptop.org/go/IIAB/local_vars.yml > $DESTPATH/local_vars.yml
lynx -reload -source http://wiki.laptop.org/go/IIAB/local_vars_min.yml > $DESTPATH/local_vars_min.yml
lynx -reload -source http://wiki.laptop.org/go/IIAB/local_vars_big.yml > $DESTPATH/local_vars_big.yml
pushd $OUTPUT
for f in `ls *Release*.md`; do
# FTRIMMED=${f%.md}
FTRIMMED=${f:0:-3}
pandoc -s $f -o $WWWROOT$TARGET_URL/$FTRIMMED.html
# make links refer to local directory
sed -i -e "s|$REPO/$REPONAME/wiki/\(.*\)\">|./\1.html\">)|" $WWWROOT$TARGET_URL/$FTRIMMED.html
sed -i -e "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\">|./\1.html\">)|" $WWWROOT$TARGET_URL/$FTRIMMED.html
# Download older release notes
lynx -reload -source https://github.com/XSCE/xsce/wiki/IIAB-6.2-Release-Notes > $DESTPATH/IIAB-6.2-Release-Notes.html
lynx -reload -source https://github.com/XSCE/xsce/blob/release-6.2/ReleaseNotes6.0.md > $DESTPATH/ReleaseNotes6.0.html
lynx -reload -source https://github.com/XSCE/xsce/blob/release-6.2/ReleaseNotes6.1.md > $DESTPATH/ReleaseNotes6.1.html
# Make links refer to local items
for f in $DESTPATH/*.html; do
sed -i -r "s|https://github.com/iiab/iiab/wiki/([-.A-Za-z0-9]*)|\1.html|g" $f
sed -i -e "s|https://github.com/xsce/xsce/blob/release-6.2/\(.*\)\.md\">|\1.html\">|g" $f
sed -i -e "s|https://github.com/xsce/xsce/wiki/\(.*\)\">|\1.html\">|g" $f
sed -i -e "s|http://wiki.laptop.org/go/IIAB/FAQ|FAQ.html|g" $f
sed -i -e "s|/go/IIAB/FAQ|FAQ.html|g" $f
sed -i -e "s|http://wiki.iiab.io/FAQ|FAQ.html|g" $f
sed -i -e "s|http://FAQ.IIAB.IO|FAQ.html|g" $f
sed -i -e "s|http://faq.iiab.io|FAQ.html|g" $f
sed -i -e "s|http://schoolserver.org/FAQ|FAQ.html|g" $f
sed -i -e "s|http://schoolserver.org/faq|FAQ.html|g" $f
sed -i -e "s|http://wiki.laptop.org/go/XS_Community_Edition/FAQ|FAQ.html|g" $f
sed -i -e "s|http://wiki.laptop.org/go/IIAB/Security|Security.html|g" $f
sed -i -e "s|/go/IIAB/Security|Security.html|g" $f
sed -i -e "s|http://wiki.iiab.io/Security|Security.html|g" $f
sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars.yml|local_vars.yml|g" $f
sed -i -e "s|/go/IIAB/local_vars.yml|local_vars.yml|g" $f
sed -i -e "s|http://wiki.iiab.io/local_vars.yml|local_vars.yml|g" $f
sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f
sed -i -e "s|/go/IIAB/local_vars_min.yml|local_vars_min.yml|g" $f
sed -i -e "s|http://wiki.iiab.io/local_vars_min.yml|local_vars_min.yml|g" $f
sed -i -e "s|http://wiki.laptop.org/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f
sed -i -e "s|/go/IIAB/local_vars_big.yml|local_vars_big.yml|g" $f
sed -i -e "s|http://wiki.iiab.io/local_vars_big.yml|local_vars_big.yml|g" $f
done
popd
#pushd /opt/iiab/iiab-admin-console/roles/console/files/help
# fetch the embedded help pages from the admin console
#for f in `ls .`; do
# FTRIMMED=${f%.rst}
# pandoc -s $f -o $WWWROOT$TARGET_URL/html/$FTRIMMED.html
# # make links refer to local directory
# sed -i -e "s|$REPO/$ADMINREPO/wiki/\(.*\)\">|./\1.html\">)|" $WWWROOT$TARGET_URL/html/$FTRIMMED.html
#done
#popd
#rm -rf $INPUT
#rm -rf $OUTPUT
popd
exit 0

2
roles/idmgr/tasks/main.yml
View file

@ -33,7 +33,7 @@
command: /etc/sysconfig/olpc-scripts/setup.d/xs-rsync
creates=/etc/xinetd.d/xs-rsyncd
- name: Copy idmgr init script
- name: Copy idmgr init script
command: /bin/cp /etc/init.d/idmgr /usr/libexec/idmgr.init
creates=/usr/libexec/idmgr.init

4
roles/iiab-admin/README.rst
View file

@ -1,5 +1,5 @@
=================
XSCE Admin README
IIAB Admin README
=================
This role is home to a number of administrative playbooks. Those implemented are:
@ -22,4 +22,4 @@ Add Packages for Remote Access
Admin Console
-------------
Has been moved to a separate git repo
Has been moved to separate git repo: https://github.com/iiab/iiab-admin-console

27
roles/iiab-admin/tasks/admin-user.yml
View file

@ -1,8 +1,8 @@
- name: Create iiab-admin user and password
user: name={{ iiab_admin_user }}
user: name={{ iiab_admin_user }}
password={{ iiab_admin_passw_hash }}
update_password=on_create
- name: Create a wheel group
group: name=wheel
state=present
@ -14,7 +14,7 @@
- name: Add user to wheel group
user: name={{ iiab_admin_user }} groups=wheel,sudo
- name: Create root .ssh
file: path=/root/.ssh
mode=0700
@ -29,28 +29,27 @@
owner=root
group=root
mode=0600
# backup=yes
- name: edit the sudoers file--first make it editable
- name: Edit the sudoers file -- first make it editable
shell: chmod 0640 /etc/sudoers
- name: have sudo log all commands it handles
- name: Have sudo log all commands it handles
lineinfile: regexp=logfile
line='Defaults logfile = /var/log/sudo.log'
state=present
dest=/etc/sudoers
- name: lets wheel sudo without password
lineinfile:
- name: Lets wheel sudo without password
lineinfile:
line: "%wheel ALL= NOPASSWD: ALL"
dest: /etc/sudoers
- name: remove the line which requires tty
lineinfile: regexp=requiretty
state=absent
- name: Remove the line which requires tty
lineinfile: regexp=requiretty
state=absent
dest=/etc/sudoers
- name: end editing the sudoers file-- protect it again
- name: End editing the sudoers file -- protect it again
shell: chmod 0440 /etc/sudoers

12
roles/iiab-admin/tasks/main.yml
View file

@ -1,9 +1,9 @@
- include: admin-user.yml
- include_tasks: admin-user.yml
tags:
- base
when: not no_admin is defined
- include: access.yml
- include_tasks: access.yml
tags:
- base
@ -28,12 +28,12 @@
stat: path=/home/pi/.config/lxsession
register: lx
- name: Do the same if running on raspbian
- name: Do the same if running on Raspbian
template: src=lxde_ssh_warn.sh
dest=/home/pi/.config/lxsession/LXDE-pi/
when: lx.stat.isdir is defined and lx.staat.isdir and is_rpi and is_debuntu
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
- name: put a autostart line to check for default password in LXDE
- name: Put an autostart line to check for default password in LXDE
lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh
dest=/home/pi/.config/lxsession/LXDE-pi/autostart
when: lx.stat.isdir is defined and lx.staat.isdir and is_rpi and is_debuntu
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu

10
roles/kalite/README.rst
View file

@ -1,13 +1,13 @@
==============
KA-Lite README
KA Lite README
==============
This role installs KA-Lite, an offline version of the Khan Academy (https://www.khanacademy.org/),
This role installs KA Lite, an offline version of the Khan Academy (https://www.khanacademy.org/),
written by Learning Equality (https://learningequality.org/ka-lite/).
KA Lite has two servers, a light httpd server that serves KA videos, and a cron server that sets
up cron jobs to download language packs and KA videos from the internet. There are separate flags
to enable these two servers.
KA Lite has two servers, a light httpd server that serves Khan Academy videos, and a cron server
that sets up cron jobs to download language packs and KA videos from the internet. There are
separate flags to enable these two servers.
Access
------

6
roles/kalite/tasks/enable.yml
View file

@ -1,18 +1,18 @@
# By the time we get here we should have ka-lite of some version
# And the systemd unit files should be defined
- name: Enable kalite server
- name: Enable 'kalite-serve' service
service: name=kalite-serve
enabled=yes
state=started
- name: Disable kalite server
- name: Disable 'kalite-serve' service
service: name=kalite-serve
enabled=no
state=stopped
when: not kalite_enabled
# Since Fedora 18 we don't have a separate unit fiile for kalite-cron
# Since Fedora 18 we don't have a separate unit file for kalite-cron
- name: Disable kalite cron server F18
service: name=kalite-cron

22
roles/kalite/tasks/install-f18.yml
View file

@ -1,6 +1,6 @@
# This is for Fedora 18, assumed to be an XO
- name: Install dependent packages F18
- name: Install dependent packages (Fedora 18)
package: name={{ item }}
state=present
with_items:
@ -8,35 +8,35 @@
- expect
when: is_F18
- name: Install dependent pip packages F18
- name: Install dependent pip packages (Fedora 18)
pip: name=selenium
when: internet_available and is_F18
when: internet_available and is_F18
- name: Determine if kalite is already downloaded
- name: Determine if KA Lite is already downloaded
stat: path={{ downloads_dir }}/ka-lite
register: kalite
- name: Download the latest kalite repo
- name: Download the latest KA Lite repo
git: repo={{ kalite_repo_url }}
dest={{ downloads_dir }}/ka-lite
depth=1
version="0.13.x"
ignore_errors: yes
when: internet_available and kalite.stat.exists is defined and not kalite.stat.exists
when: internet_available and kalite.stat.exists is defined and not kalite.stat.exists
- name: Create iiab-kalite user and password F18
- name: Create iiab-kalite user and password (Fedora 18)
user: name={{ kalite_user }}
password={{ kalite_password_hash }}
update_password=on_create
- name: Create kalite_root directory F18
- name: Create kalite_root directory (Fedora 18)
file: path={{ kalite_root }}
owner=root
group=root
mode=0755
state=directory
- name: Copy the kalite repo into place F18
- name: Copy the KA Lite repo into place (Fedora 18)
command: "rsync -at {{ downloads_dir }}/ka-lite/ {{ kalite_root }}"
- name: Make kalite_user owner
@ -52,9 +52,9 @@
dest="{{ kalite_root }}/kalite/local_settings.py"
owner={{ kalite_user }}
group={{ kalite_user }}
mode=644
mode=0644
- name: Create kalite service(s) and support scripts
- name: Create kalite-serve & kalite-cron services, and iiab_cronservectl.sh
template: backup=no
src={{ item.src }}
dest={{ item.dest }}

45
roles/kalite/tasks/install.yml
View file

@ -1,6 +1,6 @@
# This is for an OS other than Fedora 18
- name: Install missing packages required for kalite startup
- name: Install missing packages required for KA Lite startup
package: name={{ item }}
state=present
with_items:
@ -8,24 +8,43 @@
- name: Grab the requirements file
get_url: url={{ kalite_requirements }} dest={{ pip_packages_dir }}/kalite.txt
when: internet_available
when: internet_available
- name: Install ka-lite dependencies with pip
pip: requirements={{ pip_packages_dir }}/kalite.txt
virtualenv={{ kalite_venv }}
virtualenv_site_packages=no
#- name: Install KA Lite non-static + reqs file with pip - (debuntu)
# pip: requirements={{ pip_packages_dir }}/kalite.txt
# virtualenv={{ kalite_venv }}
# virtualenv_site_packages=no
# extra_args="--no-cache-dir"
# extra_args="--disable-pip-version-check"
when: internet_available
# when: internet_available and is_debuntu
- name: Install ka-lite with pip
- name: Install KA Lite static with pip - (debuntu)
pip: name=ka-lite-static
version={{ kalite_version }}
virtualenv={{ kalite_venv }}
virtualenv_site_packages=no
extra_args="--no-cache-dir"
# extra_args="--disable-pip-version-check"
when: internet_available
when: internet_available and is_debuntu
- name: Default is to have cronserve started with kalite
#- name: Install KA Lite non-static + reqs file with pip - (OS's other than debuntu)
# pip: requirements={{ pip_packages_dir }}/kalite.txt
# virtualenv={{ kalite_venv }}
# virtualenv_site_packages=no
# extra_args="--no-cache-dir"
# extra_args="--disable-pip-version-check"
# when: internet_available and not is_debuntu
- name: Install KA Lite static with pip - (OS's other than debuntu)
pip: name=ka-lite-static
version={{ kalite_version }}
virtualenv={{ kalite_venv }}
virtualenv_site_packages=no
# extra_args="--no-cache-dir"
# extra_args="--disable-pip-version-check"
when: internet_available and not is_debuntu
- name: Default is to have cronserve started with KA Lite
set_fact:
job_scheduler_stanza: ""
@ -34,7 +53,7 @@
job_scheduler_stanza: "--skip-job-scheduler "
when: not kalite_cron_enabled
- name: Create kalite service(s) and support scripts
- name: Create 'kalite-serve' service, kalite.sh and kalite.conf
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
@ -44,9 +63,9 @@
with_items:
- { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'}
- { src: 'kalite.sh.j2', dest: '/etc/profile.d/kalite.sh', mode: '0644'}
- { src: 'kalite.conf', dest: '/etc/{{ apache_config_dir}}', mode: '0644'}
- { src: 'kalite.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
- name: Create symlink to kalite bin file in path
file: path=/usr/bin/kalite
src={{kalite_venv}}/bin/kalite
src={{ kalite_venv }}/bin/kalite
state=link

22
roles/kalite/tasks/main.yml
View file

@ -2,39 +2,39 @@
# Assume all XOs are F18 and nothing else is
- name: Calc kalite db file name F18
- name: Calc KA Lite db file name (Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite"
when: is_F18
- name: Calc kalite db file name
- name: Calc KA Lite db file name (OS's other than Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/database/data.sqlite"
when: not is_F18
- name: See if kalite is already configured
- name: See if KA Lite is already configured
stat: path="{{ kalite_db_name }}"
register: kalite_installed
- include: install-f18.yml
- include_tasks: install-f18.yml
when: not kalite_installed.stat.exists and is_F18
- include: install.yml
- include_tasks: install.yml
when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18
- name: ask systemd to reread the unit files
- name: Ask systemd to reread the unit files
shell: systemctl daemon-reload
when: not kalite_installed.stat.exists
- include: setup-f18.yml
- include_tasks: setup-f18.yml
when: not kalite_installed.stat.exists and is_F18
- include: setup.yml
- include_tasks: setup.yml
when: not kalite_installed.stat.exists and not is_F18
- include: enable.yml
- include_tasks: enable.yml
- name: Add kalite to service list
- name: Add 'kalite-serve' to service list
ini_file: dest='{{ service_filelist }}'
section=kalite
option='{{ item.option }}'
@ -43,7 +43,7 @@
- option: name
value: kalite
- option: description
value: '"KA-Lite is a server to present Khan Academy videos offline and to download them."'
value: '"KA Lite is a server to present Khan Academy videos offline and to download them."'
- option: path
value: "{{ kalite_root }}"
- option: server_name

4
roles/kalite/tasks/setup-f18.yml
View file

@ -1,11 +1,11 @@
# This is for Fedora 18, assumed to be an XO
- name: Run the setup using kalite manage F18
- name: Run the setup using 'kalite manage' (Fedora 18)
command: "/usr/bin/su {{ kalite_user }} -c '{{ kalite_root }}/bin/kalite manage setup --username={{ kalite_user }} --password={{ kalite_password }} --noinput'"
async: 900
poll: 10
- name: Finish setup by running kalite start F18
- name: Finish setup by running 'kalite start' (Fedora 18)
command: "/usr/bin/su {{ kalite_user }} -c '{{ kalite_root }}/bin/kalite start'"
async: 900
poll: 10

2
roles/kalite/tasks/setup.yml
View file

@ -7,7 +7,7 @@
mode=0755
state=directory
- name: Run the setup using kalite manage
- name: Run the setup using 'kalite manage'
command: "{{ kalite_program }} manage setup --username={{ kalite_admin_user }} --password={{ kalite_admin_password }} --noinput"
environment:
KALITE_HOME: "{{ kalite_root }}"

2
roles/kiwix/defaults/main.yml
View file

@ -5,6 +5,6 @@ iiab_zim_path: /library/zims
kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
kiwix_content_path: "{{ iiab_zim_path }}/content"
kiwix_install: True
kiwix_serve_enabled: False
kiwix_enabled: True
kiwix_content_found: False
kiwix_first_pass: False

40
roles/kiwix/tasks/kiwix_install.yml
View file

@ -1,4 +1,4 @@
- name: Create various directories for zims
- name: Create various directories for Kiwix's ZIM files
file: path={{ item }}
owner=root
group=root
@ -9,16 +9,16 @@
- "{{ kiwix_content_path }}"
- "{{ iiab_zim_path }}/index"
- name: Check for kiwix-serve binary
- name: Check for 'kiwix-serve' binary
stat: path={{ iiab_base }}/kiwix/bin/kiwix-serve
register: kiwix_bin
- name: Set kiwix first pass
- name: Set kiwix_first_pass
set_fact:
kiwix_first_pass: True
when: kiwix_bin.stat.exists is defined and not kiwix_bin.stat.exists
- name: Copy kiwix library file if needed
- name: Copy Kiwix library file if needed
template: src={{ item }}
dest="{{ kiwix_library_xml }}"
mode=0644
@ -47,14 +47,14 @@
group=root
when: not kiwix_src_bin_only and kiwix_first_pass
- name: Create directory for kiwix bin
- name: Create kiwix/bin directory
file: path="{{ iiab_base }}/kiwix/bin"
owner=root
group=root
mode=0755
state=directory
- name: enable the mods which permit apache to proxy
- name: Enable the mods which permit Apache to proxy
apache2_module: name={{ item }}
with_items:
- proxy
@ -63,7 +63,7 @@
- rewrite
when: is_debuntu
- name: Unarchive it to permanent location - bin only
- name: Unarchive Kiwix to permanent location - bin only
unarchive: src="{{ downloads_dir }}/{{ kiwix_src_file }}"
dest="{{ iiab_base }}/kiwix/bin"
owner=root
@ -71,25 +71,25 @@
when: kiwix_src_bin_only and kiwix_first_pass
# workaround because unarchive does not set ownership properly
- name: Set kiwix ownership
command: "chown -R root:root {{ iiab_base }}"
- name: "Set ownership: 'chown -R root:root /opt/iiab/kiwix'"
command: "chown -R root:root {{ iiab_base }}/kiwix"
# workaround because kiwix-serve does not stay running
- name: Make an entry in crontab to restart every hour
- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu)
# * * * * * user-name command to be executed
lineinfile: line="15 * * * * root /bin/systemctl restart kiwix-serve.service"
lineinfile: line="0 4 * * * root /bin/systemctl restart kiwix-serve.service"
dest=/etc/crontab
when: is_debuntu
- name: Make an entry in crontab to restart every hour
- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat)
# * * * * * user-name command to be executed
lineinfile: line="15 * * * * root /usr/bin/systemctl restart kiwix-serve.service"
lineinfile: line="0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service"
dest=/etc/crontab
when: is_redhat
# Create kiwix service
- name: Create kiwix-serve service
- name: Create 'kiwix-serve' service
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
@ -105,7 +105,7 @@
- { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'}
- name: add kiwix to service list
- name: Add 'kiwix-serve' to list of services
ini_file: dest='{{ service_filelist }}'
section=kiwix-serve
option='{{ item.option }}'
@ -128,16 +128,16 @@
- option: kiwix_content_path
value: "{{ kiwix_content_path }}"
- option: enabled
value: "{{ kiwix_serve_enabled }}"
value: "{{ kiwix_enabled }}"
- name: Enable kiwix-serve service
- name: Enable 'kiwix-serve' service
service: name=kiwix-serve
enabled=yes
state=restarted
when: kiwix_serve_enabled
when: kiwix_enabled
- name: Disable kiwix-serve service
- name: Disable 'kiwix-serve' service
service: name=kiwix-serve
enabled=no
state=stopped
when: not kiwix_serve_enabled
when: not kiwix_enabled

10
roles/kiwix/tasks/main.yml
View file

@ -1,4 +1,3 @@
#- name: Set kiwix source file name i686
# set_fact:
# kiwix_src_file: "kiwix-linux-i686.tar.bz2"
@ -7,25 +6,24 @@
- name: Set kiwix source file name x86_64
set_fact:
kiwix_src_file: "kiwix-tools_linux64_2017-09-28.tar.gz"
kiwix_src_file: "kiwix-tools_linux64_2017-10-25.tar.gz"
kiwix_src_bin_only: True
when: ansible_machine == "x86_64"
- name: Set kiwix source file name armv7l
set_fact:
kiwix_src_file: "kiwix-tools_armhf_2017-09-28.tar.gz"
kiwix_src_file: "kiwix-tools_armhf_2017-10-25.tar.gz"
kiwix_src_bin_only: True
when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
- name: Get the kiwix software
- name: Get the Kiwix software
get_url: url="{{ iiab_download_url }}/{{ kiwix_src_file }}" dest="{{ downloads_dir }}/{{ kiwix_src_file }}"
when: internet_available
- include: kiwix_install.yml
- include_tasks: kiwix_install.yml
when: kiwix_src_file is defined
tags:
- kiwix
- debug: msg="WARNING kiwix source is not defined for your platform"
when: not kiwix_src_file

Some files were not shown because too many files have changed in this diff Show more