Tighten up 0-init, 1-prep etc for understandability

2025-02-12 11:12:06 +00:00 · 2021-07-30 04:01:12 -04:00 · 2021-07-30 04:01:12 -04:00 · 66ebc95dfe
commit 66ebc95dfe
parent d6dc25c618
15 changed files with 197 additions and 143 deletions
--- a/roles/0-init/tasks/create_iiab_ini.yml
+++ b/roles/0-init/tasks/create_iiab_ini.yml
--- a/roles/0-init/tasks/first_run.yml
+++ b/roles/0-init/tasks/first_run.yml
@ -1,2 +0,0 @@
- name: Create {{ iiab_ini_file }}
-  include_tasks: iiab_ini.yml
--- a/roles/0-init/tasks/hostname.yml
+++ b/roles/0-init/tasks/hostname.yml
@ -1,28 +1,27 @@
- name: Does /etc/cloud/cloud.cfg exist i.e. is this ubuntu-18 server?
+- name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ?
  stat:
    path: /etc/cloud/cloud.cfg
-  register: U18_server
+  register: cloudcfg_test

- name: 'Put "preserve_hostname: true" in /etc/cloud/cloud.cfg (ubuntu-18 server)'
+- name: "If so, ensure 'preserve_hostname: true' is in /etc/cloud/cloud.cfg"
  lineinfile:
    path: /etc/cloud/cloud.cfg
    regexp: '^preserve_hostname*'
    line: 'preserve_hostname: true'
    state: present
-  when: U18_server is defined and U18_server.stat.exists
+  when: cloudcfg_test.stat.exists

- name: 'Turn the crank for systemd: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" (debuntu)'
-  shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
-  when: is_debuntu
+- name: 'Turn the crank for systemd: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"'
+  command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"

- name: Install /etc/sysconfig/network from template (redhat)
-  template:
-    src: roles/network/templates/network/sysconfig.network.j2
-    dest: /etc/sysconfig/network
-    owner: root
-    group: root
-    mode: 0644
-  when: is_redhat
+#- name: Install /etc/sysconfig/network from template (redhat)
+#  template:
+#    src: roles/network/templates/network/sysconfig.network.j2
+#    dest: /etc/sysconfig/network
+#    owner: root
+#    group: root
+#    mode: 0644
+#  when: is_redhat

 # roles/network/tasks/hosts.yml [no longer in use] ALSO did this:
 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"'
@ -30,9 +29,9 @@
    path: /etc/hosts
    regexp: '^127\.0\.0\.1'
    line: '127.0.0.1     {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan'
-    owner: root
-    group: root
-    mode: 0644
+    #owner: root
+    #group: root
+    #mode: 0644

 #- name: Re-configuring httpd - not initial install
 #  include_tasks: roles/httpd/tasks/main.yml
--- a/roles/0-init/tasks/main.yml
+++ b/roles/0-init/tasks/main.yml
@ -1,25 +1,39 @@
 # Initialize
+
 - name: ...IS BEGINNING ============================================
  stat:
-    path: "{{ iiab_env_file }}"
-  register: NewInstall
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+  register: iiab_ini_test

- name: Set first_run flag
-  set_fact:
-    first_run: True
-  when: not NewInstall.stat.exists
-
- name: Set top-level variables from local_facts for convenience
+# Higher-level purpose explained at the bottom of:
+# https://github.com/iiab/iiab/blob/master/vars/default_vars.yml
+- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set vars -- here we extract 3 of those 11 -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, xo_model: {{ ansible_local.local_facts.xo_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}"
  set_fact:
    rpi_model: "{{ ansible_local.local_facts.rpi_model }}"
    xo_model: "{{ ansible_local.local_facts.xo_model }}"
    iiab_stage: "{{ ansible_local.local_facts.stage }}"

-# We need to inialize the ini file and only write the location and version
-# sections once and only once to preserve the install date and git hash.
- name: Create IIAB tools and {{ iiab_ini_file }}, if first_run
-  include_tasks: first_run.yml
-  when: first_run
+# Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections
+# once and only once, to preserve the install date and git hash.
+- name: Create {{ iiab_ini_file }}, if it doesn't exist
+  include_tasks: create_iiab_ini.yml
+  when: not iiab_ini_test.stat.exists
+
+# 2021-07-30: The 'first_run' flag isn't much used anymore.  In theory it's
+# still used in these 2 places:
+#   (1) roles/1-prep/tasks/main.yml for raspberry_pi.yml
+#   (2) roles/network/tasks/named.yml for "Stop named before copying files"
+# In practice however, it's no longer important, and might be reconsidered?
+- name: Set first_run flag
+  set_fact:
+    first_run: True
+  when: not iiab_ini_test.stat.exists
+
+# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*)
+#- name: Re-read local_facts.facts from /etc/ansible/facts.d
+#  setup:
+#    filter: ansible_local
+

 # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can
 # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk).
@ -29,90 +43,26 @@
    dest: /usr/bin/
    mode: '0755'

- name: Create globally-writable directory /etc/iiab/diag so non-root users can run iiab-diagnostics
+- name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics'
  file:
    state: directory
    path: /etc/iiab/diag
    mode: '0777'

-# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*)
-#- name: Re-read local_facts.facts from /etc/ansible/facts.d
-#  setup:
-#    filter: ansible_local

 - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values.  Also checks that "XYZ_install" is True when "XYZ_installed" is defined.
  include_tasks: validate_vars.yml

-# Discover: do we have a gateway?
-# If Ansible detects gateway, becomes WAN candidate.
- name: "Do we have a gateway? If so set discovered_wan_iface: {{ ansible_default_ipv4.alias }}"
-  set_fact:
-    discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
-  when: ansible_default_ipv4.gateway is defined
-
- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }}"
-  shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
-  when: discovered_wan_iface != "none"
-  register: gw_active_test
-
- name: If so, set gw_active, iiab_wan_iface to {{ discovered_wan_iface }}
-  set_fact:
-    iiab_wan_iface: "{{ discovered_wan_iface }}"
-    gw_active: True
-  when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
-
- name: Test with {{ iiab_wan_iface }} for Internet access ({{ iiab_download_url }}/heart-beat.txt)
-  get_url:
-    url: "{{ iiab_download_url }}/heart-beat.txt"
-    dest: /tmp/heart-beat.txt
-    #timeout: "{{ download_timeout }}"
-    # @jvonau recommends: 100sec is too much (keep 10sec default)
-  ignore_errors: True
-  #async: 10
-  #poll: 2
-  register: internet_access_test
-
- name: Set internet_available if download succeeded and not disregard_network
-  set_fact:
-    internet_available: True
-  when: not internet_access_test.failed and not disregard_network
-
- name: Remove downloaded Internet test file /tmp/heart-beat.txt
-  file:
-    path: /tmp/heart-beat.txt
-    state: absent
-
-# Put all computed vars here so derive properly from any prior var file.
- name: If the TZ is not set in env, set it to UTC
+- name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?"
  include_tasks: tz.yml

- name: Set port 80 for Admin Console if not adm_cons_force_ssl
-  set_fact:
-    gui_port: 80
-  when: not adm_cons_force_ssl
+- name: Test Gateway + Test Internet + Set new hostname if nec + Set 'gui_port' to 80 or 443 for Admin Console
+  include_tasks: network.yml

- name: Set port 443 for Admin Console if adm_cons_force_ssl
-  set_fact:
-    gui_port: 443
-  when: adm_cons_force_ssl
-
- name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}"
-  set_fact:
-    iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
-    FQDN_changed: False
-
- name: Set FQDN_changed when iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})
-  set_fact:
-    FQDN_changed: True
-  when: iiab_fqdn != ansible_fqdn
-
- name: Set hostname if FQDN_changed
-  include_tasks: hostname.yml
-  when: FQDN_changed

 - name: Add 'runtime' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: runtime
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
@ -137,9 +87,6 @@
      value: "{{ ansible_memtotal_mb }}"
    - option: swap_mb
      value: "{{ ansible_swaptotal_mb }}"
-    # 2021-01-28: Non-existent var, so fails with ansible-base 2.10.5 (#2669)
-    #- option: product_id
-    #  value: "{{ ansible_product_uuid }}"
    - option: gw_active
      value: "{{ gw_active }}"
    - option: internet_available
@ -148,8 +95,10 @@
      value: "{{ rpi_model }}"
    - option: first_run
      value: "{{ first_run }}"
-    - option: local_tz
+    - option: local_tz    # e.g. EDT after Ansible interprets /etc/localtime below
      value: "{{ local_tz }}"
+    - option: etc_localtime.stdout    # e.g. America/New_York
+      value: "{{ etc_localtime.stdout }}"
    - option: no_NM_reload
      value: "{{ no_NM_reload }}"
    - option: is_F18
@ -159,7 +108,7 @@

 - name: Add 'runtime' variable 'is_VM' value if defined, to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: runtime
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
@ -169,4 +118,4 @@
  when: is_VM is defined

 - name: STAGE 0 HAS COMPLETED ======================================
-  command: echo    # "name: XYZ" fails to appear with "meta: noop"
+  meta: noop    # Or use "command: echo" to force instantiation of vars e.g. "name: {{ var }}"
--- a/roles/0-init/tasks/network.yml
+++ b/roles/0-init/tasks/network.yml
@ -0,0 +1,67 @@
+- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here...
+  debug:
+    var: ansible_default_ipv4
+
+- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias"
+  set_fact:
+    discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
+  when: ansible_default_ipv4.gateway is defined
+
+- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway"
+  shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
+  register: gw_active_test
+  when: discovered_wan_iface != "none"
+
+- name: "If so, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface"
+  set_fact:
+    iiab_wan_iface: "{{ discovered_wan_iface }}"
+    gw_active: True
+  when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
+
+
+- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt'
+  get_url:
+    url: "{{ iiab_download_url }}/heart-beat.txt"
+    dest: /tmp/heart-beat.txt
+    #timeout: "{{ download_timeout }}"
+    # @jvonau recommends: 100sec is too much (keep 10sec default)
+  ignore_errors: True
+  #async: 10
+  #poll: 2
+  register: internet_access_test
+
+- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network"
+  set_fact:
+    internet_available: True    # Initialized to 'False' in 0-init/defaults/main.yml
+  when: not internet_access_test.failed and not disregard_network
+
+- name: Remove downloaded Internet test file /tmp/heart-beat.txt
+  file:
+    path: /tmp/heart-beat.txt
+    state: absent
+
+
+- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'"
+  set_fact:
+    iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
+    FQDN_changed: False
+
+- name: "Set 'FQDN_changed: True' when iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})"
+  set_fact:
+    FQDN_changed: True
+  when: iiab_fqdn != ansible_fqdn
+
+- name: Set hostname if FQDN_changed
+  include_tasks: hostname.yml
+  when: FQDN_changed
+
+
+- name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl"
+  set_fact:
+    gui_port: 80
+  when: not adm_cons_force_ssl    # 2021-07-30: default_vars.yml initializes 'adm_cons_force_ssl: False'
+
+- name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl"
+  set_fact:
+    gui_port: 443
+  when: adm_cons_force_ssl
--- a/roles/0-init/tasks/tz.yml
+++ b/roles/0-init/tasks/tz.yml
@ -1,32 +1,70 @@
- name: Check if the TZ is not already set via /etc/localtime - Can Fail
-  shell: readlink /etc/localtime | awk -F "zoneinfo/" '{print $2}'
-  register: TZ_set
-  ignore_errors: True
+- name: "'local_tz: {{ local_tz }}' was set by ansible_date_time.tz in /opt/iiab/iiab/vars/default_vars.yml -- e.g. if Ansible finds symlink /etc/localtime -> ../usr/share/zoneinfo/America/New_York -- it will simplify that to 'EDT' (in the summer) or 'EST' (in the winter)"
+  command: echo

- name: Set local and iiab TZ to UTC if /etc/localtime is not set
-  set_fact:
-    local_tz: "UTC"
-    iiab_TZ: "UTC"
-  when: TZ_set.stdout == ""
+- name: "Create symlink /etc/localtime if it doesn't exist, by running 'timedatectl set-timezone UTC' -- THIS ALL MIGHT NO LONGER BE NEC IN 2021, AS ANSIBLE CORRECTLY NOW INTERPRETS THE ABSENCE OF /etc/localtime AS 'UTC' -- PER https://www.freedesktop.org/software/systemd/man/localtime.html"
+  command: timedatectl set-timezone UTC
+  args:
+    creates: /etc/localtime

- name: Override ansible on timezone if TZ set
-  set_fact:
-    local_tz: "{{ TZ_set.stdout }}"
-  when: TZ_set.stdout != ""
+- name: Symlink /etc/localtime points to which TZ?
+  shell: readlink /etc/localtime | awk -F "zoneinfo/" '{print $2}'    # Overall shell command always completes (return code 0) even when /etc/localtime is missing -- due to the '|' pipe
+  register: etc_localtime

- name: Using iiab TZ for local TZ
-  set_fact:
-    local_tz: "{{ iiab_TZ }}"
-  when: iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
+- name: "/etc/localtime now specifies: {{ etc_localtime.stdout }}"
+  command: echo    # 'meta: noop' is not enough to force var instantiation above

- name: Set default Timezone from iiab TZ (debuntu)
-  shell: timedatectl set-timezone {{ iiab_TZ }}
-  when: is_debuntu and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"

- name: Set default Timezone from iiab TZ (redhat)
-  file:
-    path: /etc/localtime
-    src: "/usr/share/zoneinfo/{{ iiab_TZ }}"
-    force: yes
-    state: link
-  when: is_redhat and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
+#- name: Check for a /etc/localtime symlink to TZ - NEVER FAILS DUE TO PIPE
+#  shell: readlink /etc/localtime | awk -F "zoneinfo/" '{print $2}'
+#  register: tz_set
+
+#- debug:
+#    var: tz_set
+
+#- name: "If /etc/localtime specified TZ, set 'local_tz: {{ tz_set.stdout }}' overriding the value Ansible set via /etc/iiab/default_vars.yml"
+#  set_fact:
+#    local_tz: "{{ tz_set.stdout }}"
+#  when: tz_set.stdout != ""
+
+#- name: "If not, run 'timedatectl set-timezone UTC' and..."
+#  command: timedatectl set-timezone UTC
+#  when: tz_set.stdout == ""
+
+#- name: "...also set 'local_tz: UTC'"
+#  set_fact:
+#    local_tz: UTC
+#  when: tz_set.stdout == ""
+
+
+#- name: Check if the TZ is not already set via /etc/localtime - Can Fail
+#  shell: readlink /etc/localtime | awk -F "zoneinfo/" '{print $2}'
+#  register: TZ_set
+#  ignore_errors: True
+
+#- name: Set local and iiab TZ to UTC if /etc/localtime is not set
+#  set_fact:
+#    local_tz: "UTC"
+#    iiab_TZ: "UTC"
+#  when: TZ_set.stdout == ""
+
+#- name: Override ansible on timezone if TZ set
+#  set_fact:
+#    local_tz: "{{ TZ_set.stdout }}"
+#  when: TZ_set.stdout != ""
+
+#- name: Using iiab TZ for local TZ
+#  set_fact:
+#    local_tz: "{{ iiab_TZ }}"
+#  when: iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
+
+#- name: Set default Timezone from iiab TZ (debuntu)
+#  shell: timedatectl set-timezone {{ iiab_TZ }}
+#  when: is_debuntu and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
+
+#- name: Set default Timezone from iiab TZ (redhat)
+#  file:
+#    path: /etc/localtime
+#    src: "/usr/share/zoneinfo/{{ iiab_TZ }}"
+#    force: yes
+#    state: link
+#  when: is_redhat and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
--- a/roles/1-prep/tasks/main.yml
+++ b/roles/1-prep/tasks/main.yml
@ -1,7 +1,7 @@
 # Preparations (Hardware Level)

 - name: ...IS BEGINNING ============================================
-  command: echo
+  meta: noop

 - name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
  include_tasks: roles/network/tasks/dnsmasq.yml
--- a/roles/1-prep/tasks/raspberry_pi.yml
+++ b/roles/1-prep/tasks/raspberry_pi.yml
@ -63,7 +63,7 @@

 - name: Restart swap service "dphys-swapfile"
  #command: /etc/init.d/dphys-swapfile restart
-  service:    # A rare/legacy service that is NOT systemd
+  systemd:    # Had been...a rare/legacy service that was NOT systemd
    name: dphys-swapfile
    state: restarted

--- a/roles/3-base-server/tasks/main.yml
+++ b/roles/3-base-server/tasks/main.yml
@ -1,7 +1,7 @@
 # Base Server

 - name: ...IS BEGINNING =====================================
-  command: echo
+  meta: noop

 - name: MYSQL + CORE PHP
  include_role:
--- a/roles/5-xo-services/tasks/main.yml
+++ b/roles/5-xo-services/tasks/main.yml
@ -1,7 +1,7 @@
 # XO Services

 - name: ...IS BEGINNING =====================================
-  command: echo
+  meta: noop

 # UNMAINTAINED
 - name: ACTIVITY-SERVER
--- a/roles/6-generic-apps/tasks/main.yml
+++ b/roles/6-generic-apps/tasks/main.yml
@ -1,7 +1,7 @@
 # Generic Apps

 - name: ...IS BEGINNING ====================================
-  command: echo
+  meta: noop

 # UNMAINTAINED
 - name: AZURACAST
--- a/roles/7-edu-apps/tasks/main.yml
+++ b/roles/7-edu-apps/tasks/main.yml
@ -1,7 +1,7 @@
 # Educational Apps

 - name: ...IS BEGINNING ========================================
-  command: echo
+  meta: noop

 - name: KALITE
  include_role:
--- a/roles/8-mgmt-tools/tasks/main.yml
+++ b/roles/8-mgmt-tools/tasks/main.yml
@ -1,7 +1,7 @@
 # Administration and Monitoring/Assessment Tools

 - name: ...IS BEGINNING ======================================
-  command: echo
+  meta: noop

 - name: TRANSMISSION
  include_role:
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@ -1,7 +1,7 @@
 # Local Add-ons

 - name: ...IS BEGINNING ====================================
-  command: echo
+  meta: noop

 - name: INTERNETARCHIVE
  include_role:
--- a/scripts/local_facts.fact
+++ b/scripts/local_facts.fact
@ -1,5 +1,8 @@
 #!/bin/bash

+# Higher-level purpose explained at the bottom of:
+# https://github.com/iiab/iiab/blob/master/vars/default_vars.yml
+
 # 2020-10-27: Most of the 11 variables require a command[*] to be run to
 # establish the var's value.  WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE.
 #