Tighten up 0-init, 1-prep etc for understandability

2025-02-14 12:12:12 +00:00 · 2021-07-30 04:01:12 -04:00 · 2021-07-30 04:01:12 -04:00 · 66ebc95dfe
commit 66ebc95dfe
parent d6dc25c618
15 changed files with 197 additions and 143 deletions
--- a/roles/0-init/tasks/create_iiab_ini.yml
+++ b/roles/0-init/tasks/create_iiab_ini.yml
--- a/roles/0-init/tasks/first_run.yml
+++ b/roles/0-init/tasks/first_run.yml
@ -1,2 +0,0 @@
 - name: Create {{ iiab_ini_file }}
  include_tasks: iiab_ini.yml
--- a/roles/0-init/tasks/hostname.yml
+++ b/roles/0-init/tasks/hostname.yml
@ -1,28 +1,27 @@
- name: Does /etc/cloud/cloud.cfg exist i.e. is this ubuntu-18 server?
+- name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ?
  stat:
    path: /etc/cloud/cloud.cfg
-  register: U18_server
+  register: cloudcfg_test
- name: 'Put "preserve_hostname: true" in /etc/cloud/cloud.cfg (ubuntu-18 server)'
+- name: "If so, ensure 'preserve_hostname: true' is in /etc/cloud/cloud.cfg"
  lineinfile:
    path: /etc/cloud/cloud.cfg
    regexp: '^preserve_hostname*'
    line: 'preserve_hostname: true'
    state: present
-  when: U18_server is defined and U18_server.stat.exists
+  when: cloudcfg_test.stat.exists
- name: 'Turn the crank for systemd: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" (debuntu)'
+- name: 'Turn the crank for systemd: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"'
-  shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
+  command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
  when: is_debuntu
- name: Install /etc/sysconfig/network from template (redhat)
+#- name: Install /etc/sysconfig/network from template (redhat)
-  template:
+#  template:
-    src: roles/network/templates/network/sysconfig.network.j2
+#    src: roles/network/templates/network/sysconfig.network.j2
-    dest: /etc/sysconfig/network
+#    dest: /etc/sysconfig/network
-    owner: root
+#    owner: root
-    group: root
+#    group: root
-    mode: 0644
+#    mode: 0644
-  when: is_redhat
+#  when: is_redhat
 # roles/network/tasks/hosts.yml [no longer in use] ALSO did this:
 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"'
@ -30,9 +29,9 @@
    path: /etc/hosts
    regexp: '^127\.0\.0\.1'
    line: '127.0.0.1     {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan'
-    owner: root
+    #owner: root
-    group: root
+    #group: root
-    mode: 0644
+    #mode: 0644
 #- name: Re-configuring httpd - not initial install
 #  include_tasks: roles/httpd/tasks/main.yml
--- a/roles/0-init/tasks/main.yml
+++ b/roles/0-init/tasks/main.yml
@ -1,25 +1,39 @@
 # Initialize
 - name: ...IS BEGINNING ============================================
  stat:
-    path: "{{ iiab_env_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
-  register: NewInstall
+  register: iiab_ini_test
- name: Set first_run flag
+# Higher-level purpose explained at the bottom of:
-  set_fact:
+# https://github.com/iiab/iiab/blob/master/vars/default_vars.yml
-    first_run: True
+- name: "Ansible just ran /etc/ansible/facts.d/local_facts.fact to set vars -- here we extract 3 of those 11 -- rpi_model: {{ ansible_local.local_facts.rpi_model }}, xo_model: {{ ansible_local.local_facts.xo_model }}, iiab_stage: {{ ansible_local.local_facts.stage }}"
  when: not NewInstall.stat.exists
 - name: Set top-level variables from local_facts for convenience
  set_fact:
    rpi_model: "{{ ansible_local.local_facts.rpi_model }}"
    xo_model: "{{ ansible_local.local_facts.xo_model }}"
    iiab_stage: "{{ ansible_local.local_facts.stage }}"
-# We need to inialize the ini file and only write the location and version
+# Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections
-# sections once and only once to preserve the install date and git hash.
+# once and only once, to preserve the install date and git hash.
- name: Create IIAB tools and {{ iiab_ini_file }}, if first_run
+- name: Create {{ iiab_ini_file }}, if it doesn't exist
-  include_tasks: first_run.yml
+  include_tasks: create_iiab_ini.yml
-  when: first_run
+  when: not iiab_ini_test.stat.exists
 # 2021-07-30: The 'first_run' flag isn't much used anymore.  In theory it's
 # still used in these 2 places:
 #   (1) roles/1-prep/tasks/main.yml for raspberry_pi.yml
 #   (2) roles/network/tasks/named.yml for "Stop named before copying files"
 # In practice however, it's no longer important, and might be reconsidered?
 - name: Set first_run flag
  set_fact:
    first_run: True
  when: not iiab_ini_test.stat.exists
 # 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*)
 #- name: Re-read local_facts.facts from /etc/ansible/facts.d
 #  setup:
 #    filter: ansible_local
 # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can
 # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk).
@ -29,90 +43,26 @@
    dest: /usr/bin/
    mode: '0755'
- name: Create globally-writable directory /etc/iiab/diag so non-root users can run iiab-diagnostics
+- name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics'
  file:
    state: directory
    path: /etc/iiab/diag
    mode: '0777'
 # 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*)
 #- name: Re-read local_facts.facts from /etc/ansible/facts.d
 #  setup:
 #    filter: ansible_local
 - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values.  Also checks that "XYZ_install" is True when "XYZ_installed" is defined.
  include_tasks: validate_vars.yml
-# Discover: do we have a gateway?
+- name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?"
 # If Ansible detects gateway, becomes WAN candidate.
 - name: "Do we have a gateway? If so set discovered_wan_iface: {{ ansible_default_ipv4.alias }}"
  set_fact:
    discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
  when: ansible_default_ipv4.gateway is defined
 - name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }}"
  shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
  when: discovered_wan_iface != "none"
  register: gw_active_test
 - name: If so, set gw_active, iiab_wan_iface to {{ discovered_wan_iface }}
  set_fact:
    iiab_wan_iface: "{{ discovered_wan_iface }}"
    gw_active: True
  when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
 - name: Test with {{ iiab_wan_iface }} for Internet access ({{ iiab_download_url }}/heart-beat.txt)
  get_url:
    url: "{{ iiab_download_url }}/heart-beat.txt"
    dest: /tmp/heart-beat.txt
    #timeout: "{{ download_timeout }}"
    # @jvonau recommends: 100sec is too much (keep 10sec default)
  ignore_errors: True
  #async: 10
  #poll: 2
  register: internet_access_test
 - name: Set internet_available if download succeeded and not disregard_network
  set_fact:
    internet_available: True
  when: not internet_access_test.failed and not disregard_network
 - name: Remove downloaded Internet test file /tmp/heart-beat.txt
  file:
    path: /tmp/heart-beat.txt
    state: absent
 # Put all computed vars here so derive properly from any prior var file.
 - name: If the TZ is not set in env, set it to UTC
  include_tasks: tz.yml
- name: Set port 80 for Admin Console if not adm_cons_force_ssl
+- name: Test Gateway + Test Internet + Set new hostname if nec + Set 'gui_port' to 80 or 443 for Admin Console
-  set_fact:
+  include_tasks: network.yml
    gui_port: 80
  when: not adm_cons_force_ssl
 - name: Set port 443 for Admin Console if adm_cons_force_ssl
  set_fact:
    gui_port: 443
  when: adm_cons_force_ssl
 - name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}"
  set_fact:
    iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
    FQDN_changed: False
 - name: Set FQDN_changed when iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})
  set_fact:
    FQDN_changed: True
  when: iiab_fqdn != ansible_fqdn
 - name: Set hostname if FQDN_changed
  include_tasks: hostname.yml
  when: FQDN_changed
 - name: Add 'runtime' variable values to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: runtime
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
@ -137,9 +87,6 @@
      value: "{{ ansible_memtotal_mb }}"
    - option: swap_mb
      value: "{{ ansible_swaptotal_mb }}"
    # 2021-01-28: Non-existent var, so fails with ansible-base 2.10.5 (#2669)
    #- option: product_id
    #  value: "{{ ansible_product_uuid }}"
    - option: gw_active
      value: "{{ gw_active }}"
    - option: internet_available
@ -148,8 +95,10 @@
      value: "{{ rpi_model }}"
    - option: first_run
      value: "{{ first_run }}"
-    - option: local_tz
+    - option: local_tz    # e.g. EDT after Ansible interprets /etc/localtime below
      value: "{{ local_tz }}"
    - option: etc_localtime.stdout    # e.g. America/New_York
      value: "{{ etc_localtime.stdout }}"
    - option: no_NM_reload
      value: "{{ no_NM_reload }}"
    - option: is_F18
@ -159,7 +108,7 @@
 - name: Add 'runtime' variable 'is_VM' value if defined, to {{ iiab_ini_file }}
  ini_file:
-    dest: "{{ iiab_ini_file }}"
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: runtime
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
@ -169,4 +118,4 @@
  when: is_VM is defined
 - name: STAGE 0 HAS COMPLETED ======================================
-  command: echo    # "name: XYZ" fails to appear with "meta: noop"
+  meta: noop    # Or use "command: echo" to force instantiation of vars e.g. "name: {{ var }}"
--- a/roles/0-init/tasks/network.yml
+++ b/roles/0-init/tasks/network.yml
@ -0,0 +1,67 @@
 - name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here...
  debug:
    var: ansible_default_ipv4
 - name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias"
  set_fact:
    discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
  when: ansible_default_ipv4.gateway is defined
 - name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway"
  shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
  register: gw_active_test
  when: discovered_wan_iface != "none"
 - name: "If so, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface"
  set_fact:
    iiab_wan_iface: "{{ discovered_wan_iface }}"
    gw_active: True
  when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
 - name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt'
  get_url:
    url: "{{ iiab_download_url }}/heart-beat.txt"
    dest: /tmp/heart-beat.txt
    #timeout: "{{ download_timeout }}"
    # @jvonau recommends: 100sec is too much (keep 10sec default)
  ignore_errors: True
  #async: 10
  #poll: 2
  register: internet_access_test
 - name: "Set 'internet_available: True' if above download succeeded AND not disregard_network"
  set_fact:
    internet_available: True    # Initialized to 'False' in 0-init/defaults/main.yml
  when: not internet_access_test.failed and not disregard_network
 - name: Remove downloaded Internet test file /tmp/heart-beat.txt
  file:
    path: /tmp/heart-beat.txt
    state: absent
 - name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'"
  set_fact:
    iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
    FQDN_changed: False
 - name: "Set 'FQDN_changed: True' when iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})"
  set_fact:
    FQDN_changed: True
  when: iiab_fqdn != ansible_fqdn
 - name: Set hostname if FQDN_changed
  include_tasks: hostname.yml
  when: FQDN_changed
 - name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl"
  set_fact:
    gui_port: 80
  when: not adm_cons_force_ssl    # 2021-07-30: default_vars.yml initializes 'adm_cons_force_ssl: False'
 - name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl"
  set_fact:
    gui_port: 443
  when: adm_cons_force_ssl
--- a/roles/0-init/tasks/tz.yml
+++ b/roles/0-init/tasks/tz.yml
@ -1,32 +1,70 @@
- name: Check if the TZ is not already set via /etc/localtime - Can Fail
+- name: "'local_tz: {{ local_tz }}' was set by ansible_date_time.tz in /opt/iiab/iiab/vars/default_vars.yml -- e.g. if Ansible finds symlink /etc/localtime -> ../usr/share/zoneinfo/America/New_York -- it will simplify that to 'EDT' (in the summer) or 'EST' (in the winter)"
-  shell: readlink /etc/localtime | awk -F "zoneinfo/" '{print $2}'
+  command: echo
  register: TZ_set
  ignore_errors: True
- name: Set local and iiab TZ to UTC if /etc/localtime is not set
+- name: "Create symlink /etc/localtime if it doesn't exist, by running 'timedatectl set-timezone UTC' -- THIS ALL MIGHT NO LONGER BE NEC IN 2021, AS ANSIBLE CORRECTLY NOW INTERPRETS THE ABSENCE OF /etc/localtime AS 'UTC' -- PER https://www.freedesktop.org/software/systemd/man/localtime.html"
-  set_fact:
+  command: timedatectl set-timezone UTC
-    local_tz: "UTC"
+  args:
-    iiab_TZ: "UTC"
+    creates: /etc/localtime
  when: TZ_set.stdout == ""
- name: Override ansible on timezone if TZ set
+- name: Symlink /etc/localtime points to which TZ?
-  set_fact:
+  shell: readlink /etc/localtime | awk -F "zoneinfo/" '{print $2}'    # Overall shell command always completes (return code 0) even when /etc/localtime is missing -- due to the '|' pipe
-    local_tz: "{{ TZ_set.stdout }}"
+  register: etc_localtime
  when: TZ_set.stdout != ""
- name: Using iiab TZ for local TZ
+- name: "/etc/localtime now specifies: {{ etc_localtime.stdout }}"
-  set_fact:
+  command: echo    # 'meta: noop' is not enough to force var instantiation above
    local_tz: "{{ iiab_TZ }}"
  when: iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
 - name: Set default Timezone from iiab TZ (debuntu)
  shell: timedatectl set-timezone {{ iiab_TZ }}
  when: is_debuntu and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
- name: Set default Timezone from iiab TZ (redhat)
+#- name: Check for a /etc/localtime symlink to TZ - NEVER FAILS DUE TO PIPE
-  file:
+#  shell: readlink /etc/localtime | awk -F "zoneinfo/" '{print $2}'
-    path: /etc/localtime
+#  register: tz_set
-    src: "/usr/share/zoneinfo/{{ iiab_TZ }}"
+
-    force: yes
+#- debug:
-    state: link
+#    var: tz_set
-  when: is_redhat and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
+
 #- name: "If /etc/localtime specified TZ, set 'local_tz: {{ tz_set.stdout }}' overriding the value Ansible set via /etc/iiab/default_vars.yml"
 #  set_fact:
 #    local_tz: "{{ tz_set.stdout }}"
 #  when: tz_set.stdout != ""
 #- name: "If not, run 'timedatectl set-timezone UTC' and..."
 #  command: timedatectl set-timezone UTC
 #  when: tz_set.stdout == ""
 #- name: "...also set 'local_tz: UTC'"
 #  set_fact:
 #    local_tz: UTC
 #  when: tz_set.stdout == ""
 #- name: Check if the TZ is not already set via /etc/localtime - Can Fail
 #  shell: readlink /etc/localtime | awk -F "zoneinfo/" '{print $2}'
 #  register: TZ_set
 #  ignore_errors: True
 #- name: Set local and iiab TZ to UTC if /etc/localtime is not set
 #  set_fact:
 #    local_tz: "UTC"
 #    iiab_TZ: "UTC"
 #  when: TZ_set.stdout == ""
 #- name: Override ansible on timezone if TZ set
 #  set_fact:
 #    local_tz: "{{ TZ_set.stdout }}"
 #  when: TZ_set.stdout != ""
 #- name: Using iiab TZ for local TZ
 #  set_fact:
 #    local_tz: "{{ iiab_TZ }}"
 #  when: iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
 #- name: Set default Timezone from iiab TZ (debuntu)
 #  shell: timedatectl set-timezone {{ iiab_TZ }}
 #  when: is_debuntu and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
 #- name: Set default Timezone from iiab TZ (redhat)
 #  file:
 #    path: /etc/localtime
 #    src: "/usr/share/zoneinfo/{{ iiab_TZ }}"
 #    force: yes
 #    state: link
 #  when: is_redhat and iiab_TZ is defined and iiab_TZ != "" and iiab_TZ != "TZ_set.stdout"
--- a/roles/1-prep/tasks/main.yml
+++ b/roles/1-prep/tasks/main.yml
@ -1,7 +1,7 @@
 # Preparations (Hardware Level)
 - name: ...IS BEGINNING ============================================
-  command: echo
+  meta: noop
 - name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
  include_tasks: roles/network/tasks/dnsmasq.yml
--- a/roles/1-prep/tasks/raspberry_pi.yml
+++ b/roles/1-prep/tasks/raspberry_pi.yml
@ -63,7 +63,7 @@
 - name: Restart swap service "dphys-swapfile"
  #command: /etc/init.d/dphys-swapfile restart
-  service:    # A rare/legacy service that is NOT systemd
+  systemd:    # Had been...a rare/legacy service that was NOT systemd
    name: dphys-swapfile
    state: restarted
--- a/roles/3-base-server/tasks/main.yml
+++ b/roles/3-base-server/tasks/main.yml
@ -1,7 +1,7 @@
 # Base Server
 - name: ...IS BEGINNING =====================================
-  command: echo
+  meta: noop
 - name: MYSQL + CORE PHP
  include_role:
--- a/roles/5-xo-services/tasks/main.yml
+++ b/roles/5-xo-services/tasks/main.yml
@ -1,7 +1,7 @@
 # XO Services
 - name: ...IS BEGINNING =====================================
-  command: echo
+  meta: noop
 # UNMAINTAINED
 - name: ACTIVITY-SERVER
--- a/roles/6-generic-apps/tasks/main.yml
+++ b/roles/6-generic-apps/tasks/main.yml
@ -1,7 +1,7 @@
 # Generic Apps
 - name: ...IS BEGINNING ====================================
-  command: echo
+  meta: noop
 # UNMAINTAINED
 - name: AZURACAST
--- a/roles/7-edu-apps/tasks/main.yml
+++ b/roles/7-edu-apps/tasks/main.yml
@ -1,7 +1,7 @@
 # Educational Apps
 - name: ...IS BEGINNING ========================================
-  command: echo
+  meta: noop
 - name: KALITE
  include_role:
--- a/roles/8-mgmt-tools/tasks/main.yml
+++ b/roles/8-mgmt-tools/tasks/main.yml
@ -1,7 +1,7 @@
 # Administration and Monitoring/Assessment Tools
 - name: ...IS BEGINNING ======================================
-  command: echo
+  meta: noop
 - name: TRANSMISSION
  include_role:
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@ -1,7 +1,7 @@
 # Local Add-ons
 - name: ...IS BEGINNING ====================================
-  command: echo
+  meta: noop
 - name: INTERNETARCHIVE
  include_role:
--- a/scripts/local_facts.fact
+++ b/scripts/local_facts.fact
@ -1,5 +1,8 @@
 #!/bin/bash
 # Higher-level purpose explained at the bottom of:
 # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # 2020-10-27: Most of the 11 variables require a command[*] to be run to
 # establish the var's value.  WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE.
 #
		`@ -1,2 +0,0 @@`
			`- name: Create {{ iiab_ini_file }}`
			`include_tasks: iiab_ini.yml`