diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 490d00c80..398dd0455 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -14,8 +14,8 @@ - name: Configure short hostname in /etc/hosts lineinfile: dest: /etc/hosts - regexp: "^127\.0\.0\.1" - line: "127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}" + regexp: '^127\.0\.0\.1' + line: '127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}' owner: root group: root mode: 0644 diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 37df72fcf..c46bfe997 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -3,7 +3,7 @@ - name: ...IS BEGINNING ============================================ command: echo -- name: Get the uuidgen program +- name: Install uuidgen program (debuntu) package: name: uuid-runtime state: present @@ -54,7 +54,7 @@ dest: /etc/chrony.conf src: chrony.conf.j2 -- name: Disable AppArmor -- on by default in Ubuntu +- name: Disable AppArmor -- override OS default (ubuntu) service: name: apparmor enabled: False @@ -62,19 +62,19 @@ when: is_ubuntu ignore_errors: true -- name: Disable SELinux on next boot +- name: Disable SELinux on next boot (OS's other than debuntu) selinux: state: disabled register: selinux_disabled when: not is_debuntu -- name: Disable SELinux for this session (if needed) +- name: Disable SELinux for this session (OS's other than debuntu, if needed) command: setenforce Permissive when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed ## DISCOVER PLATFORMS ###### # Put conditional actions for hardware platforms here -- include_tasks: raspberry_pi_2.yml +- include_tasks: raspberry_pi.yml when: first_run and rpi_model != "none" - name: Check if the identifier for Intel's NUC6 builtin WiFi is present diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml new file mode 100644 index 000000000..ccaafff24 --- /dev/null +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -0,0 +1,62 @@ +# Setup specific to the Raspberry Pi + +- name: Add a udev rule to transfer hwclock to system clock at dev creation + template: + src: 92-rtc-i2c.rules + dest: /etc/udev/rules.d/92-rtc-i2c.rules + owner: root + group: root + mode: 0644 + when: rtc_id is defined and rtc_id != "none" + +# RTC requires a change to the device tree (and reboot) +- name: Check for needing to enable i2c rtc device in config.txt + lineinfile: + dest: /boot/config.txt + line: "dtoverlay=i2c-rtc,{{ rtc_id }}=on" + state: present + register: rpiconfig + when: rtc_id != "none" + +- name: Add a udev rule to transfer hwclock to system clock at dev creation + template: + src: 92-rtc-i2c.rules + dest: /etc/udev/rules.d/92-rtc-i2c.rules + owner: root + group: root + mode: 0644 + when: rtc_id != "none" + +- name: Pre-install packages + package: + name: "{{ item }}" + state: latest + with_items: + - ntp + +- name: Increase the swap file size, as kalite pip download fails (debuntu) + lineinfile: + regexp: "^CONF_SWAPSIZE" + line: CONF_SWAPSIZE=500 + dest: /etc/dphys-swapfile + when: is_debuntu + +- name: Restart the swap service (debuntu) + command: /etc/init.d/dphys-swapfile restart + when: is_debuntu + +- name: Add RPi rootfs resizing service + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + with_items: + - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/iiab-rpi-max-rootfs.sh', mode: '0755'} + - { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/iiab-rpi-root-resize.service', mode: '0644'} + +- name: Enable rootfs resizing service + service: + name: iiab-rpi-root-resize + enabled: yes diff --git a/roles/1-prep/tasks/raspberry_pi_2.yml b/roles/1-prep/tasks/raspberry_pi_2.yml deleted file mode 100644 index f93f734ee..000000000 --- a/roles/1-prep/tasks/raspberry_pi_2.yml +++ /dev/null @@ -1,57 +0,0 @@ -# Setup specific to the Raspberry Pi -# -- name: Add a udev rule to transfer hwclock to system clock at dev creation - template: src=92-rtc-i2c.rules - dest=/etc/udev/rules.d/92-rtc-i2c.rules - owner=root - group=root - mode=0644 - when: rtc_id is defined and rtc_id != "none" - -# -# RTC requires a change to the device tree (and reboot) -- name: Check for needing to enable i2c rtc device in config.txt - lineinfile: dest=/boot/config.txt - line="dtoverlay=i2c-rtc,{{ rtc_id }}=on" - state=present - register: rpiconfig - when: rtc_id != "none" - - -- name: Add a udev rule to transfer hwclock to system clock at dev creation - template: src=92-rtc-i2c.rules - dest=/etc/udev/rules.d/92-rtc-i2c.rules - owner=root - group=root - mode=0644 - when: rtc_id != "none" - -- name: Pre-install packages - package: name={{ item }} - state=latest - with_items: - - ntp - -- name: Increase the swap file size (kalite pip download fails) - lineinfile: regexp="^CONF_SWAPSIZE" - line=CONF_SWAPSIZE=500 - dest=/etc/dphys-swapfile - when: is_debuntu - -- name: Restart the swap service - command: /etc/init.d/dphys-swapfile restart - when: is_debuntu - -- name: Add RPi rootfs resizing service - template: src={{ item.src }} - dest={{ item.dest }} - owner=root - group=root - mode={{ item.mode }} - with_items: - - { src: 'iiab-rpi-max-rootfs.sh', dest: '/usr/sbin/iiab-rpi-max-rootfs.sh', mode: '0755'} - - { src: 'iiab-rpi-root-resize.service', dest: '/etc/systemd/system/iiab-rpi-root-resize.service', mode: '0644'} - -- name: Enable rootfs resizing service - service: name=iiab-rpi-root-resize - enabled=yes diff --git a/roles/2-common/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml index eb3a27b1f..d84900650 100644 --- a/roles/2-common/tasks/iptables.yml +++ b/roles/2-common/tasks/iptables.yml @@ -1,55 +1,64 @@ -- name: Disable firewalld service - service: name=firewalld - enabled=no +- name: Disable firewalld service (OS's other than debuntu) + service: + name: firewalld + enabled: no when: not is_debuntu -- name: Use larger hammer to disable firewalld (2 symbolic links involved) +- name: Use larger hammer to disable firewalld -- 2 symbolic links involved (OS's other than debuntu) shell: "systemctl disable firewalld.service" when: not is_debuntu -- name: Mask firewalld service +- name: Mask firewalld service (OS's other than debuntu) shell: 'systemctl mask firewalld' ignore_errors: yes when: not installing and not is_debuntu -- name: Stop firewalld service - service: name=firewalld - state=stopped +- name: Stop firewalld service (OS's other than debuntu) + service: + name: firewalld + state: stopped ignore_errors: yes when: not installing and not is_debuntu - name: Remove iptables.service file from /etc - file: path=/etc/systemd/system/iptables.service - state=absent + file: + path: /etc/systemd/system/iptables.service + state: absent - name: Remove iptables-xs.service file from /etc - file: path=/etc/systemd/system/iptables-xs.service - state=absent + file: + path: /etc/systemd/system/iptables-xs.service + state: absent -- name: Install iptables service package - package: name=iptables-persistent - state=present +- name: Install iptables service package (debuntu) + package: + name: iptables-persistent + state: present when: is_debuntu tags: - download -- name: Install iptables service package - package: name=iptables-services - state=present +- name: Install iptables service package (OS's other than debuntu) + package: + name: iptables-services + state: present when: not is_debuntu tags: - download - name: Install iptables services - template: src={{ item.0 }} - dest={{ item.1 }} - owner='root' - group='root' - mode={{ item.2 }} + template: + src: "{{ item.0 }}" + dest: "{{ item.1 }}" + owner: root + group: root + mode: "{{ item.2 }}" with_items: - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' } -- name: Install Debian config - template: src=iptables dest=/etc/network/if-pre-up.d/iptables - mode=0755 +- name: Install Debian config (debuntu) + template: + src: iptables + dest: /etc/network/if-pre-up.d/iptables + mode: 0755 when: is_debuntu diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 44cbdc41c..95a14be16 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -20,24 +20,65 @@ - include_tasks: iptables.yml -- sysctl: name=net.ipv4.ip_forward value=1 state=present -- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present -- sysctl: name=net.ipv4.conf.default.accept_source_route value=0 state=present -- sysctl: name=kernel.sysrq value=1 state=present -- sysctl: name=kernel.core_uses_pid value=1 state=present -- sysctl: name=net.ipv4.tcp_syncookies value=1 state=present -- sysctl: name=kernel.shmmax value=268435456 state=present +- sysctl: + name: net.ipv4.ip_forward + value: 1 + state: present + +- sysctl: + name: net.ipv4.conf.default.rp_filter + value: 1 + state: present + +- sysctl: + name: net.ipv4.conf.default.accept_source_route + value: 0 + state: present + +- sysctl: + name: kernel.sysrq + value: 1 + state: present + +- sysctl: + name: kernel.core_uses_pid + value: 1 + state: present + +- sysctl: + name: net.ipv4.tcp_syncookies + value: 1 + state: present + +- sysctl: + name: kernel.shmmax + value: 268435456 + state: present + # IPv6 disabled -- sysctl: name=net.ipv6.conf.all.disable_ipv6 value=1 state=present -- sysctl: name=net.ipv6.conf.default.disable_ipv6 value=1 state=present -- sysctl: name=net.ipv6.conf.lo.disable_ipv6 value=1 state=present + +- sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + state: present + +- sysctl: + name: net.ipv6.conf.default.disable_ipv6 + value: 1 + state: present + +- sysctl: + name: net.ipv6.conf.lo.disable_ipv6 + value: 1 + state: present - name: Install custom profile file - template: dest=/etc/profile.d/zzz_iiab.sh - src=zzz_iiab.sh - owner=root - mode=0644 - backup=no + template: + dest: /etc/profile.d/zzz_iiab.sh + src: zzz_iiab.sh + owner: root + mode: 0644 + backup: no - include_tasks: net_mods.yml when: not is_debuntu and not is_F18 @@ -47,7 +88,8 @@ - include_tasks: iiab-startup.yml - name: Recording STAGE 2 HAS COMPLETED ========================== - lineinfile: dest=/etc/iiab/iiab.env - regexp='^STAGE=*' - line='STAGE=2' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^STAGE=*' + line: 'STAGE=2' + state: present diff --git a/roles/2-common/tasks/net_mods.yml b/roles/2-common/tasks/net_mods.yml index 6e550b858..ba359a5ae 100644 --- a/roles/2-common/tasks/net_mods.yml +++ b/roles/2-common/tasks/net_mods.yml @@ -1,32 +1,36 @@ -- name: Disable systemd-networkd.service - service: name=systemd-networkd.service - enabled=no +- name: Disable systemd-networkd.service (OS's other than centos) + service: + name: systemd-networkd.service + enabled: no when: not is_centos -- name: Mask systemd-networkd.service +- name: Mask systemd-networkd.service (OS's other than centos) shell: 'systemctl mask systemd-networkd' when: not is_centos - name: Disable systemd-hostnamed.service - service: name=systemd-hostnamed.service - enabled=no + service: + name: systemd-hostnamed.service + enabled: no - name: Disable dbus-org.freedesktop.hostname1.service - service: name=dbus-org.freedesktop.hostname1 - enabled=no + service: + name: dbus-org.freedesktop.hostname1 + enabled: no - name: Mask dbus-org.freedesktop.hostname1.service shell: 'systemctl mask dbus-org.freedesktop.hostname1' - name: Disable network.service - service: name=network - enabled=no + service: + name: network + enabled: no - name: Mask network.service shell: 'systemctl mask network.service' # Network Manager starts this if needed - name: Disable wpa_supplicant - service: name=wpa_supplicant - enabled=no - + service: + name: wpa_supplicant + enabled: no diff --git a/roles/2-common/tasks/prep.yml b/roles/2-common/tasks/prep.yml index 0116005e0..4f0d8e0f3 100644 --- a/roles/2-common/tasks/prep.yml +++ b/roles/2-common/tasks/prep.yml @@ -1,29 +1,33 @@ - name: Install iiab-extra repos - template: backup=no - dest=/etc/yum.repos.d/iiab-extra.repo - src=iiab-extra.repo - owner=root - group=root - mode=0666 + template: + backup: no + dest: /etc/yum.repos.d/iiab-extra.repo + src: iiab-extra.repo + owner: root + group: root + mode: 0666 - name: Install iiab-testing repos - template: backup=no - dest=/etc/yum.repos.d/iiab-testing.repo - src=iiab-testing.repo - owner=root - group=root - mode=0666 + template: + backup: no + dest: /etc/yum.repos.d/iiab-testing.repo + src: iiab-testing.repo + owner: root + group: root + mode: 0666 - name: Get the createrepo program - package: name=createrepo - state=present + package: + name: createrepo + state: present - name: Install local repo file - template: dest=/etc/yum.repos.d/iiab-local.repo - src=local.repo - owner=root - group=root - mode=0644 + template: + dest: /etc/yum.repos.d/iiab-local.repo + src: local.repo + owner: root + group: root + mode: 0644 - name: Create local repo shell: createrepo {{ yum_packages_dir }} diff --git a/roles/2-common/tasks/udev.yml b/roles/2-common/tasks/udev.yml index 7e66a2d93..c5ed659a1 100644 --- a/roles/2-common/tasks/udev.yml +++ b/roles/2-common/tasks/udev.yml @@ -1,21 +1,24 @@ - name: Does systemd-udevd.service exist - stat: path="{{ systemd_location }}/systemd-udevd.service" + stat: + path: "{{ systemd_location }}/systemd-udevd.service" register: udev_unit - name: Copy udevd service to /etc/systemd/system to modify - copy: src={{ systemd_location }}/systemd-udevd.service - dest=/etc/systemd/system/systemd-udevd.service - owner=root - group=root - mode=0644 + copy: + src: "{{ systemd_location }}/systemd-udevd.service" + dest: /etc/systemd/system/systemd-udevd.service + owner: root + group: root + mode: 0644 when: udev_unit.stat.exists is defined and udev_unit.stat.exists - name: Change MountFlags from slave to shared - lineinfile: backup=no - dest=/etc/systemd/system/systemd-udevd.service - regexp='^MountFlags' - line='MountFlags=shared' - state=present + lineinfile: + backup: no + dest: /etc/systemd/system/systemd-udevd.service + regexp: '^MountFlags' + line: 'MountFlags=shared' + state: present when: udev_unit.stat.exists is defined and udev_unit.stat.exists # ubuntu 16.04 comes with ansible 2.0.0.2 -- no systemd module @@ -28,7 +31,9 @@ when: udev_unit.stat.exists is defined and udev_unit.stat.exists - name: Reload systemd-udevd so it has rootfs open read-write - template: src=udev-reload.service dest=/etc/systemd/system/ + template: + src: udev-reload.service + dest: /etc/systemd/system/ - name: Enable the reload service shell: systemctl enable udev-reload.service diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 7e972e04b..5443c2523 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -22,12 +22,14 @@ tags: base, mysql - name: Restart httpd - service: name={{ apache_service }} - state=restarted + service: + name: "{{ apache_service }}" + state: restarted when: not installing - name: Recording STAGE 3 HAS COMPLETED ===================== - lineinfile: dest=/etc/iiab/iiab.env - regexp='^STAGE=*' - line='STAGE=3' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^STAGE=*' + line: 'STAGE=3' + state: present diff --git a/roles/4-server-options/README.rst b/roles/4-server-options/README.rst index 8fd9c8a97..ca4afb22a 100644 --- a/roles/4-server-options/README.rst +++ b/roles/4-server-options/README.rst @@ -2,8 +2,8 @@ 4-server-options README ======================= -Whereas the roles/tasks in 3-base-server are required, this 4th stage includes more optional roles/tasks for core server infra. +Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /opt/iiab/iiab/vars/local_vars.yml -It includes some networking fundamentals, before they're configured later on. +This includes some networking fundamentals, before they're configured later on. As in the case of 2-common, 3-base-server and 5-xo-services: this stage installs core server infra, that is not user-facing. diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index addb76517..7c913768f 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -3,6 +3,7 @@ - name: ...IS BEGINNING ================================== command: echo +# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ? - name: SSHD include_role: name: sshd @@ -41,6 +42,7 @@ # # has no "when: XXXXX_install" flag # tags: base, network +# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ? - name: HOMEPAGE include_role: name: homepage @@ -77,16 +79,19 @@ when: usb_lib_install tags: usb-lib +# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ? - name: Create a Python interface to iiab.env - template: src=roles/1-prep/templates/iiab_env.py.j2 - dest=/etc/iiab/iiab_env.py + template: + src: roles/1-prep/templates/iiab_env.py.j2 + dest: /etc/iiab/iiab_env.py - name: Generate the offline documents command: /usr/bin/iiab-refresh-wiki-docs when: not nodocs - name: Recording STAGE 4 HAS COMPLETED ================== - lineinfile: dest=/etc/iiab/iiab.env - regexp='^STAGE=*' - line='STAGE=4' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^STAGE=*' + line: 'STAGE=4' + state: present diff --git a/roles/5-xo-services/README.rst b/roles/5-xo-services/README.rst index 54a2104e5..1cb725bf7 100644 --- a/roles/5-xo-services/README.rst +++ b/roles/5-xo-services/README.rst @@ -2,6 +2,6 @@ 5-xo-services README ==================== -This 5th stage provides services for One Laptop Per Child's XO laptops. +This 5th stage provides underlying services for One Laptop Per Child's XO laptops. As in the case of 2-common, 3-base-server and 4-server-options: this stage installs core server infra, that is not user-facing. diff --git a/roles/5-xo-services/tasks/main.yml b/roles/5-xo-services/tasks/main.yml index b61c78e02..95cc1a3dc 100644 --- a/roles/5-xo-services/tasks/main.yml +++ b/roles/5-xo-services/tasks/main.yml @@ -22,7 +22,8 @@ tags: olpc, idmgr - name: Recording STAGE 5 HAS COMPLETED ===================== - lineinfile: dest=/etc/iiab/iiab.env - regexp='^STAGE=*' - line='STAGE=5' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^STAGE=*' + line: 'STAGE=5' + state: present diff --git a/roles/6-generic-apps/README.rst b/roles/6-generic-apps/README.rst index 3843ce3c6..9f6c87e7c 100644 --- a/roles/6-generic-apps/README.rst +++ b/roles/6-generic-apps/README.rst @@ -2,8 +2,8 @@ 6-generic-apps README ===================== -This 6th stage is for apps of a more generic or collaborative nature, as opposed to educational or managerial apps in later stages. +This 6th stage is for server apps of a more generic, personal or collaborative nature -- as opposed to larger educational or LMS apps (Learning Management Systems) in 7-edu-apps. -Chat, Wiki and CMS's (Content Management Systems) can go here. +Chat, Wiki, blogging and CMS's (Content Management Systems) can go here. As in the case of 7-edu-apps, 8-mgmt-tools and 9-local-addons: this stage installs user-facing server apps. diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 0f8bd75a9..2b74a43ef 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -40,7 +40,8 @@ tags: wordpress - name: Recording STAGE 6 HAS COMPLETED ==================== - lineinfile: dest=/etc/iiab/iiab.env - regexp='^STAGE=*' - line='STAGE=6' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^STAGE=*' + line: 'STAGE=6' + state: present diff --git a/roles/7-edu-apps/README.rst b/roles/7-edu-apps/README.rst index 74dad6564..30594417f 100644 --- a/roles/7-edu-apps/README.rst +++ b/roles/7-edu-apps/README.rst @@ -2,6 +2,8 @@ 7-edu-apps README ================= -This 7th stage is for Educational Apps and Learning Content, including LMS's (Learning Management Systems). +This 7th stage is for larger Educational Apps and Learning Content, including LMS's (Learning Management Systems). + +As opposed to the prior stage (6-generic-apps) which is for smaller server apps that are more generic, personal or collaborative. As in the case of 6-generic-apps, 8-mgmt-tools and 9-local-addons: this stage installs user-facing server apps. diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 251d446bd..62699e42b 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -40,7 +40,8 @@ tags: sugarizer - name: Recording STAGE 7 HAS COMPLETED ======================== - lineinfile: dest=/etc/iiab/iiab.env - regexp='^STAGE=*' - line='STAGE=7' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^STAGE=*' + line: 'STAGE=7' + state: present diff --git a/roles/8-mgmt-tools/README.rst b/roles/8-mgmt-tools/README.rst index e7c631559..6df3b1fda 100644 --- a/roles/8-mgmt-tools/README.rst +++ b/roles/8-mgmt-tools/README.rst @@ -2,6 +2,6 @@ 8-mgmt-tools README =================== -This 8th stage provides managerial tools to Administer and Monitor the server -- and for Assessing its use and effectiveness. +This 8th stage installs management tools to Administer and Monitor the server -- and for Assessing its use and effectiveness. -As in the case of 6-generic-apps, 7-edu-apps and 9-local-addons: this stage installs user-facing server apps. +As in the case of 6-generic-apps, 7-edu-apps and 9-local-addons: this stage installs user-facing (or operator-facing, in this case) server apps. diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index ad22382ed..096f210da 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -52,7 +52,8 @@ tags: xovis - name: Recording STAGE 8 HAS COMPLETED ====================== - lineinfile: dest=/etc/iiab/iiab.env - regexp='^STAGE=*' - line='STAGE=8' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^STAGE=*' + line: 'STAGE=8' + state: present diff --git a/roles/9-local-addons/README.rst b/roles/9-local-addons/README.rst index f2b19c890..e7d3fb218 100644 --- a/roles/9-local-addons/README.rst +++ b/roles/9-local-addons/README.rst @@ -2,19 +2,19 @@ 9-local-addons README ===================== -This 9th stage is a placeholder for roles/tasks/server apps that are locally developed -- or of an experimental nature. +This 9th stage is a placeholder for server apps (roles, tasks or otherwise) that are locally developed -- or of an experimental nature. -As in the case of 6-generic-apps, 7-edu-apps, and 8-mgmt-tools: this stage is intended to install user-facing server apps. +As in the case of 6-generic-apps, 7-edu-apps, and 8-mgmt-tools: this stage is intended to install user-facing or operator-facing server apps. Development ----------- -Consider creating your own Ansible role to add essential functionality to Internet-in-a-Box. You can copy any role you find within /opt/iiab/iiab/roles, and building from there! +Consider creating your own Ansible role to add essential functionality to Internet-in-a-Box. You can copy any role you find within /opt/iiab/iiab/roles, and build from there! Packaging --------- -Add your role into the main.yml file in the tasks directory of the 9-local-addons role. +Add your Ansible role into /opt/iiab/iiab/roles/9-local-addons/tasks/main.yml It will then get installed as part of the next Ansible run (e.g. "cd /opt/iiab/iiab" and then "./iiab-install --reinstall"). diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 551b1ed95..5b8028ec8 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -10,7 +10,8 @@ tags: calibre - name: Recording STAGE 9 HAS COMPLETED ==================== - lineinfile: dest=/etc/iiab/iiab.env - regexp='^STAGE=*' - line='STAGE=9' - state=present + lineinfile: + dest: /etc/iiab/iiab.env + regexp: '^STAGE=*' + line: 'STAGE=9' + state: present diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 9a466533a..ee418a81c 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -46,7 +46,7 @@ wan_netmask: "{{ gui_static_wan_netmask }}" wan_gateway: "{{ gui_static_wan_gateway }}" wan_nameserver: "{{ gui_static_wan_nameserver }}" - when: gui_static_wan and user_wan_iface != "auto" + when: gui_static_wan or user_wan_iface != "auto" # we need to have an interface name for ifcfg-WAN to be able to change gateway # the DEVICE from the gui. Thanks to George for proving my point about knowing diff --git a/roles/usb-lib/README.rst b/roles/usb-lib/README.rst index 98eb7ceff..c485bc68d 100644 --- a/roles/usb-lib/README.rst +++ b/roles/usb-lib/README.rst @@ -20,8 +20,6 @@ Automount is handled by usbmount, and scripts in this role look in the root of t USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at /etc/usbmount/usbmount.conf -WARNING: even if you manually add "exfat ntfs fuseblk" within the above line, problems remain automounting exFAT and NTFS filesystems using usbmount, as of February 2018. It's recommended you stick to FAT32 and ext4 filesystems for now. - There is also a patch for problems with automount on Fedora 21+ Please Note that as of the 4.1.8-200.fc22.x86_64 not all USB drives will mount even with this patch. diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index 5280440bd..2781cd7ce 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -15,6 +15,20 @@ mode: 0751 when: usb_lib_enabled +- name: Install udev to systemd link -> usbmount + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service' } + - { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules' } + +- name: Enable exfat and ntfs + lineinfile: + regexp: '^FILESYSTEMS.*' + line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' + dest: /etc/usbmount/usbmount.conf + - name: Copy umount file to usbmount when enabled template: src: umount.d/70-usb-library diff --git a/roles/usb-lib/templates/usbmount.rules.j2 b/roles/usb-lib/templates/usbmount.rules.j2 new file mode 100644 index 000000000..0b1afd3e5 --- /dev/null +++ b/roles/usb-lib/templates/usbmount.rules.j2 @@ -0,0 +1,5 @@ +KERNEL=="sd*", DRIVERS=="sbp2", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" +KERNEL=="sd*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" +KERNEL=="ub*", SUBSYSTEMS=="usb", ACTION=="add", PROGRAM="/bin/systemd-escape -p --template=usbmount@.service $env{DEVNAME}", ENV{SYSTEMD_WANTS}+="%c" +KERNEL=="sd*", ACTION=="remove", RUN+="/usr/share/usbmount/usbmount remove" + diff --git a/roles/usb-lib/templates/usbmount@.service.j2 b/roles/usb-lib/templates/usbmount@.service.j2 new file mode 100644 index 000000000..8ee5cb632 --- /dev/null +++ b/roles/usb-lib/templates/usbmount@.service.j2 @@ -0,0 +1,11 @@ +[Unit] +BindTo=%i.device +After=%i.device + +[Service] +Type=oneshot +TimeoutStartSec=0 +Environment=DEVNAME=%I +ExecStart=/usr/share/usbmount/usbmount add +RemainAfterExit=yes +