Merge pull request #2954 from holta/pbx-dual

FreePBX: side-by-side testing of Apache & NGINX + easy './runrole pbx' mods, using a more dynamic iiab-gen-iptables
2025-03-09 15:40:17 +00:00 · 2021-08-18 11:07:40 -04:00 · 2021-08-18 11:07:40 -04:00 · 79de65425c
commit 79de65425c
parent ba4e388e2a fac74e0fc9
18 changed files with 261 additions and 183 deletions
--- a/roles/pbx/README.adoc
+++ b/roles/pbx/README.adoc
@ -30,10 +30,16 @@ pbx_install: True
 pbx_enabled: True
 ----
 +
-You have the option of using Apache on port 83 (default) or NGINX on port 80, as the web server for FreePBX.  To use NGINX, include this line in your http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] file:
+FreePBX can be used with either or both web servers, Apache on port 83 (as is traditional) and/or NGINX on port 80 (as is new).  If you don't want Apache installed on your IIAB, set this line in your http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB:
 +
 ----
-pbx_try_nginx: True
+pbx_use_apache: False
+----
+
+Or, if you want to use Apache alone with FreePBX, set this line in your /etc/iiab/local_vars.yml:
+
+----
+pbx_use_nginx: False
 ----
 +
 If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/php/X.Y/cli/php.ini` and/or `/etc/php/X.Y/nginx/php.ini` (where `X.Y` is typically 7.4) as outlined within https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L88-L131[/opt/iiab/iiab/roles/www_options/tasks/main.yml] &mdash; some of which happens automatically if you also set:
@ -271,7 +277,7 @@ _If there's a bug or serious problem with IIAB, please do https://internet-in-a-

 . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX?
 +
-If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L152-L164[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_try_nginx`
+If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L151-L163[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache`

 . The https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L208-L211[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ?
 +
--- a/roles/pbx/defaults/main.yml
+++ b/roles/pbx/defaults/main.yml
@ -5,8 +5,8 @@
 # pbx_install: False
 # pbx_enabled: False

-# pbx_try_nginx: False    # 2021-08-07: PLEASE TRY NGINX INSTEAD OF APACHE,
-# # AFTER READING https://github.com/iiab/iiab/issues/2914 AND #2916, THX !
+# pbx_use_apache: True    # 2021-08-17: Set either to 'False' if nec -- please
+# pbx_use_nginx: True     # read github.com/iiab/iiab/issues/2914 & #2916, THX!

 # asterisk_chan_dongle: False

--- a/roles/pbx/tasks/asterisk.yml
+++ b/roles/pbx/tasks/asterisk.yml
@ -136,13 +136,14 @@
    system: yes                  # 2021-08-08: No evidence this is needed.  Hopefully it doesn't cause harm?  (FYI Ansible doesn't change pre-existing users)
    append: yes                  # 2021-08-08: Not essential.  So Ansible adds groups w/o deleting existing group memberships.

- name: Asterisk - Add user 'www-data' to group 'asterisk' - if pbx_try_nginx
-  user:
-    name: www-data
-    groups: asterisk
-    # system: yes                # 2021-08-06: Ansible doesn't change pre-existing users
-    append: yes
-  when: pbx_try_nginx
+# 2021-08-17: Moved to enable-or-disable.yml
+# - name: Asterisk - Add user 'www-data' to group 'asterisk' - if pbx_use_nginx
+#   user:
+#     name: www-data
+#     groups: asterisk
+#     # system: yes                # 2021-08-06: Ansible doesn't change pre-existing users
+#     append: yes
+#   when: pbx_use_nginx

 - name: Asterisk - Set ownership for 6 directories (asterisk:asterisk, recurse)
  file:
--- a/roles/pbx/tasks/enable-or-disable.yml
+++ b/roles/pbx/tasks/enable-or-disable.yml
@ -1,82 +1,120 @@
- name: Enable & (Re)start 'freepbx' systemd service, if pbx_enabled
+- name: JUST 1 SETTING TO TURN ON/OFF FOR APACHE - whereas NGINX below has 4...
+  meta: noop
+
+- name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled    # http://box:83/freepbx
+  command: a2ensite freepbx.conf
+  when: pbx_use_apache and pbx_enabled
+
+- name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled)
+  file:    # As 'a2dissite freepbx.conf' might not be installed
+    path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf    # apache2
+    state: absent
+  when: not (pbx_use_apache and pbx_enabled)
+
+
+- name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..."
+  meta: noop
+
+- name: EITHER - Restart & Enable '{{ apache_service }}' systemd service - if pbx_use_apache and pbx_enabled
  systemd:
    daemon_reload: yes
+    name: "{{ apache_service }}"    # apache2
+    state: restarted
+    enabled: yes
+  when: pbx_use_apache and pbx_enabled
+  ignore_errors: yes    # In case Apache not installed
+
+- name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled)
+  systemd:
+    daemon_reload: yes
+    name: "{{ apache_service }}"
+    state: stopped
+    enabled: no
+  when: not (pbx_use_apache and pbx_enabled)
+  ignore_errors: yes    # In case Apache not installed
+
+- name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx'
+  command: /usr/bin/iiab-gen-iptables
+  ignore_errors: yes    # iptables installed in 2-common, but iiab-gen-tables may not be set up until roles/network runs later
+
+
+- name: EITHER - TURN ON 4 SETTINGS FOR NGINX - if pbx_use_nginx and pbx_enabled
+  meta: noop
+
+- block:
+
+  - name: "Add user 'www-data' to group 'asterisk' BEFORE restarting Asterisk (via FreePBX, below) -- Ansible doesn't support removing a single non-primary group, so if you later change to 'pbx_use_nginx: False' please manually edit /etc/group to revert this"
+    user:
+      name: www-data
+      groups: asterisk
+      append: yes
+
+  - name: Run 'fwconsole set CHECKREFERER 0' (0 means false) so 'Submit' button definitively works with NGINX at http://box/freepbx >> Settings >> Advanced Settings -- FYI you can run 'fwconsole set -l' or 'fwconsole set CHECKREFERER' to view FreePBX settings -- FYI /etc/freepbx.conf can completely override FreePBX's stored settings if nec
+    command: fwconsole set CHECKREFERER 0    # Or/later try to run 'fwconsole set CHECKREFERER 1' (1 means true) to restore FreePBX's default strict checking!
+
+  - name: Install /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf converted from www.conf for user 'asterisk'
+    copy:
+      src: roles/pbx/templates/asterisk.conf
+      dest: /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
+
+  - name: Enable http://box/freepbx via NGINX, by installing {{ nginx_conf_dir }}/freepbx-nginx.conf from template
+    template:
+      src: freepbx-nginx.conf.j2
+      dest: "{{ nginx_conf_dir }}/freepbx-nginx.conf"    # /etc/nginx/conf.d
+
+  when: pbx_use_nginx and pbx_enabled
+
+- name: OR ELSE - TURN OFF 3 SETTINGS FOR NGINX (1st of 4 above settings too hard!) - if not (pbx_use_nginx and pbx_enabled)
+  meta: noop
+
+- block:
+
+  - name: Restore FreePBX default by running 'fwconsole set CHECKREFERER 1' (1 means true) as works with Apache -- FYI you can run 'fwconsole set -l' or 'fwconsole set CHECKREFERER' to view FreePBX settings -- FYI /etc/freepbx.conf can completely override FreePBX's stored settings if nec
+    command: fwconsole set CHECKREFERER 1
+
+  - name: Remove /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
+    file:
+      path: /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
+      state: absent
+
+  - name: Disable http://box/freepbx via NGINX, by removing {{ nginx_conf_dir }}/freepbx-nginx.conf
+    file:
+      path: "{{ nginx_conf_dir }}/freepbx-nginx.conf"
+      state: absent
+
+  when: not (pbx_use_nginx and pbx_enabled)
+
+
+- name: "ENACT ABOVE 3-4 SETTINGS FOR NGINX - 'pbx_use_nginx: False' might arise later, so best ALWAYS run these 2..."
+  meta: noop
+
+- name: Enable & Restart 'php{{ php_version }}-fpm' systemd service
+  systemd:
+    name: php{{ php_version }}-fpm
+    state: restarted
+    enabled: yes
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted
+
+
+
+
+- name: WRAP UP - Asterisk VIA FreePBX systemd service...
+  meta: noop
+
+- name: EITHER - Enable & (Re)start 'freepbx' systemd service, if pbx_enabled
+  systemd:
    name: freepbx
    enabled: yes
    state: restarted
  when: pbx_enabled

- name: Disable & Stop 'freepbx' systemd service, if not pbx_enabled
+- name: OR ELSE - Disable & Stop 'freepbx' systemd service, if not pbx_enabled
  systemd:
-    daemon_reload: yes
    name: freepbx
    enabled: no
    state: stopped
  when: not pbx_enabled
-
-
- block:
-
-  - name: Enable http://box:{{ pbx_http_port }}/freepbx via Apache, if pbx_enabled    # http://box:83/freepbx
-    command: a2ensite freepbx.conf
-    when: pbx_enabled
-
-  - name: Disable http://box:{{ pbx_http_port }}/freepbx via Apache, if not pbx_enabled
-    command: a2dissite freepbx.conf
-    when: not pbx_enabled
-
-  - name: Restart & Enable '{{ apache_service }}' systemd service, if pbx_enabled
-    systemd:
-      name: "{{ apache_service }}"    # apache2
-      state: restarted
-      enabled: yes
-    when: pbx_enabled
-
-  - name: Stop & Disable '{{ apache_service }}' systemd service, if not pbx_enabled
-    systemd:
-      name: "{{ apache_service }}"
-      state: stopped
-      enabled: no
-    when: not pbx_enabled
-
-  when: not pbx_try_nginx
-
-
- block:
-
-  - name: Install /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf converted from www.conf for user 'asterisk', if pbx_enabled
-    copy:
-      src: roles/pbx/templates/asterisk.conf
-      dest: /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
-    when: pbx_enabled
-
-  - name: Remove /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf, if not pbx_enabled
-    file:
-      path: /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
-      state: absent
-    when: not pbx_enabled
-
-  - name: Enable & Restart 'php{{ php_version }}-fpm' systemd service
-    systemd:
-      name: php{{ php_version }}-fpm
-      state: restarted
-      enabled: yes
-
-  - name: Enable http://box/freepbx via NGINX, by installing {{ nginx_conf_dir }}/freepbx-nginx.conf from template, if pbx_enabled
-    template:
-      src: freepbx-nginx.conf.j2
-      dest: "{{ nginx_conf_dir }}/freepbx-nginx.conf"    # /etc/nginx/conf.d
-    when: pbx_enabled
-
-  - name: Disable http://box/freepbx via NGINX, by removing {{ nginx_conf_dir }}/freepbx-nginx.conf, if not pbx_enabled
-    file:
-      path: "{{ nginx_conf_dir }}/freepbx-nginx.conf"
-      state: absent
-    when: not pbx_enabled
-
-  - name: Restart 'nginx' systemd service
-    systemd:
-      name: nginx
-      state: restarted
-
-  when: pbx_try_nginx
--- a/roles/pbx/tasks/freepbx.yml
+++ b/roles/pbx/tasks/freepbx.yml
@ -62,10 +62,9 @@
 #     state: present
 #   when: php_version is version('8.0', '<')

- name: FreePBX - Install and configure Apache - if not pbx_try_nginx
+- name: FreePBX - Install and configure Apache - if pbx_use_apache
  include_tasks: apache.yml
-  when: not pbx_try_nginx
-
+  when: pbx_use_apache

 - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }}
  get_url:
@ -149,7 +148,7 @@
    state: present


-# 2021-08-16: DOES NGINX NEED THE NEXT 2 STANZAS?  (If not, should 'when: not pbx_try_nginx' be added?)
+# 2021-08-16: DOES NGINX NEED THE NEXT 2 STANZAS?  (If not, should 'when: pbx_use_apache' be added?)

 - name: FreePBX - Create new php sessions dir /var/lib/php/asterisk_sessions/ - SEE 'php_value session.save_path /var/lib/php/asterisk_sessions/' IN pbx/templates/freepbx.conf.j2
  file:
@ -253,17 +252,12 @@
 - name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER!
  command: fwconsole ma upgradeall

- name: FreePBX - Run 'fwconsole set CHECKREFERER 0' (0 means false) - if pbx_try_nginx - so 'Submit' button definitively works at http://box/freepbx >> Settings >> Advanced Settings -- FYI you can run 'fwconsole set -l' or 'fwconsole set CHECKREFERER' to view FreePBX settings -- FYI /etc/freepbx.conf can completely override FreePBX's stored settings if nec
-  command: fwconsole set CHECKREFERER 0    # Or/later run 'fwconsole set CHECKREFERER 1' (1 means true) to restore FreePBX's default strict checking.
-  when: pbx_try_nginx
-
-
-# - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_try_nginx"
+# - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_use_nginx"
 #   lineinfile:
 #     path: /etc/freepbx.conf
 #     insertbefore: '^\?>$'    # Match exact line '?>' -- BOTTOM OF FILE NEC!
 #     line: "$amp_conf['CHECKREFERER'] = false;"
-#   when: pbx_try_nginx
+#   when: pbx_use_nginx

 # - name: 'FreePBX - fix file permissions for NGINX: /etc/freepbx.conf (0644), /var/log/asterisk/freepbx.log (0666)'
 #   file:
@ -273,7 +267,7 @@
 #   with_items:
 #     - { path: '/etc/freepbx.conf', mode: u=rw,g=r,o=r }                  # 2021-08-04: LATER ENDS UP AS 0660
 #     - { path: '/var/log/asterisk/freepbx.log', mode: u=rw,g=rw,o=rw }    # 2021-08-04: LATER ENDS UP AS 0664
-#   when: pbx_try_nginx
+#   when: pbx_use_nginx

 # - name: 'FreePBX - fix dir permissions for NGINX: /var/spool/asterisk/cache (0777)'
 #   file:
@ -284,9 +278,9 @@
 #   with_items:
 #     # - /var/www/html/freepbx/admin/assets/less/cache
 #     - /var/spool/asterisk/cache
-#   when: pbx_try_nginx
+#   when: pbx_use_nginx

-# For 'pbx_try_nginx: True' -- FreePBX's initial page (Admin user registration)
+# For 'pbx_use_nginx: True' -- FreePBX's initial page (Admin user registration)
 # tries to set up a cron job but fails:
 #   "Exception: Trying to edit user asterisk, when I'm running as www-data"
 # 2021-08-10: Hacking /etc/freepbx.conf WAS NOT TESTED PROPERLY -- some vars MAY
@ -297,4 +291,4 @@
 #     #insertafter: '^<\?php$'    # Match exact line '<?php' -- BUT TOP OF FILE FAILS :(
 #     insertbefore: '^\?>$'       # Match exact line '?>' -- BOTTOM OF FILE NECESSARY :)
 #     line: "$amp_conf['AMPASTERISKWEBUSER'] = 'www-data';"
-#   when: pbx_try_nginx
+#   when: pbx_use_nginx
--- a/roles/pbx/tasks/main.yml
+++ b/roles/pbx/tasks/main.yml
@ -23,13 +23,12 @@
  include_tasks: install.yml
  when: pbx_installed is undefined

-
- include_tasks: enable-or-disable.yml
-
- name: Install chan_dongle for Huawei USB modems - if asterisk_chan_dongle
+- name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle
  include: chan_dongle.yml
  when: asterisk_chan_dongle

+- include_tasks: enable-or-disable.yml
+

 - name: Add 'pbx' variable values to {{ iiab_ini_file }}
  ini_file: