Merge pull request #42 from iiab/master

sync from iiab/iiab

roles/2-common/tasks/iiab-startup.yml

@@ -0,0 +1,26 @@
+- name: Does systemd startup service exist
+  stat: path="{{ systemd_location }}/iiab-startup.service"
+  register: startup_unit
+
+- name: Copy startup service to /etc/systemd/system
+  template: src=iiab-startup.service
+            dest=/etc/systemd/system/
+  when: startup_unit.stat.exists is defined and not startup_unit.stat.exists
+
+- name: Copy startup script
+  template: src=iiab-startup.sh
+            dest=/usr/libexec/
+            mode=0755
+  when: startup_unit.stat.exists is defined and not startup_unit.stat.exists
+
+- name: Ask systemd to recognize the changes
+  shell: systemctl daemon-reload
+  when: startup_unit.stat.exists is defined and not startup_unit.stat.exists
+
+- name: Restart so systemd recognizes the changes
+  shell: systemctl restart iiab-startup.service
+  when: startup_unit.stat.exists is defined and not startup_unit.stat.exists
+
+- name: Enable the reload service
+  shell: systemctl enable iiab-startup.service
+  when: startup_unit.stat.exists is defined and not startup_unit.stat.exists

roles/2-common/tasks/main.yml

@@ -44,6 +44,8 @@
 
 - include_tasks: udev.yml
 
+- include_tasks: iiab-startup.yml
+
 - name: Recording STAGE 2 HAS COMPLETED ==========================
   lineinfile: dest=/etc/iiab/iiab.env
               regexp='^STAGE=*'

roles/2-common/templates/iiab-startup.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Execute startup script  
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/iiab-startup.sh
+
+[Install]
+WantedBy=multi-user.target

roles/2-common/templates/iiab-startup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+# put initialization that needs to happen at every startup for IIAB here
+
+if [ ! -f /etc/iiab/uuid ]; then
+   uuidgen > /etc/iiab/uuid
+fi
+exit 0
+

roles/calibre/tasks/main.yml

@@ -77,20 +77,22 @@
   #async: 900
   #poll: 5
 
-- name: Add 'calibre-serve' to service list at /etc/iiab/iiab.ini
+- name: Add 'calibre' to list of services at /etc/iiab/iiab.ini
   ini_file:
     dest: "{{ service_filelist }}"
     section: calibre
     option: "{{ item.option }}"
     value: "{{ item.value }}"
   with_items:
-    - option: description
-      value: '"Calibre is an extremely popular personal library system for e-books."'
-    - option: url
-      value: "{{ calibre_src_url }}"
-    - option: database
-      value: "{{ calibre_dbpath }}"
-    - option: port
-      value: "{{ calibre_port }}"
-    - option: enabled
-      value: "{{ calibre_enabled }}"
+  - option: name
+    value: Calibre
+  - option: description
+    value: '"Calibre is an extremely popular personal library system for e-books."'
+  - option: url
+    value: "{{ calibre_src_url }}"
+  - option: database
+    value: "{{ calibre_dbpath }}"
+  - option: port
+    value: "{{ calibre_port }}"
+  - option: enabled
+    value: "{{ calibre_enabled }}"

roles/elgg/defaults/main.yml

@@ -1,5 +1,5 @@
 elgg_xx: elgg
-elgg_version: "2.3.4"
+elgg_version: "2.3.5"
 
 # elgg_mysql_password: defined in default_vars
 elgg_url: /elgg

roles/kalite/tasks/main.yml

@@ -34,25 +34,26 @@
 
 - include_tasks: enable.yml
 
-- name: Add 'kalite-serve' to service list
-  ini_file: dest='{{ service_filelist }}'
-            section=kalite
-            option='{{ item.option }}'
-            value='{{ item.value }}'
+- name: Add 'kalite' to list of services at /etc/iiab/iiab.ini
+  ini_file:
+    dest: "{{ service_filelist }}"
+    section: kalite
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
-    - option: name
-      value: kalite
-    - option: description
-      value: '"KA Lite is a server to present Khan Academy videos offline and to download them."'
-    - option: path
-      value: "{{ kalite_root }}"
-    - option: server_name
-      value: "{{ kalite_server_name }}"
-    - option: port
-      value: "{{ kalite_server_port }}"
-    - option: enabled
-      value: "{{ kalite_enabled }}"
-    - option: cron_enabled
-      value: "{{ kalite_cron_enabled }}"
-    - option: khan_assessment_install
-      value: "{{ khan_assessment_install }}"
+  - option: name
+    value: "KA Lite"
+  - option: description
+    value: '"KA Lite is a server to present Khan Academy videos offline and to download them."'
+  - option: path
+    value: "{{ kalite_root }}"
+  - option: server_name
+    value: "{{ kalite_server_name }}"
+  - option: port
+    value: "{{ kalite_server_port }}"
+  - option: enabled
+    value: "{{ kalite_enabled }}"
+  - option: cron_enabled
+    value: "{{ kalite_cron_enabled }}"
+  - option: khan_assessment_install
+    value: "{{ khan_assessment_install }}"

roles/kiwix/defaults/main.yml

@@ -1,24 +1,29 @@
 # Which kiwix-tools to download from http://download.iiab.io/packages/ (origin: http://download.kiwix.org/nightly/)
-kiwix_src_file_linux64: "kiwix-tools_linux64_2017-11-12.tar.gz"
-kiwix_src_file_armhf: "kiwix-tools_armhf_2017-11-12.tar.gz"
-# Experimental kiwix-0.10 from Oct 2016: (to be replaced before Feb 2018, SEE https://github.com/kiwix/kiwix-build/issues/94)
-kiwix_src_file_i686: "kiwix-0.10-linux-i686.tar.bz2"
-# Appears to be kiwix-0.9 from May 2014:
-# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
+kiwix_src_file_armhf: "kiwix-tools_armhf_2017-12-01.tar.gz"
+kiwix_src_file_linux64: "kiwix_tools_linux64_2017-12-01.tar.gz"
+kiwix_src_file_i686: "kiwix-0.10-linux-i686.tar.bz2"   # Published Oct 2016 ("experimental")
+# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"      # Published May 2014 ("use v0.9 to test legacy ZIM content")
+# KIWIX FOR i686 SHOULD BE REPLACED BEFORE FEB 2018: https://github.com/kiwix/kiwix-build/issues/94
 
-# The following 2 lines are unused as of Nov 2017:
-# kiwix_url: /kiwix
-# kiwix_path: "{{ iiab_base }}/kiwix"
 kiwix_port: 3000
+# Expected to be used soon for Kiwix proxy:
+kiwix_url: /kiwix/
+# Unused in Nov 2017, but should be:
+kiwix_path: "{{ iiab_base }}/kiwix"
 
-# /library/zims contains 3 important things: {library.xml, content, index}
+# /library/zims contains 3 important things:
+# - library.xml
+# - content directory for all *.zim's
+# - index directory for legacy *.zim.idx's
 iiab_zim_path: "{{ content_base }}/zims"
 kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
-kiwix_content_path: "{{ iiab_zim_path }}/content"
+# Unused: (Nov 2017)
+# kiwix_content_path: "{{ iiab_zim_path }}/content"
 
-# Installation variables
+# Installation Variables
 kiwix_install: True
 kiwix_enabled: True
-# The following line is unused as of Nov 2017:
+# MOVE FILE /opt/iiab/kiwix/bin/kiwix-serve TO FORCE A REINSTALL OF kiwix-tools
+kiwix_force_install: False
+# Unused: (Nov 2017)
 # kiwix_content_found: False
-kiwix_first_pass: False

roles/kiwix/tasks/kiwix_install.yml

@@ -1,4 +1,6 @@
-- name: Create various directories for Kiwix's ZIM files
+# 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE
+
+- name: Create various directories for Kiwix ZIM files
   file:
     path: "{{ item }}"
     owner: root
@@ -7,7 +9,7 @@
     state: directory
   with_items:
   - "{{ iiab_zim_path }}"
-  - "{{ kiwix_content_path }}"
+  - "{{ iiab_zim_path }}/content"
   - "{{ iiab_zim_path }}/index"
 
 - name: Check for /library/zims/library.xml
@@ -29,69 +31,57 @@
 
 - name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary
   stat:
-    path: "{{ iiab_base }}/kiwix/bin/kiwix-serve"
+    path: "{{ kiwix_path }}/bin/kiwix-serve"
   register: kiwix_bin
 
-- name: Set kiwix_first_pass if kiwix-serve not found
+- name: Set kiwix_force_install if kiwix-serve not found
   set_fact:
-    kiwix_first_pass: True
-  when: kiwix_bin.stat.exists is defined and not kiwix_bin.stat.exists
+    kiwix_force_install: True
+  when: not kiwix_bin.stat.exists
 
-- name: Copy test.zim file
+- name: Copy test.zim file if kiwix_force_install
   copy:
     src: test.zim
-    dest: "{{ kiwix_content_path }}/test.zim"
+    dest: "{{ iiab_zim_path }}/content/test.zim"
     mode: 0644
     owner: root
     group: root
     force: no
-  when: kiwix_first_pass
+  when: kiwix_force_install
 
-# We get a whole web server for i686 but only the kiwix execs for linux64 & armhf
+- name: Create /opt/iiab/kiwix/bin directory
+  file:
+    path: "{{ kiwix_path }}/bin"
+    owner: root
+    group: root
+    mode: 0755
+    state: directory
 
-# EXPERIMENTAL i686 CODE PATH: as of Nov 2017 bunzip2 then untar unpacks
-# to /tmp/kiwix-0.10-i686/bin WHOSE CONTENTS NEEDS TO BE MOVED TO
-# /opt/iiab/kiwix/bin (STANZA FURTHER BELOW).  All i686 code needs testing.
-# ALSO: code below may need to be revived to chown -R root:root & chmod
-- name: Unarchive kiwix-*-linux-i686.tar.bz2 to /tmp (not bin_only, i.e. i686)
+# 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install
+# (We get a whole web server for i686 but only kiwix execs for linux64 & armhf)
+
+- name: Unarchive Kiwix binaries to permanent location (NOT i686)
+  unarchive:
+    src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
+    dest: "{{ kiwix_path }}/bin"
+    owner: root
+    group: root
+  when: kiwix_src_bin_only and kiwix_force_install
+
+- name: Unarchive kiwix*i686.tar.bz2 to /tmp (i686)
   unarchive:
     src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
     dest: /tmp
     # dest: "{{ iiab_base }}"
     owner: root
     group: root
-  when: not kiwix_src_bin_only and kiwix_first_pass
+  when: not kiwix_src_bin_only and kiwix_force_install
 
-- name: Create kiwix/bin directory
-  file:
-    path: "{{ iiab_base }}/kiwix/bin"
-    owner: root
-    group: root
-    mode: 0755
-    state: directory
+- name: Move /tmp/kiwix*i686/bin/* to permanent location /opt/iiab/kiwix/bin (i686)
+  shell: "mv /tmp/kiwix*i686/bin/* {{ kiwix_path }}/bin/"
+  when: not kiwix_src_bin_only and kiwix_force_install
 
-# EXPERIMENTAL i686 CODE PATH
-- name: move /tmp/kiwix*i686/bin/* to permanent location /opt/iiab/kiwix/bin (not bin_only, i.e. i686)
-  shell: "mv /tmp/kiwix*i686/bin/* /opt/iiab/kiwix/bin/"
-  when: not kiwix_src_bin_only and kiwix_first_pass
-
-- name: Unarchive Kiwix to permanent location (bin_only, i.e. not i686)
-  unarchive:
-    src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
-    dest: "{{ iiab_base }}/kiwix/bin"
-    owner: root
-    group: root
-  when: kiwix_src_bin_only and kiwix_first_pass
-
-# MIGHT BE RESTORED LATER FOR i686?  Unused as of Nov 2017:
-# # workaround because unarchive does not set ownership properly
-# - name: "Set ownership as if: 'chown -R root:root /opt/iiab/kiwix'"
-#   file:
-#     path: "{{ iiab_base }}/kiwix"
-#     owner: root
-#     group: root
-#     recurse: yes
-#     mode: ????
+# 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
 
 - name: Enable the mods which permit Apache to proxy (debuntu)
   apache2_module:
@@ -103,24 +93,9 @@
   - rewrite
   when: is_debuntu
 
-# workaround because kiwix-serve does not stay running
-- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu)
-# *  *  *  *  * user-name  command to be executed
-  lineinfile:
-    line: "0  4  *  *  * root /bin/systemctl restart kiwix-serve.service"
-    dest: /etc/crontab
-  when: is_debuntu
+# 4. CREATE/ENABLE/DISABLE KIWIX SERVICE & ITS CRON JOB
 
-- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat)
-# *  *  *  *  * user-name  command to be executed
-  lineinfile:
-    line: "0  4  *  *  * root /usr/bin/systemctl restart kiwix-serve.service"
-    dest: /etc/crontab
-  when: is_redhat
-
-# Create Kiwix service
-
-- name: Create 'kiwix-serve' service
+- name: Create 'kiwix-serve' service and related files
   template:
     backup: no
     src: "{{ item.src }}"
@@ -133,7 +108,14 @@
 #   - { src: 'kiwix-serve-init.j2', dest: '/usr/libexec/kiwix-serve-init', mode: '0755'}
   - { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755'}
   - { src: 'iiab-make-kiwix-lib.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'}
-  - { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'}
+#  - { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'}
+  - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'}
+
+- name: Enable Kiwix Proxy in Apache - is disabled by turning off kiwix service
+  file: path=/etc/apache2/sites-enabled/kiwix.conf
+        src=/etc/apache2/sites-available/kiwix.conf
+        state=link
+  when: is_debuntu
 
 - name: Enable 'kiwix-serve' service
   service:
@@ -148,8 +130,33 @@
     enabled: no
     state: stopped
   when: not kiwix_enabled
+# IN THEORY: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled"
 
-- name: Add 'kiwix-serve' to list of services at /opt/iiab/iiab.ini
+# In the past kiwix-serve did not stay running, so we'd been doing this hourly.
+# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in
+# future, whenever service fails, if this really catches all cases??
+# https://github.com/iiab/iiab/issues/484#issuecomment-342151726
+- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu)
+  lineinfile:
+         # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed
+    line: "0  4  *  *  * root /bin/systemctl restart kiwix-serve.service"
+    dest: /etc/crontab
+  when: kiwix_enabled and is_debuntu
+
+- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat)
+# *  *  *  *  * user-name  command to be executed
+  lineinfile:
+         # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed
+    line: "0  4  *  *  * root /usr/bin/systemctl restart kiwix-serve.service"
+    dest: /etc/crontab
+  when: kiwix_enabled and is_redhat
+
+- name: Restart apache, so it picks up kiwix.conf
+  service: name={{ apache_service }} state=restarted
+
+# 5. FINALIZE
+
+- name: Add 'kiwix-serve' to list of services at /etc/iiab/iiab.ini
   ini_file:
     dest: "{{ service_filelist }}"
     section: kiwix-serve
@@ -160,18 +167,18 @@
     value: kiwix-serve
   - option: description
     value: '"Part of https://github.com/kiwix/kiwix-tools/ - kiwix-serve is the most used web server for ZIM files."'
-# The following 4 lines are unused as of Nov 2017:
-#   - option: kiwix_url
-#     value: "{{ kiwix_url }}"
-#   - option: kiwix_path
-#     value: "{{ kiwix_path }}"
+  - option: kiwix_url
+    value: "{{ kiwix_url }}"
+  - option: kiwix_path
+    value: "{{ kiwix_path }}"
   - option: kiwix_port
     value: "{{ kiwix_port }}"
   - option: iiab_zim_path
     value: "{{ iiab_zim_path }}"
   - option: kiwix_library_xml
     value: "{{ kiwix_library_xml }}"
-  - option: kiwix_content_path
-    value: "{{ kiwix_content_path }}"
+# The following 2 lines are unused: (Nov 2017)
+#   - option: kiwix_content_path
+#     value: "{{ kiwix_content_path }}"
   - option: enabled
     value: "{{ kiwix_enabled }}"

roles/kiwix/tasks/main.yml

@@ -1,21 +1,27 @@
-# EXPERIMENTAL i686 CODE PATH
-- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)"
+- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_armhf }} (armv6l or armv71)"
   set_fact:
-     kiwix_src_file: "{{ kiwix_src_file_i686 }}"
-     kiwix_src_bin_only: False
-  when: ansible_machine == "i686"
-
+     kiwix_src_file: "{{ kiwix_src_file_armhf }}"
+     kiwix_src_bin_only: True
+  when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
+  
 - name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)"
   set_fact:
      kiwix_src_file: "{{ kiwix_src_file_linux64 }}"
      kiwix_src_bin_only: True
   when: ansible_machine == "x86_64"
 
-- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_armhf }} (armv6l or armv71)"
+- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)"
   set_fact:
-     kiwix_src_file: "{{ kiwix_src_file_armhf }}"
-     kiwix_src_bin_only: True
-  when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
+     kiwix_src_file: "{{ kiwix_src_file_i686 }}"
+     kiwix_src_bin_only: False
+  when: ansible_machine == "i686"
+# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017)
+
+- name: FAIL (force Ansible to exit) IF kiwix-tools appears unavailable for OS/architecture
+# debug:
+  fail:
+    msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE."
+  when: not kiwix_src_file
 
 - name: Download Kiwix software to /opt/iiab/downloads
   get_url:
@@ -23,11 +29,16 @@
     dest: "{{ downloads_dir }}/{{ kiwix_src_file }}"
   when: internet_available
 
+- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }}
+  stat:
+    path: "{{ downloads_dir }}/{{ kiwix_src_file }}"
+  register: kiwix_src
+
+- name: FAIL (force Ansible to exit) IF /opt/iiab/downloads/{{ kiwix_src_file }} doesn't exist
+  fail:
+    msg: "{ downloads_dir }}/{{ kiwix_src_file }} is REQUIRED in order to install Kiwix."
+  when: not kiwix_src.stat.exists
+
 - include_tasks: kiwix_install.yml
-  when: kiwix_src_file is defined
   tags:
     - kiwix
-
-- debug:
-    msg: "WARNING: kiwix-tools SOFTWARE NOT FOUND FOR YOUR OS/ARCHITECTURE."
-  when: not kiwix_src_file

roles/kiwix/templates/iiab-make-kiwix-lib

@@ -2,7 +2,7 @@
 
 {{ systemctl_program }} stop kiwix-serve
 /usr/bin/iiab-make-kiwix-lib.py
-/usr/bin/iiab-make-apache-config.py
+#/usr/bin/iiab-make-apache-config.py
 {{ systemctl_program }} start kiwix-serve
 
 exit 0

roles/kiwix/templates/kiwix-serve.service.j2

@@ -4,7 +4,7 @@ After=syslog.target network.target local-fs.target
 
 [Service]
 Type=forking
-ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }}
+ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }}
 
 [Install]
 WantedBy=multi-user.target

roles/kiwix/templates/kiwix.conf.j2

@@ -0,0 +1 @@
+ProxyPass {{ kiwix_url }}  http://127.0.0.1:{{ kiwix_port }}{{ kiwix_url }}

roles/network/tasks/hostapd.yml

@@ -8,7 +8,7 @@
 
 - name: Create a config template for hostapd
   template: src=hostapd/iiab-hostapd.conf.j2
-            dest=/etc/hostapd/hostapd.conf.template
+            dest=/etc/hostapd/hostapd.conf.iiab
             owner=root
             group=root
             mode=0644

roles/network/tasks/main.yml

@@ -8,13 +8,13 @@
     - network
     - network-discover
 
-- name: RPi hack for AP post install via wifi so the services are right
+- name: RPi - reboot to AP post install - installed via wifi so the services are ready
   set_fact:
       iiab_lan_iface: br0
       iiab_wan_iface: "{{ discovered_wired_iface }}"
       iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}"
       iiab_wired_lan_iface: ""
-  when: is_rpi and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface
+  when: is_rpi and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP
 
 - include_tasks: computed_network.yml
   when: not installing
@@ -27,7 +27,7 @@
     - network
     - AP
 
-- name: RPi hack for AP post install via wifi don't blow away current network
+- name: RPi reboot to AP post install - installed via wifi - don't blow away current network
   set_fact:
       no_net_restart: True
       hostapd_enabled: False

roles/network/tasks/named.yml

@@ -90,3 +90,6 @@
   file: path=/etc/{{ apache_config_dir }}/dns-jail.conf
         state=absent
   when: not is_debuntu and not dns_jail_enabled
+
+- name: Start named after copying files
+  service: name={{ dns_service }} state=started

roles/network/templates/network/iiab-hotspot-off

@@ -2,6 +2,8 @@
 sed -i -e "s/^denyinterfaces*/#denyinterfaces/" /etc/dhcpcd.conf
 systemctl disable hostapd
 systemctl stop hostapd
+systemctl disable dhcpd
+systemctl stop dhcpd
 systemctl daemon-reload
 systemctl restart dhcpcd
 systemctl restart networking

roles/network/templates/network/iiab-hotspot-on

@@ -1,7 +1,10 @@
 #!/bin/bash
+cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf
 sed -i -e "s/#denyinterfaces*/denyinterfaces/" /etc/dhcpcd.conf
 systemctl enable hostapd
+systemctl enable dhcpd
 systemctl daemon-reload
 systemctl restart dhcpcd
 systemctl restart networking
 systemctl start hostapd
+systemctl start dhcpd

roles/network/templates/network/rpi.j2

@@ -7,6 +7,8 @@ auto br0
 iface br0 inet manual
 {% if iiab_wired_lan_iface is defined %}
     bridge_ports {{ iiab_wired_lan_iface }}
+{% else %}
+    bridge_ports none
 {% endif %}
     bridge_maxwait 0
     dns-nameservers 127.0.0.1

roles/nextcloud/defaults/main.yml

@@ -1,11 +1,15 @@
 nextcloud_install: True
 nextcloud_enabled: False
 
+# REMOVE /opt/nextcloud/version.php TO FORCE AN INSTALL OR REINSTALL OR UPGRADE
+nextcloud_force_install: False
+
 nextcloud_url: /nextcloud
 nextcloud_prefix: /opt
 nextcloud_data_dir: "{{ content_base }}/nextcloud/data"
 nextcloud_dl_url: https://download.nextcloud.com/server/releases/
-nextcloud_src_file: latest-12.tar.bz2
+nextcloud_orig_src_file: latest-12.tar.bz2
+nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }}
 
 # we install on mysql with these setting or those from default_vars, etc.
 nextcloud_dbname: nextcloud

roles/nextcloud/tasks/main.yml

@@ -1,31 +1,43 @@
-# we need to install the rpm in order to get the dependencies
-# but we only need to do this the first time
-
-- name: See if the Nextcloud startup page exists
-  stat: path={{ nextcloud_prefix }}/nextcloud/index.php
+- name: See if Nextcloud version page exists
+  stat:
+    path: "{{ nextcloud_prefix }}/nextcloud/version.php"
+#   path: "{{ nextcloud_prefix }}/nextcloud/index.php"
   register: nextcloud_page
 
+- name: FORCE INSTALL OR REINSTALL OR UPGRADE IF /opt/nextcloud/version.php DOESN'T EXIST
+  set_fact:
+    nextcloud_force_install: True
+  when: not nextcloud_page.stat.exists
 
-# but we use the tar file to get the latest version
+# - debug:
+#     msg: "nextcloud_force_install: {{ nextcloud_force_install }}"
 
-- name: Get the Nextcloud software
-  get_url: url={{ nextcloud_dl_url }}/{{ nextcloud_src_file }} dest={{ downloads_dir }}/{{ nextcloud_src_file }}
-  when: internet_available
+
+- name: Download latest Nextcloud software to /opt/iiab/download/{{ nextcloud_src_file }}
+  get_url:
+    url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}"
+    dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
+    force: yes
+  when: internet_available and nextcloud_force_install
   async: 900
   poll: 15
   tags:
     - download
 
 - name: Ubuntu and Debian treat names differently (Debian)
-  package: name={{ item }} state=present
+  package:
+    name: "{{ item }}"
+    state: present
   with_items:
-    - libapache2-mod-php{{ php_version }}
-    - php{{ php_version }}-mbstring
-    - php{{ php_version }}-zip
+    - "libapache2-mod-php{{ php_version }}"
+    - "php{{ php_version }}-mbstring"
+    - "php{{ php_version }}-zip"
   when: is_debian
 
 - name: Ubuntu and Debian treat names differently (Ubuntu)
-  package: name={{ item }} state=present
+  package:
+    name: "{{ item }}"
+    state: present
   with_items:
     - libapache2-mod-php
     - php-imagick
@@ -34,18 +46,25 @@
   when: is_ubuntu
 
 - name: Install list of packages (debuntu)
-  package: name={{ item }} state=present
+  package:
+    name: "{{ item }}"
+    state: present
   with_items:
-    - php{{ php_version }}-gd
-    - php{{ php_version }}-json
-    - php{{ php_version }}-mysql
-    - php{{ php_version }}-curl
-    - php{{ php_version }}-intl
-    - php{{ php_version }}-mcrypt
+    - "php{{ php_version }}-gd"
+    - "php{{ php_version }}-json"
+    - "php{{ php_version }}-mysql"
+    - "php{{ php_version }}-curl"
+    - "php{{ php_version }}-intl"
+    - "php{{ php_version }}-mcrypt"
   when: is_debuntu
 
+# we need to install the rpm in order to get the dependencies
+# but we only need to do this the first time
+
 - name: Install list of packages (redhat)
-  package: name={{ item }} state=present
+  package:
+    name: "{{ item }}"
+    state: present
   with_items:
     - php
     - php-gd
@@ -59,52 +78,63 @@
   when: is_redhat
 
 - name: Copy it to permanent location /opt (OS's other than Fedora 18)
-  unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }}
-             dest={{ nextcloud_prefix }}
-             creates={{ nextcloud_prefix }}/nextcloud/version.php
-  when: not is_F18
+  unarchive:
+    src: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
+    dest: "{{ nextcloud_prefix }}"
+#   creates: "{{ nextcloud_prefix }}/nextcloud/version.php"
+  when: not is_F18 and nextcloud_force_install
 
-# ansible 1.4.1 does not have "creates"
+# Ansible 1.4.1 does not have "creates" (but hopefully has "when")
 - name: Copy it to permanent location /opt (Fedora 18)
-  unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }}
-             dest={{ nextcloud_prefix }}
-  when: is_F18
+  unarchive:
+    src: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
+    dest: "{{ nextcloud_prefix }}"
+  when: is_F18 and nextcloud_force_install
 
 - name: In CentOS, the following config dir is symlink to /etc/nextcloud
-  file: path=/etc/nextcloud
-        state=directory
+  file:
+    path: /etc/nextcloud
+    state: directory
   when: is_centos
 
 - name: Add autoconfig file (CentOS)
-  template: src=autoconfig.php.j2
-            dest={{ nextcloud_prefix }}/nextcloud/config/autoconfig.php
-            owner={{ apache_user }}
-            group={{ apache_user }}
-            mode=0640
+  template:
+    src: autoconfig.php.j2
+    dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php"
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    mode: 0640
   when: is_centos
 
 - name: Make Apache owner
-  file: path={{ nextcloud_prefix }}/nextcloud
-        owner={{ apache_user }}
-        group={{ apache_user }}
-        recurse=yes
-        state=directory
+  file:
+    path: "{{ nextcloud_prefix }}/nextcloud"
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    recurse: yes
+    state: directory
 
 - name: Create data directory library
-  file: path={{ item }}
-        mode=0750
-        owner={{ apache_user }}
-        group={{ apache_user }}
-        state=directory
+  file:
+    path: "{{ item }}"
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    mode: 0750
+    state: directory
   with_items:
     - "{{ nextcloud_data_dir }}"
 
 - name: Create a MySQL database for Nextcloud
-  mysql_db: name={{ nextcloud_dbname }}
+  mysql_db:
+    name: "{{ nextcloud_dbname }}"
   when: mysql_enabled and nextcloud_enabled
 
 - name: Create a user to access the Nextcloud database
-  mysql_user: name={{ nextcloud_dbuser }} host={{ item }} password={{ nextcloud_dbpassword }} priv={{ nextcloud_dbname }}.*:ALL,GRANT
+  mysql_user:
+    name: "{{ nextcloud_dbuser }}"
+    host: "{{ item }}"
+    password: "{{ nextcloud_dbpassword }}"
+    priv: "{{ nextcloud_dbname }}.*:ALL,GRANT"
   with_items:
         - "{{ nextcloud_dbhost }}"
         - 127.0.0.1
@@ -114,7 +144,10 @@
 
 
 - name: Restart Apache, so it picks up the new aliases
-  service: name={{ apache_service }} state=restarted
+  service:
+    name: "{{ apache_service }}"
+    state: restarted
+# when: nextcloud_enabled     # taken care of by nextcloud_enabled.yml below
   when: not nextcloud_enabled
 
 # Enable nextcloud by copying template to httpd config
@@ -122,19 +155,20 @@
 # following enables and disables
 - include_tasks: nextcloud_enabled.yml
 
-- name: Add 'nextcloud' to service list
-  ini_file: dest='{{ service_filelist }}'
-            section=nextcloud
-            option='{{ item.option }}'
-            value='{{ item.value }}'
+- name: Add 'nextcloud' to list of services at /etc/iiab/iiab.ini
+  ini_file:
+    dest: "{{ service_filelist }}"
+    section: Nextcloud
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
-    - option: name
-      value: nextcloud
-    - option: description
-      value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
-    - option: path
-      value: "{{ nextcloud_prefix }}/nextcloud"
-    - option: source
-      value: "{{ nextcloud_src_file }}"
-    - option: enabled
-      value: "{{ nextcloud_enabled }}"
+  - option: name
+    value: Nextcloud
+  - option: description
+    value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
+  - option: path
+    value: "{{ nextcloud_prefix }}/nextcloud"
+  - option: source
+    value: "{{ nextcloud_src_file }}"
+  - option: enabled
+    value: "{{ nextcloud_enabled }}"

roles/openvpn/tasks/main.yml

@@ -102,21 +102,22 @@
   when:  not openvpn_enabled and not installing
 
 
-- name: Add OpenVPN to service list
-  ini_file: dest='{{ service_filelist }}'
-            section=openvpn
-            option='{{ item.option }}'
-            value='{{ item.value }}'
+- name: Add 'openvpn' to list of services at /etc/iiab/iiab.ini
+  ini_file:
+    dest: "{{ service_filelist }}"
+    section: openvpn
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
-    - option: name
-      value: "openvpn"
-    - option: description
-      value: '"OpenVPN is a means of connecting to a server anywhere on the internet, via a middleman server."'
-    - option: middleman_url
-      value: "{{ vpn_presence }}"
-    - option: port
-      value: "{{ openvpn_server_port }}"
-    - option: enabled
-      value: "{{ openvpn_enabled }}"
-    - option: cron_enabled
-      value: "{{ openvpn_cron_enabled }}"
+  - option: name
+    value: OpenVPN
+  - option: description
+    value: '"OpenVPN is a means of connecting to a server anywhere on the internet, via a middleman server."'
+  - option: middleman_url
+    value: "{{ vpn_presence }}"
+  - option: port
+    value: "{{ openvpn_server_port }}"
+  - option: enabled
+    value: "{{ openvpn_enabled }}"
+  - option: cron_enabled
+    value: "{{ openvpn_cron_enabled }}"

roles/osm/tasks/main.yml

@@ -71,13 +71,13 @@
      osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab"
   when: osm_enabled and is_debuntu
 
-- name: All - Point wsgi to virtual environment
+- name: Point wsgi to virtual environment (all OS's)
   lineinfile: dest={{ osm_venv }}/bin/iiab.wsgi
               regexp="path_to_virtualenv = None"
               line="path_to_virtualenv = '/usr/local/osm'"
               state=present
 
-- name: All - Copy OSM config file
+- name: Copy OSM config file (all OS's)
   template: backup=no
             src=osm.conf.j2
             dest=/etc/{{ apache_config_dir }}/osm.conf
@@ -86,28 +86,28 @@
             mode=0644
   when: osm_enabled
 
-- name: Debuntu - Create a link from sites-enabled to sites-available
+- name: Create a link from sites-enabled to sites-available (debuntu)
   file: src=/etc/{{ apache_config_dir }}/osm.conf
         dest=/etc/apache2/sites-enabled/osm.conf
         state=link
   when: osm_enabled and is_debuntu
 
-- name: Debuntu - Remove the link from sites-enabled to sites-available
+- name: Remove the link from sites-enabled to sites-available (debuntu)
   file: dest=/etc/apache2/sites-enabled/osm.conf
         state=absent
   when: not osm_enabled and is_debuntu
 
-- name: Redhat - Remove the osm.conf
+- name: Remove the osm.conf (redhat)
   file: dest=/{{ apache_config_dir }}/osm.conf
         state=absent
   when: not osm_enabled and is_redhat
 
-- name: All - Remove link to cgi
+- name: Remove link to cgi (all OS's)
   file: dest={{ doc_root }}/osm.wsgi
         state=absent
   when: not osm_enabled
 
-- name: All - Create link to cgi
+- name: Create link to cgi (all OS's)
   file: src={{ osm_venv }}/bin/iiab.wsgi
         dest={{ doc_root }}/osm.wsgi
         owner=root
@@ -137,17 +137,19 @@
   service: name={{ apache_service }}
            state=restarted
 
-- name: Add OSM to service list
-  ini_file: dest='{{ service_filelist }}'
-            section=osm
-            option='{{ item.option }}'
-            value='{{ item.value }}'
+- name: Add 'osm' to list of services at /etc/iiab/iiab.ini
+  ini_file:
+    dest: "{{ service_filelist }}"
+    section: osm
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
-    - option: name
-      value: Internet-in-a-Box
-    - option: description
-      value: '"The Internet-in-a-Box is a small, inexpensive device which provides essential Internet resources without any Internet connection. It provides a local copy of half a terabyte of the world’s Free information."'
-    - option: path
-      value: /osm
-    - option: enabled
-      value: "{{ osm_enabled }}"
+  - option: name
+    value: OpenStreetMap
+  - option: description
+    value: '"OpenStreetMap offers beautiful maps of the entire planet, continually created & updated by volunteers (much in the same way as Wikipedia) but for maps."'
+    # value: '"The Internet-in-a-Box is a small, inexpensive device which provides essential Internet resources without any Internet connection. It provides a local copy of half a terabyte of the world’s Free information."'
+  - option: path
+    value: /osm
+  - option: enabled
+    value: "{{ osm_enabled }}"

roles/phpmyadmin/defaults/main.yml

@@ -1,4 +1,4 @@
 phpmyadmin_install: False
 phpmyadmin_enabled: False
-phpmyadmin_name: "phpMyAdmin-4.7.5-all-languages"
+phpmyadmin_name: "phpMyAdmin-4.7.6-all-languages"
 phpmyadmin_name_zip: "{{ phpmyadmin_name }}.zip"

roles/phpmyadmin/tasks/main.yml

@@ -64,18 +64,18 @@
     state: absent
   when: not phpmyadmin_enabled and is_debuntu
 
-- name: Add phpmyadmin to service list
+- name: Add 'phpmyadmin' to list of services at /etc/iiab/iiab.ini
   ini_file:
     dest: "{{ service_filelist }}"
     section: phpmyadmin
     option: "{{ item.option }}"
     value: "{{ item.value }}"
   with_items:
-    - option: name
-      value: phpMyAdmin
-    - option: description
-      value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."'
-    - option: path
-      value: /opt/phpmyadmin
-    - option: enabled
-      value: "{{ phpmyadmin_enabled }}"
+  - option: name
+    value: phpMyAdmin
+  - option: description
+    value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."'
+  - option: path
+    value: /opt/phpmyadmin
+  - option: enabled
+    value: "{{ phpmyadmin_enabled }}"

roles/sugarizer/tasks/main.yml

@@ -96,16 +96,16 @@
     - { name: sugarizer }
   when: not sugarizer_enabled
 
-- name: Add 'sugarizer' to service list at /etc/iiab/iiab.ini
+- name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini
   ini_file:
     dest: "{{ service_filelist }}"
     section: sugarizer
     option: "{{ item.option }}"
     value: "{{ item.value }}"
   with_items:
-    - option: name
-      value: Sugarizer
-    - option: description
-      value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."'
-    - option: enabled
-      value: "{{ sugarizer_enabled }}"
+  - option: name
+    value: Sugarizer
+  - option: description
+    value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."'
+  - option: enabled
+    value: "{{ sugarizer_enabled }}"

roles/wordpress/tasks/install.yml

@@ -1,16 +1,15 @@
-# IF YOU NEED TO REINSTALL FROM /opt/iiab/downloads/wordpress.tar.gz
-# TO /library/wordpress DURING YOUR NEXT RUN OF "./runtags wordpress" OR
-# "./iiab-install" THEN YOU FIRST NEED TO:
+# "Emergency" reinstalls (from /opt/iiab/downloads/wordpress.tar.gz
+# to /library/wordpress) should also work offline...
 #
-# - "mv /library/wordpress /library/wordpress.old" (MUST)
-# - back up then drop the database (RECOMMENDED)
+# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
+# NEXT RUN OF "./runtags wordpress" OR "./iiab-install" PLEASE FIRST DO:
+#
+# - "mv /library/wordpress /library/wordpress.old"
+# - back up WordPress's database then drop it
 #
 # REASON: "keep_newer: yes" below tries to preserves WordPress's self-upgrades
-# & security enhancements within /library/wordpress, that can occur without
-# warning when WordPress is online, since WordPress ~4.8 especially.
-#
-# Such "emergency" reinstalls from /opt/iiab/downloads/wordpress.tar.gz to
-# /library/wordpress should also work offline.
+# and security enhancements using timestamps under /library/wordpress, as these
+# can arise without warning when WordPress is online, since WordPress ~4.8.
 
 - name: Download the latest WordPress software
   get_url:
@@ -123,27 +122,28 @@
 - name: Restart Apache, so it picks up the new aliases
   service: name={{ apache_service }} state=restarted
 
-- name: Add 'wordpress' to service list
-  ini_file: dest='{{ service_filelist }}'
-            section=wordpress
-            option='{{ item.option }}'
-            value='{{ item.value }}'
+- name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini
+  ini_file:
+    dest: "{{ service_filelist }}"
+    section: wordpress
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
   with_items:
-    - option: name
-      value: wordpress
-    - option: description
-      value: '"WordPress is a blog and web site management application."'
-    - option: wordpress_src
-      value: "{{ wordpress_src }}"
-    - option: wp_abs_path
-      value: "{{ wp_abs_path }}"
-    - option: wp_db_name
-      value: "{{ wp_db_name }}"
-    - option: wp_db_user
-      value: "{{ wp_db_user }}"
-    - option: wp_url
-      value: "{{ wp_url }}"
-    - option: wp_full_url
-      value: "{{ wp_full_url }}"
-    - option: wordpress_enabled
-      value: "{{ wordpress_enabled }}"
+  - option: name
+    value: WordPress
+  - option: description
+    value: '"WordPress is a blog and web site management application."'
+  - option: wordpress_src
+    value: "{{ wordpress_src }}"
+  - option: wp_abs_path
+    value: "{{ wp_abs_path }}"
+  - option: wp_db_name
+    value: "{{ wp_db_name }}"
+  - option: wp_db_user
+    value: "{{ wp_db_user }}"
+  - option: wp_url
+    value: "{{ wp_url }}"
+  - option: wp_full_url
+    value: "{{ wp_full_url }}"
+  - option: wordpress_enabled
+    value: "{{ wordpress_enabled }}"

vars/default_vars.yml

@@ -69,6 +69,10 @@ host_wifi_mode: g
 host_channel: 6
 hostapd_secure: False
 hostapd_password: changeme
+# For those installing IIAB over WiFi: "reboot_to_AP: True" makes the internal
+# WiFi Access active after the next reboot.  This is equivalent to manually
+# running "iiab-hotspot-on".  Note this variable only works with RPi's for now.
+reboot_to_AP: False
 
 # Gateway mode
 iiab_lan_enabled: True