diff --git a/roles/2-common/tasks/iiab-startup.yml b/roles/2-common/tasks/iiab-startup.yml new file mode 100644 index 000000000..fa0e60d2c --- /dev/null +++ b/roles/2-common/tasks/iiab-startup.yml @@ -0,0 +1,26 @@ +- name: Does systemd startup service exist + stat: path="{{ systemd_location }}/iiab-startup.service" + register: startup_unit + +- name: Copy startup service to /etc/systemd/system + template: src=iiab-startup.service + dest=/etc/systemd/system/ + when: startup_unit.stat.exists is defined and not startup_unit.stat.exists + +- name: Copy startup script + template: src=iiab-startup.sh + dest=/usr/libexec/ + mode=0755 + when: startup_unit.stat.exists is defined and not startup_unit.stat.exists + +- name: Ask systemd to recognize the changes + shell: systemctl daemon-reload + when: startup_unit.stat.exists is defined and not startup_unit.stat.exists + +- name: Restart so systemd recognizes the changes + shell: systemctl restart iiab-startup.service + when: startup_unit.stat.exists is defined and not startup_unit.stat.exists + +- name: Enable the reload service + shell: systemctl enable iiab-startup.service + when: startup_unit.stat.exists is defined and not startup_unit.stat.exists diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 638457f5f..44cbdc41c 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -44,6 +44,8 @@ - include_tasks: udev.yml +- include_tasks: iiab-startup.yml + - name: Recording STAGE 2 HAS COMPLETED ========================== lineinfile: dest=/etc/iiab/iiab.env regexp='^STAGE=*' diff --git a/roles/2-common/templates/iiab-startup.service b/roles/2-common/templates/iiab-startup.service new file mode 100644 index 000000000..6e9490466 --- /dev/null +++ b/roles/2-common/templates/iiab-startup.service @@ -0,0 +1,10 @@ +[Unit] +Description=Execute startup script +After=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/libexec/iiab-startup.sh + +[Install] +WantedBy=multi-user.target diff --git a/roles/2-common/templates/iiab-startup.sh b/roles/2-common/templates/iiab-startup.sh new file mode 100644 index 000000000..afb2c1d98 --- /dev/null +++ b/roles/2-common/templates/iiab-startup.sh @@ -0,0 +1,8 @@ +#!/bin/bash +# put initialization that needs to happen at every startup for IIAB here + +if [ ! -f /etc/iiab/uuid ]; then + uuidgen > /etc/iiab/uuid +fi +exit 0 + diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index 25d91934d..b7c2ba9cf 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -77,20 +77,22 @@ #async: 900 #poll: 5 -- name: Add 'calibre-serve' to service list at /etc/iiab/iiab.ini +- name: Add 'calibre' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" section: calibre option: "{{ item.option }}" value: "{{ item.value }}" with_items: - - option: description - value: '"Calibre is an extremely popular personal library system for e-books."' - - option: url - value: "{{ calibre_src_url }}" - - option: database - value: "{{ calibre_dbpath }}" - - option: port - value: "{{ calibre_port }}" - - option: enabled - value: "{{ calibre_enabled }}" + - option: name + value: Calibre + - option: description + value: '"Calibre is an extremely popular personal library system for e-books."' + - option: url + value: "{{ calibre_src_url }}" + - option: database + value: "{{ calibre_dbpath }}" + - option: port + value: "{{ calibre_port }}" + - option: enabled + value: "{{ calibre_enabled }}" diff --git a/roles/elgg/defaults/main.yml b/roles/elgg/defaults/main.yml index 76074ae84..0872a6828 100644 --- a/roles/elgg/defaults/main.yml +++ b/roles/elgg/defaults/main.yml @@ -1,5 +1,5 @@ elgg_xx: elgg -elgg_version: "2.3.4" +elgg_version: "2.3.5" # elgg_mysql_password: defined in default_vars elgg_url: /elgg diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index ed69c882d..f68fd7d92 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -34,25 +34,26 @@ - include_tasks: enable.yml -- name: Add 'kalite-serve' to service list - ini_file: dest='{{ service_filelist }}' - section=kalite - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'kalite' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: kalite + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - - option: name - value: kalite - - option: description - value: '"KA Lite is a server to present Khan Academy videos offline and to download them."' - - option: path - value: "{{ kalite_root }}" - - option: server_name - value: "{{ kalite_server_name }}" - - option: port - value: "{{ kalite_server_port }}" - - option: enabled - value: "{{ kalite_enabled }}" - - option: cron_enabled - value: "{{ kalite_cron_enabled }}" - - option: khan_assessment_install - value: "{{ khan_assessment_install }}" + - option: name + value: "KA Lite" + - option: description + value: '"KA Lite is a server to present Khan Academy videos offline and to download them."' + - option: path + value: "{{ kalite_root }}" + - option: server_name + value: "{{ kalite_server_name }}" + - option: port + value: "{{ kalite_server_port }}" + - option: enabled + value: "{{ kalite_enabled }}" + - option: cron_enabled + value: "{{ kalite_cron_enabled }}" + - option: khan_assessment_install + value: "{{ khan_assessment_install }}" diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 4f0d4597b..0291ed4a5 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -1,24 +1,29 @@ # Which kiwix-tools to download from http://download.iiab.io/packages/ (origin: http://download.kiwix.org/nightly/) -kiwix_src_file_linux64: "kiwix-tools_linux64_2017-11-12.tar.gz" -kiwix_src_file_armhf: "kiwix-tools_armhf_2017-11-12.tar.gz" -# Experimental kiwix-0.10 from Oct 2016: (to be replaced before Feb 2018, SEE https://github.com/kiwix/kiwix-build/issues/94) -kiwix_src_file_i686: "kiwix-0.10-linux-i686.tar.bz2" -# Appears to be kiwix-0.9 from May 2014: -# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" +kiwix_src_file_armhf: "kiwix-tools_armhf_2017-12-01.tar.gz" +kiwix_src_file_linux64: "kiwix_tools_linux64_2017-12-01.tar.gz" +kiwix_src_file_i686: "kiwix-0.10-linux-i686.tar.bz2" # Published Oct 2016 ("experimental") +# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # Published May 2014 ("use v0.9 to test legacy ZIM content") +# KIWIX FOR i686 SHOULD BE REPLACED BEFORE FEB 2018: https://github.com/kiwix/kiwix-build/issues/94 -# The following 2 lines are unused as of Nov 2017: -# kiwix_url: /kiwix -# kiwix_path: "{{ iiab_base }}/kiwix" kiwix_port: 3000 +# Expected to be used soon for Kiwix proxy: +kiwix_url: /kiwix/ +# Unused in Nov 2017, but should be: +kiwix_path: "{{ iiab_base }}/kiwix" -# /library/zims contains 3 important things: {library.xml, content, index} +# /library/zims contains 3 important things: +# - library.xml +# - content directory for all *.zim's +# - index directory for legacy *.zim.idx's iiab_zim_path: "{{ content_base }}/zims" kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" -kiwix_content_path: "{{ iiab_zim_path }}/content" +# Unused: (Nov 2017) +# kiwix_content_path: "{{ iiab_zim_path }}/content" -# Installation variables +# Installation Variables kiwix_install: True kiwix_enabled: True -# The following line is unused as of Nov 2017: +# MOVE FILE /opt/iiab/kiwix/bin/kiwix-serve TO FORCE A REINSTALL OF kiwix-tools +kiwix_force_install: False +# Unused: (Nov 2017) # kiwix_content_found: False -kiwix_first_pass: False diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index a3a078860..1a81ac77f 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -1,4 +1,6 @@ -- name: Create various directories for Kiwix's ZIM files +# 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE + +- name: Create various directories for Kiwix ZIM files file: path: "{{ item }}" owner: root @@ -7,7 +9,7 @@ state: directory with_items: - "{{ iiab_zim_path }}" - - "{{ kiwix_content_path }}" + - "{{ iiab_zim_path }}/content" - "{{ iiab_zim_path }}/index" - name: Check for /library/zims/library.xml @@ -29,69 +31,57 @@ - name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary stat: - path: "{{ iiab_base }}/kiwix/bin/kiwix-serve" + path: "{{ kiwix_path }}/bin/kiwix-serve" register: kiwix_bin -- name: Set kiwix_first_pass if kiwix-serve not found +- name: Set kiwix_force_install if kiwix-serve not found set_fact: - kiwix_first_pass: True - when: kiwix_bin.stat.exists is defined and not kiwix_bin.stat.exists + kiwix_force_install: True + when: not kiwix_bin.stat.exists -- name: Copy test.zim file +- name: Copy test.zim file if kiwix_force_install copy: src: test.zim - dest: "{{ kiwix_content_path }}/test.zim" + dest: "{{ iiab_zim_path }}/content/test.zim" mode: 0644 owner: root group: root force: no - when: kiwix_first_pass + when: kiwix_force_install -# We get a whole web server for i686 but only the kiwix execs for linux64 & armhf +- name: Create /opt/iiab/kiwix/bin directory + file: + path: "{{ kiwix_path }}/bin" + owner: root + group: root + mode: 0755 + state: directory -# EXPERIMENTAL i686 CODE PATH: as of Nov 2017 bunzip2 then untar unpacks -# to /tmp/kiwix-0.10-i686/bin WHOSE CONTENTS NEEDS TO BE MOVED TO -# /opt/iiab/kiwix/bin (STANZA FURTHER BELOW). All i686 code needs testing. -# ALSO: code below may need to be revived to chown -R root:root & chmod -- name: Unarchive kiwix-*-linux-i686.tar.bz2 to /tmp (not bin_only, i.e. i686) +# 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install +# (We get a whole web server for i686 but only kiwix execs for linux64 & armhf) + +- name: Unarchive Kiwix binaries to permanent location (NOT i686) + unarchive: + src: "{{ downloads_dir }}/{{ kiwix_src_file }}" + dest: "{{ kiwix_path }}/bin" + owner: root + group: root + when: kiwix_src_bin_only and kiwix_force_install + +- name: Unarchive kiwix*i686.tar.bz2 to /tmp (i686) unarchive: src: "{{ downloads_dir }}/{{ kiwix_src_file }}" dest: /tmp # dest: "{{ iiab_base }}" owner: root group: root - when: not kiwix_src_bin_only and kiwix_first_pass + when: not kiwix_src_bin_only and kiwix_force_install -- name: Create kiwix/bin directory - file: - path: "{{ iiab_base }}/kiwix/bin" - owner: root - group: root - mode: 0755 - state: directory +- name: Move /tmp/kiwix*i686/bin/* to permanent location /opt/iiab/kiwix/bin (i686) + shell: "mv /tmp/kiwix*i686/bin/* {{ kiwix_path }}/bin/" + when: not kiwix_src_bin_only and kiwix_force_install -# EXPERIMENTAL i686 CODE PATH -- name: move /tmp/kiwix*i686/bin/* to permanent location /opt/iiab/kiwix/bin (not bin_only, i.e. i686) - shell: "mv /tmp/kiwix*i686/bin/* /opt/iiab/kiwix/bin/" - when: not kiwix_src_bin_only and kiwix_first_pass - -- name: Unarchive Kiwix to permanent location (bin_only, i.e. not i686) - unarchive: - src: "{{ downloads_dir }}/{{ kiwix_src_file }}" - dest: "{{ iiab_base }}/kiwix/bin" - owner: root - group: root - when: kiwix_src_bin_only and kiwix_first_pass - -# MIGHT BE RESTORED LATER FOR i686? Unused as of Nov 2017: -# # workaround because unarchive does not set ownership properly -# - name: "Set ownership as if: 'chown -R root:root /opt/iiab/kiwix'" -# file: -# path: "{{ iiab_base }}/kiwix" -# owner: root -# group: root -# recurse: yes -# mode: ???? +# 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU - name: Enable the mods which permit Apache to proxy (debuntu) apache2_module: @@ -103,24 +93,9 @@ - rewrite when: is_debuntu -# workaround because kiwix-serve does not stay running -- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) -# * * * * * user-name command to be executed - lineinfile: - line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: is_debuntu +# 4. CREATE/ENABLE/DISABLE KIWIX SERVICE & ITS CRON JOB -- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) -# * * * * * user-name command to be executed - lineinfile: - line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: is_redhat - -# Create Kiwix service - -- name: Create 'kiwix-serve' service +- name: Create 'kiwix-serve' service and related files template: backup: no src: "{{ item.src }}" @@ -133,7 +108,14 @@ # - { src: 'kiwix-serve-init.j2', dest: '/usr/libexec/kiwix-serve-init', mode: '0755'} - { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755'} - { src: 'iiab-make-kiwix-lib.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'} - - { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'} +# - { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'} + - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'} + +- name: Enable Kiwix Proxy in Apache - is disabled by turning off kiwix service + file: path=/etc/apache2/sites-enabled/kiwix.conf + src=/etc/apache2/sites-available/kiwix.conf + state=link + when: is_debuntu - name: Enable 'kiwix-serve' service service: @@ -148,8 +130,33 @@ enabled: no state: stopped when: not kiwix_enabled +# IN THEORY: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" -- name: Add 'kiwix-serve' to list of services at /opt/iiab/iiab.ini +# In the past kiwix-serve did not stay running, so we'd been doing this hourly. +# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in +# future, whenever service fails, if this really catches all cases?? +# https://github.com/iiab/iiab/issues/484#issuecomment-342151726 +- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) + lineinfile: + # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed + line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" + dest: /etc/crontab + when: kiwix_enabled and is_debuntu + +- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) +# * * * * * user-name command to be executed + lineinfile: + # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed + line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" + dest: /etc/crontab + when: kiwix_enabled and is_redhat + +- name: Restart apache, so it picks up kiwix.conf + service: name={{ apache_service }} state=restarted + +# 5. FINALIZE + +- name: Add 'kiwix-serve' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" section: kiwix-serve @@ -160,18 +167,18 @@ value: kiwix-serve - option: description value: '"Part of https://github.com/kiwix/kiwix-tools/ - kiwix-serve is the most used web server for ZIM files."' -# The following 4 lines are unused as of Nov 2017: -# - option: kiwix_url -# value: "{{ kiwix_url }}" -# - option: kiwix_path -# value: "{{ kiwix_path }}" + - option: kiwix_url + value: "{{ kiwix_url }}" + - option: kiwix_path + value: "{{ kiwix_path }}" - option: kiwix_port value: "{{ kiwix_port }}" - option: iiab_zim_path value: "{{ iiab_zim_path }}" - option: kiwix_library_xml value: "{{ kiwix_library_xml }}" - - option: kiwix_content_path - value: "{{ kiwix_content_path }}" +# The following 2 lines are unused: (Nov 2017) +# - option: kiwix_content_path +# value: "{{ kiwix_content_path }}" - option: enabled value: "{{ kiwix_enabled }}" diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index b0f745adf..82926db84 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -1,21 +1,27 @@ -# EXPERIMENTAL i686 CODE PATH -- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)" +- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_armhf }} (armv6l or armv71)" set_fact: - kiwix_src_file: "{{ kiwix_src_file_i686 }}" - kiwix_src_bin_only: False - when: ansible_machine == "i686" - + kiwix_src_file: "{{ kiwix_src_file_armhf }}" + kiwix_src_bin_only: True + when: ansible_machine == "armv7l" or ansible_machine == "armv6l" + - name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)" set_fact: kiwix_src_file: "{{ kiwix_src_file_linux64 }}" kiwix_src_bin_only: True when: ansible_machine == "x86_64" -- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_armhf }} (armv6l or armv71)" +- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)" set_fact: - kiwix_src_file: "{{ kiwix_src_file_armhf }}" - kiwix_src_bin_only: True - when: ansible_machine == "armv7l" or ansible_machine == "armv6l" + kiwix_src_file: "{{ kiwix_src_file_i686 }}" + kiwix_src_bin_only: False + when: ansible_machine == "i686" +# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017) + +- name: FAIL (force Ansible to exit) IF kiwix-tools appears unavailable for OS/architecture +# debug: + fail: + msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." + when: not kiwix_src_file - name: Download Kiwix software to /opt/iiab/downloads get_url: @@ -23,11 +29,16 @@ dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" when: internet_available +- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} + stat: + path: "{{ downloads_dir }}/{{ kiwix_src_file }}" + register: kiwix_src + +- name: FAIL (force Ansible to exit) IF /opt/iiab/downloads/{{ kiwix_src_file }} doesn't exist + fail: + msg: "{ downloads_dir }}/{{ kiwix_src_file }} is REQUIRED in order to install Kiwix." + when: not kiwix_src.stat.exists + - include_tasks: kiwix_install.yml - when: kiwix_src_file is defined tags: - kiwix - -- debug: - msg: "WARNING: kiwix-tools SOFTWARE NOT FOUND FOR YOUR OS/ARCHITECTURE." - when: not kiwix_src_file diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib b/roles/kiwix/templates/iiab-make-kiwix-lib index 11a4b1d2a..e7ab98197 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib +++ b/roles/kiwix/templates/iiab-make-kiwix-lib @@ -2,7 +2,7 @@ {{ systemctl_program }} stop kiwix-serve /usr/bin/iiab-make-kiwix-lib.py -/usr/bin/iiab-make-apache-config.py +#/usr/bin/iiab-make-apache-config.py {{ systemctl_program }} start kiwix-serve exit 0 diff --git a/roles/kiwix/templates/kiwix-serve.service.j2 b/roles/kiwix/templates/kiwix-serve.service.j2 index c4af3c797..d09bb062a 100644 --- a/roles/kiwix/templates/kiwix-serve.service.j2 +++ b/roles/kiwix/templates/kiwix-serve.service.j2 @@ -4,7 +4,7 @@ After=syslog.target network.target local-fs.target [Service] Type=forking -ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} +ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }} [Install] WantedBy=multi-user.target diff --git a/roles/kiwix/templates/kiwix.conf.j2 b/roles/kiwix/templates/kiwix.conf.j2 new file mode 100644 index 000000000..a191cdb81 --- /dev/null +++ b/roles/kiwix/templates/kiwix.conf.j2 @@ -0,0 +1 @@ +ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port }}{{ kiwix_url }} \ No newline at end of file diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 2f8ac6c07..9a815591a 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -8,7 +8,7 @@ - name: Create a config template for hostapd template: src=hostapd/iiab-hostapd.conf.j2 - dest=/etc/hostapd/hostapd.conf.template + dest=/etc/hostapd/hostapd.conf.iiab owner=root group=root mode=0644 diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index 77b131b71..55b2a2eba 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -8,13 +8,13 @@ - network - network-discover -- name: RPi hack for AP post install via wifi so the services are right +- name: RPi - reboot to AP post install - installed via wifi so the services are ready set_fact: iiab_lan_iface: br0 iiab_wan_iface: "{{ discovered_wired_iface }}" iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" iiab_wired_lan_iface: "" - when: is_rpi and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface + when: is_rpi and discovered_wireless_iface is defined and discovered_wireless_iface == iiab_wan_iface and reboot_to_AP - include_tasks: computed_network.yml when: not installing @@ -27,7 +27,7 @@ - network - AP -- name: RPi hack for AP post install via wifi don't blow away current network +- name: RPi reboot to AP post install - installed via wifi - don't blow away current network set_fact: no_net_restart: True hostapd_enabled: False diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index be351cd23..bfeaa7c16 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -90,3 +90,6 @@ file: path=/etc/{{ apache_config_dir }}/dns-jail.conf state=absent when: not is_debuntu and not dns_jail_enabled + +- name: Start named after copying files + service: name={{ dns_service }} state=started diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index ca266dcb5..3f187a21e 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -2,6 +2,8 @@ sed -i -e "s/^denyinterfaces*/#denyinterfaces/" /etc/dhcpcd.conf systemctl disable hostapd systemctl stop hostapd +systemctl disable dhcpd +systemctl stop dhcpd systemctl daemon-reload systemctl restart dhcpcd systemctl restart networking diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/network/iiab-hotspot-on index 0f1310110..7ab35962a 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/network/iiab-hotspot-on @@ -1,7 +1,10 @@ #!/bin/bash +cp -f /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/#denyinterfaces*/denyinterfaces/" /etc/dhcpcd.conf systemctl enable hostapd +systemctl enable dhcpd systemctl daemon-reload systemctl restart dhcpcd systemctl restart networking systemctl start hostapd +systemctl start dhcpd diff --git a/roles/network/templates/network/rpi.j2 b/roles/network/templates/network/rpi.j2 index 4b8f86e9f..e0f21745a 100644 --- a/roles/network/templates/network/rpi.j2 +++ b/roles/network/templates/network/rpi.j2 @@ -7,6 +7,8 @@ auto br0 iface br0 inet manual {% if iiab_wired_lan_iface is defined %} bridge_ports {{ iiab_wired_lan_iface }} +{% else %} + bridge_ports none {% endif %} bridge_maxwait 0 dns-nameservers 127.0.0.1 diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index fa7f84786..26b90c3fe 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,11 +1,15 @@ nextcloud_install: True nextcloud_enabled: False +# REMOVE /opt/nextcloud/version.php TO FORCE AN INSTALL OR REINSTALL OR UPGRADE +nextcloud_force_install: False + nextcloud_url: /nextcloud nextcloud_prefix: /opt nextcloud_data_dir: "{{ content_base }}/nextcloud/data" nextcloud_dl_url: https://download.nextcloud.com/server/releases/ -nextcloud_src_file: latest-12.tar.bz2 +nextcloud_orig_src_file: latest-12.tar.bz2 +nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} # we install on mysql with these setting or those from default_vars, etc. nextcloud_dbname: nextcloud diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 259182c8a..c8e29240c 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -1,31 +1,43 @@ -# we need to install the rpm in order to get the dependencies -# but we only need to do this the first time - -- name: See if the Nextcloud startup page exists - stat: path={{ nextcloud_prefix }}/nextcloud/index.php +- name: See if Nextcloud version page exists + stat: + path: "{{ nextcloud_prefix }}/nextcloud/version.php" +# path: "{{ nextcloud_prefix }}/nextcloud/index.php" register: nextcloud_page +- name: FORCE INSTALL OR REINSTALL OR UPGRADE IF /opt/nextcloud/version.php DOESN'T EXIST + set_fact: + nextcloud_force_install: True + when: not nextcloud_page.stat.exists -# but we use the tar file to get the latest version +# - debug: +# msg: "nextcloud_force_install: {{ nextcloud_force_install }}" -- name: Get the Nextcloud software - get_url: url={{ nextcloud_dl_url }}/{{ nextcloud_src_file }} dest={{ downloads_dir }}/{{ nextcloud_src_file }} - when: internet_available + +- name: Download latest Nextcloud software to /opt/iiab/download/{{ nextcloud_src_file }} + get_url: + url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}" + dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}" + force: yes + when: internet_available and nextcloud_force_install async: 900 poll: 15 tags: - download - name: Ubuntu and Debian treat names differently (Debian) - package: name={{ item }} state=present + package: + name: "{{ item }}" + state: present with_items: - - libapache2-mod-php{{ php_version }} - - php{{ php_version }}-mbstring - - php{{ php_version }}-zip + - "libapache2-mod-php{{ php_version }}" + - "php{{ php_version }}-mbstring" + - "php{{ php_version }}-zip" when: is_debian - name: Ubuntu and Debian treat names differently (Ubuntu) - package: name={{ item }} state=present + package: + name: "{{ item }}" + state: present with_items: - libapache2-mod-php - php-imagick @@ -34,18 +46,25 @@ when: is_ubuntu - name: Install list of packages (debuntu) - package: name={{ item }} state=present + package: + name: "{{ item }}" + state: present with_items: - - php{{ php_version }}-gd - - php{{ php_version }}-json - - php{{ php_version }}-mysql - - php{{ php_version }}-curl - - php{{ php_version }}-intl - - php{{ php_version }}-mcrypt + - "php{{ php_version }}-gd" + - "php{{ php_version }}-json" + - "php{{ php_version }}-mysql" + - "php{{ php_version }}-curl" + - "php{{ php_version }}-intl" + - "php{{ php_version }}-mcrypt" when: is_debuntu +# we need to install the rpm in order to get the dependencies +# but we only need to do this the first time + - name: Install list of packages (redhat) - package: name={{ item }} state=present + package: + name: "{{ item }}" + state: present with_items: - php - php-gd @@ -59,52 +78,63 @@ when: is_redhat - name: Copy it to permanent location /opt (OS's other than Fedora 18) - unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }} - dest={{ nextcloud_prefix }} - creates={{ nextcloud_prefix }}/nextcloud/version.php - when: not is_F18 + unarchive: + src: "{{ downloads_dir }}/{{ nextcloud_src_file }}" + dest: "{{ nextcloud_prefix }}" +# creates: "{{ nextcloud_prefix }}/nextcloud/version.php" + when: not is_F18 and nextcloud_force_install -# ansible 1.4.1 does not have "creates" +# Ansible 1.4.1 does not have "creates" (but hopefully has "when") - name: Copy it to permanent location /opt (Fedora 18) - unarchive: src={{ downloads_dir }}/{{ nextcloud_src_file }} - dest={{ nextcloud_prefix }} - when: is_F18 + unarchive: + src: "{{ downloads_dir }}/{{ nextcloud_src_file }}" + dest: "{{ nextcloud_prefix }}" + when: is_F18 and nextcloud_force_install - name: In CentOS, the following config dir is symlink to /etc/nextcloud - file: path=/etc/nextcloud - state=directory + file: + path: /etc/nextcloud + state: directory when: is_centos - name: Add autoconfig file (CentOS) - template: src=autoconfig.php.j2 - dest={{ nextcloud_prefix }}/nextcloud/config/autoconfig.php - owner={{ apache_user }} - group={{ apache_user }} - mode=0640 + template: + src: autoconfig.php.j2 + dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0640 when: is_centos - name: Make Apache owner - file: path={{ nextcloud_prefix }}/nextcloud - owner={{ apache_user }} - group={{ apache_user }} - recurse=yes - state=directory + file: + path: "{{ nextcloud_prefix }}/nextcloud" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + recurse: yes + state: directory - name: Create data directory library - file: path={{ item }} - mode=0750 - owner={{ apache_user }} - group={{ apache_user }} - state=directory + file: + path: "{{ item }}" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0750 + state: directory with_items: - "{{ nextcloud_data_dir }}" - name: Create a MySQL database for Nextcloud - mysql_db: name={{ nextcloud_dbname }} + mysql_db: + name: "{{ nextcloud_dbname }}" when: mysql_enabled and nextcloud_enabled - name: Create a user to access the Nextcloud database - mysql_user: name={{ nextcloud_dbuser }} host={{ item }} password={{ nextcloud_dbpassword }} priv={{ nextcloud_dbname }}.*:ALL,GRANT + mysql_user: + name: "{{ nextcloud_dbuser }}" + host: "{{ item }}" + password: "{{ nextcloud_dbpassword }}" + priv: "{{ nextcloud_dbname }}.*:ALL,GRANT" with_items: - "{{ nextcloud_dbhost }}" - 127.0.0.1 @@ -114,7 +144,10 @@ - name: Restart Apache, so it picks up the new aliases - service: name={{ apache_service }} state=restarted + service: + name: "{{ apache_service }}" + state: restarted +# when: nextcloud_enabled # taken care of by nextcloud_enabled.yml below when: not nextcloud_enabled # Enable nextcloud by copying template to httpd config @@ -122,19 +155,20 @@ # following enables and disables - include_tasks: nextcloud_enabled.yml -- name: Add 'nextcloud' to service list - ini_file: dest='{{ service_filelist }}' - section=nextcloud - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'nextcloud' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: Nextcloud + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - - option: name - value: nextcloud - - option: description - value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' - - option: path - value: "{{ nextcloud_prefix }}/nextcloud" - - option: source - value: "{{ nextcloud_src_file }}" - - option: enabled - value: "{{ nextcloud_enabled }}" + - option: name + value: Nextcloud + - option: description + value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' + - option: path + value: "{{ nextcloud_prefix }}/nextcloud" + - option: source + value: "{{ nextcloud_src_file }}" + - option: enabled + value: "{{ nextcloud_enabled }}" diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index ffee8caf5..e195389a6 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -102,21 +102,22 @@ when: not openvpn_enabled and not installing -- name: Add OpenVPN to service list - ini_file: dest='{{ service_filelist }}' - section=openvpn - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'openvpn' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: openvpn + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - - option: name - value: "openvpn" - - option: description - value: '"OpenVPN is a means of connecting to a server anywhere on the internet, via a middleman server."' - - option: middleman_url - value: "{{ vpn_presence }}" - - option: port - value: "{{ openvpn_server_port }}" - - option: enabled - value: "{{ openvpn_enabled }}" - - option: cron_enabled - value: "{{ openvpn_cron_enabled }}" + - option: name + value: OpenVPN + - option: description + value: '"OpenVPN is a means of connecting to a server anywhere on the internet, via a middleman server."' + - option: middleman_url + value: "{{ vpn_presence }}" + - option: port + value: "{{ openvpn_server_port }}" + - option: enabled + value: "{{ openvpn_enabled }}" + - option: cron_enabled + value: "{{ openvpn_cron_enabled }}" diff --git a/roles/osm/tasks/main.yml b/roles/osm/tasks/main.yml index de2ef415f..9cb4c3105 100644 --- a/roles/osm/tasks/main.yml +++ b/roles/osm/tasks/main.yml @@ -71,13 +71,13 @@ osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab" when: osm_enabled and is_debuntu -- name: All - Point wsgi to virtual environment +- name: Point wsgi to virtual environment (all OS's) lineinfile: dest={{ osm_venv }}/bin/iiab.wsgi regexp="path_to_virtualenv = None" line="path_to_virtualenv = '/usr/local/osm'" state=present -- name: All - Copy OSM config file +- name: Copy OSM config file (all OS's) template: backup=no src=osm.conf.j2 dest=/etc/{{ apache_config_dir }}/osm.conf @@ -86,28 +86,28 @@ mode=0644 when: osm_enabled -- name: Debuntu - Create a link from sites-enabled to sites-available +- name: Create a link from sites-enabled to sites-available (debuntu) file: src=/etc/{{ apache_config_dir }}/osm.conf dest=/etc/apache2/sites-enabled/osm.conf state=link when: osm_enabled and is_debuntu -- name: Debuntu - Remove the link from sites-enabled to sites-available +- name: Remove the link from sites-enabled to sites-available (debuntu) file: dest=/etc/apache2/sites-enabled/osm.conf state=absent when: not osm_enabled and is_debuntu -- name: Redhat - Remove the osm.conf +- name: Remove the osm.conf (redhat) file: dest=/{{ apache_config_dir }}/osm.conf state=absent when: not osm_enabled and is_redhat -- name: All - Remove link to cgi +- name: Remove link to cgi (all OS's) file: dest={{ doc_root }}/osm.wsgi state=absent when: not osm_enabled -- name: All - Create link to cgi +- name: Create link to cgi (all OS's) file: src={{ osm_venv }}/bin/iiab.wsgi dest={{ doc_root }}/osm.wsgi owner=root @@ -137,17 +137,19 @@ service: name={{ apache_service }} state=restarted -- name: Add OSM to service list - ini_file: dest='{{ service_filelist }}' - section=osm - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'osm' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: osm + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - - option: name - value: Internet-in-a-Box - - option: description - value: '"The Internet-in-a-Box is a small, inexpensive device which provides essential Internet resources without any Internet connection. It provides a local copy of half a terabyte of the world’s Free information."' - - option: path - value: /osm - - option: enabled - value: "{{ osm_enabled }}" + - option: name + value: OpenStreetMap + - option: description + value: '"OpenStreetMap offers beautiful maps of the entire planet, continually created & updated by volunteers (much in the same way as Wikipedia) but for maps."' + # value: '"The Internet-in-a-Box is a small, inexpensive device which provides essential Internet resources without any Internet connection. It provides a local copy of half a terabyte of the world’s Free information."' + - option: path + value: /osm + - option: enabled + value: "{{ osm_enabled }}" diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index 9ef75d830..8f0f0a469 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -1,4 +1,4 @@ phpmyadmin_install: False phpmyadmin_enabled: False -phpmyadmin_name: "phpMyAdmin-4.7.5-all-languages" +phpmyadmin_name: "phpMyAdmin-4.7.6-all-languages" phpmyadmin_name_zip: "{{ phpmyadmin_name }}.zip" diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index a2ffd40ff..ebc15a756 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -64,18 +64,18 @@ state: absent when: not phpmyadmin_enabled and is_debuntu -- name: Add phpmyadmin to service list +- name: Add 'phpmyadmin' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" section: phpmyadmin option: "{{ item.option }}" value: "{{ item.value }}" with_items: - - option: name - value: phpMyAdmin - - option: description - value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' - - option: path - value: /opt/phpmyadmin - - option: enabled - value: "{{ phpmyadmin_enabled }}" + - option: name + value: phpMyAdmin + - option: description + value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' + - option: path + value: /opt/phpmyadmin + - option: enabled + value: "{{ phpmyadmin_enabled }}" diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 363f50e5d..f81005737 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -96,16 +96,16 @@ - { name: sugarizer } when: not sugarizer_enabled -- name: Add 'sugarizer' to service list at /etc/iiab/iiab.ini +- name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini ini_file: dest: "{{ service_filelist }}" section: sugarizer option: "{{ item.option }}" value: "{{ item.value }}" with_items: - - option: name - value: Sugarizer - - option: description - value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."' - - option: enabled - value: "{{ sugarizer_enabled }}" + - option: name + value: Sugarizer + - option: description + value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."' + - option: enabled + value: "{{ sugarizer_enabled }}" diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 564c429a7..03f64b68e 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -1,16 +1,15 @@ -# IF YOU NEED TO REINSTALL FROM /opt/iiab/downloads/wordpress.tar.gz -# TO /library/wordpress DURING YOUR NEXT RUN OF "./runtags wordpress" OR -# "./iiab-install" THEN YOU FIRST NEED TO: +# "Emergency" reinstalls (from /opt/iiab/downloads/wordpress.tar.gz +# to /library/wordpress) should also work offline... # -# - "mv /library/wordpress /library/wordpress.old" (MUST) -# - back up then drop the database (RECOMMENDED) +# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR +# NEXT RUN OF "./runtags wordpress" OR "./iiab-install" PLEASE FIRST DO: +# +# - "mv /library/wordpress /library/wordpress.old" +# - back up WordPress's database then drop it # # REASON: "keep_newer: yes" below tries to preserves WordPress's self-upgrades -# & security enhancements within /library/wordpress, that can occur without -# warning when WordPress is online, since WordPress ~4.8 especially. -# -# Such "emergency" reinstalls from /opt/iiab/downloads/wordpress.tar.gz to -# /library/wordpress should also work offline. +# and security enhancements using timestamps under /library/wordpress, as these +# can arise without warning when WordPress is online, since WordPress ~4.8. - name: Download the latest WordPress software get_url: @@ -123,27 +122,28 @@ - name: Restart Apache, so it picks up the new aliases service: name={{ apache_service }} state=restarted -- name: Add 'wordpress' to service list - ini_file: dest='{{ service_filelist }}' - section=wordpress - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: wordpress + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - - option: name - value: wordpress - - option: description - value: '"WordPress is a blog and web site management application."' - - option: wordpress_src - value: "{{ wordpress_src }}" - - option: wp_abs_path - value: "{{ wp_abs_path }}" - - option: wp_db_name - value: "{{ wp_db_name }}" - - option: wp_db_user - value: "{{ wp_db_user }}" - - option: wp_url - value: "{{ wp_url }}" - - option: wp_full_url - value: "{{ wp_full_url }}" - - option: wordpress_enabled - value: "{{ wordpress_enabled }}" + - option: name + value: WordPress + - option: description + value: '"WordPress is a blog and web site management application."' + - option: wordpress_src + value: "{{ wordpress_src }}" + - option: wp_abs_path + value: "{{ wp_abs_path }}" + - option: wp_db_name + value: "{{ wp_db_name }}" + - option: wp_db_user + value: "{{ wp_db_user }}" + - option: wp_url + value: "{{ wp_url }}" + - option: wp_full_url + value: "{{ wp_full_url }}" + - option: wordpress_enabled + value: "{{ wordpress_enabled }}" diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 1447e5f5b..461ea34c2 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -69,6 +69,10 @@ host_wifi_mode: g host_channel: 6 hostapd_secure: False hostapd_password: changeme +# For those installing IIAB over WiFi: "reboot_to_AP: True" makes the internal +# WiFi Access active after the next reboot. This is equivalent to manually +# running "iiab-hotspot-on". Note this variable only works with RPi's for now. +reboot_to_AP: False # Gateway mode iiab_lan_enabled: True