From fef79752c4879aabc2c937a13560e67d594eb95d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Nov 2019 12:38:36 -0500 Subject: [PATCH 001/148] Update fl.yml --- roles/2-common/tasks/fl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml index 24d9f9683..35ee81fd4 100644 --- a/roles/2-common/tasks/fl.yml +++ b/roles/2-common/tasks/fl.yml @@ -1,6 +1,6 @@ # fl.yml signifies "file layout" -- name: Create directories with ownership root:root and permissions 0755 (1 in /etc, 3 in {{ iiab_base }} and 15 in /library) # iiab_base is /opt/iiab +- name: Create directories with ownership root:root and permissions 0755 (1 in /etc, 1 in {{ py3_dist_path }}, 3 in {{ iiab_base }} and 15 in /library) # py3_dist_path is /usr/lib/python3/dist-packages, iiab_base is /opt/iiab file: path: "{{ item }}" owner: root From b2fc1f9e36b5b09aa7b79064f3de42019316b4de Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Nov 2019 12:56:38 -0500 Subject: [PATCH 002/148] Revert Kolibri to 0.12.8 + explain where to get working apt/.deb installers for Kolibri --- roles/kolibri/defaults/main.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 20f52bfab..74b138417 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -16,7 +16,20 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.12.8/kolibri_0.12.8-0ubuntu1_all.deb +# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2019-11-21 #2045 - above URL currently redirects to broken Kolibri 0.12.9 release: +# https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb +# +# When Kolibri releases a broken apt (.deb) installer (as happened twice year) +# the workaround is to replace the above URL with something like: +# https://github.com/learningequality/kolibri/releases/download/v0.12.8/kolibri_0.12.8-0ubuntu1_all.deb (example past release...these URL's can be found by clicking on "Assets" within releases at https://github.com/learningequality/kolibri/releases) +# https://launchpad.net/~learningequality/+archive/ubuntu/kolibri/+files/kolibri_0.12.9-0ubuntu2_all.deb (example pre-release) +# +# Recently published .deb files can also sometimes be found within: +# http://ppa.launchpad.net/learningequality/kolibri/ubuntu/pool/main/k/kolibri-source/ +# Corresponding with: +# https://launchpad.net/~learningequality/+archive/ubuntu/kolibri # Kolibri folder to store its data and configuration files. kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri From c52875e22a9235cbb15603d0e879a2aaf36d1ccf Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Nov 2019 13:04:01 -0500 Subject: [PATCH 003/148] Clarify Kolibri patched pre-release from @jredrejo --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 74b138417..039d92421 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -24,7 +24,7 @@ kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v # When Kolibri releases a broken apt (.deb) installer (as happened twice year) # the workaround is to replace the above URL with something like: # https://github.com/learningequality/kolibri/releases/download/v0.12.8/kolibri_0.12.8-0ubuntu1_all.deb (example past release...these URL's can be found by clicking on "Assets" within releases at https://github.com/learningequality/kolibri/releases) -# https://launchpad.net/~learningequality/+archive/ubuntu/kolibri/+files/kolibri_0.12.9-0ubuntu2_all.deb (example pre-release) +# https://launchpad.net/~learningequality/+archive/ubuntu/kolibri/+files/kolibri_0.12.9-0ubuntu2_all.deb (example 2019-11-21 patched pre-release from @jredrejo) # # Recently published .deb files can also sometimes be found within: # http://ppa.launchpad.net/learningequality/kolibri/ubuntu/pool/main/k/kolibri-source/ From 1c1c828b52894af4f9e35eadab155eb737a13ebe Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Nov 2019 13:13:58 -0500 Subject: [PATCH 004/148] Explain "Assets" under individual Kolibri releases (to find .deb URL's) --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 039d92421..46a6da4f6 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -23,7 +23,7 @@ kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v # # When Kolibri releases a broken apt (.deb) installer (as happened twice year) # the workaround is to replace the above URL with something like: -# https://github.com/learningequality/kolibri/releases/download/v0.12.8/kolibri_0.12.8-0ubuntu1_all.deb (example past release...these URL's can be found by clicking on "Assets" within releases at https://github.com/learningequality/kolibri/releases) +# https://github.com/learningequality/kolibri/releases/download/v0.12.8/kolibri_0.12.8-0ubuntu1_all.deb (example past release...these URL's can be found by clicking on "Assets" under individual releases at https://github.com/learningequality/kolibri/releases) # https://launchpad.net/~learningequality/+archive/ubuntu/kolibri/+files/kolibri_0.12.9-0ubuntu2_all.deb (example 2019-11-21 patched pre-release from @jredrejo) # # Recently published .deb files can also sometimes be found within: From af6c1ebc126e7dc8ec161b3412f500602948e029 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Nov 2019 15:35:06 -0500 Subject: [PATCH 005/148] Restore https://learningequality.org/r/kolibri-deb-latest which should now be fixed upstream --- roles/kolibri/defaults/main.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 46a6da4f6..0214c66bb 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -16,19 +16,17 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -kolibri_deb_url: https://github.com/learningequality/kolibri/releases/download/v0.12.8/kolibri_0.12.8-0ubuntu1_all.deb -# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest -# 2019-11-21 #2045 - above URL currently redirects to broken Kolibri 0.12.9 release: +kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release: # https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb # -# When Kolibri releases a broken apt (.deb) installer (as happened twice year) -# the workaround is to replace the above URL with something like: +# When Kolibri releases a broken apt (.deb) installer (as happened twice year) the workaround is to replace the above URL with something like: # https://github.com/learningequality/kolibri/releases/download/v0.12.8/kolibri_0.12.8-0ubuntu1_all.deb (example past release...these URL's can be found by clicking on "Assets" under individual releases at https://github.com/learningequality/kolibri/releases) # https://launchpad.net/~learningequality/+archive/ubuntu/kolibri/+files/kolibri_0.12.9-0ubuntu2_all.deb (example 2019-11-21 patched pre-release from @jredrejo) # # Recently published .deb files can also sometimes be found within: # http://ppa.launchpad.net/learningequality/kolibri/ubuntu/pool/main/k/kolibri-source/ -# Corresponding with: +# Corresponding to: # https://launchpad.net/~learningequality/+archive/ubuntu/kolibri # Kolibri folder to store its data and configuration files. From 0163bb77258e11f45f26650bd9f29a3388b7da6b Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 Nov 2019 08:57:11 -0500 Subject: [PATCH 006/148] phpMyAdmin 4.9.1 -> 4.9.2 --- roles/phpmyadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index 11691aa7e..d17288efb 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,5 +4,5 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_name: "phpMyAdmin-4.9.1-all-languages" +phpmyadmin_name: "phpMyAdmin-4.9.2-all-languages" phpmyadmin_name_zip: "{{ phpmyadmin_name }}.zip" From 5d4b100ed6e49c7eb9c8d1c2e56889e073797e1b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 25 Nov 2019 23:44:26 -0500 Subject: [PATCH 007/148] Lokole 0.4.4 -> 0.5.0 --- roles/lokole/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 3f44b7afc..df66839e1 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Info needed to install Lokole -lokole_version: 0.4.4 +lokole_version: 0.5.0 lokole_admin_user: admin # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!) lokole_admin_password: changeme lokole_install_path: "{{ content_base }}/lokole" # /library/lokole From 4778ad5e3c0da3d0bbec5893f350c36836f81393 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Tue, 15 Oct 2019 18:42:04 +0100 Subject: [PATCH 008/148] checkin --- roles/3-base-server/tasks/main.yml | 8 +++- roles/awstats/tasks/install.yml | 40 +++++-------------- roles/awstats/templates/awstats-nginx.conf | 24 +++++++++++ .../templates/awstats.schoolserver.conf.j2 | 2 +- roles/awstats/templates/cgi-bin.php | 32 +++++++++++++++ roles/calibre-web/tasks/main.yml | 4 +- .../templates/calibre-web-nginx.conf.j2 | 8 ++++ roles/elgg/tasks/main.yml | 6 +++ roles/elgg/templates/elgg-nginx.conf | 3 ++ roles/httpd/tasks/main.yml | 6 ++- roles/httpd/templates/ports.conf | 15 +++++++ roles/kolibri/tasks/main.yml | 2 +- roles/lokole/tasks/install.yml | 5 +++ roles/lokole/templates/lokole-nginx.conf.j2 | 3 ++ roles/mediawiki/tasks/install.yml | 6 +++ .../templates/mediawiki-nginx.conf.j2 | 11 +++++ roles/moodle/tasks/main.yml | 9 +++++ roles/moodle/templates/moodle-nginx.conf.j2 | 13 ++++++ .../templates/moodle-nginx.conf.j2.native | 16 ++++++++ roles/munin/tasks/main.yml | 2 +- roles/munin/templates/munin24-nginx.conf.j2 | 4 ++ roles/nextcloud/defaults/main.yml | 1 + roles/nextcloud/tasks/enable_or_disable.yml | 11 +++++ roles/nextcloud/tasks/main.yml | 2 +- .../nextcloud/templates/nextcloud-nginx.conf | 11 +++++ 25 files changed, 206 insertions(+), 38 deletions(-) create mode 100644 roles/awstats/templates/awstats-nginx.conf create mode 100644 roles/awstats/templates/cgi-bin.php create mode 100644 roles/calibre-web/templates/calibre-web-nginx.conf.j2 create mode 100644 roles/elgg/templates/elgg-nginx.conf create mode 100644 roles/httpd/templates/ports.conf create mode 100644 roles/lokole/templates/lokole-nginx.conf.j2 create mode 100644 roles/mediawiki/templates/mediawiki-nginx.conf.j2 create mode 100644 roles/moodle/templates/moodle-nginx.conf.j2 create mode 100644 roles/moodle/templates/moodle-nginx.conf.j2.native create mode 100644 roles/munin/templates/munin24-nginx.conf.j2 create mode 100644 roles/nextcloud/templates/nextcloud-nginx.conf diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 2b1672f1a..006d41605 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -6,9 +6,15 @@ - name: HTTPD (APACHE) include_role: name: httpd - # has no "when: XXXXX_install" flag + when: apache_install tags: base, httpd +- name: NGINX + include_role: + name: nginx + when: nginx_install + tags: base, nginx + - name: MYSQL include_role: name: mysql diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index ca971d973..8f443c00c 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -18,7 +18,6 @@ tags: - download -# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml - name: Enable cgi execution (debuntu) command: a2enmod cgi when: is_debuntu | bool @@ -35,25 +34,21 @@ with_items: - "{{ awstats_data_dir }}" - "{{ apache_log_dir }}" + - /usr/lib/cgi-bin/awstats # create backward compatible path for awstats -- name: Install Apache's awstats.conf from template (debuntu) +- name: Install nginx's awstats.conf from template (debuntu) template: - src: apache.conf - dest: "/etc/{{ apache_config_dir }}/awstats.conf" + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: root group: root mode: 0644 + with_items: + - { src: "awstats-nginx.conf", dest: "/etc/nginx/conf.d/" } + - { src: "cgi-bin.php", dest: "/etc/nginx/" } +# - { src: "apache-awstats.conf", dest: "/etc/{{ apache_config_dir }}/awstats.conf" } when: awstats_enabled and is_debuntu -- name: Install Apache's awstats.conf from template (OS's other than debuntu) - template: - src: apache-awstats.conf - dest: "/etc/{{ apache_config_dir }}/awstats.conf" - owner: root - group: root - mode: 0644 - when: awstats_enabled and not is_debuntu - - name: Ensure logrotate doesn't make logs unreadable (debuntu) template: src: logrotate.d.apache2 @@ -69,24 +64,11 @@ command: mv /etc/awstats/awstats.conf /etc/awstats/awstats.conf.dist when: awstats.stat.islnk is defined and not awstats.stat.islnk -- name: Create symlink awstats.conf from sites-enabled to sites-available (debuntu) +- name: Create symlink for awstats.pl from cgi-bin/awstats/awstats.pl to ../ so that the old apache links to awstats will work after change to nginx file: - src: /etc/apache2/sites-available/awstats.conf - path: /etc/apache2/sites-enabled/awstats.conf + src: /usr/lib/cgi-bin/awstats.pl + path: /usr/lib/cgi-bin/awstats/awstats.pl state: link - when: awstats_enabled and is_debuntu - -- name: Remove symlink from sites-enabled, to disable AWStats (debuntu) - file: - path: /etc/apache2/sites-enabled/awstats.conf - state: absent - when: not awstats_enabled and is_debuntu - -- name: Restart Apache service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - state: restarted - - name: Install /etc/awstats/awstats.schoolserver.conf template: diff --git a/roles/awstats/templates/awstats-nginx.conf b/roles/awstats/templates/awstats-nginx.conf new file mode 100644 index 000000000..1f337c297 --- /dev/null +++ b/roles/awstats/templates/awstats-nginx.conf @@ -0,0 +1,24 @@ +location ~ ^/awstats { + rewrite ^ http://box.lan/cgi-bin/awstats.pl?config=schoolserver; +} +location ^~ /awstatsicons { + alias /usr/share/awstats/icon/; + access_log off; +} +location ^~ /awstatsclasses { + alias /usr/share/java/awstats/; + access_log off; +} + +location ~ ^/cgi-bin/.*\.(cgi|pl|py|rb) { + gzip off; + include fastcgi_params; + fastcgi_pass php; + fastcgi_index cgi-bin.php; + fastcgi_param SCRIPT_FILENAME /etc/nginx/cgi-bin.php; + fastcgi_param SCRIPT_NAME cgi-bin.php; + fastcgi_param X_SCRIPT_FILENAME /usr/lib$fastcgi_script_name; + fastcgi_param X_SCRIPT_NAME $fastcgi_script_name; + fastcgi_param REMOTE_USER $remote_user; +} + diff --git a/roles/awstats/templates/awstats.schoolserver.conf.j2 b/roles/awstats/templates/awstats.schoolserver.conf.j2 index c9f1a6620..abf4d9f41 100644 --- a/roles/awstats/templates/awstats.schoolserver.conf.j2 +++ b/roles/awstats/templates/awstats.schoolserver.conf.j2 @@ -49,7 +49,7 @@ # {% if is_debuntu %} -LogFile="/usr/share/awstats/tools/logresolvemerge.pl /var/log/{{ apache_service }}/access.log* |" +LogFile="/usr/share/awstats/tools/logresolvemerge.pl {{ apache_log_dir }}/access.log* |" {% else %} LogFile="/usr/share/awstats/tools/logresolvemerge.pl /var/log/httpd/access_log* |" {% endif %} diff --git a/roles/awstats/templates/cgi-bin.php b/roles/awstats/templates/cgi-bin.php new file mode 100644 index 000000000..a1bced748 --- /dev/null +++ b/roles/awstats/templates/cgi-bin.php @@ -0,0 +1,32 @@ + array("pipe", "r"), // stdin is a pipe that the child will read from + 1 => array("pipe", "w"), // stdout is a pipe that the child will write to + 2 => array("pipe", "w") // stderr is a file to write to +); +$newenv = $_SERVER; +$newenv["SCRIPT_FILENAME"] = $_SERVER["X_SCRIPT_FILENAME"]; +$newenv["SCRIPT_NAME"] = $_SERVER["X_SCRIPT_NAME"]; +if (is_executable($_SERVER["X_SCRIPT_FILENAME"])) { + $process = proc_open($_SERVER["X_SCRIPT_FILENAME"], $descriptorspec, $pipes, NULL, $newenv); + if (is_resource($process)) { + fclose($pipes[0]); + $head = fgets($pipes[1]); + while (strcmp($head, "\n")) { + header($head); + $head = fgets($pipes[1]); + } + fpassthru($pipes[1]); + fclose($pipes[1]); + fclose($pipes[2]); + $return_value = proc_close($process); + } else { + header("Status: 500 Internal Server Error"); + echo("Internal Server Error"); + } +} else { + header("Status: 404 Page Not Found"); + echo("Page Not Found"); +} diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 74833fe5f..081837d6a 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -71,7 +71,7 @@ mode: 0644 with_items: - { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' } - - { src: 'calibre-web.conf.j2', dest: '/etc/apache2/sites-available/calibre-web.conf' } + - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web.conf' } - name: Does /library/calibre-web/metadata.db exist? stat: @@ -127,7 +127,7 @@ daemon_reload: yes enabled: no state: stopped - when: not calibreweb_enabled + when: not calibreweb_enabled | bool - name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache command: a2dissite calibre-web.conf diff --git a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 new file mode 100644 index 000000000..7437daaf6 --- /dev/null +++ b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 @@ -0,0 +1,8 @@ +location /books { + proxy_bind $server_addr; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /books; + proxy_pass http://127.0.0.1:8083; +} diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 6461ebca1..a992fc184 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -124,6 +124,12 @@ src: elgg.conf dest: "/etc/{{ apache_config_dir }}/elgg.conf" +- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template, for http://box/elgg + template: + src: elgg-nginx.conf + dest: "/etc/nginx/conf.d/elgg-nginx.conf" + when: elgg_enabled and is_debuntu + - name: Create symlink elgg.conf from sites-enabled to sites-available (debuntu, not nec for redhat) file: src: /etc/apache2/sites-available/elgg.conf diff --git a/roles/elgg/templates/elgg-nginx.conf b/roles/elgg/templates/elgg-nginx.conf new file mode 100644 index 000000000..8687f4853 --- /dev/null +++ b/roles/elgg/templates/elgg-nginx.conf @@ -0,0 +1,3 @@ +location /elgg { + proxy_pass http://127.0.0.1:{{ apache_port }}/elgg; +} diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 669f5b6bd..92122489a 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -66,11 +66,12 @@ with_items: - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' } - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' } + - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' } # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147 # For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively +- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress and/or Moodle intensively lineinfile: path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" regexp: "{{ item.regexp }}" @@ -79,7 +80,7 @@ with_items: - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } @@ -123,6 +124,7 @@ - headers - proxy - proxy_html + - headers - proxy_http - rewrite when: is_debuntu | bool diff --git a/roles/httpd/templates/ports.conf b/roles/httpd/templates/ports.conf new file mode 100644 index 000000000..5ab767772 --- /dev/null +++ b/roles/httpd/templates/ports.conf @@ -0,0 +1,15 @@ +# If you just change the port or add more ports here, you will likely also +# have to change the VirtualHost statement in +# /etc/apache2/sites-enabled/000-default.conf + +Listen {{ apache_port }} + +# +# Listen 443 +# + +# +# Listen 443 +# + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 5c2ccd757..5f7c992c5 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -159,7 +159,7 @@ value: "{{ kolibri_url }}" - option: kolibri_exec_path value: "{{ kolibri_exec_path }}" - - option: kolibri_http_port + - option: kolibri_port value: "{{ kolibri_http_port }}" - option: kolibri_enabled value: "{{ kolibri_enabled }}" diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 194472ac6..2b0f1e813 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -110,6 +110,11 @@ src: lokole.conf.j2 dest: "/etc/{{ apache_config_dir }}/lokole.conf" +- name: Install /etc/nginx/lokole-nginx.conf from template, for http://box/lokole + template: + src: lokole-nginx.conf.j2 + dest: "/etc/nginx/conf.d/lokole-nginx.conf" + - name: Symlink /etc/apache2/sites-enabled/lokole.conf to /etc/{{ apache_config_dir }}/lokole.conf, if lokole_enabled (debuntu) file: src: "/etc/{{ apache_config_dir }}/lokole.conf" diff --git a/roles/lokole/templates/lokole-nginx.conf.j2 b/roles/lokole/templates/lokole-nginx.conf.j2 new file mode 100644 index 000000000..bedf791b3 --- /dev/null +++ b/roles/lokole/templates/lokole-nginx.conf.j2 @@ -0,0 +1,3 @@ +location /lokole { + proxy_pass http://127.0.0.1:{{ apache_port }}/lokole; +} diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index db90e1e6c..6c0da46c7 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -72,6 +72,12 @@ state: link when: mediawiki_enabled and is_debuntu +- name: Install nginx config file, if mediawiki_enabled (debuntu) + template: + src: mediawiki-nginx.conf.j2 + dest: /etc/nginx/conf.d/mediawiki-nginx.conf + when: mediawiki_enabled and is_debuntu + - name: Remove mediawiki.conf if not mediawiki_enabled (debuntu) file: path: /etc/apache2/sites-enabled/mediawiki.conf diff --git a/roles/mediawiki/templates/mediawiki-nginx.conf.j2 b/roles/mediawiki/templates/mediawiki-nginx.conf.j2 new file mode 100644 index 000000000..b49220657 --- /dev/null +++ b/roles/mediawiki/templates/mediawiki-nginx.conf.j2 @@ -0,0 +1,11 @@ +location /mediawiki { + proxy_pass http://127.0.0.1:{{ apache_port }}/mediawiki; +} + location ~ /mediawiki/.*\.php$ { + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; + +} diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 5495f230b..1b0c06590 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -81,6 +81,15 @@ mode: 0644 when: moodle_enabled | bool +- name: Install nginx's config file from template, if moodle_enabled + template: + src: moodle-nginx.conf.j2 + dest: "/etc/nginx/conf.d/moodle-nginx.conf" + owner: root + group: root + mode: 0644 + when: moodle_enabled | bool + - name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu) file: src: /etc/apache2/sites-available/022-moodle.conf diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 new file mode 100644 index 000000000..a06e6baf3 --- /dev/null +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -0,0 +1,13 @@ +location /moodle { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} +location ~ ^/moodle.*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} + diff --git a/roles/moodle/templates/moodle-nginx.conf.j2.native b/roles/moodle/templates/moodle-nginx.conf.j2.native new file mode 100644 index 000000000..bbf2fabe0 --- /dev/null +++ b/roles/moodle/templates/moodle-nginx.conf.j2.native @@ -0,0 +1,16 @@ +location ^/moodle { + alias /opt/iiab/moodle; + try_files $uri $uri/ index.php =404; +} +location ~ /moodle/(.*)\.php { + root /opt/iiab/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + include fastcgi_params; + fastcgi_index index.php; + fastcgi_pass php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; +} diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 83c1afc7b..4a2440bf2 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -30,7 +30,7 @@ mode: 0644 with_items: - { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' } - - { src: 'munin24.conf.j2', dest: '/etc/{{ apache_config_dir }}/munin24.conf' } + - { src: 'munin24-nginx.conf.j2', dest: '/etc/nginx/conf.d/munin24-nginx.conf' } - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd htpasswd: diff --git a/roles/munin/templates/munin24-nginx.conf.j2 b/roles/munin/templates/munin24-nginx.conf.j2 new file mode 100644 index 000000000..dbbcc2795 --- /dev/null +++ b/roles/munin/templates/munin24-nginx.conf.j2 @@ -0,0 +1,4 @@ +location /munin { + alias /var/cache/munin/www/ ; + try_files $uri $uri/ /index.html; +} diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 996567e4e..b80d30be7 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -3,6 +3,7 @@ # nextcloud_install: False # nextcloud_enabled: False +nextcloud_force_install: False # nextcloud_allow_public_ips: False diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml index ff753abf9..fc1e3ae8a 100644 --- a/roles/nextcloud/tasks/enable_or_disable.yml +++ b/roles/nextcloud/tasks/enable_or_disable.yml @@ -33,6 +33,17 @@ state: absent when: not nextcloud_enabled and is_redhat +- name: Enable the nginx proxying to apache + template: src=nextcloud-nginx.conf dest=/etc/nginx/conf.d/nextcloud-nginx.conf + when: nextcloud_enabled | bool + +- name: Restart apache, so it picks up the new aliases + service: name={{ apache_service }} state=restarted + +- name: Restart nnginx + service: name=nginx state=restarted + when: nginx_enabled | bool + - name: Restart Apache, enabling/disabling http://box/nextcloud service: name: "{{ apache_service }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 13bd12b01..b841bf5fa 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -7,7 +7,7 @@ #set_fact: # nextcloud_force_install: True include_tasks: install.yml - when: nextcloud_install and not nextcloud_page.stat.exists + when: (nextcloud_install and not nextcloud_page.stat.exists) or nextcloud_force_install # - debug: # var: nextcloud_force_install diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf b/roles/nextcloud/templates/nextcloud-nginx.conf new file mode 100644 index 000000000..114baf77b --- /dev/null +++ b/roles/nextcloud/templates/nextcloud-nginx.conf @@ -0,0 +1,11 @@ +location /nextcloud { + proxy_pass http://127.0.0.1:{{ apache_port }}/nextcloud; +} + +location ~ /nextcloud/.*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; +} + From cffb6afeccd4cb779d6b49e19225ce332326f046 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 16 Oct 2019 00:47:49 +0100 Subject: [PATCH 009/148] oversignts and corrections -- most now seem to work on rpi --- roles/kolibri/tasks/main.yml | 12 +++ roles/kolibri/templates/kolibri-nginx.conf.j2 | 9 +++ roles/nginx/defaults/main.yml | 1 + roles/nginx/files/README.md | 21 +++++ roles/nginx/tasks/main.yml | 62 ++++++++++++++ .../nginx/templates/admin-console-apache.conf | 9 +++ .../nginx/templates/admin-console-nginx.conf | 29 +++++++ roles/nginx/templates/admin-console.ini | 8 ++ roles/nginx/templates/kalite-nginx.conf | 59 ++++++++++++++ roles/nginx/templates/kiwix.conf | 3 + roles/nginx/templates/nginx.conf | 80 +++++++++++++++++++ roles/nginx/templates/server.conf | 40 ++++++++++ roles/nginx/templates/usb-lib.conf | 7 ++ roles/nginx/templates/uwsgi.unit | 13 +++ roles/nodered/tasks/main.yml | 15 ++++ roles/nodered/templates/nodered-nginx.conf.j2 | 3 + roles/osm-vector-maps/tasks/main.yml | 20 ++--- .../templates/osm-vector-maps-nginx.conf | 7 ++ roles/sugarizer/tasks/install.yml | 19 +++-- .../sugarizer/templates/sugarizer-nginx.conf | 12 +++ roles/wordpress/tasks/install.yml | 13 +++ .../wordpress/templates/wordpress-nginx.conf | 11 +++ vars/default_vars.yml | 22 +++++ 23 files changed, 452 insertions(+), 23 deletions(-) create mode 100644 roles/kolibri/templates/kolibri-nginx.conf.j2 create mode 100644 roles/nginx/defaults/main.yml create mode 100644 roles/nginx/files/README.md create mode 100644 roles/nginx/tasks/main.yml create mode 100644 roles/nginx/templates/admin-console-apache.conf create mode 100644 roles/nginx/templates/admin-console-nginx.conf create mode 100644 roles/nginx/templates/admin-console.ini create mode 100644 roles/nginx/templates/kalite-nginx.conf create mode 100644 roles/nginx/templates/kiwix.conf create mode 100644 roles/nginx/templates/nginx.conf create mode 100644 roles/nginx/templates/server.conf create mode 100644 roles/nginx/templates/usb-lib.conf create mode 100644 roles/nginx/templates/uwsgi.unit create mode 100644 roles/nodered/templates/nodered-nginx.conf.j2 create mode 100644 roles/osm-vector-maps/templates/osm-vector-maps-nginx.conf create mode 100644 roles/sugarizer/templates/sugarizer-nginx.conf create mode 100644 roles/wordpress/templates/wordpress-nginx.conf diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 5f7c992c5..73b0ddd47 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -119,6 +119,18 @@ # name: proxy_http - name: Start 'kolibri' systemd service, if kolibri_enabled + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service', mode: '0644' } + - { src: 'kolibri.conf.j2', dest: '/etc/apache2/sites-available/kolibri.conf', mode: '0644' } + - { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' } + +- name: Enable & (Re)Start kolibri service systemd: name: kolibri state: started diff --git a/roles/kolibri/templates/kolibri-nginx.conf.j2 b/roles/kolibri/templates/kolibri-nginx.conf.j2 new file mode 100644 index 000000000..54af28c09 --- /dev/null +++ b/roles/kolibri/templates/kolibri-nginx.conf.j2 @@ -0,0 +1,9 @@ +location /kolibri { + proxy_bind $server_addr; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /kolibri; + proxy_pass http://127.0.0.1:8009; +} + diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml new file mode 100644 index 000000000..ae625c277 --- /dev/null +++ b/roles/nginx/defaults/main.yml @@ -0,0 +1 @@ +nginx_log_dir: /var/log/nginx diff --git a/roles/nginx/files/README.md b/roles/nginx/files/README.md new file mode 100644 index 000000000..41bd59bc8 --- /dev/null +++ b/roles/nginx/files/README.md @@ -0,0 +1,21 @@ +### Transition to NGINX +1. Initial testing strategy is to move nginx to port 80, and proxy everything to apache on port 8090-- creating a shim. +2. Without php available via fastcgi, any function at all for php based applications validates nginx. +3. Current state (7/15/19): + 1. Principal functions migrated to nginx. + * Admin Console + * Awstats + * kiwix -- goes directly to port 3000 + * kalite -- goes directly to port 8009 + * calibre-web + * kolibri + * usb-lib + * maps + 2. Still proxied to Apache + * mediawiki + * elgg + * nodered + * nextcloud + * wordpress + * moodle + * archive.org diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 000000000..6cbf698e5 --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,62 @@ +- name: Insure that apache2 is not running -- we may need port swap + service: + name: apache2 + enabled: False + state: stopped + ignore_errors: True + +- name: Install nginx required and helper packages + package: name={{ item }} state=present + with_items: + - nginx-extras + - uwsgi + - uwsgi-plugin-python + - php-fpm + - libnginx-mod-http-subs-filter + +- name: Put the config file in place + template: + src: '{{ item.src}}' + dest: '{{ item.dest }}' + with_items: + - { src: "server.conf",dest: "/etc/nginx/" } + - { src: "nginx.conf",dest: "/etc/nginx/" } + - { src: "usb-lib.conf",dest: "/etc/nginx/conf.d/" } + - { src: "admin-console.ini",dest: "/etc/uwsgi/apps-enabled/" } + - { src: "uwsgi.unit",dest: "/etc/systemd/system/" } +# optional services + - { src: "kiwix.conf",dest: "/etc/nginx/conf.d/" } + +- name: Add http server user to shadow group, so it can authenticate Admin Console + user: + name: "{{ apache_user }}" + groups: shadow + +- name: Remove the nginx default config + file: path=/etc/nginx/sites-enabled/default state=absent + +- name: Install config for Admin Console + template: + src: admin-console-nginx.conf +# Comment one or the other to revert from nginx back to apache2, if required +# src: admin-console-apache.conf + dest: /etc/nginx/conf.d/admin-console.conf + when: admin_console_enabled | bool + +- name: Enable the uwsgi systemd service + service: + name: uwsgi + state: started + enabled: True + +- name: Make sure nginx picks up the config + service: + name: nginx + state: restarted + when: nginx_enabled | bool + +# it might not be installed yet, so ignore errors +- name: Since we stopped apache2, start it again + service: name=apache2 state=started enabled=True + when: apache_enabled | bool + ignore_errors: True diff --git a/roles/nginx/templates/admin-console-apache.conf b/roles/nginx/templates/admin-console-apache.conf new file mode 100644 index 000000000..6e1269392 --- /dev/null +++ b/roles/nginx/templates/admin-console-apache.conf @@ -0,0 +1,9 @@ +location /admin { + proxy_pass http://127.0.0.1:{{ apache_port }}/admin; +} +location /cmd-service { + proxy_pass http://127.0.0.1:{{ apache_port }}/cmd-service; +} + + + diff --git a/roles/nginx/templates/admin-console-nginx.conf b/roles/nginx/templates/admin-console-nginx.conf new file mode 100644 index 000000000..cf610d10a --- /dev/null +++ b/roles/nginx/templates/admin-console-nginx.conf @@ -0,0 +1,29 @@ +location /admin { +# proxy_pass http://127.0.0.1:{{ apache_port }}/admin; + alias /opt/admin/console; + auth_pam "Secure zone"; + auth_pam_service_name "nginx"; + +} + +location ~ /admin/(.*)\.php$ { + alias /opt/admin/console/$1.php; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; +} + +location /cmd-service { +# proxy_pass http://127.0.0.1:{{ apache_port }}/cmd-service; + include uwsgi_params; + uwsgi_pass unix:///tmp/admin-console.sock; +} + + + diff --git a/roles/nginx/templates/admin-console.ini b/roles/nginx/templates/admin-console.ini new file mode 100644 index 000000000..520369c0e --- /dev/null +++ b/roles/nginx/templates/admin-console.ini @@ -0,0 +1,8 @@ +[uwsgi] + uid = www-data + gid = www-data + socket = /tmp/admin-console.sock + chdir = /opt/admin/console + wsgi-file = cmd-service.wsgi + master = true + plugins = python diff --git a/roles/nginx/templates/kalite-nginx.conf b/roles/nginx/templates/kalite-nginx.conf new file mode 100644 index 000000000..33e12c106 --- /dev/null +++ b/roles/nginx/templates/kalite-nginx.conf @@ -0,0 +1,59 @@ +# NGINX configuration for KA Lite +# +# Upstream KA-Lite server uses port 7007 +# Nginx proxy for KA-Lite uses port 8008 +# +# If you want the website to be accessible at a different port, change +# PROXY_PORT = nnnn setting in /var/ka-lite/.kalite/settings.py +# and change the below accordingly. + + +upstream kalite { + server 127.0.0.1:7007; +} + +server { + + listen 8008; + + # Default value, overwritten in nginx.d + set $kalite_home {{ kalite_root }}; + include /etc/ka-lite/nginx.d/*.conf; + + location /static { + alias $kalite_home/httpsrv/static/; + } + + location /media { + alias $kalite_home/httpsrv/media/; + } + + location /content { + alias $kalite_home/content/; + } + + location /favicon.ico { + empty_gif; + } + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://kalite; + error_page 502 = @502; + } + + location @502 { + types { } + default_type "text/html"; + return 502 " +
+

KA-Lite might be busy - wait a few moments and then reload this page +

+

If KA-Lite is still busy, get help from the system administrator +

Error code: nginx 502 Bad Gateway (maybe the KA-Lite webserver is not working correctly)"; + } + +} + diff --git a/roles/nginx/templates/kiwix.conf b/roles/nginx/templates/kiwix.conf new file mode 100644 index 000000000..c14b82f1a --- /dev/null +++ b/roles/nginx/templates/kiwix.conf @@ -0,0 +1,3 @@ +location /kiwix { + proxy_pass http://127.0.0.1:3000; +} diff --git a/roles/nginx/templates/nginx.conf b/roles/nginx/templates/nginx.conf new file mode 100644 index 000000000..d8c732b93 --- /dev/null +++ b/roles/nginx/templates/nginx.conf @@ -0,0 +1,80 @@ +# IIAB notes: sites-enabled is for server declarations +# cond.d is for location declarations within the main server block + +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type text/html; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log {{ apache_log_dir }}/access.log; + error_log {{ apache_log_dir }}/error.log; + log_format scripts '$request > $document_root$fastcgi_script_name $fastcgi_path_info'; + + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + ## + # Virtual Host Configs + ## + + + # include a server file which in turn includes conf.d/* + include /etc/nginx/server.conf; + + # include other sites + include /etc/nginx/sites-enabled/*.conf; + + + # define the upstream backend fastcgi for php + upstream php { + server unix:/run/php/php{{ php_version }}-fpm.sock; + } + +} + diff --git a/roles/nginx/templates/server.conf b/roles/nginx/templates/server.conf new file mode 100644 index 000000000..0af7b08f6 --- /dev/null +++ b/roles/nginx/templates/server.conf @@ -0,0 +1,40 @@ +server { + root {{ doc_root }}; + server_name {{ iiab_hostname }}; + listen 80; + + access_log {{ apache_log_dir }}/access.log; + error_log {{ apache_log_dir }}/error.log; + access_log {{ apache_log_dir }}/scripts.log scripts; + + index index.php index.html index.htm; + rewrite ^/$ $scheme://$server_addr/home/; + + # let individual services drop location blocks in conf.d + include /etc/nginx/conf.d/*; + + location ~ .*\.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + include fastcgi_params; + } + + location /cgi-bin { + root /usr/lib; + } + + # if you don't like seeing all the errors for missing favicon.ico in root + location = /favicon.ico { access_log off; log_not_found off; } + + # if you don't like seeing errors for a missing robots.txt in root + location = /robots.txt { access_log off; log_not_found off; } + + # this will prevent files like .htaccess .htpassword .secret etc from being served + location ~ /\. { deny all; } +} diff --git a/roles/nginx/templates/usb-lib.conf b/roles/nginx/templates/usb-lib.conf new file mode 100644 index 000000000..8feb6703d --- /dev/null +++ b/roles/nginx/templates/usb-lib.conf @@ -0,0 +1,7 @@ +location /usb { + alias /library/www/html/local_content/; + autoindex on; +} +location /local_content/ { + autoindex on; +} diff --git a/roles/nginx/templates/uwsgi.unit b/roles/nginx/templates/uwsgi.unit new file mode 100644 index 000000000..fe20333cb --- /dev/null +++ b/roles/nginx/templates/uwsgi.unit @@ -0,0 +1,13 @@ +Unit] +Description=uWSGI Service + +[Service] +ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/admin_console_wsgi.ini +Restart=always +RestartSec=5 +KillSignal=SIGQUIT +Type=notify +NotifyAccess=all + +[Install] +WantedBy=multi-user.target diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 120021a64..3f1fda91f 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -171,6 +171,15 @@ mode: 0666 when: nodered_install | bool +- name: Install nginx's conf.d file from template + template: + src: nodered-nginx.conf.j2 + dest: /etc/nginx/conf.d/nodered-nginx.conf + owner: root + group: root + mode: 0666 + when: nodered_install | bool + - name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled) file: src: /etc/apache2/sites-available/nodered.conf @@ -187,6 +196,12 @@ when: not nodered_enabled # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml +- name: Remove symlink /etc/nginx/conf.d/nodered-nginx.conf (if not nodered_enabled) + file: + path: /etc/nginx/conf.d/nodered-nginx.conf + state: absent + when: not nodered_enabled + - name: Enable proxy_wstunnel apache2 module apache2_module: state: present diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 new file mode 100644 index 000000000..275dd98a5 --- /dev/null +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -0,0 +1,3 @@ +location /nodered { + proxy_pass http://127.0.0.1:{{ apache_port }}/nodered; +} diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index 5b8ce54f0..83cce8ea3 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -70,23 +70,17 @@ src: map_functions.js dest: '{{ vector_map_path }}/maplist/assets' -- name: Install /etc/{{ apache_config_dir }}/osm-vector-maps.conf from template +- name: Install /etc/nginx/conf.d/osm-vector-maps.conf from template template: - src: osm-vector-maps.conf - dest: "/etc/{{ apache_config_dir }}/osm-vector-maps.conf" + src: osm-vector-maps-nginx.conf + dest: "/etc/nginx/conf.d/osm-vector-maps-nginx.conf" + when: osm_vector_maps_enabled | bool -- name: Create symlink osm-vector-maps.conf from sites-enabled to sites-available (debuntu, not nec for redhat) +- name: Remove config /etc/nginx/conf,d/osm-vector-maps.conf (debuntu) file: - src: /etc/apache2/sites-available/osm-vector-maps.conf - path: /etc/apache2/sites-enabled/osm-vector-maps.conf - state: link - when: osm_vector_maps_enabled and is_debuntu - -- name: Remove symlink /etc/apache2/sites-enabled/osm-vector-maps.conf (debuntu) - file: - path: /etc/apache2/sites-enabled/osm-vector-maps.conf + path: /etc/nginx/conf.d/osm-vector-maps-nginx.conf state: absent - when: not osm_vector_maps_enabled and is_debuntu + when: not osm_vector_maps_enabled | bool #- name: Does the {{ vector_map_path }}/index.html redirect already exist? # stat: diff --git a/roles/osm-vector-maps/templates/osm-vector-maps-nginx.conf b/roles/osm-vector-maps/templates/osm-vector-maps-nginx.conf new file mode 100644 index 000000000..97cfc2535 --- /dev/null +++ b/roles/osm-vector-maps/templates/osm-vector-maps-nginx.conf @@ -0,0 +1,7 @@ +# For downloadable regional vector tilesets +location /maps { + alias /library/www/osm-vector-maps; +} +location /osm-vector-maps { + alias /library/www/osm-vector-maps; +} diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 339f4b0eb..20585539e 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -138,7 +138,7 @@ # 5. CONFIG FILES -- name: "Install from templates: sugarizer.service (systemd), sugarizer.conf (Apache)" +- name: "Install from templates: sugarizer.service (systemd), sugarizer-nginx.conf (nginx)" template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -147,7 +147,7 @@ group: root with_items: - { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' } - - { src: 'sugarizer.conf.j2', dest: '/etc/apache2/sites-available/sugarizer.conf' } + - { src: 'sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf' } #- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' } #- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' } @@ -223,14 +223,7 @@ - name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URLs http://box/sugar & http://box/sugarizer (if sugarizer_enabled) file: - src: /etc/apache2/sites-available/sugarizer.conf - path: /etc/apache2/sites-enabled/sugarizer.conf - state: link - when: sugarizer_enabled and is_debuntu - -- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf (if not sugarizer_enabled) - file: - path: /etc/apache2/sites-enabled/sugarizer.conf + path: /etc/nginx/conf.d/sugarizer-nginx.conf state: absent when: not sugarizer_enabled and is_debuntu @@ -277,6 +270,12 @@ # state: stopped # when: not sugarizer_enabled +- name: Restart nginx when enabled + service: + name: nginx + state: restarted + when: sugarizer_enabled and nginx_enabled + - name: Add 'sugarizer' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" diff --git a/roles/sugarizer/templates/sugarizer-nginx.conf b/roles/sugarizer/templates/sugarizer-nginx.conf new file mode 100644 index 000000000..cd7235335 --- /dev/null +++ b/roles/sugarizer/templates/sugarizer-nginx.conf @@ -0,0 +1,12 @@ +# sugarizer_port is set to 8089 in /opt/iiab/iiab/vars/default_vars.yml +# If you need to change this, edit /etc/iiab/local_vars.yml prior to installing + + +location /sugarizer { + proxy_bind $server_addr; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /sugarizer; + proxy_pass http://127.0.0.1:8089; +} diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 995af2a1b..2c9c22d29 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -116,6 +116,19 @@ template: src: wordpress.conf.j2 dest: "/etc/{{ apache_config_dir }}/wordpress.conf" + when: apache_enabled + +- name: Copy the nginx location info + template: + src: wordpress-nginx.conf + dest: /etc/nginx/conf.d/ + when: nginx_enabled + +- name: Notify nginx service of changes + service: + name: nginx + state: restarted + when: nginx_enabled - name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu) file: diff --git a/roles/wordpress/templates/wordpress-nginx.conf b/roles/wordpress/templates/wordpress-nginx.conf new file mode 100644 index 000000000..345887ad9 --- /dev/null +++ b/roles/wordpress/templates/wordpress-nginx.conf @@ -0,0 +1,11 @@ +location /wordpress { + proxy_pass http://127.0.0.1:{{ apache_port }}/wordpress; +} + location ~ /wordpress/.*\.php$ { + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_port }}; + +} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3218ec501..8cb8bf139 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -205,6 +205,10 @@ openvpn_server_real_ip: 3.89.148.185 openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_port: 1194 +# apache +apache_install: True +apache_enabled: True +allow_apache_sudo: False # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ pi_swap_file_size: 1024 @@ -221,6 +225,24 @@ exFAT_enabled: True # 3-BASE-SERVER +# Variables fo Administrative Console +admin_console_install: True +admin_console_enabled: True + +# variables related to introduction of nginx +# apache +apache_port: "8090" +apache_interface: "127.0.0.1" +apache_install: True +apache_enabled: True +# The following variable, if True, allows Admin Console to poweroff IIAB +allow_apache_sudo: False + +nginx_port: "80" +nginx_interface: "0.0.0.0" +nginx_install: True +nginx_enabled: True + # See also Apache vars {default_language, language_priority} @ top of this file # From d213353c53eca0600b3f17496641c1d36b6dcdda Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 16 Oct 2019 16:26:48 +0100 Subject: [PATCH 010/148] apache remnant in nginx branch --- roles/munin/tasks/main.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 4a2440bf2..86c928419 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -47,19 +47,6 @@ state: started when: munin_enabled | bool -- name: Create symlink munin24.conf from sites-enabled to sites-available (debuntu) - file: - src: /etc/apache2/sites-available/munin24.conf - path: /etc/apache2/sites-enabled/munin24.conf - state: link - when: munin_enabled and is_debuntu - -- name: Remove symlink /etc/apache2/sites-enabled/munin24.conf if not munin_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/munin24.conf - state: absent - when: not munin_enabled and is_debuntu - - name: Disable munin-node service if not munin_enabled service: name: munin-node From 9cd6e0bf8c5d9e69a1633571f44624623c6eec05 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 16 Oct 2019 16:41:12 +0100 Subject: [PATCH 011/148] script needs nginx to pick up nginx.conf file, so restart nginx --- roles/calibre-web/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 081837d6a..0df9c81f9 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -111,6 +111,12 @@ state: restarted when: calibreweb_enabled | bool +- name: Restart nginx systemd service + systemd: + name: nginx + state: restarted + when: calibreweb_enabled | bool + # Default: http://box/books # SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy - name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache From 4580a1a50c6997662ca0e075d8c0de4a73aa19e6 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 16 Oct 2019 20:37:19 +0100 Subject: [PATCH 012/148] buster vm fixes --- roles/calibre-web/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 0df9c81f9..dd64f0a03 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -71,7 +71,7 @@ mode: 0644 with_items: - { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' } - - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web.conf' } + - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf' } - name: Does /library/calibre-web/metadata.db exist? stat: @@ -119,9 +119,9 @@ # Default: http://box/books # SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy -- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache - command: a2ensite calibre-web.conf - when: calibreweb_enabled | bool +#- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache +# command: a2ensite calibre-web.conf +# when: calibreweb_enabled | bool #- name: Restart Apache after enabling calibre-web httpd2 site # command: apachectl -k graceful @@ -136,7 +136,7 @@ when: not calibreweb_enabled | bool - name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache - command: a2dissite calibre-web.conf + command: rm /etc/nginx/conf.d/calibre-web-nginx.conf when: not calibreweb_enabled #- name: Restart Apache after disabling calibre-web httpd2 site From 1ccbd9dc24a69f8435451c08aa448b35f933a7c8 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 16 Oct 2019 23:26:41 +0100 Subject: [PATCH 013/148] change status date --- roles/nginx/files/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/files/README.md b/roles/nginx/files/README.md index 41bd59bc8..f5043efa5 100644 --- a/roles/nginx/files/README.md +++ b/roles/nginx/files/README.md @@ -1,7 +1,7 @@ ### Transition to NGINX 1. Initial testing strategy is to move nginx to port 80, and proxy everything to apache on port 8090-- creating a shim. 2. Without php available via fastcgi, any function at all for php based applications validates nginx. -3. Current state (7/15/19): +3. Current state (10/16/19) 1. Principal functions migrated to nginx. * Admin Console * Awstats From 2833bb16547f3bad0703024da45550afe2b54e0d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 20 Oct 2019 07:15:47 -0500 Subject: [PATCH 014/148] fix unit file --- roles/nginx/templates/uwsgi.unit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/uwsgi.unit b/roles/nginx/templates/uwsgi.unit index fe20333cb..df7fd03ed 100644 --- a/roles/nginx/templates/uwsgi.unit +++ b/roles/nginx/templates/uwsgi.unit @@ -1,4 +1,4 @@ -Unit] +[Unit] Description=uWSGI Service [Service] From 4047894ab6e03d36a8fba9e683ad45af7ffa1a38 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 20 Oct 2019 06:38:59 -0500 Subject: [PATCH 015/148] nginx - group proxypass to apache together --- roles/elgg/tasks/main.yml | 6 --- roles/httpd/tasks/main.yml | 6 +-- roles/lokole/tasks/install.yml | 5 -- roles/mediawiki/tasks/install.yml | 6 --- roles/nextcloud/defaults/main.yml | 1 - roles/nextcloud/tasks/enable_or_disable.yml | 11 ----- roles/nextcloud/tasks/main.yml | 2 +- roles/nginx/tasks/main.yml | 47 +++++++++++++++++++ .../{elgg => nginx}/templates/elgg-nginx.conf | 0 .../templates/lokole-nginx.conf.j2 | 0 .../templates/mediawiki-nginx.conf.j2 | 0 .../templates/nextcloud-nginx.conf | 0 .../templates/nodered-nginx.conf.j2 | 0 roles/{httpd => nginx}/templates/ports.conf | 0 .../templates/wordpress-nginx.conf | 0 roles/nodered/tasks/main.yml | 9 ---- roles/wordpress/tasks/install.yml | 12 ----- 17 files changed, 50 insertions(+), 55 deletions(-) rename roles/{elgg => nginx}/templates/elgg-nginx.conf (100%) rename roles/{lokole => nginx}/templates/lokole-nginx.conf.j2 (100%) rename roles/{mediawiki => nginx}/templates/mediawiki-nginx.conf.j2 (100%) rename roles/{nextcloud => nginx}/templates/nextcloud-nginx.conf (100%) rename roles/{nodered => nginx}/templates/nodered-nginx.conf.j2 (100%) rename roles/{httpd => nginx}/templates/ports.conf (100%) rename roles/{wordpress => nginx}/templates/wordpress-nginx.conf (100%) diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index a992fc184..6461ebca1 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -124,12 +124,6 @@ src: elgg.conf dest: "/etc/{{ apache_config_dir }}/elgg.conf" -- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template, for http://box/elgg - template: - src: elgg-nginx.conf - dest: "/etc/nginx/conf.d/elgg-nginx.conf" - when: elgg_enabled and is_debuntu - - name: Create symlink elgg.conf from sites-enabled to sites-available (debuntu, not nec for redhat) file: src: /etc/apache2/sites-available/elgg.conf diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 92122489a..669f5b6bd 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -66,12 +66,11 @@ with_items: - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' } - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' } - - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' } # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147 # For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress and/or Moodle intensively +- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively lineinfile: path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" regexp: "{{ item.regexp }}" @@ -80,7 +79,7 @@ with_items: - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M' } + - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } @@ -124,7 +123,6 @@ - headers - proxy - proxy_html - - headers - proxy_http - rewrite when: is_debuntu | bool diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 2b0f1e813..194472ac6 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -110,11 +110,6 @@ src: lokole.conf.j2 dest: "/etc/{{ apache_config_dir }}/lokole.conf" -- name: Install /etc/nginx/lokole-nginx.conf from template, for http://box/lokole - template: - src: lokole-nginx.conf.j2 - dest: "/etc/nginx/conf.d/lokole-nginx.conf" - - name: Symlink /etc/apache2/sites-enabled/lokole.conf to /etc/{{ apache_config_dir }}/lokole.conf, if lokole_enabled (debuntu) file: src: "/etc/{{ apache_config_dir }}/lokole.conf" diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 6c0da46c7..db90e1e6c 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -72,12 +72,6 @@ state: link when: mediawiki_enabled and is_debuntu -- name: Install nginx config file, if mediawiki_enabled (debuntu) - template: - src: mediawiki-nginx.conf.j2 - dest: /etc/nginx/conf.d/mediawiki-nginx.conf - when: mediawiki_enabled and is_debuntu - - name: Remove mediawiki.conf if not mediawiki_enabled (debuntu) file: path: /etc/apache2/sites-enabled/mediawiki.conf diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index b80d30be7..996567e4e 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -3,7 +3,6 @@ # nextcloud_install: False # nextcloud_enabled: False -nextcloud_force_install: False # nextcloud_allow_public_ips: False diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml index fc1e3ae8a..ff753abf9 100644 --- a/roles/nextcloud/tasks/enable_or_disable.yml +++ b/roles/nextcloud/tasks/enable_or_disable.yml @@ -33,17 +33,6 @@ state: absent when: not nextcloud_enabled and is_redhat -- name: Enable the nginx proxying to apache - template: src=nextcloud-nginx.conf dest=/etc/nginx/conf.d/nextcloud-nginx.conf - when: nextcloud_enabled | bool - -- name: Restart apache, so it picks up the new aliases - service: name={{ apache_service }} state=restarted - -- name: Restart nnginx - service: name=nginx state=restarted - when: nginx_enabled | bool - - name: Restart Apache, enabling/disabling http://box/nextcloud service: name: "{{ apache_service }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index b841bf5fa..13bd12b01 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -7,7 +7,7 @@ #set_fact: # nextcloud_force_install: True include_tasks: install.yml - when: (nextcloud_install and not nextcloud_page.stat.exists) or nextcloud_force_install + when: nextcloud_install and not nextcloud_page.stat.exists # - debug: # var: nextcloud_force_install diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 6cbf698e5..bddf2f3b7 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -48,6 +48,53 @@ name: uwsgi state: started enabled: True +- name: Install ports.conf when nginx_enabled, from templates + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + with_items: + - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } + when: is_debuntu | bool and nginx_enabled | bool + +- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template + template: + src: elgg-nginx.conf + dest: "/etc/nginx/conf.d/elgg-nginx.conf" + when: elgg_enabled | bool + +- name: Install /etc/nginx/lokole-nginx.conf from template + template: + src: lokole-nginx.conf.j2 + dest: "/etc/nginx/conf.d/lokole-nginx.conf" + when: lokole_enabled | bool + +- name: Install MediaWiki's nginx conf.d file from template + template: + src: mediawiki-nginx.conf.j2 + dest: /etc/nginx/conf.d/mediawiki-nginx.conf + when: mediawiki_enabled | bool + +- name: Install WordPress's nginx conf.d file from template + template: src=nextcloud-nginx.conf dest=/etc/nginx/conf.d/nextcloud-nginx.conf + when: nextcloud_enabled | bool + +- name: Install NodeRed's nginx conf.d file from template + template: + src: nodered-nginx.conf.j2 + dest: /etc/nginx/conf.d/nodered-nginx.conf + owner: root + group: root + mode: 0666 + when: nodered_enabled | bool + +- name: Install WordPress's nginx conf.d file from template + template: + src: wordpress-nginx.conf + dest: /etc/nginx/conf.d/ + when: wordpress_enabled | bool - name: Make sure nginx picks up the config service: diff --git a/roles/elgg/templates/elgg-nginx.conf b/roles/nginx/templates/elgg-nginx.conf similarity index 100% rename from roles/elgg/templates/elgg-nginx.conf rename to roles/nginx/templates/elgg-nginx.conf diff --git a/roles/lokole/templates/lokole-nginx.conf.j2 b/roles/nginx/templates/lokole-nginx.conf.j2 similarity index 100% rename from roles/lokole/templates/lokole-nginx.conf.j2 rename to roles/nginx/templates/lokole-nginx.conf.j2 diff --git a/roles/mediawiki/templates/mediawiki-nginx.conf.j2 b/roles/nginx/templates/mediawiki-nginx.conf.j2 similarity index 100% rename from roles/mediawiki/templates/mediawiki-nginx.conf.j2 rename to roles/nginx/templates/mediawiki-nginx.conf.j2 diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf b/roles/nginx/templates/nextcloud-nginx.conf similarity index 100% rename from roles/nextcloud/templates/nextcloud-nginx.conf rename to roles/nginx/templates/nextcloud-nginx.conf diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nginx/templates/nodered-nginx.conf.j2 similarity index 100% rename from roles/nodered/templates/nodered-nginx.conf.j2 rename to roles/nginx/templates/nodered-nginx.conf.j2 diff --git a/roles/httpd/templates/ports.conf b/roles/nginx/templates/ports.conf similarity index 100% rename from roles/httpd/templates/ports.conf rename to roles/nginx/templates/ports.conf diff --git a/roles/wordpress/templates/wordpress-nginx.conf b/roles/nginx/templates/wordpress-nginx.conf similarity index 100% rename from roles/wordpress/templates/wordpress-nginx.conf rename to roles/nginx/templates/wordpress-nginx.conf diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 3f1fda91f..88ce8196d 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -171,15 +171,6 @@ mode: 0666 when: nodered_install | bool -- name: Install nginx's conf.d file from template - template: - src: nodered-nginx.conf.j2 - dest: /etc/nginx/conf.d/nodered-nginx.conf - owner: root - group: root - mode: 0666 - when: nodered_install | bool - - name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled) file: src: /etc/apache2/sites-available/nodered.conf diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 2c9c22d29..8da708789 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -118,18 +118,6 @@ dest: "/etc/{{ apache_config_dir }}/wordpress.conf" when: apache_enabled -- name: Copy the nginx location info - template: - src: wordpress-nginx.conf - dest: /etc/nginx/conf.d/ - when: nginx_enabled - -- name: Notify nginx service of changes - service: - name: nginx - state: restarted - when: nginx_enabled - - name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu) file: src: /etc/apache2/sites-available/wordpress.conf From 8e53b294c02ac2b467710b96fd202af18d4ab8ca Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 20 Oct 2019 07:32:29 -0500 Subject: [PATCH 016/148] moodle - group proxypass to apache together --- roles/moodle/tasks/main.yml | 9 --------- roles/nginx/tasks/main.yml | 9 +++++++++ roles/{moodle => nginx}/templates/moodle-nginx.conf.j2 | 0 3 files changed, 9 insertions(+), 9 deletions(-) rename roles/{moodle => nginx}/templates/moodle-nginx.conf.j2 (100%) diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 1b0c06590..5495f230b 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -81,15 +81,6 @@ mode: 0644 when: moodle_enabled | bool -- name: Install nginx's config file from template, if moodle_enabled - template: - src: moodle-nginx.conf.j2 - dest: "/etc/nginx/conf.d/moodle-nginx.conf" - owner: root - group: root - mode: 0644 - when: moodle_enabled | bool - - name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu) file: src: /etc/apache2/sites-available/022-moodle.conf diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index bddf2f3b7..298e108e0 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -59,6 +59,15 @@ - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } when: is_debuntu | bool and nginx_enabled | bool +- name: Install nginx's config file from template, if moodle_enabled + template: + src: moodle-nginx.conf.j2 + dest: "/etc/nginx/conf.d/moodle-nginx.conf" + owner: root + group: root + mode: 0644 + when: moodle_enabled | bool + - name: Install /etc/nginx/conf.d/elgg-nginx.conf from template template: src: elgg-nginx.conf diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/nginx/templates/moodle-nginx.conf.j2 similarity index 100% rename from roles/moodle/templates/moodle-nginx.conf.j2 rename to roles/nginx/templates/moodle-nginx.conf.j2 From eadeb114e70941651e10d7e5e1eb06e91a44af75 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 22 Oct 2019 00:11:25 -0500 Subject: [PATCH 017/148] split to file --- roles/nginx/tasks/main.yml | 47 ++---------------------------- roles/nginx/tasks/uses_apache.yml | 48 +++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 45 deletions(-) create mode 100644 roles/nginx/tasks/uses_apache.yml diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 298e108e0..30054b654 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -59,51 +59,8 @@ - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } when: is_debuntu | bool and nginx_enabled | bool -- name: Install nginx's config file from template, if moodle_enabled - template: - src: moodle-nginx.conf.j2 - dest: "/etc/nginx/conf.d/moodle-nginx.conf" - owner: root - group: root - mode: 0644 - when: moodle_enabled | bool - -- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template - template: - src: elgg-nginx.conf - dest: "/etc/nginx/conf.d/elgg-nginx.conf" - when: elgg_enabled | bool - -- name: Install /etc/nginx/lokole-nginx.conf from template - template: - src: lokole-nginx.conf.j2 - dest: "/etc/nginx/conf.d/lokole-nginx.conf" - when: lokole_enabled | bool - -- name: Install MediaWiki's nginx conf.d file from template - template: - src: mediawiki-nginx.conf.j2 - dest: /etc/nginx/conf.d/mediawiki-nginx.conf - when: mediawiki_enabled | bool - -- name: Install WordPress's nginx conf.d file from template - template: src=nextcloud-nginx.conf dest=/etc/nginx/conf.d/nextcloud-nginx.conf - when: nextcloud_enabled | bool - -- name: Install NodeRed's nginx conf.d file from template - template: - src: nodered-nginx.conf.j2 - dest: /etc/nginx/conf.d/nodered-nginx.conf - owner: root - group: root - mode: 0666 - when: nodered_enabled | bool - -- name: Install WordPress's nginx conf.d file from template - template: - src: wordpress-nginx.conf - dest: /etc/nginx/conf.d/ - when: wordpress_enabled | bool +- name: Install proxpass to apache running on localhost + include_tasks: uses_apache.yml - name: Make sure nginx picks up the config service: diff --git a/roles/nginx/tasks/uses_apache.yml b/roles/nginx/tasks/uses_apache.yml new file mode 100644 index 000000000..fb576bbaa --- /dev/null +++ b/roles/nginx/tasks/uses_apache.yml @@ -0,0 +1,48 @@ +- name: Install nginx's config file from template, if moodle_enabled + template: + src: moodle-nginx.conf.j2 + dest: "/etc/nginx/conf.d/moodle-nginx.conf" + owner: root + group: root + mode: 0644 + when: moodle_enabled | bool + +- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template + template: + src: elgg-nginx.conf + dest: "/etc/nginx/conf.d/elgg-nginx.conf" + when: elgg_enabled | bool + +- name: Install /etc/nginx/lokole-nginx.conf from template + template: + src: lokole-nginx.conf.j2 + dest: "/etc/nginx/conf.d/lokole-nginx.conf" + when: lokole_enabled | bool + +- name: Install MediaWiki's nginx conf.d file from template + template: + src: mediawiki-nginx.conf.j2 + dest: /etc/nginx/conf.d/mediawiki-nginx.conf + when: mediawiki_enabled | bool + +- name: Install WordPress's nginx conf.d file from template + template: src=nextcloud-nginx.conf dest=/etc/nginx/conf.d/nextcloud-nginx.conf + when: nextcloud_enabled | bool + +- name: Install NodeRed's nginx conf.d file from template + template: + src: nodered-nginx.conf.j2 + dest: /etc/nginx/conf.d/nodered-nginx.conf + owner: root + group: root + mode: 0666 + when: nodered_enabled | bool + +- name: Install WordPress's nginx conf.d file from template + template: + src: wordpress-nginx.conf + dest: /etc/nginx/conf.d/ + when: wordpress_enabled | bool + +#- name: Install proxpass to apache running on localhost + From 8388c822473aec40bac40eb01ccb06a486202bbe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 20 Oct 2019 07:35:51 -0500 Subject: [PATCH 018/148] update readme --- roles/nginx/files/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nginx/files/README.md b/roles/nginx/files/README.md index f5043efa5..cb178b7b5 100644 --- a/roles/nginx/files/README.md +++ b/roles/nginx/files/README.md @@ -18,4 +18,5 @@ * nextcloud * wordpress * moodle + 3. Not dealt with yet * archive.org From 603c87013f90d266a94f4378f372cbd44badda48 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 20 Oct 2019 07:53:48 -0500 Subject: [PATCH 019/148] kolibri - add when nginx_enabled - restart --- roles/kolibri/tasks/main.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 73b0ddd47..23ee309a0 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -71,7 +71,6 @@ enabled: yes state: stopped - # 2019-10-01: Should no longer be nec, thanks to /etc/kolibri/daemon.conf # containing KOLIBRI_HOME="/library/kolibri" (above) #- name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri @@ -118,7 +117,7 @@ # apache2_module: # name: proxy_http -- name: Start 'kolibri' systemd service, if kolibri_enabled +- name: Supply /etc/nginx/conf.d/kolibri-nginx.conf when nginx_enabled template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -126,9 +125,8 @@ owner: root group: root with_items: - - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service', mode: '0644' } - - { src: 'kolibri.conf.j2', dest: '/etc/apache2/sites-available/kolibri.conf', mode: '0644' } - { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' } + when: kolibri_enabled | bool and nginx_enabled | bool - name: Enable & (Re)Start kolibri service systemd: @@ -138,7 +136,7 @@ - name: Enable http://box{{ kolibri_url }} with Apache (a2ensite) if kolibri_enabled # i.e. http://box/kolibri command: a2ensite kolibri.conf - when: kolibri_enabled | bool + when: kolibri_enabled | bool and not nginx_enabled | bool - name: Disable & Stop 'kolibri' systemd service if not kolibri_enabled systemd: @@ -149,12 +147,19 @@ - name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled command: a2dissite kolibri.conf - when: not kolibri_enabled + when: not kolibri_enabled or nginx_enabled | bool - name: Restart Apache service ({{ apache_service }}) # e.g. apache2 systemd: name: "{{ apache_service }}" state: restarted + when: not nginx_enabled | bool + +- name: Restart nginx service + systemd: + name: nginx + state: restarted + when: nginx_enabled | bool - name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini ini_file: @@ -171,7 +176,7 @@ value: "{{ kolibri_url }}" - option: kolibri_exec_path value: "{{ kolibri_exec_path }}" - - option: kolibri_port + - option: kolibri_http_port value: "{{ kolibri_http_port }}" - option: kolibri_enabled value: "{{ kolibri_enabled }}" From 323d028fae3a04ad1e6dcad2ea5c8df6b37431a6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 20 Oct 2019 08:08:25 -0500 Subject: [PATCH 020/148] calibreweb - add when nginx_enabled - restart --- roles/calibre-web/tasks/main.yml | 36 +++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index dd64f0a03..0cf210db1 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -71,7 +71,7 @@ mode: 0644 with_items: - { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' } - - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf' } + - { src: 'calibre-web.conf.j2', dest: '/etc/apache2/sites-available/calibre-web.conf' } - name: Does /library/calibre-web/metadata.db exist? stat: @@ -111,17 +111,11 @@ state: restarted when: calibreweb_enabled | bool -- name: Restart nginx systemd service - systemd: - name: nginx - state: restarted - when: calibreweb_enabled | bool - # Default: http://box/books # SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy -#- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache -# command: a2ensite calibre-web.conf -# when: calibreweb_enabled | bool +- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache + command: a2ensite calibre-web.conf + when: calibreweb_enabled | bool and not nginx_enabled | bool #- name: Restart Apache after enabling calibre-web httpd2 site # command: apachectl -k graceful @@ -136,17 +130,35 @@ when: not calibreweb_enabled | bool - name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache - command: rm /etc/nginx/conf.d/calibre-web-nginx.conf - when: not calibreweb_enabled + command: a2dissite calibre-web.conf + when: not calibreweb_enabled or nginx_enabled | bool #- name: Restart Apache after disabling calibre-web httpd2 site # command: apachectl -k graceful # when: not calibreweb_enabled +- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' } + when: calibreweb_enabled | bool and nginx_enabled | bool + +- name: Restart nginx systemd service + systemd: + name: nginx + state: restarted + when: calibreweb_enabled | bool and nginx_enabled | bool + - name: Restart Apache systemd service ({{ apache_service }}) systemd: name: "{{ apache_service }}" # httpd or apache2 state: restarted + when: not nginx_enabled | bool - name: Add 'calibre-web' variable values to {{ iiab_ini_file }} ini_file: From de5cdde3cc462cd4c5cb70da80bc5f69aa7a118e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 20 Oct 2019 08:33:56 -0500 Subject: [PATCH 021/148] sugarizer - add when nginx_enabled - restart2 --- roles/sugarizer/tasks/install.yml | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 20585539e..b4263638d 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -147,7 +147,7 @@ group: root with_items: - { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' } - - { src: 'sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf' } + - { src: 'sugarizer.conf.j2', dest: '/etc/apache2/sites-available/sugarizer.conf' } #- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' } #- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' } @@ -223,10 +223,27 @@ - name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URLs http://box/sugar & http://box/sugarizer (if sugarizer_enabled) file: - path: /etc/nginx/conf.d/sugarizer-nginx.conf - state: absent - when: not sugarizer_enabled and is_debuntu + src: /etc/apache2/sites-available/sugarizer.conf + path: /etc/apache2/sites-enabled/sugarizer.conf + state: link + when: sugarizer_enabled | bool and not nginx_enabled | bool +- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf (if not sugarizer_enabled) + file: + path: /etc/apache2/sites-enabled/sugarizer.conf + state: absent + when: not sugarizer_enabled | bool or nginx_enabled | bool + +- name: "Install sugarizer-nginx.conf (nginx)" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf' , mode: '0644' } + when: nginx_enabled | bool # 6. RESTART/STOP SYSTEMD SERVICE @@ -251,7 +268,7 @@ systemd: name: "{{ apache_service }}" # httpd or apache2 state: restarted - #when: sugarizer_enabled | bool + when: sugarizer_enabled | bool and not nginx_enabled | bool #- name: Enable services (all OS's) # service: @@ -271,9 +288,10 @@ # when: not sugarizer_enabled - name: Restart nginx when enabled - service: + systemd: name: nginx state: restarted + daemon_reload: yes when: sugarizer_enabled and nginx_enabled - name: Add 'sugarizer' variable values to {{ iiab_ini_file }} From 3e9ffb8987b50304bf8831e456c823a31203b96a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 20 Oct 2019 09:02:40 -0500 Subject: [PATCH 022/148] kiwix - add when nginx_enabled - restart2 --- roles/kiwix/tasks/kiwix_install.yml | 35 +++++++++++++++++-- .../templates/kiwix-nginx.conf} | 0 roles/nginx/files/README.md | 12 ++++--- 3 files changed, 40 insertions(+), 7 deletions(-) rename roles/{nginx/templates/kiwix.conf => kiwix/templates/kiwix-nginx.conf} (100%) diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 542df81a5..99ceed5bd 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -104,7 +104,25 @@ src: /etc/apache2/sites-available/kiwix.conf path: /etc/apache2/sites-enabled/kiwix.conf state: link - when: is_debuntu | bool + when: kiwix_enabled | bool and not nginx_enabled | bool + +- name: Install nginx support + template: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + with_items: + - { src: 'kiwix-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf', mode: '0644' } + when: kiwix_enabled | bool and nginx_enabled | bool + +- name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf + file: + path: /etc/apache2/sites-enabled/kiwix.conf + state: absent + when: not kiwix_enabled | bool or nginx_enabled | bool - name: Enable & Restart 'kiwix-serve' service systemd: @@ -142,9 +160,22 @@ when: kiwix_enabled and is_redhat - name: Restart Apache, so it picks up kiwix.conf - service: + systemd: name: "{{ apache_service }}" state: restarted + when: not nginx_enabled | bool + +- name: Remove nginx support for kiwix + file: + path: /etc/nginx/conf.d/kiwix-nginx.conf + state: absent + when: not kiwix_enabled | bool + +- name: Restart nginx, so it picks up kiwix-nginx.conf state + systemd: + name: nginx + state: restarted + when: nginx_enabled | bool # 5. FINALIZE diff --git a/roles/nginx/templates/kiwix.conf b/roles/kiwix/templates/kiwix-nginx.conf similarity index 100% rename from roles/nginx/templates/kiwix.conf rename to roles/kiwix/templates/kiwix-nginx.conf diff --git a/roles/nginx/files/README.md b/roles/nginx/files/README.md index cb178b7b5..278b4f14c 100644 --- a/roles/nginx/files/README.md +++ b/roles/nginx/files/README.md @@ -5,18 +5,20 @@ 1. Principal functions migrated to nginx. * Admin Console * Awstats - * kiwix -- goes directly to port 3000 * kalite -- goes directly to port 8009 - * calibre-web - * kolibri * usb-lib * maps - 2. Still proxied to Apache + 2. Dual support + * kiwix -- goes directly to port 3000 + * calibre-web + * kolibri + * sugarizer + 3. Still proxied to Apache * mediawiki * elgg * nodered * nextcloud * wordpress * moodle - 3. Not dealt with yet + 4. Not dealt with yet * archive.org From 2b411efa3f4c429be23d92fdbf0afe3eeed74457 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 22 Oct 2019 06:05:06 -0500 Subject: [PATCH 023/148] rework - split to file --- roles/nginx/tasks/main.yml | 102 +++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 45 deletions(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 30054b654..6d31df6ad 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,10 +1,3 @@ -- name: Insure that apache2 is not running -- we may need port swap - service: - name: apache2 - enabled: False - state: stopped - ignore_errors: True - - name: Install nginx required and helper packages package: name={{ item }} state=present with_items: @@ -13,63 +6,82 @@ - uwsgi-plugin-python - php-fpm - libnginx-mod-http-subs-filter + when: nginx_install | bool - name: Put the config file in place template: src: '{{ item.src}}' dest: '{{ item.dest }}' with_items: - - { src: "server.conf",dest: "/etc/nginx/" } - - { src: "nginx.conf",dest: "/etc/nginx/" } - - { src: "usb-lib.conf",dest: "/etc/nginx/conf.d/" } - - { src: "admin-console.ini",dest: "/etc/uwsgi/apps-enabled/" } - - { src: "uwsgi.unit",dest: "/etc/systemd/system/" } -# optional services - - { src: "kiwix.conf",dest: "/etc/nginx/conf.d/" } + - { src: "server.conf",dest: "/etc/nginx/" } + - { src: "nginx.conf",dest: "/etc/nginx/" } + - { src: "usb-lib.conf",dest: "/etc/nginx/conf.d/" } + - { src: "admin-console.ini",dest: "/etc/uwsgi/apps-enabled/" } + - { src: "uwsgi.unit",dest: "/etc/systemd/system/" } + - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } + when: nginx_enabled | bool - name: Add http server user to shadow group, so it can authenticate Admin Console user: - name: "{{ apache_user }}" - groups: shadow + name: "{{ apache_user }}" + groups: shadow + when: nginx_install | bool - name: Remove the nginx default config - file: path=/etc/nginx/sites-enabled/default state=absent + file: + path: /etc/nginx/sites-enabled/default + state: absent + when: nginx_install | bool +- name: Insure that apache2 is not running -- we may need port swap + systemd: + name: apache2 + enabled: False + state: stopped + +# optional services - name: Install config for Admin Console template: - src: admin-console-nginx.conf + src: admin-console-nginx.conf # Comment one or the other to revert from nginx back to apache2, if required -# src: admin-console-apache.conf - dest: /etc/nginx/conf.d/admin-console.conf - when: admin_console_enabled | bool +# src: admin-console-apache.conf + dest: /etc/nginx/conf.d/admin-console.conf + when: admin_console_enabled | bool and nginx_enabled | bool - name: Enable the uwsgi systemd service - service: - name: uwsgi - state: started - enabled: True -- name: Install ports.conf when nginx_enabled, from templates - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 - with_items: - - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } - when: is_debuntu | bool and nginx_enabled | bool + systemd: + name: uwsgi + state: started + enabled: True + when: admin_console_enabled | bool and nginx_enabled | bool -- name: Install proxpass to apache running on localhost +- name: Disable apache port {{ apache_port }} localhost only + file: + path: /etc/{{ apache_service }}/ports.conf + state: absent + when: not nginx_enabled | bool + +# the below slides in nginx's proxypass config files for apache on localhost +# via the ports.conf file installed above +- name: Install proxpass to apache running on localhost port {{ apache_port }} include_tasks: uses_apache.yml -- name: Make sure nginx picks up the config - service: - name: nginx - state: restarted - when: nginx_enabled | bool - -# it might not be installed yet, so ignore errors +# the below task contains the same logic contained in the playbooks to enable +# 'runrole nginx' to do the right thing. +- name: Install proxpass to apache running on localhost + include_tasks: only_nginx.yml + - name: Since we stopped apache2, start it again - service: name=apache2 state=started enabled=True + systemd: + name: apache2 + state: restarted + daemon_reload: yes when: apache_enabled | bool - ignore_errors: True + +- name: Restart nginx to pick up the config files installed + systemd: + name: nginx + state: restarted + enabled: true + daemon_reload: yes + when: nginx_enabled | bool From 90c0a3046a7202a0c8601f1c241df2322dae76ff Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 22 Oct 2019 06:14:51 -0500 Subject: [PATCH 024/148] only_nginx --- roles/nginx/tasks/only_nginx.yml | 84 ++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 roles/nginx/tasks/only_nginx.yml diff --git a/roles/nginx/tasks/only_nginx.yml b/roles/nginx/tasks/only_nginx.yml new file mode 100644 index 000000000..73f809204 --- /dev/null +++ b/roles/nginx/tasks/only_nginx.yml @@ -0,0 +1,84 @@ +- name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf + file: + path: /etc/apache2/sites-enabled/kiwix.conf + state: absent + +- name: Install nginx support for kiwix if kiwix_enabled + copy: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'roles/kiwix/templates/kiwix-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf' , mode: '0644' } + when: kiwix_enabled | bool + +- name: Remove nginx support for kiwix + file: + path: /etc/nginx/conf.d/kiwix-nginx.conf + state: absent + when: not kiwix_enabled | bool + +- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf + file: + path: /etc/apache2/sites-enabled/sugarizer.conf + state: absent + +- name: "Install sugarizer-nginx.conf (nginx) if sugarizer_enabled" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'roles/sugarizer/templates/sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf', mode: '0644' } + when: sugarizer_enabled | bool + +- name: Remove nginx support for sugarizer + file: + path: /etc/nginx/conf.d/sugarizer-nginx.conf + when: not sugarizer_enabled | bool + +- name: Remove /etc/apache2/sites-enabled/kolibri.conf + file: + path: /etc/apache2/sites-enabled/kolibri.conf + state: absent + +- name: Supply /etc/nginx/conf.d/kolibri-nginx.conf when kolibri_enabled + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'roles/kolibri/templates/kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' } + when: kolibri_enabled | bool + +- name: Remove nginx support for kolibri when not kolibri_enabled + file: + path: /etc/nginx/conf.d/kolibri-nginx.conf + when: not kolibri_enabled | bool + +- name: Disable /etc/apache2/sites-enabled/calibre-web.conf + command: a2dissite calibre-web.conf + when: not calibreweb_enabled + +- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + with_items: + - { src: 'roles/calibre-web/templates/calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' } + when: calibreweb_enabled + +- name: Remove nginx support for sugarizer + file: + path: /etc/nginx/conf.d/sugarizer-nginx.conf + when: not calibreweb_enabled | bool From fcda2129c47bbf87def95e014371dbdf21c609c8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 22 Oct 2019 12:05:11 -0500 Subject: [PATCH 025/148] supply apache ports file --- roles/nginx/tasks/main.yml | 32 ++++++++++++++----- roles/nginx/templates/stock-apache-ports.conf | 16 ++++++++++ 2 files changed, 40 insertions(+), 8 deletions(-) create mode 100644 roles/nginx/templates/stock-apache-ports.conf diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 6d31df6ad..42cd45cb1 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -55,21 +55,37 @@ enabled: True when: admin_console_enabled | bool and nginx_enabled | bool -- name: Disable apache port {{ apache_port }} localhost only - file: - path: /etc/{{ apache_service }}/ports.conf - state: absent - when: not nginx_enabled | bool - # the below slides in nginx's proxypass config files for apache on localhost # via the ports.conf file installed above - name: Install proxpass to apache running on localhost port {{ apache_port }} include_tasks: uses_apache.yml + when: nginx_enabled | bool # the below task contains the same logic contained in the playbooks to enable -# 'runrole nginx' to do the right thing. -- name: Install proxpass to apache running on localhost +# 'runrole nginx' to do the right thing but with the 'src' path set to role's +# templates path ie roles//template/ + +- name: Install proxpass to other services 'dual mode' roles include_tasks: only_nginx.yml + when: nginx_enabled | bool + +- name: Stop and disable nginx when not nginx_enabled + systemd: + name: nginx + state: stopped + enabled: false + when: not nginx_enabled | bool + +- name: Disable apache port {{ apache_port }} localhost only + template: + dest: /etc/{{ apache_service }}/ports.conf + src: stock-apache-ports.conf + when: not nginx_enabled | bool + +# should have the logic to handle both modes in the playbook +- name: Rerun 'dual mode' roles by calling role's main.yml file when ngix is disabled + include_tasks: disable.yml + when: not nginx_enabled | bool - name: Since we stopped apache2, start it again systemd: diff --git a/roles/nginx/templates/stock-apache-ports.conf b/roles/nginx/templates/stock-apache-ports.conf new file mode 100644 index 000000000..bd0e2c00c --- /dev/null +++ b/roles/nginx/templates/stock-apache-ports.conf @@ -0,0 +1,16 @@ +# If you just change the port or add more ports here, you will likely also +# have to change the VirtualHost statement in +# /etc/apache2/sites-enabled/000-default.conf + +Listen 80 + + + Listen 443 + + + + Listen 443 + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet + From 2ea3e81aaac183da1b721c3c9f3b5e98993396b3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 22 Oct 2019 09:34:44 -0500 Subject: [PATCH 026/148] move to stage 4 --- roles/3-base-server/tasks/main.yml | 6 ------ roles/4-server-options/tasks/main.yml | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 006d41605..c5c42f05e 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -9,12 +9,6 @@ when: apache_install tags: base, httpd -- name: NGINX - include_role: - name: nginx - when: nginx_install - tags: base, nginx - - name: MYSQL include_role: name: mysql diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index ab3f97da4..a331169ff 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -3,6 +3,12 @@ - name: ...IS BEGINNING ================================== command: echo +- name: NGINX + include_role: + name: nginx + when: nginx_install + tags: base, nginx + - name: Install dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool From bf0ea8bbf5121f95027da46b038fb7157163bfde Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 23 Oct 2019 01:11:40 -0500 Subject: [PATCH 027/148] don't disable apache --- roles/nginx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 42cd45cb1..c74bbca11 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -36,7 +36,6 @@ - name: Insure that apache2 is not running -- we may need port swap systemd: name: apache2 - enabled: False state: stopped # optional services @@ -91,6 +90,7 @@ systemd: name: apache2 state: restarted + enabled: true daemon_reload: yes when: apache_enabled | bool From 8ad02cd172c61ac6557de7a3c690798babedbf71 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 4 Sep 2019 23:23:27 -0500 Subject: [PATCH 028/148] reuse config_vars.yml for installed app tracking --- vars/default_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 8cb8bf139..2277dee4a 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,6 +16,7 @@ iiab_local_vars_file: "{{ iiab_etc_path }}/local_vars.yml" # Installation status files iiab_env_file: "{{ iiab_etc_path }}/iiab.env" iiab_ini_file: "{{ iiab_etc_path }}/iiab.ini" +iiab_installed: "{{ iiab_etc_path }}/config_vars.yml" iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" From 493d97ff7ebde44709072d0ef60c98a501e446ff Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 4 Sep 2019 23:35:53 -0500 Subject: [PATCH 029/148] rename 'test_kalite_installed' add installed tracker kalite move recording to enable and fixes --- roles/kalite/tasks/enable.yml | 25 +++++++++++++++++++++++++ roles/kalite/tasks/main.yml | 33 +++++++-------------------------- roles/kalite/tasks/setup.yml | 5 +++++ 3 files changed, 37 insertions(+), 26 deletions(-) diff --git a/roles/kalite/tasks/enable.yml b/roles/kalite/tasks/enable.yml index f749bf6c6..d0416aa24 100644 --- a/roles/kalite/tasks/enable.yml +++ b/roles/kalite/tasks/enable.yml @@ -37,3 +37,28 @@ enabled: no state: stopped when: not kalite_cron_enabled and is_F18 + +- name: Add 'kalite_installed' variable values to {{ iiab_installed }} + ini_file: + path: "{{ iiab_installed }}" + value: kalite_installed + +- name: Add 'kalite' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: kalite + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: "KA Lite" + - option: description + value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' + - option: path + value: "{{ kalite_root }}" + - option: port + value: "{{ kalite_server_port }}" + - option: kalite_enabled + value: "{{ kalite_enabled }}" + - option: cron_enabled + value: "{{ kalite_cron_enabled }}" diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 2656d3790..a8332c117 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -15,43 +15,24 @@ - name: Does KA Lite database {{ kalite_db_name }} exist? # See if KA Lite is already configured stat: path: "{{ kalite_db_name }}" - register: kalite_installed + register: test_kalite_installed - include_tasks: install-f18.yml - when: not kalite_installed.stat.exists and is_F18 + when: not test_kalite_installed.stat.exists and is_F18 and kalite_install - include_tasks: install.yml - when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18 + when: test_kalite_installed is defined and not test_kalite_installed.stat.exists and not is_F18 and kalite_install - name: Ask systemd to reread unit files (daemon-reload) systemd: daemon_reload: yes - when: not kalite_installed.stat.exists + when: not test_kalite_installed.stat.exists - include_tasks: setup-f18.yml - when: not kalite_installed.stat.exists and is_F18 + when: not test_kalite_installed.stat.exists and is_F18 - include_tasks: setup.yml - when: not kalite_installed.stat.exists and not is_F18 + when: not test_kalite_installed.stat.exists and not is_F18 - include_tasks: enable.yml - -- name: Add 'kalite' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: kalite - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: "KA Lite" - - option: description - value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' - - option: kalite_root - value: "{{ kalite_root }}" - - option: kalite_server_port - value: "{{ kalite_server_port }}" - - option: kalite_enabled - value: "{{ kalite_enabled }}" - - option: kalite_cron_enabled - value: "{{ kalite_cron_enabled }}" + when: kalite_install or kalite_installed is defined diff --git a/roles/kalite/tasks/setup.yml b/roles/kalite/tasks/setup.yml index d0f6404e1..e1bb54af3 100644 --- a/roles/kalite/tasks/setup.yml +++ b/roles/kalite/tasks/setup.yml @@ -14,3 +14,8 @@ KALITE_HOME: "{{ kalite_root }}" # /library/ka-lite async: 1800 poll: 10 + +- name: Add 'kalite_installed' variable values to {{ iiab_installed }} + ini_file: + path: "{{ iiab_installed }}" + value: kalite_installed From 68a62c32bb55e3f0ab54361247f6c758333727a4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 5 Sep 2019 00:02:18 -0500 Subject: [PATCH 030/148] kiwix rework and add iiab_installed --- roles/kiwix/tasks/kiwix_enable.yml | 90 ++++++++++++++++++++++ roles/kiwix/tasks/kiwix_install.yml | 115 +--------------------------- roles/kiwix/tasks/main.yml | 21 +++-- 3 files changed, 109 insertions(+), 117 deletions(-) create mode 100644 roles/kiwix/tasks/kiwix_enable.yml diff --git a/roles/kiwix/tasks/kiwix_enable.yml b/roles/kiwix/tasks/kiwix_enable.yml new file mode 100644 index 000000000..9e0f63f32 --- /dev/null +++ b/roles/kiwix/tasks/kiwix_enable.yml @@ -0,0 +1,90 @@ +- name: Create softlink kiwix.conf from sites-enabled to sites-available - for Kiwix Proxy in Apache - is disabled by turning off service kiwix-serve (debuntu) + file: + src: /etc/apache2/sites-available/kiwix.conf + path: /etc/apache2/sites-enabled/kiwix.conf + state: link + when: kiwix_enabled | bool and not nginx_enabled | bool + +- name: Install nginx support + template: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + with_items: + - { src: 'kiwix-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf', mode: '0644' } + when: kiwix_enabled | bool and nginx_enabled | bool + +- name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf + file: + path: /etc/apache2/sites-enabled/kiwix.conf + state: absent + when: not kiwix_enabled | bool or nginx_enabled | bool + +- name: Enable & Restart 'kiwix-serve' service + systemd: + daemon_reload: yes + name: kiwix-serve + enabled: yes + state: restarted + when: kiwix_enabled | bool + +- name: Disable 'kiwix-serve' service + systemd: + name: kiwix-serve + enabled: no + state: stopped + when: not kiwix_enabled +# IN THEORY: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" + +# In the past kiwix-serve did not stay running, so we'd been doing this hourly. +# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in +# future, whenever service fails, if this really catches all cases?? +# https://github.com/iiab/iiab/issues/484#issuecomment-342151726 +- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) + lineinfile: + # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed + line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" + dest: /etc/crontab + when: kiwix_enabled and is_debuntu + +- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) +# * * * * * user-name command to be executed + lineinfile: + # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed + line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" + dest: /etc/crontab + when: kiwix_enabled and is_redhat + +- name: Restart Apache, so it picks up kiwix.conf + service: + name: "{{ apache_service }}" + state: restarted + +# 5. FINALIZE + +- name: Add 'kiwix' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: kiwix + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Kiwix + - option: description + value: '"Part of https://github.com/kiwix/kiwix-tools/ - kiwix-serve is the most used web server for ZIM files."' + - option: kiwix_url + value: "{{ kiwix_url }}" + - option: kiwix_path + value: "{{ kiwix_path }}" + - option: kiwix_port + value: "{{ kiwix_port }}" + - option: iiab_zim_path + value: "{{ iiab_zim_path }}" + - option: kiwix_library_xml + value: "{{ kiwix_library_xml }}" + - option: kiwix_enabled + value: "{{ kiwix_enabled }}" diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 99ceed5bd..ef77b68f4 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -27,16 +27,6 @@ force: no when: not kiwix_xml.stat.exists -- name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary - stat: - path: "{{ kiwix_path }}/bin/kiwix-serve" - register: kiwix_bin - -- name: Set fact kiwix_force_install if kiwix-serve not found - set_fact: - kiwix_force_install: True - when: not kiwix_bin.stat.exists - - name: Install {{ iiab_zim_path }}/content/test.zim if kiwix_force_install copy: src: test.zim @@ -99,106 +89,7 @@ - { src: 'iiab-make-kiwix-lib.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'} - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'} -- name: Create softlink kiwix.conf from sites-enabled to sites-available - for Kiwix Proxy in Apache - is disabled by turning off service kiwix-serve (debuntu) - file: - src: /etc/apache2/sites-available/kiwix.conf - path: /etc/apache2/sites-enabled/kiwix.conf - state: link - when: kiwix_enabled | bool and not nginx_enabled | bool - -- name: Install nginx support - template: - backup: no - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - with_items: - - { src: 'kiwix-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf', mode: '0644' } - when: kiwix_enabled | bool and nginx_enabled | bool - -- name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf - file: - path: /etc/apache2/sites-enabled/kiwix.conf - state: absent - when: not kiwix_enabled | bool or nginx_enabled | bool - -- name: Enable & Restart 'kiwix-serve' service - systemd: - daemon_reload: yes - name: kiwix-serve - enabled: yes - state: restarted - when: kiwix_enabled | bool - -- name: Disable 'kiwix-serve' service - systemd: - name: kiwix-serve - enabled: no - state: stopped - when: not kiwix_enabled -# IN THEORY: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" - -# In the past kiwix-serve did not stay running, so we'd been doing this hourly. -# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in -# future, whenever service fails, if this really catches all cases?? -# https://github.com/iiab/iiab/issues/484#issuecomment-342151726 -- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: kiwix_enabled and is_debuntu - -- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) -# * * * * * user-name command to be executed - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: kiwix_enabled and is_redhat - -- name: Restart Apache, so it picks up kiwix.conf - systemd: - name: "{{ apache_service }}" - state: restarted - when: not nginx_enabled | bool - -- name: Remove nginx support for kiwix - file: - path: /etc/nginx/conf.d/kiwix-nginx.conf - state: absent - when: not kiwix_enabled | bool - -- name: Restart nginx, so it picks up kiwix-nginx.conf state - systemd: - name: nginx - state: restarted - when: nginx_enabled | bool - -# 5. FINALIZE - -- name: Add 'kiwix' variable values to {{ iiab_ini_file }} +- name: Add 'kiwix_installed' variable values to {{ iiab_installed }} ini_file: - path: "{{ iiab_ini_file }}" - section: kiwix - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Kiwix - - option: description - value: '"Part of https://github.com/kiwix/kiwix-tools/ - kiwix-serve is the most used web server for ZIM files."' - - option: kiwix_url - value: "{{ kiwix_url }}" - - option: kiwix_path - value: "{{ kiwix_path }}" - - option: kiwix_port - value: "{{ kiwix_port }}" - - option: iiab_zim_path - value: "{{ iiab_zim_path }}" - - option: kiwix_library_xml - value: "{{ kiwix_library_xml }}" - - option: kiwix_enabled - value: "{{ kiwix_enabled }}" + path: "{{ iiab_installed }}" + value: kiwix_installed diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 2ffd410d5..020399ee3 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -28,18 +28,29 @@ url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" timeout: "{{ download_timeout }}" - when: internet_available | bool + when: internet_available | bool and kiwix_install | bool and not kiwix_installed is defined - name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} stat: path: "{{ downloads_dir }}/{{ kiwix_src_file }}" register: kiwix_src -- name: FAIL (force Ansible to exit) IF /opt/iiab/downloads/{{ kiwix_src_file }} doesn't exist - fail: - msg: "{ downloads_dir }}/{{ kiwix_src_file }} is REQUIRED in order to install Kiwix." - when: not kiwix_src.stat.exists +- name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary + stat: + path: "{{ kiwix_path }}/bin/kiwix-serve" + register: kiwix_bin + +- name: Set fact kiwix_force_install if kiwix-serve not found + set_fact: + kiwix_force_install: True + when: not kiwix_bin.stat.exists - include_tasks: kiwix_install.yml + when: kiwix_install | bool and (not kiwix_installed is defined or kiwix_force_install | bool) + tags: + - kiwix + +- include_tasks: kiwix_enable.yml + when: kiwix_install | bool or kiwix_installed is defined tags: - kiwix From 57ebdc5bb799a9c2e972c8abebdc1890db75e3ff Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 5 Sep 2019 00:16:40 -0500 Subject: [PATCH 031/148] kolibri rework and add iiab_installed --- roles/kolibri/tasks/enable.yml | 69 ++++++++++++ roles/kolibri/tasks/install.yml | 118 ++++++++++++++++++++ roles/kolibri/tasks/main.yml | 187 +------------------------------- 3 files changed, 193 insertions(+), 181 deletions(-) create mode 100644 roles/kolibri/tasks/enable.yml create mode 100644 roles/kolibri/tasks/install.yml diff --git a/roles/kolibri/tasks/enable.yml b/roles/kolibri/tasks/enable.yml new file mode 100644 index 000000000..594e4a7d2 --- /dev/null +++ b/roles/kolibri/tasks/enable.yml @@ -0,0 +1,69 @@ +- name: Start 'kolibri' systemd service, if kolibri_enabled + systemd: + name: kolibri + state: started + enabled: yes + when: kolibri_enabled | bool + +- name: Enable http://box{{ kolibri_url }} with Apache (a2ensite) if kolibri_enabled # i.e. http://box/kolibri + command: a2ensite kolibri.conf + when: kolibri_enabled | bool and not nginx_enabled | bool + +- name: Disable & Stop 'kolibri' systemd service if not kolibri_enabled + systemd: + name: kolibri + enabled: no + state: stopped + when: not kolibri_enabled + +- name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled + command: a2dissite kolibri.conf + when: not kolibri_enabled or nginx_enabled | bool + +- name: Supply /etc/nginx/conf.d/kolibri-nginx.conf when nginx_enabled + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.c +onf', mode: '0644' } + when: kolibri_enabled | bool and nginx_enabled | bool + +- name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled + command: a2dissite kolibri.conf + when: not kolibri_enabled or nginx_enabled | bool + +- name: Restart Apache service ({{ apache_service }}) # e.g. apache2 + systemd: + name: "{{ apache_service }}" + state: restarted + when: not nginx_enabled | bool + +- name: Restart nginx service + systemd: + name: nginx + state: restarted + when: nginx_enabled | bool + +- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini + ini_file: + path: "{{ iiab_ini_file }}" + section: kolibri + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: kolibri + - option: description + value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' + - option: kolibri_url + value: "{{ kolibri_url }}" + - option: kolibri_path + value: "{{ kolibri_exec_path }}" + - option: kolibri_port + value: "{{ kolibri_http_port }}" + - option: kolibri_enabled + value: "{{ kolibri_enabled }}" diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml new file mode 100644 index 000000000..5468ea7ed --- /dev/null +++ b/roles/kolibri/tasks/install.yml @@ -0,0 +1,118 @@ +- name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk + user: + name: "{{ kolibri_user }}" + groups: + - "{{ apache_user }}" + - disk + state: present + shell: /bin/false + system: yes + create_home: no + +- name: Create {{ kolibri_home }} (for Kolibri content, configuration, sqlite3 databases) + file: + path: "{{ kolibri_home }}" # /library/kolibri + owner: "{{ kolibri_user }}" # kolibri + group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) + mode: 0755 + state: directory + +- name: Create /etc/kolibri + file: + name: /etc/kolibri + state: directory + owner: root + group: root + mode: 0755 + +- name: Save kolibri_user ({{ kolibri_user }}) to /etc/kolibri/username + copy: + content: "{{ kolibri_user }}" + dest: /etc/kolibri/username + owner: root + group: root + mode: 0644 + +- name: Save kolibri_home (KOLIBRI_HOME="{{ kolibri_home }}") to /etc/kolibri/daemon.conf + copy: + content: 'KOLIBRI_HOME="{{ kolibri_home }}"' + dest: /etc/kolibri/daemon.conf + owner: root + group: root + mode: 0644 + +- name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri + apt: + deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest + environment: + KOLIBRI_HOME: "{{ kolibri_home }}" # these don't do a thing for now but + KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later + when: internet_available | bool + +- name: 'Install from templates: kolibri.service unit file for systemd & sites-available/kolibri.conf for Apache' + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + with_items: + - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service' } + - { src: 'kolibri.conf.j2', dest: '/etc/apache2/sites-available/kolibri.conf' } + +- name: Enable 'kolibri' systemd service (for reboots) but ensure it's stopped for Kolibri provisioning + systemd: + name: kolibri + daemon_reload: yes + enabled: yes + state: stopped + + +# 2019-10-01: Should no longer be nec, thanks to /etc/kolibri/daemon.conf +# containing KOLIBRI_HOME="/library/kolibri" (above) +#- name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri +# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate +# ignore_errors: yes +# become: yes +# become_user: "{{ kolibri_user }}" +# when: kolibri_provision | bool + +- name: Set Kolibri default language ({{ kolibri_language }}) + shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" + ignore_errors: yes + become: yes + become_user: "{{ kolibri_user }}" + when: kolibri_provision | bool + +- name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' + shell: > + export KOLIBRI_HOME="{{ kolibri_home }}" && + "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" + --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" + --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" + #--preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput + ignore_errors: yes + become: yes + become_user: "{{ kolibri_user }}" + when: kolibri_provision | bool + +- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? + file: + path: "{{ kolibri_home }}" # /library/kolibri + owner: "{{ kolibri_user }}" # kolibri + group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) + recurse: yes + when: kolibri_provision | bool + + +# 2019-10-07: Moved to roles/httpd/tasks/main.yml +# 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules +# for similar purposes (not all nec?) Only 1 (proxy_http) is needed here. +#- name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri +# apache2_module: +# name: proxy_http + +- name: Add 'kolibri_installed' variable values to {{ iiab_installed }} + ini_file: + path: "{{ iiab_installed }}" + value: kolibri_installed diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 23ee309a0..135287181 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -1,182 +1,7 @@ -- name: Create Linux user '{{ kolibri_user }}' and add it to groups '{{ apache_user }}', 'disk' - user: - name: "{{ kolibri_user }}" - groups: - - "{{ apache_user }}" - - disk - state: present - shell: /bin/false - system: yes - create_home: no +- name: Install Kolibri + include_tasks: install.yml + when: kolibri_install | bool and not kolibri_installed is defined -- name: Create {{ kolibri_home }} (for Kolibri content, configuration, sqlite3 databases) - file: - path: "{{ kolibri_home }}" # /library/kolibri - owner: "{{ kolibri_user }}" # kolibri - group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) - mode: 0755 - state: directory - -- name: Create /etc/kolibri - file: - name: /etc/kolibri - state: directory - owner: root - group: root - mode: 0755 - -# 2019-10-14: An alternative might be to put KOLIBRI_USER="kolibri" into -# /etc/kolibri/conf.d/iiab.conf -- name: Save kolibri_user ({{ kolibri_user }}) to /etc/kolibri/username - copy: - content: "{{ kolibri_user }}" # i.e. kolibri - dest: /etc/kolibri/username - owner: root - group: root - mode: 0644 - -# 2019-10-14: An alternative mentioned by @benjaoming (Benjamin Bach) would be -# to put KOLIBRI_HOME="/library/kolibri" into /etc/kolibri/conf.d/iiab.conf -- name: Save kolibri_home (KOLIBRI_HOME="{{ kolibri_home }}") to /etc/kolibri/daemon.conf - copy: - content: 'KOLIBRI_HOME="{{ kolibri_home }}"' # i.e. /library/kolibri - dest: /etc/kolibri/daemon.conf - owner: root - group: root - mode: 0644 - -- name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }} / migrates database, based on params set in /etc/kolibri) - apt: - deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest - environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # these don't do a thing for now but - KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later - when: internet_available | bool - -- name: 'Install from templates: kolibri.service unit file for systemd & sites-available/kolibri.conf for Apache' - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 - with_items: - - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service' } - - { src: 'kolibri.conf.j2', dest: '/etc/apache2/sites-available/kolibri.conf' } - -- name: Enable 'kolibri' systemd service (for reboots) but ensure it's stopped for Kolibri provisioning - systemd: - name: kolibri - daemon_reload: yes - enabled: yes - state: stopped - -# 2019-10-01: Should no longer be nec, thanks to /etc/kolibri/daemon.conf -# containing KOLIBRI_HOME="/library/kolibri" (above) -#- name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri -# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate -# ignore_errors: yes -# become: yes -# become_user: "{{ kolibri_user }}" -# when: kolibri_provision | bool - -- name: Set Kolibri default language ({{ kolibri_language }}) - shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" - ignore_errors: yes - become: yes - become_user: "{{ kolibri_user }}" - when: kolibri_provision | bool - -- name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' - shell: > - export KOLIBRI_HOME="{{ kolibri_home }}" && - "{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}" - --superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}" - --preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" - #--preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput - ignore_errors: yes - become: yes - become_user: "{{ kolibri_user }}" - when: kolibri_provision | bool - -# 2019-10-14: This stanza should not be necessary according to @benjaoming -# (Benjamin Bach) especially as migration & provisiondevice were run above. -#- name: chown -R {{ kolibri_user }}:{{ apache_user }} {{ kolibri_home }} for good measure? -# file: -# path: "{{ kolibri_home }}" # /library/kolibri -# owner: "{{ kolibri_user }}" # kolibri -# group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) -# recurse: yes -# when: kolibri_provision | bool - - -# 2019-10-07: Moved to roles/httpd/tasks/main.yml -# 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules -# for similar purposes (not all nec?) Only 1 (proxy_http) is needed here. -#- name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri -# apache2_module: -# name: proxy_http - -- name: Supply /etc/nginx/conf.d/kolibri-nginx.conf when nginx_enabled - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - owner: root - group: root - with_items: - - { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' } - when: kolibri_enabled | bool and nginx_enabled | bool - -- name: Enable & (Re)Start kolibri service - systemd: - name: kolibri - state: started - when: kolibri_enabled | bool - -- name: Enable http://box{{ kolibri_url }} with Apache (a2ensite) if kolibri_enabled # i.e. http://box/kolibri - command: a2ensite kolibri.conf - when: kolibri_enabled | bool and not nginx_enabled | bool - -- name: Disable & Stop 'kolibri' systemd service if not kolibri_enabled - systemd: - name: kolibri - enabled: no - state: stopped - when: not kolibri_enabled - -- name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled - command: a2dissite kolibri.conf - when: not kolibri_enabled or nginx_enabled | bool - -- name: Restart Apache service ({{ apache_service }}) # e.g. apache2 - systemd: - name: "{{ apache_service }}" - state: restarted - when: not nginx_enabled | bool - -- name: Restart nginx service - systemd: - name: nginx - state: restarted - when: nginx_enabled | bool - -- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini - ini_file: - path: "{{ iiab_ini_file }}" - section: kolibri - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: kolibri - - option: description - value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' - - option: kolibri_url - value: "{{ kolibri_url }}" - - option: kolibri_exec_path - value: "{{ kolibri_exec_path }}" - - option: kolibri_http_port - value: "{{ kolibri_http_port }}" - - option: kolibri_enabled - value: "{{ kolibri_enabled }}" +- name: Enable Kolibri + include_tasks: enable.yml + when: kolibri_install | bool or kolibri_installed is defined From 2c14df405d16ad6f70aed730fd7f1375b329eae2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 5 Sep 2019 00:29:39 -0500 Subject: [PATCH 032/148] sugarizer rework and add iiab_installed --- roles/sugarizer/tasks/enable.yml | 86 ++++++++++++++++++++++++++++++ roles/sugarizer/tasks/install.yml | 88 ++----------------------------- roles/sugarizer/tasks/main.yml | 6 ++- 3 files changed, 94 insertions(+), 86 deletions(-) create mode 100644 roles/sugarizer/tasks/enable.yml diff --git a/roles/sugarizer/tasks/enable.yml b/roles/sugarizer/tasks/enable.yml new file mode 100644 index 000000000..f12d187b3 --- /dev/null +++ b/roles/sugarizer/tasks/enable.yml @@ -0,0 +1,86 @@ +- name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URLs http://box/sugar & http://box/sugarizer (if sugarizer_enabled) + file: + src: /etc/apache2/sites-available/sugarizer.conf + path: /etc/apache2/sites-enabled/sugarizer.conf + state: link + when: sugarizer_enabled | bool and not nginx_enabled | bool + +- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf (if not sugarizer_enabled) + file: + path: /etc/apache2/sites-enabled/sugarizer.conf + state: absent + when: not sugarizer_enabled | bool or nginx_enabled | bool + +- name: "Install sugarizer-nginx.conf (nginx)" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf' , mode: '0644' } + when: sugarizer_enabled | bool and nginx_enabled | bool + +# 6. RESTART/STOP SYSTEMD SERVICE + +# with "systemctl daemon-reload" in case mongodb.service changed, etc +- name: Enable & Restart 'sugarizer' systemd service (if sugarizer_enabled) + systemd: + name: sugarizer + daemon_reload: yes + enabled: yes + state: restarted + when: sugarizer_enabled | bool + +- name: Disable & Stop 'sugarizer' systemd service (if not sugarizer_enabled) + systemd: + name: sugarizer + daemon_reload: yes + enabled: no + state: stopped + when: not sugarizer_enabled + +#- name: Enable services (all OS's) +# service: +# name: "{{ item.name }}" +# enabled: yes +# state: restarted +# with_items: +## - { name: mongodb } # 2018-07-14: NICE TRY, but still doesn't bring http://box:8089 to life reliably, as a reboot usually does! (Is a "systemctl daemon-reload" or some such nec?) +# - { name: sugarizer } +# when: sugarizer_enabled | bool + +#- name: Disable service (all OS's) +# service: +# name: sugarizer +# enabled: no +# state: stopped +# when: not sugarizer_enabled + +- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/sugarizer (not just http://box:{{ sugarizer_port }}) + systemd: + name: "{{ apache_service }}" # httpd or apache2 + state: restarted + when: sugarizer_enabled | bool and not nginx_enabled | bool + +- name: Restart nginx when enabled + systemd: + name: nginx + state: restarted + daemon_reload: yes + when: sugarizer_enabled and nginx_enabled + +- name: Add 'sugarizer' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: sugarizer + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Sugarizer + - option: description + value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."' + - option: sugarizer_enabled + value: "{{ sugarizer_enabled }}" diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index b4263638d..43816dd29 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -221,89 +221,7 @@ # # Use this instead, if tabs are truly nec: # # block: "\tvar pathPrefix = '/sugarizer';\n\tapp.use(pathPrefix, require('path-prefix-proxy')(pathPrefix));" -- name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URLs http://box/sugar & http://box/sugarizer (if sugarizer_enabled) - file: - src: /etc/apache2/sites-available/sugarizer.conf - path: /etc/apache2/sites-enabled/sugarizer.conf - state: link - when: sugarizer_enabled | bool and not nginx_enabled | bool - -- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf (if not sugarizer_enabled) - file: - path: /etc/apache2/sites-enabled/sugarizer.conf - state: absent - when: not sugarizer_enabled | bool or nginx_enabled | bool - -- name: "Install sugarizer-nginx.conf (nginx)" - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - owner: root - group: root - with_items: - - { src: 'sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf' , mode: '0644' } - when: nginx_enabled | bool - -# 6. RESTART/STOP SYSTEMD SERVICE - -# with "systemctl daemon-reload" in case mongodb.service changed, etc -- name: Enable & Restart 'sugarizer' systemd service (if sugarizer_enabled) - systemd: - name: sugarizer - daemon_reload: yes - enabled: yes - state: restarted - when: sugarizer_enabled | bool - -- name: Disable & Stop 'sugarizer' systemd service (if not sugarizer_enabled) - systemd: - name: sugarizer - daemon_reload: yes - enabled: no - state: stopped - when: not sugarizer_enabled - -- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/sugarizer (not just http://box:{{ sugarizer_port }}) - systemd: - name: "{{ apache_service }}" # httpd or apache2 - state: restarted - when: sugarizer_enabled | bool and not nginx_enabled | bool - -#- name: Enable services (all OS's) -# service: -# name: "{{ item.name }}" -# enabled: yes -# state: restarted -# with_items: -## - { name: mongodb } # 2018-07-14: NICE TRY, but still doesn't bring http://box:8089 to life reliably, as a reboot usually does! (Is a "systemctl daemon-reload" or some such nec?) -# - { name: sugarizer } -# when: sugarizer_enabled | bool - -#- name: Disable service (all OS's) -# service: -# name: sugarizer -# enabled: no -# state: stopped -# when: not sugarizer_enabled - -- name: Restart nginx when enabled - systemd: - name: nginx - state: restarted - daemon_reload: yes - when: sugarizer_enabled and nginx_enabled - -- name: Add 'sugarizer' variable values to {{ iiab_ini_file }} +- name: Add 'sugarizer_installed' variable values to {{ iiab_installed }} ini_file: - path: "{{ iiab_ini_file }}" - section: sugarizer - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Sugarizer - - option: description - value: '"The Sugar Learning Platform began with the famous One Laptop Per Child project, written in Python. Sugarizer is the new HTML/JavaScript implementation of Sugar, usable in most all browsers."' - - option: sugarizer_enabled - value: "{{ sugarizer_enabled }}" + path: "{{ iiab_installed }}" + value: sugarizer_installed diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 80ae4e837..d11b83afd 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -1,3 +1,7 @@ - name: Install 'sugarizer' if sugarizer_install and not Debian 10+ include_tasks: install.yml - when: sugarizer_install and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) + when: not sugarizer_installed is defined and sugarizer_install | bool and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) + +- name: Enable 'sugarizer' if sugarizer_enabled + include_tasks: enable.yml + when: sugarizer_install | bool or sugarizer_installed is defined From 63f47bb0710985d0fa8f7ceae7e409565cb7be81 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 5 Sep 2019 00:45:31 -0500 Subject: [PATCH 033/148] moodle rework and add iiab_installed --- roles/moodle/tasks/enable.yml | 34 +++++++ roles/moodle/tasks/install.yml | 144 +++++++++++++++++++++++++++ roles/moodle/tasks/main.yml | 174 ++------------------------------- 3 files changed, 184 insertions(+), 168 deletions(-) create mode 100644 roles/moodle/tasks/enable.yml create mode 100644 roles/moodle/tasks/install.yml diff --git a/roles/moodle/tasks/enable.yml b/roles/moodle/tasks/enable.yml new file mode 100644 index 000000000..da499ed58 --- /dev/null +++ b/roles/moodle/tasks/enable.yml @@ -0,0 +1,34 @@ +- name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu) + file: + src: /etc/apache2/sites-available/022-moodle.conf + dest: /etc/apache2/sites-enabled/022-moodle.conf + state: link + when: moodle_enabled and is_debuntu + +- name: Remove symlink 022-moodle.conf, if not moodle_enabled (debuntu) + file: + path: /etc/apache2/sites-enabled/022-moodle.conf + state: absent + when: not moodle_enabled and is_debuntu + +- name: Restart Apache service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" + state: restarted + daemon-reload: yes + +- name: Add 'moodle' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: moodle + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Moodle + - option: description + value: '"Access the Moodle learning management system."' + - option: "moodle_base" + value: "{{ moodle_base }}" + - option: moodle_enabled + value: "{{ moodle_enabled }}" diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml new file mode 100644 index 000000000..8ebfbca5d --- /dev/null +++ b/roles/moodle/tasks/install.yml @@ -0,0 +1,144 @@ +- name: "Install packages: python-psycopg2, php-pgsql (OS's other than debuntu)" + package: + name: + - python-psycopg2 + - php-pgsql + state: present + when: not is_debuntu + +- name: Install 4 php packages (debuntu) + package: + name: + - php{{ php_version }}-pgsql + - php{{ php_version }}-curl + #- php{{ php_version }}-zip + - php{{ php_version }}-gd + #- php{{ php_version }}-mbstring + # mbstring is now included in php-cli + - php{{ php_version }}-cli + state: present + when: is_debuntu | bool + +- name: "Install package: php{{ php_version }}-zip (ubuntu or debian-9+)" + package: + name: "php{{ php_version }}-zip" + when: is_ubuntu or (is_debian and not is_debian_8) + +- name: "Install package: php-pclzip (debian-8)" + package: + name: php-pclzip + when: is_debian_8 | bool + +- name: Determine if Moodle is already downloaded + stat: + path: "{{ moodle_base }}/config-dist.php" + register: moodle + +- name: Download the latest Moodle repo + git: + repo: "{{ moodle_repo_url }}" + dest: "{{ moodle_base }}" + depth: 1 + force: yes + version: "MOODLE_{{ moodle_version }}_STABLE" + #version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/ + #ignore_errors: yes + when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists + +- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?) + file: + path: "{{ moodle_base }}" + owner: "{{ apache_user }}" + recurse: yes + state: directory + +- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} with write permission 0755 + file: + path: "{{ content_base }}/dbdata/moodle" + owner: "{{ apache_user }}" + mode: 0755 + state: directory + +- name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770 # /library/moodle + file: + path: "{{ moodle_data }}" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: 0770 + state: directory + +- name: Remove Apache's stock moodle.conf + file: + path: "/etc/{{ apache_config_dir }}/moodle.conf" + state: absent + +- name: Install Apache's 022-moodle.conf from template, if moodle_enabled + template: + src: 022-moodle.j2 + dest: "/etc/{{ apache_config_dir }}/022-moodle.conf" + owner: root + group: root + mode: 0644 + +- name: Restart postgresql-iiab + service: + name: postgresql-iiab + state: restarted + +- name: Create PostgreSQL db user Admin/changeme + postgresql_user: + name: Admin + password: changeme + encrypted: yes # Required by PostgreSQL 10+ e.g. Ubuntu 18.04's PostgreSQL 10.3+, see https://github.com/iiab/iiab/issues/759 + role_attr_flags: NOSUPERUSER,NOCREATEROLE,NOCREATEDB + state: present + become: yes + become_user: postgres + +- name: 'Create database: {{ moodle_database_name }}' + postgresql_db: + name: "{{ moodle_database_name }}" + encoding: utf8 + owner: Admin + template: template1 + state: present + become: yes + become_user: postgres + +- name: Install {{ moodle_base }}/moodle_installer from template + template: + src: moodle_installer + dest: "{{ moodle_base }}" + mode: 0755 + +- name: Enable & Restart postgresql-iiab + service: + name: postgresql-iiab + state: restarted + enabled: yes + when: moodle_enabled | bool + +- name: Restart Apache service ({{ apache_service }}) + service: + name: "{{ apache_service }}" + state: restarted + +- name: Does {{ moodle_base }}/config.php exist? + stat: + path: "{{ moodle_base }}/config.php" + register: config + +- name: Execute {{ moodle_base }}/moodle_installer + shell: "{{ moodle_base }}/moodle_installer" + when: config.stat.exists is defined and not config.stat.exists + +- name: Give read permission 0644 to {{ moodle_base }}/config.php # /opt/iiab/moodle/config.php + #command: chown -R {{ apache_user }} {{ moodle_base }} + file: + path: "{{ moodle_base }}/config.php" + mode: 0644 + +- name: Add 'moodle_installed' variable values to {{ iiab_installed }} + ini_file: + path: "{{ iiab_installed }}" + value: moodle_installed diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 5495f230b..41d4d0c6d 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -1,169 +1,7 @@ -- name: "Install packages: python-psycopg2, php-pgsql (OS's other than debuntu)" - package: - name: - - python-psycopg2 - - php-pgsql - state: present - when: not is_debuntu +- name: "Install Moodle" + include_tasks: install.yml + when: moodle_install | bool and not moodle_installed is defined -- name: Install 4 php packages (debuntu) - package: - name: - - php{{ php_version }}-pgsql - - php{{ php_version }}-curl - #- php{{ php_version }}-zip - - php{{ php_version }}-gd - #- php{{ php_version }}-mbstring - # mbstring is now included in php-cli - - php{{ php_version }}-cli - state: present - when: is_debuntu | bool - -- name: "Install package: php{{ php_version }}-zip (ubuntu or debian-9+)" - package: - name: "php{{ php_version }}-zip" - when: is_ubuntu or (is_debian and not is_debian_8) - -- name: "Install package: php-pclzip (debian-8)" - package: - name: php-pclzip - when: is_debian_8 | bool - -- name: Determine if Moodle is already downloaded - stat: - path: "{{ moodle_base }}/config-dist.php" - register: moodle - -- name: Download the latest Moodle repo - git: - repo: "{{ moodle_repo_url }}" - dest: "{{ moodle_base }}" - depth: 1 - force: yes - version: "MOODLE_{{ moodle_version }}_STABLE" - #version: master # TEMPORARY DURING MAY 2018 TESTING, installed 3.5beta+ = https://download.moodle.org/releases/development/ - #ignore_errors: yes - when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists - -- name: Create dir {{ moodle_base }} owned by {{ apache_user }} (for config file?) - file: - path: "{{ moodle_base }}" - owner: "{{ apache_user }}" - recurse: yes - state: directory - -- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} with write permission 0755 - file: - path: "{{ content_base }}/dbdata/moodle" - owner: "{{ apache_user }}" - mode: 0755 - state: directory - -- name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770 # /library/moodle - file: - path: "{{ moodle_data }}" - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: 0770 - state: directory - -- name: Remove Apache's stock moodle.conf - file: - path: "/etc/{{ apache_config_dir }}/moodle.conf" - state: absent - -- name: Install Apache's 022-moodle.conf from template, if moodle_enabled - template: - src: 022-moodle.j2 - dest: "/etc/{{ apache_config_dir }}/022-moodle.conf" - owner: root - group: root - mode: 0644 - when: moodle_enabled | bool - -- name: Create symlink 022-moodle.conf from sites-enabled to sites-available, if moodle_enabled (debuntu) - file: - src: /etc/apache2/sites-available/022-moodle.conf - dest: /etc/apache2/sites-enabled/022-moodle.conf - state: link - when: moodle_enabled and is_debuntu - -- name: Remove symlink 022-moodle.conf, if not moodle_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/022-moodle.conf - state: absent - when: not moodle_enabled and is_debuntu - -- name: Restart postgresql-iiab - service: - name: postgresql-iiab - state: restarted - -- name: Create PostgreSQL db user Admin/changeme - postgresql_user: - name: Admin - password: changeme - encrypted: yes # Required by PostgreSQL 10+ e.g. Ubuntu 18.04's PostgreSQL 10.3+, see https://github.com/iiab/iiab/issues/759 - role_attr_flags: NOSUPERUSER,NOCREATEROLE,NOCREATEDB - state: present - become: yes - become_user: postgres - -- name: 'Create database: {{ moodle_database_name }}' - postgresql_db: - name: "{{ moodle_database_name }}" - encoding: utf8 - owner: Admin - template: template1 - state: present - become: yes - become_user: postgres - -- name: Install {{ moodle_base }}/moodle_installer from template - template: - src: moodle_installer - dest: "{{ moodle_base }}" - mode: 0755 - -- name: Enable & Restart postgresql-iiab - service: - name: postgresql-iiab - state: restarted - enabled: yes - when: moodle_enabled | bool - -- name: Restart Apache service ({{ apache_service }}) - service: - name: "{{ apache_service }}" - state: restarted - -- name: Does {{ moodle_base }}/config.php exist? - stat: - path: "{{ moodle_base }}/config.php" - register: config - -- name: Execute {{ moodle_base }}/moodle_installer - shell: "{{ moodle_base }}/moodle_installer" - when: config.stat.exists is defined and not config.stat.exists - -- name: Give read permission 0644 to {{ moodle_base }}/config.php # /opt/iiab/moodle/config.php - #command: chown -R {{ apache_user }} {{ moodle_base }} - file: - path: "{{ moodle_base }}/config.php" - mode: 0644 - -- name: Add 'moodle' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: moodle - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Moodle - - option: description - value: '"Access the Moodle learning management system."' - - option: "moodle_base" - value: "{{ moodle_base }}" - - option: moodle_enabled - value: "{{ moodle_enabled }}" +- name: Enable Moodle + include_tasks: enable.yml + when: moodle_install | bool or moodle_installed is defined From 8c13940a991211d947de744e1cbf06cee6036abe Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 1 Sep 2019 03:11:01 -0500 Subject: [PATCH 034/148] elgg rework and add iiab_installed --- roles/elgg/tasks/enable.yml | 39 ++++++++ roles/elgg/tasks/install.yml | 94 +++++++++++++++++++ roles/elgg/tasks/main.yml | 172 ++--------------------------------- roles/elgg/tasks/prov-db.yml | 36 ++++++++ 4 files changed, 178 insertions(+), 163 deletions(-) create mode 100644 roles/elgg/tasks/enable.yml create mode 100644 roles/elgg/tasks/install.yml create mode 100644 roles/elgg/tasks/prov-db.yml diff --git a/roles/elgg/tasks/enable.yml b/roles/elgg/tasks/enable.yml new file mode 100644 index 000000000..19d029530 --- /dev/null +++ b/roles/elgg/tasks/enable.yml @@ -0,0 +1,39 @@ +- name: Create symlink elgg.conf from sites-enabled to sites-available (debuntu, not nec for redhat) + file: + src: /etc/apache2/sites-available/elgg.conf + path: /etc/apache2/sites-enabled/elgg.conf + state: link + when: elgg_enabled and is_debuntu + +- name: Remove symlink /etc/apache2/sites-enabled/elgg.conf (debuntu) + file: + path: /etc/apache2/sites-enabled/elgg.conf + state: absent + when: not elgg_enabled and is_debuntu + +- name: Remove Apache's elgg.conf (redhat) + file: + dest: "/etc/{{ apache_config_dir }}/elgg.conf" + state: absent + when: not elgg_enabled and is_redhat + +- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/elgg + service: + name: "{{ apache_service }}" + state: restarted + +- name: Add 'elgg' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: elgg + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Elgg + - option: description + value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."' + - option: path + value: /opt/elgg + - option: elgg_enabled + value: "{{ elgg_enabled }}" diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml new file mode 100644 index 000000000..43495919b --- /dev/null +++ b/roles/elgg/tasks/install.yml @@ -0,0 +1,94 @@ +# Assume we only get here if elgg_install: True +# Assume MySQL is running + +- name: Download {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip to {{ downloads_dir }} + #shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }} + #args: + # creates: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip" + get_url: + url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip" + dest: "{{ downloads_dir }}" + timeout: "{{ download_timeout }}" + when: internet_available | bool + +- name: Check for existence of /opt/elgg-{{ elgg_version }}/index.php + stat: + path: "/opt/elgg-{{ elgg_version }}/index.php" + register: elgg + +- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist + #shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt" + unarchive: + #remote_src: yes + #src: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip" + src: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip" + dest: /opt + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + when: elgg.stat.exists is defined and not elgg.stat.exists + +- name: Create softlink from /opt/elgg to /opt/elgg-{{ elgg_version }} + file: + src: "./elgg-{{ elgg_version }}" + path: /opt/elgg + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + state: link + force: yes + +- name: 'Install /opt/elgg/elgg-config/settings.php from template (WARNING: overwrites manual settings!)' + template: + src: "settings.php.j2" + dest: "/opt/{{ elgg_xx }}/elgg-config/settings.php" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + +# The name of this file changed from 1.9 to 1.10. +- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree + copy: + src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist" + dest: "/opt/{{ elgg_xx }}/.htaccess" + mode: 0644 + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + +#regexp='^#RewriteBase' +- name: Change .htaccess to include RewriteBase for http://box/elgg + lineinfile: + backup: no + path: "/opt/{{ elgg_xx }}/.htaccess" + state: present + insertafter: '^#RewriteBase' + line: "RewriteBase {{ elgg_url }}/" + +- name: Set /opt/elgg/engine directory permissions to 0755 so Apache can write there + file: + path: /opt/elgg/engine/ + owner: "{{ apache_user }}" + mode: 0755 + state: directory + +- name: Change /opt/elgg-{{ elgg_version }} ownership to {{ apache_user }}:{{ apache_user }} (likely not nec, as unarchive & all do this above) + file: + path: "/opt/elgg-{{ elgg_version }}" + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + recurse: yes + state: directory + +- name: Create upload directory {{ elgg_upload_path }} that Apache (and Elgg) can write to + file: + path: "{{ elgg_upload_path }}" + state: directory + owner: "{{ apache_user }}" + +- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box/elgg + template: + src: elgg.conf + dest: "/etc/{{ apache_config_dir }}/elgg.conf" + +- name: Add 'elgg_installed' variable values to {{ iiab_installed }} + ini_file: + path: "{{ iiab_installed }}" + value: elgg_installed + diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 6461ebca1..ed859cb07 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -1,165 +1,11 @@ -# Assume we only get here if elgg_install: True -# Assume MySQL is running +- name: Install Elgg + include_tasks: install.yml + when: elgg_install and not elgg_installed is defined -- name: Download {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip to {{ downloads_dir }} - #shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }} - #args: - # creates: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip" - get_url: - url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip" - dest: "{{ downloads_dir }}" - timeout: "{{ download_timeout }}" - when: internet_available | bool +- name: Provision DB + include_tasks: prov-db.yml + when: elgg_install and not installing -- name: Check for existence of /opt/elgg-{{ elgg_version }}/index.php - stat: - path: "/opt/elgg-{{ elgg_version }}/index.php" - register: elgg - -- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist - #shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt" - unarchive: - #remote_src: yes - #src: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip" - src: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip" - dest: /opt - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - when: elgg.stat.exists is defined and not elgg.stat.exists - -- name: Create softlink from /opt/elgg to /opt/elgg-{{ elgg_version }} - file: - src: "./elgg-{{ elgg_version }}" - path: /opt/elgg - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - state: link - force: yes - -- name: 'Install /opt/elgg/elgg-config/settings.php from template (WARNING: overwrites manual settings!)' - template: - src: "settings.php.j2" - dest: "/opt/{{ elgg_xx }}/elgg-config/settings.php" - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - -# The name of this file changed from 1.9 to 1.10. -- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree - copy: - src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist" - dest: "/opt/{{ elgg_xx }}/.htaccess" - mode: 0644 - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - -#regexp='^#RewriteBase' -- name: Change .htaccess to include RewriteBase for http://box/elgg - lineinfile: - backup: no - path: "/opt/{{ elgg_xx }}/.htaccess" - state: present - insertafter: '^#RewriteBase' - line: "RewriteBase {{ elgg_url }}/" - -- name: Set /opt/elgg/engine directory permissions to 0755 so Apache can write there - file: - path: /opt/elgg/engine/ - owner: "{{ apache_user }}" - mode: 0755 - state: directory - -- name: Change /opt/elgg-{{ elgg_version }} ownership to {{ apache_user }}:{{ apache_user }} (likely not nec, as unarchive & all do this above) - file: - path: "/opt/elgg-{{ elgg_version }}" - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - recurse: yes - state: directory - -- name: Create upload directory {{ elgg_upload_path }} that Apache (and Elgg) can write to - file: - path: "{{ elgg_upload_path }}" - state: directory - owner: "{{ apache_user }}" - -- name: Create Elgg's MySQL database {{ dbname }}, to be populated below - can be run more than once - mysql_db: - name: "{{ dbname }}" - register: create_elgg_database - -- name: Create user/password to access Elgg database - can be run more than once - mysql_user: - name: "{{ dbuser }}" - host: "{{ item }}" - password: "{{ dbpassword }}" - priv: "{{ dbname }}.*:ALL" - with_items: - - 127.0.0.1 - - ::1 - - localhost - -- name: Create /tmp/elggdb.sql from template, to load database - template: - src: "elggdb.sql.j2" - dest: "/tmp/elggdb.sql" - -# elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql -# tar up a mysqldump of freshly installed database and use it in the install to avoid the startup -# form, which worries me a lot. (/var/lib/mysql/elggdb) - -- name: Populate Elgg's MySQL database {{ dbname }}, from /tmp/elggdb.sql - mysql_db: - name: "{{ dbname }}" - state: import - target: /tmp/elggdb.sql - when: create_elgg_database.changed - -- name: Remove database dump /tmp/elggdb.sql - file: - name: /tmp/elggdb.sql - state: absent - -- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box/elgg - template: - src: elgg.conf - dest: "/etc/{{ apache_config_dir }}/elgg.conf" - -- name: Create symlink elgg.conf from sites-enabled to sites-available (debuntu, not nec for redhat) - file: - src: /etc/apache2/sites-available/elgg.conf - path: /etc/apache2/sites-enabled/elgg.conf - state: link - when: elgg_enabled and is_debuntu - -- name: Remove symlink /etc/apache2/sites-enabled/elgg.conf (debuntu) - file: - path: /etc/apache2/sites-enabled/elgg.conf - state: absent - when: not elgg_enabled and is_debuntu - -- name: Remove Apache's elgg.conf (redhat) - file: - dest: "/etc/{{ apache_config_dir }}/elgg.conf" - state: absent - when: not elgg_enabled and is_redhat - -- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/elgg - service: - name: "{{ apache_service }}" - state: restarted - -- name: Add 'elgg' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: elgg - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Elgg - - option: description - value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."' - - option: path - value: /opt/elgg - - option: elgg_enabled - value: "{{ elgg_enabled }}" +- name: Enable Elgg + include_tasks: enable.yml + when: elgg_install or elgg_installed is defined diff --git a/roles/elgg/tasks/prov-db.yml b/roles/elgg/tasks/prov-db.yml new file mode 100644 index 000000000..66ded083f --- /dev/null +++ b/roles/elgg/tasks/prov-db.yml @@ -0,0 +1,36 @@ +- name: Create Elgg's MySQL database {{ dbname }}, to be populated below - can be run more than once + mysql_db: + name: "{{ dbname }}" + register: create_elgg_database + +- name: Create user/password to access Elgg database - can be run more than once + mysql_user: + name: "{{ dbuser }}" + host: "{{ item }}" + password: "{{ dbpassword }}" + priv: "{{ dbname }}.*:ALL" + with_items: + - 127.0.0.1 + - ::1 + - localhost + +- name: Create /tmp/elggdb.sql from template, to load database + template: + src: "elggdb.sql.j2" + dest: "/tmp/elggdb.sql" + +# elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql +# tar up a mysqldump of freshly installed database and use it in the install to avoid the startup +# form, which worries me a lot. (/var/lib/mysql/elggdb) + +- name: Populate Elgg's MySQL database {{ dbname }}, from /tmp/elggdb.sql + mysql_db: + name: "{{ dbname }}" + state: import + target: /tmp/elggdb.sql + when: create_elgg_database.changed + +- name: Remove database dump /tmp/elggdb.sql + file: + name: /tmp/elggdb.sql + state: absent From 2180a6655f16cac57f9dfebd2f20c17194d92cc8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 1 Sep 2019 02:17:02 -0500 Subject: [PATCH 035/148] wordpress db setup and installed tracker --- roles/wordpress/tasks/enable.yml | 43 +++++++++++++++++++++ roles/wordpress/tasks/install.yml | 62 ++----------------------------- roles/wordpress/tasks/main.yml | 12 +++++- roles/wordpress/tasks/prov-db.yml | 16 ++++++++ 4 files changed, 72 insertions(+), 61 deletions(-) create mode 100644 roles/wordpress/tasks/enable.yml create mode 100644 roles/wordpress/tasks/prov-db.yml diff --git a/roles/wordpress/tasks/enable.yml b/roles/wordpress/tasks/enable.yml new file mode 100644 index 000000000..3796a367b --- /dev/null +++ b/roles/wordpress/tasks/enable.yml @@ -0,0 +1,43 @@ +- name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu) + file: + src: /etc/apache2/sites-available/wordpress.conf + path: /etc/apache2/sites-enabled/wordpress.conf + state: link + when: wordpress_enabled and is_debuntu + +- name: Remove /etc/apache2/sites-enabled/wordpress.conf if not wordpress_enabled (debuntu) + file: + path: /etc/apache2/sites-enabled/wordpress.conf + state: absent + when: not wordpress_enabled and is_debuntu + +- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box{{ wp_url }} + systemd: + name: "{{ apache_service }}" + state: restarted + +- name: Add 'wordpress' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: wordpress + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: WordPress + - option: description + value: '"WordPress is a blog and web site management application."' + - option: wordpress_src + value: "{{ wordpress_src }}" + - option: wp_abs_path + value: "{{ wp_abs_path }}" + - option: wp_db_name + value: "{{ wp_db_name }}" + - option: wp_db_user + value: "{{ wp_db_user }}" + - option: wp_url + value: "{{ wp_url }}" + - option: wp_full_url + value: "{{ wp_full_url }}" + - option: wordpress_enabled + value: "{{ wordpress_enabled }}" diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 8da708789..aaf34ea8a 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -87,23 +87,6 @@ path: /tmp/get-iiab-wp-salts state: absent -- name: Start MySQL systemd service - service: - state: started - name: "{{ mysql_service }}" - -- name: 'Create MySQL wordpress database: {{ wp_db_name }}' - mysql_db: - name: "{{ wp_db_name }}" - state: present - -- name: Create MySQL wordpress database user - mysql_user: - name: "{{ wp_db_user }}" - password: "{{ wp_db_user_password }}" - priv: "{{ wp_db_name }}.*:ALL,GRANT" - state: present - - name: Install {{ wp_abs_path }}/wp-config.php template: src: wp-config.php.j2 @@ -118,46 +101,7 @@ dest: "/etc/{{ apache_config_dir }}/wordpress.conf" when: apache_enabled -- name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu) - file: - src: /etc/apache2/sites-available/wordpress.conf - path: /etc/apache2/sites-enabled/wordpress.conf - state: link - when: wordpress_enabled and is_debuntu - -- name: Remove /etc/apache2/sites-enabled/wordpress.conf if not wordpress_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/wordpress.conf - state: absent - when: not wordpress_enabled and is_debuntu - -- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box{{ wp_url }} - systemd: - name: "{{ apache_service }}" - state: restarted - -- name: Add 'wordpress' variable values to {{ iiab_ini_file }} +- name: Add 'wordpress_installed' variable values to {{ iiab_installed }} ini_file: - path: "{{ iiab_ini_file }}" - section: wordpress - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: WordPress - - option: description - value: '"WordPress is a blog and web site management application."' - - option: wordpress_src - value: "{{ wordpress_src }}" - - option: wp_abs_path - value: "{{ wp_abs_path }}" - - option: wp_db_name - value: "{{ wp_db_name }}" - - option: wp_db_user - value: "{{ wp_db_user }}" - - option: wp_url - value: "{{ wp_url }}" - - option: wp_full_url - value: "{{ wp_full_url }}" - - option: wordpress_enabled - value: "{{ wordpress_enabled }}" + path: "{{ iiab_installed }}" + value: wordpress_installed diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 5ff00bb3a..3b8151efe 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -1,5 +1,13 @@ # SEE "emergency" REINSTALL INSTRUCTIONS IN roles/wordpress/tasks/install.yml -- name: Install WordPress if wordpress_install +- name: Provision MySql DB for WordPress + include_tasks: prov-db.yml + when: wordpress_install | bool and not installing | bool + +- name: Install WordPress if wordpress_installed is absent include_tasks: install.yml - when: wordpress_install | bool + when: wordpress_install and not wordpress_installed is defined + +- name: Enable WordPress + include_tasks: enable.yml + when: wordpress_install or wordpress_installed is defined diff --git a/roles/wordpress/tasks/prov-db.yml b/roles/wordpress/tasks/prov-db.yml new file mode 100644 index 000000000..1f0c8a5a9 --- /dev/null +++ b/roles/wordpress/tasks/prov-db.yml @@ -0,0 +1,16 @@ +- name: Start MySQL systemd service + systemd: + state: started + name: "{{ mysql_service }}" + +- name: 'Create MySQL wordpress database: {{ wp_db_name }}' + mysql_db: + name: "{{ wp_db_name }}" + state: present + +- name: Create MySQL wordpress database user + mysql_user: + name: "{{ wp_db_user }}" + password: "{{ wp_db_user_password }}" + priv: "{{ wp_db_name }}.*:ALL,GRANT" + state: present From 5e7fdfe87b15f31702a052afbfda6f7a05d2d2f0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 1 Sep 2019 02:58:04 -0500 Subject: [PATCH 036/148] nextcloud add iiab_installed and tweeks --- roles/nextcloud/tasks/enable_or_disable.yml | 110 +++++--------------- roles/nextcloud/tasks/install.yml | 58 ++--------- roles/nextcloud/tasks/main.yml | 12 ++- roles/nextcloud/tasks/prov-db.yml | 84 +++++++++++++++ 4 files changed, 128 insertions(+), 136 deletions(-) create mode 100644 roles/nextcloud/tasks/prov-db.yml diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml index ff753abf9..03e477080 100644 --- a/roles/nextcloud/tasks/enable_or_disable.yml +++ b/roles/nextcloud/tasks/enable_or_disable.yml @@ -1,18 +1,8 @@ # This should go in computed_network.yml, but here for now -# 2019-09-04: THE NEXT 4 LINES ARE UNUSED (due to changes in roles/nextcloud/templates/nextcloud.conf.j2) -- name: Compute Nextcloud listen ip addr for nextcloud.conf - set_fact: - nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}" - when: ansible_default_ipv4.network is defined - -- name: Install Apache's nextcloud.conf from template, for http://box/nextcloud - template: - src: nextcloud.conf.j2 - dest: "/etc/{{ apache_config_dir }}/nextcloud.conf" - owner: root - group: root - mode: 0644 - when: nextcloud_enabled | bool +#- name: Compute Nextcloud listen ip addr for nextcloud.conf +# set_fact: +# nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}" +# when: ansible_default_ipv4.network is defined - name: Create symlink nextcloud.conf from sites-enabled to sites-available for http://box/nextcloud (debuntu) file: @@ -34,75 +24,29 @@ when: not nextcloud_enabled and is_redhat - name: Restart Apache, enabling/disabling http://box/nextcloud - service: + systemd: name: "{{ apache_service }}" + daemon-reload: yes state: restarted -# the install wizard does not succeed if already installed -- name: Determine if Nextcloud is installed - shell: > - php {{ nextcloud_prefix }}/nextcloud/occ status | - gawk '/installed:/ { print $3 }' - become: yes - become_user: "{{ apache_user }}" - register: returned - -- name: Run Nextcloud initial install wizard - shell: > - cd {{ nextcloud_prefix }}/nextcloud; - php occ maintenance:install - --database "mysql" - --database-name "{{ nextcloud_dbname }}" - --database-user "{{ nextcloud_dbuser }}" - --database-pass "{{ nextcloud_dbpassword }}" - --admin-user "{{ nextcloud_admin_user }}" - --admin-pass "{{ nextcloud_admin_password }}" - become: yes - become_user: "{{ apache_user }}" - when: nextcloud_enabled and returned.stdout == "false" - -- name: Allow access from all hosts and ips - command: php {{ nextcloud_prefix }}/nextcloud/occ config:system:set trusted_domains 1 --value=* - become: yes - become_user: "{{ apache_user }}" - when: nextcloud_enabled and returned.stdout == "false" - -# Code below was NEVER RUNNING as of 2018-10-29, as "wc | cut -d' ' -f1" ALWAYS -# returns null (rather than the intended returned_count !) This line could -# be replaced by ALTERNATIVE 1 or ALTERNATIVE 2 below IF it truly needs fixing. -# -# Or perhaps default user/password nextcloud/nextcloudmysql (from variables -# nextcloud_user/nextcloud_user_password) is just not needed in the end... -# -# NOTE: COMMENTS (FOLLOWING '#' SIGN) WITHIN A SHELL COMMAND CAUSE IT TO *FAIL* -# -#- name: Determine if Nextcloud user exists already -# shell: > -# php {{ nextcloud_prefix }}/nextcloud/occ user:list | -# grep {{ nextcloud_user }} | wc | cut -d' ' -f1 # USELESS -# #grep {{ nextcloud_user }} | wc -l # ALTERNATIVE 1 -# #grep {{ nextcloud_user }} | wc | awk '{print $1}' # ALTERNATIVE 2 -# become: yes -# become_user: "{{ apache_user }}" -# register: returned_count -# -# debug: -# var: returned_count -# -## nextcloud wants to make users rather than just mysql users and not done -#- name: Create the default user -# shell: > -# OC_PASS={{ nextcloud_user_password }}; -# php {{ nextcloud_prefix }}/nextcloud/occ user:add -# --password-from-env --display-name={{ nextcloud_user }} -# --group="users" {{ nextcloud_user }} -# become: yes -# become_user: "{{ apache_user }}" -# when: nextcloud_enabled and returned_count == "0" - -# 2019-09-04: NEXT 5 LINES APPEAR INEFFECTIVE DURING 1ST INSTALL? (possibly "overwrite.cli.url" appears later, when Nextcloud's web install completes using http://box/nextcloud ?) -- name: Try to remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php - lineinfile: - regexp: "overwrite.cli.url" - state: absent - path: "{{ nextcloud_prefix }}/nextcloud/config/config.php" +- name: Add 'nextcloud' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: Nextcloud + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Nextcloud + - option: description + value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' + - option: path + value: "{{ nextcloud_prefix }}/nextcloud" + #- option: nextcloud_force_install + # value: "{{ nextcloud_force_install }}" + - option: nextcloud_orig_src_file + value: "{{ nextcloud_orig_src_file }}" + - option: nextcloud_src_file + value: "{{ nextcloud_src_file }}" + - option: nextcloud_enabled + value: "{{ nextcloud_enabled }}" diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index ed2b3ac51..1cbc18a78 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -174,53 +174,15 @@ mode: 0750 state: directory -- name: 'Create MySQL database with name: {{ nextcloud_dbname }}' - mysql_db: - name: "{{ nextcloud_dbname }}" - when: mysql_enabled and nextcloud_enabled +- name: Install Apache's nextcloud.conf from template, for http://box/nextcloud + template: + src: nextcloud.conf.j2 + dest: "/etc/{{ apache_config_dir }}/nextcloud.conf" + owner: root + group: root + mode: 0644 -- name: Add username/password to the MySQL database (associated with trusted IP's like localhost) - mysql_user: - name: "{{ nextcloud_dbuser }}" - host: "{{ item }}" - password: "{{ nextcloud_dbpassword }}" - priv: "{{ nextcloud_dbname }}.*:ALL,GRANT" - with_items: - - "{{ nextcloud_dbhost }}" - - 127.0.0.1 - - ::1 - - localhost - when: mysql_enabled and nextcloud_enabled - -# Appears unnec as nextcloud_enabled.yml (just below) does the same -#- name: Restart Apache -# service: -# name: "{{ apache_service }}" -# state: restarted -## when: nextcloud_enabled | bool # taken care of by nextcloud_enabled.yml below -# when: not nextcloud_enabled - -# Enables or disable Nextcloud! -- include_tasks: enable_or_disable.yml - -- name: Add 'nextcloud' variable values to {{ iiab_ini_file }} +- name: Add 'nextcloud_installed' variable values to {{ iiab_installed }} ini_file: - path: "{{ iiab_ini_file }}" - section: Nextcloud - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Nextcloud - - option: description - value: '"NextCloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' - - option: path - value: "{{ nextcloud_prefix }}/nextcloud" - #- option: nextcloud_force_install - # value: "{{ nextcloud_force_install }}" - - option: nextcloud_orig_src_file - value: "{{ nextcloud_orig_src_file }}" - - option: nextcloud_src_file - value: "{{ nextcloud_src_file }}" - - option: nextcloud_enabled - value: "{{ nextcloud_enabled }}" + path: "{{ iiab_installed }}" + value: nextcloud_installed diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 13bd12b01..4e66bd0bb 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -7,10 +7,12 @@ #set_fact: # nextcloud_force_install: True include_tasks: install.yml - when: nextcloud_install and not nextcloud_page.stat.exists + when: nextcloud_install and (not nextcloud_installed is defined or not nextcloud_page.stat.exists) -# - debug: -# var: nextcloud_force_install +- name: Provision NextCloud's Mysql DB + include_tasks: prov-db.yml + when: nextcloud_install and not installing -# - debug: -# msg: "nextcloud_force_install: {{ nextcloud_force_install }}" +- name: Enables or disable Nextcloud! + include_tasks: enable_or_disable.yml + when: nextcloud_install or nextcloud_installed is defined diff --git a/roles/nextcloud/tasks/prov-db.yml b/roles/nextcloud/tasks/prov-db.yml new file mode 100644 index 000000000..89366bd3f --- /dev/null +++ b/roles/nextcloud/tasks/prov-db.yml @@ -0,0 +1,84 @@ +- name: 'Create MySQL database with name: {{ nextcloud_dbname }}' + mysql_db: + name: "{{ nextcloud_dbname }}" + +- name: Add username/password to the MySQL database (associated with trusted IP's like localhost) + mysql_user: + name: "{{ nextcloud_dbuser }}" + host: "{{ item }}" + password: "{{ nextcloud_dbpassword }}" + priv: "{{ nextcloud_dbname }}.*:ALL,GRANT" + with_items: + - "{{ nextcloud_dbhost }}" + - 127.0.0.1 + - ::1 + - localhost + +# the install wizard does not succeed if already installed +- name: Determine if Nextcloud is installed + shell: > + php {{ nextcloud_prefix }}/nextcloud/occ status | + gawk '/installed:/ { print $3 }' + become: yes + become_user: "{{ apache_user }}" + register: returned + +- name: Run Nextcloud initial install wizard + shell: > + cd {{ nextcloud_prefix }}/nextcloud; + php occ maintenance:install + --database "mysql" + --database-name "{{ nextcloud_dbname }}" + --database-user "{{ nextcloud_dbuser }}" + --database-pass "{{ nextcloud_dbpassword }}" + --admin-user "{{ nextcloud_admin_user }}" + --admin-pass "{{ nextcloud_admin_password }}" + become: yes + become_user: "{{ apache_user }}" + when: nextcloud_enabled and returned.stdout == "false" + +- name: Allow access from all hosts and ips + command: php {{ nextcloud_prefix }}/nextcloud/occ config:system:set trusted_domains 1 --value=* + become: yes + become_user: "{{ apache_user }}" + when: nextcloud_enabled and returned.stdout == "false" + +# Code below was NEVER RUNNING as of 2018-10-29, as "wc | cut -d' ' -f1" ALWAYS +# returns null (rather than the intended returned_count !) This line could +# be replaced by ALTERNATIVE 1 or ALTERNATIVE 2 below IF it truly needs fixing. +# +# Or perhaps default user/password nextcloud/nextcloudmysql (from variables +# nextcloud_user/nextcloud_user_password) is just not needed in the end... +# +# NOTE: COMMENTS (FOLLOWING '#' SIGN) WITHIN A SHELL COMMAND CAUSE IT TO *FAIL* +# +#- name: Determine if Nextcloud user exists already +# shell: > +# php {{ nextcloud_prefix }}/nextcloud/occ user:list | +# grep {{ nextcloud_user }} | wc | cut -d' ' -f1 # USELESS +# #grep {{ nextcloud_user }} | wc -l # ALTERNATIVE 1 +# #grep {{ nextcloud_user }} | wc | awk '{print $1}' # ALTERNATIVE 2 +# become: yes +# become_user: "{{ apache_user }}" +# register: returned_count +# +# debug: +# var: returned_count +# +## nextcloud wants to make users rather than just mysql users and not done +#- name: Create the default user +# shell: > +# OC_PASS={{ nextcloud_user_password }}; +# php {{ nextcloud_prefix }}/nextcloud/occ user:add +# --password-from-env --display-name={{ nextcloud_user }} +# --group="users" {{ nextcloud_user }} +# become: yes +# become_user: "{{ apache_user }}" +# when: nextcloud_enabled and returned_count == "0" + +# 2019-09-04: NEXT 5 LINES APPEAR INEFFECTIVE DURING 1ST INSTALL? (possibly "overwrite.cli.url" appears later, when Nextcloud's web install completes using http://box/nextcloud ?) +- name: Try to remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php + lineinfile: + regexp: "overwrite.cli.url" + state: absent + path: "{{ nextcloud_prefix }}/nextcloud/config/config.php" From d26d6fa4e0c0423e7c88261ce4ed11abb3e812c0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 5 Sep 2019 05:30:20 -0500 Subject: [PATCH 037/148] awstats split and iiab_installed --- roles/awstats/tasks/enable.yml | 58 +++++++++++++++++++++++++++++++++ roles/awstats/tasks/install.yml | 5 +++ roles/awstats/tasks/main.yml | 20 +++--------- roles/munin/tasks/main.yml | 31 ++++++++++++++++++ 4 files changed, 98 insertions(+), 16 deletions(-) create mode 100644 roles/awstats/tasks/enable.yml diff --git a/roles/awstats/tasks/enable.yml b/roles/awstats/tasks/enable.yml new file mode 100644 index 000000000..9aab8dc8d --- /dev/null +++ b/roles/awstats/tasks/enable.yml @@ -0,0 +1,58 @@ +- name: Create symlink awstats.conf from sites-enabled to sites-available (debuntu) + file: + src: /etc/apache2/sites-available/awstats.conf + path: /etc/apache2/sites-enabled/awstats.conf + state: link + when: awstats_enabled and is_debuntu + +- name: Remove symlink from sites-enabled, to disable AWStats (debuntu) + file: + path: /etc/apache2/sites-enabled/awstats.conf + state: absent + when: not awstats_enabled and is_debuntu + +- name: Restart Apache service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" + state: restarted + +- name: Install /etc/awstats/awstats.schoolserver.conf + template: + src: awstats.schoolserver.conf.j2 + dest: /etc/awstats/awstats.schoolserver.conf + owner: root + group: root + mode: 0644 + when: awstats_enabled | bool + +- name: Create a symlink /etc/awstats/awstats.conf for access by IP address + file: + src: /etc/awstats/awstats.schoolserver.conf + path: /etc/awstats/awstats.conf + state: link + when: awstats_enabled | bool + +- name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu) + shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update + when: awstats_enabled and not is_debuntu + +- name: On first enabling of AWStats, summarize httpd logs up to now (debuntu) + shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update + when: awstats_enabled and is_debuntu + +- name: Add 'awstats' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: awstats + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: AWStats + - option: description + value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' + - option: installed + value: "{{ awstats_install }}" + - option: enabled + value: "{{ awstats_enabled }}" + diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 8f443c00c..bdcea70f8 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -93,3 +93,8 @@ - name: On first enabling of AWStats, summarize httpd logs up to now (debuntu) shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update when: awstats_enabled and is_debuntu + +- name: Add 'awstats_installed' variable values to {{ iiab_installed }} + ini_file: + path: "{{ iiab_installed }}" + value: awstats_installed diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index 26b53df88..b249b6a22 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -1,19 +1,7 @@ - name: Install AWStats if awstats_install include_tasks: install.yml - when: awstats_install | bool + when: awstats_install | bool and not awstats_installed is defined -- name: Add 'awstats' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: awstats - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: AWStats - - option: description - value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' - - option: installed - value: "{{ awstats_install }}" - - option: enabled - value: "{{ awstats_enabled }}" +- name: Enable AWStats + include_tasks: enable.yml + when: awstats_install | bool or awstats_installed is defined diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 86c928419..054d0de78 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -21,6 +21,7 @@ - download when: not is_debuntu +##### nginx only ##### - name: Install /etc/munin/munin.conf and Apache's munin24.conf, from templates template: src: "{{ item.src }}" @@ -68,6 +69,36 @@ - /usr/share/munin/plugins/mysql_threads when: mysql_enabled | bool +- name: Create symlink for awstats.pl from cgi-bin/awstats/awstats.pl to ../ so that the old apache links to awstats will work after change to nginx + file: + src: /usr/lib/cgi-bin/awstats.pl + path: /usr/lib/cgi-bin/awstats/awstats.pl + state: link + +- name: Install /etc/awstats/awstats.schoolserver.conf + template: + src: awstats.schoolserver.conf.j2 + dest: /etc/awstats/awstats.schoolserver.conf + owner: root + group: root + mode: 0644 + when: awstats_enabled | bool + +- name: Create a symlink /etc/awstats/awstats.conf for access by IP address + file: + src: /etc/awstats/awstats.schoolserver.conf + path: /etc/awstats/awstats.conf + state: link + when: awstats_enabled | bool + +- name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu) + shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update + when: awstats_enabled and not is_debuntu + +- name: On first enabling of AWStats, summarize httpd logs up to now (debuntu) + shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update + when: awstats_enabled and is_debuntu + - name: Add 'munin' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" From 42e679a0e88382bf0318c820eaa6aa47e2b1b1ac Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 9 Sep 2019 12:14:13 -0500 Subject: [PATCH 038/148] use lineinfile --- roles/awstats/tasks/enable.yml | 2 +- roles/awstats/tasks/install.yml | 8 +++++--- roles/elgg/tasks/install.yml | 8 +++++--- roles/kalite/tasks/enable.yml | 5 ----- roles/kalite/tasks/setup.yml | 8 +++++--- roles/kiwix/tasks/kiwix_install.yml | 8 +++++--- roles/kolibri/tasks/install.yml | 8 +++++--- roles/moodle/tasks/install.yml | 8 +++++--- roles/moodle/tasks/main.yml | 2 +- roles/nextcloud/tasks/install.yml | 8 +++++--- roles/nextcloud/tasks/prov-db.yml | 2 +- roles/sugarizer/tasks/enable.yml | 2 +- roles/sugarizer/tasks/install.yml | 8 +++++--- roles/wordpress/tasks/install.yml | 8 +++++--- 14 files changed, 49 insertions(+), 36 deletions(-) diff --git a/roles/awstats/tasks/enable.yml b/roles/awstats/tasks/enable.yml index 9aab8dc8d..a99e94c19 100644 --- a/roles/awstats/tasks/enable.yml +++ b/roles/awstats/tasks/enable.yml @@ -10,7 +10,7 @@ path: /etc/apache2/sites-enabled/awstats.conf state: absent when: not awstats_enabled and is_debuntu - + - name: Restart Apache service ({{ apache_service }}) systemd: name: "{{ apache_service }}" diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index bdcea70f8..ca87d8464 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -95,6 +95,8 @@ when: awstats_enabled and is_debuntu - name: Add 'awstats_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: awstats_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^awstats_installed' + line: 'awstats_installed' + state: present diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml index 43495919b..5adaecbb5 100644 --- a/roles/elgg/tasks/install.yml +++ b/roles/elgg/tasks/install.yml @@ -88,7 +88,9 @@ dest: "/etc/{{ apache_config_dir }}/elgg.conf" - name: Add 'elgg_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: elgg_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^elgg_installed' + line: 'elgg_installed' + state: present diff --git a/roles/kalite/tasks/enable.yml b/roles/kalite/tasks/enable.yml index d0416aa24..b179bd601 100644 --- a/roles/kalite/tasks/enable.yml +++ b/roles/kalite/tasks/enable.yml @@ -38,11 +38,6 @@ state: stopped when: not kalite_cron_enabled and is_F18 -- name: Add 'kalite_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: kalite_installed - - name: Add 'kalite' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" diff --git a/roles/kalite/tasks/setup.yml b/roles/kalite/tasks/setup.yml index e1bb54af3..e0da386ae 100644 --- a/roles/kalite/tasks/setup.yml +++ b/roles/kalite/tasks/setup.yml @@ -16,6 +16,8 @@ poll: 10 - name: Add 'kalite_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: kalite_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^kalite_installed' + line: 'kalite_installed' + state: present diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index ef77b68f4..f541a7b69 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -90,6 +90,8 @@ - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'} - name: Add 'kiwix_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: kiwix_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^kiwix_installed' + line: 'kiwix_installed' + state: present diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 5468ea7ed..a9fd119f8 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -113,6 +113,8 @@ # name: proxy_http - name: Add 'kolibri_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: kolibri_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^kolibri_installed' + line: 'kolibri_installed' + state: present diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 8ebfbca5d..6323fdcb7 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -139,6 +139,8 @@ mode: 0644 - name: Add 'moodle_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: moodle_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^moodle_installed' + line: 'moodle_installed' + state: present diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 41d4d0c6d..baadf93c4 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -2,6 +2,6 @@ include_tasks: install.yml when: moodle_install | bool and not moodle_installed is defined -- name: Enable Moodle +- name: Enable Moodle include_tasks: enable.yml when: moodle_install | bool or moodle_installed is defined diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 1cbc18a78..c3ac98b76 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -183,6 +183,8 @@ mode: 0644 - name: Add 'nextcloud_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: nextcloud_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^nextcloud_installed' + line: 'nextcloud_installed' + state: present diff --git a/roles/nextcloud/tasks/prov-db.yml b/roles/nextcloud/tasks/prov-db.yml index 89366bd3f..cc178957a 100644 --- a/roles/nextcloud/tasks/prov-db.yml +++ b/roles/nextcloud/tasks/prov-db.yml @@ -51,7 +51,7 @@ # nextcloud_user/nextcloud_user_password) is just not needed in the end... # # NOTE: COMMENTS (FOLLOWING '#' SIGN) WITHIN A SHELL COMMAND CAUSE IT TO *FAIL* -# +# #- name: Determine if Nextcloud user exists already # shell: > # php {{ nextcloud_prefix }}/nextcloud/occ user:list | diff --git a/roles/sugarizer/tasks/enable.yml b/roles/sugarizer/tasks/enable.yml index f12d187b3..95db3155f 100644 --- a/roles/sugarizer/tasks/enable.yml +++ b/roles/sugarizer/tasks/enable.yml @@ -32,7 +32,7 @@ enabled: yes state: restarted when: sugarizer_enabled | bool - + - name: Disable & Stop 'sugarizer' systemd service (if not sugarizer_enabled) systemd: name: sugarizer diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 43816dd29..64d807659 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -222,6 +222,8 @@ # # block: "\tvar pathPrefix = '/sugarizer';\n\tapp.use(pathPrefix, require('path-prefix-proxy')(pathPrefix));" - name: Add 'sugarizer_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: sugarizer_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^sugarizer_installed' + line: 'sugarizer_installed' + state: present diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index aaf34ea8a..09568ccb4 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -102,6 +102,8 @@ when: apache_enabled - name: Add 'wordpress_installed' variable values to {{ iiab_installed }} - ini_file: - path: "{{ iiab_installed }}" - value: wordpress_installed + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^wordpress_installed' + line: 'wordpress_installed' + state: present From 5c29c0322a825fbf711d6489ca1ed83b949a6db7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 16:50:19 -0500 Subject: [PATCH 039/148] azuracast - iiab_installed --- roles/azuracast/tasks/enable.yml | 0 roles/azuracast/tasks/install.yml | 7 +++++++ roles/azuracast/tasks/main.yml | 7 ++++++- 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 roles/azuracast/tasks/enable.yml diff --git a/roles/azuracast/tasks/enable.yml b/roles/azuracast/tasks/enable.yml new file mode 100644 index 000000000..e69de29bb diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 966ce50ee..388ce8433 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -63,3 +63,10 @@ shell: "/bin/bash docker.sh install" args: chdir: "{{ azuracast_host_dir }}" + +- name: Add 'azuracast_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^azuracast_installed' + line: 'azuracast_installed' + state: present diff --git a/roles/azuracast/tasks/main.yml b/roles/azuracast/tasks/main.yml index 1ace204c8..efa0fe446 100644 --- a/roles/azuracast/tasks/main.yml +++ b/roles/azuracast/tasks/main.yml @@ -1,3 +1,8 @@ - name: Install AzuraCast if azuracast_install include_tasks: install.yml - when: azuracast_install | bool + when: azuracast_install | bool and not azuracast_installed is defined | bool + +# TODO figure out what to turn off for azuracast +#- name: Enable AzuraCast +# include_tasks: enable.yml +# when: azuracast_install | bool or azuracast_installed is defined | bool From 8ac360837a8f2a3a806209552f231964d6288431 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 17:00:27 -0500 Subject: [PATCH 040/148] bluetooth - iiab_installed --- roles/bluetooth/tasks/enable.yml | 73 ++++++++++++++ roles/bluetooth/tasks/install.yml | 63 ++++++++++++ roles/bluetooth/tasks/main.yml | 8 +- roles/bluetooth/tasks/rpi_install.yml | 132 -------------------------- 4 files changed, 141 insertions(+), 135 deletions(-) create mode 100644 roles/bluetooth/tasks/enable.yml create mode 100644 roles/bluetooth/tasks/install.yml delete mode 100644 roles/bluetooth/tasks/rpi_install.yml diff --git a/roles/bluetooth/tasks/enable.yml b/roles/bluetooth/tasks/enable.yml new file mode 100644 index 000000000..9696cdcb3 --- /dev/null +++ b/roles/bluetooth/tasks/enable.yml @@ -0,0 +1,73 @@ +- name: Enable & Restart 'bt-agent' service + systemd: + daemon_reload: yes + name: bluetooth + enabled: yes + state: restarted + +# enable or disable bt-agent +- name: Enable & Restart 'bt-agent' service + systemd: + daemon_reload: yes + name: bt-agent + enabled: yes + state: restarted + when: bluetooth_enabled or bluetooth_term_enabled + +- name: Disable 'bt-agent' service + systemd: + daemon_reload: yes + name: bt-agent + enabled: no + state: stopped + when: not bluetooth_enabled and not bluetooth_term_enabled + +# enable or disable bt-pan +- name: Enable & Restart 'bt-pan' service + systemd: + daemon_reload: yes + name: bt-pan + enabled: yes + state: restarted + when: bluetooth_enabled | bool + +- name: Disable 'bt-pan' service + systemd: + daemon_reload: yes + name: bt-pan + enabled: no + state: stopped + when: not bluetooth_enabled | bool + +# enable or disable bt-term +- name: Enable & Restart 'bt-term' service + systemd: + daemon_reload: yes + name: bt-term + enabled: yes + state: restarted + when: bluetooth_term_enabled | bool + +- name: Disable 'bt-term' service + systemd: + daemon_reload: yes + name: bt-term + enabled: no + state: stopped + when: not bluetooth_term_enabled | bool + +- name: Add 'bluetooth' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: bluetooth + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Bluetooth + - option: description + value: '"Bluetooth services for pan and terminal."' + - option: bluetooth_enabled + value: "{{ bluetooth_enabled }}" + - option: bluetooth_term_enabled + value: "{{ bluetooth_term_enabled }}" diff --git a/roles/bluetooth/tasks/install.yml b/roles/bluetooth/tasks/install.yml new file mode 100644 index 000000000..b35817cfa --- /dev/null +++ b/roles/bluetooth/tasks/install.yml @@ -0,0 +1,63 @@ +- name: "Install bluetooth packages" + package: + name: + - bluetooth + - bluez + - bluez-tools + state: present + +- name: Create bluetooth services + template: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + with_items: + - { src: 'bt-agent.service.j2', dest: '/etc/systemd/system/bt-agent.service' } + - { src: 'bt-pan.service.j2', dest: '/etc/systemd/system/bt-pan.service' } + - { src: 'bt-term.service.j2', dest: '/etc/systemd/system/bt-term.service' } + - { src: 'network.conf.j2', dest: '/etc/bluetooth/network.conf' } + +- name: Create bluetooth utility scripts + template: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0755 + with_items: + - { src: 'iiab-bt-pan-on.j2', dest: '/usr/bin/iiab-bt-pan-on' } + - { src: 'iiab-bt-pan-off.j2', dest: '/usr/bin/iiab-bt-pan-off' } + - { src: 'iiab-bt-pan-discoverable-on.j2', dest: '/usr/bin/iiab-bt-pan-discoverable-on' } + - { src: 'iiab-bt-term-on.j2', dest: '/usr/bin/iiab-bt-term-on' } + - { src: 'iiab-bt-term-off.j2', dest: '/usr/bin/iiab-bt-term-off' } + +# Bluetooth service needs /usr/lib/bluetooth/bluetoothd -C --noplugin=sap +# Copy and patch it + +- name: Copy the bluetooth service + template: + dest: /etc/systemd/system/bluetooth.service + src: /lib/systemd/system/bluetooth.service + +- name: Add -C --noplugin=sap to execStart of bluetooth service + lineinfile: + path: /etc/systemd/system/bluetooth.service + regexp: '^ExecStart=/usr/lib/bluetooth/bluetoothd' + line: 'ExecStart=/usr/lib/bluetooth/bluetoothd -C --noplugin=sap' + +- name: Set discoverable not to timeout + lineinfile: + path: /etc/bluetooth/main.conf + regexp: '^#DiscoverableTimeout' + line: 'DiscoverableTimeout = 0' + +- name: Add 'pan_bluetooth_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^pan_bluetooth_installed' + line: 'pan_bluetooth_installed' + state: present diff --git a/roles/bluetooth/tasks/main.yml b/roles/bluetooth/tasks/main.yml index 421b9c63e..88092cbfc 100644 --- a/roles/bluetooth/tasks/main.yml +++ b/roles/bluetooth/tasks/main.yml @@ -1,4 +1,6 @@ -# This is rpi only +- include_tasks: install.yml + when: bluetooth_install and not pan_bluetooth_installed is defined + +- include_tasks: enable.yml + when: bluetooth_install or pan_bluetooth_installed is defined -- include_tasks: rpi_install.yml - when: is_rpi and bluetooth_install diff --git a/roles/bluetooth/tasks/rpi_install.yml b/roles/bluetooth/tasks/rpi_install.yml deleted file mode 100644 index 2fa925c53..000000000 --- a/roles/bluetooth/tasks/rpi_install.yml +++ /dev/null @@ -1,132 +0,0 @@ -# This is rpi only - -- name: "Install rpi bluetooth packages" - package: - name: - - bluetooth - - bluez - - bluez-tools - state: present - -- name: Create bluetooth services - template: - backup: no - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 - with_items: - - { src: 'bt-agent.service.j2', dest: '/etc/systemd/system/bt-agent.service' } - - { src: 'bt-pan.service.j2', dest: '/etc/systemd/system/bt-pan.service' } - - { src: 'bt-term.service.j2', dest: '/etc/systemd/system/bt-term.service' } - - { src: 'network.conf.j2', dest: '/etc/bluetooth/network.conf' } - -- name: Create bluetooth utility scripts - template: - backup: no - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0755 - with_items: - - { src: 'iiab-bt-pan-on.j2', dest: '/usr/bin/iiab-bt-pan-on' } - - { src: 'iiab-bt-pan-off.j2', dest: '/usr/bin/iiab-bt-pan-off' } - - { src: 'iiab-bt-pan-discoverable-on.j2', dest: '/usr/bin/iiab-bt-pan-discoverable-on' } - - { src: 'iiab-bt-term-on.j2', dest: '/usr/bin/iiab-bt-term-on' } - - { src: 'iiab-bt-term-off.j2', dest: '/usr/bin/iiab-bt-term-off' } - -# Bluetooth service needs /usr/lib/bluetooth/bluetoothd -C --noplugin=sap -# Copy and patch it - -- name: Copy the bluetooth service - template: - dest: /etc/systemd/system/bluetooth.service - src: /lib/systemd/system/bluetooth.service - -- name: Add -C --noplugin=sap to execStart of bluetooth service - lineinfile: - path: /etc/systemd/system/bluetooth.service - regexp: '^ExecStart=/usr/lib/bluetooth/bluetoothd' - line: 'ExecStart=/usr/lib/bluetooth/bluetoothd -C --noplugin=sap' - -- name: Set discoverable not to timeout - lineinfile: - path: /etc/bluetooth/main.conf - regexp: '^#DiscoverableTimeout' - line: 'DiscoverableTimeout = 0' - -- name: Enable & Restart 'bt-agent' service - systemd: - daemon_reload: yes - name: bluetooth - enabled: yes - state: restarted - -# enable or disable bt-agent -- name: Enable & Restart 'bt-agent' service - systemd: - daemon_reload: yes - name: bt-agent - enabled: yes - state: restarted - when: bluetooth_enabled or bluetooth_term_enabled - -- name: Disable 'bt-agent' service - systemd: - daemon_reload: yes - name: bt-agent - enabled: no - state: stopped - when: not bluetooth_enabled and not bluetooth_term_enabled - -# enable or disable bt-pan -- name: Enable & Restart 'bt-pan' service - systemd: - daemon_reload: yes - name: bt-pan - enabled: yes - state: restarted - when: bluetooth_enabled | bool - -- name: Disable 'bt-pan' service - systemd: - daemon_reload: yes - name: bt-pan - enabled: no - state: stopped - when: not bluetooth_enabled | bool - -# enable or disable bt-term -- name: Enable & Restart 'bt-term' service - systemd: - daemon_reload: yes - name: bt-term - enabled: yes - state: restarted - when: bluetooth_term_enabled | bool - -- name: Disable 'bt-term' service - systemd: - daemon_reload: yes - name: bt-term - enabled: no - state: stopped - when: not bluetooth_term_enabled | bool - -- name: Add 'bluetooth' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: bluetooth - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Bluetooth - - option: description - value: '"Bluetooth services for pan and terminal."' - - option: bluetooth_enabled - value: "{{ bluetooth_enabled }}" - - option: bluetooth_term_enabled - value: "{{ bluetooth_term_enabled }}" From adba04c8710414a2ed6509334a5dfe39a271f708 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 17:09:30 -0500 Subject: [PATCH 041/148] calibre-web - iiab_installed --- roles/calibre-web/tasks/enable.yml | 86 ++++++++++++ roles/calibre-web/tasks/install.yml | 110 ++++++++++++++++ roles/calibre-web/tasks/main.yml | 194 +--------------------------- 3 files changed, 200 insertions(+), 190 deletions(-) create mode 100644 roles/calibre-web/tasks/enable.yml create mode 100644 roles/calibre-web/tasks/install.yml diff --git a/roles/calibre-web/tasks/enable.yml b/roles/calibre-web/tasks/enable.yml new file mode 100644 index 000000000..de802501a --- /dev/null +++ b/roles/calibre-web/tasks/enable.yml @@ -0,0 +1,86 @@ +- name: Enable & Restart 'calibre-web' systemd service + systemd: + name: calibre-web + daemon_reload: yes + enabled: yes + state: restarted + when: calibreweb_enabled | bool + +# Default: http://box/books +# SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy +- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache + command: a2ensite calibre-web.conf + when: calibreweb_enabled | bool + +#- name: Restart Apache after enabling calibre-web httpd2 site +# command: apachectl -k graceful +# when: calibreweb_enabled | bool + +- name: Disable 'calibre-web' systemd service + systemd: + name: calibre-web + daemon_reload: yes + enabled: no + state: stopped + when: not calibreweb_enabled + +- name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache + command: a2dissite calibre-web.conf + when: not calibreweb_enabled or nginx_enabled | bool + +#- name: Restart Apache after disabling calibre-web httpd2 site +# command: apachectl -k graceful +# when: not calibreweb_enabled + +- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-$ + when: calibreweb_enabled | bool and nginx_enabled | bool + +- name: Restart nginx systemd service + systemd: + name: nginx + state: restarted + when: calibreweb_enabled | bool and nginx_enabled | bool + +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" # httpd or apache2 + state: restarted + when: not nginx_enabled | bool + +- name: Add 'calibre-web' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: calibre-web + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: calibre-web + - option: description + value: '"calibre-web is a web app providing a clean interface for browsing, reading and downloading e-books."' + - option: calibreweb_url1 + value: "{{ calibreweb_url1 }}" + - option: calibreweb_url2 + value: "{{ calibreweb_url2 }}" + - option: calibreweb_url3 + value: "{{ calibreweb_url3 }}" + - option: calibreweb_path + value: "{{ calibreweb_venv_path }}" + - option: calibreweb_home + value: "{{ calibreweb_home }}" + - option: calibreweb_port + value: "{{ calibreweb_port }}" + - option: calibreweb_database + value: "{{ calibreweb_database }}" + - option: calibreweb_enabled + value: "{{ calibreweb_enabled }}" +# - option: calibreweb_provision +# value: "{{ calibreweb_provision }}" diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml new file mode 100644 index 000000000..9311c0443 --- /dev/null +++ b/roles/calibre-web/tasks/install.yml @@ -0,0 +1,110 @@ +- name: Install ImageMagick (debuntu) + package: + name: + - imagemagick + state: present + when: is_debuntu | bool + +- name: Allow ImageMagick to read PDFs (debuntu) + lineinfile: + path: /etc/ImageMagick-6/policy.xml + regexp: '' + backrefs: yes + line: ' ' + state: present + when: is_debuntu | bool + +- name: Create 3 Calibre-Web folders to store data and configuration files + file: + path: "{{ item }}" + owner: "{{ calibreweb_user }}" + group: "{{ apache_user }}" + mode: 0755 + state: directory + with_items: + - "{{ calibreweb_home }}" + - "{{ calibreweb_venv_path }}" + - "{{ calibreweb_config }}" + +## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 +- name: Download Calibre-Web github repository to {{ calibreweb_venv_path }} + git: + repo: https://github.com/janeczku/calibre-web.git + dest: "{{ calibreweb_venv_path }}" + force: yes + #update: yes # not needed, as Ansible's default is to update + depth: 1 + version: "{{ calibreweb_version }}" + when: internet_available | bool + +## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) +#- name: Download calibre-web dependencies into vendor subdirectory. +# pip: +# requirements: "{{ calibreweb_path }}/requirements.txt" +# chdir: "{{ calibreweb_path }}" +# extra_args: '--target vendor' +# ignore_errors: True +## +# Implementing this with Ansible command module for now. +- name: Download Calibre-Web dependencies (using pip) into virtual environment + pip: + requirements: "{{ calibreweb_venv_path }}/requirements.txt" + virtualenv: "{{ calibreweb_venv_path }}" + virtualenv_site_packages: no + virtualenv_command: /usr/bin/virtualenv + virtualenv_python: python2.7 + when: internet_available | bool + +- name: Symlink {{ calibreweb_venv_path }}/vendor to {{ calibreweb_venv_path }}/lib/python2.7/site-packages to keep cps.py happy + file: + src: "{{ calibreweb_venv_path }}/lib/python2.7/site-packages" + dest: "{{ calibreweb_venv_path }}/vendor" + state: link + +- name: Install unit file /etc/systemd/system/calibre-web.service & /etc/apache2/sites-available/calibre-web.conf for http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} from templates + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + with_items: + - { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' } + - { src: 'calibre-web.conf.j2', dest: '/etc/apache2/sites-available/calibre-web.conf' } + +- name: Does /library/calibre-web/metadata.db exist? + stat: + path: /library/calibre-web/metadata.db + register: metadatadb + +- name: Provision/Copy both default metadata files into /library/calibre-web IF metadata.db did not exist + copy: + src: "{{ item }}" + dest: "{{ calibreweb_home }}" + owner: "{{ calibreweb_user }}" + group: "{{ apache_user }}" + mode: 0644 + backup: yes + with_items: + - roles/calibre-web/files/metadata.db + - roles/calibre-web/files/metadata_db_prefs_backup.json + when: not metadatadb.stat.exists + #when: calibreweb_provision | bool + +- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist # {{ calibreweb_config }} is /library/calibre-web/config + copy: + src: roles/calibre-web/files/app.db + dest: "{{ calibreweb_config }}" + owner: "{{ calibreweb_user }}" + group: "{{ apache_user }}" + mode: 0644 + backup: yes + when: not metadatadb.stat.exists + #when: calibreweb_provision | bool + +- name: Add 'calibreweb_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^calibreweb_installed' + line: 'calibreweb_installed' + state: present diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 0cf210db1..6b4276c8d 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -1,191 +1,5 @@ -- name: Install ImageMagick (debuntu) - package: - name: - - imagemagick - state: present - when: is_debuntu | bool +- include_tasks: install.yml + when: calibreweb_install and not calibreweb_installed is defined -- name: Allow ImageMagick to read PDFs (debuntu) - lineinfile: - path: /etc/ImageMagick-6/policy.xml - regexp: '' - backrefs: yes - line: ' ' - state: present - when: is_debuntu | bool - -- name: Create 3 Calibre-Web folders to store data and configuration files - file: - path: "{{ item }}" - owner: "{{ calibreweb_user }}" - group: "{{ apache_user }}" - mode: 0755 - state: directory - with_items: - - "{{ calibreweb_home }}" - - "{{ calibreweb_venv_path }}" - - "{{ calibreweb_config }}" - -## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 -- name: Download Calibre-Web github repository to {{ calibreweb_venv_path }} - git: - repo: https://github.com/janeczku/calibre-web.git - dest: "{{ calibreweb_venv_path }}" - force: yes - #update: yes # not needed, as Ansible's default is to update - depth: 1 - version: "{{ calibreweb_version }}" - when: internet_available | bool - -## Ansible Pip Bug: Cannot use 'chdir' with 'env' https://github.com/ansible/ansible/issues/37912 (Patch landed) -#- name: Download calibre-web dependencies into vendor subdirectory. -# pip: -# requirements: "{{ calibreweb_path }}/requirements.txt" -# chdir: "{{ calibreweb_path }}" -# extra_args: '--target vendor' -# ignore_errors: True -## -# Implementing this with Ansible command module for now. -- name: Download Calibre-Web dependencies (using pip) into virtual environment - pip: - requirements: "{{ calibreweb_venv_path }}/requirements.txt" - virtualenv: "{{ calibreweb_venv_path }}" - virtualenv_site_packages: no - virtualenv_command: /usr/bin/virtualenv - virtualenv_python: python2.7 - - when: internet_available | bool - -- name: Symlink {{ calibreweb_venv_path }}/vendor to {{ calibreweb_venv_path }}/lib/python2.7/site-packages to keep cps.py happy - file: - src: "{{ calibreweb_venv_path }}/lib/python2.7/site-packages" - dest: "{{ calibreweb_venv_path }}/vendor" - state: link - -- name: Install unit file /etc/systemd/system/calibre-web.service & /etc/apache2/sites-available/calibre-web.conf for http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} from templates - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 - with_items: - - { src: 'calibre-web.service.j2', dest: '/etc/systemd/system/calibre-web.service' } - - { src: 'calibre-web.conf.j2', dest: '/etc/apache2/sites-available/calibre-web.conf' } - -- name: Does /library/calibre-web/metadata.db exist? - stat: - path: /library/calibre-web/metadata.db - register: metadatadb - -- name: Provision/Copy both default metadata files into /library/calibre-web IF metadata.db did not exist - copy: - src: "{{ item }}" - dest: "{{ calibreweb_home }}" - owner: "{{ calibreweb_user }}" - group: "{{ apache_user }}" - mode: 0644 - backup: yes - with_items: - - roles/calibre-web/files/metadata.db - - roles/calibre-web/files/metadata_db_prefs_backup.json - when: not metadatadb.stat.exists - #when: calibreweb_provision | bool - -- name: Provision/Copy default admin settings to {{ calibreweb_config }}/app.db IF metadata.db did not exist # {{ calibreweb_config }} is /library/calibre-web/config - copy: - src: roles/calibre-web/files/app.db - dest: "{{ calibreweb_config }}" - owner: "{{ calibreweb_user }}" - group: "{{ apache_user }}" - mode: 0644 - backup: yes - when: not metadatadb.stat.exists - #when: calibreweb_provision | bool - -- name: Enable & Restart 'calibre-web' systemd service - systemd: - name: calibre-web - daemon_reload: yes - enabled: yes - state: restarted - when: calibreweb_enabled | bool - -# Default: http://box/books -# SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy -- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache - command: a2ensite calibre-web.conf - when: calibreweb_enabled | bool and not nginx_enabled | bool - -#- name: Restart Apache after enabling calibre-web httpd2 site -# command: apachectl -k graceful -# when: calibreweb_enabled | bool - -- name: Disable 'calibre-web' systemd service - systemd: - name: calibre-web - daemon_reload: yes - enabled: no - state: stopped - when: not calibreweb_enabled | bool - -- name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache - command: a2dissite calibre-web.conf - when: not calibreweb_enabled or nginx_enabled | bool - -#- name: Restart Apache after disabling calibre-web httpd2 site -# command: apachectl -k graceful -# when: not calibreweb_enabled - -- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - owner: root - group: root - with_items: - - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' } - when: calibreweb_enabled | bool and nginx_enabled | bool - -- name: Restart nginx systemd service - systemd: - name: nginx - state: restarted - when: calibreweb_enabled | bool and nginx_enabled | bool - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" # httpd or apache2 - state: restarted - when: not nginx_enabled | bool - -- name: Add 'calibre-web' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: calibre-web - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: calibre-web - - option: description - value: '"calibre-web is a web app providing a clean interface for browsing, reading and downloading e-books."' - - option: calibreweb_url1 - value: "{{ calibreweb_url1 }}" - - option: calibreweb_url2 - value: "{{ calibreweb_url2 }}" - - option: calibreweb_url3 - value: "{{ calibreweb_url3 }}" - - option: calibreweb_path - value: "{{ calibreweb_venv_path }}" - - option: calibreweb_home - value: "{{ calibreweb_home }}" - - option: calibreweb_port - value: "{{ calibreweb_port }}" - - option: calibreweb_database - value: "{{ calibreweb_database }}" - - option: calibreweb_enabled - value: "{{ calibreweb_enabled }}" -# - option: calibreweb_provision -# value: "{{ calibreweb_provision }}" +- include_tasks: enable.yml + when: calibreweb_install or calibreweb_installed is defined From 8c8e44ce03d045a97204fa8a0d4a10e6c37379d1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 17:26:37 -0500 Subject: [PATCH 042/148] calibre - iiab_installed --- roles/calibre/tasks/enable.yml | 54 +++++++++++ roles/calibre/tasks/install.yml | 87 ++++++++++++++++++ roles/calibre/tasks/main.yml | 154 +------------------------------- 3 files changed, 145 insertions(+), 150 deletions(-) create mode 100644 roles/calibre/tasks/enable.yml create mode 100644 roles/calibre/tasks/install.yml diff --git a/roles/calibre/tasks/enable.yml b/roles/calibre/tasks/enable.yml new file mode 100644 index 000000000..64e0215de --- /dev/null +++ b/roles/calibre/tasks/enable.yml @@ -0,0 +1,54 @@ +# 5. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC + +# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) +# +# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: +# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 +# (anyway this works great for calibre-web, allowing http://box/books +# to work even better than http://box:8083 when box == 192.168.0.x !) +- name: Create symlink calibre.conf from sites-enabled to sites-available, for UNTESTED http://box/calibre etc (debuntu) + file: + src: /etc/apache2/sites-available/calibre.conf + dest: /etc/apache2/sites-enabled/calibre.conf + state: link + when: calibre_enabled and is_debuntu + +- name: Remove symlink /etc/apache2/sites-enabled/calibre.conf (debuntu) + file: + dest: /etc/apache2/sites-enabled/calibre.conf + state: absent + when: (not calibre_enabled) and is_debuntu + +- name: Enable & Start service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal) + service: + name: calibre-serve + enabled: yes + state: started + when: calibre_enabled | bool + #async: 900 + #poll: 5 + +- name: Reload Apache service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" + state: reloaded + +- name: Add 'calibre' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: calibre + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Calibre + - option: description + value: '"Calibre is an extremely popular personal library system for e-books."' + - option: url + value: "{{ calibre_src_url }}" + - option: database + value: "{{ calibre_dbpath }}" + - option: port + value: "{{ calibre_port }}" + - option: calibre_enabled + value: "{{ calibre_enabled }}" diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml new file mode 100644 index 000000000..c0e147e8a --- /dev/null +++ b/roles/calibre/tasks/install.yml @@ -0,0 +1,87 @@ +# 1. INSTALL THE LATEST CALIBRE 3.X+ (calibre, calibredb, calibre-server etc) ON ALL OS'S + +- name: Does /usr/bin/calibre exist? + stat: + path: "/usr/bin/calibre" + register: calib_executable + +- name: "Install OS's latest packages: calibre, calibre-bin (IF not rpi AND /usr/bin/calibre MISSING)" + package: + name: + - calibre + - calibre-bin + state: latest + when: internet_available and not is_rpi and (not calib_executable.stat.exists) + +- name: Install Calibre .debs IF calibre_via_debs (AND /usr/bin/calibre WAS MISSING) + include_tasks: debs.yml + when: calibre_via_debs and (not calib_executable.stat.exists) + +- name: Install Calibre via calibre-installer.py IF calibre_via_python (AND /usr/bin/calibre WAS MISSING) + include_tasks: py-installer.yml + when: calibre_via_python and (not calib_executable.stat.exists) + +# SEE calibre_via_python's value vars/default_vars.yml, vars/ubuntu-18.yml & +# vars/raspbian-9.yml: try to AVOID Python installer on Raspbian since its +# .deb's (http://raspbian.raspberrypi.org/raspbian/pool/main/c/calibre/) +# are updated within about 10 days of Calibre's quasi-monthly releases! +# +# BUT IF ABSOLUTELY NEC: (SEE roles/calibre/tasks/debs.yml) +# - run testing branch for RPi: scripts/calibre-install-latest-rpi.sh +# - run testing branch for Ubuntu 16.04: scripts/calibre-install-latest.sh +# - run unstable branch for Debian etc: scripts/calibre-install-unstable.sh + +- name: Create calibre-serve.service and calibre.conf (IF /usr/bin/calibre WAS MISSING) + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + backup: no + #register: calibre_config + with_items: + - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'} + - { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'} + when: (not calib_executable.stat.exists) + +- name: Stop service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal) + systemd: + name: calibre-serve + state: stopped + daemon_reload: yes + +# 3. CREATE USER DATABASE + +- name: Create /library/calibre (mandatory since Calibre 3.x) + file: + path: "{{ calibre_dbpath }}" + state: directory + #mode: 0755 + +- name: Copy template userdb to /library/calibre/users.sqlite (IF /usr/bin/calibre WAS MISSING) + copy: + src: /opt/iiab/iiab/roles/calibre/templates/users.sqlite + dest: "{{ calibre_userdb }}" + owner: root + group: root + mode: 0644 + when: (not calib_executable.stat.exists) + +# 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x) + +- name: Does /library/calibre/metadata.db exist? + stat: + path: "{{ calibre_dbpath }}/metadata.db" + register: calibre_db + +- name: Create database (required since Calibre 3.x) with a sample book + include_tasks: create-db.yml + when: not calibre_db.stat.exists + +- name: Add 'calibre_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^calibreweb_installed' + line: 'calibre_installed' + state: present diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index b327558e4..6b0a77d70 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -1,151 +1,5 @@ -# 1. INSTALL THE LATEST CALIBRE 3.X+ (calibre, calibredb, calibre-server etc) ON ALL OS'S +- include_tasks: install.yml + when: calibre_install and not calibre_installed is defined -- name: Does /usr/bin/calibre exist? - stat: - path: "/usr/bin/calibre" - register: calib_executable - -- name: "Install OS's latest packages: calibre, calibre-bin (IF not rpi AND /usr/bin/calibre MISSING)" - package: - name: - - calibre - - calibre-bin - state: latest - when: internet_available and not is_rpi and (not calib_executable.stat.exists) - -- name: Install Calibre .debs IF calibre_via_debs (AND /usr/bin/calibre WAS MISSING) - include_tasks: debs.yml - when: calibre_via_debs and (not calib_executable.stat.exists) - -- name: Install Calibre via calibre-installer.py IF calibre_via_python (AND /usr/bin/calibre WAS MISSING) - include_tasks: py-installer.yml - when: calibre_via_python and (not calib_executable.stat.exists) - -# SEE calibre_via_python's value vars/default_vars.yml, vars/ubuntu-18.yml & -# vars/raspbian-9.yml: try to AVOID Python installer on Raspbian since its -# .deb's (http://raspbian.raspberrypi.org/raspbian/pool/main/c/calibre/) -# are updated within about 10 days of Calibre's quasi-monthly releases! -# -# BUT IF ABSOLUTELY NEC: (SEE roles/calibre/tasks/debs.yml) -# - run testing branch for RPi: scripts/calibre-install-latest-rpi.sh -# - run testing branch for Ubuntu 16.04: scripts/calibre-install-latest.sh -# - run unstable branch for Debian etc: scripts/calibre-install-unstable.sh - -- name: Create calibre-serve.service and calibre.conf (IF /usr/bin/calibre WAS MISSING) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - backup: no - #register: calibre_config - with_items: - - { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'} - - { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'} - when: (not calib_executable.stat.exists) - -- name: Force systemd to reread configs (IF /usr/bin/calibre WAS MISSING) - systemd: - daemon_reload: yes - when: (not calib_executable.stat.exists) - #when: calibre_config.changed - -# 2. STOP CALIBRE SERVICE (REQUIRED FOR DB ACTIVITY...AND IF not calibre_enabled) - -#- name: Check if Calibre systemd service exists -# stat: -# path: /etc/systemd/system/calibre-serve.service -# register: calibre_svc - -- name: Stop service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal) - systemd: - name: calibre-serve - state: stopped - #enabled: no - #register: command_result # gist.github.com/tyrells/0a79681de339237cb04c - #failed_when: False # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!) - #when: calibre_svc.stat.exists - -# 3. CREATE USER DATABASE - -- name: Create /library/calibre (mandatory since Calibre 3.x) - file: - path: "{{ calibre_dbpath }}" - state: directory - #mode: 0755 - -- name: Copy template userdb to /library/calibre/users.sqlite (IF /usr/bin/calibre WAS MISSING) - copy: - src: /opt/iiab/iiab/roles/calibre/templates/users.sqlite - dest: "{{ calibre_userdb }}" - owner: root - group: root - mode: 0644 - when: (not calib_executable.stat.exists) - -# 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x) - -- name: Does /library/calibre/metadata.db exist? - stat: - path: "{{ calibre_dbpath }}/metadata.db" - register: calibre_db - -- name: Create database (required since Calibre 3.x) with a sample book - include_tasks: create-db.yml - when: not calibre_db.stat.exists - -# 5. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC - -# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) -# -# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: -# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 -# (anyway this works great for calibre-web, allowing http://box/books -# to work even better than http://box:8083 when box == 192.168.0.x !) -- name: Create symlink calibre.conf from sites-enabled to sites-available, for UNTESTED http://box/calibre etc (debuntu) - file: - src: /etc/apache2/sites-available/calibre.conf - dest: /etc/apache2/sites-enabled/calibre.conf - state: link - when: calibre_enabled and is_debuntu - -- name: Remove symlink /etc/apache2/sites-enabled/calibre.conf (debuntu) - file: - dest: /etc/apache2/sites-enabled/calibre.conf - state: absent - when: (not calibre_enabled) and is_debuntu - -- name: Enable & Start service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal) - service: - name: calibre-serve - enabled: yes - state: started - when: calibre_enabled | bool - #async: 900 - #poll: 5 - -- name: Reload Apache service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - state: reloaded - -- name: Add 'calibre' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: calibre - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Calibre - - option: description - value: '"Calibre is an extremely popular personal library system for e-books."' - - option: url - value: "{{ calibre_src_url }}" - - option: database - value: "{{ calibre_dbpath }}" - - option: port - value: "{{ calibre_port }}" - - option: calibre_enabled - value: "{{ calibre_enabled }}" +- include_tasks: enable.yml + when: calibre_install or calibre_installed is defined From 3a251be789ea3d35af51027ccd31a16d108ef51e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 17:38:55 -0500 Subject: [PATCH 043/148] dokuwiki - iiab_installed --- roles/dokuwiki/tasks/enable.yml | 35 ++++++++++++++++++++++++++++++++ roles/dokuwiki/tasks/install.yml | 10 +++++---- roles/dokuwiki/tasks/main.yml | 20 ++++-------------- 3 files changed, 45 insertions(+), 20 deletions(-) create mode 100644 roles/dokuwiki/tasks/enable.yml diff --git a/roles/dokuwiki/tasks/enable.yml b/roles/dokuwiki/tasks/enable.yml new file mode 100644 index 000000000..379649617 --- /dev/null +++ b/roles/dokuwiki/tasks/enable.yml @@ -0,0 +1,35 @@ +- name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu) + file: + src: /etc/apache2/sites-available/dokuwiki.conf + path: /etc/apache2/sites-enabled/dokuwiki.conf + state: link + when: dokuwiki_enabled and is_debuntu + +- name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu) + file: + path: /etc/apache2/sites-enabled/dokuwiki.conf + state: absent + when: not dokuwiki_enabled and is_debuntu + +- name: Restart Apache ({{ apache_service }}) to enable/disable DokuWiki's http://box/wiki + systemd: + name: "{{ apache_service }}" + daemon_reload: yes + state: restarted + +- name: Add 'dokuwiki' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: dokuwiki + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: DokuWiki + - option: description + value: '"DokuWiki is a simple to use and highly versatile Open Source wiki software that does not require a database."' + - option: installed + value: "{{ dokuwiki_install }}" + - option: enabled + value: "{{ dokuwiki_enabled }}" + diff --git a/roles/dokuwiki/tasks/install.yml b/roles/dokuwiki/tasks/install.yml index 9aab6692c..8cb0e9983 100644 --- a/roles/dokuwiki/tasks/install.yml +++ b/roles/dokuwiki/tasks/install.yml @@ -48,7 +48,9 @@ state: directory recurse: yes -- name: Restart Apache ({{ apache_service }}) to enable/disable DokuWiki's http://box/wiki - systemd: - name: "{{ apache_service }}" - state: restarted +- name: Add 'dokuwiki_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^dokuwiki_installed' + line: 'dokuwiki_installed' + state: present diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index 15824df31..ad5ba75a7 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -1,19 +1,7 @@ - name: Install DokuWiki include_tasks: install.yml - when: dokuwiki_install | bool + when: dokuwiki_install | bool and not dokuwiki_installed is defined -- name: Add 'dokuwiki' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: dokuwiki - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: DokuWiki - - option: description - value: '"DokuWiki is a simple to use and highly versatile Open Source wiki software that does not require a database."' - - option: installed - value: "{{ dokuwiki_install }}" - - option: enabled - value: "{{ dokuwiki_enabled }}" +- name: Enable DokuWiki + include_tasks: enable.yml + when: dokuwiki_install | bool or dokuwiki_installed is defined From 544293113fdb0776dfdbdc321959fdeb55eabd10 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 17:47:41 -0500 Subject: [PATCH 044/148] gitea - iiab_installed --- roles/gitea/tasks/enable.yml | 63 ++++++++++++++++++++++++++++++++ roles/gitea/tasks/install.yml | 67 ++++------------------------------- roles/gitea/tasks/main.yml | 6 +++- 3 files changed, 74 insertions(+), 62 deletions(-) create mode 100644 roles/gitea/tasks/enable.yml diff --git a/roles/gitea/tasks/enable.yml b/roles/gitea/tasks/enable.yml new file mode 100644 index 000000000..4261584b8 --- /dev/null +++ b/roles/gitea/tasks/enable.yml @@ -0,0 +1,63 @@ +- name: Enable 'gitea' service + systemd: + daemon_reload: yes + name: gitea + enabled: yes + state: restarted + when: gitea_enabled | bool + +- name: Disable 'gitea' service + systemd: + daemon_reload: yes + name: gitea + enabled: no + state: stopped + when: not gitea_enabled + +# Configure HTTPD + +- name: Copy gitea httpd conf file + template: + src: gitea.conf.j2 + dest: "/etc/{{ apache_config_dir }}/gitea.conf" + +- name: Enable httpd conf file (debuntu) + file: + src: /etc/{{ apache_config_dir }}/gitea.conf + dest: /etc/apache2/sites-enabled/gitea.conf + state: link + when: gitea_enabled and is_debuntu + +- name: Remove httpd conf file (OS's other than debuntu) + file: + path: /etc/apache2/sites-enabled/gitea.conf + state: absent + when: not gitea_enabled and is_debuntu + +- name: >- + Restart Apache ({{ apache_service }}) to {% if gitea_enabled %}enable{% + else %}disable{% endif %} http://box/gitea + systemd: + name: "{{ apache_service }}" + daemon_reload: yes + state: restarted + +# Add Gitea to registry + +- name: Add 'gitea' to list of services at {{ iiab_ini_file }} + ini_file: + dest: "{{ iiab_ini_file }}" + section: gitea + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: gitea + - option: description + value: '"Gitea: Git with a cup of tea"' + - option: gitea_run_directory + value: "{{ gitea_run_directory }}" + - option: gitea_url + value: "{{ gitea_url }}" + - option: gitea_enabled + value: "{{ gitea_enabled }}" diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index f67bee787..8688ab94d 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -125,64 +125,9 @@ tags: - systemd -- name: Enable 'gitea' service - systemd: - daemon_reload: yes - name: gitea - enabled: yes - state: restarted - when: gitea_enabled | bool - -- name: Disable 'gitea' service - systemd: - name: gitea - enabled: no - state: stopped - when: not gitea_enabled - -# Configure HTTPD - -- name: Copy gitea httpd conf file - template: - src: gitea.conf.j2 - dest: "/etc/{{ apache_config_dir }}/gitea.conf" - -- name: Enable httpd conf file (debuntu) - file: - src: /etc/{{ apache_config_dir }}/gitea.conf - dest: /etc/apache2/sites-enabled/gitea.conf - state: link - when: gitea_enabled and is_debuntu - -- name: Remove httpd conf file (OS's other than debuntu) - file: - path: /etc/apache2/sites-enabled/gitea.conf - state: absent - when: not gitea_enabled and is_debuntu - -- name: >- - Restart Apache ({{ apache_service }}) to {% if gitea_enabled %}enable{% - else %}disable{% endif %} http://box/gitea - service: - name: "{{ apache_service }}" - state: restarted - -# Add Gitea to registry - -- name: Add 'gitea' to list of services at {{ iiab_ini_file }} - ini_file: - dest: "{{ iiab_ini_file }}" - section: gitea - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: gitea - - option: description - value: '"Gitea: Git with a cup of tea"' - - option: gitea_run_directory - value: "{{ gitea_run_directory }}" - - option: gitea_url - value: "{{ gitea_url }}" - - option: gitea_enabled - value: "{{ gitea_enabled }}" +- name: Add 'gitea_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^gitea_installed' + line: 'gitea_installed' + state: present diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 28e34380f..89fb7bb80 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,3 +1,7 @@ - name: Install Gitea {{ gitea_version }} if gitea_install include_tasks: install.yml - when: gitea_install | bool + when: gitea_install | bool and not gitea_installed is defined + +- name: Enable Gitea {{ gitea_version }} if gitea_install + include_tasks: enabled.yml + when: gitea_install | bool or gitea_installed is defined From e8683079b0ebf56ae049ab8988290a360c45de99 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 17:52:02 -0500 Subject: [PATCH 045/148] lokole - iiab_installed --- roles/lokole/tasks/enable.yml | 65 ++++++++++++++++++++++++++++++++++ roles/lokole/tasks/install.yml | 62 ++++---------------------------- roles/lokole/tasks/main.yml | 6 +++- 3 files changed, 76 insertions(+), 57 deletions(-) create mode 100644 roles/lokole/tasks/enable.yml diff --git a/roles/lokole/tasks/enable.yml b/roles/lokole/tasks/enable.yml new file mode 100644 index 000000000..fe60530a4 --- /dev/null +++ b/roles/lokole/tasks/enable.yml @@ -0,0 +1,65 @@ +- name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled + systemd: + daemon_reload: yes + name: lokole + enabled: yes + state: restarted + when: lokole_enabled | bool + +- name: Disable 'lokole' service, if not lokole_enabled + systemd: + daemon_reload: yes + name: lokole + enabled: no + state: stopped + when: not lokole_enabled + +- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box/lokole + template: + src: lokole.conf.j2 + dest: "/etc/{{ apache_config_dir }}/lokole.conf" + +- name: Symlink /etc/apache2/sites-enabled/lokole.conf to /etc/{{ apache_config_dir }}/lokole.conf, if lokole_enabled (debuntu) + file: + src: "/etc/{{ apache_config_dir }}/lokole.conf" + path: /etc/apache2/sites-enabled/lokole.conf + state: link + when: lokole_enabled and is_debuntu + +- name: Remove /etc/apache2/sites-enabled/lokole.conf, if not lokole_enabled (debuntu) + file: + path: /etc/apache2/sites-enabled/lokole.conf + state: absent + when: not lokole_enabled and is_debuntu + +- name: Remove /etc/{{ apache_config_dir }}/lokole.conf, if not lokole_enabled (OS's other than debuntu) + file: + path: "/etc/{{ apache_config_dir }}/lokole.conf" + state: absent + when: (not lokole_enabled) and (not is_debuntu) + +- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/lokole + systemd: + daemon_reload: yes + name: "{{ apache_service }}" + state: restarted + +- name: Add 'lokole' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: lokole + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: lokole + - option: description + value: '"Lokole is an email service that works offline, for rural communities."' + - option: lokole_run_directory + value: "{{ lokole_run_directory }}" + - option: lokole_url + value: "{{ lokole_url }}" + - option: lokole_full_url + value: "{{ lokole_full_url }}" + - option: lokole_enabled + value: "{{ lokole_enabled }}" diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 194472ac6..b735a7f40 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -98,59 +98,9 @@ state: restarted when: lokole_enabled | bool -- name: Disable 'lokole' service, if not lokole_enabled - systemd: - name: lokole - enabled: no - state: stopped - when: not lokole_enabled - -- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box/lokole - template: - src: lokole.conf.j2 - dest: "/etc/{{ apache_config_dir }}/lokole.conf" - -- name: Symlink /etc/apache2/sites-enabled/lokole.conf to /etc/{{ apache_config_dir }}/lokole.conf, if lokole_enabled (debuntu) - file: - src: "/etc/{{ apache_config_dir }}/lokole.conf" - path: /etc/apache2/sites-enabled/lokole.conf - state: link - when: lokole_enabled and is_debuntu - -- name: Remove /etc/apache2/sites-enabled/lokole.conf, if not lokole_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/lokole.conf - state: absent - when: not lokole_enabled and is_debuntu - -- name: Remove /etc/{{ apache_config_dir }}/lokole.conf, if not lokole_enabled (OS's other than debuntu) - file: - path: "/etc/{{ apache_config_dir }}/lokole.conf" - state: absent - when: (not lokole_enabled) and (not is_debuntu) - -- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/lokole - systemd: - daemon_reload: yes - name: "{{ apache_service }}" - state: restarted - -- name: Add 'lokole' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: lokole - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: lokole - - option: description - value: '"Lokole is an email service that works offline, for rural communities."' - - option: lokole_run_directory - value: "{{ lokole_run_directory }}" - - option: lokole_url - value: "{{ lokole_url }}" - - option: lokole_full_url - value: "{{ lokole_full_url }}" - - option: lokole_enabled - value: "{{ lokole_enabled }}" +- name: Add 'lokole_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^lokole_installed' + line: 'lokole_installed' + state: present diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index 5f05bd4a3..159a92485 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -1,3 +1,7 @@ - name: Install Lokole {{ lokole_version }} if lokole_install include_tasks: install.yml - when: lokole_install | bool + when: lokole_install | bool and not lokole_installed is defined + +- name: Enable Lokole + include_tasks: enable.yml + when: lokole_install | bool or lokole_installed is defined From eeddbff8a585aa83007f2f928aaf14f777008103 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 18:03:51 -0500 Subject: [PATCH 046/148] mediawiki - iiab_installed --- roles/mediawiki/tasks/enable.yml | 44 +++++++++++++++++++++++++++ roles/mediawiki/tasks/install.yml | 49 ++++--------------------------- roles/mediawiki/tasks/main.yml | 6 +++- 3 files changed, 55 insertions(+), 44 deletions(-) create mode 100644 roles/mediawiki/tasks/enable.yml diff --git a/roles/mediawiki/tasks/enable.yml b/roles/mediawiki/tasks/enable.yml new file mode 100644 index 000000000..4acbe1e12 --- /dev/null +++ b/roles/mediawiki/tasks/enable.yml @@ -0,0 +1,44 @@ +- name: Create softlink mediawiki.conf from sites-enabled to sites-available, if mediawiki_enabled (debuntu) + file: + src: /etc/apache2/sites-available/mediawiki.conf + dest: /etc/apache2/sites-enabled/mediawiki.conf + state: link + when: mediawiki_enabled and is_debuntu + +- name: Remove mediawiki.conf if not mediawiki_enabled (debuntu) + file: + path: /etc/apache2/sites-enabled/mediawiki.conf + state: absent + when: not mediawiki_enabled and is_debuntu + +- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box{{ mediawiki_url }} + systemd: + name: "{{ apache_service }}" + daemon_reload: yes + state: restarted + +- name: Add 'mediawiki' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: mediawiki + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: mediawiki + - option: description + value: '"mediawiki is a blog and web site management application."' + - option: mediawiki_src + value: "{{ mediawiki_src }}" + - option: mediawiki_abs_path + value: "{{ mediawiki_abs_path }}" + - option: mediawiki_db_name + value: "{{ mediawiki_db_name }}" + - option: mediawiki_db_user + value: "{{ mediawiki_db_user }}" + - option: mediawiki_url + value: "{{ mediawiki_url }}" + - option: mediawiki_full_url + value: "{{ mediawiki_full_url }}" + - option: mediawiki_enabled + value: "{{ mediawiki_enabled }}" diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index db90e1e6c..e39565774 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -65,46 +65,9 @@ src: mediawiki.conf.j2 dest: "/etc/{{ apache_config_dir }}/mediawiki.conf" -- name: Create softlink mediawiki.conf from sites-enabled to sites-available, if mediawiki_enabled (debuntu) - file: - src: /etc/apache2/sites-available/mediawiki.conf - dest: /etc/apache2/sites-enabled/mediawiki.conf - state: link - when: mediawiki_enabled and is_debuntu - -- name: Remove mediawiki.conf if not mediawiki_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/mediawiki.conf - state: absent - when: not mediawiki_enabled and is_debuntu - -- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box{{ mediawiki_url }} - systemd: - name: "{{ apache_service }}" - state: restarted - -- name: Add 'mediawiki' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: mediawiki - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: mediawiki - - option: description - value: '"mediawiki is a blog and web site management application."' - - option: mediawiki_src - value: "{{ mediawiki_src }}" - - option: mediawiki_abs_path - value: "{{ mediawiki_abs_path }}" - - option: mediawiki_db_name - value: "{{ mediawiki_db_name }}" - - option: mediawiki_db_user - value: "{{ mediawiki_db_user }}" - - option: mediawiki_url - value: "{{ mediawiki_url }}" - - option: mediawiki_full_url - value: "{{ mediawiki_full_url }}" - - option: mediawiki_enabled - value: "{{ mediawiki_enabled }}" +- name: Add 'mediawiki_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^mediawiki_installed' + line: 'mediawiki_installed' + state: present diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index bf0a4d795..ee96ee73b 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -1,3 +1,7 @@ - name: Install MediaWiki {{ mediawiki_version }} if mediawiki_install include_tasks: install.yml - when: mediawiki_install | bool + when: mediawiki_install | bool and not mediawiki_installed is defined + +- name: Install MediaWiki {{ mediawiki_version }} if mediawiki_install + include_tasks: enable.yml + when: mediawiki_install | bool or mediawiki_installed is defined From 14f4e27e68e4b3420415cfa3cc24a9bf805e441b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 18:17:19 -0500 Subject: [PATCH 047/148] minetest - iiab_installed --- roles/minetest/tasks/enable.yml | 36 ++++++++++ roles/minetest/tasks/main.yml | 112 ++--------------------------- roles/minetest/tasks/provision.yml | 80 +++++++++++++++++++++ 3 files changed, 120 insertions(+), 108 deletions(-) create mode 100644 roles/minetest/tasks/enable.yml create mode 100644 roles/minetest/tasks/provision.yml diff --git a/roles/minetest/tasks/enable.yml b/roles/minetest/tasks/enable.yml new file mode 100644 index 000000000..170b51629 --- /dev/null +++ b/roles/minetest/tasks/enable.yml @@ -0,0 +1,36 @@ +# enable or disable +- name: Enable & Restart 'minetest-server' service + systemd: + daemon_reload: yes + name: minetest-server + enabled: yes + state: restarted + when: minetest_enabled | bool + +- name: Disable 'minetest-server' service + systemd: + daemon_reload: yes + name: minetest-server + enabled: no + state: stopped + when: not minetest_enabled + +- name: Add 'minetest' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: minetest + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Minetest Server + - option: description + value: '"Minetest is an open source clone of the Minecraft building blocks game."' + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" + - option: minetest_port + value: "{{ minetest_port }}" + - option: minetest_enabled + value: "{{ minetest_enabled }}" + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml index 042dccde9..320079d06 100644 --- a/roles/minetest/tasks/main.yml +++ b/roles/minetest/tasks/main.yml @@ -1,109 +1,5 @@ -# Calculate local variables -- include_tasks: calc_vars.yml +- include_tasks: provision.yml + when: minetest_install and not minetest_installed is defined -- name: Check for minetest world file ({{ minetest_world_dir }}/world.mt) - stat: - path: "{{ minetest_world_dir }}/world.mt" - register: minetest_world - -- name: Create /library/games - file: - state: directory - path: "{{ item }}" - owner: root - group: root - mode: 0755 - with_items: - - /library/games - -# rpi only -- include_tasks: rpi_minetest_install.yml - when: not minetest_world.stat.exists and is_rpi - -# not rpi -- include_tasks: minetest_install.yml - when: not minetest_world.stat.exists and not is_rpi - -- git: - repo: https://github.com/Calinou/carbone-ng.git - dest: "{{ minetest_game_dir }}" - depth: 1 - when: not minetest_world.stat.exists and minetest_default_game == "carbone-ng" - -- name: Give minetest user ownership of carbone-ng - file: - state: directory - path: "{{ minetest_game_dir }}" - recurse: yes - owner: "{{ minetest_runas_user }}" - group: "{{ minetest_runas_group }}" - mode: 0755 - when: minetest_default_game == "carbone-ng" - -# Install games -#- include: minetest_install_games.yml -# with_items: -# - name: carbone-ng -# url: https://github.com/Calinou/carbone-ng - -# Install mods -- include: minetest_install_mods.yml - with_items: - - name: moreblocks - url: https://github.com/minetest-mods/moreblocks/archive/master.zip - - name: moreores - url: https://github.com/Calinou/moreores/archive/master.zip - - name: basic_materials - url: https://gitlab.com/VanessaE/basic_materials/-/archive/master/basic_materials-master.zip - - name: mesecons - url: https://github.com/minetest-mods/mesecons/archive/master.zip - - name: digilines - url: https://github.com/minetest-mods/digilines/archive/master.zip - - name: pipeworks - url: https://github.com/minetest-mods/pipeworks/archive/master.zip - - name: Minetest-WorldEdit - url: https://github.com/Uberi/Minetest-WorldEdit/archive/master.zip - when: minetest_default_game == "minetest" - -- name: Remove mod from carbone-ng that prevents our Admin name - file: - state: absent - path: "{{ minetest_game_dir }}/mods/name_restrictions" - when: minetest_default_game == "carbone-ng" - -# enable or disable -- name: Enable & Restart 'minetest-server' service - systemd: - daemon_reload: yes - name: minetest-server - enabled: yes - state: restarted - when: minetest_enabled | bool - -- name: Disable 'minetest-server' service - systemd: - daemon_reload: yes - name: minetest-server - enabled: no - state: stopped - when: not minetest_enabled - -- name: Add 'minetest' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: minetest - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Minetest Server - - option: description - value: '"Minetest is an open source clone of the Minecraft building blocks game."' - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" - - option: minetest_port - value: "{{ minetest_port }}" - - option: minetest_enabled - value: "{{ minetest_enabled }}" - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" +- include_tasks: enable.yml + when: minetest_install or minetest_installed is defined diff --git a/roles/minetest/tasks/provision.yml b/roles/minetest/tasks/provision.yml new file mode 100644 index 000000000..6d19d6010 --- /dev/null +++ b/roles/minetest/tasks/provision.yml @@ -0,0 +1,80 @@ +# Calculate local variables +- include_tasks: calc_vars.yml + +- name: Check for minetest world file ({{ minetest_world_dir }}/world.mt) + stat: + path: "{{ minetest_world_dir }}/world.mt" + register: minetest_world + +- name: Create /library/games + file: + state: directory + path: "{{ item }}" + owner: root + group: root + mode: 0755 + with_items: + - /library/games + +# rpi only +- include_tasks: rpi_minetest_install.yml + when: not minetest_world.stat.exists and is_rpi + +# not rpi +- include_tasks: minetest_install.yml + when: not minetest_world.stat.exists and not is_rpi + +- git: + repo: https://github.com/Calinou/carbone-ng.git + dest: "{{ minetest_game_dir }}" + depth: 1 + when: not minetest_world.stat.exists and minetest_default_game == "carbone-ng" + +- name: Give minetest user ownership of carbone-ng + file: + state: directory + path: "{{ minetest_game_dir }}" + recurse: yes + owner: "{{ minetest_runas_user }}" + group: "{{ minetest_runas_group }}" + mode: 0755 + when: minetest_default_game == "carbone-ng" + +# Install games +#- include: minetest_install_games.yml +# with_items: +# - name: carbone-ng +# url: https://github.com/Calinou/carbone-ng + +# Install mods +- include: minetest_install_mods.yml + with_items: + - name: moreblocks + url: https://github.com/minetest-mods/moreblocks/archive/master.zip + - name: moreores + url: https://github.com/Calinou/moreores/archive/master.zip + - name: basic_materials + url: https://gitlab.com/VanessaE/basic_materials/-/archive/master/basic_materials-master.zip + - name: mesecons + url: https://github.com/minetest-mods/mesecons/archive/master.zip + - name: digilines + url: https://github.com/minetest-mods/digilines/archive/master.zip + - name: pipeworks + url: https://github.com/minetest-mods/pipeworks/archive/master.zip + - name: Minetest-WorldEdit + url: https://github.com/Uberi/Minetest-WorldEdit/archive/master.zip + when: minetest_default_game == "minetest" + +- name: Remove mod from carbone-ng that prevents our Admin name + file: + state: absent + path: "{{ minetest_game_dir }}/mods/name_restrictions" + when: minetest_default_game == "carbone-ng" + +- name: Add 'minetest_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^minetest_installed' + line: 'minetest_installed: True' + state: present + From 9748669a1ba3bd0b640e3de940f19669c2ba5537 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 18:52:46 -0500 Subject: [PATCH 048/148] mosquitto - iiab_installed --- roles/mosquitto/tasks/enable.yml | 21 ++++++++++++++ roles/mosquitto/tasks/install.yml | 38 ++++++++++++++++++++++++ roles/mosquitto/tasks/main.yml | 48 +++---------------------------- 3 files changed, 63 insertions(+), 44 deletions(-) create mode 100644 roles/mosquitto/tasks/enable.yml create mode 100644 roles/mosquitto/tasks/install.yml diff --git a/roles/mosquitto/tasks/enable.yml b/roles/mosquitto/tasks/enable.yml new file mode 100644 index 000000000..a7e1e0768 --- /dev/null +++ b/roles/mosquitto/tasks/enable.yml @@ -0,0 +1,21 @@ +- name: Enable & Start 'mosquitto' service + systemd: + daemon_reload: yes + name: mosquitto + enabled: yes + state: started + when: mosquitto_enabled | bool + +- name: Add 'mosquitto' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: mosquitto + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Mosquitto service + - option: description + value: Mosquitto service + - option: mosquitto_enabled + value: "{{ mosquitto_enabled }}" diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml new file mode 100644 index 000000000..98f27949e --- /dev/null +++ b/roles/mosquitto/tasks/install.yml @@ -0,0 +1,38 @@ +- name: "Install packages: mosquitto, mosquitto-clients" + package: + name: "{{ item }}" + state: present + with_items: + - mosquitto + - mosquitto-clients + tags: download + +- name: Disable & Stop 'mosquitto' service + systemd: + name: mosquitto + enabled: no + state: stopped + +- name: Create (touch) file /etc/mosquitto/passwd + file: + path: /etc/mosquitto/passwd + state: touch + mode: "u=rw,g=r,o=r" # 0644 + +- name: Populate /etc/mosquitto/passwd with actual username/password + shell: mosquitto_passwd -b /etc/mosquitto/passwd "{{ mosquitto_user }}" "{{ mosquitto_password }}" + +- name: Install /etc/mosquitto/conf.d/websockets.conf from template + template: + src: websockets.conf.j2 + dest: /etc/mosquitto/conf.d/websockets.conf + owner: root + group: root + mode: 0755 + +- name: Add 'mosquitto_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^mosquitto_installed' + line: 'mosquitto_installed' + state: present diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml index 53ef14998..b6654ef3b 100644 --- a/roles/mosquitto/tasks/main.yml +++ b/roles/mosquitto/tasks/main.yml @@ -1,45 +1,5 @@ -- name: "Install packages: mosquitto, mosquitto-clients" - package: - name: "{{ item }}" - state: present - with_items: - - mosquitto - - mosquitto-clients - when: mosquitto_install | bool - tags: download +- include_tasks: install.yml + when: mosquitto_install | bool and not mosquitto_installed is defined -- name: Disable & Stop 'mosquitto' service - systemd: - name: mosquitto - enabled: no - state: stopped - when: mosquitto_install | bool - -- name: Create (touch) file /etc/mosquitto/passwd - file: - path: /etc/mosquitto/passwd - state: touch - mode: "u=rw,g=r,o=r" # 0644 - when: mosquitto_install | bool - -- name: Populate /etc/mosquitto/passwd with actual username/password - shell: mosquitto_passwd -b /etc/mosquitto/passwd "{{ mosquitto_user }}" "{{ mosquitto_password }}" - when: mosquitto_install | bool - -- name: Install /etc/mosquitto/conf.d/websockets.conf from template - template: - backup: yes - src: websockets.conf.j2 - dest: /etc/mosquitto/conf.d/websockets.conf - owner: root - group: root - mode: 0755 - when: mosquitto_install | bool - -- name: Enable & Start 'mosquitto' service - systemd: - daemon_reload: yes - name: mosquitto - enabled: yes - state: started - when: mosquitto_enabled | bool +- include_tasks: enable.yml + when: mosquitto_install | bool or mosquitto_installed is defined From dfa9959ddce8cee177560f3f3c20052917617865 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 18:58:46 -0500 Subject: [PATCH 049/148] munin - iiab_installed --- roles/munin/tasks/enable.yml | 67 +++++++++++++++++++ roles/munin/tasks/install.yml | 48 ++++++++++++++ roles/munin/tasks/main.yml | 121 ++-------------------------------- 3 files changed, 121 insertions(+), 115 deletions(-) create mode 100644 roles/munin/tasks/enable.yml create mode 100644 roles/munin/tasks/install.yml diff --git a/roles/munin/tasks/enable.yml b/roles/munin/tasks/enable.yml new file mode 100644 index 000000000..90f5dec4d --- /dev/null +++ b/roles/munin/tasks/enable.yml @@ -0,0 +1,67 @@ +- name: If MySQL is enabled, let Munin monitor it + copy: + src: "{{ item }}" + dest: /etc/munin/plugins/ + with_items: + - /usr/share/munin/plugins/mysql_ + - /usr/share/munin/plugins/mysql_bytes + - /usr/share/munin/plugins/mysql_innodb + - /usr/share/munin/plugins/mysql_isam_space_ + - /usr/share/munin/plugins/mysql_queries + - /usr/share/munin/plugins/mysql_slowqueries + - /usr/share/munin/plugins/mysql_threads + when: mysql_enabled | bool + +- name: Enable & Start munin-node systemd service + systemd: + name: munin-node + enabled: yes + state: started + when: munin_enabled | bool + +- name: Disable munin-node service if not munin_enabled + systemd: + name: munin-node + enabled: no + state: stopped + when: not munin_enabled + +- name: Create symlink munin24.conf from sites-enabled to sites-available (debuntu) + file: + src: /etc/apache2/sites-available/munin24.conf + path: /etc/apache2/sites-enabled/munin24.conf + state: link + when: munin_enabled and not nginx_enabled + +- name: Remove symlink /etc/apache2/sites-enabled/munin24.conf if not munin_enabled (debuntu) + file: + path: /etc/apache2/sites-enabled/munin24.conf + state: absent + when: not munin_enabled or nginx_enabled + +- name: Install /etc/nginx/conf.d/munin24-nginx.conf, from templates + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + with_items: + - { src: 'munin24-nginx.conf.j2', dest: '/etc/nginx/conf.d/munin24-nginx.conf + when: munin_enabled | bool and nginx_enabled | bool + +- name: Add 'munin' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: munin + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Munin + - option: description + value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and \"what just happened to kill our performance?\" problems."' + - option: installed + value: "{{ munin_install }}" + - option: enabled + value: "{{ munin_enabled }}" diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml new file mode 100644 index 000000000..19f8b8de2 --- /dev/null +++ b/roles/munin/tasks/install.yml @@ -0,0 +1,48 @@ +- name: 'Install 5 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl, libapache2-mod-fcgid (debuntu)' + package: + name: + - munin + - munin-node + - munin-plugins-extra + - libcgi-fast-perl + - libapache2-mod-fcgid + state: present + tags: + - download + when: is_debuntu | bool + +- name: "Install 2 packages: munin, munin-node (OS's other than debuntu)" + package: + name: + - munin + - munin-node + state: present + tags: + - download + when: not is_debuntu + +- name: Install /etc/munin/munin.conf and Apache's munin24.conf, from templates + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + with_items: + - { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' } + - { src: 'munin24.conf.j2', dest: '/etc/{{ apache_config_dir }}/munin24.conf' } + +- name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd + htpasswd: + path: /etc/munin/munin-htpasswd + name: Admin + password: changeme + create: yes + state: present + +- name: Add 'munin_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^munin_installed' + line: 'munin_installed' + state: present diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 054d0de78..7a0857f42 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -1,116 +1,7 @@ -- name: 'Install 5 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl, libapache2-mod-fcgid (debuntu)' - package: - name: - - munin - - munin-node - - munin-plugins-extra - - libcgi-fast-perl - - libapache2-mod-fcgid - state: present - tags: - - download - when: is_debuntu | bool +- name: Install munin + include_tasks: install.yml + when: munin_install | bool and not munin_installed is defined -- name: "Install 2 packages: munin, munin-node (OS's other than debuntu)" - package: - name: - - munin - - munin-node - state: present - tags: - - download - when: not is_debuntu - -##### nginx only ##### -- name: Install /etc/munin/munin.conf and Apache's munin24.conf, from templates - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 - with_items: - - { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' } - - { src: 'munin24-nginx.conf.j2', dest: '/etc/nginx/conf.d/munin24-nginx.conf' } - -- name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd - htpasswd: - path: /etc/munin/munin-htpasswd - name: Admin - password: changeme - create: yes - state: present - -- name: Enable & Start munin-node systemd service - service: - name: munin-node - enabled: yes - state: started - when: munin_enabled | bool - -- name: Disable munin-node service if not munin_enabled - service: - name: munin-node - enabled: no - state: stopped - when: not munin_enabled - -- name: If MySQL is enabled, let Munin monitor it - copy: - src: "{{ item }}" - dest: /etc/munin/plugins/ - with_items: - - /usr/share/munin/plugins/mysql_ - - /usr/share/munin/plugins/mysql_bytes - - /usr/share/munin/plugins/mysql_innodb - - /usr/share/munin/plugins/mysql_isam_space_ - - /usr/share/munin/plugins/mysql_queries - - /usr/share/munin/plugins/mysql_slowqueries - - /usr/share/munin/plugins/mysql_threads - when: mysql_enabled | bool - -- name: Create symlink for awstats.pl from cgi-bin/awstats/awstats.pl to ../ so that the old apache links to awstats will work after change to nginx - file: - src: /usr/lib/cgi-bin/awstats.pl - path: /usr/lib/cgi-bin/awstats/awstats.pl - state: link - -- name: Install /etc/awstats/awstats.schoolserver.conf - template: - src: awstats.schoolserver.conf.j2 - dest: /etc/awstats/awstats.schoolserver.conf - owner: root - group: root - mode: 0644 - when: awstats_enabled | bool - -- name: Create a symlink /etc/awstats/awstats.conf for access by IP address - file: - src: /etc/awstats/awstats.schoolserver.conf - path: /etc/awstats/awstats.conf - state: link - when: awstats_enabled | bool - -- name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu) - shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update - when: awstats_enabled and not is_debuntu - -- name: On first enabling of AWStats, summarize httpd logs up to now (debuntu) - shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update - when: awstats_enabled and is_debuntu - -- name: Add 'munin' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: munin - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Munin - - option: description - value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and \"what just happened to kill our performance?\" problems."' - - option: installed - value: "{{ munin_install }}" - - option: enabled - value: "{{ munin_enabled }}" +- name: Enable munin + include_tasks: enable.yml + when: munin_install | bool or munin_installed is defined From 8bce254e22c56a4d7e0aaf924bbb663e58b94376 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 14 Sep 2019 19:41:58 -0500 Subject: [PATCH 050/148] nodered - iiab_installed --- roles/nodered/tasks/enable.yml | 52 +++++++ roles/nodered/tasks/group.yml | 26 ++++ roles/nodered/tasks/install.yml | 106 ++++++++++++++ roles/nodered/tasks/main.yml | 243 +------------------------------ roles/nodered/tasks/rpi_desk.yml | 45 ++++++ 5 files changed, 233 insertions(+), 239 deletions(-) create mode 100644 roles/nodered/tasks/enable.yml create mode 100644 roles/nodered/tasks/group.yml create mode 100644 roles/nodered/tasks/install.yml create mode 100644 roles/nodered/tasks/rpi_desk.yml diff --git a/roles/nodered/tasks/enable.yml b/roles/nodered/tasks/enable.yml new file mode 100644 index 000000000..d3f9783c4 --- /dev/null +++ b/roles/nodered/tasks/enable.yml @@ -0,0 +1,52 @@ +- name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled) + file: + src: /etc/apache2/sites-available/nodered.conf + dest: /etc/apache2/sites-enabled/nodered.conf + owner: root + group: root + state: link + when: nodered_enabled | bool + +- name: Remove symlink /etc/apache2/sites-enabled/nodered.conf (if not nodered_enabled) + file: + path: /etc/apache2/sites-enabled/nodered.conf + state: absent + when: not nodered_enabled + +- name: Enable & (Re)start 'nodered' systemd service (if nodered_enabled) + systemd: + daemon_reload: yes + name: nodered + enabled: yes + state: restarted + when: nodered_enabled | bool + +- name: Disable & Stop 'nodered' systemd service (if not nodered_enabled) + systemd: + daemon_reload: yes + name: nodered + enabled: no + state: stopped + when: not nodered_enabled + +- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered) + systemd: + name: "{{ apache_service }}" # httpd or apache2 + state: restarted + when: nodered_install | bool + +- name: Add 'nodered' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: nodered + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Node-RED + - option: description + value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."' + - option: nodered_install + value: "{{ nodered_install }}" + - option: nodered_enabled + value: "{{ nodered_enabled }}" diff --git a/roles/nodered/tasks/group.yml b/roles/nodered/tasks/group.yml new file mode 100644 index 000000000..ad4499023 --- /dev/null +++ b/roles/nodered/tasks/group.yml @@ -0,0 +1,26 @@ +- name: Ensure Linux group 'nodered' exists (if not rpi) + group: + name: nodered + state: present + +- name: Ensure Linux user 'nodered' exists and is added to group 'nodered' (if not rpi) + user: + name: nodered + group: nodered + +- name: Ensure directory /home/nodered/.node-red/ exists (if not rpi) + file: + path: /home/nodered/.node-red + state: directory + owner: nodered + group: nodered + mode: 0775 + +- name: Install /home/nodered/.node-red/settings.js from template, with authentication (if not rpi) + template: + backup: yes + src: settings.js.j2 + dest: /home/nodered/.node-red/settings.js + owner: nodered + group: nodered + mode: 0755 diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml new file mode 100644 index 000000000..f1f064c7b --- /dev/null +++ b/roles/nodered/tasks/install.yml @@ -0,0 +1,106 @@ +# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) & +# npm to roles/nodejs/tasks/main.yml, triggered by roles/nodered/meta/main.yml + +# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & +# Ubermix that often include an older version of Node-RED. Brutal, as this +# removes customizations on graphical desktop OS's e.g. Raspbian Desktop's: +# 1. Node-RED's icon (Raspberry Menu in top-left -> Programming -> Node-RED) +# 2. scripts like {node-red-start, node-red-stop, node-red-log} in /usr/bin +# 3. other changes per /usr/bin/update-nodejs-and-nodered summarized at +# https://nodered.org/docs/hardware/raspberrypi for example low-memory +# flag --max_old_space_size=256 for unit file (we're using 128 on RPi) +# That we'll reconstitute below! +- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING 'nodered' (IF PREVIOUSLY INSTALLED BY OS PKG MANAGER) + package: + name: nodered + state: absent + when: nodered_install | bool + +# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED +# environment, inspired by: +# https://nodered.org/docs/hardware/raspberrypi +# https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered +# https://github.com/iiab/iiab/pull/1497 + +- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" + command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard + #command: npm install -g --unsafe-perm node-red@latest node-red-admin@latest node-red-dashboard@latest + # Above "@latest" is recommended by https://nodered.org/docs/hardware/raspberrypi (SHOULD WE CONSIDER?) + when: nodered_install and internet_available + +- name: "Globally 'npm install' 8 Node-RED learning examples for RPi: node-red-contrib-ibm-watson-iot, node-red-contrib-play-audio, node-red-node-ledborg, node-red-node-ping, node-red-node-pi-sense-hat, node-red-node-random, node-red-node-serialport, node-red-node-smooth" + command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth + when: nodered_install and internet_available and is_rpi + +## To protect pre-installed packages within /usr/lib/node_modules in graphical +## desktop OS's like Raspbian Desktop & Ubermix, we now only install those that +## are missing -- among the 3+8 below. WARNING: THIS COULD POTENTIALLY LEAD TO +## INCOMPATIBILITIES, IF OS'S /usr/lib/node_modules/node-red GETS OUT OF DATE! +# +## /usr/lib/node_modules/node-red is PRE-INSTALLED by Raspbian Desktop, even if +## their package (42MB, 0.19.4) is a bit out of date compared to npm's (55MB, +## 0.19.5) as of 2019-02-12. Among others in /usr/lib/node_modules, pre-placed +## by Raspbian Desktop's apt package 'nodered': +## node-red-contrib-ibm-watson-iot, node-red-contrib-play-audio, +## node-red-node-ledborg, node-red-node-ping, node-red-node-pi-sense-hat +## node-red-node-random, node-red-node-serialport, node-red-node-smooth +#- name: Globally 'npm install' pkg 'node-red' if /usr/lib/node_modules/node-red missing (most OS's except for Raspbian Desktop) +# #command: npm install -g --unsafe-perm node-red +# command: npm install -g --unsafe-perm node-red@latest +# args: +# creates: /usr/lib/node_modules/node-red +# when: nodered_install and internet_available +# +## NOT pre-installed by Raspbian Desktop as of 2019-02-12...so we install this +## on most all OS's: +#- name: Globally 'npm install' pkg 'node-red-admin' if /usr/lib/node_modules/node-red-admin missing (most OS's) +# command: npm install -g --unsafe-perm node-red-admin +# args: +# creates: /usr/lib/node_modules/node-red-admin +# when: nodered_install and internet_available +# +## NOT pre-installed by Raspbian Desktop as of 2019-02-12...so we install this +## on most all OS's: +#- name: Globally 'npm install' pkg 'node-red-dashboard' if /usr/lib/node_modules/node-red-dashboard missing (most OS's) +# command: npm install -g --unsafe-perm node-red-dashboard +# args: +# creates: /usr/lib/node_modules/node-red-dashboard +# when: nodered_install and internet_available + +- include_tasks: group.yml + when: nodered_install and not is_rpi + +- include_tasks: rpi_desk.yml + when: nodered_install and internet_available and is_rpi + +- name: Install /etc/systemd/system/nodered.service systemd unit file from template + template: + backup: yes + src: nodered.service.j2 + dest: /etc/systemd/system/nodered.service + owner: root + group: root + mode: 0666 + +- name: Install Apache's sites-available/nodered.conf from template + template: + backup: yes + src: nodered.conf.j2 + dest: /etc/apache2/sites-available/nodered.conf + owner: root + group: root + mode: 0666 + +# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml +- name: Enable proxy_wstunnel apache2 module + apache2_module: + state: present + name: proxy_wstunnel + +- name: Add 'nodered_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^nodered_installed' + line: 'nodered_installed' + state: present + diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 88ce8196d..3b5001416 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -1,240 +1,5 @@ -# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) & -# npm to roles/nodejs/tasks/main.yml, triggered by roles/nodered/meta/main.yml +- include_tasks: install.yml + when: nodered_install | bool and not nodered_installed is defined -# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & -# Ubermix that often include an older version of Node-RED. Brutal, as this -# removes customizations on graphical desktop OS's e.g. Raspbian Desktop's: -# 1. Node-RED's icon (Raspberry Menu in top-left -> Programming -> Node-RED) -# 2. scripts like {node-red-start, node-red-stop, node-red-log} in /usr/bin -# 3. other changes per /usr/bin/update-nodejs-and-nodered summarized at -# https://nodered.org/docs/hardware/raspberrypi for example low-memory -# flag --max_old_space_size=256 for unit file (we're using 128 on RPi) -# That we'll reconstitute below! -- name: ASK apt/yum/dnf TO REMOVE PRE-EXISTING 'nodered' (IF PREVIOUSLY INSTALLED BY OS PKG MANAGER) - package: - name: nodered - state: absent - when: nodered_install | bool - -# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED -# environment, inspired by: -# https://nodered.org/docs/hardware/raspberrypi -# https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered -# https://github.com/iiab/iiab/pull/1497 - -- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" - command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard - #command: npm install -g --unsafe-perm node-red@latest node-red-admin@latest node-red-dashboard@latest - # Above "@latest" is recommended by https://nodered.org/docs/hardware/raspberrypi (SHOULD WE CONSIDER?) - when: nodered_install and internet_available - -- name: "Globally 'npm install' 8 Node-RED learning examples for RPi: node-red-contrib-ibm-watson-iot, node-red-contrib-play-audio, node-red-node-ledborg, node-red-node-ping, node-red-node-pi-sense-hat, node-red-node-random, node-red-node-serialport, node-red-node-smooth" - command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth - when: nodered_install and internet_available and is_rpi - -# TEST UNNEC ICON/MENU FILE PLACEMENT ON RASPIAN LITE TOO ! -- name: 'Download/Install 4 useful items for RPi: Node-RED icon, start menu item, /etc/logrotate.d/nodered, tweaked "Pi cpu temperature.json"' - get_url: - url: "{{ item.url }}" - dest: "{{ item.dest }}" - with_items: - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg - dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop - dest: /usr/share/applications/Node-RED.desktop - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate - dest: /etc/logrotate.d/nodered - - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' - dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' - when: nodered_install and internet_available and is_rpi - -#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) -# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' -# when: nodered_install and internet_available and is_rpi - -- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' - get_url: - url: "{{ item }}" - dest: /usr/bin - mode: a+x - with_items: - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log - when: nodered_install and internet_available and is_rpi - -## To protect pre-installed packages within /usr/lib/node_modules in graphical -## desktop OS's like Raspbian Desktop & Ubermix, we now only install those that -## are missing -- among the 3+8 below. WARNING: THIS COULD POTENTIALLY LEAD TO -## INCOMPATIBILITIES, IF OS'S /usr/lib/node_modules/node-red GETS OUT OF DATE! -# -## /usr/lib/node_modules/node-red is PRE-INSTALLED by Raspbian Desktop, even if -## their package (42MB, 0.19.4) is a bit out of date compared to npm's (55MB, -## 0.19.5) as of 2019-02-12. Among others in /usr/lib/node_modules, pre-placed -## by Raspbian Desktop's apt package 'nodered': -## node-red-contrib-ibm-watson-iot, node-red-contrib-play-audio, -## node-red-node-ledborg, node-red-node-ping, node-red-node-pi-sense-hat -## node-red-node-random, node-red-node-serialport, node-red-node-smooth -#- name: Globally 'npm install' pkg 'node-red' if /usr/lib/node_modules/node-red missing (most OS's except for Raspbian Desktop) -# #command: npm install -g --unsafe-perm node-red -# command: npm install -g --unsafe-perm node-red@latest -# args: -# creates: /usr/lib/node_modules/node-red -# when: nodered_install and internet_available -# -## NOT pre-installed by Raspbian Desktop as of 2019-02-12...so we install this -## on most all OS's: -#- name: Globally 'npm install' pkg 'node-red-admin' if /usr/lib/node_modules/node-red-admin missing (most OS's) -# command: npm install -g --unsafe-perm node-red-admin -# args: -# creates: /usr/lib/node_modules/node-red-admin -# when: nodered_install and internet_available -# -## NOT pre-installed by Raspbian Desktop as of 2019-02-12...so we install this -## on most all OS's: -#- name: Globally 'npm install' pkg 'node-red-dashboard' if /usr/lib/node_modules/node-red-dashboard missing (most OS's) -# command: npm install -g --unsafe-perm node-red-dashboard -# args: -# creates: /usr/lib/node_modules/node-red-dashboard -# when: nodered_install and internet_available - - -- name: Create /home/pi/.node-red/ directory (rpi) - file: - path: /home/pi/.node-red - state: directory - owner: pi - group: pi - mode: 0775 - when: nodered_install and is_rpi - -- name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) - template: - backup: yes - src: settings.js.j2 - dest: /home/pi/.node-red/settings.js - owner: pi - group: pi - mode: 0755 - when: nodered_install and is_rpi - -- name: Ensure Linux group 'nodered' exists (if not rpi) - group: - name: nodered - state: present - when: nodered_install and not is_rpi - -- name: Ensure Linux user 'nodered' exists and is added to group 'nodered' (if not rpi) - user: - name: nodered - group: nodered - when: nodered_install and not is_rpi - -- name: Ensure directory /home/nodered/.node-red/ exists (if not rpi) - file: - path: /home/nodered/.node-red - state: directory - owner: nodered - group: nodered - mode: 0775 - when: nodered_install and not is_rpi - -- name: Install /home/nodered/.node-red/settings.js from template, with authentication (if not rpi) - template: - backup: yes - src: settings.js.j2 - dest: /home/nodered/.node-red/settings.js - owner: nodered - group: nodered - mode: 0755 - when: nodered_install and not is_rpi - - -- name: Install /etc/systemd/system/nodered.service systemd unit file from template - template: - backup: yes - src: nodered.service.j2 - dest: /etc/systemd/system/nodered.service - owner: root - group: root - mode: 0666 - when: nodered_install | bool - -- name: Install Apache's sites-available/nodered.conf from template - template: - backup: yes - src: nodered.conf.j2 - dest: /etc/apache2/sites-available/nodered.conf - owner: root - group: root - mode: 0666 - when: nodered_install | bool - -- name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled) - file: - src: /etc/apache2/sites-available/nodered.conf - dest: /etc/apache2/sites-enabled/nodered.conf - owner: root - group: root - state: link - when: nodered_enabled | bool - -- name: Remove symlink /etc/apache2/sites-enabled/nodered.conf (if not nodered_enabled) - file: - path: /etc/apache2/sites-enabled/nodered.conf - state: absent - when: not nodered_enabled - -# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml -- name: Remove symlink /etc/nginx/conf.d/nodered-nginx.conf (if not nodered_enabled) - file: - path: /etc/nginx/conf.d/nodered-nginx.conf - state: absent - when: not nodered_enabled - -- name: Enable proxy_wstunnel apache2 module - apache2_module: - state: present - name: proxy_wstunnel - when: nodered_install | bool - -- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered) - systemd: - #daemon_reload: yes - name: "{{ apache_service }}" # httpd or apache2 - state: restarted - when: nodered_install | bool - -- name: Enable & (Re)start 'nodered' systemd service (if nodered_enabled) - systemd: - daemon_reload: yes - name: nodered - enabled: yes - state: restarted - when: nodered_enabled | bool - -- name: Disable & Stop 'nodered' systemd service (if not nodered_enabled) - systemd: - daemon_reload: yes - name: nodered - enabled: no - state: stopped - when: not nodered_enabled - - -- name: Add 'nodered' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: nodered - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Node-RED - - option: description - value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."' - - option: nodered_install - value: "{{ nodered_install }}" - - option: nodered_enabled - value: "{{ nodered_enabled }}" +- include_tasks: enable.yml + when: nodered_install | bool or nodered_installed is defined diff --git a/roles/nodered/tasks/rpi_desk.yml b/roles/nodered/tasks/rpi_desk.yml new file mode 100644 index 000000000..ed15fb587 --- /dev/null +++ b/roles/nodered/tasks/rpi_desk.yml @@ -0,0 +1,45 @@ +# TEST UNNEC ICON/MENU FILE PLACEMENT ON RASPIAN LITE TOO ! +- name: 'Download/Install 4 useful items for RPi: Node-RED icon, start menu item, /etc/logrotate.d/nodered, tweaked "Pi cpu temperature.json"' + get_url: + url: "{{ item.url }}" + dest: "{{ item.dest }}" + with_items: + - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg + dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop + dest: /usr/share/applications/Node-RED.desktop + - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate + dest: /etc/logrotate.d/nodered + - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' + dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' + +#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) +# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' +# when: nodered_install and internet_available and is_rpi + +- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' + get_url: + url: "{{ item }}" + dest: /usr/bin + mode: a+x + with_items: + - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start + - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop + - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart + - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log + +- name: Create /home/pi/.node-red/ directory (rpi) + file: + path: /home/pi/.node-red + state: directory + owner: pi + group: pi + mode: 0775 + +- name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) + template: + src: settings.js.j2 + dest: /home/pi/.node-red/settings.js + owner: pi + group: pi + mode: 0755 From 70e7c7c7b5dfb48ea99d7fc859553f206fc6a138 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 7 Oct 2019 12:11:21 -0500 Subject: [PATCH 051/148] needs True --- roles/awstats/tasks/install.yml | 2 +- roles/azuracast/tasks/install.yml | 2 +- roles/bluetooth/tasks/install.yml | 2 +- roles/calibre-web/tasks/install.yml | 2 +- roles/calibre/tasks/install.yml | 2 +- roles/dokuwiki/tasks/install.yml | 2 +- roles/elgg/tasks/install.yml | 2 +- roles/gitea/tasks/install.yml | 2 +- roles/gitea/tasks/main.yml | 2 +- roles/kalite/tasks/setup.yml | 2 +- roles/kiwix/tasks/kiwix_install.yml | 2 +- roles/kolibri/tasks/install.yml | 2 +- roles/lokole/tasks/install.yml | 2 +- roles/mediawiki/tasks/install.yml | 2 +- roles/moodle/tasks/install.yml | 2 +- roles/mosquitto/tasks/install.yml | 2 +- roles/munin/tasks/install.yml | 2 +- roles/nextcloud/tasks/install.yml | 2 +- roles/nodered/tasks/install.yml | 2 +- roles/sugarizer/tasks/install.yml | 2 +- roles/wordpress/tasks/install.yml | 2 +- 21 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index ca87d8464..6851ec51f 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -98,5 +98,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^awstats_installed' - line: 'awstats_installed' + line: 'awstats_installed: True' state: present diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index 388ce8433..b6cc54690 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -68,5 +68,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^azuracast_installed' - line: 'azuracast_installed' + line: 'azuracast_installed: True' state: present diff --git a/roles/bluetooth/tasks/install.yml b/roles/bluetooth/tasks/install.yml index b35817cfa..eee38eb76 100644 --- a/roles/bluetooth/tasks/install.yml +++ b/roles/bluetooth/tasks/install.yml @@ -59,5 +59,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^pan_bluetooth_installed' - line: 'pan_bluetooth_installed' + line: 'pan_bluetooth_installed: True' state: present diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 9311c0443..43263d259 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -106,5 +106,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^calibreweb_installed' - line: 'calibreweb_installed' + line: 'calibreweb_installed: True' state: present diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index c0e147e8a..4b5aa5081 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -83,5 +83,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^calibreweb_installed' - line: 'calibre_installed' + line: 'calibre_installed: True' state: present diff --git a/roles/dokuwiki/tasks/install.yml b/roles/dokuwiki/tasks/install.yml index 8cb0e9983..9333aa6fb 100644 --- a/roles/dokuwiki/tasks/install.yml +++ b/roles/dokuwiki/tasks/install.yml @@ -52,5 +52,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^dokuwiki_installed' - line: 'dokuwiki_installed' + line: 'dokuwiki_installed: True' state: present diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml index 5adaecbb5..7b6275056 100644 --- a/roles/elgg/tasks/install.yml +++ b/roles/elgg/tasks/install.yml @@ -91,6 +91,6 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^elgg_installed' - line: 'elgg_installed' + line: 'elgg_installed: True' state: present diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 8688ab94d..1e8136f60 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -129,5 +129,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^gitea_installed' - line: 'gitea_installed' + line: 'gitea_installed: True' state: present diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 89fb7bb80..ee7f6aa28 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -3,5 +3,5 @@ when: gitea_install | bool and not gitea_installed is defined - name: Enable Gitea {{ gitea_version }} if gitea_install - include_tasks: enabled.yml + include_tasks: enable.yml when: gitea_install | bool or gitea_installed is defined diff --git a/roles/kalite/tasks/setup.yml b/roles/kalite/tasks/setup.yml index e0da386ae..97ce8c47b 100644 --- a/roles/kalite/tasks/setup.yml +++ b/roles/kalite/tasks/setup.yml @@ -19,5 +19,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^kalite_installed' - line: 'kalite_installed' + line: 'kalite_installed: True' state: present diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index f541a7b69..d030d5442 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -93,5 +93,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^kiwix_installed' - line: 'kiwix_installed' + line: 'kiwix_installed: True' state: present diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index a9fd119f8..ba1789d65 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -116,5 +116,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^kolibri_installed' - line: 'kolibri_installed' + line: 'kolibri_installed: True' state: present diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index b735a7f40..67e2b881a 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -102,5 +102,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^lokole_installed' - line: 'lokole_installed' + line: 'lokole_installed: True' state: present diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index e39565774..079d93668 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -69,5 +69,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^mediawiki_installed' - line: 'mediawiki_installed' + line: 'mediawiki_installed: True' state: present diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 6323fdcb7..7f2327ee5 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -142,5 +142,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^moodle_installed' - line: 'moodle_installed' + line: 'moodle_installed: True' state: present diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml index 98f27949e..faeef6dd7 100644 --- a/roles/mosquitto/tasks/install.yml +++ b/roles/mosquitto/tasks/install.yml @@ -34,5 +34,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^mosquitto_installed' - line: 'mosquitto_installed' + line: 'mosquitto_installed: True' state: present diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 19f8b8de2..3f826f532 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -44,5 +44,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^munin_installed' - line: 'munin_installed' + line: 'munin_installed: True' state: present diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index c3ac98b76..fc5e67c66 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -186,5 +186,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^nextcloud_installed' - line: 'nextcloud_installed' + line: 'nextcloud_installed: True' state: present diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index f1f064c7b..a4122b095 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -101,6 +101,6 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^nodered_installed' - line: 'nodered_installed' + line: 'nodered_installed: True' state: present diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 64d807659..68fe17ee9 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -225,5 +225,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^sugarizer_installed' - line: 'sugarizer_installed' + line: 'sugarizer_installed: True' state: present diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 09568ccb4..a025c04ad 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -105,5 +105,5 @@ lineinfile: dest: "{{ iiab_installed }}" regexp: '^wordpress_installed' - line: 'wordpress_installed' + line: 'wordpress_installed: True' state: present From b1ad64974ef5e0345ae4eae109f71b302a75841a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 14 Oct 2019 12:18:16 -0500 Subject: [PATCH 052/148] mongodb - iiab_installed --- roles/mongodb/tasks/enable.yml | 38 ++++++++++++++++++++++++++++ roles/mongodb/tasks/install.yml | 44 +++++---------------------------- roles/mongodb/tasks/main.yml | 7 +++++- 3 files changed, 50 insertions(+), 39 deletions(-) create mode 100644 roles/mongodb/tasks/enable.yml diff --git a/roles/mongodb/tasks/enable.yml b/roles/mongodb/tasks/enable.yml new file mode 100644 index 000000000..f7bf994f0 --- /dev/null +++ b/roles/mongodb/tasks/enable.yml @@ -0,0 +1,38 @@ +# 3. ENABLE/DISABLE + +# 2019-07-08: mongodb_install is completely ignored. FYI mongodb_enabled: False +# works but is ineffective, as Sugarizer starts mongodb's systemd svc on its own + +- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?) + systemd: + name: mongodb + daemon_reload: yes + enabled: yes + state: restarted + when: mongodb_enabled | bool + +- name: Disable 'mongodb' service, if not mongodb_enabled + systemd: + name: mongodb + daemon_reload: yes + enabled: no + state: stopped + when: not mongodb_enabled + + +# 4. DOCUMENT IN /etc/iiab/iiab.ini + +- name: Add 'mongodb' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: mongodb + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: MongoDB + - option: description + value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' + - option: enabled + value: "{{ mongodb_enabled }}" + diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index c87cf49fa..27f69241c 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -128,41 +128,9 @@ - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' } - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' } - -# 3. ENABLE/DISABLE - -# 2019-07-08: mongodb_install is completely ignored. FYI mongodb_enabled: False -# works but is ineffective, as Sugarizer starts mongodb's systemd svc on its own - -- name: Enable & Restart 'mongodb' systemd service if mongodb_enabled, incl daemon-reload (in case mongodb.service changed?) - systemd: - name: mongodb - daemon_reload: yes - enabled: yes - state: restarted - when: mongodb_enabled | bool - -- name: Disable 'mongodb' service, if not mongodb_enabled - systemd: - name: mongodb - daemon_reload: yes - enabled: no - state: stopped - when: not mongodb_enabled - - -# 4. DOCUMENT IN /etc/iiab/iiab.ini - -- name: Add 'mongodb' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: mongodb - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: MongoDB - - option: description - value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' - - option: enabled - value: "{{ mongodb_enabled }}" +- name: Add 'mongodb_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^mongodb_installed' + line: 'mongodb_installed: True' + state: present diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index c3d3f8eba..61a2aa429 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -3,4 +3,9 @@ - name: Install 'mongodb' if not Debian 10+ include_tasks: install.yml - when: not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) + when: not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) and not mongodb_installed is defined + +- name: Enable 'mongodb' if not Debian 10+ + include_tasks: enable.yml + when: not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) or mongodb_installed is defined + From 348bb700df174d374912f23c35014f4a6ae23f54 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 10 Oct 2019 00:05:02 -0500 Subject: [PATCH 053/148] provide ICO fuctionality at cmdline --- iiab-configure | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100755 iiab-configure diff --git a/iiab-configure b/iiab-configure new file mode 100755 index 000000000..ad492627a --- /dev/null +++ b/iiab-configure @@ -0,0 +1,12 @@ +#!/bin/bash + +INVENTORY="ansible_hosts" +PLAYBOOK="iiab-from-console.yml" +CWD=`pwd` +if [ ! -f $PLAYBOOK ]; then + echo "Exiting: IIAB Playbook not found." + echo "Please run this in /opt/iiab/iiab (top level of the git repo)." + exit 1 +fi +export ANSIBLE_LOG_PATH="$CWD/iiab-configure.log" +ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local From bcda29992a7f6e0a97857a95cbec5f2758520c33 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 03:32:31 -0500 Subject: [PATCH 054/148] iiab-configure - deal with web services only --- iiab-configure | 2 +- iiab-from-cmdline.yml | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 iiab-from-cmdline.yml diff --git a/iiab-configure b/iiab-configure index ad492627a..cd6c69d17 100755 --- a/iiab-configure +++ b/iiab-configure @@ -1,7 +1,7 @@ #!/bin/bash INVENTORY="ansible_hosts" -PLAYBOOK="iiab-from-console.yml" +PLAYBOOK="iiab-from-cmdline.yml" CWD=`pwd` if [ ! -f $PLAYBOOK ]; then echo "Exiting: IIAB Playbook not found." diff --git a/iiab-from-cmdline.yml b/iiab-from-cmdline.yml new file mode 100644 index 000000000..4bf43513b --- /dev/null +++ b/iiab-from-cmdline.yml @@ -0,0 +1,18 @@ +--- +- hosts: all + become: yes + + vars_files: + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/config_vars2.yml + + roles: + - { role: 0-init, tags: ['0-init'] } + - { role: 4-server-options, tags: ['4-server-options'] } + - { role: 5-xo-services, tags: ['5-xo-services'] } + - { role: 6-generic-apps, tags: ['6-generic-apps'] } + - { role: 7-edu-apps, tags: ['7-edu-apps'] } + - { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] } + - { role: 9-local-addons, tags: ['9-local-addons'] } From b75261fa06ebb51a0f60df175fabab670d2c07b0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 1 Oct 2019 06:06:17 -0500 Subject: [PATCH 055/148] use config_vars2 in source yaml files --- iiab-from-console.yml | 2 +- roles/0-init/tasks/main.yml | 5 +++++ run-one-role.yml | 2 +- vars/default_vars.yml | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/iiab-from-console.yml b/iiab-from-console.yml index 9756638b9..0bbed7cda 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -6,7 +6,7 @@ - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - /etc/iiab/local_vars.yml - - /etc/iiab/config_vars.yml + - /etc/iiab/config_vars2.yml roles: - { role: 0-init, tags: ['0-init'] } diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8cfed2864..f1247b4d4 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -1,4 +1,9 @@ # Initialize +- name: Create {{ iiab_installed }} + file: + path: "{{ iiab_installed }}" + state: touch + - name: ...IS BEGINNING ============================================ stat: path: "{{ iiab_env_file }}" diff --git a/run-one-role.yml b/run-one-role.yml index fdc678c37..8ceeaf7bf 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -6,7 +6,7 @@ - vars/default_vars.yml - "vars/{{ ansible_local.local_facts.os_ver }}.yml" - /etc/iiab/local_vars.yml - - /etc/iiab/config_vars.yml + - /etc/iiab/config_vars2.yml roles: - { role: 0-init, tags: ['0-init'] } diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 2277dee4a..dbef01b78 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,7 +16,7 @@ iiab_local_vars_file: "{{ iiab_etc_path }}/local_vars.yml" # Installation status files iiab_env_file: "{{ iiab_etc_path }}/iiab.env" iiab_ini_file: "{{ iiab_etc_path }}/iiab.ini" -iiab_installed: "{{ iiab_etc_path }}/config_vars.yml" +iiab_installed: "{{ iiab_etc_path }}/config_vars2.yml" iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" From 07a30132b63a6a537728a12e9c415820cb9f96da Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 14 Oct 2019 15:05:06 -0500 Subject: [PATCH 056/148] mongo installed on image but not recorded workaround --- iiab-configure | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/iiab-configure b/iiab-configure index cd6c69d17..5f2bbc943 100755 --- a/iiab-configure +++ b/iiab-configure @@ -3,10 +3,17 @@ INVENTORY="ansible_hosts" PLAYBOOK="iiab-from-cmdline.yml" CWD=`pwd` +APPS=/etc/iiab/config_vars2.yml if [ ! -f $PLAYBOOK ]; then echo "Exiting: IIAB Playbook not found." echo "Please run this in /opt/iiab/iiab (top level of the git repo)." exit 1 fi +if grep -q sugar $APPS; then + if ! grep -q mongodb $APPS; then + echo "mongodb_installed: True" >> $APPS + fi +fi + export ANSIBLE_LOG_PATH="$CWD/iiab-configure.log" ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local From 0fd9a9ac52093ffad4e2bb80e5e66db377ded6c3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 14 Oct 2019 23:28:15 -0500 Subject: [PATCH 057/148] iiab-install can use faster code if /etc/iiab/config_vars2.yml exists --- iiab-install | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/iiab-install b/iiab-install index 734caf682..f63bb411b 100755 --- a/iiab-install +++ b/iiab-install @@ -138,6 +138,7 @@ if [ -f /etc/iiab/iiab.env ]; then echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9." echo -e "Use './runrole' to run a single Stage or Role." echo -e "Use './iiab-network' to run Network sections.\n\n" + echo -e "Use './iiab-configure' to turn installed service on|off via local_vars.yml.\n\n" exit 0 # allows rerunning http://download.iiab.io/6.7/install.txt fi fi @@ -145,6 +146,20 @@ if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then echo -e "\n'--debug' *ignored* as STAGE (counter) < 2." fi +if [ -f $APPS ]; then + if grep -q sugar $APPS; then + if ! grep -q mongodb $APPS; then + echo "mongodb_installed: True" >> $APPS + fi + + if [ "$STAGE" -eq 2 ]; then + echo -e "\n completing stage 3 from iiab image" + systemctl start iiab-setup-db + fi + PLAYBOOK="iiab-from-console.yml" + ARGS="" +fi + echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!\n" echo -e "Running local playbooks....Stage 0 will now run....followed by Stages $(($STAGE + 1))-9" From 4d4c4286678ee9ede61c3ca6c742e32063a6685e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 15 Oct 2019 04:51:59 -0500 Subject: [PATCH 058/148] remove when install --- roles/6-generic-apps/tasks/main.yml | 10 --- roles/7-edu-apps/tasks/main.yml | 6 -- roles/8-mgmt-tools/tasks/main.yml | 2 - roles/9-local-addons/tasks/main.yml | 4 - roles/internetarchive/meta/main.yml | 3 - roles/internetarchive/tasks/enable.yml | 47 ++++++++++++ roles/internetarchive/tasks/install.yml | 53 +++++++++++++ roles/internetarchive/tasks/main.yml | 99 ++----------------------- 8 files changed, 108 insertions(+), 116 deletions(-) delete mode 100644 roles/internetarchive/meta/main.yml create mode 100644 roles/internetarchive/tasks/enable.yml create mode 100644 roles/internetarchive/tasks/install.yml diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index d1b9b8d7f..c6edbf859 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -6,19 +6,16 @@ - name: AZURACAST include_role: name: azuracast - when: azuracast_install | bool tags: azuracast - name: DOKUWIKI include_role: name: dokuwiki - when: dokuwiki_install | bool tags: dokuwiki - name: MEDIAWIKI include_role: name: mediawiki - when: mediawiki_install | bool tags: mediawiki # UNMAINTAINED @@ -31,37 +28,31 @@ - name: ELGG include_role: name: elgg - when: elgg_install | bool tags: elgg - name: GITEA include_role: name: gitea - when: gitea_install | bool tags: gitea - name: LOKOLE include_role: name: lokole - when: lokole_install | bool tags: lokole - name: MOSQUITTO include_role: name: mosquitto - when: mosquitto_install | bool tags: mosquitto - name: NODE-RED include_role: name: nodered - when: nodered_install | bool tags: nodered - name: NEXTCLOUD include_role: name: nextcloud - when: nextcloud_install | bool tags: nextcloud #- name: OWNCLOUD @@ -79,7 +70,6 @@ - name: WORDPRESS include_role: name: wordpress - when: wordpress_install | bool tags: wordpress - name: Recording STAGE 6 HAS COMPLETED ==================== diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index 7c6d89823..49711b407 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -6,31 +6,26 @@ - name: KALITE include_role: name: kalite - when: kalite_install | bool tags: kalite - name: KOLIBRI include_role: name: kolibri - when: kolibri_install | bool tags: kolibri - name: KIWIX include_role: name: kiwix - when: kiwix_install | bool tags: kiwix - name: MOODLE include_role: name: moodle - when: moodle_install | bool tags: olpc, moodle - name: OSM-VECTOR-MAPS include_role: name: osm-vector-maps - when: osm_vector_maps_install | bool tags: osm, maps # UNMAINTAINED @@ -50,7 +45,6 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install | bool tags: sugarizer - name: Recording STAGE 7 HAS COMPLETED ======================== diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index 9536032b8..c7547d2ac 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -12,7 +12,6 @@ - name: AWSTATS include_role: name: awstats - when: awstats_install | bool tags: awstats - name: MONIT @@ -24,7 +23,6 @@ - name: MUNIN include_role: name: munin - when: munin_install | bool tags: munin - name: PHPMYADMIN diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 4af8db305..dacbd7e6e 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -6,7 +6,6 @@ - name: INTERNETARCHIVE include_role: name: internetarchive - when: internetarchive_install | bool tags: internetarchive # Until porting complete (@jvonau helping transition to Python 3) @@ -31,20 +30,17 @@ - name: MINETEST include_role: name: minetest - when: minetest_install | bool tags: minetest # KEEP AT THE END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE include_role: name: calibre - when: calibre_install | bool tags: calibre - name: CALIBRE-WEB include_role: name: calibre-web - when: calibreweb_install | bool tags: calibre-web - name: Recording STAGE 9 HAS COMPLETED ==================== diff --git a/roles/internetarchive/meta/main.yml b/roles/internetarchive/meta/main.yml deleted file mode 100644 index ccaac6c31..000000000 --- a/roles/internetarchive/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - { role: nodejs, tags: ['nodejs'], when: internetarchive_install | bool } - - { role: yarn, tags: ['yarn'], when: internetarchive_install | bool } diff --git a/roles/internetarchive/tasks/enable.yml b/roles/internetarchive/tasks/enable.yml new file mode 100644 index 000000000..26788fdb6 --- /dev/null +++ b/roles/internetarchive/tasks/enable.yml @@ -0,0 +1,47 @@ +- name: Create symlink internetarchive.conf from sites-enabled to sites-available, for short URL http://box/archive (if debuntu and internetarchive_enabled) + file: + src: /etc/apache2/sites-available/internetarchive.conf + path: /etc/apache2/sites-enabled/internetarchive.conf + state: link + when: is_debuntu and internetarchive_enabled + +- name: Remove symlink /etc/apache2/sites-enabled/internetarchive.conf (if debuntu and not internetarchive_enabled) + file: + path: /etc/apache2/sites-enabled/internetarchive.conf + state: absent + when: is_debuntu and not internetarchive_enabled + + # RESTART/ENABLE SYSTEMD SERVICE +- name: Disable 'internetarchive' systemd service (if not internetarchive_enabled) + systemd: + name: internetarchive + enabled: no + when: not internetarchive_enabled + +- name: Enable & Restart 'internetarchive' systemd service (if internetarchive_enabled) + systemd: + name: internetarchive + daemon_reload: yes + enabled: yes + state: restarted + when: internetarchive_enabled | bool + +- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/archive (not just http://box:{{ internetarchive_port }}) + systemd: + name: "{{ apache_service }}" # httpd or apache2 + state: restarted + when: internetarchive_enabled | bool + +- name: Add 'internetarchive' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: internetarchive + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - option: name + value: Internet Archive Offline + - option: description + value: '"Dweb-mirror is intended to make the Internet Archive experience and UI available offline."' + - option: internetarchive_enabled + value: "{{ internetarchive_enabled }}" diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml new file mode 100644 index 000000000..e9aaf1b30 --- /dev/null +++ b/roles/internetarchive/tasks/install.yml @@ -0,0 +1,53 @@ +- name: Install NodeJS + include_role: + name: nodejs + +- name: Install Yarn + include_role: + name: yarn + +- name: Install packages needed by Internet Archive Offline + package: + name: + - libsecret-1-dev + state: present + +- name: Create directory {{ internetarchive_dir }} + file: + path: "{{ internetarchive_dir }}" + state: directory + owner: "root" + +- name: Run yarn install to get needed modules (CAN TAKE ~15 MINUTES) + shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror + args: + chdir: "{{ internetarchive_dir }}" + creates: "{{ internetarchive_dir }}/node_modules/@internetarchive/dweb-mirror/internetarchive" + when: internet_available | bool + register: internetarchive_installing + +- name: Create directory /library/archiveorg + file: + path: "/library/archiveorg" + state: directory + owner: "root" + +# CONFIG FILES + +- name: "Install from templates: internetarchive.service (systemd), internetarchive.conf (Apache)" + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: root + with_items: + - { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' } + - { src: 'internetarchive.conf', dest: '/etc/apache2/sites-available/internetarchive.conf' } + +- name: Add 'internetarchive_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^internetarchive_installed' + line: 'internetarchive_installed: True' + state: present diff --git a/roles/internetarchive/tasks/main.yml b/roles/internetarchive/tasks/main.yml index c51451313..f56ec760c 100644 --- a/roles/internetarchive/tasks/main.yml +++ b/roles/internetarchive/tasks/main.yml @@ -1,115 +1,32 @@ # We need a recent version of node - - name: FAIL (STOP INSTALLING) IF nodejs_version is not set to 10.x or 12.x fail: msg: "Internet Archive install cannot proceed, as it currently requires Node.js 10.x or 12.x, and your nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml and possibly also /etc/iiab/local_vars.yml" when: internetarchive_install and (nodejs_version != "10.x") and (nodejs_version != "12.x") -- name: Install packages needed by Internet Archive Offline - package: - name: - - libsecret-1-dev - state: present - -- name: Create directory {{ internetarchive_dir }} - file: - path: "{{ internetarchive_dir }}" - state: directory - owner: "root" - -- name: Run yarn install to get needed modules (CAN TAKE ~15 MINUTES) - shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror - args: - chdir: "{{ internetarchive_dir }}" - creates: "{{ internetarchive_dir }}/node_modules/@internetarchive/dweb-mirror/internetarchive" - when: internet_available | bool - register: internetarchive_installing - -- name: Create directory /library/archiveorg - file: - path: "/library/archiveorg" - state: directory - owner: "root" +- name: Install Yarn and Internet Archive + include_tasks: install.yml + when: internetarchive_install and not internetarchive_installed is defined - name: Set --reinstall fact set_fact: internetarchive_upgrade: True when: reinstall is defined - -# CONFIG FILES - -- name: "Install from templates: internetarchive.service (systemd), internetarchive.conf (Apache)" - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: 0644 - owner: root - group: root - with_items: - - { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' } - - { src: 'internetarchive.conf', dest: '/etc/apache2/sites-available/internetarchive.conf' } - -- name: Create symlink internetarchive.conf from sites-enabled to sites-available, for short URL http://box/archive (if debuntu and internetarchive_enabled) - file: - src: /etc/apache2/sites-available/internetarchive.conf - path: /etc/apache2/sites-enabled/internetarchive.conf - state: link - when: is_debuntu and internetarchive_enabled - -- name: Remove symlink /etc/apache2/sites-enabled/internetarchive.conf (if debuntu and not internetarchive_enabled) - file: - path: /etc/apache2/sites-enabled/internetarchive.conf - state: absent - when: is_debuntu and not internetarchive_enabled - - # STOP SYSTEMD SERVICE - name: Stop 'internetarchive' systemd service systemd: name: internetarchive daemon_reload: yes state: stopped + when: internetarchive_enabled and internetarchive_upgrade - name: 'Update pre-existing install: yarn upgrade' shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade args: chdir: "{{ internetarchive_dir }}" - when: not internetarchive_installing.changed and internetarchive_upgrade + when: internetarchive_enabled and internetarchive_upgrade - # RESTART/ENABLE SYSTEMD SERVICE -- name: Disable 'internetarchive' systemd service (if not internetarchive_enabled) - systemd: - name: internetarchive - enabled: no - when: not internetarchive_enabled - -# with "systemctl daemon-reload" in case mongodb.service changed, etc -- name: Enable & Restart 'internetarchive' systemd service (if internetarchive_enabled) - systemd: - name: internetarchive - daemon_reload: yes - enabled: yes - state: restarted - when: internetarchive_enabled | bool - -- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/archive (not just http://box:{{ internetarchive_port }}) - systemd: - name: "{{ apache_service }}" # httpd or apache2 - state: restarted - when: internetarchive_enabled | bool - - -- name: Add 'internetarchive' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: internetarchive - option: "{{ item.option }}" - value: "{{ item.value }}" - with_items: - - option: name - value: Internet Archive Offline - - option: description - value: '"Dweb-mirror is intended to make the Internet Archive experience and UI available offline."' - - option: internetarchive_enabled - value: "{{ internetarchive_enabled }}" +- name: Enable Internet Archive + include_tasks: enable.yml + when: internetarchive_install or internetarchive_installed is defined From 13206f426589bab8b163e10849a2cfcbee13d8e3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 00:37:37 -0500 Subject: [PATCH 059/148] runrole --reinstall to remove role installed marker --- runrole | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/runrole b/runrole index 4cd853dc6..decec9ef6 100755 --- a/runrole +++ b/runrole @@ -4,8 +4,28 @@ INVENTORY="ansible_hosts" PLAYBOOK="run-one-role.yml" ARGS="" CWD=`pwd` +if [ ! -f $PLAYBOOK ]; then + echo "Exiting: IIAB Playbook not found." + echo "Please run this in /opt/iiab/iiab (top level of the git repo)." + exit 1 +fi + +if [[ $# -eq 0 ]] ; then + echo " usage: ./runrole " + echo " usage: ./runrole --reinstall " + echo " Last variable would be full path to log file." + echo " If ommited current directory is used." + exit 0 +fi + if [ "$1" == "--reinstall" ]; then ARGS="$ARGS --extra-vars reinstall=True" + if [ ! $2 == "internetarchive" ]; then # special handling + if [ $2 == "calibre-web" ]; then # role directory & installed marker differ + sed -i -e '/^calibreweb/d' /etc/iiab/config_vars2.yml + fi + sed -i -e "/^$2/d" /etc/iiab/config_vars2.yml + fi shift 1 fi @@ -15,22 +35,10 @@ else export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log" fi -if [ ! -f $PLAYBOOK ]; then - echo "Exiting: IIAB Playbook not found." - echo "Please run this in /opt/iiab/iiab (top level of the git repo)." - exit 1 -fi - # Is the following stanza nec? -if [ ! -f /etc/iiab/config_vars.yml ]; then +if [ ! -f /etc/iiab/config_vars2.yml ]; then mkdir -p /etc/iiab - echo "{}" > /etc/iiab/config_vars.yml -fi - -if [[ $# -eq 0 ]] ; then - echo " usage: ./runrole " - echo " Can only take a single value." - exit 0 + echo "{}" > /etc/iiab/config_vars2.yml fi From 4cfd10d44a01542c7f7de63db9ba1712f872fff1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 00:44:56 -0500 Subject: [PATCH 060/148] create config_vars2.yml at start of stage-4 --- roles/0-init/tasks/main.yml | 5 ----- roles/4-server-options/tasks/main.yml | 4 +++- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index f1247b4d4..8cfed2864 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -1,9 +1,4 @@ # Initialize -- name: Create {{ iiab_installed }} - file: - path: "{{ iiab_installed }}" - state: touch - - name: ...IS BEGINNING ============================================ stat: path: "{{ iiab_env_file }}" diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index a331169ff..0e4c9460f 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -1,7 +1,9 @@ # Server Options - name: ...IS BEGINNING ================================== - command: echo + file: + path: "{{ iiab_installed }}" + state: touch - name: NGINX include_role: From 579fa10b05d6f4fbb62370c5bf7204516e5ce23c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 00:39:27 -0500 Subject: [PATCH 061/148] kiwix allow reinstall/updates with runrole --reinstall --- roles/kiwix/tasks/kiwix_install.yml | 11 +++++++++++ roles/kiwix/tasks/main.yml | 16 ++-------------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index d030d5442..2e8075404 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -1,4 +1,15 @@ # 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE +- name: Download Kiwix software to /opt/iiab/downloads + get_url: + url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" + dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" + timeout: "{{ download_timeout }}" + when: internet_available | bool + +- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} + stat: + path: "{{ downloads_dir }}/{{ kiwix_src_file }}" + register: kiwix_src - name: Create directory {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files file: diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 020399ee3..a1ac24b37 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -23,18 +23,6 @@ msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." when: not kiwix_src_file -- name: Download Kiwix software to /opt/iiab/downloads - get_url: - url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" - dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" - timeout: "{{ download_timeout }}" - when: internet_available | bool and kiwix_install | bool and not kiwix_installed is defined - -- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} - stat: - path: "{{ downloads_dir }}/{{ kiwix_src_file }}" - register: kiwix_src - - name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary stat: path: "{{ kiwix_path }}/bin/kiwix-serve" @@ -43,10 +31,10 @@ - name: Set fact kiwix_force_install if kiwix-serve not found set_fact: kiwix_force_install: True - when: not kiwix_bin.stat.exists + when: not kiwix_bin.stat.exists or reinstall is defined - include_tasks: kiwix_install.yml - when: kiwix_install | bool and (not kiwix_installed is defined or kiwix_force_install | bool) + when: (kiwix_install | bool and not kiwix_installed is defined) or kiwix_force_install | bool tags: - kiwix From 29b28d83930aee6ba80167248c2e920cd2c3a85a Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 09:39:08 -0500 Subject: [PATCH 062/148] stage 4 installed --- roles/4-server-options/tasks/main.yml | 6 +++--- roles/captive-portal/tasks/main.yml | 7 +++++++ roles/cups/tasks/main.yml | 7 +++++++ roles/network/tasks/dansguardian.yml | 7 +++++++ roles/network/tasks/dhcpd.yml | 7 +++++++ roles/network/tasks/named.yml | 7 +++++++ roles/network/tasks/squid.yml | 7 +++++++ roles/samba/tasks/main.yml | 7 +++++++ runrole | 6 ++++++ 9 files changed, 58 insertions(+), 3 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 0e4c9460f..77d70e948 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -34,7 +34,7 @@ - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth - when: is_rpi and bluetooth_install + when: (is_rpi and bluetooth_install) or pan_bluetooth_installed is defined tags: bluetooth - name: USB-LIB @@ -68,13 +68,13 @@ - name: CUPS include_role: name: cups - when: cups_install | bool + when: cups_install | bool or cups_installed is defined tags: cups - name: SAMBA include_role: name: samba - when: samba_install | bool + when: samba_install | bool or samba_installed is defined tags: samba - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml index c593816dc..e57d7e759 100644 --- a/roles/captive-portal/tasks/main.yml +++ b/roles/captive-portal/tasks/main.yml @@ -119,6 +119,13 @@ state: absent when: not captive_portal_enabled +- name: Add 'captiveportal_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^captiveportal_installed' + line: 'captiveportal_installed: True' + state: present + - name: Restart Apache service ({{ apache_service }}) # i.e. apache2 on most distros systemd: name: "{{ apache_service }}" diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 6b6ee6992..ddc697fe5 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -7,6 +7,13 @@ tags: - download +- name: Add 'cups_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^cups_installed' + line: 'cups_installed: True' + state: present + - name: Install our own /etc/cups/cupsd.conf from template, to permit local LAN admin template: src: cupsd.conf diff --git a/roles/network/tasks/dansguardian.yml b/roles/network/tasks/dansguardian.yml index 7f76cfb5b..5014c9781 100644 --- a/roles/network/tasks/dansguardian.yml +++ b/roles/network/tasks/dansguardian.yml @@ -49,3 +49,10 @@ mode: 0750 state: directory when: ansible_distribution == "CentOS" + +- name: Add 'dansguardian_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^dansguardian_installed' + line: 'dansguardian_installed: True' + state: present diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml index 9d04cd820..05c60055a 100644 --- a/roles/network/tasks/dhcpd.yml +++ b/roles/network/tasks/dhcpd.yml @@ -59,3 +59,10 @@ mode: 0644 state: file when: is_redhat | bool + +- name: Add 'dhcpd_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^dhcpd_installed' + line: 'dhcpd_installed: True' + state: present diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index 37343c9fa..349017941 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -100,6 +100,13 @@ state: absent when: not is_debuntu and not dns_jail_enabled +- name: Add 'named_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^named_installed' + line: 'named_installed: True' + state: present + - name: Start named systemd service systemd: name: "{{ dns_service }}" diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 70af5b876..005b016b5 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -82,6 +82,13 @@ - include_tasks: roles/network/tasks/dansguardian.yml when: dansguardian_install | bool +- name: Add 'squid_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^squid_installed' + line: 'squid_installed: True' + state: present + # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8 - name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }} ini_file: diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index f80ee9941..594302408 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -30,6 +30,13 @@ src: smb.conf.j2 dest: /etc/samba/smb.conf +- name: Add 'samba_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^samba_installed' + line: 'samba_installed: True' + state: present + - name: Enable & Start Samba systemd service service: name: "{{ smb_service }}" diff --git a/runrole b/runrole index decec9ef6..f5641e84e 100755 --- a/runrole +++ b/runrole @@ -24,6 +24,12 @@ if [ "$1" == "--reinstall" ]; then if [ $2 == "calibre-web" ]; then # role directory & installed marker differ sed -i -e '/^calibreweb/d' /etc/iiab/config_vars2.yml fi + if [ $2 == "captive-portal" ]; then # role directory & installed marker differ + sed -i -e '/^captiveportal/d' /etc/iiab/config_vars2.yml + fi + if [ $2 == "bluetooth" ]; then # role directory & installed marker differ + sed -i -e '/^pan_bluetooth/d' /etc/iiab/config_vars2.yml + fi sed -i -e "/^$2/d" /etc/iiab/config_vars2.yml fi shift 1 From 36defde4ae71c0b1eba79a4c846f96b486ac8ab1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 10:37:33 -0500 Subject: [PATCH 063/148] cmdline tweeks --- iiab-configure | 35 +++++++++++++++++++++++++++++++++-- runrole | 22 +++++++++++----------- 2 files changed, 44 insertions(+), 13 deletions(-) diff --git a/iiab-configure b/iiab-configure index 5f2bbc943..345ca2d25 100755 --- a/iiab-configure +++ b/iiab-configure @@ -4,11 +4,42 @@ INVENTORY="ansible_hosts" PLAYBOOK="iiab-from-cmdline.yml" CWD=`pwd` APPS=/etc/iiab/config_vars2.yml +ENV=/etc/iiab/iiab.env if [ ! -f $PLAYBOOK ]; then - echo "Exiting: IIAB Playbook not found." - echo "Please run this in /opt/iiab/iiab (top level of the git repo)." + echo -e "\nExiting: IIAB Playbook not found." + echo -e "\nPlease run this in /opt/iiab/iiab (top level of the git repo)." exit 1 fi +if [ -f $ENV ]; then + STAGE=0 + if grep -q STAGE= /etc/iiab/iiab.env ; then + source /etc/iiab/iiab.env + echo -e "\nExtracted STAGE="$STAGE" (counter) from /etc/iiab/iiab.env" + if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then + echo -e "\nEXITING: STAGE (counter) value == "$STAGE" is non-integer" + exit 1 + elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then + echo -e "\nEXITING: STAGE (counter) value == "$STAGE" is out-of-range" + exit 1 + elif [ "$STAGE" -lt 3 ]; then + echo -e "\nEXITING: STAGE (counter) value == "$STAGE"" + echo -e "\nIIAB stage 3 not complete" + echo -e "\nPlease run iiab-install" + exit 1 + fi + else + echo -e "\nEXITING: STAGE (counter) not found" + echo -e "\nIIAB not installed" + echo -e "\nPlease run iiab-install" + exit 1 + fi +else + echo -e "\nEXITING: /etc/iiab/iiab.env not found" + echo -e "\nIIAB not installed" + echo -e "\nPlease run iiab-install" + exit 1 +fi +# workaround for image go away later if grep -q sugar $APPS; then if ! grep -q mongodb $APPS; then echo "mongodb_installed: True" >> $APPS diff --git a/runrole b/runrole index f5641e84e..6e46e4abb 100755 --- a/runrole +++ b/runrole @@ -4,6 +4,7 @@ INVENTORY="ansible_hosts" PLAYBOOK="run-one-role.yml" ARGS="" CWD=`pwd` +APPS=/etc/iiab/config_vars2.yml if [ ! -f $PLAYBOOK ]; then echo "Exiting: IIAB Playbook not found." echo "Please run this in /opt/iiab/iiab (top level of the git repo)." @@ -18,19 +19,25 @@ if [[ $# -eq 0 ]] ; then exit 0 fi +# needed for stage 1-3 if not installed yet +if [ ! -f $APPS ]; then + mkdir -p /etc/iiab + touch $APPS +fi + if [ "$1" == "--reinstall" ]; then ARGS="$ARGS --extra-vars reinstall=True" if [ ! $2 == "internetarchive" ]; then # special handling if [ $2 == "calibre-web" ]; then # role directory & installed marker differ - sed -i -e '/^calibreweb/d' /etc/iiab/config_vars2.yml + sed -i -e '/^calibreweb/d' $APPS fi if [ $2 == "captive-portal" ]; then # role directory & installed marker differ - sed -i -e '/^captiveportal/d' /etc/iiab/config_vars2.yml + sed -i -e '/^captiveportal/d' $APPS fi if [ $2 == "bluetooth" ]; then # role directory & installed marker differ - sed -i -e '/^pan_bluetooth/d' /etc/iiab/config_vars2.yml + sed -i -e '/^pan_bluetooth/d' $APPS fi - sed -i -e "/^$2/d" /etc/iiab/config_vars2.yml + sed -i -e "/^$2/d" $APPS fi shift 1 fi @@ -41,12 +48,5 @@ else export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log" fi -# Is the following stanza nec? -if [ ! -f /etc/iiab/config_vars2.yml ]; then - mkdir -p /etc/iiab - echo "{}" > /etc/iiab/config_vars2.yml -fi - - ansible -m setup -i $INVENTORY localhost ${ARGS} --connection=local | grep python ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local -e "role_to_run=$1" From 2423d9a2931f7ba8773dc6c1b7c1437c2c5482b2 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 11:06:02 -0500 Subject: [PATCH 064/148] network guard against faulty user edits to local_vars --- roles/network/tasks/enable_services.yml | 10 +++++----- roles/network/tasks/main.yml | 2 +- roles/network/tasks/restart.yml | 4 ++-- roles/network/tasks/wondershaper.yml | 7 +++++++ 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 078c290c5..7bae3d211 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -2,7 +2,7 @@ service: name: dhcpd enabled: no - when: dhcpd_install and not dhcpd_enabled + when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled # service is restarted with NM dispatcher.d script - name: Enable dhcpd service @@ -46,7 +46,7 @@ systemd: name: "{{ dns_service }}" enabled: no - when: named_install and not named_enabled + when: (named_install or named_installed is defined) and not named_enabled - name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance template: @@ -122,7 +122,7 @@ systemd: name: dansguardian enabled: no - when: dansguardian_install and not dansguardian_enabled + when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled - name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled lineinfile: @@ -164,7 +164,7 @@ systemd: name: "{{ proxy }}" enabled: no - when: squid_install and not squid_enabled + when: (squid_install or squid_installed is defined) and not squid_enabled - name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled lineinfile: @@ -184,7 +184,7 @@ systemd: name: wondershaper enabled: no - when: wondershaper_install and not wondershaper_enabled + when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled # check-LAN should be iptables.yml remove later - name: Install clean copy of /usr/bin/iiab-gen-iptables from template diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a97cdab28..85955936e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -57,7 +57,7 @@ - name: Configure wondershaper include_tasks: wondershaper.yml - when: wondershaper_install | bool + when: wondershaper_install | bool or wondershaper_installed is defined tags: - network - wondershaper diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index 20d344e19..9a7c90dfc 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -15,13 +15,13 @@ name: "{{ proxy }}" state: stopped async: 120 - when: squid_install | bool + when: squid_install | bool or squid_installed is defined - name: Stop DansGuardian systemd: name: dansguardian state: stopped - when: dansguardian_install | bool + when: dansguardian_install | bool or dansguardian_installed is defined - name: Restart DansGuardian service (dansguardian) except Ubuntu which needs reboot to activate systemd: diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml index 6f62922af..884e5d4e5 100644 --- a/roles/network/tasks/wondershaper.yml +++ b/roles/network/tasks/wondershaper.yml @@ -38,6 +38,13 @@ group: root state: link +- name: Add 'wondershaper_installed' variable values to {{ iiab_installed }} + lineinfile: + dest: "{{ iiab_installed }}" + regexp: '^wondershaper_installed' + line: 'wondershaper_installed: True' + state: present + - name: Add 'wondershaper' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" From 2519c74887c593dfadb4c8d8f7e79447e0dce20e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 17 Oct 2019 09:04:12 -0500 Subject: [PATCH 065/148] runrole - ensure local_vars has *_install is set to True --- runrole | 61 ++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 47 insertions(+), 14 deletions(-) diff --git a/runrole b/runrole index 6e46e4abb..55d025004 100755 --- a/runrole +++ b/runrole @@ -3,8 +3,11 @@ INVENTORY="ansible_hosts" PLAYBOOK="run-one-role.yml" ARGS="" +REINSTALL=0 CWD=`pwd` APPS=/etc/iiab/config_vars2.yml +VARS=/etc/iiab/local_vars.yml + if [ ! -f $PLAYBOOK ]; then echo "Exiting: IIAB Playbook not found." echo "Please run this in /opt/iiab/iiab (top level of the git repo)." @@ -19,27 +22,57 @@ if [[ $# -eq 0 ]] ; then exit 0 fi +clear_marker(){ + if [ ! $1 == "internetarchive" ]; then # special handling + if [ $1 == "calibre-web" ]; then # role directory & installed marker differ + sed -i -e '/^calibreweb/d' $APPS + + elif [ $1 == "captive-portal" ]; then # role directory & installed marker differ + sed -i -e '/^captiveportal/d' $APPS + + elif [ $1 == "bluetooth" ]; then # role directory & installed marker differ + sed -i -e '/^pan_bluetooth/d' $APPS + fi + sed -i -e "/^$1/d" $APPS + fi +} + +if [ "$1" == "--reinstall" ]; then + ARGS="$ARGS --extra-vars reinstall=True" + REINSTALL=1 + shift 1 +fi + # needed for stage 1-3 if not installed yet if [ ! -f $APPS ]; then mkdir -p /etc/iiab touch $APPS fi -if [ "$1" == "--reinstall" ]; then - ARGS="$ARGS --extra-vars reinstall=True" - if [ ! $2 == "internetarchive" ]; then # special handling - if [ $2 == "calibre-web" ]; then # role directory & installed marker differ - sed -i -e '/^calibreweb/d' $APPS - fi - if [ $2 == "captive-portal" ]; then # role directory & installed marker differ - sed -i -e '/^captiveportal/d' $APPS - fi - if [ $2 == "bluetooth" ]; then # role directory & installed marker differ - sed -i -e '/^pan_bluetooth/d' $APPS - fi - sed -i -e "/^$2/d" $APPS +if ! grep -q $1_install $VARS; then + echo " $1_install: not found in $VARS" + echo " Please review $VARS and edit as required" + exit 1 +elif grep $1_install $VARS | grep -q --exclude "#" False; then + echo " $1_install: set to False found in $VARS" + echo " Please review $VARS and edit as required" + exit 1 +elif grep $1_install $VARS | grep -q "#"; then + echo " $1_install: commented out (#) in $VARS" + echo " Please review $VARS and edit as required" + exit 1 +else + if grep $1_install $VARS | grep -q --exclude "#" True; then + echo " $1_install: set to True found in $VARS" + echo " continuing...." + else + echo "somthing went wrong to get here" + exit 1 fi - shift 1 +fi + +if [ "$REINSTALL" == "1" ]; then + clear_marker fi if [ $# -eq 2 ]; then From 916d3052aed8c49beba65cea3f7acc51beaec703 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 24 Oct 2019 11:15:25 -0500 Subject: [PATCH 066/148] iiab_state --- iiab-configure | 2 +- iiab-from-cmdline.yml | 2 +- iiab-from-console.yml | 2 +- iiab-install | 5 +++++ iiab-network.yml | 2 +- run-one-role.yml | 2 +- runrole | 2 +- vars/default_vars.yml | 2 +- 8 files changed, 12 insertions(+), 7 deletions(-) diff --git a/iiab-configure b/iiab-configure index 345ca2d25..32abbb51b 100755 --- a/iiab-configure +++ b/iiab-configure @@ -3,7 +3,7 @@ INVENTORY="ansible_hosts" PLAYBOOK="iiab-from-cmdline.yml" CWD=`pwd` -APPS=/etc/iiab/config_vars2.yml +APPS=/etc/iiab/iiab_state.yml ENV=/etc/iiab/iiab.env if [ ! -f $PLAYBOOK ]; then echo -e "\nExiting: IIAB Playbook not found." diff --git a/iiab-from-cmdline.yml b/iiab-from-cmdline.yml index 4bf43513b..2dd4e0689 100644 --- a/iiab-from-cmdline.yml +++ b/iiab-from-cmdline.yml @@ -6,7 +6,7 @@ - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - /etc/iiab/local_vars.yml - - /etc/iiab/config_vars2.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init, tags: ['0-init'] } diff --git a/iiab-from-console.yml b/iiab-from-console.yml index 0bbed7cda..2790a34cf 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -6,7 +6,7 @@ - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - /etc/iiab/local_vars.yml - - /etc/iiab/config_vars2.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init, tags: ['0-init'] } diff --git a/iiab-install b/iiab-install index f63bb411b..3a3e77595 100755 --- a/iiab-install +++ b/iiab-install @@ -146,6 +146,11 @@ if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then echo -e "\n'--debug' *ignored* as STAGE (counter) < 2." fi +# to catch up images to current code to benefit from pre-installed apps +if [ -f /etc/iiab/config_vars2.yml ]; then + mv /etc/iiab/config_vars2.yml $APPS +fi + if [ -f $APPS ]; then if grep -q sugar $APPS; then if ! grep -q mongodb $APPS; then diff --git a/iiab-network.yml b/iiab-network.yml index 01f594449..13a490ed0 100644 --- a/iiab-network.yml +++ b/iiab-network.yml @@ -6,7 +6,7 @@ - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - /etc/iiab/local_vars.yml - - /etc/iiab/config_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init, tags: ['network'] } diff --git a/run-one-role.yml b/run-one-role.yml index 8ceeaf7bf..38a0b97b7 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -6,7 +6,7 @@ - vars/default_vars.yml - "vars/{{ ansible_local.local_facts.os_ver }}.yml" - /etc/iiab/local_vars.yml - - /etc/iiab/config_vars2.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init, tags: ['0-init'] } diff --git a/runrole b/runrole index 55d025004..2063a369d 100755 --- a/runrole +++ b/runrole @@ -5,7 +5,7 @@ PLAYBOOK="run-one-role.yml" ARGS="" REINSTALL=0 CWD=`pwd` -APPS=/etc/iiab/config_vars2.yml +APPS=/etc/iiab/iiab_state.yml VARS=/etc/iiab/local_vars.yml if [ ! -f $PLAYBOOK ]; then diff --git a/vars/default_vars.yml b/vars/default_vars.yml index dbef01b78..486c75b9a 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,7 +16,7 @@ iiab_local_vars_file: "{{ iiab_etc_path }}/local_vars.yml" # Installation status files iiab_env_file: "{{ iiab_etc_path }}/iiab.env" iiab_ini_file: "{{ iiab_etc_path }}/iiab.ini" -iiab_installed: "{{ iiab_etc_path }}/config_vars2.yml" +iiab_installed: "{{ iiab_etc_path }}/iiab_state.yml" iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" From 6be97bba6ce2a1d1c1dfd8600035191e6d7404be Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 24 Oct 2019 11:51:56 -0500 Subject: [PATCH 067/148] iiab_state2 --- iiab-install | 1 + runrole | 15 +++++++-------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/iiab-install b/iiab-install index 3a3e77595..c69bc4e8a 100755 --- a/iiab-install +++ b/iiab-install @@ -5,6 +5,7 @@ PLAYBOOK="iiab-stages.yml" INVENTORY="ansible_hosts" +APPS=/etc/iiab/iiab_state.yml ARGS="" CWD=`pwd` OS=`grep ^ID= /etc/*release|cut -d= -f2` diff --git a/runrole b/runrole index 2063a369d..0e178641d 100755 --- a/runrole +++ b/runrole @@ -43,26 +43,25 @@ if [ "$1" == "--reinstall" ]; then shift 1 fi -# needed for stage 1-3 if not installed yet -if [ ! -f $APPS ]; then - mkdir -p /etc/iiab - touch $APPS +# Needed for Stages 1-3 if not installed yet +if [ ! -f $IIAB_STATE_FILE ]; then + touch $IIAB_STATE_FILE fi -if ! grep -q $1_install $VARS; then +if ! grep -q $1_install $LOCAL_VARS_FILE; then echo " $1_install: not found in $VARS" echo " Please review $VARS and edit as required" exit 1 -elif grep $1_install $VARS | grep -q --exclude "#" False; then +elif grep $1_install $LOCAL_VARS_FILE | grep -q --exclude "#" False; then echo " $1_install: set to False found in $VARS" echo " Please review $VARS and edit as required" exit 1 -elif grep $1_install $VARS | grep -q "#"; then +elif grep $1_install $LOCAL_VARS_FILE | grep -q "#"; then echo " $1_install: commented out (#) in $VARS" echo " Please review $VARS and edit as required" exit 1 else - if grep $1_install $VARS | grep -q --exclude "#" True; then + if grep $1_install $LOCAL_VARS_FILE | grep -q --exclude "#" True; then echo " $1_install: set to True found in $VARS" echo " continuing...." else From 38fd86ac90121236fee46a0f6be1e639a36fd6a6 Mon Sep 17 00:00:00 2001 From: holta Date: Thu, 24 Oct 2019 21:05:47 -0400 Subject: [PATCH 068/148] 2008 var names, output, comments, small bugs --- iiab-configure | 43 +++++++------- iiab-install | 59 +++++++++---------- roles/4-server-options/tasks/main.yml | 4 +- roles/awstats/tasks/install.yml | 4 +- roles/azuracast/tasks/install.yml | 4 +- roles/bluetooth/tasks/install.yml | 8 +-- roles/bluetooth/tasks/main.yml | 4 +- roles/calibre-web/tasks/install.yml | 4 +- roles/calibre/tasks/install.yml | 4 +- roles/captive-portal/tasks/main.yml | 4 +- roles/cups/tasks/main.yml | 4 +- roles/dokuwiki/tasks/install.yml | 4 +- roles/elgg/tasks/install.yml | 4 +- roles/elgg/tasks/main.yml | 2 +- roles/elgg/tasks/{prov-db.yml => setup.yml} | 0 roles/gitea/tasks/install.yml | 4 +- roles/internetarchive/tasks/install.yml | 4 +- roles/kalite/tasks/setup.yml | 4 +- roles/kiwix/tasks/kiwix_install.yml | 4 +- roles/kolibri/tasks/install.yml | 4 +- roles/lokole/tasks/install.yml | 4 +- roles/mediawiki/tasks/install.yml | 4 +- roles/minetest/tasks/provision.yml | 4 +- roles/mongodb/tasks/install.yml | 4 +- roles/moodle/tasks/install.yml | 4 +- roles/mosquitto/tasks/install.yml | 4 +- roles/munin/tasks/install.yml | 4 +- roles/network/tasks/dansguardian.yml | 4 +- roles/network/tasks/dhcpd.yml | 4 +- roles/network/tasks/named.yml | 4 +- roles/network/tasks/squid.yml | 4 +- roles/network/tasks/wondershaper.yml | 4 +- roles/nextcloud/tasks/install.yml | 4 +- roles/nextcloud/tasks/main.yml | 2 +- .../tasks/{prov-db.yml => setup.yml} | 0 roles/nodered/tasks/install.yml | 4 +- roles/samba/tasks/main.yml | 4 +- roles/sugarizer/tasks/install.yml | 4 +- roles/wordpress/tasks/install.yml | 4 +- roles/wordpress/tasks/main.yml | 2 +- .../tasks/{prov-db.yml => setup.yml} | 0 runrole | 37 +++++++----- 42 files changed, 144 insertions(+), 137 deletions(-) rename roles/elgg/tasks/{prov-db.yml => setup.yml} (100%) rename roles/nextcloud/tasks/{prov-db.yml => setup.yml} (100%) rename roles/wordpress/tasks/{prov-db.yml => setup.yml} (100%) diff --git a/iiab-configure b/iiab-configure index 32abbb51b..489768b0a 100755 --- a/iiab-configure +++ b/iiab-configure @@ -1,48 +1,51 @@ #!/bin/bash -INVENTORY="ansible_hosts" -PLAYBOOK="iiab-from-cmdline.yml" +INVENTORY=ansible_hosts +PLAYBOOK=iiab-from-cmdline.yml CWD=`pwd` -APPS=/etc/iiab/iiab_state.yml -ENV=/etc/iiab/iiab.env +IIAB_STATE_FILE=/etc/iiab/iiab_state.yml +IIAB_ENV_FILE=/etc/iiab/iiab.env + if [ ! -f $PLAYBOOK ]; then - echo -e "\nExiting: IIAB Playbook not found." + echo -e "\nExiting: IIAB Playbook $PLAYBOOK not found." echo -e "\nPlease run this in /opt/iiab/iiab (top level of the git repo)." exit 1 fi -if [ -f $ENV ]; then + +if [ -f $IIAB_ENV_FILE ]; then STAGE=0 if grep -q STAGE= /etc/iiab/iiab.env ; then source /etc/iiab/iiab.env - echo -e "\nExtracted STAGE="$STAGE" (counter) from /etc/iiab/iiab.env" + echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env" if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then - echo -e "\nEXITING: STAGE (counter) value == "$STAGE" is non-integer" + echo -e "\nEXITING: STAGE (counter) value == $STAGE is non-integer" exit 1 elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then - echo -e "\nEXITING: STAGE (counter) value == "$STAGE" is out-of-range" + echo -e "\nEXITING: STAGE (counter) value == $STAGE is out-of-range" exit 1 elif [ "$STAGE" -lt 3 ]; then - echo -e "\nEXITING: STAGE (counter) value == "$STAGE"" - echo -e "\nIIAB stage 3 not complete" - echo -e "\nPlease run iiab-install" + echo -e "\nEXITING: STAGE (counter) value == $STAGE" + echo -e "\nIIAB Stage 3 not complete." + echo -e "\nPlease run: ./iiab-install" exit 1 fi else echo -e "\nEXITING: STAGE (counter) not found" - echo -e "\nIIAB not installed" - echo -e "\nPlease run iiab-install" + echo -e "\nIIAB not installed." + echo -e "\nPlease run: ./iiab-install" exit 1 fi else echo -e "\nEXITING: /etc/iiab/iiab.env not found" - echo -e "\nIIAB not installed" - echo -e "\nPlease run iiab-install" + echo -e "\nIIAB not installed." + echo -e "\nPlease run: ./iiab-install" exit 1 fi -# workaround for image go away later -if grep -q sugar $APPS; then - if ! grep -q mongodb $APPS; then - echo "mongodb_installed: True" >> $APPS + +# Workaround for (web-published) images; will go away later +if grep -q sugar $IIAB_STATE_FILE; then + if ! grep -q mongodb $IIAB_STATE_FILE; then + echo "mongodb_installed: True" >> $IIAB_STATE_FILE fi fi diff --git a/iiab-install b/iiab-install index c69bc4e8a..7963c77d9 100755 --- a/iiab-install +++ b/iiab-install @@ -3,9 +3,9 @@ # Add cmdline options for passing to ansible # Todo add proper shift to gobble up --debug --reinstall -PLAYBOOK="iiab-stages.yml" -INVENTORY="ansible_hosts" -APPS=/etc/iiab/iiab_state.yml +PLAYBOOK=iiab-stages.yml +INVENTORY=ansible_hosts +IIAB_STATE_FILE=/etc/iiab/iiab_state.yml ARGS="" CWD=`pwd` OS=`grep ^ID= /etc/*release|cut -d= -f2` @@ -31,7 +31,7 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2 echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2 - echo -e ' http://download.iiab.io (click on "6.7" or a more recent version!)\n' >&2 + echo -e ' http://download.iiab.io (click on "7.0" or a more recent version!)\n' >&2 exit 1 fi @@ -54,10 +54,11 @@ fi if [ "$1" != "--debug" ] && [ "$1" != "--reinstall" ] && [ "$1" != "" ]; then echo "Use './iiab-install' for regular installs, or to continue an install." - echo "Use './iiab-install --reinstall' to force running all Stages 0-9." - echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9." - echo "Use './runrole' to run a single Stage or Role." - echo "Use './iiab-network' to run Network sections." + echo "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." + echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." + echo "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." + echo "Use './runrole' to run Stage 0, followed by a single Stage or Role." + echo "Use './iiab-network' to run Stage 0, followed by the Network Role." exit 1 fi @@ -119,12 +120,8 @@ if [ -f /etc/iiab/iiab.env ]; then exit 1 fi fi -# if XSCE is present resolveconf will not be - if grep -q XSCE /etc/iiab/iiab.env ; then - STAGE=0 - rm /etc/iiab/iiab.env - echo "Removed /etc/iiab/iiab.env effectively resetting STAGE (counter)." - elif [ "$1" == "--reinstall" ]; then + + if [ "$1" == "--reinstall" ]; then STAGE=0 ARGS="$ARGS"" --extra-vars reinstall=True" sed -i 's/^STAGE=.*/STAGE=0/' /etc/iiab/iiab.env @@ -135,40 +132,42 @@ if [ -f /etc/iiab/iiab.env ]; then echo "Wrote STAGE=2 (counter) to /etc/iiab/iiab.env" elif [ "$STAGE" -eq 9 ]; then echo -e "\nEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." - echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9." - echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9." - echo -e "Use './runrole' to run a single Stage or Role." - echo -e "Use './iiab-network' to run Network sections.\n\n" - echo -e "Use './iiab-configure' to turn installed service on|off via local_vars.yml.\n\n" - exit 0 # allows rerunning http://download.iiab.io/6.7/install.txt + echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." + echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." + echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." + echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role." + echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\n\n" + + exit 0 # Allows rerunning http://download.iiab.io/install.txt fi fi if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then echo -e "\n'--debug' *ignored* as STAGE (counter) < 2." fi -# to catch up images to current code to benefit from pre-installed apps +# TEMPORARY: Catch images up to current code to benefit from pre-installed apps if [ -f /etc/iiab/config_vars2.yml ]; then - mv /etc/iiab/config_vars2.yml $APPS + mv /etc/iiab/config_vars2.yml $IIAB_STATE_FILE fi -if [ -f $APPS ]; then - if grep -q sugar $APPS; then - if ! grep -q mongodb $APPS; then - echo "mongodb_installed: True" >> $APPS +# Assumes /etc/iiab/iiab_state.yml is not created until (prior run of) Stage 4. +if [ -f $IIAB_STATE_FILE ]; then + if grep -q sugar $IIAB_STATE_FILE; && ! grep -q mongodb $IIAB_STATE_FILE; then + echo "mongodb_installed: True" >> $IIAB_STATE_FILE fi if [ "$STAGE" -eq 2 ]; then - echo -e "\n completing stage 3 from iiab image" + echo -e "\nCompleting Stage 3 from IIAB image (starts systemd service iiab-setup-db to run the 'mysql' role)." systemctl start iiab-setup-db fi - PLAYBOOK="iiab-from-console.yml" - ARGS="" + + PLAYBOOK="iiab-from-console.yml" # Stage 4-9 then Network Role + ARGS="" # Removes '--extra-vars reinstall=True' if --reinstall, BUT WHY? fi echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!\n" -echo -e "Running local playbooks....Stage 0 will now run....followed by Stages $(($STAGE + 1))-9" +echo -e "Running local Ansible playbooks...\n...Stage 0 will now run\n...followed by Stages $(($STAGE + 1))-9\n...and then the Network Role.\n" export ANSIBLE_LOG_PATH="$CWD""/iiab-install.log" diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 77d70e948..b7f1eaa05 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -2,7 +2,7 @@ - name: ...IS BEGINNING ================================== file: - path: "{{ iiab_installed }}" + path: "{{ iiab_state_file }}" state: touch - name: NGINX @@ -34,7 +34,7 @@ - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth - when: (is_rpi and bluetooth_install) or pan_bluetooth_installed is defined + when: (is_rpi and bluetooth_install) or bluetooth_installed is defined tags: bluetooth - name: USB-LIB diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 6851ec51f..580dcf807 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -94,9 +94,9 @@ shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update when: awstats_enabled and is_debuntu -- name: Add 'awstats_installed' variable values to {{ iiab_installed }} +- name: Add 'awstats_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^awstats_installed' line: 'awstats_installed: True' state: present diff --git a/roles/azuracast/tasks/install.yml b/roles/azuracast/tasks/install.yml index b6cc54690..954154bcd 100644 --- a/roles/azuracast/tasks/install.yml +++ b/roles/azuracast/tasks/install.yml @@ -64,9 +64,9 @@ args: chdir: "{{ azuracast_host_dir }}" -- name: Add 'azuracast_installed' variable values to {{ iiab_installed }} +- name: Add 'azuracast_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^azuracast_installed' line: 'azuracast_installed: True' state: present diff --git a/roles/bluetooth/tasks/install.yml b/roles/bluetooth/tasks/install.yml index eee38eb76..e60d2cc6e 100644 --- a/roles/bluetooth/tasks/install.yml +++ b/roles/bluetooth/tasks/install.yml @@ -55,9 +55,9 @@ regexp: '^#DiscoverableTimeout' line: 'DiscoverableTimeout = 0' -- name: Add 'pan_bluetooth_installed' variable values to {{ iiab_installed }} +- name: Add 'bluetooth_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" - regexp: '^pan_bluetooth_installed' - line: 'pan_bluetooth_installed: True' + dest: "{{ iiab_state_file }}" + regexp: '^bluetooth_installed' + line: 'bluetooth_installed: True' state: present diff --git a/roles/bluetooth/tasks/main.yml b/roles/bluetooth/tasks/main.yml index 88092cbfc..25953ddeb 100644 --- a/roles/bluetooth/tasks/main.yml +++ b/roles/bluetooth/tasks/main.yml @@ -1,6 +1,6 @@ - include_tasks: install.yml - when: bluetooth_install and not pan_bluetooth_installed is defined + when: bluetooth_install and not bluetooth_installed is defined - include_tasks: enable.yml - when: bluetooth_install or pan_bluetooth_installed is defined + when: bluetooth_install or bluetooth_installed is defined diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 43263d259..eadd5cb88 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -102,9 +102,9 @@ when: not metadatadb.stat.exists #when: calibreweb_provision | bool -- name: Add 'calibreweb_installed' variable values to {{ iiab_installed }} +- name: Add 'calibreweb_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^calibreweb_installed' line: 'calibreweb_installed: True' state: present diff --git a/roles/calibre/tasks/install.yml b/roles/calibre/tasks/install.yml index 4b5aa5081..fa500f060 100644 --- a/roles/calibre/tasks/install.yml +++ b/roles/calibre/tasks/install.yml @@ -79,9 +79,9 @@ include_tasks: create-db.yml when: not calibre_db.stat.exists -- name: Add 'calibre_installed' variable values to {{ iiab_installed }} +- name: Add 'calibre_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^calibreweb_installed' line: 'calibre_installed: True' state: present diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml index e57d7e759..41ff969ea 100644 --- a/roles/captive-portal/tasks/main.yml +++ b/roles/captive-portal/tasks/main.yml @@ -119,9 +119,9 @@ state: absent when: not captive_portal_enabled -- name: Add 'captiveportal_installed' variable values to {{ iiab_installed }} +- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^captiveportal_installed' line: 'captiveportal_installed: True' state: present diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index ddc697fe5..ef0dfc85d 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -7,9 +7,9 @@ tags: - download -- name: Add 'cups_installed' variable values to {{ iiab_installed }} +- name: Add 'cups_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^cups_installed' line: 'cups_installed: True' state: present diff --git a/roles/dokuwiki/tasks/install.yml b/roles/dokuwiki/tasks/install.yml index 9333aa6fb..a23e3b494 100644 --- a/roles/dokuwiki/tasks/install.yml +++ b/roles/dokuwiki/tasks/install.yml @@ -48,9 +48,9 @@ state: directory recurse: yes -- name: Add 'dokuwiki_installed' variable values to {{ iiab_installed }} +- name: Add 'dokuwiki_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^dokuwiki_installed' line: 'dokuwiki_installed: True' state: present diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml index 7b6275056..d064846f5 100644 --- a/roles/elgg/tasks/install.yml +++ b/roles/elgg/tasks/install.yml @@ -87,9 +87,9 @@ src: elgg.conf dest: "/etc/{{ apache_config_dir }}/elgg.conf" -- name: Add 'elgg_installed' variable values to {{ iiab_installed }} +- name: Add 'elgg_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^elgg_installed' line: 'elgg_installed: True' state: present diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index ed859cb07..8c03710ae 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -3,7 +3,7 @@ when: elgg_install and not elgg_installed is defined - name: Provision DB - include_tasks: prov-db.yml + include_tasks: setup.yml when: elgg_install and not installing - name: Enable Elgg diff --git a/roles/elgg/tasks/prov-db.yml b/roles/elgg/tasks/setup.yml similarity index 100% rename from roles/elgg/tasks/prov-db.yml rename to roles/elgg/tasks/setup.yml diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 1e8136f60..05c9b9436 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -125,9 +125,9 @@ tags: - systemd -- name: Add 'gitea_installed' variable values to {{ iiab_installed }} +- name: Add 'gitea_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^gitea_installed' line: 'gitea_installed: True' state: present diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index e9aaf1b30..ba5cfa237 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -45,9 +45,9 @@ - { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' } - { src: 'internetarchive.conf', dest: '/etc/apache2/sites-available/internetarchive.conf' } -- name: Add 'internetarchive_installed' variable values to {{ iiab_installed }} +- name: Add 'internetarchive_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^internetarchive_installed' line: 'internetarchive_installed: True' state: present diff --git a/roles/kalite/tasks/setup.yml b/roles/kalite/tasks/setup.yml index 97ce8c47b..b9ce96a52 100644 --- a/roles/kalite/tasks/setup.yml +++ b/roles/kalite/tasks/setup.yml @@ -15,9 +15,9 @@ async: 1800 poll: 10 -- name: Add 'kalite_installed' variable values to {{ iiab_installed }} +- name: Add 'kalite_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^kalite_installed' line: 'kalite_installed: True' state: present diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 2e8075404..2c16af3fa 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -100,9 +100,9 @@ - { src: 'iiab-make-kiwix-lib.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'} - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'} -- name: Add 'kiwix_installed' variable values to {{ iiab_installed }} +- name: Add 'kiwix_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^kiwix_installed' line: 'kiwix_installed: True' state: present diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index ba1789d65..99dfda781 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -112,9 +112,9 @@ # apache2_module: # name: proxy_http -- name: Add 'kolibri_installed' variable values to {{ iiab_installed }} +- name: Add 'kolibri_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^kolibri_installed' line: 'kolibri_installed: True' state: present diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index 67e2b881a..d531177c0 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -98,9 +98,9 @@ state: restarted when: lokole_enabled | bool -- name: Add 'lokole_installed' variable values to {{ iiab_installed }} +- name: Add 'lokole_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^lokole_installed' line: 'lokole_installed: True' state: present diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 079d93668..884ab7497 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -65,9 +65,9 @@ src: mediawiki.conf.j2 dest: "/etc/{{ apache_config_dir }}/mediawiki.conf" -- name: Add 'mediawiki_installed' variable values to {{ iiab_installed }} +- name: Add 'mediawiki_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^mediawiki_installed' line: 'mediawiki_installed: True' state: present diff --git a/roles/minetest/tasks/provision.yml b/roles/minetest/tasks/provision.yml index 6d19d6010..ea34c1779 100644 --- a/roles/minetest/tasks/provision.yml +++ b/roles/minetest/tasks/provision.yml @@ -71,9 +71,9 @@ path: "{{ minetest_game_dir }}/mods/name_restrictions" when: minetest_default_game == "carbone-ng" -- name: Add 'minetest_installed' variable values to {{ iiab_installed }} +- name: Add 'minetest_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^minetest_installed' line: 'minetest_installed: True' state: present diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 27f69241c..2268ac82e 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -128,9 +128,9 @@ - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' } - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' } -- name: Add 'mongodb_installed' variable values to {{ iiab_installed }} +- name: Add 'mongodb_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^mongodb_installed' line: 'mongodb_installed: True' state: present diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 7f2327ee5..036867eb1 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -138,9 +138,9 @@ path: "{{ moodle_base }}/config.php" mode: 0644 -- name: Add 'moodle_installed' variable values to {{ iiab_installed }} +- name: Add 'moodle_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^moodle_installed' line: 'moodle_installed: True' state: present diff --git a/roles/mosquitto/tasks/install.yml b/roles/mosquitto/tasks/install.yml index faeef6dd7..c7edfad69 100644 --- a/roles/mosquitto/tasks/install.yml +++ b/roles/mosquitto/tasks/install.yml @@ -30,9 +30,9 @@ group: root mode: 0755 -- name: Add 'mosquitto_installed' variable values to {{ iiab_installed }} +- name: Add 'mosquitto_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^mosquitto_installed' line: 'mosquitto_installed: True' state: present diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 3f826f532..cc6f0e254 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -40,9 +40,9 @@ create: yes state: present -- name: Add 'munin_installed' variable values to {{ iiab_installed }} +- name: Add 'munin_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^munin_installed' line: 'munin_installed: True' state: present diff --git a/roles/network/tasks/dansguardian.yml b/roles/network/tasks/dansguardian.yml index 5014c9781..9b593d2a0 100644 --- a/roles/network/tasks/dansguardian.yml +++ b/roles/network/tasks/dansguardian.yml @@ -50,9 +50,9 @@ state: directory when: ansible_distribution == "CentOS" -- name: Add 'dansguardian_installed' variable values to {{ iiab_installed }} +- name: Add 'dansguardian_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^dansguardian_installed' line: 'dansguardian_installed: True' state: present diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml index 05c60055a..6347cd4e7 100644 --- a/roles/network/tasks/dhcpd.yml +++ b/roles/network/tasks/dhcpd.yml @@ -60,9 +60,9 @@ state: file when: is_redhat | bool -- name: Add 'dhcpd_installed' variable values to {{ iiab_installed }} +- name: Add 'dhcpd_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^dhcpd_installed' line: 'dhcpd_installed: True' state: present diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml index 349017941..965aa5cdf 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml @@ -100,9 +100,9 @@ state: absent when: not is_debuntu and not dns_jail_enabled -- name: Add 'named_installed' variable values to {{ iiab_installed }} +- name: Add 'named_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^named_installed' line: 'named_installed: True' state: present diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 005b016b5..3378b1828 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -82,9 +82,9 @@ - include_tasks: roles/network/tasks/dansguardian.yml when: dansguardian_install | bool -- name: Add 'squid_installed' variable values to {{ iiab_installed }} +- name: Add 'squid_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^squid_installed' line: 'squid_installed: True' state: present diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml index 884e5d4e5..60bcc4197 100644 --- a/roles/network/tasks/wondershaper.yml +++ b/roles/network/tasks/wondershaper.yml @@ -38,9 +38,9 @@ group: root state: link -- name: Add 'wondershaper_installed' variable values to {{ iiab_installed }} +- name: Add 'wondershaper_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^wondershaper_installed' line: 'wondershaper_installed: True' state: present diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index fc5e67c66..99f35c73e 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -182,9 +182,9 @@ group: root mode: 0644 -- name: Add 'nextcloud_installed' variable values to {{ iiab_installed }} +- name: Add 'nextcloud_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^nextcloud_installed' line: 'nextcloud_installed: True' state: present diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 4e66bd0bb..20363d0df 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -10,7 +10,7 @@ when: nextcloud_install and (not nextcloud_installed is defined or not nextcloud_page.stat.exists) - name: Provision NextCloud's Mysql DB - include_tasks: prov-db.yml + include_tasks: setup.yml when: nextcloud_install and not installing - name: Enables or disable Nextcloud! diff --git a/roles/nextcloud/tasks/prov-db.yml b/roles/nextcloud/tasks/setup.yml similarity index 100% rename from roles/nextcloud/tasks/prov-db.yml rename to roles/nextcloud/tasks/setup.yml diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index a4122b095..7e5365d0f 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -97,9 +97,9 @@ state: present name: proxy_wstunnel -- name: Add 'nodered_installed' variable values to {{ iiab_installed }} +- name: Add 'nodered_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^nodered_installed' line: 'nodered_installed: True' state: present diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 594302408..6e3f1c72a 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -30,9 +30,9 @@ src: smb.conf.j2 dest: /etc/samba/smb.conf -- name: Add 'samba_installed' variable values to {{ iiab_installed }} +- name: Add 'samba_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^samba_installed' line: 'samba_installed: True' state: present diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 68fe17ee9..6d41de7c4 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -221,9 +221,9 @@ # # Use this instead, if tabs are truly nec: # # block: "\tvar pathPrefix = '/sugarizer';\n\tapp.use(pathPrefix, require('path-prefix-proxy')(pathPrefix));" -- name: Add 'sugarizer_installed' variable values to {{ iiab_installed }} +- name: Add 'sugarizer_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^sugarizer_installed' line: 'sugarizer_installed: True' state: present diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index a025c04ad..239e2ea56 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -101,9 +101,9 @@ dest: "/etc/{{ apache_config_dir }}/wordpress.conf" when: apache_enabled -- name: Add 'wordpress_installed' variable values to {{ iiab_installed }} +- name: Add 'wordpress_installed' variable values to {{ iiab_state_file }} lineinfile: - dest: "{{ iiab_installed }}" + dest: "{{ iiab_state_file }}" regexp: '^wordpress_installed' line: 'wordpress_installed: True' state: present diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 3b8151efe..0e1555e01 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -1,7 +1,7 @@ # SEE "emergency" REINSTALL INSTRUCTIONS IN roles/wordpress/tasks/install.yml - name: Provision MySql DB for WordPress - include_tasks: prov-db.yml + include_tasks: setup.yml when: wordpress_install | bool and not installing | bool - name: Install WordPress if wordpress_installed is absent diff --git a/roles/wordpress/tasks/prov-db.yml b/roles/wordpress/tasks/setup.yml similarity index 100% rename from roles/wordpress/tasks/prov-db.yml rename to roles/wordpress/tasks/setup.yml diff --git a/runrole b/runrole index 0e178641d..27ce0e92f 100755 --- a/runrole +++ b/runrole @@ -1,12 +1,12 @@ #!/bin/bash -INVENTORY="ansible_hosts" -PLAYBOOK="run-one-role.yml" +INVENTORY=ansible_hosts +PLAYBOOK=run-one-role.yml ARGS="" REINSTALL=0 CWD=`pwd` -APPS=/etc/iiab/iiab_state.yml -VARS=/etc/iiab/local_vars.yml +IIAB_STATE_FILE=/etc/iiab/iiab_state.yml +LOCAL_VARS_FILE=/etc/iiab/local_vars.yml if [ ! -f $PLAYBOOK ]; then echo "Exiting: IIAB Playbook not found." @@ -15,25 +15,30 @@ if [ ! -f $PLAYBOOK ]; then fi if [[ $# -eq 0 ]] ; then - echo " usage: ./runrole " - echo " usage: ./runrole --reinstall " - echo " Last variable would be full path to log file." - echo " If ommited current directory is used." + echo "Usage: ./runrole " + echo "Usage: ./runrole --reinstall " + echo + echo "Optional 2nd parameter is full PATH/FILENAME for logging." + echo "If omitted, /iiab-debug.log is used." exit 0 fi +if ! grep -q "^""$1""_install: True" $LOCAL_VARS_FILE; then + echo "ERROR: $LOCAL_VARS_FILE must contain '""$1""_install: True'" + exit 1 +fi + clear_marker(){ if [ ! $1 == "internetarchive" ]; then # special handling if [ $1 == "calibre-web" ]; then # role directory & installed marker differ - sed -i -e '/^calibreweb/d' $APPS - + sed -i -e '/^calibreweb/d' $IIAB_STATE_FILE elif [ $1 == "captive-portal" ]; then # role directory & installed marker differ - sed -i -e '/^captiveportal/d' $APPS - - elif [ $1 == "bluetooth" ]; then # role directory & installed marker differ - sed -i -e '/^pan_bluetooth/d' $APPS - fi - sed -i -e "/^$1/d" $APPS + sed -i -e '/^captiveportal/d' $IIAB_STATE_FILE + #elif [ $1 == "bluetooth" ]; then # role directory & installed marker differ + # sed -i -e '/^pan_bluetooth/d' $IIAB_STATE_FILE + else + sed -i -e "/^$1/d" $IIAB_STATE_FILE + fi fi } From ef0ab50bd7a3472cf4cc470967156cafca59b15d Mon Sep 17 00:00:00 2001 From: holta Date: Thu, 24 Oct 2019 21:44:07 -0400 Subject: [PATCH 069/148] double-double-quote vars in echo for safety etc --- iiab-configure | 14 ++++++-------- iiab-install | 7 ++++--- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/iiab-configure b/iiab-configure index 489768b0a..aa010bbfa 100755 --- a/iiab-configure +++ b/iiab-configure @@ -7,7 +7,7 @@ IIAB_STATE_FILE=/etc/iiab/iiab_state.yml IIAB_ENV_FILE=/etc/iiab/iiab.env if [ ! -f $PLAYBOOK ]; then - echo -e "\nExiting: IIAB Playbook $PLAYBOOK not found." + echo -e "\nEXITING: IIAB Playbook ""$PLAYBOOK"" not found." echo -e "\nPlease run this in /opt/iiab/iiab (top level of the git repo)." exit 1 fi @@ -18,13 +18,13 @@ if [ -f $IIAB_ENV_FILE ]; then source /etc/iiab/iiab.env echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env" if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then - echo -e "\nEXITING: STAGE (counter) value == $STAGE is non-integer" + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer" exit 1 elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then - echo -e "\nEXITING: STAGE (counter) value == $STAGE is out-of-range" + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range" exit 1 elif [ "$STAGE" -lt 3 ]; then - echo -e "\nEXITING: STAGE (counter) value == $STAGE" + echo -e "\nEXITING: STAGE (counter) value == ""$STAGE" echo -e "\nIIAB Stage 3 not complete." echo -e "\nPlease run: ./iiab-install" exit 1 @@ -43,10 +43,8 @@ else fi # Workaround for (web-published) images; will go away later -if grep -q sugar $IIAB_STATE_FILE; then - if ! grep -q mongodb $IIAB_STATE_FILE; then - echo "mongodb_installed: True" >> $IIAB_STATE_FILE - fi +if grep -q sugar $IIAB_STATE_FILE; && ! grep -q mongodb $IIAB_STATE_FILE; then + echo "mongodb_installed: True" >> $IIAB_STATE_FILE fi export ANSIBLE_LOG_PATH="$CWD/iiab-configure.log" diff --git a/iiab-install b/iiab-install index 7963c77d9..1e87c9b51 100755 --- a/iiab-install +++ b/iiab-install @@ -31,7 +31,7 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2 echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2 - echo -e ' http://download.iiab.io (click on "7.0" or a more recent version!)\n' >&2 + echo -e ' http://download.iiab.io\n' >&2 exit 1 fi @@ -47,8 +47,8 @@ cp ./scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact echo "Placed /etc/ansible/facts.d/local_facts.fact into position." if [ ! -f $PLAYBOOK ]; then - echo "EXITING: IIAB Playbook not found." - echo "Please run 'iiab-install' from /opt/iiab/iiab (top level of git repo)." + echo "EXITING: IIAB Playbook ""$PLAYBOOK"" not found." + echo "Please run './iiab-install' from /opt/iiab/iiab (top level of git repo)." exit 1 fi @@ -152,6 +152,7 @@ fi # Assumes /etc/iiab/iiab_state.yml is not created until (prior run of) Stage 4. if [ -f $IIAB_STATE_FILE ]; then + # Workaround for (web-published) images; will go away later if grep -q sugar $IIAB_STATE_FILE; && ! grep -q mongodb $IIAB_STATE_FILE; then echo "mongodb_installed: True" >> $IIAB_STATE_FILE fi From 3c79119f3c062b95b13a53e4a0b0bd9b87764986 Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 25 Oct 2019 01:07:27 -0400 Subject: [PATCH 070/148] Fix var name captive_portal_installed (not captiveportal_installed) --- roles/captive-portal/tasks/main.yml | 6 +++--- runrole | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml index 41ff969ea..569afb869 100644 --- a/roles/captive-portal/tasks/main.yml +++ b/roles/captive-portal/tasks/main.yml @@ -119,11 +119,11 @@ state: absent when: not captive_portal_enabled -- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }} +- name: Add 'captive_portal_installed' variable values to {{ iiab_state_file }} lineinfile: dest: "{{ iiab_state_file }}" - regexp: '^captiveportal_installed' - line: 'captiveportal_installed: True' + regexp: '^captive_portal_installed' + line: 'captive_portal_installed: True' state: present - name: Restart Apache service ({{ apache_service }}) # i.e. apache2 on most distros diff --git a/runrole b/runrole index 27ce0e92f..1792e710a 100755 --- a/runrole +++ b/runrole @@ -33,7 +33,7 @@ clear_marker(){ if [ $1 == "calibre-web" ]; then # role directory & installed marker differ sed -i -e '/^calibreweb/d' $IIAB_STATE_FILE elif [ $1 == "captive-portal" ]; then # role directory & installed marker differ - sed -i -e '/^captiveportal/d' $IIAB_STATE_FILE + sed -i -e '/^captive_portal/d' $IIAB_STATE_FILE #elif [ $1 == "bluetooth" ]; then # role directory & installed marker differ # sed -i -e '/^pan_bluetooth/d' $IIAB_STATE_FILE else From 6f19471a5fdefb277a4b326fae81264fab0e387f Mon Sep 17 00:00:00 2001 From: holta Date: Fri, 25 Oct 2019 02:14:02 -0400 Subject: [PATCH 071/148] Remove 2 unnec '| bool' clauses --- roles/4-server-options/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index b7f1eaa05..fcdaf3fe7 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -68,13 +68,13 @@ - name: CUPS include_role: name: cups - when: cups_install | bool or cups_installed is defined + when: cups_install or cups_installed is defined tags: cups - name: SAMBA include_role: name: samba - when: samba_install | bool or samba_installed is defined + when: samba_install or samba_installed is defined tags: samba - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) From 2243cd6d9ab915a7449eacc492d479fe9004ad62 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 25 Oct 2019 12:13:57 -0500 Subject: [PATCH 072/148] iiab-install account for bluetooth change, expand notes --- iiab-install | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/iiab-install b/iiab-install index 1e87c9b51..d8721bb7a 100755 --- a/iiab-install +++ b/iiab-install @@ -146,17 +146,21 @@ if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then fi # TEMPORARY: Catch images up to current code to benefit from pre-installed apps +# Workaround for (web-published) images; will go away later +# Assumes /etc/iiab/iiab_state.yml is not created until (prior run of) Stage 4 but +# config_vars2.yml is present with the stage counter altered by pi-gen to be 2. if [ -f /etc/iiab/config_vars2.yml ]; then mv /etc/iiab/config_vars2.yml $IIAB_STATE_FILE -fi -# Assumes /etc/iiab/iiab_state.yml is not created until (prior run of) Stage 4. -if [ -f $IIAB_STATE_FILE ]; then - # Workaround for (web-published) images; will go away later +# Fix up prior values in state file +# mongo role improved post image creation if grep -q sugar $IIAB_STATE_FILE; && ! grep -q mongodb $IIAB_STATE_FILE; then echo "mongodb_installed: True" >> $IIAB_STATE_FILE fi +# another change to accout for + sed -i -e 's/pan_bluetooth/bluetooth/' $IIAB_STATE_FILE + if [ "$STAGE" -eq 2 ]; then echo -e "\nCompleting Stage 3 from IIAB image (starts systemd service iiab-setup-db to run the 'mysql' role)." systemctl start iiab-setup-db @@ -164,6 +168,11 @@ if [ -f $IIAB_STATE_FILE ]; then PLAYBOOK="iiab-from-console.yml" # Stage 4-9 then Network Role ARGS="" # Removes '--extra-vars reinstall=True' if --reinstall, BUT WHY? +# the same as --reinstall execpt stage 3 is not run as there are no other functional +# changes in stage 3 to account for post image creation once the above is run. +# reinstall=True would force kiwix to re-download and re-install in commit +# ce2ec3b0cad76449caf3299003b5d297a3164181 +## End image catch up fi echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!\n" From 3d321be92a850520ea853a48d5ea84a555ea9726 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 25 Oct 2019 12:32:06 -0500 Subject: [PATCH 073/148] iiab-install - don't repeat prior roles that completed successfully within a stage --- iiab-install | 8 ++++++++ iiab-stages.yml | 1 + 2 files changed, 9 insertions(+) diff --git a/iiab-install b/iiab-install index d8721bb7a..4715ea046 100755 --- a/iiab-install +++ b/iiab-install @@ -175,6 +175,14 @@ if [ -f /etc/iiab/config_vars2.yml ]; then ## End image catch up fi +# allow iiab-install to read IIAB_STATE_FILE to not repeat installs of previous +# roles that already completed within the stage. +if [ ! -f $IIAB_STATE_FILE ]; then + if [ ! -d /etc/iiab ]; then + mkdir /etc/iiab/ + fi + touch $IIAB_STATE_FILE +fi echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!\n" echo -e "Running local Ansible playbooks...\n...Stage 0 will now run\n...followed by Stages $(($STAGE + 1))-9\n...and then the Network Role.\n" diff --git a/iiab-stages.yml b/iiab-stages.yml index 35db6f84f..0c1aef6f0 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -7,6 +7,7 @@ - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver }}.yml - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml tasks: From 38bc11305903c88aadfd6aacc85566f67f15a940 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 16 Oct 2019 00:37:37 -0500 Subject: [PATCH 074/148] runrole --reinstall to remove role installed marker --- runrole | 1 - 1 file changed, 1 deletion(-) diff --git a/runrole b/runrole index 1792e710a..bcbaf191b 100755 --- a/runrole +++ b/runrole @@ -7,7 +7,6 @@ REINSTALL=0 CWD=`pwd` IIAB_STATE_FILE=/etc/iiab/iiab_state.yml LOCAL_VARS_FILE=/etc/iiab/local_vars.yml - if [ ! -f $PLAYBOOK ]; then echo "Exiting: IIAB Playbook not found." echo "Please run this in /opt/iiab/iiab (top level of the git repo)." From b47558e284b23aad609ead66f120fd430fd693b0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 3 Nov 2019 23:37:55 -0600 Subject: [PATCH 075/148] bug fix - one extra ; in 880c4a940384e4d261f0b53febe60fd083d4edad --- iiab-configure | 2 +- iiab-install | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/iiab-configure b/iiab-configure index aa010bbfa..306be093f 100755 --- a/iiab-configure +++ b/iiab-configure @@ -43,7 +43,7 @@ else fi # Workaround for (web-published) images; will go away later -if grep -q sugar $IIAB_STATE_FILE; && ! grep -q mongodb $IIAB_STATE_FILE; then +if grep -q sugar $IIAB_STATE_FILE && ! grep -q mongodb $IIAB_STATE_FILE; then echo "mongodb_installed: True" >> $IIAB_STATE_FILE fi diff --git a/iiab-install b/iiab-install index 4715ea046..23a9bc629 100755 --- a/iiab-install +++ b/iiab-install @@ -154,7 +154,7 @@ if [ -f /etc/iiab/config_vars2.yml ]; then # Fix up prior values in state file # mongo role improved post image creation - if grep -q sugar $IIAB_STATE_FILE; && ! grep -q mongodb $IIAB_STATE_FILE; then + if grep -q sugar $IIAB_STATE_FILE && ! grep -q mongodb $IIAB_STATE_FILE; then echo "mongodb_installed: True" >> $IIAB_STATE_FILE fi From a2bda045ef61a204d8fb7cca85d9b7cf7b26ea61 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 3 Nov 2019 23:50:21 -0600 Subject: [PATCH 076/148] add temp Co-Authored-By: A Holt --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 23a9bc629..d394dae69 100755 --- a/iiab-install +++ b/iiab-install @@ -158,7 +158,7 @@ if [ -f /etc/iiab/config_vars2.yml ]; then echo "mongodb_installed: True" >> $IIAB_STATE_FILE fi -# another change to accout for +# TEMPORARY: another change to account for sed -i -e 's/pan_bluetooth/bluetooth/' $IIAB_STATE_FILE if [ "$STAGE" -eq 2 ]; then From 9bbebfade7e03f9d523f555cb827782c27fc4a44 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 3 Nov 2019 23:50:38 -0600 Subject: [PATCH 077/148] The Co-Authored-By: A Holt --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index d394dae69..5c1ee42d2 100755 --- a/iiab-install +++ b/iiab-install @@ -168,7 +168,7 @@ if [ -f /etc/iiab/config_vars2.yml ]; then PLAYBOOK="iiab-from-console.yml" # Stage 4-9 then Network Role ARGS="" # Removes '--extra-vars reinstall=True' if --reinstall, BUT WHY? -# the same as --reinstall execpt stage 3 is not run as there are no other functional +# The same as --reinstall except Stage 3 is not run as there are no other functional # changes in stage 3 to account for post image creation once the above is run. # reinstall=True would force kiwix to re-download and re-install in commit # ce2ec3b0cad76449caf3299003b5d297a3164181 From c548b00d56830569f17df7445b6d82e3720440da Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 3 Nov 2019 23:51:01 -0600 Subject: [PATCH 078/148] Allow Co-Authored-By: A Holt --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 5c1ee42d2..57a168a60 100755 --- a/iiab-install +++ b/iiab-install @@ -175,7 +175,7 @@ if [ -f /etc/iiab/config_vars2.yml ]; then ## End image catch up fi -# allow iiab-install to read IIAB_STATE_FILE to not repeat installs of previous +# Allow iiab-install to read IIAB_STATE_FILE to not repeat installs of previous # roles that already completed within the stage. if [ ! -f $IIAB_STATE_FILE ]; then if [ ! -d /etc/iiab ]; then From b21b72ac92101fca3248890950f4022e72f10129 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 3 Nov 2019 23:53:01 -0600 Subject: [PATCH 079/148] if ! d Co-Authored-By: A Holt --- iiab-install | 3 --- 1 file changed, 3 deletions(-) diff --git a/iiab-install b/iiab-install index 57a168a60..1f3db3e10 100755 --- a/iiab-install +++ b/iiab-install @@ -178,9 +178,6 @@ fi # Allow iiab-install to read IIAB_STATE_FILE to not repeat installs of previous # roles that already completed within the stage. if [ ! -f $IIAB_STATE_FILE ]; then - if [ ! -d /etc/iiab ]; then - mkdir /etc/iiab/ - fi touch $IIAB_STATE_FILE fi echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!\n" From fcf3175c55399567ea78e108e013e6024ecbc0e0 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 3 Nov 2019 23:54:44 -0600 Subject: [PATCH 080/148] Stage Co-Authored-By: A Holt --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 1f3db3e10..9ffa92bc9 100755 --- a/iiab-install +++ b/iiab-install @@ -169,7 +169,7 @@ if [ -f /etc/iiab/config_vars2.yml ]; then PLAYBOOK="iiab-from-console.yml" # Stage 4-9 then Network Role ARGS="" # Removes '--extra-vars reinstall=True' if --reinstall, BUT WHY? # The same as --reinstall except Stage 3 is not run as there are no other functional -# changes in stage 3 to account for post image creation once the above is run. +# changes in Stage 3 to account for post image creation, once the above is run. # reinstall=True would force kiwix to re-download and re-install in commit # ce2ec3b0cad76449caf3299003b5d297a3164181 ## End image catch up From c6c04a091340e55836799e3866e7adca5c88c55d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 3 Nov 2019 23:47:44 -0600 Subject: [PATCH 081/148] python3 feedback --- iiab-configure | 1 + 1 file changed, 1 insertion(+) diff --git a/iiab-configure b/iiab-configure index 306be093f..e0e7a58ec 100755 --- a/iiab-configure +++ b/iiab-configure @@ -48,4 +48,5 @@ if grep -q sugar $IIAB_STATE_FILE && ! grep -q mongodb $IIAB_STATE_FILE; then fi export ANSIBLE_LOG_PATH="$CWD/iiab-configure.log" +ansible -m setup -i $INVENTORY localhost ${ARGS} --connection=local | grep python ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local From c5dc3902b031e39f272e446fc4c822001eb024dc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 11:06:54 -0600 Subject: [PATCH 082/148] correct broken line --- roles/kolibri/tasks/enable.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/kolibri/tasks/enable.yml b/roles/kolibri/tasks/enable.yml index 594e4a7d2..b2dca9682 100644 --- a/roles/kolibri/tasks/enable.yml +++ b/roles/kolibri/tasks/enable.yml @@ -28,8 +28,7 @@ owner: root group: root with_items: - - { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.c -onf', mode: '0644' } + - { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' } when: kolibri_enabled | bool and nginx_enabled | bool - name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled From 17868d8e2448ec0f54b47af47a6ea62dcec3c648 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 11:29:59 -0600 Subject: [PATCH 083/148] correct } --- roles/munin/tasks/enable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/munin/tasks/enable.yml b/roles/munin/tasks/enable.yml index 90f5dec4d..e47e59b1e 100644 --- a/roles/munin/tasks/enable.yml +++ b/roles/munin/tasks/enable.yml @@ -47,7 +47,7 @@ group: root mode: 0644 with_items: - - { src: 'munin24-nginx.conf.j2', dest: '/etc/nginx/conf.d/munin24-nginx.conf + - { src: 'munin24-nginx.conf.j2', dest: '/etc/nginx/conf.d/munin24-nginx.conf' } when: munin_enabled | bool and nginx_enabled | bool - name: Add 'munin' variable values to {{ iiab_ini_file }} From 94917cb26c1c779b52237df6ae3d83bd33076989 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 12:07:04 -0600 Subject: [PATCH 084/148] line missing --- roles/calibre-web/tasks/enable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/calibre-web/tasks/enable.yml b/roles/calibre-web/tasks/enable.yml index de802501a..244c8b942 100644 --- a/roles/calibre-web/tasks/enable.yml +++ b/roles/calibre-web/tasks/enable.yml @@ -40,7 +40,7 @@ owner: root group: root with_items: - - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-$ + - { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' } when: calibreweb_enabled | bool and nginx_enabled | bool - name: Restart nginx systemd service From 62672c960504ab468a32461e9f4b3be14a205340 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 12:20:24 -0600 Subject: [PATCH 085/148] default_vars --- vars/default_vars.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 486c75b9a..56f14f4a5 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -206,10 +206,6 @@ openvpn_server_real_ip: 3.89.148.185 openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_port: 1194 -# apache -apache_install: True -apache_enabled: True -allow_apache_sudo: False # Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4. # Please see recommendations at: https://itsfoss.com/swap-size/ pi_swap_file_size: 1024 @@ -226,18 +222,19 @@ exFAT_enabled: True # 3-BASE-SERVER -# Variables fo Administrative Console +# Variables for Administrative Console admin_console_install: True admin_console_enabled: True # variables related to introduction of nginx # apache -apache_port: "8090" -apache_interface: "127.0.0.1" apache_install: True apache_enabled: True +apache_port: "8090" +apache_interface: "127.0.0.1" # The following variable, if True, allows Admin Console to poweroff IIAB -allow_apache_sudo: False +# see below +#allow_apache_sudo: False nginx_port: "80" nginx_interface: "0.0.0.0" @@ -254,6 +251,7 @@ apache_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 # ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini # + # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True From 7ea71e536399c235282d314eaba2cd05c9952756 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 12:25:17 -0600 Subject: [PATCH 086/148] bump to uwsgi-plugin-python3 --- roles/nginx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index c74bbca11..85fd4e051 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -3,7 +3,7 @@ with_items: - nginx-extras - uwsgi - - uwsgi-plugin-python + - uwsgi-plugin-python3 - php-fpm - libnginx-mod-http-subs-filter when: nginx_install | bool From 7e99294580a125733e07b1d5c98ef6fd14b3e1ca Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 12:40:09 -0600 Subject: [PATCH 087/148] omit unit file --- roles/nginx/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 85fd4e051..8617613a5 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -17,7 +17,8 @@ - { src: "nginx.conf",dest: "/etc/nginx/" } - { src: "usb-lib.conf",dest: "/etc/nginx/conf.d/" } - { src: "admin-console.ini",dest: "/etc/uwsgi/apps-enabled/" } - - { src: "uwsgi.unit",dest: "/etc/systemd/system/" } +# the above should be enough once uwsgi is started +# - { src: "uwsgi.unit",dest: "/etc/systemd/system/uwsgi.socket" } - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } when: nginx_enabled | bool From 6a26bb1ff6e285ef65f868a2f2b0280b67c0825a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Nov 2019 12:01:11 -0500 Subject: [PATCH 088/148] syntax: echo "$var" + rpi-update warning --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 9ffa92bc9..ecd60e731 100755 --- a/iiab-install +++ b/iiab-install @@ -74,7 +74,7 @@ echo "Found Kernel ""$CURR_KERN" if [ "$OS" == "raspbian" ] && version_gt $MIN_RPI_KERN $CURR_KERN ; then echo -e "\nEXITING: Kernel ""$MIN_RPI_KERN"" or higher required with Raspbian." echo -e "PLEASE RUN 'apt update' then 'apt install raspberrypi-kernel' then reboot." - echo -e "THEN IF NEC run 'rpi-update' to install a more recent kernel, then reboot." + echo -e "IF TRULY NEC: run 'rpi-update' to install a very recent kernel, then reboot." echo -e "IIAB INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation" exit 1 fi From 4dead092582807a2b75f203c73da0850c42cc3f8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Nov 2019 12:03:51 -0500 Subject: [PATCH 089/148] Update iiab-install --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index ecd60e731..81705b8f5 100755 --- a/iiab-install +++ b/iiab-install @@ -74,7 +74,7 @@ echo "Found Kernel ""$CURR_KERN" if [ "$OS" == "raspbian" ] && version_gt $MIN_RPI_KERN $CURR_KERN ; then echo -e "\nEXITING: Kernel ""$MIN_RPI_KERN"" or higher required with Raspbian." echo -e "PLEASE RUN 'apt update' then 'apt install raspberrypi-kernel' then reboot." - echo -e "IF TRULY NEC: run 'rpi-update' to install a very recent kernel, then reboot." + echo -e "IF TRULY NEC, run 'rpi-update' to install a very recent kernel, then reboot." echo -e "IIAB INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation" exit 1 fi From f35441a100cba62156eed3c3af6c21a86d2ba810 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Nov 2019 12:05:30 -0500 Subject: [PATCH 090/148] Update iiab-install --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 81705b8f5..59680fa6d 100755 --- a/iiab-install +++ b/iiab-install @@ -74,7 +74,7 @@ echo "Found Kernel ""$CURR_KERN" if [ "$OS" == "raspbian" ] && version_gt $MIN_RPI_KERN $CURR_KERN ; then echo -e "\nEXITING: Kernel ""$MIN_RPI_KERN"" or higher required with Raspbian." echo -e "PLEASE RUN 'apt update' then 'apt install raspberrypi-kernel' then reboot." - echo -e "IF TRULY NEC, run 'rpi-update' to install a very recent kernel, then reboot." + echo -e "THEN IF NEC, run 'rpi-update' to install a more recent kernel, then reboot." echo -e "IIAB INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation" exit 1 fi From 57073fa4ed6cd99ec9c6f9ace7f453f41b87e9fe Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 14 Nov 2019 12:09:24 -0500 Subject: [PATCH 091/148] Update iiab-install --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 59680fa6d..9ffa92bc9 100755 --- a/iiab-install +++ b/iiab-install @@ -74,7 +74,7 @@ echo "Found Kernel ""$CURR_KERN" if [ "$OS" == "raspbian" ] && version_gt $MIN_RPI_KERN $CURR_KERN ; then echo -e "\nEXITING: Kernel ""$MIN_RPI_KERN"" or higher required with Raspbian." echo -e "PLEASE RUN 'apt update' then 'apt install raspberrypi-kernel' then reboot." - echo -e "THEN IF NEC, run 'rpi-update' to install a more recent kernel, then reboot." + echo -e "THEN IF NEC run 'rpi-update' to install a more recent kernel, then reboot." echo -e "IIAB INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation" exit 1 fi From 18eb022f2d3cf9284dbf10ec49e23149082a969c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 6 Nov 2019 01:12:53 -0600 Subject: [PATCH 092/148] force apache2 to use localhost only --- roles/nginx/templates/ports.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/ports.conf b/roles/nginx/templates/ports.conf index 5ab767772..5591d27be 100644 --- a/roles/nginx/templates/ports.conf +++ b/roles/nginx/templates/ports.conf @@ -2,7 +2,7 @@ # have to change the VirtualHost statement in # /etc/apache2/sites-enabled/000-default.conf -Listen {{ apache_port }} +Listen 127.0.0.1:{{ apache_port }} # # Listen 443 From 2b09904b63d8dfbc0bf6617953df3e042ef14acb Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 23:53:17 -0600 Subject: [PATCH 093/148] correct botched rebase of only_nginx.yml --- roles/nginx/tasks/only_nginx.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/nginx/tasks/only_nginx.yml b/roles/nginx/tasks/only_nginx.yml index 73f809204..dce442d5b 100644 --- a/roles/nginx/tasks/only_nginx.yml +++ b/roles/nginx/tasks/only_nginx.yml @@ -40,6 +40,7 @@ - name: Remove nginx support for sugarizer file: path: /etc/nginx/conf.d/sugarizer-nginx.conf + state: absent when: not sugarizer_enabled | bool - name: Remove /etc/apache2/sites-enabled/kolibri.conf @@ -61,11 +62,11 @@ - name: Remove nginx support for kolibri when not kolibri_enabled file: path: /etc/nginx/conf.d/kolibri-nginx.conf + state: absent when: not kolibri_enabled | bool - name: Disable /etc/apache2/sites-enabled/calibre-web.conf command: a2dissite calibre-web.conf - when: not calibreweb_enabled - name: Install /etc/nginx/conf.d/calibre-web-nginx.conf template: @@ -78,7 +79,8 @@ - { src: 'roles/calibre-web/templates/calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' } when: calibreweb_enabled -- name: Remove nginx support for sugarizer +- name: Remove nginx support for Calibre-Web file: - path: /etc/nginx/conf.d/sugarizer-nginx.conf + path: /etc/nginx/conf.d/calibre-web-nginx.conf + state: absent when: not calibreweb_enabled | bool From 301446658be7d83ef27712263ace8337ec34ec6d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Nov 2019 00:13:41 -0600 Subject: [PATCH 094/148] correct botched rebase of disable.yml --- roles/nginx/tasks/disable.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 roles/nginx/tasks/disable.yml diff --git a/roles/nginx/tasks/disable.yml b/roles/nginx/tasks/disable.yml new file mode 100644 index 000000000..e6e2dd7e7 --- /dev/null +++ b/roles/nginx/tasks/disable.yml @@ -0,0 +1,24 @@ +#grep -r "not nginx_enabled" roles/ +#roles/calibre-web/tasks/main.yml: when: calibreweb_enabled | bool and not nginx_enabled | bool +#roles/calibre-web/tasks/main.yml: when: not nginx_enabled | bool +#roles/kolibri/tasks/main.yml: when: kolibri_enabled | bool and not nginx_enabled | bool +#roles/kolibri/tasks/main.yml: when: not nginx_enabled | bool +#roles/kiwix/tasks/kiwix_install.yml: when: kiwix_enabled | bool and not nginx_enabled | bool +#roles/kiwix/tasks/kiwix_install.yml: when: not nginx_enabled | bool +#roles/nginx/tasks/main.yml: when: not nginx_enabled | bool +#roles/nginx/tasks/main.yml: when: not nginx_enabled | bool +#roles/sugarizer/tasks/install.yml: when: sugarizer_enabled | bool and not nginx_enabled | bool +#roles/sugarizer/tasks/install.yml: when: sugarizer_enabled | bool and not nginx_enabled | bool + +- name: Enable Calibre-Web for Apache + command: a2ensite calibre-web.conf + +- name: Enable Kolibri for Apache + command: a2ensite kolibri.conf + +- name: Enable kiwix for Apache + command: a2ensite kiwix.conf + +- name: Enable Sugarizer for Apache + command: a2ensite sugarizer.conf + From 7282498ccc5b7e904fe087515c5e48e538271606 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Nov 2019 08:47:38 -0600 Subject: [PATCH 095/148] move nginx to stage 9 --- roles/4-server-options/tasks/main.yml | 6 ------ roles/9-local-addons/tasks/main.yml | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index fcdaf3fe7..49b749a31 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -5,12 +5,6 @@ path: "{{ iiab_state_file }}" state: touch -- name: NGINX - include_role: - name: nginx - when: nginx_install - tags: base, nginx - - name: Install dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index dacbd7e6e..63e587c6c 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -43,6 +43,12 @@ name: calibre-web tags: calibre-web +- name: NGINX + include_role: + name: nginx + when: nginx_install + tags: base, nginx + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: dest: "{{ iiab_env_file }}" From 90ae299665131b0ba7b8aa86ba9ebde62435a248 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Nov 2019 11:25:51 -0600 Subject: [PATCH 096/148] awstats --- roles/awstats/tasks/enable.yml | 56 ++++++++++++++++---------------- roles/awstats/tasks/install.yml | 8 ++--- roles/nginx/tasks/disable.yml | 3 ++ roles/nginx/tasks/only_nginx.yml | 23 +++++++++++++ 4 files changed, 58 insertions(+), 32 deletions(-) diff --git a/roles/awstats/tasks/enable.yml b/roles/awstats/tasks/enable.yml index a99e94c19..a80db27db 100644 --- a/roles/awstats/tasks/enable.yml +++ b/roles/awstats/tasks/enable.yml @@ -1,44 +1,45 @@ -- name: Create symlink awstats.conf from sites-enabled to sites-available (debuntu) +- name: Create symlink awstats.conf from sites-enabled to sites-available (Apache) file: src: /etc/apache2/sites-available/awstats.conf path: /etc/apache2/sites-enabled/awstats.conf state: link - when: awstats_enabled and is_debuntu + when: awstats_enabled and not nginx_enabled -- name: Remove symlink from sites-enabled, to disable AWStats (debuntu) +- name: Remove symlink from sites-enabled, to disable AWStats (Apache) file: path: /etc/apache2/sites-enabled/awstats.conf state: absent - when: not awstats_enabled and is_debuntu + when: not awstats_enabled or nginx_enabled + +- name: Install nginx's files from template + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + with_items: + - { src: "awstats-nginx.conf", dest: "/etc/nginx/conf.d/" } + - { src: "cgi-bin.php", dest: "/etc/nginx/" } + when: awstats_enabled and nginx_enabled + +- name: Remove /etc/nginx/conf.d/awstats-nginx.conf + file: + path: /etc/nginx/conf.d/awstats-nginx.conf + state: absent + when: not awstats_enabled - name: Restart Apache service ({{ apache_service }}) systemd: name: "{{ apache_service }}" state: restarted + when: awstats_enabled and not nginx_enabled -- name: Install /etc/awstats/awstats.schoolserver.conf - template: - src: awstats.schoolserver.conf.j2 - dest: /etc/awstats/awstats.schoolserver.conf - owner: root - group: root - mode: 0644 - when: awstats_enabled | bool - -- name: Create a symlink /etc/awstats/awstats.conf for access by IP address - file: - src: /etc/awstats/awstats.schoolserver.conf - path: /etc/awstats/awstats.conf - state: link - when: awstats_enabled | bool - -- name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu) - shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update - when: awstats_enabled and not is_debuntu - -- name: On first enabling of AWStats, summarize httpd logs up to now (debuntu) - shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update - when: awstats_enabled and is_debuntu +- name: Restart nginx service + systemd: + name: nginx + state: restarted + when: awstats_enabled and nginx_enabled - name: Add 'awstats' variable values to {{ iiab_ini_file }} ini_file: @@ -55,4 +56,3 @@ value: "{{ awstats_install }}" - option: enabled value: "{{ awstats_enabled }}" - diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 580dcf807..ca62368e0 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -36,7 +36,7 @@ - "{{ apache_log_dir }}" - /usr/lib/cgi-bin/awstats # create backward compatible path for awstats -- name: Install nginx's awstats.conf from template (debuntu) +- name: Install Apache's awstats.conf from template (debuntu) template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -44,9 +44,9 @@ group: root mode: 0644 with_items: - - { src: "awstats-nginx.conf", dest: "/etc/nginx/conf.d/" } - - { src: "cgi-bin.php", dest: "/etc/nginx/" } -# - { src: "apache-awstats.conf", dest: "/etc/{{ apache_config_dir }}/awstats.conf" } +# - { src: "awstats-nginx.conf", dest: "/etc/nginx/conf.d/" } +# - { src: "cgi-bin.php", dest: "/etc/nginx/" } + - { src: "apache-awstats.conf", dest: "/etc/{{ apache_config_dir }}/awstats.conf" } when: awstats_enabled and is_debuntu - name: Ensure logrotate doesn't make logs unreadable (debuntu) diff --git a/roles/nginx/tasks/disable.yml b/roles/nginx/tasks/disable.yml index e6e2dd7e7..12034202d 100644 --- a/roles/nginx/tasks/disable.yml +++ b/roles/nginx/tasks/disable.yml @@ -22,3 +22,6 @@ - name: Enable Sugarizer for Apache command: a2ensite sugarizer.conf +- name: Enable AWStats for Apache + command: a2ensite awstats.conf + diff --git a/roles/nginx/tasks/only_nginx.yml b/roles/nginx/tasks/only_nginx.yml index dce442d5b..5024f8e89 100644 --- a/roles/nginx/tasks/only_nginx.yml +++ b/roles/nginx/tasks/only_nginx.yml @@ -1,3 +1,26 @@ +- name: Remove symlink /etc/apache2/sites-enabled/awstats.conf + file: + path: /etc/apache2/sites-enabled/awstats.conf + state: absent + +- name: Install nginx support for awstats if awstats_enabled + copy: + backup: no + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + owner: root + group: root + with_items: + - { src: 'roles/awstats/templates/awstats-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf' , mode: '0644' } + when: awstats_enabled + +- name: Remove nginx support for kiwix + file: + path: /etc/nginx/conf.d/awstats-nginx.conf + state: absent + when: not awstats_enabled + - name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf file: path: /etc/apache2/sites-enabled/kiwix.conf From e5b944fdca763d6b5ac9d4677e0ed15313018418 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Nov 2019 11:34:43 -0600 Subject: [PATCH 097/148] fix runrole --- runrole | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/runrole b/runrole index bcbaf191b..1f2ef14ff 100755 --- a/runrole +++ b/runrole @@ -22,6 +22,12 @@ if [[ $# -eq 0 ]] ; then exit 0 fi +if [ "$1" == "--reinstall" ]; then + ARGS="$ARGS --extra-vars reinstall=True" + REINSTALL=1 + shift 1 +fi + if ! grep -q "^""$1""_install: True" $LOCAL_VARS_FILE; then echo "ERROR: $LOCAL_VARS_FILE must contain '""$1""_install: True'" exit 1 @@ -41,12 +47,6 @@ clear_marker(){ fi } -if [ "$1" == "--reinstall" ]; then - ARGS="$ARGS --extra-vars reinstall=True" - REINSTALL=1 - shift 1 -fi - # Needed for Stages 1-3 if not installed yet if [ ! -f $IIAB_STATE_FILE ]; then touch $IIAB_STATE_FILE From 0cd7f15376885bb6ff5d17fce2c957ff0b834410 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Nov 2019 11:37:20 -0600 Subject: [PATCH 098/148] awstats2 --- roles/nginx/tasks/only_nginx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/only_nginx.yml b/roles/nginx/tasks/only_nginx.yml index 5024f8e89..66e98e1ae 100644 --- a/roles/nginx/tasks/only_nginx.yml +++ b/roles/nginx/tasks/only_nginx.yml @@ -15,7 +15,7 @@ - { src: 'roles/awstats/templates/awstats-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf' , mode: '0644' } when: awstats_enabled -- name: Remove nginx support for kiwix +- name: Remove nginx support for AWStats file: path: /etc/nginx/conf.d/awstats-nginx.conf state: absent From c8dab06ea681b836934348584031f0e1aeab4883 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 24 Aug 2019 13:52:25 -0500 Subject: [PATCH 099/148] move apache_allow_sudo into 4-server-options, move dnsmasq install to 3-base-server move dnsmasq to 3-base split httpd make 'osm' files optional --- roles/3-base-server/tasks/main.yml | 9 +- roles/4-server-options/tasks/main.yml | 10 +- roles/httpd-enable/tasks/main.yml | 1 + roles/httpd/tasks/enable.yml | 69 ++++++++ roles/httpd/tasks/install.yml | 145 +++++++++++++++++ roles/httpd/tasks/main.yml | 222 +------------------------- 6 files changed, 226 insertions(+), 230 deletions(-) create mode 100644 roles/httpd-enable/tasks/main.yml create mode 100644 roles/httpd/tasks/enable.yml create mode 100644 roles/httpd/tasks/install.yml diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index c5c42f05e..d1041ba6f 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -15,11 +15,10 @@ # has no "when: XXXXX_install" flag tags: base, mysql -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - state: restarted - when: not installing +- name: Install dnsmasq + include_tasks: roles/network/tasks/dnsmasq.yml + when: dnsmasq_install | bool + tags: base, domain, dnsmasq, network - name: Recording STAGE 3 HAS COMPLETED ===================== lineinfile: diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 49b749a31..ff691076c 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -5,11 +5,6 @@ path: "{{ iiab_state_file }}" state: touch -- name: Install dnsmasq - include_tasks: roles/network/tasks/dnsmasq.yml - when: dnsmasq_install | bool - tags: base, domain, dnsmasq, network - - name: Install named / BIND include_tasks: roles/network/tasks/named.yml when: named_install | bool @@ -75,6 +70,11 @@ command: /usr/bin/iiab-refresh-wiki-docs when: internet_available and not nodocs +- name: Configure Apache systemd service ({{ apache_service }}) + include_role: + name: httpd-enable + tags: base, httpd + - name: Recording STAGE 4 HAS COMPLETED ================== lineinfile: dest: "{{ iiab_env_file }}" diff --git a/roles/httpd-enable/tasks/main.yml b/roles/httpd-enable/tasks/main.yml new file mode 100644 index 000000000..593affbe1 --- /dev/null +++ b/roles/httpd-enable/tasks/main.yml @@ -0,0 +1 @@ +- include_tasks: roles/httpd/tasks/enable.yml diff --git a/roles/httpd/tasks/enable.yml b/roles/httpd/tasks/enable.yml new file mode 100644 index 000000000..787fca097 --- /dev/null +++ b/roles/httpd/tasks/enable.yml @@ -0,0 +1,69 @@ +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively + lineinfile: + path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + when: apache_high_php_limits | bool + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + +- name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + with_items: + - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' } + - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' } + +- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu) + file: + src: "/etc/{{ apache_config_dir }}/010-iiab.conf" + path: /etc/apache2/sites-enabled/010-iiab.conf + state: link + when: is_debuntu | bool + +# SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways) +- name: Install /etc/{{ apache_config_dir }}/osm.conf for http://box/maps (all OS's) + copy: + src: roles/httpd/files/osm.conf + dest: "/etc/{{ apache_config_dir }}" + owner: root + group: root + mode: 0644 + when: osm_vector_maps_install | bool + +- name: Symlink /etc/apache2/sites-enabled/osm.conf to /etc/{{ apache_config_dir }}/osm.conf (debuntu) + file: + src: "/etc/{{ apache_config_dir }}/osm.conf" + path: /etc/apache2/sites-enabled/osm.conf + state: link + when: is_debuntu | bool and osm_vector_maps_enabled | bool + +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template + template: + src: roles/httpd/templates/020_apache_poweroff.j2 + dest: /etc/sudoers.d/020_apache_poweroff + mode: 0755 + when: apache_allow_sudo | bool + +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff + file: + path: /etc/sudoers.d/020_apache_poweroff + state: absent + when: not apache_allow_sudo + +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" + state: restarted + enabled: yes + daemon_reload: yes diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml new file mode 100644 index 000000000..e3c49dd59 --- /dev/null +++ b/roles/httpd/tasks/install.yml @@ -0,0 +1,145 @@ +- name: 'Install 3 packages: apache2, php{{ php_version }}, php{{ php_version }}-curl (debian)' + package: + #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings) + #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS? + name: + - apache2 + - "php{{ php_version }}" + - "php{{ php_version }}-curl" + state: present + when: is_debian | bool + tags: + - download + +- name: 'Install 2 packages: apache2, php (ubuntu)' + package: + #name: [u'apache2', u'php'] # FAILS ('u' for Unicode strings) + #name: ['apache2', 'php'] # WORKS + name: + - apache2 + - php + state: present + when: is_ubuntu | bool + tags: + - download + +# 2019-05-30: It's interesting that http://box.lan/admin and everything seems +# to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu +# 16.04 (SEE PR #1697). And likely all others? @tim-moody writes "I think +# we decided that because sqlite3 and php are part of the base install the +# connector should be too." +# +# We might *try* deprecating this here as we transition beyond {raspbian-9, +# debian-9, ubuntu-18} in coming months to verify that roles/osm-vector-maps +# is the only role that needs it? +# +# Legacy Comment: SQLite3 no longer included in another package +- name: Install php{{ php_version }}-sqlite3 (raspbian-9+ or debian-9+ or ubuntu-18+) + package: + name: "php{{ php_version }}-sqlite3" + #when: is_raspbian_9 or is_debian_9 or is_ubuntu_18 + when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16) + #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18 + +- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)' + package: + #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings) + #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS + name: + - httpd + - mod_authnz_external + - php + - php-curl + state: present + when: is_redhat | bool + tags: + - download + +# remove symlinks for mpm-event, replace with mpm-prefork +- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) + file: + path: "/etc/apache2/mods-enabled/{{ item }}" + state: absent + with_items: + - mpm_event.conf + - mpm_event.load + when: is_debuntu | bool + +- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu) + file: + src: "/etc/apache2/mods-available/{{ item }}" + path: "/etc/apache2/mods-enabled/{{ item }}" + state: link + with_items: + - mpm_prefork.conf + - mpm_prefork.load + when: is_debuntu | bool + +#- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)' +# command: a2enmod {{ item }} +# with_items: +# - proxy +# - proxy_html +# - headers +# - rewrite +# when: is_debuntu | bool + +- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)' + apache2_module: + name: "{{ item }}" + - headers + - proxy + - proxy_html + - proxy_http + - rewrite + when: is_debuntu | bool + +- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu) + file: + path: "{{ item }}" + state: absent + with_items: + - /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere? + - /etc/apache2/sites-enabled/000-default.conf + when: is_debuntu | bool + +- name: Create Apache's pid dir /var/run/{{ apache_user }} + file: + path: "/var/run/{{ apache_user }}" + mode: 0755 + owner: root + group: root + state: directory + +- name: 'Create group: admin' + group: + name: admin + state: present + +- name: Add user {{ apache_user }} (from variable apache_user) to group admin + user: + name: "{{ apache_user }}" + groups: admin + state: present + createhome: no + +- name: Create Apache dir /var/log/{{ apache_service }} + file: + path: "/var/log/{{ apache_service }}" + mode: 0755 + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + state: directory + +- name: Enable Apache systemd service ({{ apache_service }}) + service: + name: "{{ apache_service }}" + enabled: yes + +- name: Create /library/www/html/info directory for http://box/info offline docs + file: + path: "{{ doc_root }}/info" + mode: 0755 + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + state: directory diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 669f5b6bd..1028f0096 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,206 +1,6 @@ -- name: 'Install 3 packages: apache2, php{{ php_version }}, php{{ php_version }}-curl (debian)' - package: - #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings) - #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS? - name: - - apache2 - - "php{{ php_version }}" - - "php{{ php_version }}-curl" - state: present - when: is_debian | bool +- include_tasks: install.yml tags: - - download - -- name: 'Install 2 packages: apache2, php (ubuntu)' - package: - #name: [u'apache2', u'php'] # FAILS ('u' for Unicode strings) - #name: ['apache2', 'php'] # WORKS - name: - - apache2 - - php - state: present - when: is_ubuntu | bool - tags: - - download - -# 2019-05-30: It's interesting that http://box.lan/admin and everything seems -# to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu -# 16.04 (SEE PR #1697). And likely all others? @tim-moody writes "I think -# we decided that because sqlite3 and php are part of the base install the -# connector should be too." -# -# We might *try* deprecating this here as we transition beyond {raspbian-9, -# debian-9, ubuntu-18} in coming months to verify that roles/osm-vector-maps -# is the only role that needs it? -# -# Legacy Comment: SQLite3 no longer included in another package -- name: Install php{{ php_version }}-sqlite3 (raspbian-9+ or debian-9+ or ubuntu-18+) - package: - name: "php{{ php_version }}-sqlite3" - #when: is_raspbian_9 or is_debian_9 or is_ubuntu_18 - when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16) - #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18 - -- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)' - package: - #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings) - #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS - name: - - httpd - - mod_authnz_external - - php - - php-curl - state: present - when: is_redhat | bool - tags: - - download - -- name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates - template: - backup: yes - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 - with_items: - - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' } - - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' } - #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' } # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147 - -# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively - lineinfile: - path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - when: apache_high_php_limits | bool - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - -# remove symlinks for mpm-event, replace with mpm-prefork -- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) - file: - path: "/etc/apache2/mods-enabled/{{ item }}" - state: absent - with_items: - - mpm_event.conf - - mpm_event.load - when: is_debuntu | bool - -- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu) - file: - src: "/etc/apache2/mods-available/{{ item }}" - path: "/etc/apache2/mods-enabled/{{ item }}" - state: link - with_items: - - mpm_prefork.conf - - mpm_prefork.load - when: is_debuntu | bool - -#- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)' -# command: a2enmod {{ item }} -# with_items: -# - proxy -# - proxy_html -# - headers -# - rewrite -# when: is_debuntu | bool -# -# NOTE: activity-server/tasks/main.yml runs "a2enmod expires" -# NOTE: awstats/tasks/install.yml runs "a2enmod cgi" -# NOTE: nodered/tasks/main.yml uses apache2_module to install "proxy_wstunnel" -# 2019-10-07: proxy_http is definitely essential! (ARE THE OTHER 4 BELOW REALLY NEEDED ?) -- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)' - apache2_module: - name: "{{ item }}" - with_items: - - headers - - proxy - - proxy_html - - proxy_http - - rewrite - when: is_debuntu | bool - -- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu) - file: - src: "/etc/{{ apache_config_dir }}/010-iiab.conf" - path: /etc/apache2/sites-enabled/010-iiab.conf - state: link - when: is_debuntu | bool - -- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu) - file: - path: "{{ item }}" - state: absent - with_items: - - /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere? - - /etc/apache2/sites-enabled/000-default.conf - when: is_debuntu | bool - -- name: Create Apache's pid dir /var/run/{{ apache_user }} - file: - path: "/var/run/{{ apache_user }}" - mode: 0755 - owner: root - group: root - state: directory - -- name: 'Create group: admin' - group: - name: admin - state: present - -- name: Add user {{ apache_user }} (from variable apache_user) to group admin - user: - name: "{{ apache_user }}" - groups: admin - state: present - createhome: no - -- name: Create Apache dir /var/log/{{ apache_service }} - file: - path: "/var/log/{{ apache_service }}" - mode: 0755 - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - state: directory - -- name: Enable Apache systemd service ({{ apache_service }}) - service: - name: "{{ apache_service }}" - enabled: yes - -- name: Create /library/www/html/info directory for http://box/info offline docs - file: - path: "{{ doc_root }}/info" - mode: 0755 - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - state: directory - -# SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways) -- name: Install /etc/{{ apache_config_dir }}/osm.conf for http://box/maps (all OS's) - copy: - src: osm.conf - dest: "/etc/{{ apache_config_dir }}" - owner: root - group: root - mode: 0644 - backup: yes - -- name: Symlink /etc/apache2/sites-enabled/osm.conf to /etc/{{ apache_config_dir }}/osm.conf (debuntu) - file: - src: "/etc/{{ apache_config_dir }}/osm.conf" - path: /etc/apache2/sites-enabled/osm.conf - #path: "/etc/{{ apache_service }}/sites-enabled/osm.conf" - state: link - when: is_debuntu | bool + - base - include_tasks: html.yml tags: @@ -216,21 +16,3 @@ src: refresh-wiki-docs.sh dest: /usr/bin/iiab-refresh-wiki-docs mode: 0755 - -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template - template: - src: 020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff - mode: 0755 - when: apache_allow_sudo | bool - -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff - file: - path: /etc/sudoers.d/020_apache_poweroff - state: absent - when: not apache_allow_sudo - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - state: restarted From 021ca725a52594f89f75aae541ab57e91d5a86b1 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Nov 2019 02:32:05 -0600 Subject: [PATCH 100/148] split nginx - move httpd-enable --- roles/3-base-server/tasks/main.yml | 6 +++++- roles/4-server-options/tasks/main.yml | 5 ----- roles/9-local-addons/tasks/main.yml | 9 ++++++++- roles/nginx/tasks/install.yml | 18 ++++++++++++++++++ roles/nginx/tasks/main.yml | 22 ---------------------- 5 files changed, 31 insertions(+), 29 deletions(-) create mode 100644 roles/nginx/tasks/install.yml diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index d1041ba6f..b332c0f21 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -15,9 +15,13 @@ # has no "when: XXXXX_install" flag tags: base, mysql +- name: Install nginx + include_tasks: roles/nginx/tasks/install.yml + when: nginx_install + - name: Install dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml - when: dnsmasq_install | bool + when: dnsmasq_install tags: base, domain, dnsmasq, network - name: Recording STAGE 3 HAS COMPLETED ===================== diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index ff691076c..e0740cf93 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -70,11 +70,6 @@ command: /usr/bin/iiab-refresh-wiki-docs when: internet_available and not nodocs -- name: Configure Apache systemd service ({{ apache_service }}) - include_role: - name: httpd-enable - tags: base, httpd - - name: Recording STAGE 4 HAS COMPLETED ================== lineinfile: dest: "{{ iiab_env_file }}" diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 63e587c6c..2c5e66f39 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -43,12 +43,19 @@ name: calibre-web tags: calibre-web -- name: NGINX +# could split this two below to stage 10? +- name: Configure NGINX include_role: name: nginx when: nginx_install tags: base, nginx +- name: Configure Apache systemd service ({{ apache_service }}) + include_role: + name: httpd-enable + when: apache_install + tags: base, httpd + - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: dest: "{{ iiab_env_file }}" diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml new file mode 100644 index 000000000..486a36506 --- /dev/null +++ b/roles/nginx/tasks/install.yml @@ -0,0 +1,18 @@ +- name: Install nginx required and helper packages + package: name={{ item }} state=present + with_items: + - nginx-extras + - uwsgi + - uwsgi-plugin-python3 + - php-fpm + - libnginx-mod-http-subs-filter + +- name: Add http server user to shadow group, so it can authenticate Admin Console + user: + name: "{{ apache_user }}" + groups: shadow + +- name: Remove the nginx default config + file: + path: /etc/nginx/sites-enabled/default + state: absent diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 8617613a5..1fcecb189 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,13 +1,3 @@ -- name: Install nginx required and helper packages - package: name={{ item }} state=present - with_items: - - nginx-extras - - uwsgi - - uwsgi-plugin-python3 - - php-fpm - - libnginx-mod-http-subs-filter - when: nginx_install | bool - - name: Put the config file in place template: src: '{{ item.src}}' @@ -22,18 +12,6 @@ - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } when: nginx_enabled | bool -- name: Add http server user to shadow group, so it can authenticate Admin Console - user: - name: "{{ apache_user }}" - groups: shadow - when: nginx_install | bool - -- name: Remove the nginx default config - file: - path: /etc/nginx/sites-enabled/default - state: absent - when: nginx_install | bool - - name: Insure that apache2 is not running -- we may need port swap systemd: name: apache2 From 0879bcd457b9129038f47ab79caa3c5a6c7fbe5c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Nov 2019 02:46:55 -0600 Subject: [PATCH 101/148] supply base config files and cleanup --- roles/nginx/tasks/install.yml | 8 ++++++++ roles/nginx/tasks/main.yml | 22 +++++++++++----------- roles/nginx/tasks/uses_apache.yml | 14 +++++++------- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 486a36506..d5fcba50a 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -16,3 +16,11 @@ file: path: /etc/nginx/sites-enabled/default state: absent + +- name: Put the config file in place + template: + src: '{{ item.src}}' + dest: '{{ item.dest }}' + with_items: + - { src: "server.conf",dest: "/etc/nginx/" } + - { src: "nginx.conf",dest: "/etc/nginx/" } diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 1fcecb189..1a838b9de 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -10,7 +10,7 @@ # the above should be enough once uwsgi is started # - { src: "uwsgi.unit",dest: "/etc/systemd/system/uwsgi.socket" } - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } - when: nginx_enabled | bool + when: nginx_enabled - name: Insure that apache2 is not running -- we may need port swap systemd: @@ -24,20 +24,20 @@ # Comment one or the other to revert from nginx back to apache2, if required # src: admin-console-apache.conf dest: /etc/nginx/conf.d/admin-console.conf - when: admin_console_enabled | bool and nginx_enabled | bool + when: admin_console_enabled and nginx_enabled - name: Enable the uwsgi systemd service systemd: name: uwsgi state: started enabled: True - when: admin_console_enabled | bool and nginx_enabled | bool + when: admin_console_enabled and nginx_enabled # the below slides in nginx's proxypass config files for apache on localhost # via the ports.conf file installed above - name: Install proxpass to apache running on localhost port {{ apache_port }} include_tasks: uses_apache.yml - when: nginx_enabled | bool + when: nginx_enabled # the below task contains the same logic contained in the playbooks to enable # 'runrole nginx' to do the right thing but with the 'src' path set to role's @@ -45,25 +45,25 @@ - name: Install proxpass to other services 'dual mode' roles include_tasks: only_nginx.yml - when: nginx_enabled | bool + when: nginx_enabled - name: Stop and disable nginx when not nginx_enabled systemd: name: nginx state: stopped enabled: false - when: not nginx_enabled | bool + when: not nginx_enabled - name: Disable apache port {{ apache_port }} localhost only template: dest: /etc/{{ apache_service }}/ports.conf src: stock-apache-ports.conf - when: not nginx_enabled | bool + when: not nginx_enabled # should have the logic to handle both modes in the playbook -- name: Rerun 'dual mode' roles by calling role's main.yml file when ngix is disabled +- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is diabled include_tasks: disable.yml - when: not nginx_enabled | bool + when: not nginx_enabled - name: Since we stopped apache2, start it again systemd: @@ -71,7 +71,7 @@ state: restarted enabled: true daemon_reload: yes - when: apache_enabled | bool + when: apache_enabled - name: Restart nginx to pick up the config files installed systemd: @@ -79,4 +79,4 @@ state: restarted enabled: true daemon_reload: yes - when: nginx_enabled | bool + when: nginx_enabled diff --git a/roles/nginx/tasks/uses_apache.yml b/roles/nginx/tasks/uses_apache.yml index fb576bbaa..97ef79bde 100644 --- a/roles/nginx/tasks/uses_apache.yml +++ b/roles/nginx/tasks/uses_apache.yml @@ -5,29 +5,29 @@ owner: root group: root mode: 0644 - when: moodle_enabled | bool + when: moodle_enabled - name: Install /etc/nginx/conf.d/elgg-nginx.conf from template template: src: elgg-nginx.conf dest: "/etc/nginx/conf.d/elgg-nginx.conf" - when: elgg_enabled | bool + when: elgg_enabled - name: Install /etc/nginx/lokole-nginx.conf from template template: src: lokole-nginx.conf.j2 dest: "/etc/nginx/conf.d/lokole-nginx.conf" - when: lokole_enabled | bool + when: lokole_enabled - name: Install MediaWiki's nginx conf.d file from template template: src: mediawiki-nginx.conf.j2 dest: /etc/nginx/conf.d/mediawiki-nginx.conf - when: mediawiki_enabled | bool + when: mediawiki_enabled - name: Install WordPress's nginx conf.d file from template template: src=nextcloud-nginx.conf dest=/etc/nginx/conf.d/nextcloud-nginx.conf - when: nextcloud_enabled | bool + when: nextcloud_enabled - name: Install NodeRed's nginx conf.d file from template template: @@ -36,13 +36,13 @@ owner: root group: root mode: 0666 - when: nodered_enabled | bool + when: nodered_enabled - name: Install WordPress's nginx conf.d file from template template: src: wordpress-nginx.conf dest: /etc/nginx/conf.d/ - when: wordpress_enabled | bool + when: wordpress_enabled #- name: Install proxpass to apache running on localhost From d638421411c82816c60c964ad329bae62387aedc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Nov 2019 10:54:36 -0600 Subject: [PATCH 102/148] runtime testing --- roles/httpd/tasks/install.yml | 1 + roles/nginx/tasks/install.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index e3c49dd59..8055a8927 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -87,6 +87,7 @@ - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)' apache2_module: name: "{{ item }}" + with_items: - headers - proxy - proxy_html diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index d5fcba50a..8f7ac78ad 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -22,5 +22,5 @@ src: '{{ item.src}}' dest: '{{ item.dest }}' with_items: - - { src: "server.conf",dest: "/etc/nginx/" } - - { src: "nginx.conf",dest: "/etc/nginx/" } + - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" } + - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" } From b9873b79963c3d933a65e60751071b5f26b94f73 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Nov 2019 11:26:11 -0600 Subject: [PATCH 103/148] runtime testing - 'ports' --- roles/nginx/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 8f7ac78ad..abd3efd0d 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -24,3 +24,4 @@ with_items: - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" } - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" } + - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' } From b044282e7769b70d7c5c6adbc6cf0559cf6af99d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Nov 2019 14:42:26 -0600 Subject: [PATCH 104/148] uwsgi last --- roles/nginx/tasks/main.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 1a838b9de..36956d45e 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -26,13 +26,6 @@ dest: /etc/nginx/conf.d/admin-console.conf when: admin_console_enabled and nginx_enabled -- name: Enable the uwsgi systemd service - systemd: - name: uwsgi - state: started - enabled: True - when: admin_console_enabled and nginx_enabled - # the below slides in nginx's proxypass config files for apache on localhost # via the ports.conf file installed above - name: Install proxpass to apache running on localhost port {{ apache_port }} @@ -78,5 +71,11 @@ name: nginx state: restarted enabled: true - daemon_reload: yes when: nginx_enabled + +- name: Enable the uwsgi systemd service + systemd: + name: uwsgi + state: restarted + enabled: true + when: admin_console_enabled and nginx_enabled From 6eee0b353bf65729e94dc4fcfc08a9c8db11ad11 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Nov 2019 15:41:36 -0600 Subject: [PATCH 105/148] only_nginx - use file for calibre-web --- roles/nginx/tasks/only_nginx.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/nginx/tasks/only_nginx.yml b/roles/nginx/tasks/only_nginx.yml index 66e98e1ae..088913946 100644 --- a/roles/nginx/tasks/only_nginx.yml +++ b/roles/nginx/tasks/only_nginx.yml @@ -88,8 +88,10 @@ state: absent when: not kolibri_enabled | bool -- name: Disable /etc/apache2/sites-enabled/calibre-web.conf - command: a2dissite calibre-web.conf +- name: Remove symlink /etc/apache2/sites-enabled/calibre-web.conf + file: + path: /etc/apache2/sites-enabled/calibre-web.conf + state: absent - name: Install /etc/nginx/conf.d/calibre-web-nginx.conf template: From 74cec9d24af81080a22bb15fde9315a12871e0cc Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 21 Nov 2019 08:11:11 -0600 Subject: [PATCH 106/148] httpd-install stop apache after installing --- roles/httpd/tasks/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index 8055a8927..c0f9300d2 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -136,6 +136,7 @@ service: name: "{{ apache_service }}" enabled: yes + state: stopped - name: Create /library/www/html/info directory for http://box/info offline docs file: From b99b60c45680a59d80551a2ef8c9726bdaa8bc92 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 21 Nov 2019 08:34:37 -0600 Subject: [PATCH 107/148] uwsgi & admin-console.ini moving to iiab-admin-console as wanted in chat --- roles/nginx/tasks/main.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 36956d45e..be2772ad9 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -6,7 +6,7 @@ - { src: "server.conf",dest: "/etc/nginx/" } - { src: "nginx.conf",dest: "/etc/nginx/" } - { src: "usb-lib.conf",dest: "/etc/nginx/conf.d/" } - - { src: "admin-console.ini",dest: "/etc/uwsgi/apps-enabled/" } +# - { src: "admin-console.ini",dest: "/etc/uwsgi/apps-enabled/" } # the above should be enough once uwsgi is started # - { src: "uwsgi.unit",dest: "/etc/systemd/system/uwsgi.socket" } - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' } @@ -73,9 +73,9 @@ enabled: true when: nginx_enabled -- name: Enable the uwsgi systemd service - systemd: - name: uwsgi - state: restarted - enabled: true - when: admin_console_enabled and nginx_enabled +#- name: Enable the uwsgi systemd service +# systemd: +# name: uwsgi +# state: restarted +# enabled: true +# when: admin_console_enabled and nginx_enabled From 01c44c05c20bd392b7a5ff786153787062815183 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 21 Nov 2019 10:24:19 -0600 Subject: [PATCH 108/148] also disable sugarizer's enable.yml on debian-10 --- roles/sugarizer/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index d11b83afd..866433d85 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -4,4 +4,4 @@ - name: Enable 'sugarizer' if sugarizer_enabled include_tasks: enable.yml - when: sugarizer_install | bool or sugarizer_installed is defined + when: sugarizer_install | bool or sugarizer_installed is defined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) From aa646dc1a9d4adb226d56d8630990eae4c1ce707 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 21 Nov 2019 10:30:00 -0600 Subject: [PATCH 109/148] also disable sugarizer's enable.yml on debian-10 take 2 --- roles/sugarizer/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 866433d85..949d3e20a 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -4,4 +4,4 @@ - name: Enable 'sugarizer' if sugarizer_enabled include_tasks: enable.yml - when: sugarizer_install | bool or sugarizer_installed is defined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) + when: (sugarizer_install | bool or sugarizer_installed is defined) and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) From 6f596955407ea2bdf5a10381abacbeceb45fb496 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 21 Nov 2019 11:10:29 -0600 Subject: [PATCH 110/148] kolibri - change d/l url --- roles/kolibri/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 20f52bfab..e9cb42687 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -16,7 +16,7 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +kolibri_deb_url: http://ppa.launchpad.net/learningequality/kolibri/ubuntu/pool/main/k/kolibri-source/kolibri_0.12.9-0ubuntu2_all.deb # Kolibri folder to store its data and configuration files. kolibri_home: "{{ content_base }}/kolibri" # /library/kolibri From 148fee91006ea0d8c52272c925429b06aa3d380f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 21 Nov 2019 12:14:35 -0600 Subject: [PATCH 111/148] runrole - remove clear_marker --- runrole | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/runrole b/runrole index 1f2ef14ff..7477c966d 100755 --- a/runrole +++ b/runrole @@ -33,20 +33,6 @@ if ! grep -q "^""$1""_install: True" $LOCAL_VARS_FILE; then exit 1 fi -clear_marker(){ - if [ ! $1 == "internetarchive" ]; then # special handling - if [ $1 == "calibre-web" ]; then # role directory & installed marker differ - sed -i -e '/^calibreweb/d' $IIAB_STATE_FILE - elif [ $1 == "captive-portal" ]; then # role directory & installed marker differ - sed -i -e '/^captive_portal/d' $IIAB_STATE_FILE - #elif [ $1 == "bluetooth" ]; then # role directory & installed marker differ - # sed -i -e '/^pan_bluetooth/d' $IIAB_STATE_FILE - else - sed -i -e "/^$1/d" $IIAB_STATE_FILE - fi - fi -} - # Needed for Stages 1-3 if not installed yet if [ ! -f $IIAB_STATE_FILE ]; then touch $IIAB_STATE_FILE @@ -75,7 +61,17 @@ else fi if [ "$REINSTALL" == "1" ]; then - clear_marker + if [ ! $1 == "internetarchive" ]; then # special handling + if [ $1 == "calibre-web" ]; then # role directory & installed marker differ + sed -i -e '/^calibreweb/d' $IIAB_STATE_FILE + elif [ $1 == "captive-portal" ]; then # role directory & installed marker differ + sed -i -e '/^captive_portal/d' $IIAB_STATE_FILE + #elif [ $1 == "bluetooth" ]; then # role directory & installed marker differ + # sed -i -e '/^pan_bluetooth/d' $IIAB_STATE_FILE + else + sed -i -e "/^$1/d" $IIAB_STATE_FILE + fi + fi fi if [ $# -eq 2 ]; then From 5597848a20e6495155a6144111ebcc9899f10090 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 07:01:11 -0600 Subject: [PATCH 112/148] iiab-make-kiwix-lib.py - print () --- roles/kiwix/templates/iiab-make-kiwix-lib.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index 95652ba3c..cd0b26590 100755 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -153,7 +153,7 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=[""]): # duplicated from i #xml_item_no += 1 # hopefully this is the array number attributes = {} if 'id' not in child.attrib: # is this necessary? implies there are records with no book id which would break index for removal - print "xml record missing Book Id" + print ("xml record missing Book Id") id = child.attrib['id'] for attr in child.attrib: if attr not in kiwix_exclude_attr: @@ -172,7 +172,7 @@ def rem_libr_xml(id): outp = subprocess.check_output(args) except subprocess.CalledProcessError as e: if e.returncode != 2: # skip bogus file open error in kiwix-manage - print outp + print (outp) def add_libr_xml(kiwix_library_xml, zim_path, zimname, zimidx): command = kiwix_manage + " " + kiwix_library_xml + " add " + zim_path + "/" + zimname @@ -242,7 +242,7 @@ def write_zim_versions_idx(): fp.write(json.dumps(zim_versions,indent=2 )) fp.close() else: - print zim_version_idx_dir + " not found." + print (zim_version_idx_dir + " not found.") def get_substitution_data(perma_ref,zims_installed, path_to_id_map): #reconstruct the path in the id map From b9ea8dc181c6a88ff737c1752278d1ed029181fb Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 07:49:09 -0600 Subject: [PATCH 113/148] iiab-make-kiwix-lib.py - use configparser --- roles/kiwix/templates/iiab-make-kiwix-lib.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index cd0b26590..4b917279c 100755 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -19,7 +19,8 @@ import yaml import re import subprocess import shlex -import ConfigParser +#import ConfigParser +import configparser import xml.etree.ElementTree as ET import argparse import fnmatch @@ -204,7 +205,8 @@ def init(): global kiwix_library_xml global kiwix_manage - config = ConfigParser.SafeConfigParser() +# config = ConfigParser.SafeConfigParser() + config = configparser.ConfigParser() config.read(iiab_ini_file) iiab_base_path = config.get('location','iiab_base') zim_path = config.get('kiwix','iiab_zim_path') From 0c5e6dce446906d0062299eb46d9b34a307f5b4f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 07:51:53 -0600 Subject: [PATCH 114/148] iiab-make-kiwix-lib.py - python3 --- roles/kiwix/templates/iiab-make-kiwix-lib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index 4b917279c..200e9324c 100755 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 """ From 7a1b41649df4cb7a7da00ceb02f7d19341170803 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 08:50:39 -0600 Subject: [PATCH 115/148] iiab-update-map - print (), python3 --- roles/osm-vector-maps/templates/iiab-update-map | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 35055e317..baacd922e 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python3 # Scan the osm-vector-maps directory, update the osm-vector-maps-idx.json, add menu-defs from geojson import Feature, Point, FeatureCollection, Polygon @@ -60,7 +60,7 @@ def main(): menus.update_menu_json(menu_ref) return elif region not in map_catalog['regions']: - print "Skipping unknown map " + fname + print ("Skipping unknown map " + fname) continue else: item = map_catalog['regions'][region] From 99ce889308d228151ccb69cf01dbe98b3f6fd6d9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 18 Nov 2019 09:43:37 -0600 Subject: [PATCH 116/148] iiab-update-map - pylint3 says unused --- roles/osm-vector-maps/tasks/main.yml | 21 +++++++++---------- .../osm-vector-maps/templates/iiab-update-map | 4 ++-- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index 83cce8ea3..c698e3644 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -35,19 +35,18 @@ dest: '{{ vector_map_path }}/maplist/assets/' # REMOVE this stanza once the transition to Python 3 is confirmed -- name: Install python-geojson package (OS's prior to Ubuntu 19.10) - package: - name: python-geojson - state: present - when: is_raspbian_9 or is_raspbian_10 or is_ubuntu_16 or is_ubuntu_18 or is_debian_9 or is_debian_10 +#- name: Install python-geojson package (OS's prior to Ubuntu 19.10) +# package: +# name: python-geojson +# state: present +# when: is_raspbian_9 or is_raspbian_10 or is_ubuntu_16 or is_ubuntu_18 or is_debian_9 or is_debian_10 # 2019-10-19: Above python-geojson does not exist on Ubuntu 19.10, so let's -# begin the transition to Python 3... - -- name: Install python3-geojson package (especially for new OS's like Ubuntu 19.10+) - package: - name: python3-geojson # 2019-10-19: available across most/all recent - state: present # OS's, but not yet used by osm-vector-maps code? +# begin the transition to Python 3... currently unused +#- name: Install python3-geojson package (especially for new OS's like Ubuntu 19.10+) +# package: +# name: python3-geojson # 2019-10-19: available across most/all recent +# state: present # OS's, but not yet used by osm-vector-maps code? - name: Install /usr/bin/iiab-update-map for updating of Map Pack catalog & descriptions template: diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index baacd922e..8f18bb4af 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -1,8 +1,8 @@ #!/usr/bin/python3 # Scan the osm-vector-maps directory, update the osm-vector-maps-idx.json, add menu-defs -from geojson import Feature, Point, FeatureCollection, Polygon -import geojson +#from geojson import Feature, Point, FeatureCollection, Polygon +#import geojson import json import os import sys From 4f0827b8762a36b69cbf9528bf38e3413c5ee3d7 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 22 Nov 2019 11:49:33 -0600 Subject: [PATCH 117/148] move iiab_env.py --- roles/2-common/tasks/pylib.yml | 3 ++- roles/{1-prep => 2-common}/templates/iiab_env.py.j2 | 2 +- roles/9-local-addons/tasks/main.yml | 6 ------ 3 files changed, 3 insertions(+), 8 deletions(-) rename roles/{1-prep => 2-common}/templates/iiab_env.py.j2 (97%) diff --git a/roles/2-common/tasks/pylib.yml b/roles/2-common/tasks/pylib.yml index 235aa7a37..077e7ee22 100644 --- a/roles/2-common/tasks/pylib.yml +++ b/roles/2-common/tasks/pylib.yml @@ -7,4 +7,5 @@ mode: 0644 with_items: - { src: 'iiab_const.py.j2', dest: '{{ py3_dist_path }}/iiab/iiab_const.py' } - - { src: 'iiab_lib.py', dest: '{{ py3_dist_path }}/iiab/iiab_lib.py' } \ No newline at end of file + - { src: 'iiab_lib.py', dest: '{{ py3_dist_path }}/iiab/iiab_lib.py' } + - { src: 'iiab_env.py.j2', dest: '{{ iiab_etc_path }}/iiab_env.py.j2' } diff --git a/roles/1-prep/templates/iiab_env.py.j2 b/roles/2-common/templates/iiab_env.py.j2 similarity index 97% rename from roles/1-prep/templates/iiab_env.py.j2 rename to roles/2-common/templates/iiab_env.py.j2 index 78c4869be..d639d4d01 100644 --- a/roles/1-prep/templates/iiab_env.py.j2 +++ b/roles/2-common/templates/iiab_env.py.j2 @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 # read iiab.env from python def get_iiab_env(name): diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 2c5e66f39..df5fc3e04 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -16,12 +16,6 @@ - python-pip # Used by Admin Console state: present -# Used by iiab-update-map, supplied by osm-vector-maps -- name: Create a Python interface to iiab.env - template: - src: roles/1-prep/templates/iiab_env.py.j2 - dest: /etc/iiab/iiab_env.py - - name: CAPTIVE PORTAL include_tasks: roles/captive-portal/tasks/main.yml when: captive_portal_install | bool From ce2a4031adaae942a1ec1361d6183beddd37735d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 26 Nov 2019 12:38:15 -0600 Subject: [PATCH 118/148] should in end .py not .j2.. --- roles/2-common/tasks/pylib.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/pylib.yml b/roles/2-common/tasks/pylib.yml index 077e7ee22..47b870f95 100644 --- a/roles/2-common/tasks/pylib.yml +++ b/roles/2-common/tasks/pylib.yml @@ -8,4 +8,4 @@ with_items: - { src: 'iiab_const.py.j2', dest: '{{ py3_dist_path }}/iiab/iiab_const.py' } - { src: 'iiab_lib.py', dest: '{{ py3_dist_path }}/iiab/iiab_lib.py' } - - { src: 'iiab_env.py.j2', dest: '{{ iiab_etc_path }}/iiab_env.py.j2' } + - { src: 'iiab_env.py.j2', dest: '{{ iiab_etc_path }}/iiab_env.py' } From 6a959fbaeceb06397f8dc137932935ba7976817f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 02:11:49 -0600 Subject: [PATCH 119/148] fix trailing slash issue - remove proxy_bind --- .../calibre-web/templates/calibre-web-nginx.conf.j2 | 13 ++++++------- roles/kolibri/templates/kolibri-nginx.conf.j2 | 13 ++++++------- roles/sugarizer/templates/sugarizer-nginx.conf | 3 --- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 index 7437daaf6..55839acac 100644 --- a/roles/calibre-web/templates/calibre-web-nginx.conf.j2 +++ b/roles/calibre-web/templates/calibre-web-nginx.conf.j2 @@ -1,8 +1,7 @@ -location /books { - proxy_bind $server_addr; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /books; - proxy_pass http://127.0.0.1:8083; +location /books/ { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /books; + proxy_pass http://127.0.0.1:8083; } diff --git a/roles/kolibri/templates/kolibri-nginx.conf.j2 b/roles/kolibri/templates/kolibri-nginx.conf.j2 index 54af28c09..163d0ee95 100644 --- a/roles/kolibri/templates/kolibri-nginx.conf.j2 +++ b/roles/kolibri/templates/kolibri-nginx.conf.j2 @@ -1,9 +1,8 @@ -location /kolibri { - proxy_bind $server_addr; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Script-Name /kolibri; - proxy_pass http://127.0.0.1:8009; +location /kolibri/ { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Script-Name /kolibri; + proxy_pass http://127.0.0.1:8009; } diff --git a/roles/sugarizer/templates/sugarizer-nginx.conf b/roles/sugarizer/templates/sugarizer-nginx.conf index cd7235335..0085217dd 100644 --- a/roles/sugarizer/templates/sugarizer-nginx.conf +++ b/roles/sugarizer/templates/sugarizer-nginx.conf @@ -1,9 +1,6 @@ # sugarizer_port is set to 8089 in /opt/iiab/iiab/vars/default_vars.yml # If you need to change this, edit /etc/iiab/local_vars.yml prior to installing - - location /sugarizer { - proxy_bind $server_addr; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; From 5f9a604e65195d7cee19d2cc460489795e31fe6f Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 02:14:06 -0600 Subject: [PATCH 120/148] remove python2.7 addon --- roles/9-local-addons/tasks/main.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index df5fc3e04..4837c55e0 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -9,13 +9,14 @@ tags: internetarchive # Until porting complete (@jvonau helping transition to Python 3) -- name: 'Install Python 2.7 packages: python, python-pip' - package: - name: - - python - - python-pip # Used by Admin Console - state: present +#- name: 'Install Python 2.7 packages: python, python-pip' +# package: +# name: +# - python +# - python-pip # Used by Admin Console +# state: present +# To be ported soon - name: CAPTIVE PORTAL include_tasks: roles/captive-portal/tasks/main.yml when: captive_portal_install | bool From e71ae36a98592b7809af6a2ee31d28b44ad88f2d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 05:08:43 -0600 Subject: [PATCH 121/148] gitea dokuwiki nginx support --- roles/gitea/tasks/enable.yml | 18 ++++++++++++++--- roles/gitea/templates/gitea-nginx.conf.j2 | 3 +++ roles/nginx/tasks/disable.yml | 3 +++ roles/nginx/tasks/only_nginx.yml | 24 ++++++++++++++++++++++- roles/nginx/tasks/uses_apache.yml | 6 ++++++ roles/nginx/templates/dokuwiki-nginx.conf | 3 +++ vars/default_vars.yml | 3 +++ 7 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 roles/gitea/templates/gitea-nginx.conf.j2 create mode 100644 roles/nginx/templates/dokuwiki-nginx.conf diff --git a/roles/gitea/tasks/enable.yml b/roles/gitea/tasks/enable.yml index 4261584b8..5bfd1d729 100644 --- a/roles/gitea/tasks/enable.yml +++ b/roles/gitea/tasks/enable.yml @@ -21,18 +21,30 @@ src: gitea.conf.j2 dest: "/etc/{{ apache_config_dir }}/gitea.conf" -- name: Enable httpd conf file (debuntu) +- name: Enable httpd conf file (apache) file: src: /etc/{{ apache_config_dir }}/gitea.conf dest: /etc/apache2/sites-enabled/gitea.conf state: link when: gitea_enabled and is_debuntu -- name: Remove httpd conf file (OS's other than debuntu) +- name: Remove apache httpd conf file (OS's other than debuntu) file: path: /etc/apache2/sites-enabled/gitea.conf state: absent - when: not gitea_enabled and is_debuntu + when: not gitea_enabled or nginx_enabled + +- name: Remove nginx httpd conf file + file: + path: /etc/nginx/conf.d/gitea-nginx.conf + state: absent + when: not gitea_enabled + +- name: Enable nginx httpd conf file + template: + src: gitea-nginx.conf.j2 + dest: /etc/nginx/conf.d/gitea-nginx.conf + when: gitea_enabled and nginx_enabled - name: >- Restart Apache ({{ apache_service }}) to {% if gitea_enabled %}enable{% diff --git a/roles/gitea/templates/gitea-nginx.conf.j2 b/roles/gitea/templates/gitea-nginx.conf.j2 new file mode 100644 index 000000000..2545a3f86 --- /dev/null +++ b/roles/gitea/templates/gitea-nginx.conf.j2 @@ -0,0 +1,3 @@ +location {{ gitea_url }}/ { + proxy_pass http://127.0.0.1:{{ gitea_port }}; +} diff --git a/roles/nginx/tasks/disable.yml b/roles/nginx/tasks/disable.yml index 12034202d..8ff87f1ba 100644 --- a/roles/nginx/tasks/disable.yml +++ b/roles/nginx/tasks/disable.yml @@ -10,6 +10,9 @@ #roles/sugarizer/tasks/install.yml: when: sugarizer_enabled | bool and not nginx_enabled | bool #roles/sugarizer/tasks/install.yml: when: sugarizer_enabled | bool and not nginx_enabled | bool +- name: Enable Gitea for Apache + command: a2ensite gitea.conf + - name: Enable Calibre-Web for Apache command: a2ensite calibre-web.conf diff --git a/roles/nginx/tasks/only_nginx.yml b/roles/nginx/tasks/only_nginx.yml index 088913946..127c357b8 100644 --- a/roles/nginx/tasks/only_nginx.yml +++ b/roles/nginx/tasks/only_nginx.yml @@ -108,4 +108,26 @@ file: path: /etc/nginx/conf.d/calibre-web-nginx.conf state: absent - when: not calibreweb_enabled | bool + when: not calibreweb_enabled + +- name: Remove symlink /etc/apache2/sites-enabled/gitea.conf + file: + path: /etc/apache2/sites-enabled/gitea.conf + state: absent + +- name: Install /etc/nginx/conf.d/gitea-nginx.conf + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + with_items: + - { src: 'roles/gitea/templates/gitea-nginx.conf.j2', dest: '/etc/nginx/conf.d/gitea-nginx.conf', mode: '0644' } + when: gitea_enabled + +- name: Remove nginx support for Gitea + file: + path: /etc/nginx/conf.d/gitea-nginx.conf + state: absent + when: not gitea_enabled diff --git a/roles/nginx/tasks/uses_apache.yml b/roles/nginx/tasks/uses_apache.yml index 97ef79bde..f24afcb49 100644 --- a/roles/nginx/tasks/uses_apache.yml +++ b/roles/nginx/tasks/uses_apache.yml @@ -7,6 +7,12 @@ mode: 0644 when: moodle_enabled +- name: Install /etc/nginx/conf.d/dokuwiki-nginx.conf from template + template: + src: dokuwiki-nginx.conf + dest: /etc/nginx/conf.d/dokuwiki-nginx.conf + when: dokuwiki_enabled + - name: Install /etc/nginx/conf.d/elgg-nginx.conf from template template: src: elgg-nginx.conf diff --git a/roles/nginx/templates/dokuwiki-nginx.conf b/roles/nginx/templates/dokuwiki-nginx.conf new file mode 100644 index 000000000..eb05289e5 --- /dev/null +++ b/roles/nginx/templates/dokuwiki-nginx.conf @@ -0,0 +1,3 @@ +location {{ dokuwiki_url }} { + proxy_pass http://127.0.0.1:{{ apache_port }}/{{ dokuwiki_url }}; +} diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 56f14f4a5..3807e7199 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -338,6 +338,7 @@ azuracast_port_range_prefix: 10 dokuwiki_install: False dokuwiki_enabled: False +dokuwiki_url: /wiki mediawiki_install: False mediawiki_enabled: False @@ -354,6 +355,8 @@ elgg_mysql_password: elgg4kids # Gitea (lightweight self-hosted "GitHub") from https://gitea.io gitea_install: False gitea_enabled: False +gitea_url: /gitea +gitea_port: 61734 # Lokole (email for rural communities) from https://ascoderu.ca lokole_install: False From f7c539d175bb4bc493a5f3818c35257fc9f6082e Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 05:49:19 -0600 Subject: [PATCH 122/148] correct default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 3807e7199..b04ed6eb6 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -16,7 +16,7 @@ iiab_local_vars_file: "{{ iiab_etc_path }}/local_vars.yml" # Installation status files iiab_env_file: "{{ iiab_etc_path }}/iiab.env" iiab_ini_file: "{{ iiab_etc_path }}/iiab.ini" -iiab_installed: "{{ iiab_etc_path }}/iiab_state.yml" +iiab_state_file: "{{ iiab_etc_path }}/iiab_state.yml" iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" From f7bc1e4b6788d640835e854d1f04d9cc93707ffa Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 07:24:17 -0600 Subject: [PATCH 123/148] remove | bool Co-Authored-By: A Holt --- roles/sugarizer/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 949d3e20a..fa9a0ddff 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -4,4 +4,4 @@ - name: Enable 'sugarizer' if sugarizer_enabled include_tasks: enable.yml - when: (sugarizer_install | bool or sugarizer_installed is defined) and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) + when: (sugarizer_install or sugarizer_installed is defined) and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) From 1480fdc5834710064f5c502f02546cb9be03e198 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 07:25:37 -0600 Subject: [PATCH 124/148] whitespace Co-Authored-By: A Holt --- roles/nginx/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index abd3efd0d..c484f12d6 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,4 +1,4 @@ -- name: Install nginx required and helper packages +- name: Install nginx required and helper packages package: name={{ item }} state=present with_items: - nginx-extras From b55bd116f2b9504428719b08f9c272ab27273f91 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 07:26:21 -0600 Subject: [PATCH 125/148] Update roles/nginx/tasks/install.yml whitespace Co-Authored-By: A Holt --- roles/nginx/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index c484f12d6..fd70e3632 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -7,7 +7,7 @@ - php-fpm - libnginx-mod-http-subs-filter -- name: Add http server user to shadow group, so it can authenticate Admin Console +- name: Add http server user to shadow group, so it can authenticate Admin Console user: name: "{{ apache_user }}" groups: shadow From 5377c913d0100b42218beb4ca6e247dd37e17821 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 07:28:26 -0600 Subject: [PATCH 126/148] Update roles/nginx/tasks/install.yml wording Co-Authored-By: A Holt --- roles/nginx/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index fd70e3632..0e031be8d 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -17,7 +17,7 @@ path: /etc/nginx/sites-enabled/default state: absent -- name: Put the config file in place +- name: Put config files in place (2 into /etc/nginx, 1 into /etc/{{ apache_service }}) template: src: '{{ item.src}}' dest: '{{ item.dest }}' From e406149a6e4e508b77fedb97aa19780fb0b40dda Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 28 Nov 2019 07:30:27 -0600 Subject: [PATCH 127/148] Apache - whitespace Co-Authored-By: A Holt --- roles/nginx/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index be2772ad9..da750248f 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -47,7 +47,7 @@ enabled: false when: not nginx_enabled -- name: Disable apache port {{ apache_port }} localhost only +- name: Disable Apache port {{ apache_port }} localhost only template: dest: /etc/{{ apache_service }}/ports.conf src: stock-apache-ports.conf From edaecab6c654d068c5da74c7ed209cff06095abe Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 09:16:29 -0500 Subject: [PATCH 128/148] upgrade to restructured scripts --- roles/2-common/templates/iiab_lib.py | 14 ++-- roles/kiwix/tasks/kiwix_install.yml | 2 +- roles/kiwix/templates/iiab-make-kiwix-lib3.py | 82 +++++++++++++++++++ roles/osm-vector-maps/tasks/main.yml | 2 +- .../templates/iiab-update-map3.py | 59 +++++++++++++ 5 files changed, 150 insertions(+), 9 deletions(-) create mode 100644 roles/kiwix/templates/iiab-make-kiwix-lib3.py create mode 100644 roles/osm-vector-maps/templates/iiab-update-map3.py diff --git a/roles/2-common/templates/iiab_lib.py b/roles/2-common/templates/iiab_lib.py index 212437714..9b214476c 100644 --- a/roles/2-common/templates/iiab_lib.py +++ b/roles/2-common/templates/iiab_lib.py @@ -14,7 +14,7 @@ import shlex import configparser import xml.etree.ElementTree as ET import argparse -import iiab.iiab_const as cons +import iiab.iiab_const as CONST lang_codes = {} @@ -39,8 +39,8 @@ def get_zim_list(path): files_processed[zimname] = zimidx zimname = content + filename + ".zim" zimidx = index + filename + ".zim.idx" - if filename in cons.old_zim_map: # handle old names that don't parse - perma_ref = cons.old_zim_map[filename] + if filename in CONST.old_zim_map: # handle old names that don't parse + perma_ref = CONST.old_zim_map[filename] else: ulpos = filename.rfind("_") # but old gutenberg and some other names are not canonical @@ -78,7 +78,7 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=[""]): # duplicated from i return zims_installed, path_to_id_map def rem_libr_xml(id): - command = cons.kiwix_manage + " " + kiwix_library_xml + " remove " + id + command = CONST.kiwix_manage + " " + kiwix_library_xml + " remove " + id #print command args = shlex.split(command) try: @@ -88,7 +88,7 @@ def rem_libr_xml(id): print(outp) def add_libr_xml(kiwix_library_xml, zim_path, zimname, zimidx): - command = cons.kiwix_manage + " " + kiwix_library_xml + " add " + cons.zim_path + "/" + zimname + command = CONST.kiwix_manage + " " + kiwix_library_xml + " add " + CONST.zim_path + "/" + zimname if zimidx: command += " -i " + zim_path + "/" + zimidx #print command @@ -102,7 +102,7 @@ def add_libr_xml(kiwix_library_xml, zim_path, zimname, zimidx): def read_lang_codes(): global lang_codes - with open(cons.lang_codes_path,"r") as f: + with open(CONST.lang_codes_path,"r") as f: reads = f.read() #print("menu.json:%s"%reads) lang_codes = json.loads(reads) @@ -146,7 +146,7 @@ def get_iiab_env(name): iiab_env = {} iiab_env_var = '' try: - fd = open(cons.iiab_env_file,"r") + fd = open("/etc/iiab/iiab.env","r") for line in fd: line = line.lstrip() line = line.rstrip('\n') diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 2c16af3fa..1d9ae4c8b 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -97,7 +97,7 @@ with_items: - { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644'} - { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755'} - - { src: 'iiab-make-kiwix-lib.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'} + - { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'} - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'} - name: Add 'kiwix_installed' variable values to {{ iiab_state_file }} diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib3.py b/roles/kiwix/templates/iiab-make-kiwix-lib3.py new file mode 100644 index 000000000..56417973c --- /dev/null +++ b/roles/kiwix/templates/iiab-make-kiwix-lib3.py @@ -0,0 +1,82 @@ +#!/usr/bin/python3 + +""" + + Creates temp library.xml file for kiwix from contents of /zims/content and index + Updated to handle incremental additions and deletions + + Author: Tim Moody + Contributors: Jerry Vonau + +""" + +import os, sys, syslog +import pwd, grp +import argparse +import iiab.iiab_lib as iiab + +try: + import iiab.adm_lib as adm + adm_cons_installed = True +except: + adm_cons_installed = False + pass + +def main(): + zim_path = iiab.CONST.zim_path + zim_version_idx_dir = adm.CONST.zim_version_idx_dir + + args = parse_args() + # args.device is either value or None + if args.device: # allow override of path + zim_path = args.device + zim_path + zim_version_idx_dir = args.device + zim_version_idx_dir + kiwix_library_xml = zim_path + "/library.xml" + + if not args.no_tmp: # don't append .tmp + kiwix_library_xml += ".tmp" + + # remove existing file if force + if args.force: + try: + os.remove(kiwix_library_xml) + except OSError: + pass + zims_installed = {} + path_to_id_map = {} + else: + zims_installed, path_to_id_map = iiab.read_library_xml(kiwix_library_xml) + + zim_files, zim_versions = iiab.get_zim_list(zim_path) + + # Remove zims not in file system from library.xml + remove_list_str = "" + for item in path_to_id_map: + if item not in zim_files: + iiab.rem_libr_xml(path_to_id_map[item]) + + # Add zims from file system that are not in library.xml + for item in zim_files: + if item not in path_to_id_map: + iiab.add_libr_xml(kiwix_library_xml, zim_path, item, zim_files[item]) + + # Create zim_versions_idx if Admin Console installed + if adm_cons_installed: + print("Writing zim_versions_idx") + iiab.read_lang_codes() # needed by following + adm.write_zim_versions_idx(zim_versions, kiwix_library_xml, zim_version_idx_dir) + sys.exit() + +def parse_args(): + parser = argparse.ArgumentParser(description="Create library.xml for Kiwix.") + parser.add_argument("--device", help="no trailing /. change the target device from internal storage to something else like /media/usb0") + parser.add_argument("--no_tmp", help="don't append .tmp to the library.xml name", action="store_true") + parser.add_argument("-f", "--force", help="force complete rebuild of library.xml", action="store_true") + parser.add_argument("-v", "--verbose", help="Print messages.", action="store_true") + return parser.parse_args() + +# Now start the application +if __name__ == "__main__": + + # Run the main routine + main() diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index c698e3644..4d8c07a8c 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -50,7 +50,7 @@ - name: Install /usr/bin/iiab-update-map for updating of Map Pack catalog & descriptions template: - src: iiab-update-map + src: iiab-update-map3.py dest: /usr/bin/iiab-update-map mode: "0755" diff --git a/roles/osm-vector-maps/templates/iiab-update-map3.py b/roles/osm-vector-maps/templates/iiab-update-map3.py new file mode 100644 index 000000000..22c373df2 --- /dev/null +++ b/roles/osm-vector-maps/templates/iiab-update-map3.py @@ -0,0 +1,59 @@ +#!/usr/bin/env python3 +# Scan the osm-vector-maps directory, update the osm-vector-maps-idx.json, add menu-defs + +import json + +import iiab.iiab_lib as iiab + +try: + import iiab.adm_lib as adm + adm_cons_installed = True +except: + adm_cons_installed = False + pass + +def main(): + adm.get_map_catalog() + #print(json.dumps(map_catalog,indent=2)) + + map_menu_def_list = adm.get_map_menu_defs() + #print((json.dumps(map_menu_def_list,indent=2))) + + previous_idx = adm.read_vector_map_idx() + + installed_maps = adm.get_installed_regions() + print(installed_maps) + + adm.write_vector_map_idx(installed_maps) + + # For installed regions, check that a menu def exists, and it's on home page + for fname in installed_maps: + region = adm.extract_region_from_filename(fname) + if region == 'maplist': # it is the splash page, display only if no others + menu_ref = 'en-map_test' + item = { "perma_ref" : "en-map_test" } + if len(installed_maps) == 1: + adm.update_menu_json(menu_ref) + return + elif region not in adm.map_catalog['regions']: + print("Skipping unknown map " + fname) + continue + else: + item = adm.map_catalog['regions'][region] + menu_ref = item['perma_ref'] + if not (menu_ref in map_menu_def_list): + print(('creating menu def for %s'%item['perma_ref'])) + adm.create_map_menu_def(region,item['perma_ref'] + '.json') + # if autoupdate allowed and this is a new region then add to home menu + if adm.fetch_menu_json_value('autoupdate_menu') and item['perma_ref'] not in previous_idx: + print(('autoudate of menu items is enabled:%s. Adding %s'%(\ + adm.fetch_menu_json_value('autoupdate_menu'),region,))) + adm.update_menu_json(menu_ref) + # redirect from box/maps to an installed map rather than test page + with open(adm.CONST.map_doc_root + '/index.html','w') as fp: + outstr = """ \n\n"""%fname + fp.write(outstr) + +if __name__ == '__main__': + if adm_cons_installed: + main() \ No newline at end of file From bb3c6174f1cea56e7c674567ee932385d78b602e Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 10:25:06 -0500 Subject: [PATCH 129/148] only put bash script here. update-menus in Adm Cons --- .../osm-vector-maps/templates/iiab-update-map | 233 +----------------- .../templates/iiab-update-map3.py | 59 ----- 2 files changed, 12 insertions(+), 280 deletions(-) delete mode 100644 roles/osm-vector-maps/templates/iiab-update-map3.py diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 8f18bb4af..d565ea795 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -1,224 +1,15 @@ -#!/usr/bin/python3 -# Scan the osm-vector-maps directory, update the osm-vector-maps-idx.json, add menu-defs +#!/bin/bash -#from geojson import Feature, Point, FeatureCollection, Polygon -#import geojson -import json -import os -import sys -import fnmatch -import re -from datetime import date +CMDSRV_SCRIPTS="{{ cmdsrv_dir }}/scripts" +if [ ! -f "$CMDSRV_SCRIPTS/iiab_update_menus.py" ]; then + echo "Admin Console not installed. Exiting." + exit +fi -IIAB_PATH='/etc/iiab' -if not IIAB_PATH in sys.path: - sys.path.append(IIAB_PATH) -from iiab_env import get_iiab_env +$CMDSRV_SCRIPTS/iiab_update_menus.py -SCRIPT_DIR = '/opt/admin/cmdsrv/scripts' -if not SCRIPT_DIR in sys.path: - sys.path.append(SCRIPT_DIR) -if os.path.exists(os.path.join(SCRIPT_DIR,'iiab_update_menus.py')): - import iiab_update_menus as menus - console_installed = True -else: - console_installed = False - -doc_root = get_iiab_env('WWWROOT') -menuDefs = doc_root + "/js-menu/menu-files/menu-defs/" -vector_map_idx_dir = doc_root + "/common/assets" -map_doc_root = '{{ vector_map_path }}' # /library/www/osm-vector-maps -# map_catalog will be global, assumed always available -map_catalog = {} -map_menu_def_list = [] -previous_idx = {} # track new regions so we don't thrash on adding to menu - -def main(): - global map_menu_def_list - global previous_idx - - get_map_catalog() - #print(json.dumps(map_catalog,indent=2)) - - map_menu_def_list = get_menu_def_names() - print(json.dumps(map_menu_def_list,indent=2)) - - read_vector_map_idx() - - installed_maps = get_installed_regions() - print(installed_maps) - - write_vector_map_idx(installed_maps) - - # For installed regions, check that a menu def exists, and it's on home page - for fname in installed_maps: - region = extract_region_from_filename(fname) - if region == 'maplist': # it is the splash page, display only if no others - menu_ref = 'en-map_test' - item = { "perma_ref" : "en-map_test" } - if len(installed_maps) == 1: - menus.update_menu_json(menu_ref) - return - elif region not in map_catalog['regions']: - print ("Skipping unknown map " + fname) - continue - else: - item = map_catalog['regions'][region] - menu_ref = item['perma_ref'] - if not (menu_ref in map_menu_def_list): - print('creating menu def for %s'%item['perma_ref']) - create_menu_def(region,item['perma_ref'] + '.json') - # if autoupdate allowed and this is a new region then add to home menu - if fetch_menu_json_value('autoupdate_menu') and item['perma_ref'] not in previous_idx: - print('autoudate of menu items is enabled:%s. Adding %s'%(\ - fetch_menu_json_value('autoupdate_menu'),region,)) - menus.update_menu_json(menu_ref) - # redirect from box/maps to an installed map rather than test page - with open(map_doc_root + '/index.html','w') as fp: - outstr = """ \n\n"""%fname - fp.write(outstr) - - -def get_map_catalog(): - global map_catalog - input_json = map_doc_root + '/maplist/assets/regions.json' - with open(input_json,'r') as regions: - reg_str = regions.read() - map_catalog = json.loads(reg_str) - #print(json.dumps(map_catalog,indent=2)) - -def get_menu_def_names(intended_use='map'): - menu_def_list =[] - os.chdir(menuDefs) - for filename in os.listdir('.'): - if fnmatch.fnmatch(filename, '*.json'): - try: - with open(filename,'r') as json_file: - readstr = json_file.read() - data = json.loads(readstr) - except: - print("failed to parse %s"%filename) - print(readstr) - if data.get('intended_use','') != intended_use: - continue - map_name = data.get('map_name','') - if map_name != '': - menu_def_list.append(map_name) - return menu_def_list - -def get_installed_regions(): - installed = [] - os.chdir(map_doc_root) - for filename in os.listdir('.'): - if fnmatch.fnmatch(filename, '??-osm-omt*'): - region = re.sub(r'^..-osm-..._(.*)',r'\1',filename) - installed.append(region) - # add the splash page if no other maps are present - if len(installed) == 0: - installed.append('maplist') - return installed - -def read_vector_map_idx(): - global previous_idx - try: # will fail first time - with open(vector_map_idx_dir + '/vector-map-idx.json','r') as idx: - str = idx.read() - previous_idx = json.loads(str) - except: - pass - -def write_vector_map_idx(installed_maps): - map_dict ={} - idx_dict = {} - for fname in installed_maps: - region = extract_region_from_filename(fname) - if map == 'maplist': continue # not a real region - map_dict = map_catalog['regions'].get(region,'') - if map_dict == '': continue - - # Create the idx file in format required bo js-menu system - item = map_dict['perma_ref'] - idx_dict[item] = {} - idx_dict[item]['file_name'] = os.path.basename(map_dict['url'][:-4]) - idx_dict[item]['menu_item'] = map_dict['perma_ref'] - idx_dict[item]['size'] = map_dict['size'] - idx_dict[item]['date'] = map_dict['date'] - idx_dict[item]['region'] = region - idx_dict[item]['language'] = map_dict['perma_ref'][:2] - - with open(vector_map_idx_dir + '/vector-map-idx.json','w') as idx: - idx.write(json.dumps(idx_dict,indent=2)) - -def create_menu_def(region,default_name,intended_use='map'): - item = map_catalog['regions'][region] - if len(item.get('language','')) > 2: - lang = item['language'][:2] - else: # default to english - lang = 'en' - filename = lang + '-' + item['perma_ref'] + '.json' - # create a stub for this zim - menuDef = {} - default_logo = 'osm.jpg' - menuDef["intended_use"] = "map" - menuDef["lang"] = lang - menuDef["logo_url"] = default_logo - menuitem = lang + '-' + item['perma_ref'] - menuDef["menu_item_name"] = default_name - - if item.get('title','ERROR') == "World": - fancyTitle = "Planet Earth" - elif item.get('title','ERROR') == "Central America": - fancyTitle = "Central America-Caribbean" - else: - fancyTitle = item.get('title','ERROR') - - if fancyTitle == "Planet Earth": - menuDef["title"] = "OpenStreetMap: " + fancyTitle - else: - menuDef["title"] = "OpenStreetMap: " + fancyTitle + " & Earth" - - menuDef["map_name"] = item['perma_ref'] - # the following is in the idx json - #menuDef["file_name"] = lang + '-osm-omt_' + region + '_' + os.path.basename(item['url'])[:-4] - menuDef["description"] = '19 levels of zoom (~1 m details) for ' + fancyTitle + ', illustrating human geography.

10 levels of zoom (~1 km details) for satellite photos, covering the whole world.' - menuDef["extra_description"] = 'Search for cities/towns with more than 1000 people. There are about 127,654 worldwide.' - menuDef["extra_html"] = "" - #menuDef["automatically_generated"] = "true" - menuDef["change_ref"] = "generated" - menuDef["change_date"] = str(date.today()) - if not os.path.isfile(menuDefs + default_name): # logic to here can still overwrite existing menu def - print("creating %s"%menuDefs + default_name) - with open(menuDefs + default_name,'w') as menufile: - menufile.write(json.dumps(menuDef,indent=4)) - return default_name[:-5] - -def human_readable(num): - # return 3 significant digits and unit specifier - num = float(num) - units = [ '','K','M','G'] - for i in range(4): - if num<10.0: - return "%.2f%s"%(num,units[i]) - if num<100.0: - return "%.1f%s"%(num,units[i]) - if num < 1000.0: - return "%.0f%s"%(num,units[i]) - num /= 1000.0 - -def fetch_menu_json_value(key): - with open( doc_root + '/home/menu.json','r') as menudef: - data = json.loads(menudef.read()) - return data.get(key,'') - -def extract_region_from_filename(fname): - # find the index of the date - nibble = re.search(r"\d{4}-\d{2}-\d{2}",fname) - if nibble: - fname = fname[:nibble.start()-1] - return fname - else: - return("maplist") - -if __name__ == '__main__': - if console_installed: - main() +if [ $? -ne 0 ]; then + echo "Update Menus Failed." + exit 1 +fi +exit diff --git a/roles/osm-vector-maps/templates/iiab-update-map3.py b/roles/osm-vector-maps/templates/iiab-update-map3.py deleted file mode 100644 index 22c373df2..000000000 --- a/roles/osm-vector-maps/templates/iiab-update-map3.py +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/env python3 -# Scan the osm-vector-maps directory, update the osm-vector-maps-idx.json, add menu-defs - -import json - -import iiab.iiab_lib as iiab - -try: - import iiab.adm_lib as adm - adm_cons_installed = True -except: - adm_cons_installed = False - pass - -def main(): - adm.get_map_catalog() - #print(json.dumps(map_catalog,indent=2)) - - map_menu_def_list = adm.get_map_menu_defs() - #print((json.dumps(map_menu_def_list,indent=2))) - - previous_idx = adm.read_vector_map_idx() - - installed_maps = adm.get_installed_regions() - print(installed_maps) - - adm.write_vector_map_idx(installed_maps) - - # For installed regions, check that a menu def exists, and it's on home page - for fname in installed_maps: - region = adm.extract_region_from_filename(fname) - if region == 'maplist': # it is the splash page, display only if no others - menu_ref = 'en-map_test' - item = { "perma_ref" : "en-map_test" } - if len(installed_maps) == 1: - adm.update_menu_json(menu_ref) - return - elif region not in adm.map_catalog['regions']: - print("Skipping unknown map " + fname) - continue - else: - item = adm.map_catalog['regions'][region] - menu_ref = item['perma_ref'] - if not (menu_ref in map_menu_def_list): - print(('creating menu def for %s'%item['perma_ref'])) - adm.create_map_menu_def(region,item['perma_ref'] + '.json') - # if autoupdate allowed and this is a new region then add to home menu - if adm.fetch_menu_json_value('autoupdate_menu') and item['perma_ref'] not in previous_idx: - print(('autoudate of menu items is enabled:%s. Adding %s'%(\ - adm.fetch_menu_json_value('autoupdate_menu'),region,))) - adm.update_menu_json(menu_ref) - # redirect from box/maps to an installed map rather than test page - with open(adm.CONST.map_doc_root + '/index.html','w') as fp: - outstr = """ \n\n"""%fname - fp.write(outstr) - -if __name__ == '__main__': - if adm_cons_installed: - main() \ No newline at end of file From 913cae3d67c7a17337b7e5d7d4623b1442025a55 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 10:34:52 -0500 Subject: [PATCH 130/148] install bash script --- roles/osm-vector-maps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index 4d8c07a8c..c698e3644 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -50,7 +50,7 @@ - name: Install /usr/bin/iiab-update-map for updating of Map Pack catalog & descriptions template: - src: iiab-update-map3.py + src: iiab-update-map dest: /usr/bin/iiab-update-map mode: "0755" From ddfd03b8e6db449f785aa45bdc76bcffcd1a275e Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 10:40:50 -0500 Subject: [PATCH 131/148] cmdsrv scripts dir is not defined until adm cons runs hard code for now --- roles/osm-vector-maps/templates/iiab-update-map | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index d565ea795..637a3ad74 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -1,6 +1,6 @@ #!/bin/bash -CMDSRV_SCRIPTS="{{ cmdsrv_dir }}/scripts" +CMDSRV_SCRIPTS="/opt/admin/cmdsrv/scripts" if [ ! -f "$CMDSRV_SCRIPTS/iiab_update_menus.py" ]; then echo "Admin Console not installed. Exiting." exit From 4a84a30d8e44a0eea0f0e2a9c20f828d8a5811f7 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 14:00:00 -0500 Subject: [PATCH 132/148] don't use undefined constant --- roles/kiwix/templates/iiab-make-kiwix-lib3.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib3.py b/roles/kiwix/templates/iiab-make-kiwix-lib3.py index 56417973c..ac3d6a464 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib3.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib3.py @@ -17,14 +17,15 @@ import iiab.iiab_lib as iiab try: import iiab.adm_lib as adm + zim_version_idx_dir = adm.CONST.zim_version_idx_dir adm_cons_installed = True except: + zim_version_idx_dir = "" adm_cons_installed = False pass def main(): zim_path = iiab.CONST.zim_path - zim_version_idx_dir = adm.CONST.zim_version_idx_dir args = parse_args() # args.device is either value or None From cd922a6f52a651f7f62110d8cdd78a6bb0cb7e01 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 14:22:51 -0500 Subject: [PATCH 133/148] menus to maps --- roles/osm-vector-maps/templates/iiab-update-map | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 637a3ad74..70244bc0d 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -1,12 +1,12 @@ #!/bin/bash CMDSRV_SCRIPTS="/opt/admin/cmdsrv/scripts" -if [ ! -f "$CMDSRV_SCRIPTS/iiab_update_menus.py" ]; then +if [ ! -f "$CMDSRV_SCRIPTS/iiab_update_maps.py" ]; then echo "Admin Console not installed. Exiting." exit fi -$CMDSRV_SCRIPTS/iiab_update_menus.py +$CMDSRV_SCRIPTS/iiab_update_maps.py if [ $? -ne 0 ]; then echo "Update Menus Failed." From ae8269f37da501bfff714561f1f339b59661a0ae Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 14:34:57 -0500 Subject: [PATCH 134/148] and map not maps --- roles/osm-vector-maps/templates/iiab-update-map | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 70244bc0d..63d14fe08 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -1,12 +1,12 @@ #!/bin/bash CMDSRV_SCRIPTS="/opt/admin/cmdsrv/scripts" -if [ ! -f "$CMDSRV_SCRIPTS/iiab_update_maps.py" ]; then +if [ ! -f "$CMDSRV_SCRIPTS/iiab_update_map.py" ]; then echo "Admin Console not installed. Exiting." exit fi -$CMDSRV_SCRIPTS/iiab_update_maps.py +$CMDSRV_SCRIPTS/iiab_update_map.py if [ $? -ne 0 ]; then echo "Update Menus Failed." From 366d893a04c6c75989891518d0d1cd417a3732d3 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 16:41:10 -0500 Subject: [PATCH 135/148] and - not _ --- roles/osm-vector-maps/templates/iiab-update-map | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/osm-vector-maps/templates/iiab-update-map b/roles/osm-vector-maps/templates/iiab-update-map index 63d14fe08..6ddc18a71 100755 --- a/roles/osm-vector-maps/templates/iiab-update-map +++ b/roles/osm-vector-maps/templates/iiab-update-map @@ -1,12 +1,12 @@ #!/bin/bash CMDSRV_SCRIPTS="/opt/admin/cmdsrv/scripts" -if [ ! -f "$CMDSRV_SCRIPTS/iiab_update_map.py" ]; then +if [ ! -f "$CMDSRV_SCRIPTS/iiab-update-map.py" ]; then echo "Admin Console not installed. Exiting." exit fi -$CMDSRV_SCRIPTS/iiab_update_map.py +$CMDSRV_SCRIPTS/iiab-update-map.py if [ $? -ne 0 ]; then echo "Update Menus Failed." From 9c1ee8474f82b12d184d3a2f57f2d9a785bacfb5 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 29 Nov 2019 17:13:02 -0500 Subject: [PATCH 136/148] scope --- roles/kiwix/templates/iiab-make-kiwix-lib3.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib3.py b/roles/kiwix/templates/iiab-make-kiwix-lib3.py index ac3d6a464..d0419eef9 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib3.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib3.py @@ -17,15 +17,16 @@ import iiab.iiab_lib as iiab try: import iiab.adm_lib as adm - zim_version_idx_dir = adm.CONST.zim_version_idx_dir adm_cons_installed = True except: - zim_version_idx_dir = "" adm_cons_installed = False pass def main(): zim_path = iiab.CONST.zim_path + zim_version_idx_dir = "" + if adm_cons_installed: + zim_version_idx_dir = adm.CONST.zim_version_idx_dir args = parse_args() # args.device is either value or None From ae4e17ef1bbaae06ad5e18d03be81cf7abda4ac4 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Sat, 30 Nov 2019 10:38:09 -0500 Subject: [PATCH 137/148] some fixes to testing --- roles/2-common/templates/iiab_lib.py | 2 +- roles/kiwix/templates/iiab-make-kiwix-lib3.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/2-common/templates/iiab_lib.py b/roles/2-common/templates/iiab_lib.py index 9b214476c..3e37e2f8e 100644 --- a/roles/2-common/templates/iiab_lib.py +++ b/roles/2-common/templates/iiab_lib.py @@ -77,7 +77,7 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=[""]): # duplicated from i zims_installed = {} return zims_installed, path_to_id_map -def rem_libr_xml(id): +def rem_libr_xml(id, kiwix_library_xml): command = CONST.kiwix_manage + " " + kiwix_library_xml + " remove " + id #print command args = shlex.split(command) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib3.py b/roles/kiwix/templates/iiab-make-kiwix-lib3.py index d0419eef9..f5f73f678 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib3.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib3.py @@ -55,7 +55,7 @@ def main(): remove_list_str = "" for item in path_to_id_map: if item not in zim_files: - iiab.rem_libr_xml(path_to_id_map[item]) + iiab.rem_libr_xml(path_to_id_map[item], kiwix_library_xml) # Add zims from file system that are not in library.xml for item in zim_files: @@ -66,7 +66,8 @@ def main(): if adm_cons_installed: print("Writing zim_versions_idx") iiab.read_lang_codes() # needed by following - adm.write_zim_versions_idx(zim_versions, kiwix_library_xml, zim_version_idx_dir) + zim_menu_defs = adm.get_zim_menu_defs() # read all menu defs + adm.write_zim_versions_idx(zim_versions, kiwix_library_xml, zim_version_idx_dir, zim_menu_defs) sys.exit() def parse_args(): From 02fb9e16c66eb5b073c946e17891778bdf23b463 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 1 Dec 2019 01:22:27 -0500 Subject: [PATCH 138/148] Lokole 0.5.0 -> 0.5.2 --- roles/lokole/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index df66839e1..a44104f21 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -5,7 +5,7 @@ # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # Info needed to install Lokole -lokole_version: 0.5.0 +lokole_version: 0.5.2 lokole_admin_user: admin # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!) lokole_admin_password: changeme lokole_install_path: "{{ content_base }}/lokole" # /library/lokole From 084f2a0328143e0786cbf8ceccb1485aea5c17b6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 2 Dec 2019 00:41:12 -0600 Subject: [PATCH 139/148] use alternate hosts file for dnsmasq --- roles/network/tasks/enable_services.yml | 6 ++++++ roles/network/tasks/main.yml | 10 +++++----- roles/network/templates/network/dnsmasq.conf.j2 | 7 +++++++ roles/network/templates/network/hosts-dnsmasq.j2 | 3 +++ 4 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 roles/network/templates/network/hosts-dnsmasq.j2 diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 078c290c5..1e224739c 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -54,6 +54,12 @@ dest: /etc/dnsmasq.d/iiab.conf when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") +- name: Install /etc/hosts.dnsmasq from template, sourced by /etc/dnsmasq.d/iiab.conf + template: + src: network/hosts-dnsmasq.j2 + dest: /etc/hosts.dnsmasq + when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") + ## Another way to skin the cat ##- name: Check if systemd service networkd-dispatcher is enabled ## systemd: diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index a97cdab28..6a91c457e 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -49,11 +49,11 @@ # when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"' ##### End static ip address info -- include_tasks: hosts.yml - tags: - - network - - hostname - - domain +#- include_tasks: hosts.yml +# tags: +# - network +# - hostname +# - domain - name: Configure wondershaper include_tasks: wondershaper.yml diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index afd148c89..edf3ae9e6 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -12,6 +12,13 @@ address=/#/{{ lan_ip }} interface={{ iiab_lan_iface }} # Set the domain for dnsmasq domain={{ iiab_domain }} +# don't use /etc/hosts +no-hosts +# instead use +addn-hosts=/etc/hosts.dnsmasq +# append 'local' to hostnames found +expand-hosts + # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease dhcp-range=172.18.100.1,172.18.126.254,1h # Specify the default route diff --git a/roles/network/templates/network/hosts-dnsmasq.j2 b/roles/network/templates/network/hosts-dnsmasq.j2 new file mode 100644 index 000000000..1b5d5fe06 --- /dev/null +++ b/roles/network/templates/network/hosts-dnsmasq.j2 @@ -0,0 +1,3 @@ +# Supplied by IIAB sourced by /etc/dnsmasq.d/iiab.conf +{{ iiab_hostname }} {{ lan_ip }} +box {{ lan_ip }} From 56966022a8b17e62ee0b189eed52f2b8a2c5d1f7 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Tue, 3 Dec 2019 11:55:58 -0500 Subject: [PATCH 140/148] a little lint --- roles/2-common/templates/iiab_lib.py | 37 +++++++++++----------------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/roles/2-common/templates/iiab_lib.py b/roles/2-common/templates/iiab_lib.py index 3e37e2f8e..09ab5150c 100644 --- a/roles/2-common/templates/iiab_lib.py +++ b/roles/2-common/templates/iiab_lib.py @@ -2,18 +2,11 @@ # common functions for IIAB # Admin Console functions are in adm_lib.py -import os, sys, syslog -import pwd, grp -import time -from datetime import date, datetime +import os import json -import yaml -import re import subprocess import shlex -import configparser import xml.etree.ElementTree as ET -import argparse import iiab.iiab_const as CONST lang_codes = {} @@ -34,7 +27,7 @@ def get_zim_list(path): zimname = "content/" + filename + ".zim" zimidx = "index/" + filename + ".zim.idx" if zimname not in files_processed: - if not os.path.isdir (path + "/" + zimidx): # only declare index if exists (could be embedded) + if not os.path.isdir(path + "/" + zimidx): # only declare index if exists (could be embedded) zimidx = None files_processed[zimname] = zimidx zimname = content + filename + ".zim" @@ -67,18 +60,18 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=[""]): # duplicated from i attributes = {} if 'id' not in child.attrib: # is this necessary? implies there are records with no book id which would break index for removal print("xml record missing Book Id") - id = child.attrib['id'] + zim_id = child.attrib['id'] for attr in child.attrib: if attr not in kiwix_exclude_attr: attributes[attr] = child.attrib[attr] # copy if not id or in exclusion list - zims_installed[id] = attributes - path_to_id_map[child.attrib['path']] = id + zims_installed[zim_id] = attributes + path_to_id_map[child.attrib['path']] = zim_id except IOError: zims_installed = {} return zims_installed, path_to_id_map -def rem_libr_xml(id, kiwix_library_xml): - command = CONST.kiwix_manage + " " + kiwix_library_xml + " remove " + id +def rem_libr_xml(zim_id, kiwix_library_xml): + command = CONST.kiwix_manage + " " + kiwix_library_xml + " remove " + zim_id #print command args = shlex.split(command) try: @@ -102,7 +95,7 @@ def add_libr_xml(kiwix_library_xml, zim_path, zimname, zimidx): def read_lang_codes(): global lang_codes - with open(CONST.lang_codes_path,"r") as f: + with open(CONST.lang_codes_path, "r") as f: reads = f.read() #print("menu.json:%s"%reads) lang_codes = json.loads(reads) @@ -129,14 +122,14 @@ def human_readable(num): # return 3 significant digits and unit specifier # TFM 7/15/2019 change to factor of 1024, not 1000 to match similar calcs elsewhere num = float(num) - units = [ '','K','M','G'] + units = ['', 'K', 'M', 'G'] for i in range(4): - if num<10.0: - return "%.2f%s"%(num,units[i]) - if num<100.0: - return "%.1f%s"%(num,units[i]) + if num < 10.0: + return "%.2f%s"%(num, units[i]) + if num < 100.0: + return "%.1f%s"%(num, units[i]) if num < 1000.0: - return "%.0f%s"%(num,units[i]) + return "%.0f%s"%(num, units[i]) num /= 1024.0 # Environment Functions @@ -146,7 +139,7 @@ def get_iiab_env(name): iiab_env = {} iiab_env_var = '' try: - fd = open("/etc/iiab/iiab.env","r") + fd = open("/etc/iiab/iiab.env", "r") for line in fd: line = line.lstrip() line = line.rstrip('\n') From e80e7c1ac9ae98679b67784e34194c87ad84b685 Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Wed, 4 Dec 2019 09:18:56 -0500 Subject: [PATCH 141/148] found a bug and added docstrings --- roles/2-common/templates/iiab_lib.py | 62 +++++++++++++++++++++++----- 1 file changed, 52 insertions(+), 10 deletions(-) diff --git a/roles/2-common/templates/iiab_lib.py b/roles/2-common/templates/iiab_lib.py index 09ab5150c..71b71be2f 100644 --- a/roles/2-common/templates/iiab_lib.py +++ b/roles/2-common/templates/iiab_lib.py @@ -1,7 +1,7 @@ -# iiab_lib.py -# common functions for IIAB -# Admin Console functions are in adm_lib.py - +''' +Common functions for IIAB +Admin Console functions are in adm_lib.py +''' import os import json import subprocess @@ -12,9 +12,19 @@ import iiab.iiab_const as CONST lang_codes = {} def get_zim_list(path): + ''' + Get a list of installed zims in the passed path + + Args: + path (str): The path to search + + Returns: + files_processed (dict): A dict all zims found and any index directory (now obsolete) + zim_versions (dict): A dict that translates generic zim names to physically installed + ''' + files_processed = {} zim_versions = {} # we don't need this unless adm cons is installed, but easier to compute now - zim_list = [] content = path + "/content/" index = path + "/index/" flist = os.listdir(content) @@ -45,7 +55,18 @@ def get_zim_list(path): return files_processed, zim_versions def read_library_xml(lib_xml_file, kiwix_exclude_attr=[""]): # duplicated from iiab-cmdsrv - # returns dict of library.xml and map of zim id to zim file name (under /library/zims) + ''' + Read zim properties from library.xml + Returns dict of library.xml and map of zim id to zim file name (under /library/zims) + + Args: + lib_xml_file (str): Path to file to read. Can be on removable device + kiwix_exclude_attr (list): Zim properties to exclude from return + + Returns: + zims_installed (dict): A dictionary holding all installed zims and their attributes + path_to_id_map (dict): A dictionary that translates zim ids to physical names + ''' kiwix_exclude_attr.append("id") # don't include id kiwix_exclude_attr.append("favicon") # don't include large favicon @@ -54,9 +75,7 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=[""]): # duplicated from i try: tree = ET.parse(lib_xml_file) root = tree.getroot() - xml_item_no = 0 for child in root: - #xml_item_no += 1 # hopefully this is the array number attributes = {} if 'id' not in child.attrib: # is this necessary? implies there are records with no book id which would break index for removal print("xml record missing Book Id") @@ -71,6 +90,14 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=[""]): # duplicated from i return zims_installed, path_to_id_map def rem_libr_xml(zim_id, kiwix_library_xml): + ''' + Remove a zim from library.xml + + Args: + zim_id (uuid): Id of the zim to remove + lib_xml_file (str): Path to file to read. Can be on removable device + ''' + command = CONST.kiwix_manage + " " + kiwix_library_xml + " remove " + zim_id #print command args = shlex.split(command) @@ -81,7 +108,17 @@ def rem_libr_xml(zim_id, kiwix_library_xml): print(outp) def add_libr_xml(kiwix_library_xml, zim_path, zimname, zimidx): - command = CONST.kiwix_manage + " " + kiwix_library_xml + " add " + CONST.zim_path + "/" + zimname + ''' + Add a zim to library.xml + + Args: + kiwix_library_xml (str): Name (path) of library.xml file + zim_path (str): Path to zim file to add + zimname (str): Name of zim file to add + zimidx (str): Path to separate idx directory (obsolete) + + ''' + command = CONST.kiwix_manage + " " + kiwix_library_xml + " add " + zim_path + "/" + zimname if zimidx: command += " -i " + zim_path + "/" + zimidx #print command @@ -94,6 +131,8 @@ def add_libr_xml(kiwix_library_xml, zim_path, zimname, zimidx): pass def read_lang_codes(): + '''Populate the global lang_codes dictionary from CONST.lang_codes_path json file''' + global lang_codes with open(CONST.lang_codes_path, "r") as f: reads = f.read() @@ -103,6 +142,7 @@ def read_lang_codes(): # there is a different algorithm in get_zim_list above def calc_perma_ref(uri): + '''Given a path or url return the generic zim name''' url_slash = uri.split('/') url_end = url_slash[-1] # last element file_ref = url_end.split('.zim')[0] # true for both internal and external index @@ -116,9 +156,11 @@ def calc_perma_ref(uri): return perma_ref def kiwix_lang_to_iso2(zim_lang_code): + '''Lookup the iso2 equivalent of a zim language code''' return lang_codes[zim_lang_code]['iso2'] def human_readable(num): + '''Convert a number to a human readable string''' # return 3 significant digits and unit specifier # TFM 7/15/2019 change to factor of 1024, not 1000 to match similar calcs elsewhere num = float(num) @@ -135,7 +177,7 @@ def human_readable(num): # Environment Functions def get_iiab_env(name): - """ read iiab.env file for a value, return "" if does not exist. return all value for *""" + ''' read iiab.env file for a value, return "" if does not exist. return all value for *''' iiab_env = {} iiab_env_var = '' try: From 8ca7cea3e243d79e45484e1880199bb1c7c2d587 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 5 Dec 2019 09:39:45 -0500 Subject: [PATCH 142/148] Recommend Ansible 2.9.1 -> 2.9.2 --- scripts/ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible b/scripts/ansible index 882027a2d..bf4ff2197 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -1,7 +1,7 @@ #!/bin/bash -e CURR_VER="undefined" # Ansible version you currently have installed -GOOD_VER="2.9.1" # For XO laptops (pip install) & CentOS (yum install rpm) +GOOD_VER="2.9.2" # For XO laptops (pip install) & CentOS (yum install rpm) # On other OS's we attempt the latest from PPA, which might be more recent export DEBIAN_FRONTEND=noninteractive From 1e05ba33e7b51a4c67dc7deb2872a6efa9813f88 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 5 Dec 2019 09:39:59 -0500 Subject: [PATCH 143/148] Recommend Ansible 2.9.1 -> 2.9.2 --- scripts/ansible-2.9.x | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/ansible-2.9.x b/scripts/ansible-2.9.x index ab46887e6..2ed4b4506 100755 --- a/scripts/ansible-2.9.x +++ b/scripts/ansible-2.9.x @@ -1,7 +1,7 @@ #!/bin/bash -e CURR_VER="undefined" # Ansible version you currently have installed -GOOD_VER="2.9.1" # For XO laptops (pip install) & CentOS (yum install rpm) +GOOD_VER="2.9.2" # For XO laptops (pip install) & CentOS (yum install rpm) # On other OS's we attempt the latest from PPA, which might be more recent export DEBIAN_FRONTEND=noninteractive From eeec427f97ab0f68076aadc67232ee8fdd77454b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 5 Dec 2019 23:58:57 -0500 Subject: [PATCH 144/148] kiwix-tools 3.0.1-6 -> 3.0.1-8 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index c4453e0a1..0bd23c25a 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -10,9 +10,9 @@ # Which kiwix-tools to download from http://download.iiab.io/packages/ # As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/ -kiwix_version_armhf: "kiwix-tools_linux-armhf-3.0.1-6" -kiwix_version_linux64: "kiwix-tools_linux-x86_64-3.0.1-6" -kiwix_version_i686: "kiwix-tools_linux-i586-3.0.1-6" +kiwix_version_armhf: "kiwix-tools_linux-armhf-3.0.1-8" +kiwix_version_linux64: "kiwix-tools_linux-x86_64-3.0.1-8" +kiwix_version_i686: "kiwix-tools_linux-i586-3.0.1-8" # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") # v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier: From 93b0307aa467b1dfa50717a6da0f714eb101e2ed Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Mon, 9 Dec 2019 12:10:02 -0500 Subject: [PATCH 145/148] add modules conf file --- roles/nginx/tasks/main.yml | 7 ++++--- roles/nginx/templates/modules.conf | 10 ++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 roles/nginx/templates/modules.conf diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index da750248f..795751153 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,11 +1,12 @@ - name: Put the config file in place - template: - src: '{{ item.src}}' + template: + src: '{{ item.src}}' dest: '{{ item.dest }}' with_items: - { src: "server.conf",dest: "/etc/nginx/" } - { src: "nginx.conf",dest: "/etc/nginx/" } - { src: "usb-lib.conf",dest: "/etc/nginx/conf.d/" } + - { src: "modules.conf",dest: "/etc/nginx/conf.d/" } # - { src: "admin-console.ini",dest: "/etc/uwsgi/apps-enabled/" } # the above should be enough once uwsgi is started # - { src: "uwsgi.unit",dest: "/etc/systemd/system/uwsgi.socket" } @@ -19,7 +20,7 @@ # optional services - name: Install config for Admin Console - template: + template: src: admin-console-nginx.conf # Comment one or the other to revert from nginx back to apache2, if required # src: admin-console-apache.conf diff --git a/roles/nginx/templates/modules.conf b/roles/nginx/templates/modules.conf new file mode 100644 index 000000000..16d3cb641 --- /dev/null +++ b/roles/nginx/templates/modules.conf @@ -0,0 +1,10 @@ + +location /modules/ { + fancyindex on; # Enable fancy indexes. + fancyindex_exact_size off; # Output human-readable file sizes. + fancyindex_ignore index.htmlf rachel-index.php; +# autoindex on; +# autoindex_exact_size off; +# autoindex_format html; +# autoindex_localtime on; +} From eea868b891a624b1e055e37cdad1229c6babccd7 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Tue, 10 Dec 2019 20:52:10 +0000 Subject: [PATCH 146/148] include a php clause in nginx conf --- .../templates/osm-vector-maps-nginx.conf | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/osm-vector-maps/templates/osm-vector-maps-nginx.conf b/roles/osm-vector-maps/templates/osm-vector-maps-nginx.conf index 97cfc2535..8b5813b63 100644 --- a/roles/osm-vector-maps/templates/osm-vector-maps-nginx.conf +++ b/roles/osm-vector-maps/templates/osm-vector-maps-nginx.conf @@ -1,7 +1,19 @@ # For downloadable regional vector tilesets location /maps { - alias /library/www/osm-vector-maps; + rewrite ^/maps/(.*)$ /osm-vector-maps/$1; } location /osm-vector-maps { alias /library/www/osm-vector-maps; } +location ~ ^/osm-vector-maps/(.*)\.php(.*)$ { + alias /library/www/osm-vector-maps/$1.php$2; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param PATH_INFO $2; +} From abde721ba051f33c09a23dc053a7dbf28dc72424 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 Dec 2019 00:54:33 -0500 Subject: [PATCH 147/148] Clarify purpose of /etc/hosts.dnsmasq --- roles/network/tasks/enable_services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 1e224739c..65daf8a27 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -54,7 +54,7 @@ dest: /etc/dnsmasq.d/iiab.conf when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") -- name: Install /etc/hosts.dnsmasq from template, sourced by /etc/dnsmasq.d/iiab.conf +- name: Install /etc/hosts.dnsmasq from template for /etc/dnsmasq.d/iiab.conf (instead of using /etc/hosts) template: src: network/hosts-dnsmasq.j2 dest: /etc/hosts.dnsmasq From c827275cc399224034ea16fb4bde799b3568dad6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 11 Dec 2019 00:55:44 -0500 Subject: [PATCH 148/148] Update hosts-dnsmasq.j2 --- roles/network/templates/network/hosts-dnsmasq.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/templates/network/hosts-dnsmasq.j2 b/roles/network/templates/network/hosts-dnsmasq.j2 index 1b5d5fe06..8f5ea3e45 100644 --- a/roles/network/templates/network/hosts-dnsmasq.j2 +++ b/roles/network/templates/network/hosts-dnsmasq.j2 @@ -1,3 +1,3 @@ # Supplied by IIAB sourced by /etc/dnsmasq.d/iiab.conf -{{ iiab_hostname }} {{ lan_ip }} +{{ iiab_hostname }} {{ lan_ip }} box {{ lan_ip }}