Merge pull request #76 from iiab/master

sync from iiab/iiab

roles/0-init/tasks/main.yml

@@ -144,7 +144,7 @@
     mysql_service: mysqld
     no_NM_reload: True
     is_F18: True
-  when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
+  when: (ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18") and ansible_distribution == "Fedora"
 
 - name: Set mysql_service to mysql (debuntu)
   set_fact:

roles/kiwix/templates/iiab-make-kiwix-lib

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 {{ systemctl_program }} stop kiwix-serve
 /usr/bin/iiab-make-kiwix-lib.py

roles/moodle/tasks/main.yml

@@ -106,6 +106,7 @@
   postgresql_user:
     name: Admin
     password: changeme
+    encrypted: yes   # Required by PostgresSQL 10.3+ e.g. on Ubuntu 18.04, see https://github.com/iiab/iiab/issues/759
     role_attr_flags: NOSUPERUSER,NOCREATEROLE,NOCREATEDB
     state: present
   become: yes

roles/nextcloud/tasks/main.yml

@@ -56,9 +56,14 @@
     - "php{{ php_version }}-mysql"
     - "php{{ php_version }}-curl"
     - "php{{ php_version }}-intl"
-    - "php{{ php_version }}-mcrypt"
   when: is_debuntu
 
+- name: In php7.2, php dropped mcrypt
+  package:
+    name: "php{{ php_version }}-mcrypt"
+    state: present
+  when: is_debuntu and not is_ubuntu_18
+
 # we need to install the rpm in order to get the dependencies
 # but we only need to do this the first time
 

roles/openvpn/templates/iiab-remote-off

@@ -4,8 +4,8 @@
 # do nothing if it is not installed
 which openvpn
 if [ $? -ne 0 ]; then
-   echo Cannot find the openvpn program.
+    echo Cannot find the OpenVPN program (openvpn).
-   exit 1
+    exit 1
 fi
 systemctl disable openvpn@xscenet.service
 systemctl stop openvpn@xscenet.service
@@ -13,7 +13,7 @@ systemctl stop openvpn@xscenet.service
 sleep 5
 ps -e|grep vpn
 if [ $? -eq 0 ]; then
-  echo Openvpn failed to stop.
+    echo OpenVPN failed to stop.
 else
-  echo Successfully stopped and disabled Openvpn
+    echo Successfully stopped and disabled OpenVPN.
 fi

roles/openvpn/templates/iiab-remote-on

@@ -4,8 +4,8 @@
 # do nothing if it is not installed
 which openvpn
 if [ $? -ne 0 ]; then
-   echo Cannot find the openvpn program.
+    echo Cannot find the OpenVPN program (openvpn).
-   exit 1
+    exit 1
 fi
 systemctl enable openvpn@xscenet.service
 systemctl start openvpn@xscenet.service
@@ -13,7 +13,7 @@ systemctl start openvpn@xscenet.service
 sleep 5
 ping -c 2 10.8.0.1
 if [ $? -eq 0 ]; then
-  echo Openvpn successfully started.
+    echo OpenVPN successfully started.
 else
-  echo Openvpn failed to contact remote server.
+    echo OpenVPN failed to contact remote server.
 fi

roles/openvpn/templates/iiab-vpn

@@ -1,11 +1,12 @@
-#!/bin/sh
+#!/bin/bash
 # script to manage openvpn
+
 if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
-  VPNCONFIG='party-line.conf'
+    VPNCONFIG='party-line.conf'
-  VPNIP={{ openvpn_server_virtual_ip }}
+    VPNIP={{ openvpn_server_virtual_ip }}
 else
-  # expect the sourced file to set the above variables
+    # expect the sourced file to set the above variables
-  source /etc/openvpn/iiab-vpn.conf
+    source /etc/openvpn/iiab-vpn.conf
 fi
 
 # we'd like the user of this script to have root privilege
@@ -15,79 +16,77 @@ if [ "$(id -u)" != "0" ]; then
 fi
 
 case $1 in
-"stop" | "no" | "off")
+    "stop" | "no" | "off")
-    killall openvpn
+        killall openvpn
-    exit 0
+        exit 0
-    ;;
+        ;;
-"status")
+    "status")
-    pid=`ps -e|grep openvpn`
+        pid=`ps -e|grep openvpn`
-    if [ -z "$pid" ]; then
+        if [ -z "$pid" ]; then
-        echo "The openvpn process is not running"
+            echo "The OpenVPN process is not running"
-    else
+        else
-        echo "Openvpn is running with id $pid"
+            echo "OpenVPN is running with id $pid"
-        ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
+            ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
-        echo "Local vpn tunnel address is $ip"
+            echo "Local vpn tunnel address is $ip"
-    fi
+        fi
-    exit 0
+        exit 0
-    ;;
+        ;;
-    
 esac
 
-# we'd like for passwords authentication to be turned off
+# we'd like for password authentication to be turned off
 grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
 PASSWORDS_ENABLED=$?
 
 if [ $PASSWORDS_ENABLED -eq 0 ];then
-	case $1 in
+    case $1 in
-    "test" | "unsafe") ;;
+        "test" | "unsafe") ;;
-    *)
+        *)
-
+            echo "OpenVPN is only safe when public/private keys are used"
-		echo "Openvpn is only safe when public/private keys are used"
+            echo " And when passwords are turned off in /etc/ssh/sshd_conf"
-		echo " And when passwords are turned off in /etc/ssh/sshd_conf"
+            exit 1
-		exit 1
+    esac
-  esac
 fi
 
 # openvpn config file directory
 dir=/etc/openvpn
 
 if [ $# -eq 0 ]; then
-  cmd="test"
+    cmd="test"
 else
-  cmd=$1
+    cmd=$1
 fi
 
 case $cmd in
-"test" | "unsafe" )
+    "test" | "unsafe" )
-# load TUN/TAP kernel module
+        # load TUN/TAP kernel module
-    modprobe tun
+        modprobe tun
 
-	# make sure the wan is functioning
+        # make sure the wan is functioning
-	# 8.8.8.8 is one of google's dns servers
+        # 8.8.8.8 is one of google's dns servers
-	ping -c 3 -i 3 8.8.8.8
+        ping -c 3 -i 3 8.8.8.8
-	if [ $? -ne 0 ]; then
+        if [ $? -ne 0 ]; then
-		echo "internet is not available, tunnel not possible"
+            echo "internet is not available, tunnel not possible"
-		exit 1
+            exit 1
-	fi
+        fi
-	
-	# check the vpn tunnel
-	ping -c 5 -i 5 "$VPNIP"
-	# a zero return means the tunnel is up
-	if [ $? -ne "0" ]; then
-		echo "Stopping any openvpn instance"
-		killall openvpn
-		sleep 10
-		echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
-    		openvpn --cd $dir --daemon --config $VPNCONFIG
-	fi
-	sleep 10 
-	echo "Testing VPN connection"
-	ping -c 4 -i 4 "$VPNIP"
-	if [ $? -eq 0 ]; then
-		echo "vpn tunnel established"
-	else
-		echo "vpn connection failed"
-	fi
 
-    ;;
+        # check the vpn tunnel
+        ping -c 5 -i 5 "$VPNIP"
+        # a zero return means the tunnel is up
+        if [ $? -ne "0" ]; then
+            echo "Stopping any openvpn instance"
+            killall openvpn
+            sleep 10
+            echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready"
+            openvpn --cd $dir --daemon --config $VPNCONFIG
+        fi
+        sleep 10
+        echo "Testing VPN connection"
+        ping -c 4 -i 4 "$VPNIP"
+        if [ $? -eq 0 ]; then
+            echo "vpn tunnel established"
+        else
+            echo "vpn connection failed"
+        fi
+
+        ;;
 esac

roles/sugarizer/tasks/main.yml

@@ -21,7 +21,7 @@
 
 - name: Set up Node.js 6.x apt sources (debuntu)
   shell: curl -sL https://deb.nodesource.com/setup_6.x | bash -
-  when: internet_available and is_debuntu
+  when: internet_available and is_debuntu and not ubuntu-18
 
 - name: Install latest Node.js which includes /usr/bin/npm (debuntu)
   package:
@@ -29,7 +29,7 @@
     state: latest
 # package: name=nodejs=6.*
 #          state=present
-  when: internet_available and is_debuntu
+  when: internet_available and is_debuntu and not ubuntu-18
 
 - name: Install npm (OS's other than debuntu)
   package:
@@ -40,6 +40,15 @@
     - nodejs
     - npm
 
+- name: Install npm (ubuntu-18)
+  package:
+    name: "{{ item }}"
+    state: latest
+  when: internet_available and is_ubuntu_18
+  with_items:
+    - npm
+    - nodejs
+
 # attempting to reinstall npm is broken on Raspbian 9
 - name: Check for Sugarizer already installed
   stat:

vars/ubuntu-18.yml

@@ -18,5 +18,6 @@ mysql_service: mysql
 apache_log: /var/log/apache2/access.log
 sshd_service: ssh
 php_version: 7.2
-postgresql_version: 10.3
+# "postgresql_version: 10.3" fails (too detailed for /etc/systemd/system/postgresql-iiab.service on Ubuntu 18.04)
+postgresql_version: 10
 systemd_location: /lib/systemd/system