diff --git a/roles/httpd/tasks/html.yml b/roles/httpd/tasks/html.yml index 8678af22c..d6ea61dc3 100644 --- a/roles/httpd/tasks/html.yml +++ b/roles/httpd/tasks/html.yml @@ -1,61 +1,68 @@ - name: Copy css files - copy: src={{ item }} - dest={{ doc_root }}/common/css - mode=0644 - owner=root - group=root + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/css" + mode: 0644 + owner: root + group: root with_fileglob: - - html/css/*.css + - html/css/*.css - name: Copy js files - copy: src={{ item }} - dest={{ doc_root }}/common/js - mode=0644 - owner=root - group=root + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/js" + mode: 0644 + owner: root + group: root with_fileglob: - - html/js/*.js + - html/js/*.js - name: Copy fonts files - copy: src={{ item }} - dest={{ doc_root }}/common/fonts - mode=0644 - owner=root - group=root + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/fonts" + mode: 0644 + owner: root + group: root with_fileglob: - - html/fonts/* + - html/fonts/* - name: Copy html files - copy: src={{ item }} - dest={{ doc_root }}/common/html - mode=0644 - owner=root - group=root + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/html" + mode: 0644 + owner: root + group: root with_fileglob: - - html/html/* + - html/html/* - name: Copy assets files - copy: src={{ item }} - dest={{ doc_root }}/common/assets - mode=0644 - owner=root - group=root + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/assets" + mode: 0644 + owner: root + group: root with_fileglob: - - html/assets/* + - html/assets/* # copy all services, even if not permissioned elsewhere - name: Copy services files - copy: src={{ item }} - dest={{ doc_root }}/common/services - mode=0644 - owner=root - group=root + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/services" + mode: 0644 + owner: root + group: root with_fileglob: - - html/services/* + - html/services/* - name: Create symlink from assets to iiab.ini - file: src=/etc/iiab/iiab.ini - dest={{ doc_root }}/common/assets/iiab.ini - owner=root - group=root - state=link + file: + src: "/etc/iiab/iiab.ini" + dest: "{{ doc_root }}/common/assets/iiab.ini" + owner: root + group: root + state: link diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 4319e141b..169cc3e14 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,6 +1,7 @@ -- name: Install httpd required packages - package: name={{ item }} - state=present +- name: Install httpd required packages (debian) + package: + name: "{{ item }}" + state: present with_items: - apache2 - php{{ php_version }} @@ -10,17 +11,19 @@ - download when: is_debian -- name: Debian changed sqlite name - package: name=php{{ php_version }}-sqlite +- name: Debian changed sqlite name (debian-8) + package: + name: "php{{ php_version }}-sqlite" when: is_debian and ansible_distribution_major_version == "8" #- name: Debian changed sqlite name # package: name=php{{ php_version }}-sqlite3 # when: ansible_local.local_facts.os_ver == "debian-9" -- name: Install httpd required packages - package: name={{ item }} - state=present +- name: Install httpd required packages (ubuntu) + package: + name: "{{ item }}" + state: present with_items: - apache2 - php @@ -28,9 +31,10 @@ - download when: is_ubuntu -- name: Install httpd required packages - package: name={{ item }} - state=present +- name: Install httpd required packages (redhat) + package: + name: "{{ item }}" + state: present with_items: - httpd - php @@ -40,106 +44,120 @@ - download when: is_redhat -- name: Remove the default apache2 config file - file: path=/etc/apache2/sites-enabled/000-default.conf - src=/etc/apache2/sites-available/000-default.conf - state=absent +- name: Remove the default apache2 config file (debuntu) + file: + path: /etc/apache2/sites-enabled/000-default.conf + src: /etc/apache2/sites-available/000-default.conf + state: absent when: is_debuntu - name: Create httpd config files - template: backup=yes - src={{ item.src }} - dest={{ item.dest }} - owner=root - group=root - mode={{ item.mode }} + template: + backup: yes + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" with_items: - - { src: '010-iiab.conf.j2' , dest: '/etc/{{ apache_config_dir }}/010-iiab.conf', mode: '0755' } - - { src: 'proxy_ajp.conf.j2' , dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf', mode: '0644' } - - { src: 'php.ini.j2' , dest: '/etc/php.ini' , mode: '0644' } + - { src: '010-iiab.conf.j2' , dest: '/etc/{{ apache_config_dir }}/010-iiab.conf', mode: '0755' } + - { src: 'proxy_ajp.conf.j2' , dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf', mode: '0644' } + - { src: 'php.ini.j2' , dest: '/etc/php.ini' , mode: '0644' } # remove symlinks for mpm-event, replace with mpm-prefork -- name: Remove mpm event links - file: path=/etc/apache2/mods-enabled/{{ item }} - state=absent +- name: Remove mpm event links (debuntu) + file: + path: "/etc/apache2/mods-enabled/{{ item }}" + state: absent with_items: - - mpm_event.conf - - mpm_event.load + - mpm_event.conf + - mpm_event.load when: is_debuntu -- name: Create symlinks for mpm-prefork - file: path=/etc/apache2/mods-enabled/{{ item }} - src=/etc/apache2/mods-available/{{ item }} - state=link +- name: Create symlinks for mpm-prefork (debuntu) + file: + path: "/etc/apache2/mods-enabled/{{ item }}" + src: "/etc/apache2/mods-available/{{ item }}" + state: link with_items: - - mpm_prefork.conf - - mpm_prefork.load + - mpm_prefork.conf + - mpm_prefork.load when: is_debuntu -- name: Turn on mod_proxy +- name: Turn on mod_proxy (debuntu) command: a2enmod {{ item }} with_items: - - proxy - - proxy_html - - headers - - rewrite + - proxy + - proxy_html + - headers + - rewrite when: is_debuntu -- name: Create symlinks for enabling our site - file: path=/etc/apache2/sites-enabled/{{ item }} - src=/etc/apache2/sites-available/{{ item }} - state=link +- name: Create symlinks for enabling our site (debuntu) + file: + path: "/etc/apache2/sites-enabled/{{ item }}" + src: "/etc/apache2/sites-available/{{ item }}" + state: link with_items: - - 010-iiab.conf + - 010-iiab.conf when: is_debuntu -- name: Remove the default site container - file: dest=/etc/apache2/000-default.conf - state=absent +- name: Remove the default site container (debuntu) + file: + dest: /etc/apache2/000-default.conf + state: absent when: is_debuntu - name: Create http pid dir - file: path=/var/run/{{ apache_user }} - mode=0755 - owner=root - group=root - state=directory + file: + path: "/var/run/{{ apache_user }}" + mode: 0755 + owner: root + group: root + state: directory - name: Create admin group - group: name=admin - state=present + group: + name: admin + state: present - name: Add apache user to admin group - user: name={{ apache_user }} - groups=admin - state=present - createhome=no + user: + name: "{{ apache_user }}" + groups: admin + state: present + createhome: no - name: Create httpd log dir - file: path=/var/log/{{ apache_service }} - mode=0755 - owner={{ apache_user }} - group={{ apache_user }} - state=directory + file: + path: "/var/log/{{ apache_service }}" + mode: 0755 + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + state: directory - name: Enable httpd - service: name={{ apache_service }} - enabled=yes + service: + name: "{{ apache_service }}" + enabled: yes - name: Create iiab-info directory - file: path={{ doc_root }}/info - mode=0755 - owner={{ apache_user }} - group={{ apache_user }} - state=directory + file: + path: "{{ doc_root }}/info" + mode: 0755 + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + state: directory - name: Remove iiab-info.conf - file: dest=/etc/{{ apache_config_dir }}/iiab-info.conf - state=absent + file: + dest: "/etc/{{ apache_config_dir }}/iiab-info.conf" + state: absent -- name: Remove iiab-info.conf symlink - file: dest=/etc/apache2/sites-enabled/iiab-info.conf - state=absent +- name: Remove iiab-info.conf symlink (debuntu) + file: + dest: /etc/apache2/sites-enabled/iiab-info.conf + state: absent when: is_debuntu - include_tasks: html.yml @@ -147,17 +165,20 @@ - base - name: Place the script to generate homepages - template: src=refresh-wiki-docs.sh - dest=/usr/bin/iiab-refresh-wiki-docs - mode=0755 + template: + src: refresh-wiki-docs.sh + dest: /usr/bin/iiab-refresh-wiki-docs + mode: 0755 - name: Give apache_user permission for poweroff - template: src=020_apache_poweroff.j2 - dest=/etc/sudoers.d/020_apache_poweroff - mode=0755 + template: + src: 020_apache_poweroff.j2 + dest: /etc/sudoers.d/020_apache_poweroff + mode: 0755 when: allow_apache_sudo - name: Remove apache_user permission for poweroff - file: dest=/etc/sudoers.d/020_apache_poweroff - state=absent + file: + dest: /etc/sudoers.d/020_apache_poweroff + state: absent when: not allow_apache_sudo diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 26b90c3fe..1ad40ffb9 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -8,7 +8,7 @@ nextcloud_url: /nextcloud nextcloud_prefix: /opt nextcloud_data_dir: "{{ content_base }}/nextcloud/data" nextcloud_dl_url: https://download.nextcloud.com/server/releases/ -nextcloud_orig_src_file: latest-12.tar.bz2 +nextcloud_orig_src_file: latest-13.tar.bz2 nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} # we install on mysql with these setting or those from default_vars, etc. diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 41d3dbcbf..b54fe9669 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -137,10 +137,10 @@ password: "{{ nextcloud_dbpassword }}" priv: "{{ nextcloud_dbname }}.*:ALL,GRANT" with_items: - - "{{ nextcloud_dbhost }}" - - 127.0.0.1 - - ::1 - - localhost + - "{{ nextcloud_dbhost }}" + - 127.0.0.1 + - ::1 + - localhost when: mysql_enabled and nextcloud_enabled diff --git a/roles/nextcloud/tasks/nextcloud_enabled.yml b/roles/nextcloud/tasks/nextcloud_enabled.yml index e78c4dfc5..ce3166b20 100644 --- a/roles/nextcloud/tasks/nextcloud_enabled.yml +++ b/roles/nextcloud/tasks/nextcloud_enabled.yml @@ -1,49 +1,54 @@ - # This should go in computed_network.yml, but here for now +# This should go in computed_network.yml, but here for now - name: Compute Nextcloud listen ip addr for nextcloud.conf set_fact: - nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}" + nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}" when: ansible_default_ipv4.network is defined - name: Enable Nextcloud by copying template to httpd config - template: src=nextcloud.conf.j2 - dest=/etc/{{ apache_config_dir }}/nextcloud.conf - owner=root - group=root - mode=0644 + template: + src: nextcloud.conf.j2 + dest: "/etc/{{ apache_config_dir }}/nextcloud.conf" + owner: root + group: root + mode: 0644 when: nextcloud_enabled -- name: Enable Nextcloud - file: path=/etc/apache2/sites-enabled/nextcloud.conf - src=/etc/apache2/sites-available/nextcloud.conf - state=link +- name: Enable Nextcloud (debuntu) + file: + path: /etc/apache2/sites-enabled/nextcloud.conf + src: /etc/apache2/sites-available/nextcloud.conf + state: link when: nextcloud_enabled and is_debuntu -- name: For redhat, remove the config file - file: path=/etc/{{ apache_config_dir }}/nextcloud.conf - state=absent +- name: Remove the config file if not nextcloud_enabled (redhat) + file: + path: "/etc/{{ apache_config_dir }}/nextcloud.conf" + state: absent when: not nextcloud_enabled and is_redhat - name: Restart Apache, so it picks up the new aliases - service: name={{ apache_service }} state=restarted + service: + name: "{{ apache_service }}" + state: restarted # the install wizard does not succeed if already installed - name: Determine if Nextcloud is installed shell: > - sudo -u {{ apache_user }} php - '{{ nextcloud_prefix }}/nextcloud/occ' status | - gawk '/installed:/ { print $3 }' + sudo -u {{ apache_user }} php + '{{ nextcloud_prefix }}/nextcloud/occ' status | + gawk '/installed:/ { print $3 }' register: returned - name: Run Nextcloud initial install wizard shell: > - cd {{ nextcloud_prefix }}/nextcloud; - sudo -u {{ apache_user }} php occ maintenance:install - --database "mysql" - --database-name "{{ nextcloud_dbname }}" - --database-user "{{ nextcloud_dbuser }}" - --database-pass "{{ nextcloud_dbpassword }}" - --admin-user "{{ nextcloud_admin_user }}" - --admin-pass "{{ nextcloud_admin_password }}" + cd {{ nextcloud_prefix }}/nextcloud; + sudo -u {{ apache_user }} php occ maintenance:install + --database "mysql" + --database-name "{{ nextcloud_dbname }}" + --database-user "{{ nextcloud_dbuser }}" + --database-pass "{{ nextcloud_dbpassword }}" + --admin-user "{{ nextcloud_admin_user }}" + --admin-pass "{{ nextcloud_admin_password }}" when: nextcloud_enabled and returned.stdout == "false" - name: Allow access from all hosts and ips @@ -54,22 +59,23 @@ - name: Determine if Nextcloud user exists already shell: > - sudo -u {{ apache_user }} php - '{{ nextcloud_prefix }}/nextcloud/occ' user:list | - grep {{ nextcloud_user }} | wc | cut -d' ' -f1 + sudo -u {{ apache_user }} php + '{{ nextcloud_prefix }}/nextcloud/occ' user:list | + grep {{ nextcloud_user }} | wc | cut -d' ' -f1 register: returned_count # nextcloud wants to make users rather than just mysql users and not done - name: Create the default user shell: > - su -s /bin/sh {{ apache_user }} -c - 'OC_PASS={{ nextcloud_user_password }}; - php {{ nextcloud_prefix }}/nextcloud/occ user:add - --password-from-env --display-name={{ nextcloud_user }} - --group="users" {{ nextcloud_user }}' + su -s /bin/sh {{ apache_user }} -c + 'OC_PASS={{ nextcloud_user_password }}; + php {{ nextcloud_prefix }}/nextcloud/occ user:add + --password-from-env --display-name={{ nextcloud_user }} + --group="users" {{ nextcloud_user }}' when: nextcloud_enabled and returned_count == "0" - name: Remove Rewrite URL - lineinfile: regexp='overwrite.cli.url' - state=absent - dest="{{ nextcloud_prefix }}/nextcloud/config/config.php" + lineinfile: + regexp: "overwrite.cli.url" + state: absent + dest: "{{ nextcloud_prefix }}/nextcloud/config/config.php" diff --git a/scripts/ansible b/scripts/ansible index 94ebce04e..4861545eb 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -3,7 +3,7 @@ # Installs or upgrades to the best possible Ansible release, so iiab-install # can proceed. Ensure you're online before running this script! -GOOD_VER="2.4.2" # Ansible version for OLPC, for pip. +GOOD_VER="2.4.3" # Ansible version for OLPC, for pip. # On other OS's we install/upgrade to the latest Ansible. # Pin all to 2.4.x in future, if really/truly nec? CURR_VER="undefined" @@ -20,7 +20,7 @@ if ! which ansible-playbook ; then yum -y install ca-certificates nss epel-release yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python yum -y install python-pip python-setuptools python-wheel patch - yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.4.2.0-1.el7.ans.noarch.rpm + yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.4.3.0-1.el7.ans.noarch.rpm # FOUND="true" # FAMILY="redhat" # elif [ -f /etc/fedora-release ]; then