external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #56 from iiab/master

Browse source 
sync from iiab/iiab
This commit is contained in:
A Holt 2018-02-11 10:32:58 -05:00 committed by GitHub
commit 920d94d2c9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 203 additions and 169 deletions
Download patch file Download diff file Expand all files Collapse all files

89
roles/httpd/tasks/html.yml
View file

@ -1,61 +1,68 @@
- name: Copy css files - name: Copy css files
copy: src={{ item }} copy:
dest={{ doc_root }}/common/css src: "{{ item }}"
mode=0644 dest: "{{ doc_root }}/common/css"
owner=root mode: 0644
group=root owner: root
group: root
with_fileglob: with_fileglob:
- html/css/*.css - html/css/*.css
- name: Copy js files - name: Copy js files
copy: src={{ item }} copy:
dest={{ doc_root }}/common/js src: "{{ item }}"
mode=0644 dest: "{{ doc_root }}/common/js"
owner=root mode: 0644
group=root owner: root
group: root
with_fileglob: with_fileglob:
- html/js/*.js - html/js/*.js
- name: Copy fonts files - name: Copy fonts files
copy: src={{ item }} copy:
dest={{ doc_root }}/common/fonts src: "{{ item }}"
mode=0644 dest: "{{ doc_root }}/common/fonts"
owner=root mode: 0644
group=root owner: root
group: root
with_fileglob: with_fileglob:
- html/fonts/* - html/fonts/*
- name: Copy html files - name: Copy html files
copy: src={{ item }} copy:
dest={{ doc_root }}/common/html src: "{{ item }}"
mode=0644 dest: "{{ doc_root }}/common/html"
owner=root mode: 0644
group=root owner: root
group: root
with_fileglob: with_fileglob:
- html/html/* - html/html/*
- name: Copy assets files - name: Copy assets files
copy: src={{ item }} copy:
dest={{ doc_root }}/common/assets src: "{{ item }}"
mode=0644 dest: "{{ doc_root }}/common/assets"
owner=root mode: 0644
group=root owner: root
group: root
with_fileglob: with_fileglob:
- html/assets/* - html/assets/*
# copy all services, even if not permissioned elsewhere # copy all services, even if not permissioned elsewhere
- name: Copy services files - name: Copy services files
copy: src={{ item }} copy:
dest={{ doc_root }}/common/services src: "{{ item }}"
mode=0644 dest: "{{ doc_root }}/common/services"
owner=root mode: 0644
group=root owner: root
group: root
with_fileglob: with_fileglob:
- html/services/* - html/services/*
- name: Create symlink from assets to iiab.ini - name: Create symlink from assets to iiab.ini
file: src=/etc/iiab/iiab.ini file:
dest={{ doc_root }}/common/assets/iiab.ini src: "/etc/iiab/iiab.ini"
owner=root dest: "{{ doc_root }}/common/assets/iiab.ini"
group=root owner: root
state=link group: root
state: link

189
roles/httpd/tasks/main.yml
View file

@ -1,6 +1,7 @@
- name: Install httpd required packages - name: Install httpd required packages (debian)
package: name={{ item }} package:
state=present name: "{{ item }}"
state: present
with_items: with_items:
- apache2 - apache2
- php{{ php_version }} - php{{ php_version }}
@ -10,17 +11,19 @@
- download - download
when: is_debian when: is_debian
- name: Debian changed sqlite name - name: Debian changed sqlite name (debian-8)
package: name=php{{ php_version }}-sqlite package:
name: "php{{ php_version }}-sqlite"
when: is_debian and ansible_distribution_major_version == "8" when: is_debian and ansible_distribution_major_version == "8"
#- name: Debian changed sqlite name #- name: Debian changed sqlite name
# package: name=php{{ php_version }}-sqlite3 # package: name=php{{ php_version }}-sqlite3
# when: ansible_local.local_facts.os_ver == "debian-9" # when: ansible_local.local_facts.os_ver == "debian-9"
- name: Install httpd required packages - name: Install httpd required packages (ubuntu)
package: name={{ item }} package:
state=present name: "{{ item }}"
state: present
with_items: with_items:
- apache2 - apache2
- php - php
@ -28,9 +31,10 @@
- download - download
when: is_ubuntu when: is_ubuntu
- name: Install httpd required packages - name: Install httpd required packages (redhat)
package: name={{ item }} package:
state=present name: "{{ item }}"
state: present
with_items: with_items:
- httpd - httpd
- php - php
@ -40,106 +44,120 @@
- download - download
when: is_redhat when: is_redhat
- name: Remove the default apache2 config file - name: Remove the default apache2 config file (debuntu)
file: path=/etc/apache2/sites-enabled/000-default.conf file:
src=/etc/apache2/sites-available/000-default.conf path: /etc/apache2/sites-enabled/000-default.conf
state=absent src: /etc/apache2/sites-available/000-default.conf
state: absent
when: is_debuntu when: is_debuntu
- name: Create httpd config files - name: Create httpd config files
template: backup=yes template:
src={{ item.src }} backup: yes
dest={{ item.dest }} src: "{{ item.src }}"
owner=root dest: "{{ item.dest }}"
group=root owner: root
mode={{ item.mode }} group: root
mode: "{{ item.mode }}"
with_items: with_items:
- { src: '010-iiab.conf.j2' , dest: '/etc/{{ apache_config_dir }}/010-iiab.conf', mode: '0755' } - { src: '010-iiab.conf.j2' , dest: '/etc/{{ apache_config_dir }}/010-iiab.conf', mode: '0755' }
- { src: 'proxy_ajp.conf.j2' , dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf', mode: '0644' } - { src: 'proxy_ajp.conf.j2' , dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf', mode: '0644' }
- { src: 'php.ini.j2' , dest: '/etc/php.ini' , mode: '0644' } - { src: 'php.ini.j2' , dest: '/etc/php.ini' , mode: '0644' }
# remove symlinks for mpm-event, replace with mpm-prefork # remove symlinks for mpm-event, replace with mpm-prefork
- name: Remove mpm event links - name: Remove mpm event links (debuntu)
file: path=/etc/apache2/mods-enabled/{{ item }} file:
state=absent path: "/etc/apache2/mods-enabled/{{ item }}"
state: absent
with_items: with_items:
- mpm_event.conf - mpm_event.conf
- mpm_event.load - mpm_event.load
when: is_debuntu when: is_debuntu
- name: Create symlinks for mpm-prefork - name: Create symlinks for mpm-prefork (debuntu)
file: path=/etc/apache2/mods-enabled/{{ item }} file:
src=/etc/apache2/mods-available/{{ item }} path: "/etc/apache2/mods-enabled/{{ item }}"
state=link src: "/etc/apache2/mods-available/{{ item }}"
state: link
with_items: with_items:
- mpm_prefork.conf - mpm_prefork.conf
- mpm_prefork.load - mpm_prefork.load
when: is_debuntu when: is_debuntu
- name: Turn on mod_proxy - name: Turn on mod_proxy (debuntu)
command: a2enmod {{ item }} command: a2enmod {{ item }}
with_items: with_items:
- proxy - proxy
- proxy_html - proxy_html
- headers - headers
- rewrite - rewrite
when: is_debuntu when: is_debuntu
- name: Create symlinks for enabling our site - name: Create symlinks for enabling our site (debuntu)
file: path=/etc/apache2/sites-enabled/{{ item }} file:
src=/etc/apache2/sites-available/{{ item }} path: "/etc/apache2/sites-enabled/{{ item }}"
state=link src: "/etc/apache2/sites-available/{{ item }}"
state: link
with_items: with_items:
- 010-iiab.conf - 010-iiab.conf
when: is_debuntu when: is_debuntu
- name: Remove the default site container - name: Remove the default site container (debuntu)
file: dest=/etc/apache2/000-default.conf file:
state=absent dest: /etc/apache2/000-default.conf
state: absent
when: is_debuntu when: is_debuntu
- name: Create http pid dir - name: Create http pid dir
file: path=/var/run/{{ apache_user }} file:
mode=0755 path: "/var/run/{{ apache_user }}"
owner=root mode: 0755
group=root owner: root
state=directory group: root
state: directory
- name: Create admin group - name: Create admin group
group: name=admin group:
state=present name: admin
state: present
- name: Add apache user to admin group - name: Add apache user to admin group
user: name={{ apache_user }} user:
groups=admin name: "{{ apache_user }}"
state=present groups: admin
createhome=no state: present
createhome: no
- name: Create httpd log dir - name: Create httpd log dir
file: path=/var/log/{{ apache_service }} file:
mode=0755 path: "/var/log/{{ apache_service }}"
owner={{ apache_user }} mode: 0755
group={{ apache_user }} owner: "{{ apache_user }}"
state=directory group: "{{ apache_user }}"
state: directory
- name: Enable httpd - name: Enable httpd
service: name={{ apache_service }} service:
enabled=yes name: "{{ apache_service }}"
enabled: yes
- name: Create iiab-info directory - name: Create iiab-info directory
file: path={{ doc_root }}/info file:
mode=0755 path: "{{ doc_root }}/info"
owner={{ apache_user }} mode: 0755
group={{ apache_user }} owner: "{{ apache_user }}"
state=directory group: "{{ apache_user }}"
state: directory
- name: Remove iiab-info.conf - name: Remove iiab-info.conf
file: dest=/etc/{{ apache_config_dir }}/iiab-info.conf file:
state=absent dest: "/etc/{{ apache_config_dir }}/iiab-info.conf"
state: absent
- name: Remove iiab-info.conf symlink - name: Remove iiab-info.conf symlink (debuntu)
file: dest=/etc/apache2/sites-enabled/iiab-info.conf file:
state=absent dest: /etc/apache2/sites-enabled/iiab-info.conf
state: absent
when: is_debuntu when: is_debuntu
- include_tasks: html.yml - include_tasks: html.yml
@ -147,17 +165,20 @@
- base - base
- name: Place the script to generate homepages - name: Place the script to generate homepages
template: src=refresh-wiki-docs.sh template:
dest=/usr/bin/iiab-refresh-wiki-docs src: refresh-wiki-docs.sh
mode=0755 dest: /usr/bin/iiab-refresh-wiki-docs
mode: 0755
- name: Give apache_user permission for poweroff - name: Give apache_user permission for poweroff
template: src=020_apache_poweroff.j2 template:
dest=/etc/sudoers.d/020_apache_poweroff src: 020_apache_poweroff.j2
mode=0755 dest: /etc/sudoers.d/020_apache_poweroff
mode: 0755
when: allow_apache_sudo when: allow_apache_sudo
- name: Remove apache_user permission for poweroff - name: Remove apache_user permission for poweroff
file: dest=/etc/sudoers.d/020_apache_poweroff file:
state=absent dest: /etc/sudoers.d/020_apache_poweroff
state: absent
when: not allow_apache_sudo when: not allow_apache_sudo

2
roles/nextcloud/defaults/main.yml
View file

@ -8,7 +8,7 @@ nextcloud_url: /nextcloud
nextcloud_prefix: /opt nextcloud_prefix: /opt
nextcloud_data_dir: "{{ content_base }}/nextcloud/data" nextcloud_data_dir: "{{ content_base }}/nextcloud/data"
nextcloud_dl_url: https://download.nextcloud.com/server/releases/ nextcloud_dl_url: https://download.nextcloud.com/server/releases/
nextcloud_orig_src_file: latest-12.tar.bz2 nextcloud_orig_src_file: latest-13.tar.bz2
nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }} nextcloud_src_file: nextcloud_{{ nextcloud_orig_src_file }}
# we install on mysql with these setting or those from default_vars, etc. # we install on mysql with these setting or those from default_vars, etc.

8
roles/nextcloud/tasks/main.yml
View file

@ -137,10 +137,10 @@
password: "{{ nextcloud_dbpassword }}" password: "{{ nextcloud_dbpassword }}"
priv: "{{ nextcloud_dbname }}.*:ALL,GRANT" priv: "{{ nextcloud_dbname }}.*:ALL,GRANT"
with_items: with_items:
- "{{ nextcloud_dbhost }}" - "{{ nextcloud_dbhost }}"
- 127.0.0.1 - 127.0.0.1
- ::1 - ::1
- localhost - localhost
when: mysql_enabled and nextcloud_enabled when: mysql_enabled and nextcloud_enabled

80
roles/nextcloud/tasks/nextcloud_enabled.yml
View file

@ -1,49 +1,54 @@
# This should go in computed_network.yml, but here for now # This should go in computed_network.yml, but here for now
- name: Compute Nextcloud listen ip addr for nextcloud.conf - name: Compute Nextcloud listen ip addr for nextcloud.conf
set_fact: set_fact:
nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}" nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}"
when: ansible_default_ipv4.network is defined when: ansible_default_ipv4.network is defined
- name: Enable Nextcloud by copying template to httpd config - name: Enable Nextcloud by copying template to httpd config
template: src=nextcloud.conf.j2 template:
dest=/etc/{{ apache_config_dir }}/nextcloud.conf src: nextcloud.conf.j2
owner=root dest: "/etc/{{ apache_config_dir }}/nextcloud.conf"
group=root owner: root
mode=0644 group: root
mode: 0644
when: nextcloud_enabled when: nextcloud_enabled
- name: Enable Nextcloud - name: Enable Nextcloud (debuntu)
file: path=/etc/apache2/sites-enabled/nextcloud.conf file:
src=/etc/apache2/sites-available/nextcloud.conf path: /etc/apache2/sites-enabled/nextcloud.conf
state=link src: /etc/apache2/sites-available/nextcloud.conf
state: link
when: nextcloud_enabled and is_debuntu when: nextcloud_enabled and is_debuntu
- name: For redhat, remove the config file - name: Remove the config file if not nextcloud_enabled (redhat)
file: path=/etc/{{ apache_config_dir }}/nextcloud.conf file:
state=absent path: "/etc/{{ apache_config_dir }}/nextcloud.conf"
state: absent
when: not nextcloud_enabled and is_redhat when: not nextcloud_enabled and is_redhat
- name: Restart Apache, so it picks up the new aliases - name: Restart Apache, so it picks up the new aliases
service: name={{ apache_service }} state=restarted service:
name: "{{ apache_service }}"
state: restarted
# the install wizard does not succeed if already installed # the install wizard does not succeed if already installed
- name: Determine if Nextcloud is installed - name: Determine if Nextcloud is installed
shell: > shell: >
sudo -u {{ apache_user }} php sudo -u {{ apache_user }} php
'{{ nextcloud_prefix }}/nextcloud/occ' status | '{{ nextcloud_prefix }}/nextcloud/occ' status |
gawk '/installed:/ { print $3 }' gawk '/installed:/ { print $3 }'
register: returned register: returned
- name: Run Nextcloud initial install wizard - name: Run Nextcloud initial install wizard
shell: > shell: >
cd {{ nextcloud_prefix }}/nextcloud; cd {{ nextcloud_prefix }}/nextcloud;
sudo -u {{ apache_user }} php occ maintenance:install sudo -u {{ apache_user }} php occ maintenance:install
--database "mysql" --database "mysql"
--database-name "{{ nextcloud_dbname }}" --database-name "{{ nextcloud_dbname }}"
--database-user "{{ nextcloud_dbuser }}" --database-user "{{ nextcloud_dbuser }}"
--database-pass "{{ nextcloud_dbpassword }}" --database-pass "{{ nextcloud_dbpassword }}"
--admin-user "{{ nextcloud_admin_user }}" --admin-user "{{ nextcloud_admin_user }}"
--admin-pass "{{ nextcloud_admin_password }}" --admin-pass "{{ nextcloud_admin_password }}"
when: nextcloud_enabled and returned.stdout == "false" when: nextcloud_enabled and returned.stdout == "false"
- name: Allow access from all hosts and ips - name: Allow access from all hosts and ips
@ -54,22 +59,23 @@
- name: Determine if Nextcloud user exists already - name: Determine if Nextcloud user exists already
shell: > shell: >
sudo -u {{ apache_user }} php sudo -u {{ apache_user }} php
'{{ nextcloud_prefix }}/nextcloud/occ' user:list | '{{ nextcloud_prefix }}/nextcloud/occ' user:list |
grep {{ nextcloud_user }} | wc | cut -d' ' -f1 grep {{ nextcloud_user }} | wc | cut -d' ' -f1
register: returned_count register: returned_count
# nextcloud wants to make users rather than just mysql users and not done # nextcloud wants to make users rather than just mysql users and not done
- name: Create the default user - name: Create the default user
shell: > shell: >
su -s /bin/sh {{ apache_user }} -c su -s /bin/sh {{ apache_user }} -c
'OC_PASS={{ nextcloud_user_password }}; 'OC_PASS={{ nextcloud_user_password }};
php {{ nextcloud_prefix }}/nextcloud/occ user:add php {{ nextcloud_prefix }}/nextcloud/occ user:add
--password-from-env --display-name={{ nextcloud_user }} --password-from-env --display-name={{ nextcloud_user }}
--group="users" {{ nextcloud_user }}' --group="users" {{ nextcloud_user }}'
when: nextcloud_enabled and returned_count == "0" when: nextcloud_enabled and returned_count == "0"
- name: Remove Rewrite URL - name: Remove Rewrite URL
lineinfile: regexp='overwrite.cli.url' lineinfile:
state=absent regexp: "overwrite.cli.url"
dest="{{ nextcloud_prefix }}/nextcloud/config/config.php" state: absent
dest: "{{ nextcloud_prefix }}/nextcloud/config/config.php"

4
scripts/ansible
View file

@ -3,7 +3,7 @@
# Installs or upgrades to the best possible Ansible release, so iiab-install # Installs or upgrades to the best possible Ansible release, so iiab-install
# can proceed. Ensure you're online before running this script! # can proceed. Ensure you're online before running this script!
GOOD_VER="2.4.2" # Ansible version for OLPC, for pip. GOOD_VER="2.4.3" # Ansible version for OLPC, for pip.
# On other OS's we install/upgrade to the latest Ansible. # On other OS's we install/upgrade to the latest Ansible.
# Pin all to 2.4.x in future, if really/truly nec? # Pin all to 2.4.x in future, if really/truly nec?
CURR_VER="undefined" CURR_VER="undefined"
@ -20,7 +20,7 @@ if ! which ansible-playbook ; then
yum -y install ca-certificates nss epel-release yum -y install ca-certificates nss epel-release
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch yum -y install python-pip python-setuptools python-wheel patch
yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.4.2.0-1.el7.ans.noarch.rpm yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.4.3.0-1.el7.ans.noarch.rpm
# FOUND="true" # FOUND="true"
# FAMILY="redhat" # FAMILY="redhat"
# elif [ -f /etc/fedora-release ]; then # elif [ -f /etc/fedora-release ]; then