From b23f1f1638d12c8d648ec592d5c628eabf95879b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 15:22:51 -0500 Subject: [PATCH 01/37] Update and rename wordpress/enable-or-disable.yml to nginx.yml --- roles/wordpress/tasks/enable-or-disable.yml | 35 --------------------- roles/wordpress/tasks/nginx.yml | 16 ++++++++++ 2 files changed, 16 insertions(+), 35 deletions(-) delete mode 100644 roles/wordpress/tasks/enable-or-disable.yml create mode 100644 roles/wordpress/tasks/nginx.yml diff --git a/roles/wordpress/tasks/enable-or-disable.yml b/roles/wordpress/tasks/enable-or-disable.yml deleted file mode 100644 index b4f7db83c..000000000 --- a/roles/wordpress/tasks/enable-or-disable.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Apache - -- name: Enable http://box{{ wp_url }} via Apache - command: a2ensite wordpress.conf - when: apache_install and wordpress_enabled - -- name: Disable http://box{{ wp_url }} via Apache - command: a2dissite wordpress.conf - when: apache_install and not wordpress_enabled - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml - state: restarted - when: apache_install and apache_enabled - -# NGINX - -- name: Enable http://box{{ wp_url }} via NGINX, by installing {{ nginx_config_dir }}/wordpress-nginx.conf from template - template: - src: wordpress-nginx.conf.j2 - dest: "{{ nginx_config_dir }}/wordpress-nginx.conf" # /etc/nginx/conf.d - when: wordpress_enabled # and nginx_enabled - -- name: Disable http://box{{ wp_url }} via NGINX, by removing {{ nginx_config_dir }}/wordpress-nginx.conf - file: - path: "{{ nginx_config_dir }}/wordpress-nginx.conf" # /etc/nginx/conf.d - state: absent - when: not wordpress_enabled - -- name: Restart 'nginx' systemd service - systemd: - name: nginx - state: restarted - #when: nginx_enabled | bool diff --git a/roles/wordpress/tasks/nginx.yml b/roles/wordpress/tasks/nginx.yml new file mode 100644 index 000000000..13058fbcc --- /dev/null +++ b/roles/wordpress/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: Enable http://box{{ wp_url }} via NGINX, by installing {{ nginx_config_dir }}/wordpress-nginx.conf from template + template: + src: wordpress-nginx.conf.j2 + dest: "{{ nginx_config_dir }}/wordpress-nginx.conf" # /etc/nginx/conf.d + when: wordpress_enabled + +- name: Disable http://box{{ wp_url }} via NGINX, by removing {{ nginx_config_dir }}/wordpress-nginx.conf + file: + path: "{{ nginx_config_dir }}/wordpress-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not wordpress_enabled + +- name: Restart 'nginx' systemd service + systemd: + name: nginx + state: restarted From 05e65614a0d65ac4ff344707d9f351aa68fa598d Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 15:23:36 -0500 Subject: [PATCH 02/37] Create apache.yml --- roles/wordpress/tasks/apache.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 roles/wordpress/tasks/apache.yml diff --git a/roles/wordpress/tasks/apache.yml b/roles/wordpress/tasks/apache.yml new file mode 100644 index 000000000..a0392782f --- /dev/null +++ b/roles/wordpress/tasks/apache.yml @@ -0,0 +1,12 @@ +- name: Enable http://box{{ wp_url }} via Apache + command: a2ensite wordpress.conf + when: wordpress_enabled + +- name: Disable http://box{{ wp_url }} via Apache + command: a2dissite wordpress.conf + when: not wordpress_enabled + +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml + state: restarted From 1358d5968f3f8cb903e678c56c56e62be0cd1823 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 15:26:41 -0500 Subject: [PATCH 03/37] Update wordpress/tasks/main.yml --- roles/wordpress/tasks/main.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 16e3f9ed0..7f87522c3 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -4,7 +4,7 @@ # I want to perform input validation for Ansible playbooks" # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -# If 0-init/tasks/validate_vars.yml has DEFINITELY been run (?) perhaps no need +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need # to re-check whether vars are defined here. As Ansible vars cannot be unset: # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible @@ -13,16 +13,12 @@ that: wordpress_install is sameas true fail_msg: "PLEASE SET 'wordpress_install: True' e.g. IN: /etc/iiab/local_vars.yml" quiet: yes - #that: wordpress_install is defined and wordpress_install is sameas true - #success_msg: wordpress_install is defined and wordpress_install is sameas true - name: Assert that "wordpress_enabled | type_debug == 'bool'" (boolean not string etc) assert: that: wordpress_enabled | type_debug == 'bool' fail_msg: "PLEASE GIVE VARIABLE 'wordpress_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes - #that: wordpress_enabled is defined and wordpress_enabled | type_debug == 'bool' - #success_msg: wordpress_enabled is defined and wordpress_enabled | type_debug == 'bool' - name: Provision MySQL DB for WordPress, if 'wordpress_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: setup.yml @@ -32,8 +28,13 @@ include_tasks: install.yml when: wordpress_installed is undefined -- name: Enable or Disable WordPress - include_tasks: enable-or-disable.yml +- name: Enable/Disable/Restart Apache if primary + include_tasks: apache.yml + when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool - name: Add 'wordpress' variable values to {{ iiab_ini_file }} ini_file: From a3cbc6c5128e8a5c209485a2999d8d359ab1ba7f Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:16:59 -0500 Subject: [PATCH 04/37] Update 0-init/tasks/main.yml --- roles/0-init/tasks/main.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index a2fadff04..40c82d2d3 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -33,10 +33,23 @@ setup: filter: ansible_local -# 2020-01-21: checks 46+46 vars...for now...expect validate_vars.yml to change! -- name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values +# 2020-01-23: checks 53 + 53 + up-to-53 vars for now...validation will improve! +- name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml +- name: Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support + assert: + that: apache_install and apache_enabled or nginx_enabled + fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF 'nginx_enabled: False' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +# SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md +- name: Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install + assert: + that: apache_install and apache_enabled or not (dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install) + fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF YOU'RE TRYING TO INSTALL ANY OF {dokuwiki, elgg, lokole, moodle, nextcloud, nodered} e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + - name: Set top-level variables from local_facts for convenience set_fact: xo_model: "{{ ansible_local.local_facts.xo_model }}" @@ -109,12 +122,6 @@ gui_port: 443 when: adm_cons_force_ssl | bool -# SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: "Set 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" - set_fact: - apache_enabled: True - when: dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install - - name: Turn on both vars for MySQL (mandatory in Stage 3!) set_fact: mysql_install: True From 58ad767d812cd2e9a118c04e2a63d1a2f9a5e7f0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:23:55 -0500 Subject: [PATCH 05/37] Validate apache_install & apache_enabled in 0-init/tasks/main.yml --- roles/0-init/tasks/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 40c82d2d3..648268838 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -33,8 +33,7 @@ setup: filter: ansible_local -# 2020-01-23: checks 53 + 53 + up-to-53 vars for now...validation will improve! -- name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. +- name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml - name: Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support From 17de43c917e903e767059d73608f67759b8d3a3e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:25:59 -0500 Subject: [PATCH 06/37] Update wordpress/tasks/apache.yml --- roles/wordpress/tasks/apache.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/wordpress/tasks/apache.yml b/roles/wordpress/tasks/apache.yml index a0392782f..a28f6274e 100644 --- a/roles/wordpress/tasks/apache.yml +++ b/roles/wordpress/tasks/apache.yml @@ -1,8 +1,8 @@ -- name: Enable http://box{{ wp_url }} via Apache +- name: Enable http://box{{ wp_url }} via Apache # http://box/wordpress command: a2ensite wordpress.conf when: wordpress_enabled -- name: Disable http://box{{ wp_url }} via Apache +- name: Disable http://box{{ wp_url }} via Apache # http://box/wordpress command: a2dissite wordpress.conf when: not wordpress_enabled From 90b95c0b52ecac4e6582e9af3580c23554a6c6d8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:36:11 -0500 Subject: [PATCH 07/37] Update+Rename munin/tasks/enable-or-disable.yml to nginx.yml --- roles/munin/tasks/enable-or-disable.yml | 50 ------------------------- roles/munin/tasks/nginx.yml | 16 ++++++++ 2 files changed, 16 insertions(+), 50 deletions(-) delete mode 100644 roles/munin/tasks/enable-or-disable.yml create mode 100644 roles/munin/tasks/nginx.yml diff --git a/roles/munin/tasks/enable-or-disable.yml b/roles/munin/tasks/enable-or-disable.yml deleted file mode 100644 index ad19227d2..000000000 --- a/roles/munin/tasks/enable-or-disable.yml +++ /dev/null @@ -1,50 +0,0 @@ -- name: Enable & Start 'munin-node' systemd service - systemd: - name: munin-node - daemon_reload: yes - enabled: yes - state: started - when: munin_enabled | bool - -- name: Disable 'munin-node' systemd service - systemd: - name: munin-node - enabled: no - state: stopped - when: not munin_enabled - -# Apache - -- name: Enable http://box/munin via Apache - command: a2ensite munin24.conf - when: apache_install and munin_enabled # and not nginx_enabled - -- name: Disable http://box/munin via Apache - command: a2dissite munin24.conf - when: apache_install and not munin_enabled # or nginx_enabled - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml - state: restarted - when: apache_install and apache_enabled - -# NGINX - -- name: Enable http://box/munin via NGINX, by installing {{ nginx_config_dir }}/munin24-nginx.conf from template - template: - src: munin24-nginx.conf.j2 - dest: "{{ nginx_config_dir }}/munin24-nginx.conf" # /etc/nginx/conf.d - when: munin_enabled # and nginx_enabled - -- name: Disable http://box/munin via NGINX, by installing {{ nginx_config_dir }}/munin24-nginx.conf - file: - path: "{{ nginx_config_dir }}/munin24-nginx.conf" # /etc/nginx/conf.d - state: absent - when: not munin_enabled - -- name: Restart 'nginx' systemd service - systemd: - name: nginx - state: restarted - # when: nginx_enabled | bool diff --git a/roles/munin/tasks/nginx.yml b/roles/munin/tasks/nginx.yml new file mode 100644 index 000000000..cbe4286bc --- /dev/null +++ b/roles/munin/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: Enable http://box/munin via NGINX, by installing {{ nginx_config_dir }}/munin24-nginx.conf from template + template: + src: munin24-nginx.conf.j2 + dest: "{{ nginx_config_dir }}/munin24-nginx.conf" # /etc/nginx/conf.d + when: munin_enabled + +- name: Disable http://box/munin via NGINX, by installing {{ nginx_config_dir }}/munin24-nginx.conf + file: + path: "{{ nginx_config_dir }}/munin24-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not munin_enabled + +- name: Restart 'nginx' systemd service + systemd: + name: nginx + state: restarted From 1306feee208f1e60d67dd487f10d0a540f673874 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:37:11 -0500 Subject: [PATCH 08/37] Create munin/tasks/apache.yml --- roles/munin/tasks/apache.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 roles/munin/tasks/apache.yml diff --git a/roles/munin/tasks/apache.yml b/roles/munin/tasks/apache.yml new file mode 100644 index 000000000..a83b9dd81 --- /dev/null +++ b/roles/munin/tasks/apache.yml @@ -0,0 +1,12 @@ +- name: Enable http://box/munin via Apache + command: a2ensite munin24.conf + when: munin_enabled + +- name: Disable http://box/munin via Apache + command: a2dissite munin24.conf + when: not munin_enabled + +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml + state: restarted From a5fea5b3e6d57496f34b60d2f967ddbcf33fcd44 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:41:24 -0500 Subject: [PATCH 09/37] Update munin/tasks/main.yml --- roles/munin/tasks/main.yml | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index bc250c367..7d823aba8 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -2,7 +2,7 @@ # I want to perform input validation for Ansible playbooks" # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -# If 0-init/tasks/validate_vars.yml has DEFINITELY been run (?) perhaps no need +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need # to re-check whether vars are defined here. As Ansible vars cannot be unset: # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible @@ -11,23 +11,42 @@ that: munin_install is sameas true fail_msg: "PLEASE SET 'munin_install: True' e.g. IN: /etc/iiab/local_vars.yml" quiet: yes - #that: munin_install is defined and munin_install is sameas true - #success_msg: munin_install is defined and munin_install is sameas true - name: Assert that "munin_enabled | type_debug == 'bool'" (boolean not string etc) assert: that: munin_enabled | type_debug == 'bool' fail_msg: "PLEASE GIVE VARIABLE 'munin_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes - #that: munin_enabled is defined and munin_enabled | type_debug == 'bool' - #success_msg: munin_enabled is defined and munin_enabled | type_debug == 'bool' + - name: Install Munin if 'munin_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: munin_installed is undefined -- name: Enable or Disable Munin - include_tasks: enable-or-disable.yml + +- name: Enable & Start 'munin-node' systemd service + systemd: + name: munin-node + daemon_reload: yes + enabled: yes + state: started + when: munin_enabled | bool + +- name: Disable & Stop 'munin-node' systemd service + systemd: + name: munin-node + enabled: no + state: stopped + when: not munin_enabled + +- name: Enable/Disable/Restart Apache if primary + include_tasks: apache.yml + when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool + - name: Add 'munin' variable values to {{ iiab_ini_file }} ini_file: From 845a20fba7be2c2fbd64764ea45ffe6df3f9fe55 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:43:16 -0500 Subject: [PATCH 10/37] Spacing in wordpress/tasks/main.yml --- roles/wordpress/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 7f87522c3..4dfd3c62e 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -20,6 +20,7 @@ fail_msg: "PLEASE GIVE VARIABLE 'wordpress_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes + - name: Provision MySQL DB for WordPress, if 'wordpress_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: setup.yml when: wordpress_installed is undefined # and not installing @@ -28,6 +29,7 @@ include_tasks: install.yml when: wordpress_installed is undefined + - name: Enable/Disable/Restart Apache if primary include_tasks: apache.yml when: not nginx_enabled @@ -36,6 +38,7 @@ include_tasks: nginx.yml when: nginx_enabled | bool + - name: Add 'wordpress' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" From 7fc26df163afd2f771d95c87d5a975b3ed26e202 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:46:08 -0500 Subject: [PATCH 11/37] Update captiveportal/tasks/main.yml --- roles/captiveportal/tasks/main.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml index 3659fa6e7..bcc630f70 100644 --- a/roles/captiveportal/tasks/main.yml +++ b/roles/captiveportal/tasks/main.yml @@ -2,7 +2,7 @@ # I want to perform input validation for Ansible playbooks" # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -# If 0-init/tasks/validate_vars.yml has DEFINITELY been run (?) perhaps no need +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need # to re-check whether vars are defined here. As Ansible vars cannot be unset: # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible @@ -11,23 +11,27 @@ that: captiveportal_install is sameas true fail_msg: "PLEASE SET 'captiveportal_install: True' e.g. IN: /etc/iiab/local_vars.yml" quiet: yes - #that: captiveportal_install is defined and captiveportal_install is sameas true - #success_msg: captiveportal_install is defined and captiveportal_install is sameas true - name: Assert that "captiveportal_enabled | type_debug == 'bool'" (boolean not string etc) assert: that: captiveportal_enabled | type_debug == 'bool' fail_msg: "PLEASE GIVE VARIABLE 'captiveportal_enabled' A PROPER (UNQUOTED) BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" quiet: yes - #that: captiveportal_enabled is defined and captiveportal_enabled | type_debug == 'bool' - #success_msg: captiveportal_enabled is defined and captiveportal_enabled | type_debug == 'bool' + - name: Install Captive Portal if 'captiveportal_installed' is not defined in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml include_tasks: install.yml when: captiveportal_installed is undefined -- name: Enable or Disable Captive Portal - include_tasks: enable-or-disable.yml + +- name: Enable/Disable/Restart Apache if primary + include_tasks: apache.yml + when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool + - name: Add 'captiveportal' variable values to {{ iiab_ini_file }} ini_file: From e9f2635c24dd2f8828cc972ef0ed745888eeadc2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:50:46 -0500 Subject: [PATCH 12/37] Update captiveportal/tasks/main.yml --- roles/captiveportal/tasks/main.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml index bcc630f70..ac6f6f912 100644 --- a/roles/captiveportal/tasks/main.yml +++ b/roles/captiveportal/tasks/main.yml @@ -24,13 +24,8 @@ when: captiveportal_installed is undefined -- name: Enable/Disable/Restart Apache if primary - include_tasks: apache.yml - when: not nginx_enabled - -- name: Enable/Disable/Restart NGINX if primary - include_tasks: nginx.yml - when: nginx_enabled | bool +- name: Enable or Disable Captive Portal + include_tasks: enable-or-disable.yml - name: Add 'captiveportal' variable values to {{ iiab_ini_file }} From 14f03cfbba052035450ea8b65d1b15c54cabdba8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 16:52:30 -0500 Subject: [PATCH 13/37] Quote fixes in 0-init/tasks/main.yml --- roles/0-init/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 648268838..e40664883 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -36,14 +36,14 @@ - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml -- name: Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support +- name: "Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support" assert: that: apache_install and apache_enabled or nginx_enabled fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF 'nginx_enabled: False' e.g. IN: /etc/iiab/local_vars.yml" quiet: yes # SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install +- name: "Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" assert: that: apache_install and apache_enabled or not (dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install) fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF YOU'RE TRYING TO INSTALL ANY OF {dokuwiki, elgg, lokole, moodle, nextcloud, nodered} e.g. IN: /etc/iiab/local_vars.yml" From d91497e2cd3642e3456fb2798b10c83b06e11f92 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 17:03:53 -0500 Subject: [PATCH 14/37] Update wordpress/tasks/apache.yml --- roles/wordpress/tasks/apache.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/wordpress/tasks/apache.yml b/roles/wordpress/tasks/apache.yml index a28f6274e..12949e363 100644 --- a/roles/wordpress/tasks/apache.yml +++ b/roles/wordpress/tasks/apache.yml @@ -6,7 +6,7 @@ command: a2dissite wordpress.conf when: not wordpress_enabled -- name: Restart Apache systemd service ({{ apache_service }}) +- name: Restart '{{ apache_service }}' systemd service systemd: name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml state: restarted From 0726e764627ad88e9d901dcc1a975de311b6733b Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 17:04:19 -0500 Subject: [PATCH 15/37] Update munin/tasks/apache.yml --- roles/munin/tasks/apache.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/munin/tasks/apache.yml b/roles/munin/tasks/apache.yml index a83b9dd81..f77cebc13 100644 --- a/roles/munin/tasks/apache.yml +++ b/roles/munin/tasks/apache.yml @@ -6,7 +6,7 @@ command: a2dissite munin24.conf when: not munin_enabled -- name: Restart Apache systemd service ({{ apache_service }}) +- name: Restart '{{ apache_service }}' systemd service systemd: name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml state: restarted From 8e861e2d3080e88c5beaa00d4d40c3c51b6bfc90 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 17:37:29 -0500 Subject: [PATCH 16/37] Update 0-init/tasks/main.yml --- roles/0-init/tasks/main.yml | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index e40664883..fee213432 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -36,19 +36,24 @@ - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml +# SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md +- name: "Set 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" + set_fact: + apache_enabled: True + when: dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install +# +#- name: "Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" +# assert: +# that: apache_install and apache_enabled or not (dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install) +# fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF YOU'RE TRYING TO INSTALL ANY OF {dokuwiki, elgg, lokole, moodle, nextcloud, nodered} e.g. IN: /etc/iiab/local_vars.yml" +# quiet: yes + - name: "Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support" assert: that: apache_install and apache_enabled or nginx_enabled fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF 'nginx_enabled: False' e.g. IN: /etc/iiab/local_vars.yml" quiet: yes -# SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: "Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" - assert: - that: apache_install and apache_enabled or not (dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install) - fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF YOU'RE TRYING TO INSTALL ANY OF {dokuwiki, elgg, lokole, moodle, nextcloud, nodered} e.g. IN: /etc/iiab/local_vars.yml" - quiet: yes - - name: Set top-level variables from local_facts for convenience set_fact: xo_model: "{{ ansible_local.local_facts.xo_model }}" @@ -59,8 +64,8 @@ set_fact: rpi_model: "rpi" is_rpi: True -# no_net_restart: True -# nobridge: True + #no_net_restart: True + #nobridge: True when: ansible_local.local_facts.os == "raspbian" - name: Set exFAT_enabled if xo_model != "none" @@ -90,11 +95,11 @@ get_url: url: "{{ iiab_download_url }}/heart-beat.txt" dest: /tmp/heart-beat.txt - # timeout: "{{ download_timeout }}" + #timeout: "{{ download_timeout }}" # @jvonau recommends: 100sec is too much (keep 10sec default) ignore_errors: True -# async: 10 -# poll: 2 + #async: 10 + #poll: 2 register: internet_access_test - name: Set internet_available if download succeeded and not disregard_network From 01da1e58dae459a6d7542c854cb1d337dd6a95c5 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 18:10:53 -0500 Subject: [PATCH 17/37] Update nginx/README.md --- roles/nginx/README.md | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 42b1ec3c7..c4a3c3cef 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -1,34 +1,41 @@ ### Transition to NGINX -1. Initial testing strategy is to move NGINX to port 80, and proxy everything to Apache on port 8090 -- creating a shim. +1. Initial testing strategy is to move NGINX to port 80, and proxy everything to Apache on port 8090 — creating "Shims" for each IIAB app/service/playbook in *Section iii.* below. + + Until "Native" NGINX is later implemented for that IIAB app/service/playbook — allowing it to move up to *Section ii.* below. + + And potentially later moving it up to *Section i.* if its Apache support is dropped! 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state (2020-01-12). +3. Current state as of 2020-01-23... - 1. Principal functions migrated to NGINX + 1. Supports "Native" NGINX but ***NOT*** Apache * Admin Console - * kalite -- goes directly to ports 8006-8008 - * mediawiki + * captiveportal * osm-vector-maps + * RACHEL-like modules * usb-lib - * wordpress - 2. Dual support, see [roles/nginx/tasks/only_nginx.yml](tasks/only_nginx.yml) - * awstats ([#2124](https://github.com/iiab/iiab/issues/2124)) + 2. Supports "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing, which can be attempted by setting 'nginx_enabled: False' in /etc/iiab/local_vars.yml (if "Shims" from *Section iii.* below are preserved!) + * awstats * calibre-web * gitea - * kiwix -- goes directly to port 3000 + * kiwix * kolibri + * mediawiki + * munin * sugarizer + * wordpress - 3. Still proxied to Apache, see [roles/0-init/tasks/main.yml#L108-L112](../0-init/tasks/main.yml#L108-L112) & [roles/nginx/tasks/uses_apache.yml](tasks/uses_apache.yml) + 3. Supports Apache but ***NOT*** NGINX, proxied by an NGINX "Shim" (see [roles/0-init/tasks/main.yml#L39-L49](../0-init/tasks/main.yml#L39-L49) for a list of those IIAB apps/services that auto-enable Apache) * dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056)) * elgg * lokole * moodle - * nodered * nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119)) + * nodered - 4. Not yet dealt with - * internetarchive ([PR #2120](https://github.com/iiab/iiab/pull/2120)) + 4. Not Yet Dealt With! + * internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) + * kalite (menu goes directly to ports 8006-8008) From 05dd2a69205e732ecd160dfa32206e7539561184 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 18:19:47 -0500 Subject: [PATCH 18/37] Update 0-init/tasks/main.yml --- roles/0-init/tasks/main.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index fee213432..8005f6f55 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -37,22 +37,23 @@ include_tasks: validate_vars.yml # SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: "Set 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" +- name: "Set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not be enabled OR if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" set_fact: + apache_install: True apache_enabled: True - when: dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install + when: not nginx_enabled or dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install # #- name: "Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" # assert: # that: apache_install and apache_enabled or not (dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install) # fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF YOU'RE TRYING TO INSTALL ANY OF {dokuwiki, elgg, lokole, moodle, nextcloud, nodered} e.g. IN: /etc/iiab/local_vars.yml" # quiet: yes - -- name: "Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support" - assert: - that: apache_install and apache_enabled or nginx_enabled - fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF 'nginx_enabled: False' e.g. IN: /etc/iiab/local_vars.yml" - quiet: yes +# +#- name: "Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support" +# assert: +# that: apache_install and apache_enabled or nginx_enabled +# fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF 'nginx_enabled: False' e.g. IN: /etc/iiab/local_vars.yml" +# quiet: yes - name: Set top-level variables from local_facts for convenience set_fact: From 4ad8425390bf04019b7a11f8c15a17a59cf47817 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 18:48:37 -0500 Subject: [PATCH 19/37] Update nginx/README.md --- roles/nginx/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index c4a3c3cef..2a9468c58 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -1,23 +1,23 @@ ### Transition to NGINX -1. Initial testing strategy is to move NGINX to port 80, and proxy everything to Apache on port 8090 — creating "Shims" for each IIAB app/service/playbook in *Section iii.* below. +1. Initial testing strategy is to move NGINX to port 80, and proxy everything to Apache on port 8090 — creating "Shims" for each IIAB App/Service in *Section iii.* below. - Until "Native" NGINX is later implemented for that IIAB app/service/playbook — allowing it to move up to *Section ii.* below. + Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below. And potentially later moving it up to *Section i.* if its Apache support is dropped! 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state as of 2020-01-23... +3. Current state IIAB App/Service migrations as of 2020-01-23... - 1. Supports "Native" NGINX but ***NOT*** Apache + 1. These support "Native" NGINX but ***NOT*** Apache * Admin Console * captiveportal * osm-vector-maps * RACHEL-like modules * usb-lib - 2. Supports "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing, which can be attempted by setting 'nginx_enabled: False' in /etc/iiab/local_vars.yml (if "Shims" from *Section iii.* below are preserved!) + 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) * awstats * calibre-web * gitea @@ -28,7 +28,7 @@ * sugarizer * wordpress - 3. Supports Apache but ***NOT*** NGINX, proxied by an NGINX "Shim" (see [roles/0-init/tasks/main.yml#L39-L49](../0-init/tasks/main.yml#L39-L49) for a list of those IIAB apps/services that auto-enable Apache) + 3. These support Apache but ***NOT*** "Native" NGINX. These use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/0-init/tasks/main.yml#L40-L44](../0-init/tasks/main.yml#L40-L44) for a list of these IIAB Apps/Services, that auto-enable Apache. * dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056)) * elgg * lokole From 1f49b0b5fdafb78a3fc1ebee2601ded9cc859c31 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 18:51:54 -0500 Subject: [PATCH 20/37] Typo in 0-init/tasks/main.yml explanation --- roles/0-init/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8005f6f55..fdd96cfc2 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -37,7 +37,7 @@ include_tasks: validate_vars.yml # SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: "Set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not be enabled OR if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" +- name: "Set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not to be enabled OR if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" set_fact: apache_install: True apache_enabled: True From 92a6be2c114908910844a071685db39fe05f7948 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 19:10:25 -0500 Subject: [PATCH 21/37] Explain auto-enabling of Apache in 0-init/tasks/main.yml --- roles/0-init/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index fdd96cfc2..98fbce077 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -37,7 +37,7 @@ include_tasks: validate_vars.yml # SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: "Set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not to be enabled OR if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" +- name: "apache_install is currently '{{ apache_install }}' and apache_enabled is currently '{{ apache_enabled }}'. Now let's set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not to be enabled OR if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install." set_fact: apache_install: True apache_enabled: True From 0f559ccafeca1b3a2221fe0faf51f30667ae2455 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 19:34:28 -0500 Subject: [PATCH 22/37] Clean httpd/tasks/main.yml & mitigate #2123 --- roles/httpd/tasks/main.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index fe2a8e047..e3fd8d11c 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,12 +1,11 @@ - include_tasks: install.yml - #tags: base - - include_tasks: html.yml - #tags: base -# Partially fixes search @ http://box/modules/es-wikihow (on RPi anyway) see https://github.com/iiab/iiab/issues/829 -- include_tasks: php-stem.yml - #tags: base +# 2018-07-18: Partially fixes search @ http://box/modules/es-wikihow (on RPi +# anyway) https://github.com/iiab/iiab/issues/829 & PR #925 +# 2020-01-23: Deprecated as @tim-moody's attempt to revive this for PHP 7.3 +# instead of 7.0 failed: https://github.com/iiab/iiab/issues/2123 +#- include_tasks: php-stem.yml - name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) template: From 530576edafc6f57ec59bb256d6290459322578bc Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 19:40:16 -0500 Subject: [PATCH 23/37] Increase loggingLevel in captiveportal/templates/capture-wsgi.py.j2 --- roles/captiveportal/templates/capture-wsgi.py.j2 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/captiveportal/templates/capture-wsgi.py.j2 b/roles/captiveportal/templates/capture-wsgi.py.j2 index e240b827a..9690f8e63 100755 --- a/roles/captiveportal/templates/capture-wsgi.py.j2 +++ b/roles/captiveportal/templates/capture-wsgi.py.j2 @@ -39,8 +39,10 @@ doc_root = get_iiab_env("WWWROOT") fully_qualified_domain_name = get_iiab_env("FQDN") -loggingLevel = "ERROR" -#loggingLevel = "DEBUG" +# 2020-01-23: @georgejhunt explained that "ERROR" does not log enough details. +# So we're changing IIAB's default to "DEBUG", til Captive Portal proves solid. +#loggingLevel = "ERROR" +loggingLevel = "DEBUG" if len(sys.argv) > 1: if sys.argv[1] == '-l': loggingLevel = "DEBUG" From d54e5da25b32bcb081390376d72021c16f3550f3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 19:48:23 -0500 Subject: [PATCH 24/37] Translate 'httpd' role name to 'apache_installed: True' var name in /etc/iiab/iiab_state.yml --- runrole | 2 ++ 1 file changed, 2 insertions(+) diff --git a/runrole b/runrole index 6e7d019cf..06ed2bf63 100755 --- a/runrole +++ b/runrole @@ -64,6 +64,8 @@ if [ "$REINSTALL" == "1" ]; then if [ ! $1 == "internetarchive" ]; then # special handling if [ $1 == "calibre-web" ]; then # role directory & installed marker differ sed -i -e '/^calibreweb/d' $IIAB_STATE_FILE + elif [ $1 == "httpd" ]; then # role directory & installed marker differ + sed -i -e '/^apache/d' $IIAB_STATE_FILE elif [ $1 == "osm-vector-maps" ]; then # role directory & installed marker differ sed -i -e '/^osm_vector_maps/d' $IIAB_STATE_FILE #elif [ $1 == "bluetooth" ]; then # role directory & installed marker differ From 596088a24bd109f2e2393cf074d6c24f165ffced Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 20:00:22 -0500 Subject: [PATCH 25/37] Rename php-stem.yml to php-stem.yml.deprecated --- roles/httpd/tasks/{php-stem.yml => php-stem.yml.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/httpd/tasks/{php-stem.yml => php-stem.yml.deprecated} (100%) diff --git a/roles/httpd/tasks/php-stem.yml b/roles/httpd/tasks/php-stem.yml.deprecated similarity index 100% rename from roles/httpd/tasks/php-stem.yml rename to roles/httpd/tasks/php-stem.yml.deprecated From 8fdbbfc550502b32cfb1a41daa4a3416098a24e4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 20:29:18 -0500 Subject: [PATCH 26/37] TO DO / Questions re: httpd/tasks/* + roles/httpd-enable --- roles/httpd/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index e3fd8d11c..1a625f579 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,3 +1,13 @@ +# 2020-01-23 TO DO / Questions: +# - Validate input vars apache_install & apache_enabled here. Use them as nec. +# - Encapsulate all 3 tasks below into httpd/roles/install.yml ? +# - Similarly sanity-check httpd/roles/enable.yml... +# - Verify that 9-local-addons/tasks/main.yml's invocation of +# roles/httpd/tasks/enable.yml (via roles/httpd-enable/tasks/main.yml, if +# apache_enabled is True) does the right thing! +# - And that we really don't want to invoke it hereunder? +# - Save relevant apache_* vars to /etc/iiab/iiab.ini + - include_tasks: install.yml - include_tasks: html.yml From 150d8361371880e856971986eef28c574706747e Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 20:41:16 -0500 Subject: [PATCH 27/37] Update 9-local-addons/tasks/main.yml --- roles/9-local-addons/tasks/main.yml | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 8a7bf15cd..4026b3412 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -7,7 +7,6 @@ include_role: name: internetarchive when: internetarchive_install | bool - #tags: internetarchive # Is porting to Python 3 complete, and if so does this belong elsewhere? - name: CAPTIVE PORTAL @@ -15,43 +14,41 @@ name: captiveportal #include_tasks: roles/captiveportal/tasks/main.yml when: captiveportal_install | bool - #tags: base, captiveportal, network, domain - name: MINETEST include_role: name: minetest when: minetest_install | bool - #tags: minetest # KEEP AT THE END as this installs dependencies from Debian's 'testing' branch! - name: CALIBRE include_role: name: calibre when: calibre_install | bool - #tags: calibre - name: CALIBRE-WEB include_role: name: calibre-web when: calibreweb_install | bool - #tags: calibre-web # Could split these two below to Stage 10? -- name: Configure NGINX (already installed in Stage 3-BASE-SERVER) - # If just CONFIGURING, should we use one of the following instead ?? - # include_tasks: roles/nginx/tasks/setup.yml - # include_tasks: roles/nginx/tasks/enable.yml +- name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True include_role: name: nginx - when: nginx_install | bool - #tags: base, nginx + when: nginx_enabled | bool # WAS: nginx_install +# If just CONFIGURING (etc) shouldn't we use one of the following instead ?? +# include_tasks: roles/nginx/tasks/setup.yml +# include_tasks: roles/nginx/tasks/enable.yml -- name: Configure Apache systemd service ({{ apache_service }}) +- name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True include_role: name: httpd-enable - when: apache_install | bool - #tags: base, httpd + when: apache_enabled | bool # WAS: apache_install +# WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE! +# https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44 +# Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md +# 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: From 117f48b4225cd36ff89af4bc8ec2a94b625c4707 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 20:57:14 -0500 Subject: [PATCH 28/37] Update postgresql/tasks/main.yml --- roles/postgresql/tasks/main.yml | 42 ++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 8d30dcc65..62ddc7a32 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -1,30 +1,32 @@ -- name: Install postgresql package +# TO DO: +# - validate input vars postgresql_install & postgresql_enabled +# - put the ~12 stanzas below into install.yml +# - when: postgresql_install is defined + +- name: Install 'postgresql' package package: name: postgresql state: present - #tags: download -- name: Install postgresql-client (debuntu) +- name: Install 'postgresql-client' package (debuntu) package: name: postgresql-client state: present when: is_debuntu | bool - #tags: download -- name: Install postgresql-server (OS's other than debuntu) +- name: Install 'postgresql-server' package (OS's other than debuntu) package: name: postgresql-server state: present when: not is_debuntu - #tags: download - name: Install /etc/systemd/system/postgresql-iiab.service from template template: src: postgresql-iiab.service dest: /etc/systemd/system/postgresql-iiab.service - owner: root - group: root - mode: '0644' + # owner: root + # group: root + # mode: '0644' - name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres file: @@ -71,26 +73,32 @@ group: postgres mode: '0640' -# Probably Not Nec! Given stanza below does the same. -- name: 'Stop postgresql service: /etc/init.d/postgresql stop (debuntu)' - command: "/etc/init.d/postgresql stop" - ignore_errors: True - when: postgresql_install and is_debuntu +# Likely No Longer Nec! Given stanza below does the same... +#- name: 'Stop postgresql service: /etc/init.d/postgresql stop (debuntu)' +# command: "/etc/init.d/postgresql stop" +# ignore_errors: True +# when: postgresql_install and is_debuntu -- name: Disable stock postgresql service +- name: Disable & Stop stock 'postgresql' systemd service systemd: name: postgresql state: stopped enabled: no -- name: Enable & Start postgresql-iiab systemd service, if postgresql_enabled +- name: "Add 'postgresql_installed: True' to {{ iiab_state_file }}" + lineinfile: + dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^postgresql_installed' + line: 'postgresql_installed: True' + +- name: Enable & Start 'postgresql-iiab' systemd service, if 'postgresql_enabled' systemd: name: postgresql-iiab state: started enabled: yes when: postgresql_enabled | bool -- name: Disable postgresql-iiab service, if not postgresql_enabled +- name: Disable 'postgresql-iiab' systemd service, if not 'postgresql_enabled' systemd: name: postgresql-iiab state: stopped From daa5a26d3c94c735b228a1e9d95c15c59408ce25 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 20:58:31 -0500 Subject: [PATCH 29/37] Update nodejs/tasks/main.yml --- roles/nodejs/tasks/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index 95b17d8e3..1866dc460 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -138,3 +138,10 @@ # 2019-03-29: Debian 10 Buster & Ubuntu 19.04 pre-releases made the jump # thankfully; currently both offer Node.js 10.15.2 + + +- name: "Add 'nodejs_installed: True' to {{ iiab_state_file }}" + lineinfile: + dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^nodejs_installed' + line: 'nodejs_installed: True' From 1d575df55db1addbda38cee6f2629baebb788e14 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 21:02:33 -0500 Subject: [PATCH 30/37] Update httpd/tasks/main.yml --- roles/httpd/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 1a625f579..df0e18d01 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,5 +1,6 @@ # 2020-01-23 TO DO / Questions: -# - Validate input vars apache_install & apache_enabled here. Use them as nec. +# - Validate input vars apache_install & apache_enabled here. +# - Use as nec, with 'when: apache_installed is undefined' # - Encapsulate all 3 tasks below into httpd/roles/install.yml ? # - Similarly sanity-check httpd/roles/enable.yml... # - Verify that 9-local-addons/tasks/main.yml's invocation of From 2e9db2c835998b7806f975fbd8766e6f7cada412 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 21:05:42 -0500 Subject: [PATCH 31/37] Update postgresql/tasks/main.yml --- roles/postgresql/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 62ddc7a32..f06573019 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -1,7 +1,7 @@ # TO DO: -# - validate input vars postgresql_install & postgresql_enabled -# - put the ~12 stanzas below into install.yml -# - when: postgresql_install is defined +# - Validate input vars postgresql_install & postgresql_enabled +# - Put ~12 stanzas just below into install.yml +# - Triggered by... 'when: postgresql_installed is undefined' - name: Install 'postgresql' package package: From 920e09be2c7dc571bf0720c7696bc107458adb85 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 21:31:09 -0500 Subject: [PATCH 32/37] Update mysql/tasks/main.yml --- roles/mysql/tasks/main.yml | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 48656e89f..706b1a4c3 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -1,3 +1,10 @@ +# TO DO: +# - Validate input vars mysql_install & mysql_enabled +# - Put ~12 stanzas just below into install.yml +# - Triggered by... 'when: mysql_installed is undefined' +# - Eliminate stale Fedora/CentOS code & gratuitous when: is_debuntu clauses? +# - Consider putting ~8 stanzas below that into enable.yml or similar? + - name: 'Install MySQL packages: mariadb-server, mariadb-client, and 8 php packages (debuntu)' package: name: @@ -14,19 +21,19 @@ - php{{ php_version }}-xmlrpc state: present when: is_debuntu | bool - #tags: download -- name: Install php{{ php_version }}-xml (ubuntu or debian 9+) +- name: Install package 'php{{ php_version }}-xml' (debuntu) # WAS: (ubuntu or debian 9+) package: name: "php{{ php_version }}-xml" state: present - when: is_ubuntu or (is_debian and not is_debian_8) + when: is_debuntu | bool + #when: is_ubuntu or (is_debian and not is_debian_8) -- name: Install php-xml-parser (debian-8) - package: - name: php-xml-parser - state: present - when: is_debian_8 | bool +#- name: Install php-xml-parser (debian-8) +# package: +# name: php-xml-parser +# state: present +# when: is_debian_8 | bool - name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)" package: @@ -44,15 +51,12 @@ - php-xmlrpc state: present when: not is_debuntu - #tags: download - include_tasks: centos.yml when: ansible_distribution == "CentOS" - #tags: download - include_tasks: fedora.yml when: ansible_distribution == "Fedora" - #tags: download # 2019-07-03 @jvonau @holta: the next 50 lines (6 stanzas) double MariaDB's @@ -110,6 +114,12 @@ # line: "TimeoutStartSec=180" when: mariadb_unit_file.stat.exists +- name: "Add 'mysql_installed: True' to {{ iiab_state_file }}" + lineinfile: + dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^mysql_installed' + line: 'mysql_installed: True' + # Name of MySQL service varies by OS, so hardcoded in /opt/iiab/iiab/vars/.yml (formerly in roles/0-init/tasks/main.yml) - name: Enable & Start MySQL systemd service ({{ mysql_service }}) if mysql_enabled @@ -178,6 +188,7 @@ state: stopped when: not mysql_enabled + - name: Add 'mysql' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" From fdb671e86239f09f44beeba96f6dc41a749e8adb Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 21:40:03 -0500 Subject: [PATCH 33/37] Update vnstat/tasks/main.yml --- roles/vnstat/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index a26f19a2f..0c005ef16 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -19,6 +19,12 @@ shell: /usr/bin/vnstat -i {{ iiab_lan_iface }} when: iiab_lan_iface is defined +- name: "Add 'vnstat_installed: True' to {{ iiab_state_file }}" + lineinfile: + dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^vnstat_installed' + line: 'vnstat_installed: True' + - name: Enable & Start vnStat's systemd service systemd: name: vnstat From 0105c77393c37c432fdc1eac10452543ef2d6159 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 21:43:18 -0500 Subject: [PATCH 34/37] Update vnstat/tasks/main.yml --- roles/vnstat/tasks/main.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index 0c005ef16..969b25d0f 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -25,12 +25,15 @@ regexp: '^vnstat_installed' line: 'vnstat_installed: True' -- name: Enable & Start vnStat's systemd service + +- name: Enable & Start vnStat's systemd service (vnstat) systemd: name: vnstat daemon_reload: yes enabled: yes - state: started + state: restarted + when: vnstat_enabled | bool + - name: Add 'vnstat' variable values to {{ iiab_ini_file }} ini_file: From 77a6aae339adb2f0708a8d51fb5c8328ac425362 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 21:50:45 -0500 Subject: [PATCH 35/37] Update transmission/tasks/main.yml --- roles/transmission/tasks/main.yml | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index 66bb4c0e8..7c7d3c292 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -5,15 +5,15 @@ - transmission-cli state: present -- name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }} # /library/transmission +- name: Create download dir {{ transmission_download_dir }}, owned by {{ transmission_user }}:{{ transmission_group }} file: - path: "{{ transmission_download_dir }}" - owner: "{{ transmission_user }}" - group: "{{ transmission_group }}" - mode: 0755 + path: "{{ transmission_download_dir }}" # /library/transmission + owner: "{{ transmission_user }}" # debian-transmission + group: "{{ transmission_group }}" # root + # mode: '0755' state: directory -- name: Stop transmission-daemon before modifying its settings +- name: Stop 'transmission-daemon' systemd service, before modifying its settings systemd: name: transmission-daemon state: stopped @@ -23,11 +23,18 @@ template: src: settings.json.j2 dest: /etc/transmission-daemon/settings.json - mode: 0644 - owner: "{{ transmission_user }}" - group: "{{ transmission_group }}" + # mode: '0644' + owner: "{{ transmission_user }}" # debian-transmission + group: "{{ transmission_group }}" # root -- name: Enable & Restart transmission-daemon systemd service, incl daemon-reload +- name: "Add 'transmission_installed: True' to {{ iiab_state_file }}" + lineinfile: + dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^transmission_installed' + line: 'transmission_installed: True' + + +- name: Enable & Restart 'transmission-daemon' systemd service, incl daemon-reload systemd: name: transmission-daemon daemon_reload: yes @@ -45,7 +52,7 @@ when: transmission_enabled and transmission_provision and transmission_kalite_languages is defined and transmission_kalite_languages is not none ignore_errors: yes -- name: Disable transmission-daemon service, if not transmission_enabled +- name: Disable & Stop 'transmission-daemon' service, if not transmission_enabled systemd: name: transmission-daemon daemon_reload: yes @@ -53,6 +60,7 @@ state: stopped when: not transmission_enabled + - name: Add 'transmission' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" From c1dd54ea231aa5742cfb898a7724a49e4ba07a2a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 21:59:51 -0500 Subject: [PATCH 36/37] Update phpmyadmin/tasks/main.yml --- roles/phpmyadmin/tasks/main.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index 795bed675..2dd6f3cc5 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -3,7 +3,6 @@ url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}" dest: "{{ downloads_dir }}" timeout: "{{ download_timeout }}" - #register: phpmyadmin_dl_output when: internet_available | bool - name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist? # e.g. /opt/iiab/downloads/phpMyAdmin-4.8.3-all-languages.zip @@ -16,20 +15,20 @@ msg: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }} is REQUIRED in order to install phpMyAdmin." when: not phpmyadmin_dl.stat.exists -- name: Unzip to permanent location /opt/{{ phpmyadmin_name }} +- name: Unzip to permanent location /opt/{{ phpmyadmin_name }}, owned by {{ apache_user }} unarchive: src: "{{ downloads_dir }}/{{ phpmyadmin_name_zip }}" dest: /opt owner: "{{ apache_user }}" -- name: Create symlink from /opt/phpmyadmin to {{ phpmyadmin_name }} +- name: Symlink /opt/phpmyadmin -> {{ phpmyadmin_name }} file: src: "{{ phpmyadmin_name }}" path: /opt/phpmyadmin - owner: "{{ apache_user }}" + owner: "{{ apache_user }}" # Some Linux's ignore symlink owners? state: link -- name: Install /opt/phpmyadmin/config.inc.php from template +- name: Install /opt/phpmyadmin/config.inc.php owned by {{ apache_user }}, from template template: src: config.inc.php dest: /opt/phpmyadmin/config.inc.php @@ -46,6 +45,13 @@ # # recurse: yes # # state: directory +- name: "Add 'phpmyadmin_installed: True' to {{ iiab_state_file }}" + lineinfile: + dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^phpmyadmin_installed' + line: 'phpmyadmin_installed: True' + + - name: Install /etc/{{ apache_config_dir }}/phpmyadmin.conf from template, if phpmyadmin_enabled template: src: phpmyadmin.j2 @@ -65,6 +71,7 @@ state: absent when: not phpmyadmin_enabled and is_debuntu + - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" From ee4f51d36ad5bab9b51d9f0c88478f086a46e180 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 23 Jan 2020 22:11:24 -0500 Subject: [PATCH 37/37] Update openvpn/tasks/main.yml --- roles/openvpn/tasks/main.yml | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 032b6733d..8e32472fa 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -1,9 +1,8 @@ -# TO DO: WRAP 10 OR 11 STANZAS BELOW (and saving vars to iiab_ini_file at -# bottom) INTO install.yml, somehow conditioned by... -# when: openvpn_install | bool +# TO DO: WRAP 11 OR 12 STANZAS BELOW INTO install.yml, conditioned by... +# 'when: openvpn_installed is undefined' # -# BEWARE: 11th stanza (ssh pubkey deletions) is already conditioned by... -# when: not openvpn_install +# BEWARE: 4th stanza (ssh pubkey deletions) is already conditioned by... +# 'when: not openvpn_install' (revise?) - name: Install OpenVPN and Nmap packages package: @@ -84,30 +83,37 @@ dest: /usr/bin/ mode: '0755' -- name: Create iiab-support-on (symlink to iiab-support for now) +- name: Symlink /usr/bin/iiab-support-on -> /usr/bin/iiab-support file: src: /usr/bin/iiab-support path: /usr/bin/iiab-support-on state: link -- name: Create iiab-support-off (symlink to iiab-remote-off for now) +- name: Symlink /usr/bin/iiab-support-off -> /usr/bin/iiab-remote-off file: src: /usr/bin/iiab-remote-off path: /usr/bin/iiab-support-off state: link -- name: Create iiab-vpn-on (symlink to iiab-remote-on for now) +- name: Symlink /usr/bin/iiab-vpn-on -> /usr/bin/iiab-remote-on file: src: /usr/bin/iiab-remote-on path: /usr/bin/iiab-vpn-on state: link -- name: Create iiab-vpn-off (symlink to iiab-remote-off for now) +- name: Symlink /usr/bin/iiab-vpn-off -> /usr/bin/iiab-remote-off file: src: /usr/bin/iiab-remote-off path: /usr/bin/iiab-vpn-off state: link +- name: "Add 'openvpn_installed: True' to {{ iiab_state_file }}" + lineinfile: + dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^openvpn_installed' + line: 'openvpn_installed: True' + + # TO DO: WRAP COMMENTS + 4 ACTIVE STANZAS BELOW INTO enable.yml... # FIXED SOMETIME PRIOR TO AUGUST 2018: earlier versions of Ansible had not @@ -147,7 +153,7 @@ # /lib/systemd/systemd-sysv-install sets /etc/rc*.d/S|K01openvpn # e.g. when "systemctl enable openvpn" -- name: Enable & (Re)Start PARENT service openvpn, which (re)starts CHILD service openvpn@xscenet (& actual tunnel) +- name: Enable & (Re)Start PARENT 'openvpn' system service, which (re)starts CHILD service 'openvpn@xscenet' (& actual tunnel) systemd: name: openvpn daemon_reload: yes @@ -171,7 +177,7 @@ state: absent when: not openvpn_enabled or not openvpn_cron_enabled -- name: Disable & Stop PARENT service openvpn, which stops CHILD service openvpn@xscenet (& actual tunnel) +- name: Disable & Stop PARENT 'openvpn' system service, which stops CHILD service 'openvpn@xscenet' (& actual tunnel) systemd: name: openvpn enabled: no @@ -191,6 +197,7 @@ # ignore_errors: True # when: not openvpn_enabled and not installing + - name: Add 'openvpn' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}"