external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:iiab/iiab into lokole-integration

Browse source
This commit is contained in:
Aidan Fitzgerald 2018-07-26 21:38:17 -04:00
commit a269cecf3b
94 changed files with 1727 additions and 762 deletions
Download patch file Download diff file Expand all files Collapse all files

61
CONTRIBUTING.md
View file

@ -1,51 +1,71 @@
Contributing to Internet-in-a-Box (IIAB)
=======================================
Internet-in-a-Box runs on various GNU/Linux operating systems such as Fedora, Ubuntu, Debian, CentOS and Raspbian.
Internet-in-a-Box runs on various GNU/Linux operating systems such as Raspbian, Ubuntu, Debian, CentOS and Fedora.
You can install Internet-in-a-Box on most late model desktop and laptop computers. It also supports Intel NUC, Intel Gigabyte BRIX, OLPC XO-1.5, XO-1.75, XO-4, Raspberry Pi 2 and Raspberry Pi 3. A VirtualBox VM can also used for testing purposes. Using Docker containers however is not recommended as our Ansible provisioning system requires low-level access to the operating system.
You can install Internet-in-a-Box on x86_64 PCs/laptops and Raspberry Pi 3 (or 3 B+). Example PC's include Intel NUC and Gigabyte BRIX. Partial support is also available on OLPC laptops like the XO-1.5, XO-1.75 and XO-4. A VirtualBox VM can also be used for testing purposes. Using Docker containers however is not recommended as our Ansible provisioning system requires low-level access to the operating system.
Finally, running Internet-in-a-Box on the Raspberry Pi Zero W is also possible, if you transfer a working IIAB (microSD card) that was built up inside a Raspberry Pi 3 (or 3 B+).
Please refer to [IIAB Platforms](https://github.com/iiab/iiab/wiki/IIAB-Platforms) for more information.
Internet-in-a-Box uses [Ansible](https://www.ansible.com/) infrastructure automation tool to deploy and configure all software packages. Ansible uses [playbooks](http://docs.ansible.com/ansible/latest/playbooks.html) a human readable instruction files in YAML format. Playbooks are divided into hosts, roles and tasks.
Internet-in-a-Box uses Ansible (acquired by Red Hat in October 2015, similar to Puppet) to install and configure all software packages. Ansible uses [playbooks](http://docs.ansible.com/ansible/latest/playbooks.html) as human-readable instruction files in [YAML](http://www.yaml.org/start.html) format. Playbooks are divided into hosts, roles and tasks.
```
├── roles
│ ├── 1-prep
│ │ ├─ defaults
| | | ├──main.yml (lowest precedence variable definitions, overridden by <repo_root>/vars/default_vars.yml, overridden by ./vars/local_vars.yml.
| | | ├──main.yml (lowest precedence variable definitions, overridden by <repo_root>/vars/default_vars.yml, overridden by /etc/iiab/local_vars.yml)
│ │ ├── README.rst
│ │ ├── tasks
| | | ├──main.yml (specifies the actions to install this role
│ │ └── templates
| | | ├<(text files where ansible variables are substituted, specified via {% <variable> %} containers-(jinja2 language).
| | | ├──<text files where Ansible variables are substituted, using jinja2 templating e.g. {% <variable> %}>
│ ├── 2-common
│ │ ├── README.rst
│ │ ├── tasks
│ │ └── templates
```
At runtime, Ansible gathers system information and makes it available (called 'facts') and combines this with playbook defined 'variables' to guide the installation process. The execution follows a sequence of cascading steps:
Specifically, Ansible installs Internet-in-a-Box starting with 0-init, followed by Stages 1 to 9, and finally runs the network stage:
- [0-init](https://github.com/iiab/iiab/tree/master/roles/0-init)
- [1-prep](https://github.com/iiab/iiab/tree/master/roles/1-prep)
- [2-common](https://github.com/iiab/iiab/tree/master/roles/2-common)
- [3-base-server](https://github.com/iiab/iiab/tree/master/roles/3-base-server)
- [4-server-options](https://github.com/iiab/iiab/tree/master/roles/4-server-options)
- [5-xo-services](https://github.com/iiab/iiab/tree/master/roles/5-xo-services)
- [6-generic-apps](https://github.com/iiab/iiab/tree/master/roles/6-generic-apps)
- [7-edu-apps](https://github.com/iiab/iiab/tree/master/roles/7-edu-apps)
- [8-mgmt-tools](https://github.com/iiab/iiab/tree/master/roles/8-mgmt-tools)
- [9-local-addons](https://github.com/iiab/iiab/tree/master/roles/9-local-addons)
- [network](https://github.com/iiab/iiab/tree/master/roles/network)
1. Bash script `./runansible` follows instructions in `iiab.yml` in the root directory.
Click on Stages 1 to 9 above for descriptions of their specific purposes.
2. `iiab.yml` calls 9 aggregate roles (the numbered directories under `./roles/`).
At runtime (to build up your Internet-in-a-Box server) Ansible gathers system information making it available (as 'facts') and combines this with Ansible 'variables' to guide the installation process. The execution follows a sequence of cascading steps:
3. Each aggregate role has a `<role>/meta/main.yml` which calls the individual named roles.
1. Bash script `./iiab-install` uses Ansible to run `/opt/iiab/iiab/iiab-stages.yml`
2. `iiab-stages.yml` calls 9+ aggregate roles (AKA stages, these are the numbered directories above, in /opt/iiab/iiab/roles) and then the network role. It avoids repeating any of these 9 core install stages (in case of Internet glitches etc) by keeping a counter ("STAGE") in `/etc/iiab/iiab.env` (Aside: the network role can also later be run using `./iiab-network`)
3. Each aggregate role AKA stage has a `<role>/tasks/main.yml` (formerly `<role>/meta/main.yml`) to invoke all needed roles and tasks.
Please refer to the [IIAB Architecture](https://github.com/iiab/iiab/wiki/IIAB-Architecture) and [IIAB Variables]( https://github.com/iiab/iiab/wiki/IIAB-Variables) pages for more information.
Installation
============
Before you start the installation please refer to the [hardware section of FAQ](http://wiki.laptop.org/go/IIAB/FAQ#What_hardware_should_I_use.3F) page for memory, storage and network requirements for your platform. Also note that downloading content might take a long time on slower Internet connections.
Before you start the installation please refer to the [hardware section of FAQ](http://wiki.laptop.org/go/IIAB/FAQ#What_hardware_should_I_use.3F) page for memory, storage and network requirements for your platform. Also note that downloading content might take a long time on slower Internet connections.
If you are a developer, please consider [building Internet-in-a-Box from scratch](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch).
Most all implementers should use IIAB's 1-line installer at http://download.iiab.io (click on the version number, e.g. [6.6](http://download.iiab.io/6.6/)).
If you are a developer, consider [building Internet-in-a-Box from scratch](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch).
Please refer to the [IIAB Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) page for more information.
Setting up development environment
===================================
( This section uses experimental development environment for Internet-in-a-Box. It is being developed in the [iiab-dev-mode repository](https://github.com/arky/iiab-dev-mode). )
This section provide a quick setup of Internet-in-a-Box (IIAB) development environment using [Vagrant](https://www.vagrantup.com/). You will need a computer with [virtualization enabled](https://www.virtualbox.org/manual/UserManual.html) and git, Vagrant (2.0 or later) and [VirtualBox](https://www.virtualbox.org/) installed.
This section provide a quick setup of Internet-in-a-Box (IIAB) development environment using [Vagrant](https://www.vagrantup.com/). You will need a computer with [virtualization enabled](https://www.virtualbox.org/manual/UserManual.html) and git, Vagrant (2.0 or later) and [VirtualBox](https://www.virtualbox.org/) installed.
## Requirements
@ -55,14 +75,15 @@ This section provide a quick setup of Internet-in-a-Box (IIAB) development envir
* Editor ([Atom](www.atom.io), Emacs, vi, etc)
## Setup Instructions
1. Check out the repository and its submodules onto your development machine.
`git clone --recursive git@github.com:arky/iiab-dev-mode.git`
2. Change directory into 'iiab-dev-mode' with `cd iiab-dev-mode`. You can update all the submodules to latest master using `git submodule foreach git pull origin master`
2. Change directory into 'iiab-dev-mode' with `cd iiab-dev-mode`. You can update all the submodules to the latest master using `git submodule foreach git pull origin master`
3. Set up a vagrant machine with `vagrant up` and provision it with `vagrant provision`. Please select the available bridge network interface (wlan0 or eth0) that connects your host machine to the Internet.
3. Set up a vagrant machine with `vagrant up` and provision it with `vagrant provision`. Please select the available bridge network interface (wlan0 or eth0) that connects your host machine to the Internet.
4. Connect to your vagrant machine with `vagrant ssh`. All your local development files available as shared folder in `/opt/iiab` directory.
4. Connect to your vagrant machine with `vagrant ssh`. All your local development files available as shared folder in `/opt/iiab` directory.
5. Install IIAB itself from the Ansible playbooks by following [IIAB Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch) instructions:
```
@ -80,11 +101,11 @@ This section provide a quick setup of Internet-in-a-Box (IIAB) development envir
```
6. Hack away!
7. You can commit your local changes to your personal forks of Internet-in-a-Box repository and then send pull request to IIAB project. Once you forked a repository, you change directory into that repository and setting a default git remote push setting with the following command.
7. You can commit your local changes to your personal forks of Internet-in-a-Box repository and then send pull request to the IIAB project. Once you've forked a repository, you change directory into that repository and set a default git remote push setting with the following command:
`cd <repo> && git remote set-url --push origin git@github.com:<your_username>/<your_forked_iiab_repo_name>.git`
Learn more by reading blog post [Different git Push & Pull(fetch) URLs](http://blog.yuriy.tymch.uk/2012/05/different-git-push-pullfetch-urls.html) and the [Git Basics - Working with Remotes](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) chapter of Scott Chacon and Ben Straub's "Git Pro" book.
Learn more by reading the blog post [Different git Push & Pull(fetch) URLs](http://blog.yuriy.tymch.uk/2012/05/different-git-push-pullfetch-urls.html) and the [Git Basics - Working with Remotes](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) chapter of Scott Chacon and Ben Straub's "Git Pro" book.
8. Once you are done, you can stop your vagrant machine with `vagrant halt` or remove it completely with `vagrant destroy`.
@ -93,7 +114,7 @@ Debugging
Here are few strategies for debugging problems during the Internet-in-a-Box installation.
* When a installation task fails, Ansible halts printing out a descriptive error message to the screen. This error information is also written to `iiab-install.log` file within `/opt/iiab/iiab`. (Look through logs to check if any preceding line contains the error).
* When a installation task fails, Ansible halts printing out a descriptive error message to the screen. This error information is also written to `iiab-install.log` file within `/opt/iiab/iiab`. (Look through logs to check if any preceding line contains the error).
* When an installation succeeds, the last lines printed on the screen will look like the following (failed=0):
```
PLAY RECAP *********************************************************************
@ -111,7 +132,7 @@ Testing your code with Travis CI
To maintain the quality of the Internet-in-a-Box (IIAB) code we use [Travis Continuous Integration (CI)](https://travis-ci.org) build infrastructure. Travis CI does tests to
ensure the code syntax is correct and the code is formatted properly using `ansible` syntax checker, `ansible-lint` and `ansible-review` tools. The results of Travis CI Internet-in-a-Box (IIAB) could be seen [here](https://travis-ci.org/iiab/iiab).
Every pull request is automatically tested by Travis CI. The results of these tests are added to the pull request. This aids Internet-in-a-Box (IIAB) developers in reviewing the quality of the code in a pull request.
Every pull request [was] automatically tested by Travis CI. The results of these tests [were] added to the pull request. This aids Internet-in-a-Box (IIAB) developers in reviewing the quality of the code in a pull request [this approach is currently on hold as of July 2018 &mdash; if it's tuned up this or any similar CI/CD alternatives would be welcome!]
To test your forked repository of Internet-in-a-Box (IIAB) code. You have to enable automatic build tests in your [Travis-ci.org](https://travis-ci.org) profile page.
@ -140,4 +161,4 @@ Get in touch
* Join our [live calls](http://minutes.iiab.io) most Mondays and Thursday
* Join us on IRC live chat: [#schoolserver](https://webchat.freenode.net/?channels=#schoolserver) on [freenode]( https://www.freenode.net/)
* Post an idea or question to our [community forums](http://iiab.io/)
* Read our Frequently Asked Questions ([FAQ.IIAB.IO](http://FAQ.IIAB.IO))
* Read ["What are the best places for community support?"](http://FAQ.IIAB.IO#What_are_the_best_places_for_community_support.3F) within our Frequently Asked Questions ([FAQ.IIAB.IO](http://FAQ.IIAB.IO))

2
README.md
View file

@ -1,4 +1,4 @@
# Internet-in-a-Box (IIAB) [![Build Status](https://travis-ci.org/iiab/iiab.svg?branch=master)](https://travis-ci.org/iiab/iiab)
# Internet-in-a-Box (IIAB)
Welcome to the Git repository of the Internet-in-a-Box (IIAB) project. This is a community-based project developed and supported by volunteers from around the world. The Internet-in-a-Box (IIAB) is small, inexpensive device which provides essential Internet resources (like Wikipedia, OpenStreetMap, Khan Academy and others) without any Internet connection. It provides a local content server of the worlds Free Knowledge.

2
iiab-base.yml
View file

@ -5,7 +5,7 @@
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
- /etc/iiab/local_vars.yml
roles:
- { role: 0-init, tags: ['0-init'] }

2
iiab-from-console.yml
View file

@ -5,7 +5,7 @@
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/config_vars.yml
roles:

76
iiab-install
View file

@ -10,9 +10,42 @@ CWD=`pwd`
OS=`grep ^ID= /etc/*release|cut -d= -f2`
OS=${OS//\"/}
MIN_RPI_KERN=4.9.59-v7+
MIN_ANSIBLE_VER=2.4.1.0
MIN_ANSIBLE_VER=2.5.6
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f /etc/iiab/local_vars.yml ]; then
if [ -f /opt/iiab/iiab/vars/local_vars.yml ]; then
echo -e "\nACTION NEEDED: YOUR /opt/iiab/iiab/vars/local_vars.yml IS NO LONGER SUPPORTED.\n" >&2
echo -e "███████████████████ TO MOVE IT TO THE CORRECT LOCATION, RUN: ███████████████████" >&2
echo -e "██ ██" >&2
echo -e "██ mv /opt/iiab/iiab/vars/local_vars.yml /etc/iiab/local_vars.yml ██" >&2
echo -e "██ ██" >&2
echo -e "████████████████████████████████████████████████████████████████████████████████\n" >&2
fi
echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2
echo -e "(1) Please read http://wiki.iiab.io/local_vars.yml to learn more" >&2
echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2
echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2
echo -e ' http://download.iiab.io (click on "6.6" or a more recent version!)\n' >&2
#case $OS in
# OLPC | fedora)
# echo -e "Please examine /opt/iiab/iiab/vars/local_vars_olpc.yml for XO laptops.\n" >&2
# ;;
# centos | debian | ubuntu | raspbian)
# echo -e "Please consider /opt/iiab/iiab/vars/local_vars_medium.yml or similar.\n" >&2
# ;;
# *)
# echo -e "EXITING: IIAB requires Raspbian, Debian, Ubuntu, CentOS or OLPC/Fedora.\n" >&2
# ;;
#esac
exit 1
fi
# FUTURE: Test if their local_vars.yml is sufficiently version-compatible !
echo -e "\n\n./iiab-install $* BEGUN IN $CWD\n"
if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then
mkdir -p /etc/ansible/facts.d
@ -30,7 +63,7 @@ if [ "$1" != "--debug" ] && [ "$1" != "--reinstall" ] && [ "$1" != "" ]; then
echo "Use './iiab-install' for regular installs, or to continue an install."
echo "Use './iiab-install --reinstall' to force running all Stages 0-9."
echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9."
echo "Use './runtags' to run a single Stage or Tag or Role."
echo "Use './runrole' to run a single Stage or Role."
echo "Use './iiab-network' to run Network sections."
exit 1
fi
@ -68,9 +101,11 @@ if [[ `command -v ansible` ]]; then # "command -v" is POSIX compliant; it
fi
if version_gt $MIN_ANSIBLE_VER $CURR_ANSIBLE_VER ; then
echo -e "\nEXITING: Ansible "$MIN_ANSIBLE_VER" or higher required."
echo "PLEASE RUN './scripts/ansible' to install the latest Ansible from PPA or RPM."
echo "'ansible --version' and 'apt -a list ansible' can also be useful here. Try"
echo "to remove prior versions with 'apt purge ansible' or 'pip uninstall ansible'."
echo
echo "REMOVE PRIOR VERSIONS using 'apt purge ansible' and/or 'pip uninstall ansible'."
echo "THEN RUN 'scripts/ansible' to install the latest Ansible from PPA or RPM."
echo "'ansible --version' and 'apt -a list ansible' can also be very useful."
echo
echo "IIAB INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation"
exit 1
fi
@ -107,36 +142,21 @@ if [ -f /etc/iiab/iiab.env ]; then
echo -e "\nEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done."
echo "Use './iiab-install --reinstall' to force running all Stages 0-9."
echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9."
echo "Use './runtags' to run a single Stage or Tag or Role."
echo "Use './iiab-network' to run Network sections."
exit 1
echo "Use './runrole' to run a single Stage or Role."
echo -e "Use './iiab-network' to run Network sections.\n\n"
exit 0 # allows rerunning http://download.iiab.io/6.6/install.txt
fi
fi
if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then
echo -e "\n'--debug' *ignored* as STAGE (counter) < 2."
fi
# If vars/local_vars.yml is missing, put a default file in place.
if [ ! -f ./vars/local_vars.yml ]; then
case $OS in
OLPC | fedora)
cp ./vars/local_vars_olpc.yml ./vars/local_vars.yml
echo -e "\nvars/local_vars.yml created from local_vars_olpc.yml defaults."
;;
centos | debian | ubuntu | raspbian)
cp ./vars/local_vars_medium.yml ./vars/local_vars.yml
echo -e "\nvars/local_vars.yml created from local_vars_medium.yml defaults."
echo "See MIN/MEDIUM/BIG options @ http://wiki.iiab.io/local_vars.yml"
;;
*)
echo -e "\nEXITING: IIAB requires Raspbian, Debian, Ubuntu, CentOS or OLPC/Fedora."
exit 1
;;
esac
fi
echo -e "\nTRY TO RERUN './iiab-install' IF IT FAILS DUE TO CONNECTIVITY ISSUES ETC!"
echo -e "\nRunning local playbooks....Stage 0 will now run....followed by Stages $(($STAGE + 1))-9"
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null
ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local
echo -e "./iiab-install $* COMPLETED IN $CWD\n\n"

2
iiab-network.yml
View file

@ -5,7 +5,7 @@
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/config_vars.yml
roles:

2
iiab-stages.yml
View file

@ -6,7 +6,7 @@
- roles/0-init/defaults/main.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
- /etc/iiab/local_vars.yml
tasks:

2
iiab.yml → iiab.yml.deprecated
View file

@ -5,7 +5,7 @@
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/config_vars.yml
roles:

4
install-support
View file

@ -14,7 +14,7 @@ then
exit 1
fi
sed -i -e "s/openvpn_install: False/openvpn_install: True/" vars/local_vars.yml
sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" vars/local_vars.yml
sed -i -e "s/openvpn_install: False/openvpn_install: True/" /etc/iiab/local_vars.yml
sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" /etc/iiab/local_vars.yml
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local

2
roles/0-init/tasks/hostname.yml
View file

@ -3,7 +3,7 @@
path: /etc/cloud/cloud.cfg
register: U18_server
- name: edit cloud.cfg yaml
- name: Edit cloud.cfg yaml
lineinfile:
dest: /etc/cloud/cloud.cfg
regexp: '^preserve_hostname*'

12
roles/0-init/tasks/iiab_ini.yml
View file

@ -1,5 +1,5 @@
# workaround for fact that auto create does not work on ini_file
- name: Create iiab config file
- name: Create /etc/iiab/iiab.ini (iiab_config_file)
file:
dest: "{{ iiab_config_file }}"
state: touch
@ -16,12 +16,12 @@
- option: iiab_dir
value: "{{ iiab_dir }}"
- name: add version section
- name: Add version section
ini_file:
dest: "{{ iiab_config_file }}"
section: version
option: "{{ item.option }}"
value: "{{ item.value }}"
dest: "{{ iiab_config_file }}"
section: version
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: distribution
value: "{{ ansible_distribution }}"

24
roles/0-init/tasks/main.yml
View file

@ -10,8 +10,8 @@
first_run: True
when: not NewInstall.stat.exists
# we need to inialize the ini file and only write the location and version sections once and only
# once to preserve the install date and git hash.
# We need to inialize the ini file and only write the location and version
# sections once and only once to preserve the install date and git hash.
- name: Write iiab_ini.yml for the first time
include_tasks: first_run.yml
when: first_run
@ -41,7 +41,8 @@
exFAT_enabled: True
when: xo_model != "none"
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
# Discover: do we have a gateway?
# If Ansible detects gateway, becomes WAN candidate.
- name: Finding gateway
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
@ -79,7 +80,7 @@
path: /tmp/heart-beat.txt
state: absent
# Put all computed vars here so derive properly from any prior var file
# Put all computed vars here so derive properly from any prior var file.
- name: If the TZ is not set in env, set it to UTC
include_tasks: tz.yml
@ -98,10 +99,10 @@
mysql_install: True
mysql_enabled: True
# we decided to enable mysql unconditionally
# We decided to enable mysql unconditionally.
# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install
# Commenting out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427
# Late 2017: Had commented out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427
- name: Turn on mongodb if sugarizer enabled
set_fact:
mongodb_install: True
@ -131,15 +132,14 @@
python_path: /usr/local/lib/python2.7/dist-packages/
when: is_debuntu
# for various reasons the mysql service can not be enabled on fedora 20,
# but 'mariadb', which is its real name can
# on fedora 18 we need to use 'mysqld'
# For various reasons the mysql service cannot be enabled on Fedora 20, but
# 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'.
- name: Set mysqld_service to mariadb by default
- name: Set mysql_service to mariadb by default
set_fact:
mysql_service: mariadb
- name: Set mysqld_service to mysqld etc (Fedora 18)
- name: Set mysql_service to mysqld etc (Fedora 18)
set_fact:
mysql_service: mysqld
no_NM_reload: True
@ -165,7 +165,7 @@
include_tasks: hostname.yml
when: FQDN_changed
- name: Add version section
- name: Add 'runtime' section alongside list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ iiab_config_file }}"
section: runtime

4
roles/2-common/tasks/packages.yml
View file

@ -14,14 +14,14 @@
- avahi-tools
when: is_redhat
- name: Download usbmount -- not in Debian Stretch (debian_9)
- name: Download usbmount -- not in Debian Stretch (debian-9)
get_url:
url: "{{ iiab_download_url }}/usbmount_0.0.14.1_all.deb"
dest: "{{ downloads_dir }}"
timeout: "{{ download_timeout }}"
when: internet_available and is_debian_9
- name: Install usbmount (debian_9)
- name: Install usbmount (debian-9)
command: apt install -y {{ downloads_dir }}/usbmount_0.0.14.1_all.deb
when: is_debian_9

5
roles/2-common/tasks/udev.yml
View file

@ -22,8 +22,9 @@
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
# ubuntu 16.04 comes with ansible 2.0.0.2 -- no systemd module
- name: Ask systemd to recognize the changes
shell: systemctl daemon-reload
- name: Ask systemd to reread unit files (daemon-reload)
systemd:
daemon_reload: yes
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
- name: Restart so systemd recognizes the changes

2
roles/4-server-options/README.rst
View file

@ -2,7 +2,7 @@
4-server-options README
=======================
Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /opt/iiab/iiab/vars/local_vars.yml
Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /etc/iiab/local_vars.yml
This includes some networking fundamentals, before they're configured later on.

2
roles/4-server-options/tasks/main.yml
View file

@ -85,7 +85,7 @@
src: roles/1-prep/templates/iiab_env.py.j2
dest: /etc/iiab/iiab_env.py
- name: Generate the offline documents
- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation (script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which runs the HTTPD playbook = roles/httpd/tasks/main.yml)
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs

6
roles/7-edu-apps/tasks/main.yml
View file

@ -9,6 +9,12 @@
when: kalite_install
tags: kalite
- name: KOLIBRI
include_role:
name: kolibri
when: kolibri_install
tags: kolibri
- name: KIWIX
include_role:
name: kiwix

11
roles/calibre/defaults/main.yml
View file

@ -5,7 +5,14 @@ calibre_web_path: calibre
# In addition to: http://box:8080 http://box/books box/libros box/livres box/livros box/liv
calibre_dbpath: "{{ content_base }}/calibre"
# i.e. /library/calibre
# i.e. /library/calibre (holds metadata.db + book directories + our users.sqlite)
calibre_userdb: "{{ calibre_dbpath }}/users.sqlite"
# i.e. /library/calibre/users.sqlite since github.com/iiab/iiab/issues/830
# Teachers add/remove/convert books & edit metadata using: Admin/changeme
# Stub/Student acnts to browse: box/box, h/h, ht/ht, m/m, mx/mx, p/p, pe/pe
# Edit accounts/permissions using:
# calibre-server --manage-users --userdb /library/calibre/users.sqlite
calibre_sample_book: "Metamorphosis-jackson.epub"
# Must be downloadable from http://download.iiab.io/packages
@ -14,5 +21,5 @@ calibre_src_url: "https://raw.githubusercontent.com/kovidgoyal/calibre/master/se
# USE TO TEST debs.yml (RASPBIAN APPROACH!) ON DEBIAN 9.X: (now handled by calibre_via_debs in /opt/iiab/iiab/vars/*)
#calibre_debs_on_debian: True
# Enable unstable .deb's, not just testing .deb's: (moved to vars/local_vars.yml & vars/default_vars.yml)
# Enable unstable .deb's, not just testing .deb's: (moved to /etc/iiab/local_vars.yml & /opt/iiab/iiab/vars/default_vars.yml)
#calibre_unstable_debs: False

6
roles/calibre/tasks/create-db.yml
View file

@ -1,9 +1,3 @@
- name: Create /library/calibre (mandatory since Calibre 3.x)
file:
path: "{{ calibre_dbpath }}"
state: directory
#mode: 0755
- name: Check if sample book exists in /opt/iiab/downloads
stat:
path: "{{ content_base }}/downloads/{{ calibre_sample_book }}"

3
roles/calibre/tasks/debs.yml
View file

@ -28,7 +28,8 @@
# when: is_rpi and internet_available
- name: Upgrade to latest Calibre using .deb's from testing (rpi)
command: scripts/calibre-install-latest-rpi.sh # SEEMS TO ONCE AGAIN WORK since Calibre 3.26.0 (Calibre 3.24-3.25 required above prereq calibre-install-packages.sh then Debian's own calibre-install-latest.sh to be bootable in Zero W)
command: scripts/calibre-install-latest-rpi-plus.sh # HOPE IT WORKS FOR Calibre 3.27.1+ starting 2018-07-22 -- PLEASE TEST IF BOOTABLE IN Zero W?
#command: scripts/calibre-install-latest-rpi.sh # WORKED FOR Calibre 3.26.x (Calibre 3.24.x & 3.25 required above prereq calibre-install-packages.sh then Debian's own calibre-install-latest.sh to be bootable in Zero W)
when: is_rpi and internet_available
- name: Upgrade to Calibre testing .deb's - target Ubuntu 16.04 (not rpi and not ubuntu_18)

31
roles/calibre/tasks/main.yml
View file

@ -32,7 +32,7 @@
# - run testing branch for Ubuntu 16.04: scripts/calibre-install-latest.sh
# - run unstable branch for Debian etc: scripts/calibre-install-unstable.sh
- name: Create calibre-serve.service and calibre.conf
- name: Create calibre-serve.service and calibre.conf (IF /usr/bin/calibre WAS MISSING)
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@ -40,15 +40,17 @@
group: root
mode: "{{ item.mode }}"
backup: no
register: calibre_config
# register: calibre_config
with_items:
- { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'}
- { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
when: (not calib_executable.stat.exists)
- name: Force systemd to reread configs
- name: Force systemd to reread configs (IF /usr/bin/calibre WAS MISSING)
systemd:
daemon_reload: yes
when: calibre_config.changed
when: (not calib_executable.stat.exists)
# when: calibre_config.changed
# 2. STOP CALIBRE SERVICE IF IT EXISTS (REQUIRED FOR DB ACTIVITY...AND IF not calibre_enabled)
@ -67,7 +69,24 @@
# failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!)
# when: calibre_svc.stat.exists
# 3. CREATE DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x)
# 3. CREATE USER DATABASE
- name: Create /library/calibre (mandatory since Calibre 3.x)
file:
path: "{{ calibre_dbpath }}"
state: directory
#mode: 0755
- name: Copy template userdb to /library/calibre/users.sqlite (IF /usr/bin/calibre WAS MISSING)
copy:
src: /opt/iiab/iiab/roles/calibre/templates/users.sqlite
dest: "{{ calibre_userdb }}"
owner: root
group: root
mode: 0644
when: (not calib_executable.stat.exists)
# 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x)
- name: Check if /library/calibre/metadata.db exists
stat:
@ -78,7 +97,7 @@
include_tasks: create-db.yml
when: not calibre_db.stat.exists
# 4. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC
# 5. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC
# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/books ARE A MESS (BOOKS RARELY DISPLAY)
- name: Create calibre.conf link for UNTESTED http://box/books etc (debuntu)

2
roles/calibre/templates/calibre-serve.service.j2
View file

@ -6,7 +6,7 @@ After=syslog.target network.target local-fs.target
Type=forking
PIDFile=/var/run/calibre.pid
TimeoutStartSec=400
ExecStart=/usr/bin/calibre-server --daemonize --log=/var/log/calibre.log --pidfile=/var/run/calibre.pid --port={{ calibre_port }} {{ calibre_dbpath }}
ExecStart=/usr/bin/calibre-server --daemonize --log=/var/log/calibre.log --pidfile=/var/run/calibre.pid --port={{ calibre_port }} --enable-auth --userdb={{ calibre_userdb }} {{ calibre_dbpath }}
[Install]
TimeoutStartSec=900

2
roles/calibre/templates/calibre.conf
View file

@ -1,4 +1,4 @@
# http://box/XYZ mnemonic if properly set within /opt/iiab/iiab/vars/local_vars.yml
# http://box/XYZ mnemonic if properly set within /etc/iiab/local_vars.yml
ProxyPass /{{ calibre_web_path }} http://localhost:{{ calibre_port }}
ProxyPassReverse /{{ calibre_web_path }} http://localhost:{{ calibre_port }}

BIN
roles/calibre/templates/users.sqlite Normal file
View file

Binary file not shown.

2
roles/elgg/defaults/main.yml
View file

@ -1,5 +1,5 @@
elgg_xx: elgg
elgg_version: "2.3.7"
elgg_version: "2.3.8"
# elgg_mysql_password: defined in default_vars
elgg_url: /elgg

23
roles/homepage/tasks/main.yml
View file

@ -1,16 +1,19 @@
- name: Create home directory
file: path={{ doc_root }}/home
mode=0755
owner={{ apache_user }}
group={{ apache_user }}
state=directory
file:
path: "{{ doc_root }}/home"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: 0755
state: directory
- name: Install admin homepage into apache2
template: src=iiab-homepage.conf
dest=/etc/{{ apache_config_dir }}/iiab-homepage.conf
template:
src: iiab-homepage.conf
dest: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
- name: Enable the home page
file: src=/etc/{{ apache_config_dir }}/iiab-homepage.conf
dest=/etc/apache2/sites-enabled/iiab-homepage.conf
state=link
file:
src: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
dest: /etc/apache2/sites-enabled/iiab-homepage.conf
state: link
when: is_debuntu

46
roles/httpd/files/html/credits.html
View file

@ -10,35 +10,39 @@
<BODY>
<h1>Internet-in-a-Box Credits</h1>
The XSCE School Server known as Internet-in-a-Box includes a variety of educational and other content and applications which are attributed as follows:<br><br>
All Wikipedia content is available for free at <a href="http://www.wikipedia.org/">www.wikipedia.org</a>.<br>
All other Wikimedia content is available for free via links at <a href="http://www.wikimedia.org/">www.wikimedia.org</a>.<br>
All Khan Academy content is available for free at <a href="http://www.khanacademy.org/">www.khanacademy.org</a>.<br>
All CK-12 content is available for free at <a href="http://www.ck-12.org/">www.ck-12.org</a>.<br>
All PhET Interactive Simulations content is available for free at <a href="http://phet.colorado.edu">phet.colorado.edu</a>.<br>
All MedLine content is available for free at <a href="http://www.nlm.nih.gov/medlineplus/">www.nlm.nih.gov/medlineplus</a>.<br>
All Hesperian content is available for free at <a href="http://www.hesperian.org/">www.hesperian.org</a>.<br>
All Gutenberg content is available for free at <a href="http://www.gutenberg.org/">www.gutenberg.org</a>.<br>
All OLPC content is available for free at <a href="http://wiki.laptop.org/go/Library_grid">www.laptop.org</a>.<br>
All MIT Scratch content is available for free at <a href="http://scratch.mit.edu">scratch.mit.edu</a>.<br>
All UNESCO's IICBA content is available for free at <a href="http://www.eng.unesco-iicba.org/elibrary">www.eng.unesco-iicba.org</a>.<br>
All Math Expression content is available for free at <a href="http://www.mathexpression.com">www.mathexpression.com</a>.<br>
All Music Theory content is available for free at <a href="http://www.musictheory.net">www.musictheory.net</a>.<br><br>
Internet-in-a-Box (formerly known as XSCE School Server) includes a variety of educational content and applications which are attributed as follows:<br><br>
All Wikipedia content is available for free at <a href="https://www.wikipedia.org/">www.wikipedia.org</a>.<br>
All other Wikimedia content is available for free via links at <a href="https://www.wikimedia.org/">www.wikimedia.org</a>.<br>
All Khan Academy content is available for free at <a href="https://www.khanacademy.org/">www.khanacademy.org</a>.<br>
All CK-12 content is available for free at <a href="https://www.ck12.org/">www.ck12.org</a>.<br>
All PhET Interactive Simulations content is available for free at <a href="https://phet.colorado.edu">phet.colorado.edu</a>.<br>
All MedLine content is available for free at <a href="https://medlineplus.gov/">medlineplus.gov</a>.<br>
All Hesperian content is available for free at <a href="https://hesperian.org/">hesperian.org</a>.<br>
Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at <a href="http://www.mawared.org">mawared.org</a>.<br>
All Gutenberg content is available for free at <a href="https://www.gutenberg.org/">www.gutenberg.org</a>.<br>
All OLPC content is available for free at <a href="http://wiki.laptop.org/go/Collections">wiki.laptop.org</a>.<br>
All MIT Scratch content is available for free at <a href="https://scratch.mit.edu">scratch.mit.edu</a>.<br>
All UNESCO's IICBA content is available for free at <a href="http://www.iicba.unesco.org/?q=elibrary">www.iicba.unesco.org/</a>.<br>
All Math Expression content is available for free at <a href="https://www.mathexpression.com/">www.mathexpression.com</a>.<br>
All Music Theory content is available for free at <a href="https://www.musictheory.net/">www.musictheory.net</a>.<br>
All HealthPhone content is available for free at <a href="http://www.healthphone.org/">www.healthphone.org</a>.<br>
All Centers for Disease Control content is available for free at <a href="https://www.cdc.gov/">www.cdc.gov</a>.<br>
All Global Emergency Medicine Wiki content is available for free at <a href="https://wikem.org/wiki/Main_Page">wikem.org/wiki/Main_Page</a>.<br><br>
Internet-in-a-Box also includes the work of content aggregators which we gratefully acknowledge:<br><br>
RACHEL is a curation of selected offline content at <a href="http://www.rachel.worldpossible.org/">www.rachel.worldpossible.org</a>.<br>
Kiwix is a Zim server and repository of Wikimedia and other content in a compressed Zim file format at <a href="http://www.kiwix.org/">www.kiwix.org</a>.<br>
KA Lite is a server and repository of Khan Academy content in various languages at <a href="http://learningequality.org/ka-lite/">learningequality.org/ka-lite</a>.<br><br>
RACHEL is a curation of selected offline content at <a href="http://oer2go.org/">oer2go.org</a>.<br>
Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at <a href="http://www.kiwix.org/">www.kiwix.org</a>.<br>
KA Lite is a server and repository of Khan Academy content in various languages at <a href="https://learningequality.org/ka-lite/">learningequality.org/ka-lite</a>.<br><br>
Internet-in-a-Box also contains a number of applications each of which has its own attribution information which is included.<br><br>
Internet-in-a-Box also contains a number of applications each of which has its own attribution information, which is included.<br><br>
This Internet-in-a-Box distribution resides at <a href="http://github.com/XSCE/iiab">github.com/XSCE/iiab</a>.<br><br>
This Internet-in-a-Box distribution resides at <a href="https://github.com/iiab">github.com/iiab</a>.<br><br>
It is licensed under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.<br><br>
Licensing information may be found at <a href="http://github.com/XSCE/iiab/blob/master/LICENSE">github.com/XSCE/iiab/blob/master/LICENSE</a>.<br>
Licensing information may be found at <a href="https://github.com/iiab/iiab/blob/master/LICENSE.md">github.com/iiab/iiab/blob/master/LICENSE.md</a>.<br>
</BODY>
<script type="text/javascript" src="incl/xs-portal.js"></script>

8
roles/httpd/tasks/main.yml
View file

@ -53,7 +53,6 @@
- name: Remove the default apache2 config file (debuntu)
file:
path: /etc/apache2/sites-enabled/000-default.conf
src: /etc/apache2/sites-available/000-default.conf
state: absent
when: is_debuntu
@ -170,7 +169,12 @@
tags:
- base
- name: Place the script to generate homepages
# Fixes search @ http://box/modules/es-wikihow - see https://github.com/iiab/iiab/issues/829
- include_tasks: php-stem.yml
tags:
- base
- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation (will be run at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
template:
src: refresh-wiki-docs.sh
dest: /usr/bin/iiab-refresh-wiki-docs

38
roles/httpd/tasks/php-stem.yml Normal file
View file

@ -0,0 +1,38 @@
# Fixes search @ http://box/modules/es-wikihow (popular with Spanish youth)
# Source code: http://download.iiab.io/packages/php-stem.src.tar
# June 2018 debugging & compilation thanks to Tim Moody & George Hunt
# Original bug: https://github.com/iiab/iiab/issues/829
#- name: Download php-stem.rpi.tar
# command: cd /; wget http://download.iiab.io/packages/php-stem.rpi.tar
# when: is_rpi
#- name: Download php-stem.x86.tar
# command: cd /; wget http://download.iiab.io/packages/php-stem.x64.tar
# when: not is_rpi
- name: Download & unpack php-stem.rpi.tar to / (rpi)
unarchive:
src: http://download.iiab.io/packages/php-stem.rpi.tar
dest: /
owner: root
group: root
#mode: ????
remote_src: yes
when: is_rpi
- name: Download & unpack php-stem.x86.tar to / (not rpi)
unarchive:
src: http://download.iiab.io/packages/php-stem.x64.tar
dest: /
owner: root
group: root
#mode: ????
remote_src: yes
when: not is_rpi
# No need to do this twice? Happens later @ https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml#L24-L28
#- name: Restart apache2 / httpd
# service:
# name: "{{ apache_service }}"
# state: restarted

32
roles/kalite/defaults/main.yml
View file

@ -1,21 +1,29 @@
---
# The values here are defaults.
# To override them edit the main var definitions in iiab/vars
kalite_version: "0.17.4"
# To override them edit /etc/iiab/local_vars.yml
kalite_install: True
kalite_enabled: False
kalite_version: "0.17.5"
kalite_repo_url: "https://github.com/learningequality/ka-lite.git"
kalite_requirements: "https://raw.githubusercontent.com/learningequality/ka-lite/master/requirements.txt"
kalite_venv: "/usr/local/kalite/venv"
kalite_program: "{{ kalite_venv }}/bin/kalite"
kalite_requirements: "https://raw.githubusercontent.com/learningequality/ka-lite/master/requirements.txt"
kalite_root: "/library/ka-lite"
kalite_server_port: 8008
kalite_admin_user: Admin
kalite_admin_password: changeme
# Unused in 2018; but remain as placeholders for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: False
kalite_user: kalite
# obtain a password hash with - python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'
kalite_password_hash: $6$<salt>$KHET0XRRsgAY.wOWyTOI3W7dyDh0ESOr48uI5vtk2xdzsU7aw0TF4ZkNuM34RmHBGMJ1fTCmOyVobo0LOhBlJ/
kalite_password: kalite
kalite_admin_user: Admin
kalite_admin_password: changeme
kalite_server_name: kalite
kalite_server_port: 8008
kalite_enabled: False
kalite_cron_enabled: False
khan_assessment_install: True
khan_assessment_url: "http://pantry.learningequality.org/downloads/ka-lite/0.16/content/khan_assessment.zip"
# Unused in 2018
# kalite_server_name: kalite
# khan_assessment_install: True
# khan_assessment_url: "http://pantry.learningequality.org/downloads/ka-lite/0.16/content/khan_assessment.zip"

2
roles/kalite/tasks/assessment.yml
View file

@ -8,7 +8,7 @@
- name: Run the assessment setup using kalite manage
command: "{{ kalite_program }} manage unpack_assessment_zip {{ downloads_dir }}/khan_assessment.zip"
environment:
KALITE_HOME: "{{ kalite_root }}"
KALITE_HOME: "{{ kalite_root }}"
async: 900
poll: 10
when: not khan_assessment_installed.stat.exists or khan_assessment_installed.stat.size < 20000

28
roles/kalite/tasks/enable.yml
View file

@ -2,26 +2,30 @@
# And the systemd unit files should be defined
- name: Enable 'kalite-serve' service
service: name=kalite-serve
enabled=yes
state=started
service:
name: kalite-serve
enabled: yes
state: started
- name: Disable 'kalite-serve' service
service: name=kalite-serve
enabled=no
state=stopped
service:
name: kalite-serve
enabled: no
state: stopped
when: not kalite_enabled
# Since Fedora 18 we don't have a separate unit file for kalite-cron
- name: Disable kalite cron server F18
service: name=kalite-cron
enabled=no
state=stopped
service:
name: kalite-cron
enabled: no
state: stopped
when: not kalite_cron_enabled and is_F18
- name: Enable kalite cron server F18
service: name=kalite-cron
enabled=yes
state=started
service:
name: kalite-cron
enabled: yes
state: started
when: kalite_cron_enabled and is_F18

73
roles/kalite/tasks/install-f18.yml
View file

@ -1,66 +1,75 @@
# This is for Fedora 18, assumed to be an XO
- name: Install dependent packages (Fedora 18)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- python-psutil
- expect
when: is_F18
- name: Install dependent pip packages (Fedora 18)
pip: name=selenium
pip:
name: selenium
when: internet_available and is_F18
- name: Determine if KA Lite is already downloaded
stat: path={{ downloads_dir }}/ka-lite
stat:
path: "{{ downloads_dir }}/ka-lite"
register: kalite
- name: Download the latest KA Lite repo
git: repo={{ kalite_repo_url }}
dest={{ downloads_dir }}/ka-lite
depth=1
version="0.13.x"
git:
repo: "{{ kalite_repo_url }}"
dest: "{{ downloads_dir }}/ka-lite"
depth: 1
version: 0.13.x
ignore_errors: yes
when: internet_available and kalite.stat.exists is defined and not kalite.stat.exists
- name: Create iiab-kalite user and password (Fedora 18)
user: name={{ kalite_user }}
password={{ kalite_password_hash }}
update_password=on_create
user:
name: "{{ kalite_user }}"
password: "{{ kalite_password_hash }}"
update_password: on_create
- name: Create kalite_root directory (Fedora 18)
file: path={{ kalite_root }}
owner=root
group=root
mode=0755
state=directory
file:
path: "{{ kalite_root }}"
owner: root
group: root
mode: 0755
state: directory
- name: Copy the KA Lite repo into place (Fedora 18)
command: "rsync -at {{ downloads_dir }}/ka-lite/ {{ kalite_root }}"
- name: Make kalite_user owner
file: path={{ kalite_root }}
owner={{ kalite_user }}
group={{ kalite_user }}
recurse=yes
state=directory
file:
path: "{{ kalite_root }}"
owner: "{{ kalite_user }}"
group: "{{ kalite_user }}"
recurse: yes
state: directory
# local_settings is deprecated
- name: Copy local_settings file
template: src=f18/local_settings.py.j2
dest="{{ kalite_root }}/kalite/local_settings.py"
owner={{ kalite_user }}
group={{ kalite_user }}
mode=0644
template:
src: f18/local_settings.py.j2
dest: "{{ kalite_root }}/kalite/local_settings.py"
owner: "{{ kalite_user }}"
group: "{{ kalite_user }}"
mode: 0644
- name: Create kalite-serve & kalite-cron services, and iiab_cronservectl.sh
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
template:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'f18/kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'}
- { src: 'f18/kalite-cron.service.j2', dest: '/etc/systemd/system/kalite-cron.service', mode: '0644'}

4
roles/kalite/tasks/install.yml
View file

@ -32,7 +32,7 @@
# extra_args="--disable-pip-version-check"
when: internet_available and is_debuntu
#- name: Install KA Lite non-static + reqs file with pip - (OS's other than debuntu)
#- name: Install KA Lite non-static + reqs file with pip (OS's other than debuntu)
# pip: requirements={{ pip_packages_dir }}/kalite.txt
# virtualenv={{ kalite_venv }}
# virtualenv_site_packages=no
@ -40,7 +40,7 @@
# extra_args="--disable-pip-version-check"
# when: internet_available and not is_debuntu
- name: Install KA Lite static with pip - (OS's other than debuntu)
- name: Install KA Lite static with pip (OS's other than debuntu)
pip:
name: ka-lite-static
version: "{{ kalite_version }}"

16
roles/kalite/tasks/main.yml
View file

@ -4,16 +4,17 @@
- name: Calc KA Lite db file name (Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite"
kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite"
when: is_F18
- name: Calc KA Lite db file name (OS's other than Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/database/data.sqlite"
kalite_db_name: "{{ kalite_root }}/database/data.sqlite"
when: not is_F18
- name: See if KA Lite is already configured
stat: path="{{ kalite_db_name }}"
stat:
path: "{{ kalite_db_name }}"
register: kalite_installed
- include_tasks: install-f18.yml
@ -22,8 +23,9 @@
- include_tasks: install.yml
when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18
- name: Ask systemd to reread the unit files
shell: systemctl daemon-reload
- name: Ask systemd to reread unit files (daemon-reload)
systemd:
daemon_reload: yes
when: not kalite_installed.stat.exists
- include_tasks: setup-f18.yml
@ -47,13 +49,9 @@
value: '"KA Lite is a server to present Khan Academy videos offline and to download them."'
- option: path
value: "{{ kalite_root }}"
- option: server_name
value: "{{ kalite_server_name }}"
- option: port
value: "{{ kalite_server_port }}"
- option: enabled
value: "{{ kalite_enabled }}"
- option: cron_enabled
value: "{{ kalite_cron_enabled }}"
- option: khan_assessment_install
value: "{{ khan_assessment_install }}"

13
roles/kalite/tasks/setup.yml
View file

@ -1,15 +1,16 @@
# This is for an OS other than Fedora 18
- name: Create kalite_root directory
file: path={{ kalite_root }}/httpsrv/static
owner=root
group=root
mode=0755
state=directory
file:
path: "{{ kalite_root }}/httpsrv/static"
owner: root
group: root
mode: 0755
state: directory
- name: Run the setup using 'kalite manage'
command: "{{ kalite_program }} manage setup --username={{ kalite_admin_user }} --password={{ kalite_admin_password }} --noinput"
environment:
KALITE_HOME: "{{ kalite_root }}"
KALITE_HOME: "{{ kalite_root }}"
async: 900
poll: 10

13
roles/kiwix/defaults/main.yml
View file

@ -2,8 +2,8 @@
# As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/
kiwix_version_armhf: "kiwix-tools_linux-armhf-0.6.0"
kiwix_version_linux64: "kiwix-tools_linux-i586-0.6.0"
kiwix_version_i686: "kiwix-tools_linux-x86_64-0.6.0"
kiwix_version_linux64: "kiwix-tools_linux-x86_64-0.6.0"
kiwix_version_i686: "kiwix-tools_linux-i586-0.6.0"
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")
# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier:
@ -12,12 +12,11 @@ kiwix_version_i686: "kiwix-tools_linux-x86_64-0.6.0"
kiwix_src_file_armhf: "{{ kiwix_version_armhf }}.tar.gz"
kiwix_src_file_linux64: "{{ kiwix_version_linux64 }}.tar.gz"
kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.bz2"
kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.gz"
kiwix_port: 3000
# Expected to be used soon for Kiwix proxy:
# Used for Kiwix proxy http://box/kiwix/
kiwix_url: /kiwix/
# Unused in Nov 2017, but should be:
kiwix_path: "{{ iiab_base }}/kiwix"
# /library/zims contains 3 important things:
@ -26,13 +25,9 @@ kiwix_path: "{{ iiab_base }}/kiwix"
# - index directory for legacy *.zim.idx's
iiab_zim_path: "{{ content_base }}/zims"
kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# Unused: (Nov 2017)
# kiwix_content_path: "{{ iiab_zim_path }}/content"
# Installation Variables
kiwix_install: True
kiwix_enabled: True
# MOVE FILE /opt/iiab/kiwix/bin/kiwix-serve TO FORCE A REINSTALL OF kiwix-tools
kiwix_force_install: False
# Unused: (Nov 2017)
# kiwix_content_found: False

35
roles/kiwix/tasks/kiwix_install.yml
View file

@ -58,9 +58,8 @@
state: directory
# 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install
# (We get a whole web server for i686 but only kiwix execs for linux64 & armhf)
- name: Unarchive kiwix-tools .tar.gz or .tar.bz2 to /tmp
- name: Unarchive kiwix-tools .tar.gz to /tmp
unarchive:
src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
dest: /tmp
@ -68,34 +67,9 @@
group: root
when: kiwix_force_install
- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64)
- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686)
shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/"
when: kiwix_force_install and not kiwix_src_contains_bin
- name: Move /tmp/{{ kiwix_src_dir }}/bin/* to permanent location /opt/iiab/kiwix/bin (i686)
shell: "mv /tmp/{{ kiwix_src_dir }}/bin/* {{ kiwix_path }}/bin/"
when: kiwix_force_install and kiwix_src_contains_bin
#- name: Unarchive Kiwix binaries to permanent location (NOT i686)
# unarchive:
# src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
# dest: "{{ kiwix_path }}/bin"
# owner: root
# group: root
# when: kiwix_src_bin_only and kiwix_force_install
#- name: Unarchive kiwix*i686.tar.bz2 to /tmp (i686)
# unarchive:
# src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
# dest: /tmp
# # dest: "{{ iiab_base }}"
# owner: root
# group: root
# when: not kiwix_src_bin_only and kiwix_force_install
#
#- name: Move /tmp/kiwix*i686/bin/* to permanent location /opt/iiab/kiwix/bin (i686)
# shell: "mv /tmp/kiwix*i686/bin/* {{ kiwix_path }}/bin/"
# when: not kiwix_src_bin_only and kiwix_force_install
when: kiwix_force_install
# 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
@ -193,8 +167,5 @@
value: "{{ iiab_zim_path }}"
- option: kiwix_library_xml
value: "{{ kiwix_library_xml }}"
# The following 2 lines are unused: (Nov 2017)
# - option: kiwix_content_path
# value: "{{ kiwix_content_path }}"
- option: enabled
value: "{{ kiwix_enabled }}"

3
roles/kiwix/tasks/main.yml
View file

@ -2,21 +2,18 @@
set_fact:
kiwix_src_dir: "{{ kiwix_version_armhf }}"
kiwix_src_file: "{{ kiwix_src_file_armhf }}"
kiwix_src_contains_bin: False
when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_linux64 }}"
kiwix_src_file: "{{ kiwix_src_file_linux64 }}"
kiwix_src_contains_bin: False
when: ansible_machine == "x86_64"
- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_i686 }}"
kiwix_src_file: "{{ kiwix_src_file_i686 }}"
kiwix_src_contains_bin: True
when: ansible_machine == "i686"
# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017)

67
roles/kolibri/README.rst Normal file
View file

@ -0,0 +1,67 @@
==============
Kolibri README
==============
This Ansible role installs Kolibri within Internet-in-a-Box. Kolibri is an
open-source educational platform specially designed to provide offline access
to a wide range of quality, openly licensed educational contents in
low-resource contexts like rural schools, refugee camps, orphanages, and also
in non-formal school programs.
Access
------
If enabled and with the default settings Kolibri should be accessible at http://box:8009
To login to Kolibri enter
Username: Admin
Password: changeme
Configuration Parameters
------------------------
Please look in defaults/main.yml for the default values of the various install parameters. Everything
in this readme assumes the default values.
Automatic Device Provisioning
-----------------------------
When kolibri_provision is enabled, the installation will setup the following settings:
Kolibri Facility name: 'Kolibri-in-a-Box'
Kolibri Preset type: formal (Other options are nonformal, informal)
Kolibri default language: en (Otherwise language are ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu)
Kolibri Admin User: Admin
Kolibri Admin password: changeme
Cloning content
---------------
Kolibri 0.10 introduced `kolibri manage deprovision` which will remove
user configuration, leaving content intact. You can then copy/clone /library/kolibri
to a new location.
Troubleshooting
----------------
You can run the server manually with the following commands:
systemctl stop kolibri (make sure the systemd service is not running)
export KOLIBRI_HOME=/library/kolibri
export KOLIBRI_HTTP_PORT=8009 (otherwise Kolibri will try to run on default port 8080)
kolibri start
To return to using the systemd unit:
kolibri stop
systemctl start kolibri

35
roles/kolibri/defaults/main.yml Normal file
View file

@ -0,0 +1,35 @@
# The values here are defaults.
# To override them edit /etc/iiab/local_vars.yml
# Installation Variables
kolibri_install: False
kolibri_enabled: False
# Kolibri folder to store its data and configuration files.
kolibri_home: "{{ content_base }}/kolibri"
kolibri_http_port: 8009
kolibri_url: /kolibri/
kolibri_path: "{{ iiab_base }}/kolibri"
# 2018-07-16: IIAB recommends /usr/bin but @arky says this isn't yet possible, due to pip
kolibri_exec_path: /usr/local/bin/kolibri
# Kolibri system user
kolibri_user: kolibri
# Kolibri setup will be provisioned with default administration account, preset and
# language. You could turn this to 'False' while reinstalling kolibri.
kolibri_provision: True
# Kolibri Facility name
kolibri_facility: Kolibri-in-a-Box
# Kolibri Preset type: formal, nonformal, informal
kolibri_preset: formal
# Kolibri default language (ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu)
kolibri_language: en
# Kolibri admin account
kolibri_admin_user: Admin
kolibri_admin_password: changeme

96
roles/kolibri/tasks/main.yml Normal file
View file

@ -0,0 +1,96 @@
- name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk
user:
name: "{{ kolibri_user }}"
groups:
- "{{ apache_user }}"
- disk
state: present
shell: /bin/false
system: yes
create_home: no
- name: Create /library/kolibri to store data and configuration files
file:
path: "{{ item }}"
owner: "{{ kolibri_user }}"
group: "{{ apache_user }}"
mode: 0755
state: directory
with_items:
- "{{ kolibri_home }}"
- name: Install kolibri using pip on all OS's
pip:
name: kolibri
state: latest
extra_args: --no-cache-dir
when: internet_available
- name: Create kolibri systemd service unit file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service', mode: '0644' }
- name: Ask systemd to reread unit files (daemon-reload)
systemd:
daemon_reload: yes
- name: Set kolibri default language
shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}"
ignore_errors: yes
when: kolibri_provision
- name: Create kolibri default facility name, admin account and language
shell: >
export KOLIBRI_HOME="{{ kolibri_home }}" &&
"{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}"
--superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}"
--preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput
ignore_errors: yes
when: kolibri_provision
- name: Change /library/kolibri directory permissions
file:
path: "{{ kolibri_home }}"
owner: "{{ kolibri_user }}"
group: "{{ apache_user }}"
recurse: yes
- name: Enable kolibri service
service:
name: kolibri
enabled: yes
state: restarted
when: kolibri_enabled
- name: Disable kolibri service
service:
name: kolibri
enabled: no
state: stopped
when: not kolibri_enabled
- name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: kolibri
- option: description
value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
- option: kolibri_url
value: "{{ kolibri_url }}"
- option: kolibri_path
value: "{{ kolibri_path }}"
- option: kolibri_port
value: "{{ kolibri_http_port }}"
- option: enabled
value: "{{ kolibri_enabled }}"

16
roles/kolibri/templates/kolibri.service.j2 Normal file
View file

@ -0,0 +1,16 @@
[Unit]
Description=Kolibri
[Service]
Type=forking
RemainAfterExit=yes
Environment=KOLIBRI_USER={{ kolibri_user }}
Environment=KOLIBRI_HOME={{ kolibri_home }}
Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }}
User={{ kolibri_user }}
Group={{ apache_user }}
ExecStart={{ kolibri_exec_path }} start
ExecStop={{ kolibri_exec_path }} stop
[Install]
WantedBy=multi-user.target

4
roles/mongodb/defaults/main.yml
View file

@ -1,2 +1,6 @@
mongodb_install: False
mongodb_enabled: False
mongodb_conf: /etc/mongod.conf
mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # == /library/dbdata/mongodb/
mongodb_db_lock_file: "{{ mongodb_db_path }}/mongod.lock"

100
roles/mongodb/tasks/main.yml
View file

@ -1,6 +1,7 @@
- name: Install mongodb required packages
package: name={{ item }}
state=present
- name: Install MongoDB required packages
package:
name: "{{ item }}"
state: present
with_items:
- mongodb-server
- mongodb
@ -8,50 +9,67 @@
tags:
- download
- name: create the data directory for mongodb
file: state=directory
path={{ item.path }}
owner=mongodb
- name: Create the data directory for MongoDB
file:
state: directory
path: "{{ item.path }}"
owner: mongodb
with_items:
- { path: '/var/run/mongodb' }
- { path: '/library/dbdata/mongodb' }
- { path: '/var/log/mongodb' }
- { path: '/var/run/mongodb' }
- { path: "{{ mongodb_db_path }}" } # == /library/dbdata/mongodb/
- { path: '/var/log/mongodb' }
- name: Move required files
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode=0644
- name: Populate & position /etc/mongod.conf, mongodb.service
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'mongodb.service' , dest: '/etc/systemd/system/' }
- { src: 'mongod.conf' , dest: '/etc/mongod.conf'}
- { src: 'mongod.conf.j2', dest: "{{ mongodb_conf }}", mode: '0644' }
- { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' }
- { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' }
- name: enable services
service: name={{ item.name }}
enabled=yes
state=restarted
with_items:
- { name: mongodb }
- name: Enable+restart systemd service if mongodb_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?)
systemd:
name: mongodb
enabled: yes
state: restarted
daemon_reload: yes
when: mongodb_enabled
- name: disable services
service: name={{ item.name }}
enabled=no
state=stopped
with_items:
- { name: mongodb }
- name: 'Disable+stop systemd service if mongodb_enabled: False'
systemd:
name: mongodb
enabled: no
state: stopped
when: not mongodb_enabled
- name: add mongodb to service list
ini_file: dest="{{ service_filelist }}"
section=mongodb
option="{{ item.option }}"
value="{{ item.value }}"
#- name: Restart service if enabled
# service:
# name: mongodb
# enabled: yes
# state: restarted
# when: mongodb_enabled
#- name: Stop service if not enabled
# service:
# name: mongodb
# enabled: no
# state: stopped
# when: not mongodb_enabled
- name: Add 'mongodb' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: enabled
value: "{{ mongodb_enabled }}"
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: enabled
value: "{{ mongodb_enabled }}"

7
roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
if [ -f {{ mongodb_db_lock_file }} ]; then
echo '"mongod --repair" cannot run when {{ mongodb_db_lock_file }} present.' >&2 # Output to STDERR but keep going, so /etc/systems/system/mongodb.service continues
else
/usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}
fi

3
roles/mongodb/templates/mongod.conf → roles/mongodb/templates/mongod.conf.j2
View file

@ -21,7 +21,7 @@ logpath = /var/log/mongodb/mongod.log
# unixSocketPrefix = /var/run/mongodb
# Directory for datafiles (defaults to /data/db/)
dbpath = /library/dbdata/mongodb
dbpath = {{ mongodb_db_path }}
# Enable/Disable journaling (journaling is on by default for 64 bit)
journal = true
@ -234,4 +234,3 @@ smallfiles = true
# Activate FIPS 140-2 mode at startup
#sslFIPSMode = true

13
roles/mongodb/templates/mongodb.service
View file

@ -1,13 +0,0 @@
[Unit]
Description=High-performance, schema-free document-oriented database
After=syslog.target network.target
[Service]
Type=simple
User=mongodb
Group=mongodb
ExecStart=/usr/bin/mongod -f /etc/mongod.conf
[Install]
WantedBy=multi-user.target

20
roles/mongodb/templates/mongodb.service.j2 Normal file
View file

@ -0,0 +1,20 @@
[Unit]
Description=High-performance, schema-free document-oriented database
After=syslog.target network.target
[Service]
Type=simple
User=mongodb
Group=mongodb
# FAILS (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942)
#ExecStartPre=/usr/bin/mongod --repair --dbpath /library/dbdata/mongodb
# FAILS as systemd cannot run bash here:
#ExecStartPre=if [ ! -f /library/dbdata/mongodb/mongod.lock ]; then /usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}; fi
ExecStartPre=/usr/bin/iiab-mongodb-repair-if-no-lock
ExecStart=/usr/bin/mongod -f {{ mongodb_conf }}
ExecStop=/usr/bin/killall mongod
# killall's SIGTERM (15) seems fine, to induce a graceful stop. This would work too:
#ExecStop=mongod --dbpath {{ mongodb_db_path }} --shutdown
[Install]
WantedBy=multi-user.target

4
roles/moodle/tasks/main.yml
View file

@ -22,12 +22,12 @@
- php{{ php_version }}-cli
when: is_debuntu
- name: php-zip name (debian_9 or ubuntu)
- name: php-zip name (debian-9 or ubuntu)
package:
name: "php{{ php_version }}-zip"
when: is_debian_9 or is_ubuntu
- name: php-zip name for (debian_8)
- name: php-zip name for (debian-8)
package:
name: php-pclzip
when: is_debian_8

4
roles/mysql/tasks/main.yml
View file

@ -19,13 +19,13 @@
tags:
- download
- name: php-xml (ubuntu or debian_9)
- name: php-xml (ubuntu or debian-9)
package:
name: "php{{ php_version }}-xml"
state: present
when: is_ubuntu or is_debian_9
- name: php-xml (debian_8)
- name: php-xml (debian-8)
package:
name: "php-xml-parser"
state: present

20
roles/network/defaults/main.yml
View file

@ -1,4 +1,3 @@
---
# Defaults for network detection
wireless_lan_present: False
strict_networking: False
@ -19,14 +18,14 @@ discovered_lan_iface: "none"
discovered_wired_iface: "none"
discovered_wireless_iface: "none"
#Redhat
# Red Hat
#iiab_wired_lan_iface: "none"
#iiab_wireless_lan_iface: "none"
has_WAN: False
has_ifcfg_gw: "none"
has_wifi_gw: "none"
#Debian
# Debian
dhcpcd_result: ""
wan_in_interfaces: False
network_manager_active: False
@ -39,13 +38,13 @@ gui_desired_network_role: Gateway
wondershaper_dspeed: "4096"
wondershaper_upspeed: "1024"
# WiFi
# Wi-Fi
host_ssid: IIAB
hostapd_wait: 1
host_wifi_mode: g
host_channel: 6
host_wireless_n: False
# Below moved to /opt/iiab/iiab/vars/local_vars.yml: (so implementer sets this)
# Below moved to /etc/iiab/local_vars.yml: (so implementer sets this)
#host_country_code: US
hostapd_secure: True
hostapd_password: "iiab2017"
@ -63,11 +62,20 @@ network_config_dir: /etc/network/interfaces.d
dns_jail_enabled: False
services_externally_visible: False
# following variables set for old apache,dhcpd,named usage
# Following variables set for old Apache, dhcpd, named usage
dhcpd_install: True
dhcpd_enabled: True
named_install: True
named_enabled: True
dnsmasq_enabled: False
dnsmasq_install: False
# For @tim-moody's Nodogsplash approach to Captive Portal? High experimental as of June 2018: github.com/iiab/iiab/issues/608
captive_portal_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: True
py_captive_portal_port: "9090"
py_captive_portal_username: "Admin"
py_captive_portal_password: "changeme"

47
roles/network/tasks/captive_portal.yml Normal file
View file

@ -0,0 +1,47 @@
- name: Create directory for Captive Portal script
file:
path: /opt/iiab/captive-portal
state: directory
when: py_captive_portal_install
- name: Copy Captive Portal script
template:
src: roles/network/templates/captive_portal/captive_portal.py.j2
dest: /opt/iiab/captive-portal/captive_portal.py
owner: root
group: root
mode: 0740
when: py_captive_portal_install
- name: Copy Captive Portal service file
template:
src: roles/network/templates/captive_portal/captive_portal.service.j2
dest: /etc/systemd/system/captive_portal.service
owner: root
group: root
mode: 0644
when: py_captive_portal_install
- name: Enable captive_portal after copying files
service:
name: captive_portal.service
enabled: yes
when: py_captive_portal_install and py_captive_portal_enabled
- name: Start captive_portal after copying files
service:
name: captive_portal.service
state: started
when: py_captive_portal_install and py_captive_portal_enabled
- name: Disable captive_portal after copying files
service:
name: captive_portal.service
enabled: no
when: py_captive_portal_install and py_captive_portal_enabled
- name: Stop captive_portal after copying files
service:
name: captive_portal.service
state: started
when: py_captive_portal_install and py_captive_portal_enabled

62
roles/network/tasks/debian.yml
View file

@ -21,52 +21,64 @@
# state=present
- name: For upgrades from earlier IIAB 6.2, remove br0 file
file: path=/etc/network/interfaces.d/br0
state=absent
file:
path: /etc/network/interfaces.d/br0
state: absent
when: iiab_lan_iface != "br0" and wan_ip == "dhcp"
- name: Supply resolvconf.conf
template: dest=/etc/resolvconf.conf
src=network/resolvconf.j2
template:
dest: /etc/resolvconf.conf
src: network/resolvconf.j2
- name: Supply dhcpcd.conf
template: dest=/etc/dhcpcd.conf
src=network/dhcpcd.conf.j2
template:
dest: /etc/dhcpcd.conf
src: network/dhcpcd.conf.j2
when: dhcpcd_result == "enabled"
- name: Copy the bridge script
template: dest=/etc/network/interfaces.d/iiab
src=network/systemd.j2
template:
dest: /etc/network/interfaces.d/iiab
src: network/systemd.j2
when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp" or gui_static_wan_ip == "undefined")
- name: Copy the bridge script for RPi
template: dest=/etc/network/interfaces.d/iiab
src=network/rpi.j2
template:
dest: /etc/network/interfaces.d/iiab
src: network/rpi.j2
when: is_rpi and iiab_lan_iface == "br0"
- name: Workaround auto issue on Debian-9
template: dest=/etc/network/interfaces.d/patch_auto
src=network/debian-auto.j2
- name: Workaround auto issue (debian-9)
template:
dest: /etc/network/interfaces.d/patch_auto
src: network/debian-auto.j2
when: iiab_wan_iface != "none" and is_debian_9
- name: Clearing out /etc/network/interfaces for static addresses (is_debian_9)
- name: Clearing out /etc/network/interfaces for static addresses (debian-9)
lineinfile:
state: absent
path: /etc/network/interfaces
regexp: "{{ iiab_wan_iface }}"
state: absent
path: /etc/network/interfaces
regexp: "{{ iiab_wan_iface }}"
when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian_9
- name: bind may be affected
service: name={{ dns_service }} state=stopped
- name: BIND may be affected
service:
name: "{{ dns_service }}"
state: stopped
when: named_install and dnsmasq_enabled
# dhcpd_server release the interface
- name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped
service:
name: dhcpd
state: stopped
when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped
service:
name: dnsmasq
state: stopped
when: dnsmasq_install
- name: Reload systemd
@ -75,9 +87,13 @@
# now pick up denyinterfaces
- name: Restart dhcpcd
service: name=dhcpcd state=restarted
service:
name: dhcpcd
state: restarted
when: dhcpcd_result == "enabled"
- name: Restart the networking service
service: name=networking state=restarted
service:
name: networking
state: restarted
when: not nobridge is defined and not no_net_restart

2
roles/network/tasks/down-debian.yml
View file

@ -5,7 +5,7 @@
# dest: /etc/resolvconf.conf
# src: network/resolvconf.j2
- name: bind may be affected
- name: BIND may be affected
service:
name: "{{ dns_service }}"
state: stopped

185
roles/network/tasks/enable_services.yml
View file

@ -1,156 +1,181 @@
- name: Disable dhcpd service
service: name=dhcpd
enabled=no
service:
name: dhcpd
enabled: no
when: not dhcpd_enabled and dhcpd_install
# service is restarted with NM dispatcher.d script
- name: Enable dhcpd service
service: name=dhcpd
enabled=yes
service:
name: dhcpd
enabled: yes
when: dhcpd_enabled and dhcpd_install
- name: Copy /etc/sysconfig/dhcpd file
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
- { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' }
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
when: dhcpd_enabled and dhcpd_install
- name: Copy named file
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
- { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' }
- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }
- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }
- name: Enable named service
service: name={{ dns_service }}
enabled=yes
service:
name: "{{ dns_service }}"
enabled: yes
when: named_enabled and named_install
- name: Disable named service
service: name={{ dns_service }}
enabled=no
service:
name: "{{ dns_service }}"
enabled: no
when: not named_enabled and named_install
- name: Disable dnsmasq
service: name=dnsmasq
enabled=no
service:
name: dnsmasq
enabled: no
when: not dnsmasq_enabled and dnsmasq_install
- name: dnsmasq copy config file to /etc
template: src=network/dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
- name: Copy dnsmasq.conf to /etc
template:
src: network/dnsmasq.conf.j2
dest: /etc/dnsmasq.conf
when: dnsmasq_enabled and dnsmasq_install
- name: Enable dnsmasq
service: name=dnsmasq
enabled=yes
service:
name: dnsmasq
enabled: yes
when: dnsmasq_enabled and dnsmasq_install
- name: Enable DansGuardian
service: name=dansguardian
enabled=yes
service:
name: dansguardian
enabled: yes
when: dansguardian_enabled and dansguardian_install
- name: Disable DansGuardian
service: name=dansguardian
enabled=no
service:
name: dansguardian
enabled: no
when: not dansguardian_enabled and dansguardian_install
- name: Create xs_httpcache flag
lineinfile: dest=/etc/iiab/iiab.env
regexp='^HTTPCACHE_ON=*'
line='HTTPCACHE_ON=True'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=True'
state: present
when: squid_enabled and squid_install
- name: Enable Squid service
service: name={{ proxy }}
enabled=yes
service:
name: "{{ proxy }}"
enabled: yes
when: squid_enabled and squid_install
- name: Copy init script and config file
template: src={{ item.src }}
dest={{ item.dest }}
owner={{ item.owner }}
group={{ item.group }}
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- src: 'squid/squid-iiab.conf.j2'
dest: '/etc/{{ proxy }}/squid-iiab.conf'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: squid/squid-iiab.conf.j2
dest: "/etc/{{ proxy }}/squid-iiab.conf"
owner: "{{ proxy_user }}"
group: "{{ proxy_user }}"
mode: 0644
when: squid_enabled and squid_install
- name: Point to Squid config file from startup file
lineinfile: regexp='^CONFIG'
line='CONFIG=/etc/{{ proxy }}/squid-iiab.conf'
dest=/etc/init.d/{{ proxy }}
lineinfile:
regexp: '^CONFIG'
line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
dest: "/etc/init.d/{{ proxy }}"
when: squid_enabled and squid_install and is_debuntu
- name: Disable Squid service
service: name={{ proxy }}
enabled=no
service:
name: "{{ proxy }}"
enabled: no
when: not squid_enabled and squid_install
- name: Remove xs_httpcache flag
lineinfile: dest=/etc/iiab/iiab.env
regexp='^HTTPCACHE_ON=*'
line='HTTPCACHE_ON=False'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=False'
state: present
when: not squid_enabled
- name: Enable Wondershaper service
service: name=wondershaper
enabled=yes
service:
name: wondershaper
enabled: yes
when: wondershaper_enabled and wondershaper_install
- name: Disable Wondershaper service
service: name=wondershaper
enabled=no
service:
name: wondershaper
enabled: no
when: not wondershaper_enabled and wondershaper_install
# check-LAN should be iptables.yml remove later
- name: Grab clean copy of iiab-gen-iptables
template: src={{ item.0 }}
dest={{ item.1 }}
owner='root'
group='root'
mode='0755'
template:
src: "{{ item.0 }}"
dest: "{{ item.1 }}"
owner: root
group: root
mode: 0755
with_items:
- { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' }
- name: Add 'squid' to service list
ini_file: dest='{{ service_filelist }}'
section=squid
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'squid' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: squid
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: enabled
value: "{{ squid_enabled }}"
- name: Add 'dansguardian' to service list
ini_file: dest='{{ service_filelist }}'
section=dansguardian
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: dansguardian
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: enabled
value: "{{ dansguardian_enabled }}"
- name: Add 'wondershaper' to service list
ini_file: dest='{{ service_filelist }}'
section=wondershaper
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: wondershaper
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: enabled
value: "{{ wondershaper_enabled }}"

35
roles/network/tasks/ifcfg_mods.yml
View file

@ -26,16 +26,22 @@
with_items:
- "{{ discovered_lan_iface }}"
- name: bind may be affected
service: name={{ dns_service }} state=stopped
- name: BIND may be affected
service:
name: "{{ dns_service }}"
state: stopped
when: named_install and dnsmasq_enabled
- name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped
service:
name: dhcpd
state: stopped
when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped
service:
name: dnsmasq
state: stopped
when: dnsmasq_install
- name: Stop the LAN/Bridge deleting iiab-LAN
@ -59,21 +65,24 @@
# when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode
- name: Configuring LAN interface as iiab_lan_iface
template: src=network/ifcfg.j2
dest=/etc/sysconfig/network-scripts/ifcfg-LAN
template:
src: network/ifcfg.j2
dest: /etc/sysconfig/network-scripts/ifcfg-LAN
when: iiab_lan_iface != "none"
# can be more than one wired interface
- name: Wired enslaving ## lan_list_result ## to Bridge
template: src=network/ifcfg-slave.j2
dest=/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }}
template:
src: network/ifcfg-slave.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }}"
when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface
with_items:
- "{{ lan_list_result.stdout_lines }}"
- "{{ lan_list_result.stdout_lines }}"
- name: WiFi enslaving {{ iiab_wireless_lan_iface }} to Bridge
template: src=network/wifi-slave.j2
dest=/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}
template:
src: network/wifi-slave.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}"
when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none"
tags:
- network
@ -81,7 +90,7 @@
- include_tasks: enable_wan.yml
when: not installing and not iiab_demo_mode
- name: ask systemd to reread the unit files, picks up changes done
- name: Ask systemd to reread the unit files, picks up changes done
systemd:
daemon_reload: yes
when: not installing
@ -111,7 +120,7 @@
ignore_errors: True
when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface and not iiab_demo_mode
with_items:
- "{{ lan_list_result.stdout_lines }}"
- "{{ lan_list_result.stdout_lines }}"
#- name: restart hostapd when wifi is present
# service: name=hostapd state=started

8
roles/network/tasks/main.yml
View file

@ -74,6 +74,14 @@
include_tasks: squid.yml
when: FQDN_changed and squid_install and iiab_stage|int == 9
#- name: FOREFULLY ENABLE CAPTIVE PORTAL
# set_fact:
# py_captive_portal_install: True
- name: (Re)Installing captive portal
include_tasks: captive_portal.yml
when: py_captive_portal_install
#### start services
- include_tasks: avahi.yml
tags:

117
roles/network/tasks/named.yml
View file

@ -1,6 +1,7 @@
- name: Install named packages (debuntu)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- bind9
- bind9utils
@ -9,8 +10,9 @@
- download
- name: Install named packages (OS's that are not debuntu)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- bind
- bind-utils
@ -20,76 +22,87 @@
# or we have to change the serial number in the config files.
- name: Stop named before copying files
service: name={{ dns_service }} state=stopped
service:
name: "{{ dns_service }}"
state: stopped
when: first_run and is_debuntu
- name: Set folder permission
file: path={{ item }}
owner={{ dns_user }}
group=root
mode=0755
state=directory
file:
path: "{{ item }}"
owner: "{{ dns_user }}"
group: root
mode: 0755
state: directory
with_items:
- /var/named-iiab
- /var/named-iiab/data
- /etc/sysconfig/olpc-scripts/domain_config.d
- name: Configure named
template: src={{ item.src }}
dest={{ item.dest }}
owner={{ item.owner }}
group=root
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }
- name: Substitute our unit file which uses $OPTIONS from sysconfig
template: src=roles/network/templates/named/{{ dns_service }}.service
dest=/etc/systemd/system/{{ dns_service }}.service
mode=0644
template:
src: "roles/network/templates/named/{{ dns_service }}.service"
dest: "/etc/systemd/system/{{ dns_service }}.service"
mode: 0644
- name: The dns-jail redirect requires the named.blackhole,disabling recursion
- name: The dns-jail redirect requires the named.blackhole, disabling recursion
# in named-iiab.conf, and the redirection of 404 error documents to /
template: src=roles/network/templates/named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
template:
src: roles/network/templates/named/dns-jail.conf
dest: "/etc/{{ apache_config_dir }}/"
when: dns_jail_enabled
- name: Separate enabling required for debuntu
file: src=/etc/{{ apache_config_dir }}/dns-jail.conf
path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf
state=link
- name: Separate enabling required (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/dns-jail.conf"
path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
state: link
when: is_debuntu and dns_jail_enabled
- name: Separate enabling/disabling required (debuntu)
file: src=/etc/{{ apache_config_dir }}/dns-jail.conf
path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf
state=absent
- name: Separate disabling required (debuntu)
file:
path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
state: absent
when: is_debuntu and not dns_jail_enabled
- name: Separate enabling/disabling required (OS's that are not debuntu)
file: path=/etc/{{ apache_config_dir }}/dns-jail.conf
state=absent
file:
path: "/etc/{{ apache_config_dir }}/dns-jail.conf"
state: absent
when: not is_debuntu and not dns_jail_enabled
- name: Start named after copying files
service: name={{ dns_service }} state=started
service:
name: "{{ dns_service }}"
state: started

2
roles/network/tasks/restart.yml
View file

@ -1,4 +1,4 @@
- name: restart hostapd when wifi is present
- name: Restart hostapd when WiFi is present
systemd:
name: hostapd
state: restarted

2
roles/network/tasks/rpi_debian.yml
View file

@ -20,7 +20,7 @@
dest: /etc/dhcpcd.conf
src: network/dhcpcd.conf.j2
- name: New raspbian requires counry code -- check for it
- name: New raspbian requires country code -- check for it
shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf
register: country_code
ignore_errors: True

97
roles/network/templates/captive_portal/captive_portal.py.j2 Executable file
View file

@ -0,0 +1,97 @@
#!/usr/bin/python
# Captive portal script adapted from https://github.com/nikosft/captive-portal
import subprocess
import BaseHTTPServer
import cgi
# These variables are used as settings
PORT = int("{{ py_captive_portal_port }}") # the port in which the captive portal web server listens
IFACE = "{{ iiab_lan_iface }}" # the interface that captive portal protects
IP_ADDRESS = "{{ lan_ip }}" # the ip address of the captive portal (it can be the IP of IFACE)
'''
This it the http server used by the the captive portal
'''
class CaptivePortal(BaseHTTPServer.BaseHTTPRequestHandler):
#this is the index of the captive portal
#it simply redirects the user to the to login page
html_redirect = """
<html>
<head>
<meta http-equiv="refresh" content="0; url=http://%s:%s/login" />
</head>
<body>
<b>Redirecting to login page</b>
</body>
</html>
"""%(IP_ADDRESS, PORT)
#the login page
html_login = """
<html>
<body>
<b>Login Form</b>
<form method="POST" action="do_login">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
"""
'''
if the user requests the login page show it, else
use the redirect page
'''
def do_GET(self):
path = self.path
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
if path == "/login":
self.wfile.write(self.html_login)
else:
self.wfile.write(self.html_redirect)
'''
this is called when the user submits the login form
'''
def do_POST(self):
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
form = cgi.FieldStorage(
fp=self.rfile,
headers=self.headers,
environ={'REQUEST_METHOD':'POST',
'CONTENT_TYPE':self.headers['Content-Type'],
})
username = form.getvalue("username")
password = form.getvalue("password")
#dummy security check
if username == '{{ py_captive_portal_username }}' and password == '{{ py_captive_portal_password }}':
#authorized user
remote_IP = self.client_address[0]
print 'New authorization from '+ remote_IP
print 'Updating IP tables'
subprocess.call(["iptables","-t", "nat", "-I", "PREROUTING","1", "-s", remote_IP, "-j" ,"ACCEPT"])
subprocess.call(["iptables", "-I", "FORWARD", "-s", remote_IP, "-j" ,"ACCEPT"])
self.wfile.write("You are now authorized. Navigate to any URL")
else:
#show the login form
self.wfile.write(self.html_login)
#the following function makes server produce no output
#comment it out if you want to print diagnostic messages
#def log_message(self, format, *args):
# return
print "Starting captive portal web server"
httpd = BaseHTTPServer.HTTPServer(('', PORT), CaptivePortal)
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()

15
roles/network/templates/captive_portal/captive_portal.service.j2 Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=Captive portal
After=syslog.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/opt/iiab/captive-portal
ExecStart=/opt/iiab/captive-portal/captive_portal.py
StandardOutput=syslog
StandardError=syslog
[Install]
WantedBy=multi-user.target

17
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -57,11 +57,13 @@ services_externally_visible={{ services_externally_visible }}
calibre_port={{ calibre_port }}
kiwix_port={{ kiwix_port }}
kalite_server_port={{ kalite_server_port }}
kolibri_http_port={{ kolibri_http_port }}
sugarizer_port={{ sugarizer_port }}
block_DNS={{ block_DNS }}
captive_portal_enabled={{ captive_portal_enabled }}
py_captive_portal_enabled={{ py_captive_portal_enabled }}
echo "Lan is $lan and WAN is $wan"
echo "LAN is $lan and WAN is $wan"
#
# delete all existing rules.
#
@ -89,6 +91,7 @@ fi
if [ "$services_externally_visible" == "True" ]; then
$IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT
fi
@ -101,12 +104,13 @@ $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACC
#Block https traffic except if directed at server
if [ "$gw_block_https" == "True" ]; then
$IPTABLES -A FORWARD -p tcp ! -d 172.18.96.1 --dport 443 -j DROP
$IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP
fi
# Allow outgoing connections from the LAN side.
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
if ! [ "$py_captive_portal_enabled" == "True" ];then
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
fi
# Don't forward from the outside to the inside.
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
$IPTABLES -A INPUT -i $wan -j DROP
@ -122,8 +126,11 @@ if [ "$captive_portal_enabled" == "True" ];then
$IPTABLES -t mangle -A internet -j MARK --set-mark 99
$IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
elif [ "py_$captive_portal_enabled" == "True" ];then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ py_captive_portal_port }}
elif [ "$HTTPCACHE_ON" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
fi
# Enable routing.

2
roles/network/templates/network/dnsmasq.conf.j2
View file

@ -4,7 +4,7 @@ bogus-priv
#server=/{{ iiab_domain }}/{{ iiab_hostname }}
# Add local-only domains here, queries in these domains are answered from /etc/hosts or DHCP only.
local=/{{ iiab_domain }}/
{% if captive_portal_enabled == "True" %}
{% if dns_jail_enabled %}
# Make all host names resolve to the Raspberry Pi's IP address
address=/#/{{ lan_ip }}
{% endif %}

1
roles/nextcloud/tasks/main.yml
View file

@ -18,6 +18,7 @@
url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}"
dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
force: yes
#validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
timeout: "{{ download_timeout }}"
when: internet_available and nextcloud_force_install
async: 900

2
roles/nextcloud/templates/nextcloud.conf.j2
View file

@ -6,7 +6,7 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
<IfModule mod_authz_core.c>
# Apache 2.4
Require host localhost
Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }}
Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2

175
roles/osm/tasks/main.yml
View file

@ -1,6 +1,7 @@
- name: Install OSM required packages
package: name={{ item }}
state=present
- name: Install OSM required packages (debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- gcc
- python-dev
@ -9,9 +10,10 @@
- libapache2-mod-xsendfile
when: is_debuntu
- name: Install OSM required packages
package: name={{ item }}
state=present
- name: Install OSM required packages (not debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- python-pip
- gcc
@ -22,27 +24,30 @@
when: not is_debuntu
# OSM wants a specific version do that first
- name: Install Whoosh 2.6
pip: name=whoosh
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
version=2.6
extra_args="--no-cache-dir"
- name: Install Whoosh 2.6 (debuntu)
pip:
name: whoosh
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
version: 2.6
extra_args: "--no-cache-dir"
when: internet_available and is_debuntu
- name: Install Flask 0.12X
pip: name=Flask
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
version=0.12.4
extra_args="--no-cache-dir"
- name: Install Flask 0.12X (debuntu)
pip:
name: Flask
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
version: 0.12.4
extra_args: "--no-cache-dir"
when: internet_available and is_debuntu
- name: Install OSM with dependencies
pip: name={{ item }}
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
extra_args="--no-cache-dir"
- name: Install OSM with dependencies (debuntu)
pip:
name: "{{ item }}"
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
extra_args: "--no-cache-dir"
with_items:
- MarkupSafe
- pytz
@ -50,26 +55,29 @@
when: internet_available and is_debuntu
# OSM wants a specific version do that first
- name: Install Whoosh 2.6
pip: name=whoosh
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
version=2.6
- name: Install Whoosh 2.6 (not debuntu)
pip:
name: whoosh
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
version: 2.6
# extra_args="--no-cache-dir"
when: internet_available and not is_debuntu
- name: Install Flask 0.12X
pip: name=Flask
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
version=0.12.4
- name: Install Flask 0.12X (not debuntu)
pip:
name: Flask
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
version: 0.12.4
# extra_args="--no-cache-dir"
when: internet_available and not is_debuntu
- name: Install OSM with dependencies
pip: name={{ item }}
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
- name: Install OSM with dependencies (not debuntu)
pip:
name: "{{ item }}"
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
# extra_args="--no-cache-dir"
with_items:
- MarkupSafe
@ -77,81 +85,92 @@
- Internet-in-a-Box
when: internet_available and not is_debuntu
- name: Set osm_path
- name: Set osm_path (redhat)
set_fact:
osm_path: "{{ osm_venv }}/{{ python_path }}/iiab"
osm_path: "{{ osm_venv }}/{{ python_path }}/iiab"
when: osm_enabled and is_redhat
- name: Set osm_path
- name: Set osm_path (debuntu)
set_fact:
osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab"
osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab"
when: osm_enabled and is_debuntu
- name: Point wsgi to virtual environment (all OS's)
lineinfile: dest={{ osm_venv }}/bin/iiab.wsgi
regexp="path_to_virtualenv = None"
line="path_to_virtualenv = '/usr/local/osm'"
state=present
lineinfile:
dest: "{{ osm_venv }}/bin/iiab.wsgi"
regexp: "path_to_virtualenv = None"
line: "path_to_virtualenv = '/usr/local/osm'"
state: present
- name: Copy OSM config file (all OS's)
template: backup=no
src=osm.conf.j2
dest=/etc/{{ apache_config_dir }}/osm.conf
owner=root
group=root
mode=0644
template:
src: osm.conf.j2
dest: "/etc/{{ apache_config_dir }}/osm.conf"
owner: root
group: root
mode: 0644
backup: no
when: osm_enabled
- name: Create a link from sites-enabled to sites-available (debuntu)
file: src=/etc/{{ apache_config_dir }}/osm.conf
dest=/etc/apache2/sites-enabled/osm.conf
state=link
file:
src: "/etc/{{ apache_config_dir }}/osm.conf"
dest: /etc/apache2/sites-enabled/osm.conf
state: link
when: osm_enabled and is_debuntu
- name: Remove the link from sites-enabled to sites-available (debuntu)
file: dest=/etc/apache2/sites-enabled/osm.conf
state=absent
file:
dest: /etc/apache2/sites-enabled/osm.conf
state: absent
when: not osm_enabled and is_debuntu
- name: Remove the osm.conf (redhat)
file: dest=/{{ apache_config_dir }}/osm.conf
state=absent
file:
dest: "/{{ apache_config_dir }}/osm.conf"
state: absent
when: not osm_enabled and is_redhat
- name: Remove link to cgi (all OS's)
file: dest={{ doc_root }}/osm.wsgi
state=absent
file:
dest: "{{ doc_root }}/osm.wsgi"
state: absent
when: not osm_enabled
- name: Create link to cgi (all OS's)
file: src={{ osm_venv }}/bin/iiab.wsgi
dest={{ doc_root }}/osm.wsgi
owner=root
group=root
state=link
file:
src: "{{ osm_venv }}/bin/iiab.wsgi"
dest: "{{ doc_root }}/osm.wsgi"
owner: root
group: root
state: link
when: osm_enabled
- name: Create the knowledge data set folders
file: path=/library/knowledge/modules
state=directory
owner={{ apache_user }}
group={{ apache_user }}
file:
path: /library/knowledge/modules
state: directory
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
# the following was brought into OSM playbook from iiab-factory osm-fix script
- name: Copy the files
template: src={{ item.src }} dest={{ item.dest }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: 'defaults.ini', dest: "{{ osm_path }}/" }
- { src: 'etc.iiab.conf', dest: '/etc/iiab.conf' }
- { src: 'map_search.py', dest: "{{ osm_path }}/map_search.py" }
- { src: 'map.html', dest: "{{ osm_path }}/static/map.html" }
- { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" }
- { src: '{{ osm_path }}/static/map.html', dest: "{{ osm_path }}/static/index.html" }
- { src: 'defaults.ini', dest: "{{ osm_path }}/" }
- { src: 'etc.iiab.conf', dest: '/etc/iiab.conf' }
- { src: 'map_search.py', dest: "{{ osm_path }}/map_search.py" }
- { src: 'map.html', dest: "{{ osm_path }}/static/map.html" }
- { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" }
- { src: "{{ osm_path }}/static/map.html", dest: "{{ osm_path }}/static/index.html" }
when: osm_enabled
- name: Restart httpd service
service: name={{ apache_service }}
state=restarted
service:
name: "{{ apache_service }}"
state: restarted
- name: Add 'osm' to list of services at /etc/iiab/iiab.ini
ini_file:

2
roles/rachel/README.rst
View file

@ -13,7 +13,7 @@ Do the following:
* cd /library/rachel
* mv /library/rachelusb_32EN_3.1.4/RACHEL/bin .
* you should see /library/rachel/bin/www/index.php
* re-run ansible (making sure that rachel_enabled: True has been set in vars/local_vars.yml
* re-run ansible (making sure that rachel_enabled: True has been set in /etc/iiab/local_vars.yml
Locations
---------

17
roles/sugarizer/defaults/main.yml
View file

@ -1,6 +1,15 @@
sugarizer_install: True
sugarizer_enabled: False
sugarizer_location: /opt/iiab
sugarizer_version: 'sugarizer-1.0'
sugarizer_server_version: 'sugarizer-server-1.0'
npm_exists: False
sugarizer_location: "{{ iiab_base }}" # /opt/iiab
sugarizer_version: sugarizer-1.0
sugarizer_git_version: v1.0.1
# PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases
sugarizer_server_version: sugarizer-server-1.0
sugarizer_server_git_version: v1.0.1 # "master" worked over July 11-14, 2018
# PLEASE HELP MONITOR https://github.com/llaske/sugarizer-server/releases
# Unused as of 2018-07-14
# node_modules_exists: False

256
roles/sugarizer/tasks/main.yml
View file

@ -1,94 +1,168 @@
- name: Wipe any previous sugarizer installation
# 0. CLEAN UP PRIOR VERSIONS OF SUGARIZER (NEEDS WORK!)
- name: Wipe /library/www/html/sugarizer* if installing sugarizer-1.0
shell: "rm -rf {{ doc_root }}/sugarizer*"
when: sugarizer_version == "sugarizer-1.0"
- name: Download latest stable Sugarizer from location we control
get_url:
url: "{{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz"
dest: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz"
timeout: "{{ download_timeout }}"
# 1. DOWNLOAD+LINK /opt/iiab/sugarizer
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }}) from GitHub to /opt/iiab (MAY DOWNLOAD 600+ MB)
git:
repo: https://github.com/llaske/sugarizer
dest: "{{ sugarizer_location }}/{{ sugarizer_version }}"
version: "{{ sugarizer_git_version }}"
force: yes
depth: 1
when: internet_available
- name: Untar to {{ sugarizer_version }}
unarchive:
src: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz"
dest: "{{ sugarizer_location }}"
creates: "{{ sugarizer_location }}/{{ sugarizer_version }}/index.html"
# command: tar xzf {{ downloads_dir }}/{{ sugarizer_version }}.tar.gz -C {{ sugarizer_location }}
# creates="{{ sugarizer_location }}/{{ sugarizer_version }}/index.html"
- name: Download latest stable Server from location we control
get_url:
url: "{{ iiab_download_url }}/{{ sugarizer_server_version }}.tar.gz"
dest: "{{ downloads_dir }}/{{ sugarizer_server_version }}.tar.gz"
timeout: "{{ download_timeout }}"
when: internet_available
- name: Untar to /{{ sugarizer_version }}
unarchive:
src: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz"
dest: "{{ sugarizer_location }}"
creates: "{{ sugarizer_location }}/{{ sugarizer_version }}/index.html"
- name: Create symbolic link /library/www/html/sugarizer
- name: Create symbolic link /opt/iiab/sugarizer -> /opt/iiab/{{ sugarizer_version }}
file:
src: "{{ sugarizer_location }}/{{ sugarizer_version }}"
dest: "{{ sugarizer_location }}/sugarizer"
state: link
- name: Untar to /library/www/html/{{ sugarizer_server_version }}
unarchive:
src: "{{ downloads_dir }}/{{ sugarizer_server_version }}.tar.gz"
dest: "{{ sugarizer_location }}"
creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/index.html"
- name: Create symbolic link /library/www/html/sugarizer
# 2. DOWNLOAD+LINK /opt/iiab/sugarizer-server
# 2018-07-11: http://download.iiab.io/packages/sugarizer-server-1.0.tar.gz
# was flawed, as documented at:
# https://github.com/iiab/iiab/pull/814#issuecomment-404211098
# Versions of MongoDB, npm (& Node.js ?) matter! Sugarizer 1.0 Context:
# https://github.com/iiab/iiab/issues/798
# Going forward let's "git clone" IIAB's preferred versions, of sugarizer
# AND sugarizer-server, as specified in roles/sugarizer/defaults/main.yml
# 2018-07-14 BLOAT: git works well BUT even with "depth: 1"
# - 229MB is unfort downloaded to /opt/iiab/sugarizer/.git
# - 1.4MB is unfort downloaded to /opt/iiab/sugarizer-server/.git
# CLARIF: during repeat runs of "./runrole sugarizer", this git sync shows
# "changed" (whereas above git sync shows "ok"). Reason: "npm install"
# (below) modifies /opt/iiab/sugarizer-server/node_modules
- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }}) from GitHub to /opt/iiab
git:
repo: https://github.com/llaske/sugarizer-server
dest: "{{ sugarizer_location }}/{{ sugarizer_server_version }}"
version: "{{ sugarizer_server_git_version }}"
force: yes
depth: 1
when: internet_available
- name: Create symbolic link /opt/iiab/sugarizer-server -> /opt/iiab/{{ sugarizer_server_version }}
file:
src: "{{ sugarizer_location }}/{{ sugarizer_server_version }}"
dest: "{{ sugarizer_location }}/sugarizer-server"
state: link
- name: Set up Node.js 6.x apt sources (debuntu)
shell: curl -sL https://deb.nodesource.com/setup_6.x | bash -
# 3. INSTALL A GOOD VERSION OF Node.js AND npm
- name: Set up Node.js 8.x apt sources (debuntu, but avoid ubuntu-18)
shell: curl -sL https://deb.nodesource.com/setup_8.x | bash -
when: internet_available and is_debuntu and not is_ubuntu_18
- name: Install latest Node.js which includes /usr/bin/npm (debuntu)
- name: Install latest Node.js which includes /usr/bin/npm (debuntu, but avoid ubuntu-18)
package:
name: nodejs
# name: nodejs=8.x
state: latest
# package: name=nodejs=6.*
# state=present
# state: present
when: internet_available and is_debuntu and not is_ubuntu_18
- name: Install npm (OS's other than debuntu)
package:
name: "{{ item }}"
state: present
when: internet_available and not is_debuntu
with_items:
- nodejs
- npm
# 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm
# 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above
# nodesource.com approach to get a version of npm that works with Sugarizer:
# https://github.com/iiab/iiab/issues/798#issuecomment-404324530
#
# MORE POSITIVELY: this nodesource.com approach (brings in npm 5.6.0 with
# nodejs 8.11.3 for now, to any OS) would also work on Ubuntu 18.04, and
# might even bring about a sane consistency across mainline OS's?
#
# BUT FOR NOW: Ubuntu 18.04's apt (approach below) brings in npm 3.5.2,
# which appears suffic "SO FAR"? 18.04's nodejs 8.10.0 is more reassuring!
- name: Install npm (ubuntu-18)
# CRAZY IDEA: most versions of npm can upgrade themselves to the latest
# (6.2.0 for now) using command "npm install -g npm", if that helps us in
# future, e.g. TK's memory issue etc? If so, be CAREFUL this puts npm
# in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian
# where it upgrades /usr/bin/npm in place:
# https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation
- name: Install Node.js and npm (ubuntu-18 or not debuntu)
package:
name: "{{ item }}"
state: latest
when: internet_available and is_ubuntu_18
with_items:
- npm
- nodejs
- npm
when: internet_available and (is_ubuntu_18 or not is_debuntu)
# attempting to reinstall npm is broken on Raspbian 9
- name: Check for Sugarizer already installed
stat:
path: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules"
register: npm
ignore_errors: true
# 4. RUN "npm install" TO POPULATE ~35MB /opt/iiab/sugarizer-server/node_modules
- name: Set a flag to abort second attempt to install
set_fact:
npm_exists: True
when: npm.stat is defined and npm.stat.exists
# Re-running "npm install" USED TO fail on Raspbian 9 if not other OS's ?
# Strategies considered to avoid re-running it:
# OLD WAY 1: test & set flag node_modules_exists: True
# OLD WAY 2: "creates: ..." checks for non-existence of /opt/iiab/sugarizer-server-1.0/node_modules
# OLD WAY 3: set "register: git_sug_server_output" above, then as nec delete /opt/iiab/sugarizer-server-1.0/node_modules "when: git_sug_server_output.changed" and as nec run "npm install"
- name: Create systemd files and copy our ini file
#- name: Check for /opt/iiab/{{ sugarizer_server_version }}/node_modules
# stat:
# path: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules"
# register: nmtest
# ignore_errors: true
#
#- name: Set a flag to prevent re-running of "npm install"
# set_fact:
# node_modules_exists: True
# when: nmtest.stat is defined and nmtest.stat.exists
# NEW WAY BELOW: run "npm install --allow-root" every time, as modern versions
# of npm are incremental, with sanity checks (all 3 may work: but npm 6.2.0
# is better than 5.6.0. which is better than Ubuntu 18.04's 3.5.2).
# 2018-07-15: TK Kang & Holt confirmed sudo-driven "npm install" maxes out CPU
# for hours, on diff OS's using npm 5.6.0 and 6.2.0. Hours later you may get
# error: code EACCES, errno -13 (permission denied),
# "Missing write access to /opt/iiab/sugarizer-server-1.0/node_modules"
#
# SOLUTION: Implement '--allow-root --unsafe-perm=true' below, as is critical
# for 1st run of sudo-driven 'npm install' especially:
#
# ON DEBIAN: npm 5.6.0's --allow-root would be sufficient: causing creation
# of /root/.npm cache & lock files to owned by root:root instead of
# iiab-admin:iiab-admin...thus permitting it & IIAB installs to complete!
#
# ON RASPBIAN: npm 5.6.0's --unsafe-perm=true is *required* so that npm
# install actually finished (in about 5 minutes). It's possible we should
# remove --allow-root in favore of --unsafe-perm=true alone. But this needs
# testing on different Linuxes before proceeding.
#
# CLARIF 1: Something like 'chown -R root:root /root/.npm' would do the job,
# but cannot happen synchronously throughout the 1st run of 'npm install'
# (when it's needed!) Similar to what --allow-root does on Debian.
#
# CLARIF 2: Ubuntu 18.04 is currently unaffected due to its ancient
# npm 3.5.2, which instead uses /home/iiab-admin/.npm (which remains owned
# by iiab-admin:iiab-admin, even with '--allow-root', but thankfully still
# gets the job done, for now!)
#- name: Create the express framework for Node.js (OS's other than Fedora 18)
- name: Run 'npm install --allow-root --unsafe-perm=true' to create /opt/iiab/{{ sugarizer_server_version }}/node_modules (CAN TAKE ~3 MINUTES)
command: npm install --allow-root --unsafe-perm=true # "command:" a bit safer than "shell:"
args:
chdir: "{{ sugarizer_location }}/{{ sugarizer_server_version }}"
#creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules" # OLD WAY 2
when: internet_available # "npm install" generally requires Internet access
# when: internet_available and git_sug_server_output.changed # OLD WAY 3
# when: internet_available and not is_F18 and not node_modules_exists # OLD WAY 1
#- name: Create the express framework for Node.js (Fedora 18)
# shell: npm install
# args:
# chdir: "{{ sugarizer_location }}/sugarizer/server"
# when: internet_available and is_F18 and not node_modules_exists
# 5. PLACE CONFIG FILES
- name: Configure sugarizer.service (systemd), sugarizer.conf (Apache) and sugarizer.ini
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@ -96,46 +170,50 @@
owner: root
group: root
with_items:
- { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service', mode: '0644' }
- { src: 'sugarizer.ini' , dest: '{{ sugarizer_location }}/{{ sugarizer_server_version }}/env/sugarizer.ini', mode: '0644' }
- { src: 'sugarizer.conf' , dest: '/etc/apache2/sites-available',mode: '0644' }
- { src: 'sugarizer.ini', dest: '{{ sugarizer_location }}/{{ sugarizer_server_version }}/env/sugarizer.ini', mode: '0644' }
- { src: 'sugarizer.conf', dest: '/etc/apache2/sites-available', mode: '0644' }
- { src: 'sugarizer.service.j2', dest: '/etc/systemd/system/sugarizer.service', mode: '0644' }
- name: Create the symlink enabling the rewrite
file: src=/etc/apache2/sites-available/sugarizer.conf
dest=/etc/apache2/sites-enabled/sugarizer.conf
state=link
- name: Create symlink for short URL http://box/sugarizer
file:
src: /etc/apache2/sites-available/sugarizer.conf
dest: /etc/apache2/sites-enabled/sugarizer.conf
state: link
- name: Create the express framework for Node.js (OS's other than Fedora 18)
shell: npm install
args:
chdir: "{{ sugarizer_location }}/{{ sugarizer_server_version }}"
creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/server/node_modules"
when: not is_F18 and not npm_exists
# 6. RESTART/STOP SYSTEMD SERVICE
- name: Create the express framework for Node.js (Fedora 18)
shell: npm install
args:
chdir: "{{ sugarizer_location }}/sugarizer/server"
when: is_F18 and not npm_exists
- name: Enable services (all OS's)
service:
name: "{{ item.name }}"
- name: Enable+restart systemd service if sugarizer_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?)
systemd:
name: sugarizer
enabled: yes
state: restarted
with_items:
- { name: sugarizer }
daemon_reload: yes
when: sugarizer_enabled
- name: Disable services (all OS's)
service:
name: "{{ item.name }}"
- name: 'Disable+stop systemd service if sugarizer_enabled: False'
systemd:
name: sugarizer
enabled: no
state: stopped
with_items:
- { name: sugarizer }
when: not sugarizer_enabled
#- name: Enable services (all OS's)
# service:
# name: "{{ item.name }}"
# enabled: yes
# state: restarted
# with_items:
## - { name: mongodb } # 2018-07-14: NICE TRY, but still doesn't bring http://box:8089 to life reliably, as a reboot usually does! (Is a "systemctl daemon-reload" or some such nec?)
# - { name: sugarizer }
# when: sugarizer_enabled
#- name: Disable service (all OS's)
# service:
# name: sugarizer
# enabled: no
# state: stopped
# when: not sugarizer_enabled
- name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"

1
roles/sugarizer/templates/sugarizer.ini
View file

@ -20,6 +20,7 @@ path = ../sugarizer/
server = localhost
port = 27018
name = sugarizer
waitdb = 1
[presence]
port = 8039

3
roles/sugarizer/templates/sugarizer.service.j2
View file

@ -1,7 +1,8 @@
[Unit]
Description=Node.js Sugarizer Server
Requires=mongodb.service
After=mongodb.service # Requires the mongodb service to run first
After=mongodb.service
# Requires mongodb service to run first
[Service]
WorkingDirectory=/opt/iiab/sugarizer-server/

8
roles/usb-lib/tasks/main.yml
View file

@ -26,7 +26,7 @@
- { src: 'iiab-usb-lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
- { src: 'iiab-usb-lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
- name: Enable exfat and ntfs
- name: Enable exFAT and NTFS
lineinfile:
regexp: '^FILESYSTEMS.*'
line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
@ -53,7 +53,7 @@
state: absent
when: not usb_lib_enabled
- name: Put a variable in iiab.env for display of content at root of USB
- name: Put variable in iiab.env that enables display of content at root of USB
lineinfile:
dest: /etc/iiab/iiab.env
regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
@ -65,14 +65,14 @@
dest: "/etc/{{ apache_config_dir }}"
when: usb_lib_enabled
- name: Create the link to enable (debian)
- name: Create the link to enable (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/content_dir.conf"
dest: /etc/apache2/sites-enabled/content_dir.conf
state: link
when: is_debuntu
- name: Remove the link that enables (debian)
- name: Remove the link that enables (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/content_dir.conf"
dest: /etc/apache2/sites-enabled/content_dir.conf

2
roles/wordpress/tasks/install.yml
View file

@ -2,7 +2,7 @@
# to /library/wordpress) should also work offline...
#
# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
# NEXT RUN OF "./runtags wordpress" OR "./iiab-install" PLEASE FIRST DO:
# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO:
#
# - "mv /library/wordpress /library/wordpress.old"
# - back up WordPress's database then drop it

2
run-one-role.yml
View file

@ -5,7 +5,7 @@
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
- /etc/iiab/local_vars.yml
- /etc/iiab/config_vars.yml
roles:

0
runansible → runansible.deprecated
View file

0
runtags → runtags.deprecated
View file

23
scripts/ansible
View file

@ -1,11 +1,18 @@
#!/bin/bash -e
echo -e '\nATTEMPTING TO INSTALL THE LATEST (RELEASED VERSION OF) ANSIBLE.'
echo -e 'Ensure you'"'"'re online before running this! (/opt/iiab/iiab/scripts/ansible)'
echo -e 'INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch'
echo -e 'ALTERNATIVES: Consider scripts/ansible-2.5.x "slow food" instead.\n'
echo -e '\n\nSTRONGLY RECOMMENDED PREREQUISITE: (1) remove all prior versions of Ansible using "apt purge ansible" and/or "pip uninstall ansible" and (2) clear out all lines containing ansible from /etc/apt/sources.list and /etc/apt/sources.list.d/*\n'
GOOD_VER="2.5.5" # Ansible version for OLPC XO laptops (pip install).
echo -e 'WARNING: repeatedly re-run "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367" if this part of the script fails due to network/mirrors.\n'
echo -e 'COMPLETE INSTALL INSTRUCTIONS:\nhttps://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n'
echo -e 'NOW ATTEMPTING TO INSTALL THE LATEST ANSIBLE:'
echo -e 'Ensure you'"'"'re online before running this (/opt/iiab/iiab/scripts/ansible)\n'
echo -e 'ALTERNATIVES: Run scripts/ansible-2.5.x-deprecated or scripts/ansible-2.6.x\n\n'
GOOD_VER="2.6.1" # Ansible version for OLPC XO laptops (pip install).
# On other OS's we install/upgrade to THE latest (released version of) Ansible.
CURR_VER="undefined"
# below are unused for future use
@ -14,12 +21,12 @@ CURR_VER="undefined"
export DEBIAN_FRONTEND=noninteractive
if [ ! `command -v ansible-playbook` ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd"
echo "Installing --- Please Wait"
echo "scripts/ansible will now try to install Ansible --- Please Wait"
if [ -f /etc/centos-release ]; then
yum -y install ca-certificates nss epel-release
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch
yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.0-1.el7.ans.noarch.rpm
yum -y install https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.5-1.el7.ans.noarch.rpm
# elif [ -f /etc/fedora-release ]; then
# CURR_VER=`grep VERSION_ID /etc/*elease | cut -d= -f2`
# URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$CURR_VER.yml
@ -67,7 +74,7 @@ else
#if [[ `grep -qi ansible /etc/apt/sources.list` ]] || [ -f /etc/apt/sources.list.d/ansible*.list ]; then
elif (grep -qi ansible /etc/apt/sources.list) || (ls /etc/apt/sources.list.d/*ansible*.list >/dev/null 2>&1) ; then
#echo "Ansible repo(s) found within /etc/apt/sources.list*"
echo -e 'MANUAL INTERVENTION URGED:\nANSIBLE REPO(S) FOUND WITHIN /etc/apt/sources.list AND/OR /etc/apt/sources.list.d/*ansible*.list -- MUST CONTAIN LINE "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" IF YOU WANT THE LATEST ANSIBLE -- AND REMOVE ALL SIMILAR LINES TO ENSURE ANSIBLE UPDATES CLEANLY -- then re-run this script.\n'
echo -e 'CONSIDER MANUAL INTERVENTION:\nANSIBLE REPO(S) FOUND WITHIN /etc/apt/sources.list AND/OR /etc/apt/sources.list.d/*ansible*.list -- MUST CONTAIN LINE "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" IF YOU WANT THE LATEST ANSIBLE -- AND REMOVE ALL SIMILAR LINES TO ENSURE ANSIBLE UPDATES CLEANLY -- then re-run this script.\n'
else
echo -e 'Upstream ansible source repo not found:\nPLEASE UNINSTALL ANSIBLE (run "apt purge ansible" or "pip uninstall ansible", depending how Ansible was originally installed) THEN RE-RUN THIS SCRIPT.'
exit 1

19
scripts/ansible-2.5.x → scripts/ansible-2.5.x-deprecated
View file

@ -1,11 +1,18 @@
#!/bin/bash -e
echo -e '\nATTEMPTING TO INSTALL THE LATEST ANSIBLE 2.5.x'
echo -e 'Ensure you'"'"'re online before running this! (/opt/iiab/iiab/scripts/ansible-2.5.x)'
echo -e 'INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch'
echo -e 'ALTERNATIVE: Consider scripts/ansible to keep up-to-date as Ansible evolves.\n'
echo -e '\n\nSTRONGLY RECOMMENDED PREREQUISITE: (1) remove all prior versions of Ansible using "apt purge ansible" and/or "pip uninstall ansible" and (2) clear out all lines containing ansible from /etc/apt/sources.list and /etc/apt/sources.list.d/*\n'
GOOD_VER="2.5.5" # Ansible version for OLPC XO laptops (pip install).
echo -e 'WARNING: repeatedly re-run "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367" if this part of the script fails due to network/mirror.\n'
echo -e 'COMPLETE INSTALL INSTRUCTIONS:\nhttps://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n'
echo -e 'NOW ATTEMPTING TO INSTALL THE LATEST ANSIBLE 2.5.x:'
echo -e 'Ensure you'"'"'re online before running this (/opt/iiab/iiab/scripts/ansible-2.5.x)\n'
echo -e 'ALTERNATIVES: Run scripts/ansible-2.6.x, or scripts/ansible for the latest.\n\n'
GOOD_VER="2.5.6" # Ansible version for OLPC XO laptops (pip install).
# On other OS's we attempt to install/upgrade/pin to the latest Ansible 2.5.x
CURR_VER="undefined"
# below are unused for future use
@ -19,7 +26,7 @@ if [ ! `command -v ansible-playbook` ]; then # "command -v" is POSIX compliant
yum -y install ca-certificates nss epel-release
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch
yum -y install http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.0-1.el7.ans.noarch.rpm
yum -y install https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.5-1.el7.ans.noarch.rpm
# elif [ -f /etc/fedora-release ]; then
# CURR_VER=`grep VERSION_ID /etc/*elease | cut -d= -f2`
# URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$CURR_VER.yml

102
scripts/ansible-2.6.x Executable file
View file

@ -0,0 +1,102 @@
#!/bin/bash -e
echo -e '\n\nSTRONGLY RECOMMENDED PREREQUISITE: (1) remove all prior versions of Ansible using "apt purge ansible" and/or "pip uninstall ansible" and (2) clear out all lines containing ansible from /etc/apt/sources.list and /etc/apt/sources.list.d/*\n'
echo -e 'WARNING: repeatedly re-run "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367" if this part of the script fails due to network/mirrors.\n'
echo -e 'COMPLETE INSTALL INSTRUCTIONS:\nhttps://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch\n'
echo -e 'NOW ATTEMPTING TO INSTALL THE LATEST ANSIBLE 2.6.x:'
echo -e 'Ensure you'"'"'re online before running this (/opt/iiab/iiab/scripts/ansible-2.6.x)\n'
echo -e 'ALTERNATIVES: Run scripts/ansible-2.5.x-deprecated "slow food", or scripts/ansible for the latest.\n\n'
GOOD_VER="2.6.1" # Ansible version for OLPC XO laptops (pip install).
# On other OS's we attempt to install/upgrade/pin to the latest Ansible 2.6.x
CURR_VER="undefined"
# below are unused for future use
# URL="NA"
export DEBIAN_FRONTEND=noninteractive
if [ ! `command -v ansible-playbook` ]; then # "command -v" is POSIX compliant; also catches built-in commands like "cd"
echo "scripts/ansible-2.6.x will now try to install Ansible --- Please Wait"
if [ -f /etc/centos-release ]; then
yum -y install ca-certificates nss epel-release
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch
yum -y install https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.5-1.el7.ans.noarch.rpm
# elif [ -f /etc/fedora-release ]; then
# CURR_VER=`grep VERSION_ID /etc/*elease | cut -d= -f2`
# URL=https://github.com/jvonau/iiab/blob/ansible/vars/fedora-$CURR_VER.yml
# dnf -y install ansible git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
# dnf -y install python-pip python-setuptools python-wheel patch
elif [ -f /etc/olpc-release ]; then
yum -y install ca-certificates nss
yum -y install git bzip2 file findutils gzip hg svn sudo tar which unzip xz zip libselinux-python
yum -y install python-pip python-setuptools python-wheel patch
pip install --upgrade pip setuptools wheel #EOL just do it
pip install ansible==$GOOD_VER --disable-pip-version-check
# Parens are optional, but greatly clarify :)
elif (grep -qi ubuntu /etc/lsb-release 2> /dev/null) || (grep -qi ubuntu /etc/os-release); then
apt -y install python-pip python-setuptools python-wheel patch
#apt-add-repository -y ppa:ansible/ansible
apt-add-repository -y ppa:ansible/ansible-2.6
# elif UBUNTU MUST REMAIN ABOVE (as Ubuntu ALSO contains /etc/debian_version, which would trigger the line just below)
elif [ -f /etc/debian_version ] || (grep -qi raspbian /etc/*elease) ; then
if ( ! grep -qi ansible /etc/apt/sources.list) && [ ! -f /etc/apt/sources.list.d/ansible ]; then
apt update
#apt -y install dirmngr python-pip python-setuptools python-wheel patch
apt -y install dirmngr
#echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main" \
# >> /etc/apt/sources.list.d/iiab-ansible.list
echo "deb http://ppa.launchpad.net/ansible/ansible-2.6/ubuntu xenial main" \
>> /etc/apt/sources.list.d/iiab-ansible.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
fi
else
echo "WARN: Could not detect distro or distro unsupported"
exit 1
fi
else
#CURR_VER=`ansible --version | head -n 1 | cut -f 2 -d " "`
CURR_VER=`ansible --version | head -1 | awk '{print $2}'` # to match iiab-install
echo "Currently installed Ansible version is: $CURR_VER"
echo -e "INTERNET-IN-A-BOX GENERALLY REQUIRES ANSIBLE VERSION: $GOOD_VER or higher\n"
if [ -f /etc/centos-release ] || [ -f /etc/fedora-release ]; then
echo "Please use your system's package manager (or pip if nec) to update Ansible."
exit 0
elif [ -f /etc/olpc-release ]; then
echo "Please use pip package manager to update Ansible."
exit 0
#fi
#if [[ `grep -qi ansible /etc/apt/sources.list` ]] || [ -f /etc/apt/sources.list.d/ansible*.list ]; then
elif (grep -qi ansible /etc/apt/sources.list) || (ls /etc/apt/sources.list.d/*ansible*.list >/dev/null 2>&1) ; then
#echo "Ansible repo(s) found within /etc/apt/sources.list*"
echo -e 'CONSIDER MANUAL INTERVENTION:\nANSIBLE REPO(S) FOUND WITHIN /etc/apt/sources.list AND/OR /etc/apt/sources.list.d/*ansible*.list -- MUST CONTAIN LINE "deb http://ppa.launchpad.net/ansible/ansible-2.6/ubuntu xenial main" IF YOU WANT THE LATEST ANSIBLE 2.6.x -- AND REMOVE ALL SIMILAR LINES TO ENSURE ANSIBLE UPDATES CLEANLY -- then re-run this script.\n'
else
echo -e 'Upstream ansible source repo not found:\nPLEASE UNINSTALL ANSIBLE (run "apt purge ansible" or "pip uninstall ansible", depending how Ansible was originally installed) THEN RE-RUN THIS SCRIPT.'
exit 1
fi
fi
if [ ! -f /etc/centos-release ] && [ ! -f /etc/fedora-release ] && [ ! -f /etc/olpc-release ]; then
# Align IIAB with Ansible community's latest official release
echo "Using apt to check for updates, then install/upgrade ansible"
apt update
apt -y --allow-downgrades install ansible=2.6*
# TEMPORARILY USE ANSIBLE 2.4.4 (REMOVE IT WITH "pip uninstall ansible")
#pip install ansible==2.4.4
# TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. DETAILS @ https://github.com/iiab/iiab/issues/669
#echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"
#cd /tmp
#wget http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb
#apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb
fi
# needed?
mkdir -p /etc/ansible/
echo -e '[local]\nlocalhost\n' > /etc/ansible/hosts

32
scripts/calibre-install-latest-rpi-plus.sh Executable file
View file

@ -0,0 +1,32 @@
#!/bin/bash
# Calibre 3.27.1 .deb's were released for Raspbian 2018-07-22 but requires
# python-pyqt5 from debian testing, to overcome error:
#
# The following packages have unmet dependencies:
# calibre : Depends: python-pyqt5 (>= 5.11.2+dfsg-1) but 5.10.1+dfsg-2+rpi1 is to be installed
#
# More details @ https://github.com/iiab/iiab/issues/948 and
# https://www.mobileread.com/forums/showthread.php?p=3729117#post3729117
# Thanks to Jerry Vonau (https://github.com/jvonau) who made this critical
# breakthrough possible!
#
# SEE COMMENTS AT THE TOP OF scripts/calibre-install-packages.sh
export DEBIAN_FRONTEND=noninteractive
# Prepares to update from debian testing
apt-key adv --recv-key --keyserver keyserver.ubuntu.com 7638D0442B90D010
echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list.d/debian-testing.list
apt update
apt -y install python-pyqt5
rm /etc/apt/sources.list.d/debian-testing.list
# Prepares to update from raspbian testing
echo "deb http://raspbian.raspberrypi.org/raspbian/ testing main" > /etc/apt/sources.list.d/rpi-testing.list
apt update
apt -y install calibre calibre-bin
rm /etc/apt/sources.list.d/rpi-testing.list
# Clears the cache of testing
apt update

7
scripts/calibre-install-latest-rpi.sh
View file

@ -6,11 +6,12 @@
# SEE COMMENTS AT THE TOP OF scripts/calibre-install-packages.sh
export DEBIAN_FRONTEND=noninteractive
# Prepares to update to latest from testing
# Prepares to update to latest from raspbian testing
echo "deb http://raspbian.raspberrypi.org/raspbian/ testing main" > /etc/apt/sources.list.d/rpi-testing.list
apt update
apt -y install calibre calibre-bin
# Removes last line, safer than: rm /etc/apt/sources.list.d/rpi-testing.list
sed -i '$ d' /etc/apt/sources.list.d/rpi-testing.list
## Removes last line, safer than: rm /etc/apt/sources.list.d/rpi-testing.list
#sed -i '$ d' /etc/apt/sources.list.d/rpi-testing.list
rm /etc/apt/sources.list.d/rpi-testing.list
# Clears the cache of testing
apt update

7
scripts/calibre-install-latest.sh
View file

@ -8,12 +8,13 @@
export DEBIAN_FRONTEND=noninteractive
# Drags in stock desktop dependencies without too much from testing below
apt -y install dirmngr
# Prepares to update to latest from testing
# Prepares to update to latest from debian testing
apt-key adv --recv-key --keyserver keyserver.ubuntu.com 7638D0442B90D010
echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list.d/debian-testing.list
apt update
apt -y install libqt5core5a python-lxml calibre calibre-bin
# Removes last line, safer than: rm /etc/apt/sources.list.d/debian-testing.list
sed -i '$ d' /etc/apt/sources.list.d/debian-testing.list
## Removes last line, safer than: rm /etc/apt/sources.list.d/debian-testing.list
#sed -i '$ d' /etc/apt/sources.list.d/debian-testing.list
rm /etc/apt/sources.list.d/debian-testing.list
# Clears the cache of testing
apt update

4
scripts/calibre-install-packages.sh
View file

@ -32,12 +32,12 @@
# https://github.com/iiab/iiab/pull/833 # WORKED ON RPI 3 AND RPI 3 B+ BUT...
# https://github.com/iiab/iiab/issues/835 # FAILED ON RPI ZERO W, possibly due to libc6 (IF ABOVE STEP 2 NOT RUN!)
# FYI Calibre 3.26.0 is the latest available from testing as of 2018-06-21:
# FYI Calibre 3.26.1 and 3.27.1 are the latest available from testing as of 2018-07-10:
#
# http://raspbian.raspberrypi.org/raspbian/pool/main/c/calibre/
# http://archive.raspbian.org/raspbian/pool/main/c/calibre/
# https://packages.debian.org/search?keywords=calibre
# http://deb.debian.org/debian/pool/main/c/calibre/
# http://deb.debian.org/debian/pool/main/c/calibre/ ~= http://cdn-fastly.deb.debian.org/debian/pool/main/c/calibre/
#
# Might break future updates; you have been warned.

1
scripts/local_facts.fact
View file

@ -23,6 +23,7 @@ case $OS_VER in
"fedora-22" | \
"debian-8" | \
"debian-9" | \
"debian-10" | \
"ubuntu-16" | \
"ubuntu-17" | \
"ubuntu-18" | \

24
vars/debian-10.yml Normal file
View file

@ -0,0 +1,24 @@
is_debuntu: True
is_debian: True
is_debian_10: True
dns_service: bind9
dhcp_service: isc-dhcp-server
dns_user: bind
proxy: squid
proxy_user: proxy
apache_service: apache2
apache_config_dir: apache2/sites-available
apache_user: www-data
apache_log_dir: /var/log/apache2
smb_service: smbd
nmb_service: nmbd
systemctl_program: /bin/systemctl
mysql_service: mariadb
apache_log: /var/log/apache2/access.log
sshd_service: ssh
php_version: 7.1
postgresql_version: 10
systemd_location: /lib/systemd/system
# Upgrade OS's own Calibre to very latest:
calibre_via_debs: True
calibre_via_python: False

56
vars/default_vars.yml
View file

@ -1,7 +1,7 @@
# WARNING: DO NOT MODIFY THIS FILE.
# CHANGES WILL BE LOST IF YOU DO A GIT PULL OR FETCH.
# Instead put changes in local_vars.yml which is not tracked by git:
# http://wiki.iiab.io/local_vars.yml
# Instead put changes in your own /etc/iiab/local_vars.yml
# See http://wiki.iiab.io/local_vars.yml to learn more!
# By convention we use True/False to indicate boolean constants.
@ -22,6 +22,7 @@ download_timeout: 200
# Configuration File(s)
iiab_config_file: /etc/iiab/iiab.ini
iiab_local_vars_file: /etc/iiab/local_vars.yml
service_filelist: "{{ iiab_config_file }}"
# The following variable may be useful in debugging
@ -52,8 +53,9 @@ local_tz: "{{ ansible_date_time.tz }}"
# Read https://github.com/iiab/iiab/wiki/IIAB-Networking
# Also readable offline @ http://box/info/IIAB-Networking.html
# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 60 LINES, as enabled by Ansible's
# NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS.
# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 65 LINES, as enabled by Ansible's
# NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS below.
# SEE ALSO: /opt/iiab/iiab/roles/network/defaults/main.yml
iiab_hostname: box
iiab_domain: lan
@ -63,7 +65,7 @@ lan_netmask: 255.255.224.0
# Internal Wi-Fi Access Point
# Values are used if there is an internal Wi-Fi adapter and hostapd is enabled
# The platform variable adapts install to specific hardware (raspberry pi=rpi2)
# Raspbian req WiFi country since March 2018. CHANGE IT IN vars/local_vars.yml
# Raspbian req WiFi country since March 2018. CHANGE IT IN /etc/iiab/local_vars.yml
host_country_code: US
host_ssid: "Internet in a Box"
host_wifi_mode: g
@ -105,13 +107,20 @@ named_enabled: True
block_DNS: False
# dnsmasq
dnsmasq_install: False
dnsmasq_install: True
dnsmasq_enabled: False
# Captive Portal highly experimental as of June 2018: https://github.com/iiab/iiab/issues/608
# Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# For @tim-moody's Nodogsplash approach to Captive Portal? High experimental as of June 2018: github.com/iiab/iiab/issues/608
captive_portal_install: False
captive_portal_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False
# Squid
squid_install: False
squid_enabled: False
@ -158,8 +167,8 @@ schooltool_enabled: False
# 3-BASE-SERVER
# Needed if you want http://box/common/services/power_off.php to work
allow_apache_sudo: False
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# roles/httpd runs here
@ -179,6 +188,7 @@ sshd_enabled: True
# OpenVPN
vpn_presence: xscenet.net
openvpn_server_port: 1194
openvpn_server_virtual_ip: 10.8.0.1
openvpn_cron_enabled: False
openvpn_install: True
openvpn_enabled: False
@ -186,15 +196,15 @@ openvpn_enabled: False
# roles/network runs here (MANY SETTINGS ABOVE)
# Homepage
# Default to the GUI where the selection is made or override in local_vars.yml
iiab_home_url: /home
# You can change iiab_home_url in local_vars.yml in order to get a different
# homepage. For example one of the following: (assuming they are enabled)
# You can change iiab_home_url in /etc/iiab/local_vars.yml to get a different
# homepage. For example one of the following: (if its service is enabled!)
# iiab_home_url: /home
# iiab_home_url: /wordpress
# iiab_home_url: /wiki - either dokuwiki or mediawiki
# iiab_home_url: /wiki # for dokuwiki
# iiab_home_url: /mediawiki
# PostgreSQL auto-installed by Moodle &/or Pathagar as nec, no need to touch!
# roles/1-prep/tasks/computed_vars.yml, roles/4-server-options/tasks/main.yml
@ -295,14 +305,21 @@ wordpress_enabled: False
# KA Lite
kalite_install: True
kalite_enabled: False
kalite_server_port: 8008
kalite_root: "/library/ka-lite"
# Unused in 2018; but remain as placeholders for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: False
kalite_user: kalite
kalite_password_hash: $6$<salt>$KHET0XRRsgAY.wOWyTOI3W7dyDh0ESOr48uI5vtk2xdzsU7aw0TF4ZkNuM34RmHBGMJ1fTCmOyVobo0LOhBlJ/
kalite_password: kalite
kalite_server_name: kalite
kalite_server_port: 8008
kalite_enabled: False
kalite_cron_enabled: False
# Unused in 2018
# kalite_server_name: kalite
# Kolibri
kolibri_install: False
kolibri_enabled: False
kolibri_http_port: 8009
# Kiwix
kiwix_install: True
@ -326,6 +343,8 @@ pathagar_install: False
pathagar_enabled: False
# Sugarizer
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: True
sugarizer_enabled: False
sugarizer_port: 8089
@ -399,9 +418,10 @@ xovis_chart_heading: "My School: Usage Data Visualization"
# wide to narrow
is_debuntu: False
is_ubuntu: False
is_ubuntu_16: False
is_ubuntu_18: False
is_ubuntu_16: False
is_debian: False
is_debian_10: False
is_debian_9: False
is_debian_8: False
is_rpi: False

27
vars/local_vars_big.yml
View file

@ -1,4 +1,4 @@
# This is local_vars_big.yml -- copy it to local_vars.yml then...
# This is local_vars_big.yml -- copy it to /etc/iiab/local_vars.yml then...
# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml
@ -39,8 +39,6 @@ host_channel: 6
hostapd_secure: False
hostapd_password: changeme
dns_jail_enabled: False
# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
@ -49,8 +47,16 @@ services_externally_visible: True
# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# dnsmasq
dnsmasq_install: True
dnsmasq_enabled: False
# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False
# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these:
squid_install: True
@ -69,6 +75,9 @@ dansguardian_enabled: True
# 3-BASE-SERVER
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -159,8 +168,12 @@ wordpress_enabled: True
kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True
kolibri_install: True
kolibri_enabled: True
kiwix_install: True
kiwix_enabled: True
@ -177,11 +190,9 @@ pathagar_install: False
pathagar_enabled: False
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: True
sugarizer_enabled: True
# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal!
# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail
# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues
# 8-MGMT-TOOLS

27
vars/local_vars_big_vpn.yml
View file

@ -1,4 +1,4 @@
# This is local_vars_big_vpn.yml -- copy it to local_vars.yml then...
# This is local_vars_big_vpn.yml -- copy it to /etc/iiab/local_vars.yml then...
# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml
@ -39,8 +39,6 @@ host_channel: 6
hostapd_secure: False
hostapd_password: changeme
dns_jail_enabled: False
# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
@ -49,8 +47,16 @@ services_externally_visible: True
# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# dnsmasq
dnsmasq_install: True
dnsmasq_enabled: False
# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False
# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these:
squid_install: True
@ -69,6 +75,9 @@ dansguardian_enabled: True
# 3-BASE-SERVER
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -159,8 +168,12 @@ wordpress_enabled: True
kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True
kolibri_install: True
kolibri_enabled: True
kiwix_install: True
kiwix_enabled: True
@ -177,11 +190,9 @@ pathagar_install: False
pathagar_enabled: False
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: True
sugarizer_enabled: True
# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal!
# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail
# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues
# 8-MGMT-TOOLS

27
vars/local_vars_medium.yml
View file

@ -1,4 +1,4 @@
# This is local_vars_medium.yml -- copy it to local_vars.yml then...
# This is local_vars_medium.yml -- copy it to /etc/iiab/local_vars.yml then...
# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml
@ -39,8 +39,6 @@ host_channel: 6
hostapd_secure: False
hostapd_password: changeme
dns_jail_enabled: False
# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
@ -49,8 +47,16 @@ services_externally_visible: True
# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# dnsmasq
dnsmasq_install: True
dnsmasq_enabled: False
# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False
# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these:
squid_install: False
@ -69,6 +75,9 @@ dansguardian_enabled: False
# 3-BASE-SERVER
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -159,8 +168,12 @@ wordpress_enabled: True
kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True
kolibri_install: False
kolibri_enabled: False
kiwix_install: True
kiwix_enabled: True
@ -177,11 +190,9 @@ pathagar_install: False
pathagar_enabled: False
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: True
sugarizer_enabled: True
# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal!
# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail
# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues
# 8-MGMT-TOOLS

27
vars/local_vars_medium_vpn.yml
View file

@ -1,4 +1,4 @@
# This is local_vars_medium_vpn.yml -- copy it to local_vars.yml then...
# This is local_vars_medium_vpn.yml -- copy it to /etc/iiab/local_vars.yml then...
# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml
@ -39,8 +39,6 @@ host_channel: 6
hostapd_secure: False
hostapd_password: changeme
dns_jail_enabled: False
# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
@ -49,8 +47,16 @@ services_externally_visible: True
# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# dnsmasq
dnsmasq_install: True
dnsmasq_enabled: False
# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False
# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these:
squid_install: False
@ -69,6 +75,9 @@ dansguardian_enabled: False
# 3-BASE-SERVER
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -159,8 +168,12 @@ wordpress_enabled: True
kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True
kolibri_install: False
kolibri_enabled: False
kiwix_install: True
kiwix_enabled: True
@ -177,11 +190,9 @@ pathagar_install: False
pathagar_enabled: False
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: True
sugarizer_enabled: True
# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal!
# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail
# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues
# 8-MGMT-TOOLS

29
vars/local_vars_min.yml
View file

@ -1,4 +1,4 @@
# This is local_vars_min.yml -- copy it to local_vars.yml then...
# This is local_vars_min.yml -- copy it to /etc/iiab/local_vars.yml then...
# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml
@ -31,7 +31,7 @@ iiab_domain: lan
# Set to /home or /wordpress or /mediawiki or /wiki (for DokuWiki)
iiab_home_url: /home
# Raspbian requires WiFi country since March 2018. Please set it here:
# Raspbian requires Wi-Fi country since March 2018. Please set it here:
host_country_code: US
host_ssid: "Internet in a Box"
host_wifi_mode: g
@ -39,8 +39,6 @@ host_channel: 6
hostapd_secure: False
hostapd_password: changeme
dns_jail_enabled: False
# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
@ -49,8 +47,16 @@ services_externally_visible: True
# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# dnsmasq
dnsmasq_install: True
dnsmasq_enabled: False
# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False
# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these:
squid_install: False
@ -69,6 +75,9 @@ dansguardian_enabled: False
# 3-BASE-SERVER
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -159,8 +168,12 @@ wordpress_enabled: False
kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True
kolibri_install: False
kolibri_enabled: False
kiwix_install: True
kiwix_enabled: True
@ -177,11 +190,9 @@ pathagar_install: False
pathagar_enabled: False
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: False
sugarizer_enabled: False
# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal!
# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail
# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues
# 8-MGMT-TOOLS

27
vars/local_vars_min_vpn.yml
View file

@ -1,4 +1,4 @@
# This is local_vars_min_vpn.yml -- copy it to local_vars.yml then...
# This is local_vars_min_vpn.yml -- copy it to /etc/iiab/local_vars.yml then...
# Put variables herein to override /opt/iiab/iiab/vars/default_vars.yml
@ -39,8 +39,6 @@ host_channel: 6
hostapd_secure: False
hostapd_password: changeme
dns_jail_enabled: False
# Enables "campus access" to kiwix (3000), kalite (8008) & calibre (8010 or
# 8080) on WAN side of server. See network/templates/gateway/iiab-gen-iptables
# within github.com/iiab/iiab/blob/master/roles/
@ -49,8 +47,16 @@ services_externally_visible: True
# Make this True if client machines should have access to WAN/Internet:
iiab_gateway_enabled: False
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# dnsmasq
dnsmasq_install: True
dnsmasq_enabled: False
# Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network"
dns_jail_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: False
# Stages 3 & 4 must be run (using iiab-install or runrole) if changing these:
squid_install: False
@ -69,6 +75,9 @@ dansguardian_enabled: False
# 3-BASE-SERVER
# Make this False to disable http://box/common/services/power_off.php button:
allow_apache_sudo: True
# roles/mysql runs here (mandatory)
# 4-SERVER-OPTIONS
@ -159,8 +168,12 @@ wordpress_enabled: False
kalite_install: True
kalite_enabled: True
# Unused in 2018; but remains as placeholder for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: True
kolibri_install: False
kolibri_enabled: False
kiwix_install: True
kiwix_enabled: True
@ -177,11 +190,9 @@ pathagar_install: False
pathagar_enabled: False
# Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
# Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
sugarizer_install: False
sugarizer_enabled: False
# sugarizer_enabled is currently IGNORED as basic Sugarizer works w/o Journal!
# https://github.com/iiab/iiab/issues/193 Subsequent "./runrole sugarizer" fail
# https://github.com/iiab/iiab/issues/240 Sugarizer 0.8 to 0.9 ongoing issues
# 8-MGMT-TOOLS