external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:iiab/iiab into lokole-integration

Browse source
This commit is contained in:
Aidan Fitzgerald 2018-07-26 21:38:17 -04:00
commit a269cecf3b
94 changed files with 1727 additions and 762 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/0-init/tasks/hostname.yml
View file

@ -3,7 +3,7 @@
path: /etc/cloud/cloud.cfg
register: U18_server
- name: edit cloud.cfg yaml
- name: Edit cloud.cfg yaml
lineinfile:
dest: /etc/cloud/cloud.cfg
regexp: '^preserve_hostname*'

12
roles/0-init/tasks/iiab_ini.yml
View file

@ -1,5 +1,5 @@
# workaround for fact that auto create does not work on ini_file
- name: Create iiab config file
- name: Create /etc/iiab/iiab.ini (iiab_config_file)
file:
dest: "{{ iiab_config_file }}"
state: touch
@ -16,12 +16,12 @@
- option: iiab_dir
value: "{{ iiab_dir }}"
- name: add version section
- name: Add version section
ini_file:
dest: "{{ iiab_config_file }}"
section: version
option: "{{ item.option }}"
value: "{{ item.value }}"
dest: "{{ iiab_config_file }}"
section: version
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: distribution
value: "{{ ansible_distribution }}"

24
roles/0-init/tasks/main.yml
View file

@ -10,8 +10,8 @@
first_run: True
when: not NewInstall.stat.exists
# we need to inialize the ini file and only write the location and version sections once and only
# once to preserve the install date and git hash.
# We need to inialize the ini file and only write the location and version
# sections once and only once to preserve the install date and git hash.
- name: Write iiab_ini.yml for the first time
include_tasks: first_run.yml
when: first_run
@ -41,7 +41,8 @@
exFAT_enabled: True
when: xo_model != "none"
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
# Discover: do we have a gateway?
# If Ansible detects gateway, becomes WAN candidate.
- name: Finding gateway
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
@ -79,7 +80,7 @@
path: /tmp/heart-beat.txt
state: absent
# Put all computed vars here so derive properly from any prior var file
# Put all computed vars here so derive properly from any prior var file.
- name: If the TZ is not set in env, set it to UTC
include_tasks: tz.yml
@ -98,10 +99,10 @@
mysql_install: True
mysql_enabled: True
# we decided to enable mysql unconditionally
# We decided to enable mysql unconditionally.
# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install
# Commenting out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427
# Late 2017: Had commented out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427
- name: Turn on mongodb if sugarizer enabled
set_fact:
mongodb_install: True
@ -131,15 +132,14 @@
python_path: /usr/local/lib/python2.7/dist-packages/
when: is_debuntu
# for various reasons the mysql service can not be enabled on fedora 20,
# but 'mariadb', which is its real name can
# on fedora 18 we need to use 'mysqld'
# For various reasons the mysql service cannot be enabled on Fedora 20, but
# 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'.
- name: Set mysqld_service to mariadb by default
- name: Set mysql_service to mariadb by default
set_fact:
mysql_service: mariadb
- name: Set mysqld_service to mysqld etc (Fedora 18)
- name: Set mysql_service to mysqld etc (Fedora 18)
set_fact:
mysql_service: mysqld
no_NM_reload: True
@ -165,7 +165,7 @@
include_tasks: hostname.yml
when: FQDN_changed
- name: Add version section
- name: Add 'runtime' section alongside list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ iiab_config_file }}"
section: runtime

4
roles/2-common/tasks/packages.yml
View file

@ -14,14 +14,14 @@
- avahi-tools
when: is_redhat
- name: Download usbmount -- not in Debian Stretch (debian_9)
- name: Download usbmount -- not in Debian Stretch (debian-9)
get_url:
url: "{{ iiab_download_url }}/usbmount_0.0.14.1_all.deb"
dest: "{{ downloads_dir }}"
timeout: "{{ download_timeout }}"
when: internet_available and is_debian_9
- name: Install usbmount (debian_9)
- name: Install usbmount (debian-9)
command: apt install -y {{ downloads_dir }}/usbmount_0.0.14.1_all.deb
when: is_debian_9

5
roles/2-common/tasks/udev.yml
View file

@ -22,8 +22,9 @@
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
# ubuntu 16.04 comes with ansible 2.0.0.2 -- no systemd module
- name: Ask systemd to recognize the changes
shell: systemctl daemon-reload
- name: Ask systemd to reread unit files (daemon-reload)
systemd:
daemon_reload: yes
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
- name: Restart so systemd recognizes the changes

2
roles/4-server-options/README.rst
View file

@ -2,7 +2,7 @@
4-server-options README
=======================
Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /opt/iiab/iiab/vars/local_vars.yml
Whereas 3-base-server installs critical packages needed by all, this 4th stage installs a broad array of *options* -- depending on which server apps will be installed in later stages -- as specified in /etc/iiab/local_vars.yml
This includes some networking fundamentals, before they're configured later on.

2
roles/4-server-options/tasks/main.yml
View file

@ -85,7 +85,7 @@
src: roles/1-prep/templates/iiab_env.py.j2
dest: /etc/iiab/iiab_env.py
- name: Generate the offline documents
- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation (script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which runs the HTTPD playbook = roles/httpd/tasks/main.yml)
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs

6
roles/7-edu-apps/tasks/main.yml
View file

@ -9,6 +9,12 @@
when: kalite_install
tags: kalite
- name: KOLIBRI
include_role:
name: kolibri
when: kolibri_install
tags: kolibri
- name: KIWIX
include_role:
name: kiwix

11
roles/calibre/defaults/main.yml
View file

@ -5,7 +5,14 @@ calibre_web_path: calibre
# In addition to: http://box:8080 http://box/books box/libros box/livres box/livros box/liv
calibre_dbpath: "{{ content_base }}/calibre"
# i.e. /library/calibre
# i.e. /library/calibre (holds metadata.db + book directories + our users.sqlite)
calibre_userdb: "{{ calibre_dbpath }}/users.sqlite"
# i.e. /library/calibre/users.sqlite since github.com/iiab/iiab/issues/830
# Teachers add/remove/convert books & edit metadata using: Admin/changeme
# Stub/Student acnts to browse: box/box, h/h, ht/ht, m/m, mx/mx, p/p, pe/pe
# Edit accounts/permissions using:
# calibre-server --manage-users --userdb /library/calibre/users.sqlite
calibre_sample_book: "Metamorphosis-jackson.epub"
# Must be downloadable from http://download.iiab.io/packages
@ -14,5 +21,5 @@ calibre_src_url: "https://raw.githubusercontent.com/kovidgoyal/calibre/master/se
# USE TO TEST debs.yml (RASPBIAN APPROACH!) ON DEBIAN 9.X: (now handled by calibre_via_debs in /opt/iiab/iiab/vars/*)
#calibre_debs_on_debian: True
# Enable unstable .deb's, not just testing .deb's: (moved to vars/local_vars.yml & vars/default_vars.yml)
# Enable unstable .deb's, not just testing .deb's: (moved to /etc/iiab/local_vars.yml & /opt/iiab/iiab/vars/default_vars.yml)
#calibre_unstable_debs: False

6
roles/calibre/tasks/create-db.yml
View file

@ -1,9 +1,3 @@
- name: Create /library/calibre (mandatory since Calibre 3.x)
file:
path: "{{ calibre_dbpath }}"
state: directory
#mode: 0755
- name: Check if sample book exists in /opt/iiab/downloads
stat:
path: "{{ content_base }}/downloads/{{ calibre_sample_book }}"

3
roles/calibre/tasks/debs.yml
View file

@ -28,7 +28,8 @@
# when: is_rpi and internet_available
- name: Upgrade to latest Calibre using .deb's from testing (rpi)
command: scripts/calibre-install-latest-rpi.sh # SEEMS TO ONCE AGAIN WORK since Calibre 3.26.0 (Calibre 3.24-3.25 required above prereq calibre-install-packages.sh then Debian's own calibre-install-latest.sh to be bootable in Zero W)
command: scripts/calibre-install-latest-rpi-plus.sh # HOPE IT WORKS FOR Calibre 3.27.1+ starting 2018-07-22 -- PLEASE TEST IF BOOTABLE IN Zero W?
#command: scripts/calibre-install-latest-rpi.sh # WORKED FOR Calibre 3.26.x (Calibre 3.24.x & 3.25 required above prereq calibre-install-packages.sh then Debian's own calibre-install-latest.sh to be bootable in Zero W)
when: is_rpi and internet_available
- name: Upgrade to Calibre testing .deb's - target Ubuntu 16.04 (not rpi and not ubuntu_18)

31
roles/calibre/tasks/main.yml
View file

@ -32,7 +32,7 @@
# - run testing branch for Ubuntu 16.04: scripts/calibre-install-latest.sh
# - run unstable branch for Debian etc: scripts/calibre-install-unstable.sh
- name: Create calibre-serve.service and calibre.conf
- name: Create calibre-serve.service and calibre.conf (IF /usr/bin/calibre WAS MISSING)
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@ -40,15 +40,17 @@
group: root
mode: "{{ item.mode }}"
backup: no
register: calibre_config
# register: calibre_config
with_items:
- { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service', mode: '0644'}
- { src: 'calibre.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
when: (not calib_executable.stat.exists)
- name: Force systemd to reread configs
- name: Force systemd to reread configs (IF /usr/bin/calibre WAS MISSING)
systemd:
daemon_reload: yes
when: calibre_config.changed
when: (not calib_executable.stat.exists)
# when: calibre_config.changed
# 2. STOP CALIBRE SERVICE IF IT EXISTS (REQUIRED FOR DB ACTIVITY...AND IF not calibre_enabled)
@ -67,7 +69,24 @@
# failed_when: false # Never Fail during "systemctl stop calibre-serve" (even if service doesn't exist!)
# when: calibre_svc.stat.exists
# 3. CREATE DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x)
# 3. CREATE USER DATABASE
- name: Create /library/calibre (mandatory since Calibre 3.x)
file:
path: "{{ calibre_dbpath }}"
state: directory
#mode: 0755
- name: Copy template userdb to /library/calibre/users.sqlite (IF /usr/bin/calibre WAS MISSING)
copy:
src: /opt/iiab/iiab/roles/calibre/templates/users.sqlite
dest: "{{ calibre_userdb }}"
owner: root
group: root
mode: 0644
when: (not calib_executable.stat.exists)
# 4. CREATE CONTENT DATABASE WITH A SAMPLE BOOK (REQUIRED AS OF CALIBRE 3.x)
- name: Check if /library/calibre/metadata.db exists
stat:
@ -78,7 +97,7 @@
include_tasks: create-db.yml
when: not calibre_db.stat.exists
# 4. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC
# 5. WRAP UP: ENABLE CALIBRE SERVICE, http://box/books ETC
# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/books ARE A MESS (BOOKS RARELY DISPLAY)
- name: Create calibre.conf link for UNTESTED http://box/books etc (debuntu)

2
roles/calibre/templates/calibre-serve.service.j2
View file

@ -6,7 +6,7 @@ After=syslog.target network.target local-fs.target
Type=forking
PIDFile=/var/run/calibre.pid
TimeoutStartSec=400
ExecStart=/usr/bin/calibre-server --daemonize --log=/var/log/calibre.log --pidfile=/var/run/calibre.pid --port={{ calibre_port }} {{ calibre_dbpath }}
ExecStart=/usr/bin/calibre-server --daemonize --log=/var/log/calibre.log --pidfile=/var/run/calibre.pid --port={{ calibre_port }} --enable-auth --userdb={{ calibre_userdb }} {{ calibre_dbpath }}
[Install]
TimeoutStartSec=900

2
roles/calibre/templates/calibre.conf
View file

@ -1,4 +1,4 @@
# http://box/XYZ mnemonic if properly set within /opt/iiab/iiab/vars/local_vars.yml
# http://box/XYZ mnemonic if properly set within /etc/iiab/local_vars.yml
ProxyPass /{{ calibre_web_path }} http://localhost:{{ calibre_port }}
ProxyPassReverse /{{ calibre_web_path }} http://localhost:{{ calibre_port }}

BIN
roles/calibre/templates/users.sqlite Normal file
View file

Binary file not shown.

2
roles/elgg/defaults/main.yml
View file

@ -1,5 +1,5 @@
elgg_xx: elgg
elgg_version: "2.3.7"
elgg_version: "2.3.8"
# elgg_mysql_password: defined in default_vars
elgg_url: /elgg

23
roles/homepage/tasks/main.yml
View file

@ -1,16 +1,19 @@
- name: Create home directory
file: path={{ doc_root }}/home
mode=0755
owner={{ apache_user }}
group={{ apache_user }}
state=directory
file:
path: "{{ doc_root }}/home"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: 0755
state: directory
- name: Install admin homepage into apache2
template: src=iiab-homepage.conf
dest=/etc/{{ apache_config_dir }}/iiab-homepage.conf
template:
src: iiab-homepage.conf
dest: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
- name: Enable the home page
file: src=/etc/{{ apache_config_dir }}/iiab-homepage.conf
dest=/etc/apache2/sites-enabled/iiab-homepage.conf
state=link
file:
src: "/etc/{{ apache_config_dir }}/iiab-homepage.conf"
dest: /etc/apache2/sites-enabled/iiab-homepage.conf
state: link
when: is_debuntu

46
roles/httpd/files/html/credits.html
View file

@ -10,35 +10,39 @@
<BODY>
<h1>Internet-in-a-Box Credits</h1>
The XSCE School Server known as Internet-in-a-Box includes a variety of educational and other content and applications which are attributed as follows:<br><br>
All Wikipedia content is available for free at <a href="http://www.wikipedia.org/">www.wikipedia.org</a>.<br>
All other Wikimedia content is available for free via links at <a href="http://www.wikimedia.org/">www.wikimedia.org</a>.<br>
All Khan Academy content is available for free at <a href="http://www.khanacademy.org/">www.khanacademy.org</a>.<br>
All CK-12 content is available for free at <a href="http://www.ck-12.org/">www.ck-12.org</a>.<br>
All PhET Interactive Simulations content is available for free at <a href="http://phet.colorado.edu">phet.colorado.edu</a>.<br>
All MedLine content is available for free at <a href="http://www.nlm.nih.gov/medlineplus/">www.nlm.nih.gov/medlineplus</a>.<br>
All Hesperian content is available for free at <a href="http://www.hesperian.org/">www.hesperian.org</a>.<br>
All Gutenberg content is available for free at <a href="http://www.gutenberg.org/">www.gutenberg.org</a>.<br>
All OLPC content is available for free at <a href="http://wiki.laptop.org/go/Library_grid">www.laptop.org</a>.<br>
All MIT Scratch content is available for free at <a href="http://scratch.mit.edu">scratch.mit.edu</a>.<br>
All UNESCO's IICBA content is available for free at <a href="http://www.eng.unesco-iicba.org/elibrary">www.eng.unesco-iicba.org</a>.<br>
All Math Expression content is available for free at <a href="http://www.mathexpression.com">www.mathexpression.com</a>.<br>
All Music Theory content is available for free at <a href="http://www.musictheory.net">www.musictheory.net</a>.<br><br>
Internet-in-a-Box (formerly known as XSCE School Server) includes a variety of educational content and applications which are attributed as follows:<br><br>
All Wikipedia content is available for free at <a href="https://www.wikipedia.org/">www.wikipedia.org</a>.<br>
All other Wikimedia content is available for free via links at <a href="https://www.wikimedia.org/">www.wikimedia.org</a>.<br>
All Khan Academy content is available for free at <a href="https://www.khanacademy.org/">www.khanacademy.org</a>.<br>
All CK-12 content is available for free at <a href="https://www.ck12.org/">www.ck12.org</a>.<br>
All PhET Interactive Simulations content is available for free at <a href="https://phet.colorado.edu">phet.colorado.edu</a>.<br>
All MedLine content is available for free at <a href="https://medlineplus.gov/">medlineplus.gov</a>.<br>
All Hesperian content is available for free at <a href="https://hesperian.org/">hesperian.org</a>.<br>
Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at <a href="http://www.mawared.org">mawared.org</a>.<br>
All Gutenberg content is available for free at <a href="https://www.gutenberg.org/">www.gutenberg.org</a>.<br>
All OLPC content is available for free at <a href="http://wiki.laptop.org/go/Collections">wiki.laptop.org</a>.<br>
All MIT Scratch content is available for free at <a href="https://scratch.mit.edu">scratch.mit.edu</a>.<br>
All UNESCO's IICBA content is available for free at <a href="http://www.iicba.unesco.org/?q=elibrary">www.iicba.unesco.org/</a>.<br>
All Math Expression content is available for free at <a href="https://www.mathexpression.com/">www.mathexpression.com</a>.<br>
All Music Theory content is available for free at <a href="https://www.musictheory.net/">www.musictheory.net</a>.<br>
All HealthPhone content is available for free at <a href="http://www.healthphone.org/">www.healthphone.org</a>.<br>
All Centers for Disease Control content is available for free at <a href="https://www.cdc.gov/">www.cdc.gov</a>.<br>
All Global Emergency Medicine Wiki content is available for free at <a href="https://wikem.org/wiki/Main_Page">wikem.org/wiki/Main_Page</a>.<br><br>
Internet-in-a-Box also includes the work of content aggregators which we gratefully acknowledge:<br><br>
RACHEL is a curation of selected offline content at <a href="http://www.rachel.worldpossible.org/">www.rachel.worldpossible.org</a>.<br>
Kiwix is a Zim server and repository of Wikimedia and other content in a compressed Zim file format at <a href="http://www.kiwix.org/">www.kiwix.org</a>.<br>
KA Lite is a server and repository of Khan Academy content in various languages at <a href="http://learningequality.org/ka-lite/">learningequality.org/ka-lite</a>.<br><br>
RACHEL is a curation of selected offline content at <a href="http://oer2go.org/">oer2go.org</a>.<br>
Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at <a href="http://www.kiwix.org/">www.kiwix.org</a>.<br>
KA Lite is a server and repository of Khan Academy content in various languages at <a href="https://learningequality.org/ka-lite/">learningequality.org/ka-lite</a>.<br><br>
Internet-in-a-Box also contains a number of applications each of which has its own attribution information which is included.<br><br>
Internet-in-a-Box also contains a number of applications each of which has its own attribution information, which is included.<br><br>
This Internet-in-a-Box distribution resides at <a href="http://github.com/XSCE/iiab">github.com/XSCE/iiab</a>.<br><br>
This Internet-in-a-Box distribution resides at <a href="https://github.com/iiab">github.com/iiab</a>.<br><br>
It is licensed under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.<br><br>
Licensing information may be found at <a href="http://github.com/XSCE/iiab/blob/master/LICENSE">github.com/XSCE/iiab/blob/master/LICENSE</a>.<br>
Licensing information may be found at <a href="https://github.com/iiab/iiab/blob/master/LICENSE.md">github.com/iiab/iiab/blob/master/LICENSE.md</a>.<br>
</BODY>
<script type="text/javascript" src="incl/xs-portal.js"></script>

8
roles/httpd/tasks/main.yml
View file

@ -53,7 +53,6 @@
- name: Remove the default apache2 config file (debuntu)
file:
path: /etc/apache2/sites-enabled/000-default.conf
src: /etc/apache2/sites-available/000-default.conf
state: absent
when: is_debuntu
@ -170,7 +169,12 @@
tags:
- base
- name: Place the script to generate homepages
# Fixes search @ http://box/modules/es-wikihow - see https://github.com/iiab/iiab/issues/829
- include_tasks: php-stem.yml
tags:
- base
- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation (will be run at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
template:
src: refresh-wiki-docs.sh
dest: /usr/bin/iiab-refresh-wiki-docs

38
roles/httpd/tasks/php-stem.yml Normal file
View file

@ -0,0 +1,38 @@
# Fixes search @ http://box/modules/es-wikihow (popular with Spanish youth)
# Source code: http://download.iiab.io/packages/php-stem.src.tar
# June 2018 debugging & compilation thanks to Tim Moody & George Hunt
# Original bug: https://github.com/iiab/iiab/issues/829
#- name: Download php-stem.rpi.tar
# command: cd /; wget http://download.iiab.io/packages/php-stem.rpi.tar
# when: is_rpi
#- name: Download php-stem.x86.tar
# command: cd /; wget http://download.iiab.io/packages/php-stem.x64.tar
# when: not is_rpi
- name: Download & unpack php-stem.rpi.tar to / (rpi)
unarchive:
src: http://download.iiab.io/packages/php-stem.rpi.tar
dest: /
owner: root
group: root
#mode: ????
remote_src: yes
when: is_rpi
- name: Download & unpack php-stem.x86.tar to / (not rpi)
unarchive:
src: http://download.iiab.io/packages/php-stem.x64.tar
dest: /
owner: root
group: root
#mode: ????
remote_src: yes
when: not is_rpi
# No need to do this twice? Happens later @ https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml#L24-L28
#- name: Restart apache2 / httpd
# service:
# name: "{{ apache_service }}"
# state: restarted

32
roles/kalite/defaults/main.yml
View file

@ -1,21 +1,29 @@
---
# The values here are defaults.
# To override them edit the main var definitions in iiab/vars
kalite_version: "0.17.4"
# To override them edit /etc/iiab/local_vars.yml
kalite_install: True
kalite_enabled: False
kalite_version: "0.17.5"
kalite_repo_url: "https://github.com/learningequality/ka-lite.git"
kalite_requirements: "https://raw.githubusercontent.com/learningequality/ka-lite/master/requirements.txt"
kalite_venv: "/usr/local/kalite/venv"
kalite_program: "{{ kalite_venv }}/bin/kalite"
kalite_requirements: "https://raw.githubusercontent.com/learningequality/ka-lite/master/requirements.txt"
kalite_root: "/library/ka-lite"
kalite_server_port: 8008
kalite_admin_user: Admin
kalite_admin_password: changeme
# Unused in 2018; but remain as placeholders for Fedora 18 legacy (XO laptops)
kalite_cron_enabled: False
kalite_user: kalite
# obtain a password hash with - python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")'
kalite_password_hash: $6$<salt>$KHET0XRRsgAY.wOWyTOI3W7dyDh0ESOr48uI5vtk2xdzsU7aw0TF4ZkNuM34RmHBGMJ1fTCmOyVobo0LOhBlJ/
kalite_password: kalite
kalite_admin_user: Admin
kalite_admin_password: changeme
kalite_server_name: kalite
kalite_server_port: 8008
kalite_enabled: False
kalite_cron_enabled: False
khan_assessment_install: True
khan_assessment_url: "http://pantry.learningequality.org/downloads/ka-lite/0.16/content/khan_assessment.zip"
# Unused in 2018
# kalite_server_name: kalite
# khan_assessment_install: True
# khan_assessment_url: "http://pantry.learningequality.org/downloads/ka-lite/0.16/content/khan_assessment.zip"

2
roles/kalite/tasks/assessment.yml
View file

@ -8,7 +8,7 @@
- name: Run the assessment setup using kalite manage
command: "{{ kalite_program }} manage unpack_assessment_zip {{ downloads_dir }}/khan_assessment.zip"
environment:
KALITE_HOME: "{{ kalite_root }}"
KALITE_HOME: "{{ kalite_root }}"
async: 900
poll: 10
when: not khan_assessment_installed.stat.exists or khan_assessment_installed.stat.size < 20000

28
roles/kalite/tasks/enable.yml
View file

@ -2,26 +2,30 @@
# And the systemd unit files should be defined
- name: Enable 'kalite-serve' service
service: name=kalite-serve
enabled=yes
state=started
service:
name: kalite-serve
enabled: yes
state: started
- name: Disable 'kalite-serve' service
service: name=kalite-serve
enabled=no
state=stopped
service:
name: kalite-serve
enabled: no
state: stopped
when: not kalite_enabled
# Since Fedora 18 we don't have a separate unit file for kalite-cron
- name: Disable kalite cron server F18
service: name=kalite-cron
enabled=no
state=stopped
service:
name: kalite-cron
enabled: no
state: stopped
when: not kalite_cron_enabled and is_F18
- name: Enable kalite cron server F18
service: name=kalite-cron
enabled=yes
state=started
service:
name: kalite-cron
enabled: yes
state: started
when: kalite_cron_enabled and is_F18

73
roles/kalite/tasks/install-f18.yml
View file

@ -1,66 +1,75 @@
# This is for Fedora 18, assumed to be an XO
- name: Install dependent packages (Fedora 18)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- python-psutil
- expect
when: is_F18
- name: Install dependent pip packages (Fedora 18)
pip: name=selenium
pip:
name: selenium
when: internet_available and is_F18
- name: Determine if KA Lite is already downloaded
stat: path={{ downloads_dir }}/ka-lite
stat:
path: "{{ downloads_dir }}/ka-lite"
register: kalite
- name: Download the latest KA Lite repo
git: repo={{ kalite_repo_url }}
dest={{ downloads_dir }}/ka-lite
depth=1
version="0.13.x"
git:
repo: "{{ kalite_repo_url }}"
dest: "{{ downloads_dir }}/ka-lite"
depth: 1
version: 0.13.x
ignore_errors: yes
when: internet_available and kalite.stat.exists is defined and not kalite.stat.exists
- name: Create iiab-kalite user and password (Fedora 18)
user: name={{ kalite_user }}
password={{ kalite_password_hash }}
update_password=on_create
user:
name: "{{ kalite_user }}"
password: "{{ kalite_password_hash }}"
update_password: on_create
- name: Create kalite_root directory (Fedora 18)
file: path={{ kalite_root }}
owner=root
group=root
mode=0755
state=directory
file:
path: "{{ kalite_root }}"
owner: root
group: root
mode: 0755
state: directory
- name: Copy the KA Lite repo into place (Fedora 18)
command: "rsync -at {{ downloads_dir }}/ka-lite/ {{ kalite_root }}"
- name: Make kalite_user owner
file: path={{ kalite_root }}
owner={{ kalite_user }}
group={{ kalite_user }}
recurse=yes
state=directory
file:
path: "{{ kalite_root }}"
owner: "{{ kalite_user }}"
group: "{{ kalite_user }}"
recurse: yes
state: directory
# local_settings is deprecated
- name: Copy local_settings file
template: src=f18/local_settings.py.j2
dest="{{ kalite_root }}/kalite/local_settings.py"
owner={{ kalite_user }}
group={{ kalite_user }}
mode=0644
template:
src: f18/local_settings.py.j2
dest: "{{ kalite_root }}/kalite/local_settings.py"
owner: "{{ kalite_user }}"
group: "{{ kalite_user }}"
mode: 0644
- name: Create kalite-serve & kalite-cron services, and iiab_cronservectl.sh
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
template:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'f18/kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'}
- { src: 'f18/kalite-cron.service.j2', dest: '/etc/systemd/system/kalite-cron.service', mode: '0644'}

4
roles/kalite/tasks/install.yml
View file

@ -32,7 +32,7 @@
# extra_args="--disable-pip-version-check"
when: internet_available and is_debuntu
#- name: Install KA Lite non-static + reqs file with pip - (OS's other than debuntu)
#- name: Install KA Lite non-static + reqs file with pip (OS's other than debuntu)
# pip: requirements={{ pip_packages_dir }}/kalite.txt
# virtualenv={{ kalite_venv }}
# virtualenv_site_packages=no
@ -40,7 +40,7 @@
# extra_args="--disable-pip-version-check"
# when: internet_available and not is_debuntu
- name: Install KA Lite static with pip - (OS's other than debuntu)
- name: Install KA Lite static with pip (OS's other than debuntu)
pip:
name: ka-lite-static
version: "{{ kalite_version }}"

16
roles/kalite/tasks/main.yml
View file

@ -4,16 +4,17 @@
- name: Calc KA Lite db file name (Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite"
kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite"
when: is_F18
- name: Calc KA Lite db file name (OS's other than Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/database/data.sqlite"
kalite_db_name: "{{ kalite_root }}/database/data.sqlite"
when: not is_F18
- name: See if KA Lite is already configured
stat: path="{{ kalite_db_name }}"
stat:
path: "{{ kalite_db_name }}"
register: kalite_installed
- include_tasks: install-f18.yml
@ -22,8 +23,9 @@
- include_tasks: install.yml
when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18
- name: Ask systemd to reread the unit files
shell: systemctl daemon-reload
- name: Ask systemd to reread unit files (daemon-reload)
systemd:
daemon_reload: yes
when: not kalite_installed.stat.exists
- include_tasks: setup-f18.yml
@ -47,13 +49,9 @@
value: '"KA Lite is a server to present Khan Academy videos offline and to download them."'
- option: path
value: "{{ kalite_root }}"
- option: server_name
value: "{{ kalite_server_name }}"
- option: port
value: "{{ kalite_server_port }}"
- option: enabled
value: "{{ kalite_enabled }}"
- option: cron_enabled
value: "{{ kalite_cron_enabled }}"
- option: khan_assessment_install
value: "{{ khan_assessment_install }}"

13
roles/kalite/tasks/setup.yml
View file

@ -1,15 +1,16 @@
# This is for an OS other than Fedora 18
- name: Create kalite_root directory
file: path={{ kalite_root }}/httpsrv/static
owner=root
group=root
mode=0755
state=directory
file:
path: "{{ kalite_root }}/httpsrv/static"
owner: root
group: root
mode: 0755
state: directory
- name: Run the setup using 'kalite manage'
command: "{{ kalite_program }} manage setup --username={{ kalite_admin_user }} --password={{ kalite_admin_password }} --noinput"
environment:
KALITE_HOME: "{{ kalite_root }}"
KALITE_HOME: "{{ kalite_root }}"
async: 900
poll: 10

13
roles/kiwix/defaults/main.yml
View file

@ -2,8 +2,8 @@
# As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/
kiwix_version_armhf: "kiwix-tools_linux-armhf-0.6.0"
kiwix_version_linux64: "kiwix-tools_linux-i586-0.6.0"
kiwix_version_i686: "kiwix-tools_linux-x86_64-0.6.0"
kiwix_version_linux64: "kiwix-tools_linux-x86_64-0.6.0"
kiwix_version_i686: "kiwix-tools_linux-i586-0.6.0"
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")
# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier:
@ -12,12 +12,11 @@ kiwix_version_i686: "kiwix-tools_linux-x86_64-0.6.0"
kiwix_src_file_armhf: "{{ kiwix_version_armhf }}.tar.gz"
kiwix_src_file_linux64: "{{ kiwix_version_linux64 }}.tar.gz"
kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.bz2"
kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.gz"
kiwix_port: 3000
# Expected to be used soon for Kiwix proxy:
# Used for Kiwix proxy http://box/kiwix/
kiwix_url: /kiwix/
# Unused in Nov 2017, but should be:
kiwix_path: "{{ iiab_base }}/kiwix"
# /library/zims contains 3 important things:
@ -26,13 +25,9 @@ kiwix_path: "{{ iiab_base }}/kiwix"
# - index directory for legacy *.zim.idx's
iiab_zim_path: "{{ content_base }}/zims"
kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# Unused: (Nov 2017)
# kiwix_content_path: "{{ iiab_zim_path }}/content"
# Installation Variables
kiwix_install: True
kiwix_enabled: True
# MOVE FILE /opt/iiab/kiwix/bin/kiwix-serve TO FORCE A REINSTALL OF kiwix-tools
kiwix_force_install: False
# Unused: (Nov 2017)
# kiwix_content_found: False

35
roles/kiwix/tasks/kiwix_install.yml
View file

@ -58,9 +58,8 @@
state: directory
# 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install
# (We get a whole web server for i686 but only kiwix execs for linux64 & armhf)
- name: Unarchive kiwix-tools .tar.gz or .tar.bz2 to /tmp
- name: Unarchive kiwix-tools .tar.gz to /tmp
unarchive:
src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
dest: /tmp
@ -68,34 +67,9 @@
group: root
when: kiwix_force_install
- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64)
- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686)
shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/"
when: kiwix_force_install and not kiwix_src_contains_bin
- name: Move /tmp/{{ kiwix_src_dir }}/bin/* to permanent location /opt/iiab/kiwix/bin (i686)
shell: "mv /tmp/{{ kiwix_src_dir }}/bin/* {{ kiwix_path }}/bin/"
when: kiwix_force_install and kiwix_src_contains_bin
#- name: Unarchive Kiwix binaries to permanent location (NOT i686)
# unarchive:
# src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
# dest: "{{ kiwix_path }}/bin"
# owner: root
# group: root
# when: kiwix_src_bin_only and kiwix_force_install
#- name: Unarchive kiwix*i686.tar.bz2 to /tmp (i686)
# unarchive:
# src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
# dest: /tmp
# # dest: "{{ iiab_base }}"
# owner: root
# group: root
# when: not kiwix_src_bin_only and kiwix_force_install
#
#- name: Move /tmp/kiwix*i686/bin/* to permanent location /opt/iiab/kiwix/bin (i686)
# shell: "mv /tmp/kiwix*i686/bin/* {{ kiwix_path }}/bin/"
# when: not kiwix_src_bin_only and kiwix_force_install
when: kiwix_force_install
# 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
@ -193,8 +167,5 @@
value: "{{ iiab_zim_path }}"
- option: kiwix_library_xml
value: "{{ kiwix_library_xml }}"
# The following 2 lines are unused: (Nov 2017)
# - option: kiwix_content_path
# value: "{{ kiwix_content_path }}"
- option: enabled
value: "{{ kiwix_enabled }}"

3
roles/kiwix/tasks/main.yml
View file

@ -2,21 +2,18 @@
set_fact:
kiwix_src_dir: "{{ kiwix_version_armhf }}"
kiwix_src_file: "{{ kiwix_src_file_armhf }}"
kiwix_src_contains_bin: False
when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_linux64 }}"
kiwix_src_file: "{{ kiwix_src_file_linux64 }}"
kiwix_src_contains_bin: False
when: ansible_machine == "x86_64"
- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_i686 }}"
kiwix_src_file: "{{ kiwix_src_file_i686 }}"
kiwix_src_contains_bin: True
when: ansible_machine == "i686"
# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017)

67
roles/kolibri/README.rst Normal file
View file

@ -0,0 +1,67 @@
==============
Kolibri README
==============
This Ansible role installs Kolibri within Internet-in-a-Box. Kolibri is an
open-source educational platform specially designed to provide offline access
to a wide range of quality, openly licensed educational contents in
low-resource contexts like rural schools, refugee camps, orphanages, and also
in non-formal school programs.
Access
------
If enabled and with the default settings Kolibri should be accessible at http://box:8009
To login to Kolibri enter
Username: Admin
Password: changeme
Configuration Parameters
------------------------
Please look in defaults/main.yml for the default values of the various install parameters. Everything
in this readme assumes the default values.
Automatic Device Provisioning
-----------------------------
When kolibri_provision is enabled, the installation will setup the following settings:
Kolibri Facility name: 'Kolibri-in-a-Box'
Kolibri Preset type: formal (Other options are nonformal, informal)
Kolibri default language: en (Otherwise language are ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu)
Kolibri Admin User: Admin
Kolibri Admin password: changeme
Cloning content
---------------
Kolibri 0.10 introduced `kolibri manage deprovision` which will remove
user configuration, leaving content intact. You can then copy/clone /library/kolibri
to a new location.
Troubleshooting
----------------
You can run the server manually with the following commands:
systemctl stop kolibri (make sure the systemd service is not running)
export KOLIBRI_HOME=/library/kolibri
export KOLIBRI_HTTP_PORT=8009 (otherwise Kolibri will try to run on default port 8080)
kolibri start
To return to using the systemd unit:
kolibri stop
systemctl start kolibri

35
roles/kolibri/defaults/main.yml Normal file
View file

@ -0,0 +1,35 @@
# The values here are defaults.
# To override them edit /etc/iiab/local_vars.yml
# Installation Variables
kolibri_install: False
kolibri_enabled: False
# Kolibri folder to store its data and configuration files.
kolibri_home: "{{ content_base }}/kolibri"
kolibri_http_port: 8009
kolibri_url: /kolibri/
kolibri_path: "{{ iiab_base }}/kolibri"
# 2018-07-16: IIAB recommends /usr/bin but @arky says this isn't yet possible, due to pip
kolibri_exec_path: /usr/local/bin/kolibri
# Kolibri system user
kolibri_user: kolibri
# Kolibri setup will be provisioned with default administration account, preset and
# language. You could turn this to 'False' while reinstalling kolibri.
kolibri_provision: True
# Kolibri Facility name
kolibri_facility: Kolibri-in-a-Box
# Kolibri Preset type: formal, nonformal, informal
kolibri_preset: formal
# Kolibri default language (ar,bn-bd,en,es-es,fa,fr-fr,hi-in,mr,nyn,pt-br,sw-tz,ta,te,ur-pk,yo,zu)
kolibri_language: en
# Kolibri admin account
kolibri_admin_user: Admin
kolibri_admin_password: changeme

96
roles/kolibri/tasks/main.yml Normal file
View file

@ -0,0 +1,96 @@
- name: Create Linux user {{ kolibri_user }} and add it to groups {{ apache_user }}, disk
user:
name: "{{ kolibri_user }}"
groups:
- "{{ apache_user }}"
- disk
state: present
shell: /bin/false
system: yes
create_home: no
- name: Create /library/kolibri to store data and configuration files
file:
path: "{{ item }}"
owner: "{{ kolibri_user }}"
group: "{{ apache_user }}"
mode: 0755
state: directory
with_items:
- "{{ kolibri_home }}"
- name: Install kolibri using pip on all OS's
pip:
name: kolibri
state: latest
extra_args: --no-cache-dir
when: internet_available
- name: Create kolibri systemd service unit file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service', mode: '0644' }
- name: Ask systemd to reread unit files (daemon-reload)
systemd:
daemon_reload: yes
- name: Set kolibri default language
shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}"
ignore_errors: yes
when: kolibri_provision
- name: Create kolibri default facility name, admin account and language
shell: >
export KOLIBRI_HOME="{{ kolibri_home }}" &&
"{{ kolibri_exec_path }}" manage provisiondevice --facility "{{ kolibri_facility }}"
--superusername "{{ kolibri_admin_user }}" --superuserpassword "{{ kolibri_admin_password }}"
--preset "{{ kolibri_preset }}" --language_id "{{ kolibri_language }}" --verbosity 0 --noinput
ignore_errors: yes
when: kolibri_provision
- name: Change /library/kolibri directory permissions
file:
path: "{{ kolibri_home }}"
owner: "{{ kolibri_user }}"
group: "{{ apache_user }}"
recurse: yes
- name: Enable kolibri service
service:
name: kolibri
enabled: yes
state: restarted
when: kolibri_enabled
- name: Disable kolibri service
service:
name: kolibri
enabled: no
state: stopped
when: not kolibri_enabled
- name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: kolibri
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: kolibri
- option: description
value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."'
- option: kolibri_url
value: "{{ kolibri_url }}"
- option: kolibri_path
value: "{{ kolibri_path }}"
- option: kolibri_port
value: "{{ kolibri_http_port }}"
- option: enabled
value: "{{ kolibri_enabled }}"

16
roles/kolibri/templates/kolibri.service.j2 Normal file
View file

@ -0,0 +1,16 @@
[Unit]
Description=Kolibri
[Service]
Type=forking
RemainAfterExit=yes
Environment=KOLIBRI_USER={{ kolibri_user }}
Environment=KOLIBRI_HOME={{ kolibri_home }}
Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }}
User={{ kolibri_user }}
Group={{ apache_user }}
ExecStart={{ kolibri_exec_path }} start
ExecStop={{ kolibri_exec_path }} stop
[Install]
WantedBy=multi-user.target

4
roles/mongodb/defaults/main.yml
View file

@ -1,2 +1,6 @@
mongodb_install: False
mongodb_enabled: False
mongodb_conf: /etc/mongod.conf
mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # == /library/dbdata/mongodb/
mongodb_db_lock_file: "{{ mongodb_db_path }}/mongod.lock"

100
roles/mongodb/tasks/main.yml
View file

@ -1,6 +1,7 @@
- name: Install mongodb required packages
package: name={{ item }}
state=present
- name: Install MongoDB required packages
package:
name: "{{ item }}"
state: present
with_items:
- mongodb-server
- mongodb
@ -8,50 +9,67 @@
tags:
- download
- name: create the data directory for mongodb
file: state=directory
path={{ item.path }}
owner=mongodb
- name: Create the data directory for MongoDB
file:
state: directory
path: "{{ item.path }}"
owner: mongodb
with_items:
- { path: '/var/run/mongodb' }
- { path: '/library/dbdata/mongodb' }
- { path: '/var/log/mongodb' }
- { path: '/var/run/mongodb' }
- { path: "{{ mongodb_db_path }}" } # == /library/dbdata/mongodb/
- { path: '/var/log/mongodb' }
- name: Move required files
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode=0644
- name: Populate & position /etc/mongod.conf, mongodb.service
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'mongodb.service' , dest: '/etc/systemd/system/' }
- { src: 'mongod.conf' , dest: '/etc/mongod.conf'}
- { src: 'mongod.conf.j2', dest: "{{ mongodb_conf }}", mode: '0644' }
- { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' }
- { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' }
- name: enable services
service: name={{ item.name }}
enabled=yes
state=restarted
with_items:
- { name: mongodb }
- name: Enable+restart systemd service if mongodb_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?)
systemd:
name: mongodb
enabled: yes
state: restarted
daemon_reload: yes
when: mongodb_enabled
- name: disable services
service: name={{ item.name }}
enabled=no
state=stopped
with_items:
- { name: mongodb }
- name: 'Disable+stop systemd service if mongodb_enabled: False'
systemd:
name: mongodb
enabled: no
state: stopped
when: not mongodb_enabled
- name: add mongodb to service list
ini_file: dest="{{ service_filelist }}"
section=mongodb
option="{{ item.option }}"
value="{{ item.value }}"
#- name: Restart service if enabled
# service:
# name: mongodb
# enabled: yes
# state: restarted
# when: mongodb_enabled
#- name: Stop service if not enabled
# service:
# name: mongodb
# enabled: no
# state: stopped
# when: not mongodb_enabled
- name: Add 'mongodb' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: mongodb
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: enabled
value: "{{ mongodb_enabled }}"
- option: name
value: MongoDB
- option: description
value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."'
- option: enabled
value: "{{ mongodb_enabled }}"

7
roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
if [ -f {{ mongodb_db_lock_file }} ]; then
echo '"mongod --repair" cannot run when {{ mongodb_db_lock_file }} present.' >&2 # Output to STDERR but keep going, so /etc/systems/system/mongodb.service continues
else
/usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}
fi

3
roles/mongodb/templates/mongod.conf → roles/mongodb/templates/mongod.conf.j2
View file

@ -21,7 +21,7 @@ logpath = /var/log/mongodb/mongod.log
# unixSocketPrefix = /var/run/mongodb
# Directory for datafiles (defaults to /data/db/)
dbpath = /library/dbdata/mongodb
dbpath = {{ mongodb_db_path }}
# Enable/Disable journaling (journaling is on by default for 64 bit)
journal = true
@ -234,4 +234,3 @@ smallfiles = true
# Activate FIPS 140-2 mode at startup
#sslFIPSMode = true

13
roles/mongodb/templates/mongodb.service
View file

@ -1,13 +0,0 @@
[Unit]
Description=High-performance, schema-free document-oriented database
After=syslog.target network.target
[Service]
Type=simple
User=mongodb
Group=mongodb
ExecStart=/usr/bin/mongod -f /etc/mongod.conf
[Install]
WantedBy=multi-user.target

20
roles/mongodb/templates/mongodb.service.j2 Normal file
View file

@ -0,0 +1,20 @@
[Unit]
Description=High-performance, schema-free document-oriented database
After=syslog.target network.target
[Service]
Type=simple
User=mongodb
Group=mongodb
# FAILS (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942)
#ExecStartPre=/usr/bin/mongod --repair --dbpath /library/dbdata/mongodb
# FAILS as systemd cannot run bash here:
#ExecStartPre=if [ ! -f /library/dbdata/mongodb/mongod.lock ]; then /usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}; fi
ExecStartPre=/usr/bin/iiab-mongodb-repair-if-no-lock
ExecStart=/usr/bin/mongod -f {{ mongodb_conf }}
ExecStop=/usr/bin/killall mongod
# killall's SIGTERM (15) seems fine, to induce a graceful stop. This would work too:
#ExecStop=mongod --dbpath {{ mongodb_db_path }} --shutdown
[Install]
WantedBy=multi-user.target

4
roles/moodle/tasks/main.yml
View file

@ -22,12 +22,12 @@
- php{{ php_version }}-cli
when: is_debuntu
- name: php-zip name (debian_9 or ubuntu)
- name: php-zip name (debian-9 or ubuntu)
package:
name: "php{{ php_version }}-zip"
when: is_debian_9 or is_ubuntu
- name: php-zip name for (debian_8)
- name: php-zip name for (debian-8)
package:
name: php-pclzip
when: is_debian_8

4
roles/mysql/tasks/main.yml
View file

@ -19,13 +19,13 @@
tags:
- download
- name: php-xml (ubuntu or debian_9)
- name: php-xml (ubuntu or debian-9)
package:
name: "php{{ php_version }}-xml"
state: present
when: is_ubuntu or is_debian_9
- name: php-xml (debian_8)
- name: php-xml (debian-8)
package:
name: "php-xml-parser"
state: present

20
roles/network/defaults/main.yml
View file

@ -1,4 +1,3 @@
---
# Defaults for network detection
wireless_lan_present: False
strict_networking: False
@ -19,14 +18,14 @@ discovered_lan_iface: "none"
discovered_wired_iface: "none"
discovered_wireless_iface: "none"
#Redhat
# Red Hat
#iiab_wired_lan_iface: "none"
#iiab_wireless_lan_iface: "none"
has_WAN: False
has_ifcfg_gw: "none"
has_wifi_gw: "none"
#Debian
# Debian
dhcpcd_result: ""
wan_in_interfaces: False
network_manager_active: False
@ -39,13 +38,13 @@ gui_desired_network_role: Gateway
wondershaper_dspeed: "4096"
wondershaper_upspeed: "1024"
# WiFi
# Wi-Fi
host_ssid: IIAB
hostapd_wait: 1
host_wifi_mode: g
host_channel: 6
host_wireless_n: False
# Below moved to /opt/iiab/iiab/vars/local_vars.yml: (so implementer sets this)
# Below moved to /etc/iiab/local_vars.yml: (so implementer sets this)
#host_country_code: US
hostapd_secure: True
hostapd_password: "iiab2017"
@ -63,11 +62,20 @@ network_config_dir: /etc/network/interfaces.d
dns_jail_enabled: False
services_externally_visible: False
# following variables set for old apache,dhcpd,named usage
# Following variables set for old Apache, dhcpd, named usage
dhcpd_install: True
dhcpd_enabled: True
named_install: True
named_enabled: True
dnsmasq_enabled: False
dnsmasq_install: False
# For @tim-moody's Nodogsplash approach to Captive Portal? High experimental as of June 2018: github.com/iiab/iiab/issues/608
captive_portal_enabled: False
# Simple python Captive Portal, that @m-anish & @jvonau are experimenting with in July 2018: github.com/iiab/iiab/pull/870
py_captive_portal_install: True
py_captive_portal_enabled: True
py_captive_portal_port: "9090"
py_captive_portal_username: "Admin"
py_captive_portal_password: "changeme"

47
roles/network/tasks/captive_portal.yml Normal file
View file

@ -0,0 +1,47 @@
- name: Create directory for Captive Portal script
file:
path: /opt/iiab/captive-portal
state: directory
when: py_captive_portal_install
- name: Copy Captive Portal script
template:
src: roles/network/templates/captive_portal/captive_portal.py.j2
dest: /opt/iiab/captive-portal/captive_portal.py
owner: root
group: root
mode: 0740
when: py_captive_portal_install
- name: Copy Captive Portal service file
template:
src: roles/network/templates/captive_portal/captive_portal.service.j2
dest: /etc/systemd/system/captive_portal.service
owner: root
group: root
mode: 0644
when: py_captive_portal_install
- name: Enable captive_portal after copying files
service:
name: captive_portal.service
enabled: yes
when: py_captive_portal_install and py_captive_portal_enabled
- name: Start captive_portal after copying files
service:
name: captive_portal.service
state: started
when: py_captive_portal_install and py_captive_portal_enabled
- name: Disable captive_portal after copying files
service:
name: captive_portal.service
enabled: no
when: py_captive_portal_install and py_captive_portal_enabled
- name: Stop captive_portal after copying files
service:
name: captive_portal.service
state: started
when: py_captive_portal_install and py_captive_portal_enabled

62
roles/network/tasks/debian.yml
View file

@ -21,52 +21,64 @@
# state=present
- name: For upgrades from earlier IIAB 6.2, remove br0 file
file: path=/etc/network/interfaces.d/br0
state=absent
file:
path: /etc/network/interfaces.d/br0
state: absent
when: iiab_lan_iface != "br0" and wan_ip == "dhcp"
- name: Supply resolvconf.conf
template: dest=/etc/resolvconf.conf
src=network/resolvconf.j2
template:
dest: /etc/resolvconf.conf
src: network/resolvconf.j2
- name: Supply dhcpcd.conf
template: dest=/etc/dhcpcd.conf
src=network/dhcpcd.conf.j2
template:
dest: /etc/dhcpcd.conf
src: network/dhcpcd.conf.j2
when: dhcpcd_result == "enabled"
- name: Copy the bridge script
template: dest=/etc/network/interfaces.d/iiab
src=network/systemd.j2
template:
dest: /etc/network/interfaces.d/iiab
src: network/systemd.j2
when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp" or gui_static_wan_ip == "undefined")
- name: Copy the bridge script for RPi
template: dest=/etc/network/interfaces.d/iiab
src=network/rpi.j2
template:
dest: /etc/network/interfaces.d/iiab
src: network/rpi.j2
when: is_rpi and iiab_lan_iface == "br0"
- name: Workaround auto issue on Debian-9
template: dest=/etc/network/interfaces.d/patch_auto
src=network/debian-auto.j2
- name: Workaround auto issue (debian-9)
template:
dest: /etc/network/interfaces.d/patch_auto
src: network/debian-auto.j2
when: iiab_wan_iface != "none" and is_debian_9
- name: Clearing out /etc/network/interfaces for static addresses (is_debian_9)
- name: Clearing out /etc/network/interfaces for static addresses (debian-9)
lineinfile:
state: absent
path: /etc/network/interfaces
regexp: "{{ iiab_wan_iface }}"
state: absent
path: /etc/network/interfaces
regexp: "{{ iiab_wan_iface }}"
when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian_9
- name: bind may be affected
service: name={{ dns_service }} state=stopped
- name: BIND may be affected
service:
name: "{{ dns_service }}"
state: stopped
when: named_install and dnsmasq_enabled
# dhcpd_server release the interface
- name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped
service:
name: dhcpd
state: stopped
when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped
service:
name: dnsmasq
state: stopped
when: dnsmasq_install
- name: Reload systemd
@ -75,9 +87,13 @@
# now pick up denyinterfaces
- name: Restart dhcpcd
service: name=dhcpcd state=restarted
service:
name: dhcpcd
state: restarted
when: dhcpcd_result == "enabled"
- name: Restart the networking service
service: name=networking state=restarted
service:
name: networking
state: restarted
when: not nobridge is defined and not no_net_restart

2
roles/network/tasks/down-debian.yml
View file

@ -5,7 +5,7 @@
# dest: /etc/resolvconf.conf
# src: network/resolvconf.j2
- name: bind may be affected
- name: BIND may be affected
service:
name: "{{ dns_service }}"
state: stopped

185
roles/network/tasks/enable_services.yml
View file

@ -1,156 +1,181 @@
- name: Disable dhcpd service
service: name=dhcpd
enabled=no
service:
name: dhcpd
enabled: no
when: not dhcpd_enabled and dhcpd_install
# service is restarted with NM dispatcher.d script
- name: Enable dhcpd service
service: name=dhcpd
enabled=yes
service:
name: dhcpd
enabled: yes
when: dhcpd_enabled and dhcpd_install
- name: Copy /etc/sysconfig/dhcpd file
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
- { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' }
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
when: dhcpd_enabled and dhcpd_install
- name: Copy named file
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
group=root
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'named/school.local.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
- { src: 'named/school.internal.zone.db' , dest: '/var/named-iiab/' , mode: '0644' }
- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' }
- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }
- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }
- name: Enable named service
service: name={{ dns_service }}
enabled=yes
service:
name: "{{ dns_service }}"
enabled: yes
when: named_enabled and named_install
- name: Disable named service
service: name={{ dns_service }}
enabled=no
service:
name: "{{ dns_service }}"
enabled: no
when: not named_enabled and named_install
- name: Disable dnsmasq
service: name=dnsmasq
enabled=no
service:
name: dnsmasq
enabled: no
when: not dnsmasq_enabled and dnsmasq_install
- name: dnsmasq copy config file to /etc
template: src=network/dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
- name: Copy dnsmasq.conf to /etc
template:
src: network/dnsmasq.conf.j2
dest: /etc/dnsmasq.conf
when: dnsmasq_enabled and dnsmasq_install
- name: Enable dnsmasq
service: name=dnsmasq
enabled=yes
service:
name: dnsmasq
enabled: yes
when: dnsmasq_enabled and dnsmasq_install
- name: Enable DansGuardian
service: name=dansguardian
enabled=yes
service:
name: dansguardian
enabled: yes
when: dansguardian_enabled and dansguardian_install
- name: Disable DansGuardian
service: name=dansguardian
enabled=no
service:
name: dansguardian
enabled: no
when: not dansguardian_enabled and dansguardian_install
- name: Create xs_httpcache flag
lineinfile: dest=/etc/iiab/iiab.env
regexp='^HTTPCACHE_ON=*'
line='HTTPCACHE_ON=True'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=True'
state: present
when: squid_enabled and squid_install
- name: Enable Squid service
service: name={{ proxy }}
enabled=yes
service:
name: "{{ proxy }}"
enabled: yes
when: squid_enabled and squid_install
- name: Copy init script and config file
template: src={{ item.src }}
dest={{ item.dest }}
owner={{ item.owner }}
group={{ item.group }}
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- src: 'squid/squid-iiab.conf.j2'
dest: '/etc/{{ proxy }}/squid-iiab.conf'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: squid/squid-iiab.conf.j2
dest: "/etc/{{ proxy }}/squid-iiab.conf"
owner: "{{ proxy_user }}"
group: "{{ proxy_user }}"
mode: 0644
when: squid_enabled and squid_install
- name: Point to Squid config file from startup file
lineinfile: regexp='^CONFIG'
line='CONFIG=/etc/{{ proxy }}/squid-iiab.conf'
dest=/etc/init.d/{{ proxy }}
lineinfile:
regexp: '^CONFIG'
line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
dest: "/etc/init.d/{{ proxy }}"
when: squid_enabled and squid_install and is_debuntu
- name: Disable Squid service
service: name={{ proxy }}
enabled=no
service:
name: "{{ proxy }}"
enabled: no
when: not squid_enabled and squid_install
- name: Remove xs_httpcache flag
lineinfile: dest=/etc/iiab/iiab.env
regexp='^HTTPCACHE_ON=*'
line='HTTPCACHE_ON=False'
state=present
lineinfile:
dest: /etc/iiab/iiab.env
regexp: '^HTTPCACHE_ON=*'
line: 'HTTPCACHE_ON=False'
state: present
when: not squid_enabled
- name: Enable Wondershaper service
service: name=wondershaper
enabled=yes
service:
name: wondershaper
enabled: yes
when: wondershaper_enabled and wondershaper_install
- name: Disable Wondershaper service
service: name=wondershaper
enabled=no
service:
name: wondershaper
enabled: no
when: not wondershaper_enabled and wondershaper_install
# check-LAN should be iptables.yml remove later
- name: Grab clean copy of iiab-gen-iptables
template: src={{ item.0 }}
dest={{ item.1 }}
owner='root'
group='root'
mode='0755'
template:
src: "{{ item.0 }}"
dest: "{{ item.1 }}"
owner: root
group: root
mode: 0755
with_items:
- { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' }
- name: Add 'squid' to service list
ini_file: dest='{{ service_filelist }}'
section=squid
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'squid' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: squid
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: enabled
value: "{{ squid_enabled }}"
- name: Add 'dansguardian' to service list
ini_file: dest='{{ service_filelist }}'
section=dansguardian
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: dansguardian
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: enabled
value: "{{ dansguardian_enabled }}"
- name: Add 'wondershaper' to service list
ini_file: dest='{{ service_filelist }}'
section=wondershaper
option='{{ item.option }}'
value='{{ item.value }}'
- name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"
section: wondershaper
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
- option: enabled
value: "{{ wondershaper_enabled }}"

35
roles/network/tasks/ifcfg_mods.yml
View file

@ -26,16 +26,22 @@
with_items:
- "{{ discovered_lan_iface }}"
- name: bind may be affected
service: name={{ dns_service }} state=stopped
- name: BIND may be affected
service:
name: "{{ dns_service }}"
state: stopped
when: named_install and dnsmasq_enabled
- name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped
service:
name: dhcpd
state: stopped
when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped
service:
name: dnsmasq
state: stopped
when: dnsmasq_install
- name: Stop the LAN/Bridge deleting iiab-LAN
@ -59,21 +65,24 @@
# when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode
- name: Configuring LAN interface as iiab_lan_iface
template: src=network/ifcfg.j2
dest=/etc/sysconfig/network-scripts/ifcfg-LAN
template:
src: network/ifcfg.j2
dest: /etc/sysconfig/network-scripts/ifcfg-LAN
when: iiab_lan_iface != "none"
# can be more than one wired interface
- name: Wired enslaving ## lan_list_result ## to Bridge
template: src=network/ifcfg-slave.j2
dest=/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }}
template:
src: network/ifcfg-slave.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item|trim }}"
when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface
with_items:
- "{{ lan_list_result.stdout_lines }}"
- "{{ lan_list_result.stdout_lines }}"
- name: WiFi enslaving {{ iiab_wireless_lan_iface }} to Bridge
template: src=network/wifi-slave.j2
dest=/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}
template:
src: network/wifi-slave.j2
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ iiab_wireless_lan_iface }}"
when: iiab_lan_iface == "br0" and iiab_wireless_lan_iface != "none"
tags:
- network
@ -81,7 +90,7 @@
- include_tasks: enable_wan.yml
when: not installing and not iiab_demo_mode
- name: ask systemd to reread the unit files, picks up changes done
- name: Ask systemd to reread the unit files, picks up changes done
systemd:
daemon_reload: yes
when: not installing
@ -111,7 +120,7 @@
ignore_errors: True
when: iiab_lan_iface == "br0" and item|trim != iiab_wireless_lan_iface and item|trim != iiab_wan_iface and not iiab_demo_mode
with_items:
- "{{ lan_list_result.stdout_lines }}"
- "{{ lan_list_result.stdout_lines }}"
#- name: restart hostapd when wifi is present
# service: name=hostapd state=started

8
roles/network/tasks/main.yml
View file

@ -74,6 +74,14 @@
include_tasks: squid.yml
when: FQDN_changed and squid_install and iiab_stage|int == 9
#- name: FOREFULLY ENABLE CAPTIVE PORTAL
# set_fact:
# py_captive_portal_install: True
- name: (Re)Installing captive portal
include_tasks: captive_portal.yml
when: py_captive_portal_install
#### start services
- include_tasks: avahi.yml
tags:

117
roles/network/tasks/named.yml
View file

@ -1,6 +1,7 @@
- name: Install named packages (debuntu)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- bind9
- bind9utils
@ -9,8 +10,9 @@
- download
- name: Install named packages (OS's that are not debuntu)
package: name={{ item }}
state=present
package:
name: "{{ item }}"
state: present
with_items:
- bind
- bind-utils
@ -20,76 +22,87 @@
# or we have to change the serial number in the config files.
- name: Stop named before copying files
service: name={{ dns_service }} state=stopped
service:
name: "{{ dns_service }}"
state: stopped
when: first_run and is_debuntu
- name: Set folder permission
file: path={{ item }}
owner={{ dns_user }}
group=root
mode=0755
state=directory
file:
path: "{{ item }}"
owner: "{{ dns_user }}"
group: root
mode: 0755
state: directory
with_items:
- /var/named-iiab
- /var/named-iiab/data
- /etc/sysconfig/olpc-scripts/domain_config.d
- name: Configure named
template: src={{ item.src }}
dest={{ item.dest }}
owner={{ item.owner }}
group=root
mode={{ item.mode }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }
- name: Substitute our unit file which uses $OPTIONS from sysconfig
template: src=roles/network/templates/named/{{ dns_service }}.service
dest=/etc/systemd/system/{{ dns_service }}.service
mode=0644
template:
src: "roles/network/templates/named/{{ dns_service }}.service"
dest: "/etc/systemd/system/{{ dns_service }}.service"
mode: 0644
- name: The dns-jail redirect requires the named.blackhole,disabling recursion
- name: The dns-jail redirect requires the named.blackhole, disabling recursion
# in named-iiab.conf, and the redirection of 404 error documents to /
template: src=roles/network/templates/named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
template:
src: roles/network/templates/named/dns-jail.conf
dest: "/etc/{{ apache_config_dir }}/"
when: dns_jail_enabled
- name: Separate enabling required for debuntu
file: src=/etc/{{ apache_config_dir }}/dns-jail.conf
path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf
state=link
- name: Separate enabling required (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/dns-jail.conf"
path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
state: link
when: is_debuntu and dns_jail_enabled
- name: Separate enabling/disabling required (debuntu)
file: src=/etc/{{ apache_config_dir }}/dns-jail.conf
path=/etc/{{ apache_service }}/sites-enabled/dns-jail.conf
state=absent
- name: Separate disabling required (debuntu)
file:
path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
state: absent
when: is_debuntu and not dns_jail_enabled
- name: Separate enabling/disabling required (OS's that are not debuntu)
file: path=/etc/{{ apache_config_dir }}/dns-jail.conf
state=absent
file:
path: "/etc/{{ apache_config_dir }}/dns-jail.conf"
state: absent
when: not is_debuntu and not dns_jail_enabled
- name: Start named after copying files
service: name={{ dns_service }} state=started
service:
name: "{{ dns_service }}"
state: started

2
roles/network/tasks/restart.yml
View file

@ -1,4 +1,4 @@
- name: restart hostapd when wifi is present
- name: Restart hostapd when WiFi is present
systemd:
name: hostapd
state: restarted

2
roles/network/tasks/rpi_debian.yml
View file

@ -20,7 +20,7 @@
dest: /etc/dhcpcd.conf
src: network/dhcpcd.conf.j2
- name: New raspbian requires counry code -- check for it
- name: New raspbian requires country code -- check for it
shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf
register: country_code
ignore_errors: True

97
roles/network/templates/captive_portal/captive_portal.py.j2 Executable file
View file

@ -0,0 +1,97 @@
#!/usr/bin/python
# Captive portal script adapted from https://github.com/nikosft/captive-portal
import subprocess
import BaseHTTPServer
import cgi
# These variables are used as settings
PORT = int("{{ py_captive_portal_port }}") # the port in which the captive portal web server listens
IFACE = "{{ iiab_lan_iface }}" # the interface that captive portal protects
IP_ADDRESS = "{{ lan_ip }}" # the ip address of the captive portal (it can be the IP of IFACE)
'''
This it the http server used by the the captive portal
'''
class CaptivePortal(BaseHTTPServer.BaseHTTPRequestHandler):
#this is the index of the captive portal
#it simply redirects the user to the to login page
html_redirect = """
<html>
<head>
<meta http-equiv="refresh" content="0; url=http://%s:%s/login" />
</head>
<body>
<b>Redirecting to login page</b>
</body>
</html>
"""%(IP_ADDRESS, PORT)
#the login page
html_login = """
<html>
<body>
<b>Login Form</b>
<form method="POST" action="do_login">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
"""
'''
if the user requests the login page show it, else
use the redirect page
'''
def do_GET(self):
path = self.path
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
if path == "/login":
self.wfile.write(self.html_login)
else:
self.wfile.write(self.html_redirect)
'''
this is called when the user submits the login form
'''
def do_POST(self):
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
form = cgi.FieldStorage(
fp=self.rfile,
headers=self.headers,
environ={'REQUEST_METHOD':'POST',
'CONTENT_TYPE':self.headers['Content-Type'],
})
username = form.getvalue("username")
password = form.getvalue("password")
#dummy security check
if username == '{{ py_captive_portal_username }}' and password == '{{ py_captive_portal_password }}':
#authorized user
remote_IP = self.client_address[0]
print 'New authorization from '+ remote_IP
print 'Updating IP tables'
subprocess.call(["iptables","-t", "nat", "-I", "PREROUTING","1", "-s", remote_IP, "-j" ,"ACCEPT"])
subprocess.call(["iptables", "-I", "FORWARD", "-s", remote_IP, "-j" ,"ACCEPT"])
self.wfile.write("You are now authorized. Navigate to any URL")
else:
#show the login form
self.wfile.write(self.html_login)
#the following function makes server produce no output
#comment it out if you want to print diagnostic messages
#def log_message(self, format, *args):
# return
print "Starting captive portal web server"
httpd = BaseHTTPServer.HTTPServer(('', PORT), CaptivePortal)
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()

15
roles/network/templates/captive_portal/captive_portal.service.j2 Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=Captive portal
After=syslog.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/opt/iiab/captive-portal
ExecStart=/opt/iiab/captive-portal/captive_portal.py
StandardOutput=syslog
StandardError=syslog
[Install]
WantedBy=multi-user.target

17
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -57,11 +57,13 @@ services_externally_visible={{ services_externally_visible }}
calibre_port={{ calibre_port }}
kiwix_port={{ kiwix_port }}
kalite_server_port={{ kalite_server_port }}
kolibri_http_port={{ kolibri_http_port }}
sugarizer_port={{ sugarizer_port }}
block_DNS={{ block_DNS }}
captive_portal_enabled={{ captive_portal_enabled }}
py_captive_portal_enabled={{ py_captive_portal_enabled }}
echo "Lan is $lan and WAN is $wan"
echo "LAN is $lan and WAN is $wan"
#
# delete all existing rules.
#
@ -89,6 +91,7 @@ fi
if [ "$services_externally_visible" == "True" ]; then
$IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT
fi
@ -101,12 +104,13 @@ $IPTABLES -A FORWARD -i $wan -o $lan -m state --state ESTABLISHED,RELATED -j ACC
#Block https traffic except if directed at server
if [ "$gw_block_https" == "True" ]; then
$IPTABLES -A FORWARD -p tcp ! -d 172.18.96.1 --dport 443 -j DROP
$IPTABLES -A FORWARD -p tcp ! -d {{ lan_ip }} --dport 443 -j DROP
fi
# Allow outgoing connections from the LAN side.
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
if ! [ "$py_captive_portal_enabled" == "True" ];then
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
fi
# Don't forward from the outside to the inside.
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
$IPTABLES -A INPUT -i $wan -j DROP
@ -122,8 +126,11 @@ if [ "$captive_portal_enabled" == "True" ];then
$IPTABLES -t mangle -A internet -j MARK --set-mark 99
$IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
elif [ "py_$captive_portal_enabled" == "True" ];then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ py_captive_portal_port }}
elif [ "$HTTPCACHE_ON" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
fi
# Enable routing.

2
roles/network/templates/network/dnsmasq.conf.j2
View file

@ -4,7 +4,7 @@ bogus-priv
#server=/{{ iiab_domain }}/{{ iiab_hostname }}
# Add local-only domains here, queries in these domains are answered from /etc/hosts or DHCP only.
local=/{{ iiab_domain }}/
{% if captive_portal_enabled == "True" %}
{% if dns_jail_enabled %}
# Make all host names resolve to the Raspberry Pi's IP address
address=/#/{{ lan_ip }}
{% endif %}

1
roles/nextcloud/tasks/main.yml
View file

@ -18,6 +18,7 @@
url: "{{ nextcloud_dl_url }}/{{ nextcloud_orig_src_file }}"
dest: "{{ downloads_dir }}/{{ nextcloud_src_file }}"
force: yes
#validate_certs: False # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
timeout: "{{ download_timeout }}"
when: internet_available and nextcloud_force_install
async: 900

2
roles/nextcloud/templates/nextcloud.conf.j2
View file

@ -6,7 +6,7 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
<IfModule mod_authz_core.c>
# Apache 2.4
Require host localhost
Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }}
Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2

175
roles/osm/tasks/main.yml
View file

@ -1,6 +1,7 @@
- name: Install OSM required packages
package: name={{ item }}
state=present
- name: Install OSM required packages (debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- gcc
- python-dev
@ -9,9 +10,10 @@
- libapache2-mod-xsendfile
when: is_debuntu
- name: Install OSM required packages
package: name={{ item }}
state=present
- name: Install OSM required packages (not debuntu)
package:
name: "{{ item }}"
state: present
with_items:
- python-pip
- gcc
@ -22,27 +24,30 @@
when: not is_debuntu
# OSM wants a specific version do that first
- name: Install Whoosh 2.6
pip: name=whoosh
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
version=2.6
extra_args="--no-cache-dir"
- name: Install Whoosh 2.6 (debuntu)
pip:
name: whoosh
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
version: 2.6
extra_args: "--no-cache-dir"
when: internet_available and is_debuntu
- name: Install Flask 0.12X
pip: name=Flask
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
version=0.12.4
extra_args="--no-cache-dir"
- name: Install Flask 0.12X (debuntu)
pip:
name: Flask
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
version: 0.12.4
extra_args: "--no-cache-dir"
when: internet_available and is_debuntu
- name: Install OSM with dependencies
pip: name={{ item }}
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
extra_args="--no-cache-dir"
- name: Install OSM with dependencies (debuntu)
pip:
name: "{{ item }}"
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
extra_args: "--no-cache-dir"
with_items:
- MarkupSafe
- pytz
@ -50,26 +55,29 @@
when: internet_available and is_debuntu
# OSM wants a specific version do that first
- name: Install Whoosh 2.6
pip: name=whoosh
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
version=2.6
- name: Install Whoosh 2.6 (not debuntu)
pip:
name: whoosh
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
version: 2.6
# extra_args="--no-cache-dir"
when: internet_available and not is_debuntu
- name: Install Flask 0.12X
pip: name=Flask
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
version=0.12.4
- name: Install Flask 0.12X (not debuntu)
pip:
name: Flask
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
version: 0.12.4
# extra_args="--no-cache-dir"
when: internet_available and not is_debuntu
- name: Install OSM with dependencies
pip: name={{ item }}
virtualenv={{ osm_venv }}
virtualenv_site_packages=no
- name: Install OSM with dependencies (not debuntu)
pip:
name: "{{ item }}"
virtualenv: "{{ osm_venv }}"
virtualenv_site_packages: no
# extra_args="--no-cache-dir"
with_items:
- MarkupSafe
@ -77,81 +85,92 @@
- Internet-in-a-Box
when: internet_available and not is_debuntu
- name: Set osm_path
- name: Set osm_path (redhat)
set_fact:
osm_path: "{{ osm_venv }}/{{ python_path }}/iiab"
osm_path: "{{ osm_venv }}/{{ python_path }}/iiab"
when: osm_enabled and is_redhat
- name: Set osm_path
- name: Set osm_path (debuntu)
set_fact:
osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab"
osm_path: "{{ osm_venv }}/lib/python2.7/site-packages/iiab"
when: osm_enabled and is_debuntu
- name: Point wsgi to virtual environment (all OS's)
lineinfile: dest={{ osm_venv }}/bin/iiab.wsgi
regexp="path_to_virtualenv = None"
line="path_to_virtualenv = '/usr/local/osm'"
state=present
lineinfile:
dest: "{{ osm_venv }}/bin/iiab.wsgi"
regexp: "path_to_virtualenv = None"
line: "path_to_virtualenv = '/usr/local/osm'"
state: present
- name: Copy OSM config file (all OS's)
template: backup=no
src=osm.conf.j2
dest=/etc/{{ apache_config_dir }}/osm.conf
owner=root
group=root
mode=0644
template:
src: osm.conf.j2
dest: "/etc/{{ apache_config_dir }}/osm.conf"
owner: root
group: root
mode: 0644
backup: no
when: osm_enabled
- name: Create a link from sites-enabled to sites-available (debuntu)
file: src=/etc/{{ apache_config_dir }}/osm.conf
dest=/etc/apache2/sites-enabled/osm.conf
state=link
file:
src: "/etc/{{ apache_config_dir }}/osm.conf"
dest: /etc/apache2/sites-enabled/osm.conf
state: link
when: osm_enabled and is_debuntu
- name: Remove the link from sites-enabled to sites-available (debuntu)
file: dest=/etc/apache2/sites-enabled/osm.conf
state=absent
file:
dest: /etc/apache2/sites-enabled/osm.conf
state: absent
when: not osm_enabled and is_debuntu
- name: Remove the osm.conf (redhat)
file: dest=/{{ apache_config_dir }}/osm.conf
state=absent
file:
dest: "/{{ apache_config_dir }}/osm.conf"
state: absent
when: not osm_enabled and is_redhat
- name: Remove link to cgi (all OS's)
file: dest={{ doc_root }}/osm.wsgi
state=absent
file:
dest: "{{ doc_root }}/osm.wsgi"
state: absent
when: not osm_enabled
- name: Create link to cgi (all OS's)
file: src={{ osm_venv }}/bin/iiab.wsgi
dest={{ doc_root }}/osm.wsgi
owner=root
group=root
state=link
file:
src: "{{ osm_venv }}/bin/iiab.wsgi"
dest: "{{ doc_root }}/osm.wsgi"
owner: root
group: root
state: link
when: osm_enabled
- name: Create the knowledge data set folders
file: path=/library/knowledge/modules
state=directory
owner={{ apache_user }}
group={{ apache_user }}
file:
path: /library/knowledge/modules
state: directory
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
# the following was brought into OSM playbook from iiab-factory osm-fix script
- name: Copy the files
template: src={{ item.src }} dest={{ item.dest }}
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: 'defaults.ini', dest: "{{ osm_path }}/" }
- { src: 'etc.iiab.conf', dest: '/etc/iiab.conf' }
- { src: 'map_search.py', dest: "{{ osm_path }}/map_search.py" }
- { src: 'map.html', dest: "{{ osm_path }}/static/map.html" }
- { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" }
- { src: '{{ osm_path }}/static/map.html', dest: "{{ osm_path }}/static/index.html" }
- { src: 'defaults.ini', dest: "{{ osm_path }}/" }
- { src: 'etc.iiab.conf', dest: '/etc/iiab.conf' }
- { src: 'map_search.py', dest: "{{ osm_path }}/map_search.py" }
- { src: 'map.html', dest: "{{ osm_path }}/static/map.html" }
- { src: 'l.control.geosearch.js', dest: "{{ osm_path }}/static/lib/leaflet/geosearch/l.control.geosearch.js" }
- { src: "{{ osm_path }}/static/map.html", dest: "{{ osm_path }}/static/index.html" }
when: osm_enabled
- name: Restart httpd service
service: name={{ apache_service }}
state=restarted
service:
name: "{{ apache_service }}"
state: restarted
- name: Add 'osm' to list of services at /etc/iiab/iiab.ini
ini_file:

2
roles/rachel/README.rst
View file

@ -13,7 +13,7 @@ Do the following:
* cd /library/rachel
* mv /library/rachelusb_32EN_3.1.4/RACHEL/bin .
* you should see /library/rachel/bin/www/index.php
* re-run ansible (making sure that rachel_enabled: True has been set in vars/local_vars.yml
* re-run ansible (making sure that rachel_enabled: True has been set in /etc/iiab/local_vars.yml
Locations
---------

17
roles/sugarizer/defaults/main.yml
View file

@ -1,6 +1,15 @@
sugarizer_install: True
sugarizer_enabled: False
sugarizer_location: /opt/iiab
sugarizer_version: 'sugarizer-1.0'
sugarizer_server_version: 'sugarizer-server-1.0'
npm_exists: False
sugarizer_location: "{{ iiab_base }}" # /opt/iiab
sugarizer_version: sugarizer-1.0
sugarizer_git_version: v1.0.1
# PLEASE HELP MONITOR https://github.com/llaske/sugarizer/releases
sugarizer_server_version: sugarizer-server-1.0
sugarizer_server_git_version: v1.0.1 # "master" worked over July 11-14, 2018
# PLEASE HELP MONITOR https://github.com/llaske/sugarizer-server/releases
# Unused as of 2018-07-14
# node_modules_exists: False

256
roles/sugarizer/tasks/main.yml
View file

@ -1,94 +1,168 @@
- name: Wipe any previous sugarizer installation
# 0. CLEAN UP PRIOR VERSIONS OF SUGARIZER (NEEDS WORK!)
- name: Wipe /library/www/html/sugarizer* if installing sugarizer-1.0
shell: "rm -rf {{ doc_root }}/sugarizer*"
when: sugarizer_version == "sugarizer-1.0"
- name: Download latest stable Sugarizer from location we control
get_url:
url: "{{ iiab_download_url }}/{{ sugarizer_version }}.tar.gz"
dest: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz"
timeout: "{{ download_timeout }}"
# 1. DOWNLOAD+LINK /opt/iiab/sugarizer
- name: Clone llaske/sugarizer ({{ sugarizer_git_version }}) from GitHub to /opt/iiab (MAY DOWNLOAD 600+ MB)
git:
repo: https://github.com/llaske/sugarizer
dest: "{{ sugarizer_location }}/{{ sugarizer_version }}"
version: "{{ sugarizer_git_version }}"
force: yes
depth: 1
when: internet_available
- name: Untar to {{ sugarizer_version }}
unarchive:
src: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz"
dest: "{{ sugarizer_location }}"
creates: "{{ sugarizer_location }}/{{ sugarizer_version }}/index.html"
# command: tar xzf {{ downloads_dir }}/{{ sugarizer_version }}.tar.gz -C {{ sugarizer_location }}
# creates="{{ sugarizer_location }}/{{ sugarizer_version }}/index.html"
- name: Download latest stable Server from location we control
get_url:
url: "{{ iiab_download_url }}/{{ sugarizer_server_version }}.tar.gz"
dest: "{{ downloads_dir }}/{{ sugarizer_server_version }}.tar.gz"
timeout: "{{ download_timeout }}"
when: internet_available
- name: Untar to /{{ sugarizer_version }}
unarchive:
src: "{{ downloads_dir }}/{{ sugarizer_version }}.tar.gz"
dest: "{{ sugarizer_location }}"
creates: "{{ sugarizer_location }}/{{ sugarizer_version }}/index.html"
- name: Create symbolic link /library/www/html/sugarizer
- name: Create symbolic link /opt/iiab/sugarizer -> /opt/iiab/{{ sugarizer_version }}
file:
src: "{{ sugarizer_location }}/{{ sugarizer_version }}"
dest: "{{ sugarizer_location }}/sugarizer"
state: link
- name: Untar to /library/www/html/{{ sugarizer_server_version }}
unarchive:
src: "{{ downloads_dir }}/{{ sugarizer_server_version }}.tar.gz"
dest: "{{ sugarizer_location }}"
creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/index.html"
- name: Create symbolic link /library/www/html/sugarizer
# 2. DOWNLOAD+LINK /opt/iiab/sugarizer-server
# 2018-07-11: http://download.iiab.io/packages/sugarizer-server-1.0.tar.gz
# was flawed, as documented at:
# https://github.com/iiab/iiab/pull/814#issuecomment-404211098
# Versions of MongoDB, npm (& Node.js ?) matter! Sugarizer 1.0 Context:
# https://github.com/iiab/iiab/issues/798
# Going forward let's "git clone" IIAB's preferred versions, of sugarizer
# AND sugarizer-server, as specified in roles/sugarizer/defaults/main.yml
# 2018-07-14 BLOAT: git works well BUT even with "depth: 1"
# - 229MB is unfort downloaded to /opt/iiab/sugarizer/.git
# - 1.4MB is unfort downloaded to /opt/iiab/sugarizer-server/.git
# CLARIF: during repeat runs of "./runrole sugarizer", this git sync shows
# "changed" (whereas above git sync shows "ok"). Reason: "npm install"
# (below) modifies /opt/iiab/sugarizer-server/node_modules
- name: Clone llaske/sugarizer-server ({{ sugarizer_server_git_version }}) from GitHub to /opt/iiab
git:
repo: https://github.com/llaske/sugarizer-server
dest: "{{ sugarizer_location }}/{{ sugarizer_server_version }}"
version: "{{ sugarizer_server_git_version }}"
force: yes
depth: 1
when: internet_available
- name: Create symbolic link /opt/iiab/sugarizer-server -> /opt/iiab/{{ sugarizer_server_version }}
file:
src: "{{ sugarizer_location }}/{{ sugarizer_server_version }}"
dest: "{{ sugarizer_location }}/sugarizer-server"
state: link
- name: Set up Node.js 6.x apt sources (debuntu)
shell: curl -sL https://deb.nodesource.com/setup_6.x | bash -
# 3. INSTALL A GOOD VERSION OF Node.js AND npm
- name: Set up Node.js 8.x apt sources (debuntu, but avoid ubuntu-18)
shell: curl -sL https://deb.nodesource.com/setup_8.x | bash -
when: internet_available and is_debuntu and not is_ubuntu_18
- name: Install latest Node.js which includes /usr/bin/npm (debuntu)
- name: Install latest Node.js which includes /usr/bin/npm (debuntu, but avoid ubuntu-18)
package:
name: nodejs
# name: nodejs=8.x
state: latest
# package: name=nodejs=6.*
# state=present
# state: present
when: internet_available and is_debuntu and not is_ubuntu_18
- name: Install npm (OS's other than debuntu)
package:
name: "{{ item }}"
state: present
when: internet_available and not is_debuntu
with_items:
- nodejs
- npm
# 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm
# 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above
# nodesource.com approach to get a version of npm that works with Sugarizer:
# https://github.com/iiab/iiab/issues/798#issuecomment-404324530
#
# MORE POSITIVELY: this nodesource.com approach (brings in npm 5.6.0 with
# nodejs 8.11.3 for now, to any OS) would also work on Ubuntu 18.04, and
# might even bring about a sane consistency across mainline OS's?
#
# BUT FOR NOW: Ubuntu 18.04's apt (approach below) brings in npm 3.5.2,
# which appears suffic "SO FAR"? 18.04's nodejs 8.10.0 is more reassuring!
- name: Install npm (ubuntu-18)
# CRAZY IDEA: most versions of npm can upgrade themselves to the latest
# (6.2.0 for now) using command "npm install -g npm", if that helps us in
# future, e.g. TK's memory issue etc? If so, be CAREFUL this puts npm
# in /usr/local/bin on Ubuntu 18.04 -- unlike Ubuntu 16.04 and Raspbian
# where it upgrades /usr/bin/npm in place:
# https://askubuntu.com/questions/1036278/npm-is-incorrect-version-on-latest-ubuntu-18-04-installation
- name: Install Node.js and npm (ubuntu-18 or not debuntu)
package:
name: "{{ item }}"
state: latest
when: internet_available and is_ubuntu_18
with_items:
- npm
- nodejs
- npm
when: internet_available and (is_ubuntu_18 or not is_debuntu)
# attempting to reinstall npm is broken on Raspbian 9
- name: Check for Sugarizer already installed
stat:
path: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules"
register: npm
ignore_errors: true
# 4. RUN "npm install" TO POPULATE ~35MB /opt/iiab/sugarizer-server/node_modules
- name: Set a flag to abort second attempt to install
set_fact:
npm_exists: True
when: npm.stat is defined and npm.stat.exists
# Re-running "npm install" USED TO fail on Raspbian 9 if not other OS's ?
# Strategies considered to avoid re-running it:
# OLD WAY 1: test & set flag node_modules_exists: True
# OLD WAY 2: "creates: ..." checks for non-existence of /opt/iiab/sugarizer-server-1.0/node_modules
# OLD WAY 3: set "register: git_sug_server_output" above, then as nec delete /opt/iiab/sugarizer-server-1.0/node_modules "when: git_sug_server_output.changed" and as nec run "npm install"
- name: Create systemd files and copy our ini file
#- name: Check for /opt/iiab/{{ sugarizer_server_version }}/node_modules
# stat:
# path: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules"
# register: nmtest
# ignore_errors: true
#
#- name: Set a flag to prevent re-running of "npm install"
# set_fact:
# node_modules_exists: True
# when: nmtest.stat is defined and nmtest.stat.exists
# NEW WAY BELOW: run "npm install --allow-root" every time, as modern versions
# of npm are incremental, with sanity checks (all 3 may work: but npm 6.2.0
# is better than 5.6.0. which is better than Ubuntu 18.04's 3.5.2).
# 2018-07-15: TK Kang & Holt confirmed sudo-driven "npm install" maxes out CPU
# for hours, on diff OS's using npm 5.6.0 and 6.2.0. Hours later you may get
# error: code EACCES, errno -13 (permission denied),
# "Missing write access to /opt/iiab/sugarizer-server-1.0/node_modules"
#
# SOLUTION: Implement '--allow-root --unsafe-perm=true' below, as is critical
# for 1st run of sudo-driven 'npm install' especially:
#
# ON DEBIAN: npm 5.6.0's --allow-root would be sufficient: causing creation
# of /root/.npm cache & lock files to owned by root:root instead of
# iiab-admin:iiab-admin...thus permitting it & IIAB installs to complete!
#
# ON RASPBIAN: npm 5.6.0's --unsafe-perm=true is *required* so that npm
# install actually finished (in about 5 minutes). It's possible we should
# remove --allow-root in favore of --unsafe-perm=true alone. But this needs
# testing on different Linuxes before proceeding.
#
# CLARIF 1: Something like 'chown -R root:root /root/.npm' would do the job,
# but cannot happen synchronously throughout the 1st run of 'npm install'
# (when it's needed!) Similar to what --allow-root does on Debian.
#
# CLARIF 2: Ubuntu 18.04 is currently unaffected due to its ancient
# npm 3.5.2, which instead uses /home/iiab-admin/.npm (which remains owned
# by iiab-admin:iiab-admin, even with '--allow-root', but thankfully still
# gets the job done, for now!)
#- name: Create the express framework for Node.js (OS's other than Fedora 18)
- name: Run 'npm install --allow-root --unsafe-perm=true' to create /opt/iiab/{{ sugarizer_server_version }}/node_modules (CAN TAKE ~3 MINUTES)
command: npm install --allow-root --unsafe-perm=true # "command:" a bit safer than "shell:"
args:
chdir: "{{ sugarizer_location }}/{{ sugarizer_server_version }}"
#creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/node_modules" # OLD WAY 2
when: internet_available # "npm install" generally requires Internet access
# when: internet_available and git_sug_server_output.changed # OLD WAY 3
# when: internet_available and not is_F18 and not node_modules_exists # OLD WAY 1
#- name: Create the express framework for Node.js (Fedora 18)
# shell: npm install
# args:
# chdir: "{{ sugarizer_location }}/sugarizer/server"
# when: internet_available and is_F18 and not node_modules_exists
# 5. PLACE CONFIG FILES
- name: Configure sugarizer.service (systemd), sugarizer.conf (Apache) and sugarizer.ini
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@ -96,46 +170,50 @@
owner: root
group: root
with_items:
- { src: 'sugarizer.service.j2' , dest: '/etc/systemd/system/sugarizer.service', mode: '0644' }
- { src: 'sugarizer.ini' , dest: '{{ sugarizer_location }}/{{ sugarizer_server_version }}/env/sugarizer.ini', mode: '0644' }
- { src: 'sugarizer.conf' , dest: '/etc/apache2/sites-available',mode: '0644' }
- { src: 'sugarizer.ini', dest: '{{ sugarizer_location }}/{{ sugarizer_server_version }}/env/sugarizer.ini', mode: '0644' }
- { src: 'sugarizer.conf', dest: '/etc/apache2/sites-available', mode: '0644' }
- { src: 'sugarizer.service.j2', dest: '/etc/systemd/system/sugarizer.service', mode: '0644' }
- name: Create the symlink enabling the rewrite
file: src=/etc/apache2/sites-available/sugarizer.conf
dest=/etc/apache2/sites-enabled/sugarizer.conf
state=link
- name: Create symlink for short URL http://box/sugarizer
file:
src: /etc/apache2/sites-available/sugarizer.conf
dest: /etc/apache2/sites-enabled/sugarizer.conf
state: link
- name: Create the express framework for Node.js (OS's other than Fedora 18)
shell: npm install
args:
chdir: "{{ sugarizer_location }}/{{ sugarizer_server_version }}"
creates: "{{ sugarizer_location }}/{{ sugarizer_server_version }}/server/node_modules"
when: not is_F18 and not npm_exists
# 6. RESTART/STOP SYSTEMD SERVICE
- name: Create the express framework for Node.js (Fedora 18)
shell: npm install
args:
chdir: "{{ sugarizer_location }}/sugarizer/server"
when: is_F18 and not npm_exists
- name: Enable services (all OS's)
service:
name: "{{ item.name }}"
- name: Enable+restart systemd service if sugarizer_enabled, with "systemctl daemon-reload" (in case mongodb.service changed?)
systemd:
name: sugarizer
enabled: yes
state: restarted
with_items:
- { name: sugarizer }
daemon_reload: yes
when: sugarizer_enabled
- name: Disable services (all OS's)
service:
name: "{{ item.name }}"
- name: 'Disable+stop systemd service if sugarizer_enabled: False'
systemd:
name: sugarizer
enabled: no
state: stopped
with_items:
- { name: sugarizer }
when: not sugarizer_enabled
#- name: Enable services (all OS's)
# service:
# name: "{{ item.name }}"
# enabled: yes
# state: restarted
# with_items:
## - { name: mongodb } # 2018-07-14: NICE TRY, but still doesn't bring http://box:8089 to life reliably, as a reboot usually does! (Is a "systemctl daemon-reload" or some such nec?)
# - { name: sugarizer }
# when: sugarizer_enabled
#- name: Disable service (all OS's)
# service:
# name: sugarizer
# enabled: no
# state: stopped
# when: not sugarizer_enabled
- name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini
ini_file:
dest: "{{ service_filelist }}"

1
roles/sugarizer/templates/sugarizer.ini
View file

@ -20,6 +20,7 @@ path = ../sugarizer/
server = localhost
port = 27018
name = sugarizer
waitdb = 1
[presence]
port = 8039

3
roles/sugarizer/templates/sugarizer.service.j2
View file

@ -1,7 +1,8 @@
[Unit]
Description=Node.js Sugarizer Server
Requires=mongodb.service
After=mongodb.service # Requires the mongodb service to run first
After=mongodb.service
# Requires mongodb service to run first
[Service]
WorkingDirectory=/opt/iiab/sugarizer-server/

8
roles/usb-lib/tasks/main.yml
View file

@ -26,7 +26,7 @@
- { src: 'iiab-usb-lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
- { src: 'iiab-usb-lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
- name: Enable exfat and ntfs
- name: Enable exFAT and NTFS
lineinfile:
regexp: '^FILESYSTEMS.*'
line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
@ -53,7 +53,7 @@
state: absent
when: not usb_lib_enabled
- name: Put a variable in iiab.env for display of content at root of USB
- name: Put variable in iiab.env that enables display of content at root of USB
lineinfile:
dest: /etc/iiab/iiab.env
regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
@ -65,14 +65,14 @@
dest: "/etc/{{ apache_config_dir }}"
when: usb_lib_enabled
- name: Create the link to enable (debian)
- name: Create the link to enable (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/content_dir.conf"
dest: /etc/apache2/sites-enabled/content_dir.conf
state: link
when: is_debuntu
- name: Remove the link that enables (debian)
- name: Remove the link that enables (debuntu)
file:
src: "/etc/{{ apache_config_dir }}/content_dir.conf"
dest: /etc/apache2/sites-enabled/content_dir.conf

2
roles/wordpress/tasks/install.yml
View file

@ -2,7 +2,7 @@
# to /library/wordpress) should also work offline...
#
# ONLINE OR OFFLINE, IF YOU NEED A CLEAN REINSTALL OF WORDPRESS DURING YOUR
# NEXT RUN OF "./runtags wordpress" OR "./iiab-install" PLEASE FIRST DO:
# NEXT RUN OF "./runrole wordpress" OR "./iiab-install" PLEASE FIRST DO:
#
# - "mv /library/wordpress /library/wordpress.old"
# - back up WordPress's database then drop it