diff --git a/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml b/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml new file mode 100644 index 000000000..d3eccd12c --- /dev/null +++ b/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml @@ -0,0 +1,21 @@ +- name: Create dir {{ doc_root }}/home + file: + state: directory + path: "{{ doc_root }}/home" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: '0755' + +- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/ + template: + src: iiab-homepage.conf + dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" + +#- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu) +- name: Enable iiab-homepage.conf via Apache + command: a2ensite iiab-homepage.conf + # file: + # src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" + # path: /etc/apache2/sites-enabled/iiab-homepage.conf + # state: link + # when: is_debuntu | bool diff --git a/roles/homepage/templates/iiab-homepage.conf b/roles/0-DEPRECATED-ROLES/homepage/templates/iiab-homepage.conf similarity index 100% rename from roles/homepage/templates/iiab-homepage.conf rename to roles/0-DEPRECATED-ROLES/homepage/templates/iiab-homepage.conf diff --git a/roles/httpd-enable/tasks/main.yml b/roles/0-DEPRECATED-ROLES/httpd-enable/tasks/main.yml similarity index 100% rename from roles/httpd-enable/tasks/main.yml rename to roles/0-DEPRECATED-ROLES/httpd-enable/tasks/main.yml diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 3575e9645..509829cbc 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,21 +3,28 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: HTTPD (APACHE) - include_role: - name: httpd - when: apache_install | bool - - name: MYSQL include_role: name: mysql when: mysql_install | bool -- name: Install NGINX (configured LATER, in Stage 9-LOCAL-ADDONS) - include_tasks: roles/nginx/tasks/install.yml +- name: WWW_BACK_END (WWW_FRONT_END should be installed later) + include_role: + name: www_back_end + #when: www_back_end_install | bool + #when: apache_install or nginx_install + +- name: HTTPD (Apache) + include_role: + name: httpd + when: apache_install | bool + +- name: NGINX + include_role: + name: nginx when: nginx_install | bool -- name: Install dnsmasq +- name: dnsmasq (install now, configure LATER in 'network', after Stage 9) include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 9f94cde9e..8189e6bac 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -20,33 +20,33 @@ - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth - when: is_rpi and bluetooth_install # or bluetooth_installed is defined + when: is_rpi and bluetooth_install - name: USB_LIB include_role: name: usb_lib when: usb_lib_install | bool -# This is in Stage 4-SERVER-OPTIONS (rather than 3-BASE-SERVER) because var -# iiab_home_url changes, and may need to be re-run in the field/offline/etc. -- name: HOMEPAGE - include_role: - name: homepage - # has no "when: XXXXX_install" flag - - name: CUPS include_role: name: cups - when: cups_install # or cups_installed is defined + when: cups_install | bool - name: SAMBA include_role: name: samba - when: samba_install # or samba_installed is defined + when: samba_install | bool -- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) - command: /usr/bin/iiab-refresh-wiki-docs - when: internet_available and not nodocs +# 2020-02-12: what was roles/homepage lives in roles/www_back_end & +# roles/www_front_end for now. Eventually softcoding of iiab_home_url +# should happen everywhere (incl Admin Console) to allow more field +# options, e.g. changing /library/www/html/home even when offline... + +- name: WWW_FRONT_END (WWW_BACK_END should have been installed earlier) + include_role: + name: www_front_end + #when: www_front_end_install | bool + #when: apache_install or nginx_install - name: Recording STAGE 4 HAS COMPLETED ================== lineinfile: diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 7a9448a71..00f7712dd 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -30,24 +30,34 @@ name: calibre-web when: calibreweb_install | bool -# Could split these two below to Stage 10? +# Could split these two below to Stage 10? 2020-02-12: Experimentally moving +# stuff to roles/3-base-server, 4-server-options, roles/httpd, roles/nginx. -- name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True - include_role: - name: nginx - when: nginx_enabled | bool # WAS: nginx_install -# If just CONFIGURING (etc) shouldn't we use one of the following instead ?? -# include_tasks: roles/nginx/tasks/setup.yml -# include_tasks: roles/nginx/tasks/enable.yml +# - name: "Set 'nginx_enabled: True'" +# set_fact: +# nginx_enabled: True +# +# - name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True +# include_role: +# name: nginx +# when: nginx_enabled | bool # WAS: nginx_install +# # If just CONFIGURING (etc) shouldn't we use one of the following instead ?? +# # include_tasks: roles/nginx/tasks/setup.yml +# # include_tasks: roles/nginx/tasks/enable.yml -- name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True - include_role: - name: httpd-enable - when: apache_enabled | bool # WAS: apache_install -# WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE! -# https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44 -# Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -# 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml +# - name: "Set 'apache_enabled: True'" +# set_fact: +# apache_enabled: True +# +# - name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True +# include_role: +# name: httpd +# #name: httpd-enable +# when: apache_enabled | bool # WAS: apache_install +# # WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE! +# # https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44 +# # Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md +# # 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: diff --git a/roles/homepage/tasks/main.yml b/roles/homepage/tasks/main.yml deleted file mode 100644 index d54a806ee..000000000 --- a/roles/homepage/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Create dir {{ doc_root }}/home - file: - path: "{{ doc_root }}/home" - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: 0755 - state: directory - -- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/ - template: - src: iiab-homepage.conf - dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" - -- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu) - file: - src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" - path: /etc/apache2/sites-enabled/iiab-homepage.conf - state: link - when: is_debuntu | bool diff --git a/roles/httpd/files/osm.conf b/roles/httpd/files/osm.conf.deprecated similarity index 100% rename from roles/httpd/files/osm.conf rename to roles/httpd/files/osm.conf.deprecated diff --git a/roles/httpd/tasks/enable.yml b/roles/httpd/tasks/enable.yml deleted file mode 100644 index 280dfdd02..000000000 --- a/roles/httpd/tasks/enable.yml +++ /dev/null @@ -1,69 +0,0 @@ -# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively - lineinfile: - path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - when: apache_high_php_limits | bool - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - -- name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: 0644 - with_items: - - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' } - - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' } - -- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu) - file: - src: "/etc/{{ apache_conf_dir }}/010-iiab.conf" - path: /etc/apache2/sites-enabled/010-iiab.conf - state: link - when: is_debuntu | bool - -# SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways) -- name: Install /etc/{{ apache_conf_dir }}/osm.conf for http://box/maps (all OS's) - copy: - src: roles/httpd/files/osm.conf - dest: "/etc/{{ apache_conf_dir }}" - # owner: root - # group: root - # mode: 0644 - when: osm_vector_maps_install | bool - -- name: Symlink /etc/apache2/sites-enabled/osm.conf -> /etc/{{ apache_conf_dir }}/osm.conf (debuntu) - file: - src: "/etc/{{ apache_conf_dir }}/osm.conf" - path: /etc/apache2/sites-enabled/osm.conf - state: link - when: is_debuntu and osm_vector_maps_enabled - -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template - template: - src: roles/httpd/templates/020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff - mode: 0755 - when: apache_allow_sudo | bool - -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff - file: - path: /etc/sudoers.d/020_apache_poweroff - state: absent - when: not apache_allow_sudo - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - state: restarted - enabled: yes - daemon_reload: yes diff --git a/roles/httpd/tasks/homepage.yml b/roles/httpd/tasks/homepage.yml new file mode 100644 index 000000000..25773ba31 --- /dev/null +++ b/roles/httpd/tasks/homepage.yml @@ -0,0 +1,17 @@ +# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml: +# +# httpd/tasks/homepage.yml +# nginx/tasks/homepage.yml + +- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from httpd/templates, so Apache redirects http://box to http://box{{ iiab_home_url }} # /home + template: + src: roles/httpd/templates/iiab-homepage.conf + dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" # apache2/sites-available (on debuntu) + +- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'" + command: a2ensite iiab-homepage.conf + #when: apache_enabled | bool + +# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled" +# command: a2dissite iiab-homepage.conf +# when: not apache_enabled diff --git a/roles/httpd/tasks/html.yml b/roles/httpd/tasks/html.yml deleted file mode 100644 index 1ea7d920a..000000000 --- a/roles/httpd/tasks/html.yml +++ /dev/null @@ -1,68 +0,0 @@ -- name: Copy css files to {{ doc_root }}/common/css # doc_root is /library/www/html - copy: - src: "{{ item }}" - dest: "{{ doc_root }}/common/css" - mode: 0644 - owner: root - group: root - with_fileglob: - - html/css/*.css - -- name: Copy js files to {{ doc_root }}/common/js # doc_root is /library/www/html - copy: - src: "{{ item }}" - dest: "{{ doc_root }}/common/js" - mode: 0644 - owner: root - group: root - with_fileglob: - - html/js/*.js - -- name: Copy fonts files to {{ doc_root }}/common/fonts # doc_root is /library/www/html - copy: - src: "{{ item }}" - dest: "{{ doc_root }}/common/fonts" - mode: 0644 - owner: root - group: root - with_fileglob: - - html/fonts/* - -- name: Copy html files to {{ doc_root }}/common/html # doc_root is /library/www/html - copy: - src: "{{ item }}" - dest: "{{ doc_root }}/common/html" - mode: 0644 - owner: root - group: root - with_fileglob: - - html/html/* - -- name: Copy assets files to {{ doc_root }}/common/assets # doc_root is /library/www/html - copy: - src: "{{ item }}" - dest: "{{ doc_root }}/common/assets" - mode: 0644 - owner: root - group: root - with_fileglob: - - html/assets/* - -# copy all services, even if not permissioned elsewhere -- name: Copy services files to {{ doc_root }}/common/services # doc_root is /library/www/html - copy: - src: "{{ item }}" - dest: "{{ doc_root }}/common/services" - mode: 0644 - owner: root - group: root - with_fileglob: - - html/services/* - -- name: Symlink {{ doc_root }}/common/assets/iiab.ini to {{ iiab_ini_file }} # doc_root is /library/www/html - file: - src: "{{ iiab_ini_file }}" - path: "{{ doc_root }}/common/assets/iiab.ini" - owner: root - group: root - state: link diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index 03fb3cdf7..8ffd6382f 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -49,7 +49,7 @@ state: present when: is_redhat | bool -# remove symlinks for mpm-event, replace with mpm-prefork +# Remove symlinks for mpm_event, replace with mpm_prefork - name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) file: path: "/etc/apache2/mods-enabled/{{ item }}" @@ -69,6 +69,19 @@ - mpm_prefork.load when: is_debuntu | bool +# - name: Remove mpm_event.conf & mpm_event.load symlinks, using a2dissite +# command: "a2dissite {{ item }}" +# with_items: +# - mpm_event.conf +# - mpm_event.load +# ignore_errors: yes +# +# - name: Symlink mpm_prefork.conf & mpm_prefork.load, using a2ensite +# command: "a2ensite {{ item }}" +# with_items: +# - mpm_prefork.conf +# - mpm_prefork.load + #- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)' # command: a2enmod {{ item }} # with_items: @@ -100,11 +113,11 @@ - name: Create Apache's pid dir /var/run/{{ apache_user }} file: + state: directory path: "/var/run/{{ apache_user }}" owner: root group: root mode: '0755' - state: directory - name: 'Create group: admin' group: @@ -120,25 +133,38 @@ - name: Create Apache dir /var/log/{{ apache_service }} file: + state: directory path: "/var/log/{{ apache_service }}" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: '0755' - state: directory -- name: Enable Apache systemd service ({{ apache_service }}) - service: - name: "{{ apache_service }}" - enabled: yes - state: stopped -- name: Create /library/www/html/info directory for http://box/info offline docs - file: - path: "{{ doc_root }}/info" - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: '0755' - state: directory +- name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' } + - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' } + +- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf'" + command: a2ensite 010-iiab.conf + #when: apache_enabled | bool + +# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite 010-iiab.conf', if not apache_enabled" +# command: a2dissite 010-iiab.conf +# when: not apache_enabled + +- debug: + msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url) +# - include_tasks: roles/httpd/tasks/homepage.yml + +# - name: Enable & Stop '{{ apache_service }}' systemd service +# systemd: +# name: "{{ apache_service }}" +# enabled: yes +# state: stopped # RECORD Apache AS INSTALLED diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 945c3e7d4..354212d7f 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,20 +1,64 @@ -# 2020-01-23 TO DO / Questions: -# - Validate input vars apache_install & apache_enabled here. -# - Use as nec, with 'when: apache_installed is undefined' -# - Encapsulate all 3 tasks below into httpd/roles/install.yml ? -# - Similarly sanity-check httpd/roles/enable.yml or httpd/roles/enable-or-disable.yml... -# - Verify that 9-local-addons/tasks/main.yml's invocation of -# roles/httpd/tasks/enable.yml (via roles/httpd-enable/tasks/main.yml, if -# apache_enabled is True) does the right thing! -# - And that we really don't want to invoke it hereunder? -# - Save relevant apache_* vars to /etc/iiab/iiab.ini +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- include_tasks: install.yml -- include_tasks: html.yml -- include_tasks: php-stem.yml +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible -- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) - template: - src: refresh-wiki-docs.sh - dest: /usr/bin/iiab-refresh-wiki-docs - mode: '0755' +- name: Assert that "apache_install is sameas true" (boolean not string etc) + assert: + that: apache_install is sameas true + fail_msg: "PLEASE SET 'apache_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "apache_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: apache_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'apache_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- debug: + var: apache_install +- debug: + var: apache_enabled +- debug: + var: apache_installed + + +- name: Install Apache if 'apache_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: apache_installed is undefined + + +- name: Enable & (Re)Start {{ apache_service }} systemd service, if apache_enabled + systemd: + name: "{{ apache_service }}" + daemon_reload: yes + enabled: yes + state: restarted + when: apache_enabled | bool + +- name: Disable & Stop {{ apache_service }} systemd service, if not apache_enabled + systemd: + name: "{{ apache_service }}" + enabled: no + state: stopped + when: not apache_enabled + + +- name: Add 'apache' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: apache + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Apache + - option: description + value: '"The Apache HTTP Server (''httpd'')."' + - option: apache_install + value: "{{ apache_install }}" + - option: apache_enabled + value: "{{ apache_enabled }}" diff --git a/roles/httpd/templates/httpd.j2 b/roles/httpd/templates/httpd.j2.deprecated similarity index 100% rename from roles/httpd/templates/httpd.j2 rename to roles/httpd/templates/httpd.j2.deprecated diff --git a/roles/httpd/templates/iiab-homepage.conf b/roles/httpd/templates/iiab-homepage.conf new file mode 100644 index 000000000..0fc7a8e2e --- /dev/null +++ b/roles/httpd/templates/iiab-homepage.conf @@ -0,0 +1,9 @@ +# IIAB Home Page + +# Redirect to home page on School Server +# Default [was] xs-portal [and is now generally] home + +# RedirectMatch of root to homepage +# See the note in default_vars.yml + +RedirectMatch ^/$ {{ iiab_home_url }} diff --git a/roles/httpd/templates/iiab-http b/roles/httpd/templates/iiab-http.deprecated similarity index 100% rename from roles/httpd/templates/iiab-http rename to roles/httpd/templates/iiab-http.deprecated diff --git a/roles/httpd/templates/iiab-http.j2 b/roles/httpd/templates/iiab-http.j2.deprecated similarity index 100% rename from roles/httpd/templates/iiab-http.j2 rename to roles/httpd/templates/iiab-http.j2.deprecated diff --git a/roles/httpd/templates/php.ini.j2 b/roles/httpd/templates/php.ini.j2.deprecated similarity index 100% rename from roles/httpd/templates/php.ini.j2 rename to roles/httpd/templates/php.ini.j2.deprecated diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 3985956a9..41896e647 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -41,7 +41,7 @@ state: absent path: "{{ internetarchive_dir }}/node_modules" -- name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~15 MINUTES) +- name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~5 MINUTES) shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror args: chdir: "{{ internetarchive_dir }}" diff --git a/roles/internetarchive/tasks/main.yml b/roles/internetarchive/tasks/main.yml index 190880cf0..3b908a143 100644 --- a/roles/internetarchive/tasks/main.yml +++ b/roles/internetarchive/tasks/main.yml @@ -20,7 +20,7 @@ # 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza -# "UPDATE internetarchive" block should run whenever one is isn't installing +# "UPDATE internetarchive" block should run whenever one isn't installing # (or reinstalling) internetarchive, for now. We're aware this means slowness # during "./runrole internetarchive" but that's very intentional for now -- as # it leads to more testing of more recent versions of internetarchive, which diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 0801516e0..eb13da3e6 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -7,36 +7,40 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# Which kiwix-tools to download from http://download.iiab.io/packages/ -# As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/ -kiwix_version_armhf: "kiwix-tools_linux-armhf-3.0.1-8" -kiwix_version_linux64: "kiwix-tools_linux-x86_64-3.0.1-8" -kiwix_version_i686: "kiwix-tools_linux-i586-3.0.1-8" -# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" -# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") -# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier: -# https://github.com/kiwix/kiwix-build/issues/94 -# https://github.com/kiwix/kiwix-tools/issues/170 +# INSTRUCTIONS TO REINSTALL Kiwix: +# (1) VERIFY THESE VARS IN /etc/iiab/local_vars.yml +# kiwix_install: True +# kiwix_enabled: True +# (2) RUN: cd /opt/iiab/iiab; ./runrole --reinstall kiwix -kiwix_src_file_armhf: "{{ kiwix_version_armhf }}.tar.gz" -kiwix_src_file_linux64: "{{ kiwix_version_linux64 }}.tar.gz" -kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.gz" -# Used for Kiwix proxy http://box/kiwix/ -kiwix_url_without_slash: /kiwix -kiwix_url: "{{ kiwix_url_without_slash }}/" # /kiwix/ -kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix - -# /library/zims contains 3 important things: +# FYI /library/zims contains 3 important things: # - library.xml # - content = directory for all *.zim's # - index = directory for legacy *.zim.idx's kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" -# INSTRUCTIONS TO REINSTALL kiwix (1) VERIFY ITS VARS IN /etc/iiab/local_vars.yml (2) THEN RUN EITHER BELOW... -# - NEW WAY: cd /opt/iiab/iiab; ./runrole --reinstall kiwix -# - OLD WAY: rm /opt/iiab/kiwix/bin/kiwix-serve; cd /opt/iiab/iiab; ./runrole kiwix -kiwix_force_install: False +# 3 lines below specify which version(s) of kiwix-tools to download from... +# http://download.iiab.io/packages/ ...as originally obtained from... +# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... +# http://download.kiwix.org/nightly/ + +kiwix_version_armhf: "kiwix-tools_linux-armhf-3.0.2" +kiwix_version_linux64: "kiwix-tools_linux-x86_64-3.0.2" +kiwix_version_i686: "kiwix-tools_linux-i586-3.0.2" + +# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" +# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") +# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, +# thx to @mgautierfr / Matthieu Gautier: +# https://github.com/kiwix/kiwix-build/issues/94 +# https://github.com/kiwix/kiwix-tools/issues/170 + +# Used for Kiwix proxy http://box/kiwix/ +kiwix_url: /kiwix +kiwix_url_plus_slash: "{{ kiwix_url }}/" # /kiwix/ +kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix + kiwix_nginx_timeout: 600 kiwix_threads: 4 diff --git a/roles/kiwix/tasks/apache.yml b/roles/kiwix/tasks/apache.yml new file mode 100644 index 000000000..8e01dd6e9 --- /dev/null +++ b/roles/kiwix/tasks/apache.yml @@ -0,0 +1,12 @@ +- name: Enable http://box{{ kiwix_url }} via Apache # http://box/kiwix + command: a2ensite kiwix.conf + when: kiwix_enabled | bool + +- name: Disable http://box{{ kiwix_url }} via Apache # http://box/kiwix + command: a2dissite kiwix.conf + when: not kiwix_enabled + +- name: (Re)Start '{{ apache_service }}' systemd service + systemd: + name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml + state: restarted diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml new file mode 100644 index 000000000..c64b6e911 --- /dev/null +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -0,0 +1,45 @@ +- name: Enable & Restart 'kiwix-serve' systemd service + systemd: + name: kiwix-serve + daemon_reload: yes + enabled: yes + state: restarted + when: kiwix_enabled | bool + +- name: Disable & Stop 'kiwix-serve' systemd service + systemd: + name: kiwix-serve + enabled: no + state: stopped + when: not kiwix_enabled + + +# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" + +# In the past kiwix-serve did not stay running, so we'd been doing this hourly. +# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in +# future, whenever service fails, if this really catches all cases?? +# https://github.com/iiab/iiab/issues/484#issuecomment-342151726 +- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) + lineinfile: + # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed + line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" + dest: /etc/crontab + when: kiwix_enabled and is_debuntu + +- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) +# * * * * * user-name command to be executed + lineinfile: + # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed + line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" + dest: /etc/crontab + when: kiwix_enabled and is_redhat + + +- name: Enable/Disable/Restart Apache if primary + include_tasks: apache.yml + when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool diff --git a/roles/kiwix/tasks/enable.yml b/roles/kiwix/tasks/enable.yml deleted file mode 100644 index 0276b08a6..000000000 --- a/roles/kiwix/tasks/enable.yml +++ /dev/null @@ -1,97 +0,0 @@ -- name: Enable & Restart 'kiwix-serve' systemd service - systemd: - name: kiwix-serve - daemon_reload: yes - enabled: yes - state: restarted - when: kiwix_enabled | bool - -- name: Disable & Stop 'kiwix-serve' systemd service - systemd: - name: kiwix-serve - enabled: no - state: stopped - when: not kiwix_enabled - -# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" - -# In the past kiwix-serve did not stay running, so we'd been doing this hourly. -# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in -# future, whenever service fails, if this really catches all cases?? -# https://github.com/iiab/iiab/issues/484#issuecomment-342151726 -- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: kiwix_enabled and is_debuntu - -- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) -# * * * * * user-name command to be executed - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: kiwix_enabled and is_redhat - -# Apache - -- name: Enable http://box{{ kiwix_url_without_slash }} via Apache - command: a2ensite kiwix.conf - when: apache_install and kiwix_enabled - -- name: Disable http://box{{ kiwix_url_without_slash }} via Apache - command: a2dissite kiwix.conf - when: apache_install and not kiwix_enabled - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - daemon-reload: yes - state: restarted - when: apache_enabled | bool - -# NGINX - -- name: Enable http://box{{ kiwix_url_without_slash }} via NGINX, by installing {{ nginx_conf_dir }}/kiwix-nginx.conf from template - template: - src: kiwix-nginx.conf - dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" - when: nginx_install and kiwix_enabled - -- name: Disable http://box{{ kiwix_url_without_slash }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf - file: - path: "{{ nginx_conf_dir }}/kiwix-nginx.conf" - state: absent - when: nginx_install and not kiwix_enabled - -- name: Restart 'nginx' systemd service - systemd: - name: nginx - state: restarted - when: nginx_enabled | bool - - -- name: Add 'kiwix' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: kiwix - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Kiwix - - option: description - value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' - - option: kiwix_url - value: "{{ kiwix_url }}" - - option: kiwix_path - value: "{{ kiwix_path }}" - - option: kiwix_port - value: "{{ kiwix_port }}" - - option: iiab_zim_path - value: "{{ iiab_zim_path }}" - - option: kiwix_library_xml - value: "{{ kiwix_library_xml }}" - - option: kiwix_enabled - value: "{{ kiwix_enabled }}" diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 0e8235d86..c2fb6fa6c 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -1,29 +1,56 @@ -# 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE +# 0. SET CPU ARCHITECTURE -- name: Download Kiwix software to /opt/iiab/downloads +- name: "Initialize 'kiwix_src_dir: False' just in case CPU architecture is not supported" + set_fact: + kiwix_src_dir: False + +- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71)" + set_fact: + kiwix_src_dir: "{{ kiwix_version_armhf }}" + when: ansible_machine == "armv7l" or ansible_machine == "armv6l" + +- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)" + set_fact: + kiwix_src_dir: "{{ kiwix_version_linux64 }}" + when: ansible_machine == "x86_64" + +- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_i686 }}' (i686)" + set_fact: + kiwix_src_dir: "{{ kiwix_version_i686 }}" + when: ansible_machine == "i686" +# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017) + +- name: Force Ansible to exit (FAIL) if kiwix-tools appears unavailable for your architecture ({{ ansible_machine }}) + fail: + msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." + when: not kiwix_src_dir + +- name: "Set fact 'kiwix_src_file: {{ kiwix_src_dir }}.tar.gz'" + set_fact: + kiwix_src_file: "{{ kiwix_src_dir }}.tar.gz" + + +# 1. PUT IN PLACE: ESSENTIAL DIRS, library.xml, test.zim + +- name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads get_url: - url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" + url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" timeout: "{{ download_timeout }}" when: internet_available | bool -- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} - stat: - path: "{{ downloads_dir }}/{{ kiwix_src_file }}" - register: kiwix_src - -- name: Create directory {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files +- name: Create dir {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files file: path: "{{ item }}" state: directory with_items: - - "{{ iiab_zim_path }}" + - "{{ iiab_zim_path }}" # /library/zims - "{{ iiab_zim_path }}/content" - "{{ iiab_zim_path }}/index" -- name: Check for {{ kiwix_library_xml }} # /library/zims/library.xml +- name: Check for {{ kiwix_library_xml }} stat: - path: "{{ kiwix_library_xml }}" + path: "{{ kiwix_library_xml }}" # /library/zims/library.xml register: kiwix_xml - name: Install stub /library/zims/library.xml from template, if one doesn't exist @@ -39,9 +66,9 @@ dest: "{{ iiab_zim_path }}/content/test.zim" force: no -- name: Create {{ kiwix_path }}/bin directory # /opt/iiab/kiwix/bin +- name: Create {{ kiwix_path }}/bin directory file: - path: "{{ kiwix_path }}/bin" + path: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix state: directory @@ -52,8 +79,8 @@ src: "{{ downloads_dir }}/{{ kiwix_src_file }}" dest: /tmp -- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686) - shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" +- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location {{ kiwix_path }}/bin + shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" # /opt/iiab/kiwix # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 8d65b3f04..de744d8b0 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -1,40 +1,54 @@ -- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_armhf }} (armv6l or armv71)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_armhf }}" - kiwix_src_file: "{{ kiwix_src_file_armhf }}" - when: ansible_machine == "armv7l" or ansible_machine == "armv6l" - -- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_linux64 }}" - kiwix_src_file: "{{ kiwix_src_file_linux64 }}" - when: ansible_machine == "x86_64" +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_i686 }}" - kiwix_src_file: "{{ kiwix_src_file_i686 }}" - when: ansible_machine == "i686" -# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017) +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible -- name: FAIL (force Ansible to exit) IF kiwix-tools appears unavailable for OS/architecture -# debug: - fail: - msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." - when: not kiwix_src_file +- name: Assert that "kiwix_install is sameas true" (boolean not string etc) + assert: + that: kiwix_install is sameas true + fail_msg: "PLEASE SET 'kiwix_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes -- name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary - stat: - path: "{{ kiwix_path }}/bin/kiwix-serve" - register: kiwix_bin +- name: Assert that "kiwix_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: kiwix_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'kiwix_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes -- name: Set fact kiwix_force_install if kiwix-serve not found - set_fact: - kiwix_force_install: True - when: not kiwix_bin.stat.exists or reinstall is defined -- include_tasks: install.yml - when: (kiwix_install and not kiwix_installed is defined) or kiwix_force_install +- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kiwix_installed is undefined -- include_tasks: enable.yml - when: kiwix_enabled # or kiwix_installed is defined + +- include_tasks: enable-or-disable.yml + + +- name: Add 'kiwix' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: kiwix + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Kiwix + - option: description + value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' + - option: kiwix_url + value: "{{ kiwix_url }}" + - option: kiwix_url_plus_slash + value: "{{ kiwix_url_plus_slash }}" + - option: kiwix_path + value: "{{ kiwix_path }}" + - option: kiwix_port + value: "{{ kiwix_port }}" + - option: iiab_zim_path + value: "{{ iiab_zim_path }}" + - option: kiwix_library_xml + value: "{{ kiwix_library_xml }}" + - option: kiwix_enabled + value: "{{ kiwix_enabled }}" diff --git a/roles/kiwix/tasks/nginx.yml b/roles/kiwix/tasks/nginx.yml new file mode 100644 index 000000000..74be639aa --- /dev/null +++ b/roles/kiwix/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: Enable http://box{{ kiwix_url }} via NGINX, by installing {{ nginx_conf_dir }}/kiwix-nginx.conf from template # http://box/kiwix + template: + src: kiwix-nginx.conf.j2 + dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" # /etc/nginx/conf.d + when: kiwix_enabled | bool + +- name: Disable http://box{{ kiwix_url }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf # http://box/kiwix + file: + path: "{{ nginx_conf_dir }}/kiwix-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not kiwix_enabled + +- name: Restart 'nginx' systemd service + systemd: + name: nginx + state: restarted diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py.deprecated similarity index 100% rename from roles/kiwix/templates/iiab-make-kiwix-lib.py rename to roles/kiwix/templates/iiab-make-kiwix-lib.py.deprecated diff --git a/roles/kiwix/templates/kiwix-nginx.conf b/roles/kiwix/templates/kiwix-nginx.conf.j2 similarity index 93% rename from roles/kiwix/templates/kiwix-nginx.conf rename to roles/kiwix/templates/kiwix-nginx.conf.j2 index 2c5f96f80..000a3dcc2 100644 --- a/roles/kiwix/templates/kiwix-nginx.conf +++ b/roles/kiwix/templates/kiwix-nginx.conf.j2 @@ -1,4 +1,4 @@ -location /kiwix { +location {{ kiwix_url }} { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_http_version 1.1; @@ -8,5 +8,4 @@ location /kiwix { proxy_read_timeout {{ kiwix_nginx_timeout }}; send_timeout {{ kiwix_nginx_timeout }}; proxy_pass http://127.0.0.1:3000; - } diff --git a/roles/kiwix/templates/kiwix-serve.service.j2 b/roles/kiwix/templates/kiwix-serve.service.j2 index 30157bbac..4a8462675 100644 --- a/roles/kiwix/templates/kiwix-serve.service.j2 +++ b/roles/kiwix/templates/kiwix-serve.service.j2 @@ -4,7 +4,7 @@ After=syslog.target network.target local-fs.target [Service] Type=forking -ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }} --threads {{ kiwix_threads }} +ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url_plus_slash }} --threads {{ kiwix_threads }} TimeoutStartSec=180 Restart=on-abort RestartSec=5s diff --git a/roles/kiwix/templates/kiwix.conf.j2 b/roles/kiwix/templates/kiwix.conf.j2 index e37f6b517..41a35b4af 100644 --- a/roles/kiwix/templates/kiwix.conf.j2 +++ b/roles/kiwix/templates/kiwix.conf.j2 @@ -2,14 +2,14 @@ # 2018-08-31: FAILS to enable http://box/kiwix #RewriteEngine on -#RewriteRule ^{{ kiwix_url_without_slash }}$ {{ kiwix_url }} [R] +#RewriteRule ^{{ kiwix_url }}$ {{ kiwix_url_plus_slash }} [R] # 2018-08-31: SUCCEEDS in enabling http://box/kiwix -RedirectMatch ^{{ kiwix_url_without_slash }}$ {{ kiwix_url }} +RedirectMatch ^{{ kiwix_url }}$ {{ kiwix_url_plus_slash }} # 2018-08-31: SUCCEEDS in enabling http://box/kiwix/ & http://box/kiwix/zim & http://box/kiwix/zim/ #ProxyPreserveHost On -ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port}}{{ kiwix_url }} +ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port}}{{ kiwix_url_plus_slash }} # CLARIF: ProxyPassReverse rewrites internal links, that come back from Apache # proxy. Whereas e.g. calibre-web.conf (and others) use this, kiwix.conf does diff --git a/roles/minetest/tasks/rpi_minetest_install.yml b/roles/minetest/tasks/rpi_minetest_install.yml index d126ccdaa..0541d2174 100644 --- a/roles/minetest/tasks/rpi_minetest_install.yml +++ b/roles/minetest/tasks/rpi_minetest_install.yml @@ -30,7 +30,7 @@ owner: root group: root -- name: Create symbolic link /library/games/minetest +- name: Symlink /library/games/minetest -> /library/games/0.4.17.1 file: state: link src: /library/games/0.4.17.1 diff --git a/roles/munin/defaults/main.yml b/roles/munin/defaults/main.yml index 39031c933..aaddd2597 100644 --- a/roles/munin/defaults/main.yml +++ b/roles/munin/defaults/main.yml @@ -1,5 +1,5 @@ -# munin_install: True -# munin_enabled: True +# munin_install: False +# munin_enabled: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 602d8f245..90999d07f 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -18,13 +18,13 @@ * IIAB documentation (http://box/info) * osm-vector-maps * OER2Go/RACHEL modules - * usb-lib [*] + * usb-lib 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) for your testing). * awstats * calibre-web * gitea - * kiwix [*] + * kiwix * kolibri * mediawiki * munin diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml new file mode 100644 index 000000000..beebc2da5 --- /dev/null +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -0,0 +1,40 @@ +- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap + systemd: + name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml + state: stopped + +- name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only + template: + src: ports.conf.j2 + dest: "/etc/{{ apache_service }}/ports.conf" + when: nginx_enabled | bool + +- name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only + template: + src: stock-apache-ports.conf + dest: "/etc/{{ apache_service }}/ports.conf" + when: not nginx_enabled + +- name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it + systemd: + name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml + daemon_reload: yes + state: restarted + enabled: true + when: apache_enabled or not nginx_enabled + + +- name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled + systemd: + name: nginx + daemon_reload: yes + enabled: yes + state: restarted + when: nginx_enabled | bool + +- name: Disable & Stop 'nginx' systemd service, if not nginx_enabled + systemd: + name: nginx + enabled: no + state: stopped + when: not nginx_enabled diff --git a/roles/nginx/tasks/homepage.yml b/roles/nginx/tasks/homepage.yml new file mode 100644 index 000000000..fb01aa96f --- /dev/null +++ b/roles/nginx/tasks/homepage.yml @@ -0,0 +1,9 @@ +# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml: +# +# httpd/tasks/homepage.yml +# nginx/tasks/homepage.yml + +- name: Install {{ nginx_conf_dir }}/iiab.conf from nginx/templates, so NGINX redirects http://box to http://box{{ iiab_home_url }} # /home + template: + src: roles/nginx/templates/iiab.conf.j2 + dest: "{{ nginx_conf_dir }}/iiab.conf" # /etc/nginx/conf.d diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index fcc04db91..2fb3f2e44 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,4 +1,20 @@ -- name: Install NGINX required and helper packages +# This stanza can likely be removed later in 2020: +- name: 'Remove legacy files if present: /etc/systemd/system/uwsgi.service, {{ nginx_conf_dir }}/usb-lib.conf, {{ nginx_conf_dir }}/modules.conf' + file: + path: "{{ item.path }}" + state: absent + with_items: + - { path: "/etc/systemd/system/uwsgi.service" } + - { path: "{{ nginx_conf_dir }}/usb-lib.conf" } + - { path: "{{ nginx_conf_dir }}/modules.conf" } + +- name: Stop '{{ apache_service }}' systemd service + systemd: + name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml + state: stopped + ignore_errors: yes + +- name: Install required and helper packages for NGINX package: name: "{{ item }}" state: present @@ -9,9 +25,9 @@ - php-fpm - libnginx-mod-http-subs-filter -- name: Add http server user to shadow group, so it can authenticate Admin Console +- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console user: - name: "{{ apache_user }}" + name: "{{ apache_user }}" # www-data or apache, per /opt/iiab/iiab/vars/.yml groups: shadow - name: Remove NGINX default config /etc/nginx/sites-enabled/default @@ -19,29 +35,34 @@ path: /etc/nginx/sites-enabled/default state: absent -- name: 'Install 4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, /etc/systemd/system/uwsgi.service' +- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf' template: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - - { src: 'roles/nginx/templates/server.conf.j2', dest: '/etc/nginx/server.conf' } - - { src: 'roles/nginx/templates/nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - - { src: 'roles/nginx/templates/ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } + - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' } + - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } + #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # Moved to enable-or-disable.yml + #- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml below -# php stem extension is installed in role httpd +- debug: + msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url) +# - include_tasks: roles/nginx/tasks/homepage.yml + +# php-stem extension installed by roles/www_back_end/tasks/php-stem.yml # here it is linked to php-fpm -- name: Create softlink 20-stem.ini to /etc/php/{{ php_version }}/mods-available/stem.ini +- name: Symlink /etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini -> /etc/php/{{ php_version }}/mods-available/stem.ini file: src: "/etc/php/{{ php_version }}/mods-available/stem.ini" path: "/etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini" state: link - when: nginx_enabled + #when: nginx_enabled | bool -- name: Restart php{{ php_version }}-fpm service - service: +- name: Restart php{{ php_version }}-fpm systemd service + systemd: name: "php{{ php_version }}-fpm" state: restarted - when: nginx_enabled + #when: nginx_enabled | bool # RECORD NGINX AS INSTALLED diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 567459612..fb272a29c 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,70 +1,51 @@ -- name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_conf_dir }} - file: - path: "{{ item.path }}" - state: absent +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "nginx_install is sameas true" (boolean not string etc) + assert: + that: nginx_install is sameas true + fail_msg: "PLEASE SET 'nginx_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "nginx_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: nginx_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'nginx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- debug: + var: nginx_install +- debug: + var: nginx_enabled +- debug: + var: nginx_installed + + +- name: Install NGINX if 'nginx_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nginx_installed is undefined + + +- include_tasks: enable-or-disable.yml + + +- name: Add 'nginx' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nginx + option: "{{ item.option }}" + value: "{{ item.value | string }}" with_items: - - { path: "/etc/systemd/system/uwsgi.service" } - - { path: "{{ nginx_conf_dir }}/usb-lib.conf" } - - { path: "{{ nginx_conf_dir }}/modules.conf" } - -- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap - systemd: - name: "{{ apache_service }}" - state: stopped - -- name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_conf_dir }}/iiab.conf" - template: - src: "{{ item.src}}" - dest: "{{ item.dest }}" - with_items: - - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' } - - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - - { src: 'ports.conf.j2', dest: "/etc/{{ apache_service }}/ports.conf" } - - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } - when: nginx_enabled | bool - -# the below slides in nginx's proxypass config files for apache on localhost -# via the ports.conf file installed above -#- name: Install proxpass to Apache running on localhost port {{ apache_port }} -# include_tasks: uses_apache.yml -# when: apache_enabled | bool - -# the below task contains the same logic contained in the playbooks to enable -# 'runrole nginx' to do the right thing but with the 'src' path set to role's -# templates path ie roles//template/ -#- name: Install proxpass to other services 'dual mode' roles -# include_tasks: only_nginx.yml -# when: nginx_enabled | bool - -- name: Stop & Disable 'nginx' systemd service, when not nginx_enabled - systemd: - name: nginx - state: stopped - enabled: false - when: not nginx_enabled - -- name: Disable Apache port {{ apache_port }} localhost only, when not nginx_enabled - template: - dest: /etc/{{ apache_service }}/ports.conf - src: stock-apache-ports.conf - when: not nginx_enabled - -# should have the logic to handle both modes in the playbook -#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled -# include_tasks: disable.yml -# when: not nginx_enabled - -- name: Enable & Restart Apache, since we stopped it ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - daemon_reload: yes - state: restarted - enabled: true - when: apache_enabled or not nginx_enabled - -- name: Enable & Restart NGINX, to pick up the config files installed - systemd: - name: nginx - state: restarted - enabled: true - when: nginx_enabled | bool + - option: name + value: NGINX + - option: description + value: '"NGINX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache."' + - option: nginx_install + value: "{{ nginx_install }}" + - option: nginx_enabled + value: "{{ nginx_enabled }}" diff --git a/roles/httpd/files/html/assets/lang_codes.json b/roles/www_back_end/files/html/assets/lang_codes.json old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/assets/lang_codes.json rename to roles/www_back_end/files/html/assets/lang_codes.json diff --git a/roles/httpd/files/html/css/bootstrap-theme.css b/roles/www_back_end/files/html/css/bootstrap-theme.css old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/css/bootstrap-theme.css rename to roles/www_back_end/files/html/css/bootstrap-theme.css diff --git a/roles/httpd/files/html/css/bootstrap-theme.css.map b/roles/www_back_end/files/html/css/bootstrap-theme.css.map old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/css/bootstrap-theme.css.map rename to roles/www_back_end/files/html/css/bootstrap-theme.css.map diff --git a/roles/httpd/files/html/css/bootstrap-theme.min.css b/roles/www_back_end/files/html/css/bootstrap-theme.min.css old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/css/bootstrap-theme.min.css rename to roles/www_back_end/files/html/css/bootstrap-theme.min.css diff --git a/roles/httpd/files/html/css/bootstrap-theme.min.css.map b/roles/www_back_end/files/html/css/bootstrap-theme.min.css.map similarity index 100% rename from roles/httpd/files/html/css/bootstrap-theme.min.css.map rename to roles/www_back_end/files/html/css/bootstrap-theme.min.css.map diff --git a/roles/httpd/files/html/css/bootstrap.css b/roles/www_back_end/files/html/css/bootstrap.css old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/css/bootstrap.css rename to roles/www_back_end/files/html/css/bootstrap.css diff --git a/roles/httpd/files/html/css/bootstrap.css.map b/roles/www_back_end/files/html/css/bootstrap.css.map old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/css/bootstrap.css.map rename to roles/www_back_end/files/html/css/bootstrap.css.map diff --git a/roles/httpd/files/html/css/bootstrap.min.css b/roles/www_back_end/files/html/css/bootstrap.min.css old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/css/bootstrap.min.css rename to roles/www_back_end/files/html/css/bootstrap.min.css diff --git a/roles/httpd/files/html/css/bootstrap.min.css.map b/roles/www_back_end/files/html/css/bootstrap.min.css.map similarity index 100% rename from roles/httpd/files/html/css/bootstrap.min.css.map rename to roles/www_back_end/files/html/css/bootstrap.min.css.map diff --git a/roles/httpd/files/html/css/bootstrap4.min.css b/roles/www_back_end/files/html/css/bootstrap4.min.css similarity index 100% rename from roles/httpd/files/html/css/bootstrap4.min.css rename to roles/www_back_end/files/html/css/bootstrap4.min.css diff --git a/roles/httpd/files/html/css/fa.all.min.css b/roles/www_back_end/files/html/css/fa.all.min.css similarity index 100% rename from roles/httpd/files/html/css/fa.all.min.css rename to roles/www_back_end/files/html/css/fa.all.min.css diff --git a/roles/httpd/files/html/css/font-faces.css b/roles/www_back_end/files/html/css/font-faces.css similarity index 100% rename from roles/httpd/files/html/css/font-faces.css rename to roles/www_back_end/files/html/css/font-faces.css diff --git a/roles/httpd/files/html/css/xo-common.css b/roles/www_back_end/files/html/css/xo-common.css old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/css/xo-common.css rename to roles/www_back_end/files/html/css/xo-common.css diff --git a/roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff b/roles/www_back_end/files/html/fonts/bubblegum-sans-v6-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff rename to roles/www_back_end/files/html/fonts/bubblegum-sans-v6-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 diff --git a/roles/httpd/files/html/fonts/fa-solid-900.woff b/roles/www_back_end/files/html/fonts/fa-solid-900.woff similarity index 100% rename from roles/httpd/files/html/fonts/fa-solid-900.woff rename to roles/www_back_end/files/html/fonts/fa-solid-900.woff diff --git a/roles/httpd/files/html/fonts/fa-solid-900.woff2 b/roles/www_back_end/files/html/fonts/fa-solid-900.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/fa-solid-900.woff2 rename to roles/www_back_end/files/html/fonts/fa-solid-900.woff2 diff --git a/roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff b/roles/www_back_end/files/html/fonts/finger-paint-v7-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff rename to roles/www_back_end/files/html/fonts/finger-paint-v7-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/finger-paint-v7-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/finger-paint-v7-latin-regular.woff2 diff --git a/roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff b/roles/www_back_end/files/html/fonts/flavors-v6-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff rename to roles/www_back_end/files/html/fonts/flavors-v6-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/flavors-v6-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/flavors-v6-latin-regular.woff2 diff --git a/roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff b/roles/www_back_end/files/html/fonts/freckle-face-v6-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff rename to roles/www_back_end/files/html/fonts/freckle-face-v6-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/freckle-face-v6-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/freckle-face-v6-latin-regular.woff2 diff --git a/roles/httpd/files/html/fonts/glyphicons-halflings-regular.eot b/roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.eot old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/fonts/glyphicons-halflings-regular.eot rename to roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.eot diff --git a/roles/httpd/files/html/fonts/glyphicons-halflings-regular.svg b/roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.svg old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/fonts/glyphicons-halflings-regular.svg rename to roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.svg diff --git a/roles/httpd/files/html/fonts/glyphicons-halflings-regular.ttf b/roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.ttf old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/fonts/glyphicons-halflings-regular.ttf rename to roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.ttf diff --git a/roles/httpd/files/html/fonts/glyphicons-halflings-regular.woff b/roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.woff old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/fonts/glyphicons-halflings-regular.woff rename to roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.woff diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-600.woff similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-600.woff diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff2 b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-600.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff2 rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-600.woff2 diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-700.woff similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-700.woff diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff2 b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-700.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff2 rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-700.woff2 diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-regular.woff2 diff --git a/roles/httpd/files/html/html/credits.html b/roles/www_back_end/files/html/html/credits.html old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/html/credits.html rename to roles/www_back_end/files/html/html/credits.html diff --git a/roles/httpd/files/html/js/Markdown.Converter.js b/roles/www_back_end/files/html/js/Markdown.Converter.js old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/js/Markdown.Converter.js rename to roles/www_back_end/files/html/js/Markdown.Converter.js diff --git a/roles/httpd/files/html/js/Markdown.Sanitizer.js b/roles/www_back_end/files/html/js/Markdown.Sanitizer.js old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/js/Markdown.Sanitizer.js rename to roles/www_back_end/files/html/js/Markdown.Sanitizer.js diff --git a/roles/httpd/files/html/js/XMLDisplay.js b/roles/www_back_end/files/html/js/XMLDisplay.js old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/js/XMLDisplay.js rename to roles/www_back_end/files/html/js/XMLDisplay.js diff --git a/roles/httpd/files/html/js/bootstrap.js b/roles/www_back_end/files/html/js/bootstrap.js old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/js/bootstrap.js rename to roles/www_back_end/files/html/js/bootstrap.js diff --git a/roles/httpd/files/html/js/bootstrap.min.js b/roles/www_back_end/files/html/js/bootstrap.min.js old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/js/bootstrap.min.js rename to roles/www_back_end/files/html/js/bootstrap.min.js diff --git a/roles/httpd/files/html/js/bootstrap4.min.js b/roles/www_back_end/files/html/js/bootstrap4.min.js similarity index 100% rename from roles/httpd/files/html/js/bootstrap4.min.js rename to roles/www_back_end/files/html/js/bootstrap4.min.js diff --git a/roles/httpd/files/html/js/jquery.min.js b/roles/www_back_end/files/html/js/jquery.min.js old mode 100755 new mode 100644 similarity index 100% rename from roles/httpd/files/html/js/jquery.min.js rename to roles/www_back_end/files/html/js/jquery.min.js diff --git a/roles/httpd/files/html/services/power_off.php b/roles/www_back_end/files/html/services/power_off.php similarity index 100% rename from roles/httpd/files/html/services/power_off.php rename to roles/www_back_end/files/html/services/power_off.php diff --git a/roles/www_back_end/tasks/html.yml b/roles/www_back_end/tasks/html.yml new file mode 100644 index 000000000..a0f51e363 --- /dev/null +++ b/roles/www_back_end/tasks/html.yml @@ -0,0 +1,68 @@ +- name: Copy css files to {{ doc_root }}/common/css + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/css" # /library/www/html + # owner: root + # group: root + # mode: '0644' + with_fileglob: + - html/css/*.css + +- name: Copy js files to {{ doc_root }}/common/js + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/js" # /library/www/html + # owner: root + # group: root + # mode: '0644' + with_fileglob: + - html/js/*.js + +- name: Copy fonts files to {{ doc_root }}/common/fonts + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/fonts" # /library/www/html + # owner: root + # group: root + # mode: '0644' + with_fileglob: + - html/fonts/* + +- name: Copy html files to {{ doc_root }}/common/html + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/html" # /library/www/html + # owner: root + # group: root + # mode: '0644' + with_fileglob: + - html/html/* + +- name: Copy assets files to {{ doc_root }}/common/assets + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/assets" # /library/www/html + # owner: root + # group: root + # mode: '0644' + with_fileglob: + - html/assets/* + +# Copy all services, even if not permissioned elsewhere +- name: Copy services files to {{ doc_root }}/common/services + copy: + src: "{{ item }}" + dest: "{{ doc_root }}/common/services" # /library/www/html + # owner: root + # group: root + # mode: '0644' + with_fileglob: + - html/services/* + +- name: Symlink {{ doc_root }}/common/assets/iiab.ini -> {{ iiab_ini_file }} + file: + src: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + path: "{{ doc_root }}/common/assets/iiab.ini" # /library/www/html + # owner: root + # group: root + state: link diff --git a/roles/www_back_end/tasks/main.yml b/roles/www_back_end/tasks/main.yml new file mode 100644 index 000000000..12741954f --- /dev/null +++ b/roles/www_back_end/tasks/main.yml @@ -0,0 +1,64 @@ +# Role "www_back_end" runs here, probably in 3-BASE-SERVER. +# Role "www_front_end" runs later, likely in 4-SERVER-OPTIONS. +# +# (Don't take either name too literally!) + + +- include_tasks: html.yml + + +- include_tasks: php-stem.yml + +# 2020-02-12: DOES THE FLAG BELOW (apache_high_php_limits) WORK WITH NGINX TOO? +# COMPARE apache_allow_sudo @ roles/www_front_end/tasks/main.yml + +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively + lineinfile: + path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + when: apache_high_php_limits | bool + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + + +- name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_front_end/tasks/main.yml + file: + state: directory + path: "{{ doc_root }}/home" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + # mode: '0755' + +- name: Create dir {{ doc_root }}/info for http://box/info offline docs + file: + state: directory + path: "{{ doc_root }}/info" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + # mode: '0755' + +- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) + template: + src: iiab-refresh-wiki-docs.sh + dest: /usr/bin/iiab-refresh-wiki-docs + mode: '0755' + + +# RECORD www_back_end AS INSTALLED + +- name: "Set 'www_back_end_installed: True'" + set_fact: + www_back_end_installed: True + +- name: "Add 'www_back_end_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^www_back_end_installed' + line: 'www_back_end_installed: True' diff --git a/roles/httpd/tasks/php-stem.yml b/roles/www_back_end/tasks/php-stem.yml similarity index 93% rename from roles/httpd/tasks/php-stem.yml rename to roles/www_back_end/tasks/php-stem.yml index 395c69378..8678e4d33 100644 --- a/roles/httpd/tasks/php-stem.yml +++ b/roles/www_back_end/tasks/php-stem.yml @@ -23,7 +23,7 @@ remote_src: yes when: ansible_machine == "x86_64" -# link to php done in nginx when php-fpm is installed +# link to php done in roles/nginx/tasks/install.yml when php-fpm is installed # Not sure what to do for apache, so do nothing for now diff --git a/roles/httpd/templates/refresh-wiki-docs.sh b/roles/www_back_end/templates/iiab-refresh-wiki-docs.sh similarity index 100% rename from roles/httpd/templates/refresh-wiki-docs.sh rename to roles/www_back_end/templates/iiab-refresh-wiki-docs.sh diff --git a/roles/www_front_end/tasks/main.yml b/roles/www_front_end/tasks/main.yml new file mode 100644 index 000000000..af3672bbe --- /dev/null +++ b/roles/www_front_end/tasks/main.yml @@ -0,0 +1,76 @@ +# Role "www_back_end" runs earlier, likely in 3-BASE-SERVER. +# Role "www_front_end" runs here, probably in 4-SERVER-OPTIONS. +# +# (Don't take either name too literally!) + + +# HOMEPAGE + +- name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.) + file: + state: directory + path: "{{ doc_root }}{{ iiab_home_url }}" # /library/www/html/home + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: '0755' + +# Used to be run by httpd/tasks/install.yml +- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" + include_tasks: roles/httpd/tasks/homepage.yml + when: apache_install | bool + +# Used to be run by nginx/tasks/install.yml +- name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install + include_tasks: roles/nginx/tasks/homepage.yml + when: nginx_install | bool + + +# 'Is a "Rapid Power Off" button possible for low-electricity environments?' +# gives more details here: http://FAQ.IIAB.IO + +# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ? +# COMPARE apache_high_php_limits @ roles/www_back_end/tasks/main.yml + +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template + template: + src: 020_apache_poweroff.j2 + dest: /etc/sudoers.d/020_apache_poweroff + mode: '0755' + when: apache_allow_sudo | bool + +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff + file: + path: /etc/sudoers.d/020_apache_poweroff + state: absent + when: not apache_allow_sudo + + +- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_back_end/tasks/main.yml) + command: /usr/bin/iiab-refresh-wiki-docs + when: internet_available and not nodocs + + +- name: (Re)Start '{{ apache_service }}' systemd service, if apache_enabled + systemd: + name: "{{ apache_service }}" # apache2 on debuntu + state: restarted + when: apache_enabled | bool + +- name: (Re)Start 'nginx' systemd service, if nginx_enabled + systemd: + name: nginx + state: restarted + when: nginx_enabled | bool + + +# RECORD www_front_end AS INSTALLED + +- name: "Set 'www_front_end_installed: True'" + set_fact: + www_front_end_installed: True + +- name: "Add 'www_front_end_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^www_front_end_installed' + line: 'www_front_end_installed: True' diff --git a/roles/httpd/templates/020_apache_poweroff.j2 b/roles/www_front_end/templates/020_apache_poweroff.j2 similarity index 100% rename from roles/httpd/templates/020_apache_poweroff.j2 rename to roles/www_front_end/templates/020_apache_poweroff.j2 diff --git a/tests/test.yml b/tests/test.yml index 26f0b40b6..a79a8d2e1 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -16,8 +16,12 @@ #- { role: ajenti } #- { role: authserver } - { role: awstats } + - { role: azuracast } + - { role: bluetooth } - { role: calibre } - { role: calibre-web } + - { role: captiveportal } + #- { role: cham } - { role: cups } #- { role: debian_schooltool } #- { role: docker } @@ -25,28 +29,37 @@ #- { role: ejabberd } #- { role: ejabberd_xs } - { role: elgg } - - { role: homepage } + - { role: gitea } + #- { role: homepage } - { role: httpd } #- { role: idmgr } - { role: iiab-admin } + - { role: internetarchive } - { role: kalite } - { role: kiwix } - { role: kolibri } - { role: lokole } - { role: mediawiki } + - { role: minetest } - { role: mongodb } - { role: monit } - { role: moodle } #- { role: moodle-1.9 } + - { role: mosquitto } - { role: munin } - { role: mysql } - { role: network } - { role: nextcloud } + - { role: nginx } + - { role: nodejs } + - { role: nodered } #- { role: nodogsplash } - { role: openvpn } + - { role: osm-vector-maps } #- { role: osm } #- { role: owncloud } #- { role: pathagar } + - { role: pbx } - { role: phpmyadmin } - { role: postgresql } #- { role: rachel } @@ -60,6 +73,9 @@ - { role: usb_lib } - { role: vnstat } - { role: wordpress } + - { role: www_back_end } + - { role: www_front_end } + - { role: yarn } #- { roles: xovis } # Let's try to keep the above list synchronized with: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 23f845f85..17b435793 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -538,15 +538,15 @@ watchdog: - postgresql - squid -munin_install: True -munin_enabled: True +munin_install: False +munin_enabled: False # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False -vnstat_install: True -vnstat_enabled: True +vnstat_install: False +vnstat_enabled: False # 9-LOCAL-ADDONS diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index d3bbf38b4..c85943b5c 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -322,15 +322,15 @@ awstats_enabled: True monit_install: False monit_enabled: False -munin_install: True -munin_enabled: True +munin_install: False +munin_enabled: False # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False -vnstat_install: True -vnstat_enabled: True +vnstat_install: False +vnstat_enabled: False # 9-LOCAL-ADDONS diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index bbfe4755c..c4b783739 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -322,15 +322,15 @@ awstats_enabled: True monit_install: False monit_enabled: False -munin_install: True -munin_enabled: True +munin_install: False +munin_enabled: False # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False -vnstat_install: True -vnstat_enabled: True +vnstat_install: False +vnstat_enabled: False # 9-LOCAL-ADDONS