From 03748e4de7072c235f7b9cb821cf2a9e24d83827 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 24 Jan 2020 03:25:49 -0600 Subject: [PATCH 01/31] split out apache install from httpd --- roles/3-base-server/tasks/main.yml | 11 +++++++---- roles/httpd/tasks/main.yml | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 3575e9645..1b76dca9c 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,21 +3,24 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: HTTPD (APACHE) +- name: HTTPD include_role: name: httpd - when: apache_install | bool - name: MYSQL include_role: name: mysql when: mysql_install | bool -- name: Install NGINX (configured LATER, in Stage 9-LOCAL-ADDONS) +- name: Install APACHE (configured LATER, in Stage 4) + include_tasks: roles/httpd/tasks/install.yml + when: apache_install | bool + +- name: Install NGINX (configured LATER, in Stage 4) include_tasks: roles/nginx/tasks/install.yml when: nginx_install | bool -- name: Install dnsmasq +- name: Install dnsmasq (configured LATER, in network) include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 945c3e7d4..e4fdd9c5c 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -9,7 +9,7 @@ # - And that we really don't want to invoke it hereunder? # - Save relevant apache_* vars to /etc/iiab/iiab.ini -- include_tasks: install.yml +#- include_tasks: install.yml - include_tasks: html.yml - include_tasks: php-stem.yml From f2395ec8d9c80f6684a882e53da7fc11556eba77 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 25 Jan 2020 23:45:36 -0600 Subject: [PATCH 02/31] homepage used by apache --- roles/4-server-options/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 9f94cde9e..16ce4adc4 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -29,10 +29,10 @@ # This is in Stage 4-SERVER-OPTIONS (rather than 3-BASE-SERVER) because var # iiab_home_url changes, and may need to be re-run in the field/offline/etc. -- name: HOMEPAGE +- name: HOMEPAGE under Apache include_role: name: homepage - # has no "when: XXXXX_install" flag + when: not nginx_enabled - name: CUPS include_role: From 01913a8e540cf062f949e0bed746238b533dd95c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Fri, 7 Feb 2020 01:22:12 -0600 Subject: [PATCH 03/31] didn't move yet --- roles/3-base-server/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 1b76dca9c..18c9baffd 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -12,11 +12,11 @@ name: mysql when: mysql_install | bool -- name: Install APACHE (configured LATER, in Stage 4) +- name: Install APACHE (configured LATER, in Stage 9) include_tasks: roles/httpd/tasks/install.yml when: apache_install | bool -- name: Install NGINX (configured LATER, in Stage 4) +- name: Install NGINX (configured LATER, in Stage 9) include_tasks: roles/nginx/tasks/install.yml when: nginx_install | bool From 1d4591478a8e3a46da12b96ab2d5c7e498a87e74 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 03:08:16 -0500 Subject: [PATCH 04/31] Cleaner roles/httpd & roles/nginx --- .../httpd-enable/tasks/main.yml | 0 roles/3-base-server/tasks/main.yml | 23 ++-- roles/4-server-options/tasks/main.yml | 21 +++- roles/9-local-addons/tasks/main.yml | 42 ++++--- .../files/{osm.conf => osm.conf.deprecated} | 0 roles/httpd/tasks/enable.yml | 69 ---------- roles/httpd/tasks/install.yml | 43 ++++--- roles/httpd/tasks/main.yml | 85 +++++++++++-- .../{httpd.j2 => httpd.j2.deprecated} | 0 .../{iiab-http => iiab-http.deprecated} | 0 .../{iiab-http.j2 => iiab-http.j2.deprecated} | 0 .../{php.ini.j2 => php.ini.j2.deprecated} | 0 roles/internetarchive/tasks/main.yml | 2 +- roles/nginx/tasks/enable-or-disable.yml | 40 ++++++ roles/nginx/tasks/install.yml | 35 ++++-- roles/nginx/tasks/main.yml | 119 ++++++++---------- .../files/html/assets/lang_codes.json | 0 .../files/html/css/bootstrap-theme.css | 0 .../files/html/css/bootstrap-theme.css.map | 0 .../files/html/css/bootstrap-theme.min.css | 0 .../html/css/bootstrap-theme.min.css.map | 0 .../files/html/css/bootstrap.css | 0 .../files/html/css/bootstrap.css.map | 0 .../files/html/css/bootstrap.min.css | 0 .../files/html/css/bootstrap.min.css.map | 0 .../files/html/css/bootstrap4.min.css | 0 .../files/html/css/fa.all.min.css | 0 .../files/html/css/font-faces.css | 0 .../files/html/css/xo-common.css | 0 .../bubblegum-sans-v6-latin-regular.woff | Bin .../bubblegum-sans-v6-latin-regular.woff2 | Bin .../files/html/fonts/fa-solid-900.woff | Bin .../files/html/fonts/fa-solid-900.woff2 | Bin .../fonts/finger-paint-v7-latin-regular.woff | Bin .../fonts/finger-paint-v7-latin-regular.woff2 | Bin .../html/fonts/flavors-v6-latin-regular.woff | Bin .../html/fonts/flavors-v6-latin-regular.woff2 | Bin .../fonts/freckle-face-v6-latin-regular.woff | Bin .../fonts/freckle-face-v6-latin-regular.woff2 | Bin .../fonts/glyphicons-halflings-regular.eot | Bin .../fonts/glyphicons-halflings-regular.svg | 0 .../fonts/glyphicons-halflings-regular.ttf | Bin .../fonts/glyphicons-halflings-regular.woff | Bin .../html/fonts/open-sans-v15-latin-600.woff | Bin .../html/fonts/open-sans-v15-latin-600.woff2 | Bin .../html/fonts/open-sans-v15-latin-700.woff | Bin .../html/fonts/open-sans-v15-latin-700.woff2 | Bin .../fonts/open-sans-v15-latin-regular.woff | Bin .../fonts/open-sans-v15-latin-regular.woff2 | Bin .../files/html/html/credits.html | 0 .../files/html/js/Markdown.Converter.js | 0 .../files/html/js/Markdown.Sanitizer.js | 0 .../files/html/js/XMLDisplay.js | 0 .../files/html/js/bootstrap.js | 0 .../files/html/js/bootstrap.min.js | 0 .../files/html/js/bootstrap4.min.js | 0 .../files/html/js/jquery.min.js | 0 .../files/html/services/power_off.php | 0 roles/{httpd => web_support}/tasks/html.yml | 0 roles/web_support/tasks/main.yml | 36 ++++++ .../{httpd => web_support}/tasks/php-stem.yml | 2 +- .../templates/020_apache_poweroff.j2 | 0 .../templates/iiab-refresh-wiki-docs.sh} | 0 63 files changed, 311 insertions(+), 206 deletions(-) rename roles/{ => 0-DEPRECATED-ROLES}/httpd-enable/tasks/main.yml (100%) rename roles/httpd/files/{osm.conf => osm.conf.deprecated} (100%) delete mode 100644 roles/httpd/tasks/enable.yml rename roles/httpd/templates/{httpd.j2 => httpd.j2.deprecated} (100%) rename roles/httpd/templates/{iiab-http => iiab-http.deprecated} (100%) rename roles/httpd/templates/{iiab-http.j2 => iiab-http.j2.deprecated} (100%) rename roles/httpd/templates/{php.ini.j2 => php.ini.j2.deprecated} (100%) create mode 100644 roles/nginx/tasks/enable-or-disable.yml rename roles/{httpd => web_support}/files/html/assets/lang_codes.json (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap-theme.css (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap-theme.css.map (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap-theme.min.css (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap-theme.min.css.map (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap.css (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap.css.map (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap.min.css (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap.min.css.map (100%) rename roles/{httpd => web_support}/files/html/css/bootstrap4.min.css (100%) rename roles/{httpd => web_support}/files/html/css/fa.all.min.css (100%) rename roles/{httpd => web_support}/files/html/css/font-faces.css (100%) rename roles/{httpd => web_support}/files/html/css/xo-common.css (100%) rename roles/{httpd => web_support}/files/html/fonts/bubblegum-sans-v6-latin-regular.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 (100%) rename roles/{httpd => web_support}/files/html/fonts/fa-solid-900.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/fa-solid-900.woff2 (100%) rename roles/{httpd => web_support}/files/html/fonts/finger-paint-v7-latin-regular.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/finger-paint-v7-latin-regular.woff2 (100%) rename roles/{httpd => web_support}/files/html/fonts/flavors-v6-latin-regular.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/flavors-v6-latin-regular.woff2 (100%) rename roles/{httpd => web_support}/files/html/fonts/freckle-face-v6-latin-regular.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/freckle-face-v6-latin-regular.woff2 (100%) rename roles/{httpd => web_support}/files/html/fonts/glyphicons-halflings-regular.eot (100%) rename roles/{httpd => web_support}/files/html/fonts/glyphicons-halflings-regular.svg (100%) rename roles/{httpd => web_support}/files/html/fonts/glyphicons-halflings-regular.ttf (100%) rename roles/{httpd => web_support}/files/html/fonts/glyphicons-halflings-regular.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/open-sans-v15-latin-600.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/open-sans-v15-latin-600.woff2 (100%) rename roles/{httpd => web_support}/files/html/fonts/open-sans-v15-latin-700.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/open-sans-v15-latin-700.woff2 (100%) rename roles/{httpd => web_support}/files/html/fonts/open-sans-v15-latin-regular.woff (100%) rename roles/{httpd => web_support}/files/html/fonts/open-sans-v15-latin-regular.woff2 (100%) rename roles/{httpd => web_support}/files/html/html/credits.html (100%) rename roles/{httpd => web_support}/files/html/js/Markdown.Converter.js (100%) rename roles/{httpd => web_support}/files/html/js/Markdown.Sanitizer.js (100%) rename roles/{httpd => web_support}/files/html/js/XMLDisplay.js (100%) rename roles/{httpd => web_support}/files/html/js/bootstrap.js (100%) rename roles/{httpd => web_support}/files/html/js/bootstrap.min.js (100%) rename roles/{httpd => web_support}/files/html/js/bootstrap4.min.js (100%) rename roles/{httpd => web_support}/files/html/js/jquery.min.js (100%) rename roles/{httpd => web_support}/files/html/services/power_off.php (100%) rename roles/{httpd => web_support}/tasks/html.yml (100%) create mode 100644 roles/web_support/tasks/main.yml rename roles/{httpd => web_support}/tasks/php-stem.yml (93%) rename roles/{httpd => web_support}/templates/020_apache_poweroff.j2 (100%) rename roles/{httpd/templates/refresh-wiki-docs.sh => web_support/templates/iiab-refresh-wiki-docs.sh} (100%) diff --git a/roles/httpd-enable/tasks/main.yml b/roles/0-DEPRECATED-ROLES/httpd-enable/tasks/main.yml similarity index 100% rename from roles/httpd-enable/tasks/main.yml rename to roles/0-DEPRECATED-ROLES/httpd-enable/tasks/main.yml diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 18c9baffd..e42cefcef 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,24 +3,29 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: HTTPD - include_role: - name: httpd - - name: MYSQL include_role: name: mysql when: mysql_install | bool -- name: Install APACHE (configured LATER, in Stage 9) - include_tasks: roles/httpd/tasks/install.yml +- name: WEB_SUPPORT + include_role: + name: web_support + #when: web_support_install | bool + when: apache_install or nginx_install + +- name: APACHE (install now, configure LATER in Stage 9) + include_role: + name: httpd when: apache_install | bool -- name: Install NGINX (configured LATER, in Stage 9) - include_tasks: roles/nginx/tasks/install.yml +- name: NGINX (install now, configure LATER in Stage 9) + include_role: + name: nginx + #include_tasks: roles/nginx/tasks/install.yml when: nginx_install | bool -- name: Install dnsmasq (configured LATER, in network) +- name: dnsmasq (install now, configure LATER in 'network') include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 16ce4adc4..7af710e70 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -20,7 +20,7 @@ - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth - when: is_rpi and bluetooth_install # or bluetooth_installed is defined + when: is_rpi and bluetooth_install - name: USB_LIB include_role: @@ -37,12 +37,27 @@ - name: CUPS include_role: name: cups - when: cups_install # or cups_installed is defined + when: cups_install | bool - name: SAMBA include_role: name: samba - when: samba_install # or samba_installed is defined + when: samba_install | bool + +# DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ? + +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template + template: + src: 020_apache_poweroff.j2 + dest: /etc/sudoers.d/020_apache_poweroff + mode: '0755' + when: apache_allow_sudo | bool + +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff + file: + path: /etc/sudoers.d/020_apache_poweroff + state: absent + when: not apache_allow_sudo - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) command: /usr/bin/iiab-refresh-wiki-docs diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 7a9448a71..2ab2ce0b2 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -30,24 +30,34 @@ name: calibre-web when: calibreweb_install | bool -# Could split these two below to Stage 10? +# Could split these two below to Stage 10? 2020-02-11: Experimentally moving +# stuff below to roles/web_support, 4-server-options, roles/httpd, roles/nginx. -- name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True - include_role: - name: nginx - when: nginx_enabled | bool # WAS: nginx_install -# If just CONFIGURING (etc) shouldn't we use one of the following instead ?? -# include_tasks: roles/nginx/tasks/setup.yml -# include_tasks: roles/nginx/tasks/enable.yml +# - name: "Set 'nginx_enabled: True'" +# set_fact: +# nginx_enabled: True +# +# - name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True +# include_role: +# name: nginx +# when: nginx_enabled | bool # WAS: nginx_install +# # If just CONFIGURING (etc) shouldn't we use one of the following instead ?? +# # include_tasks: roles/nginx/tasks/setup.yml +# # include_tasks: roles/nginx/tasks/enable.yml -- name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True - include_role: - name: httpd-enable - when: apache_enabled | bool # WAS: apache_install -# WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE! -# https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44 -# Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -# 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml +# - name: "Set 'apache_enabled: True'" +# set_fact: +# apache_enabled: True +# +# - name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True +# include_role: +# name: httpd +# #name: httpd-enable +# when: apache_enabled | bool # WAS: apache_install +# # WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE! +# # https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44 +# # Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md +# # 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: diff --git a/roles/httpd/files/osm.conf b/roles/httpd/files/osm.conf.deprecated similarity index 100% rename from roles/httpd/files/osm.conf rename to roles/httpd/files/osm.conf.deprecated diff --git a/roles/httpd/tasks/enable.yml b/roles/httpd/tasks/enable.yml deleted file mode 100644 index 280dfdd02..000000000 --- a/roles/httpd/tasks/enable.yml +++ /dev/null @@ -1,69 +0,0 @@ -# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively - lineinfile: - path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - when: apache_high_php_limits | bool - with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - -- name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: 0644 - with_items: - - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' } - - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' } - -- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu) - file: - src: "/etc/{{ apache_conf_dir }}/010-iiab.conf" - path: /etc/apache2/sites-enabled/010-iiab.conf - state: link - when: is_debuntu | bool - -# SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways) -- name: Install /etc/{{ apache_conf_dir }}/osm.conf for http://box/maps (all OS's) - copy: - src: roles/httpd/files/osm.conf - dest: "/etc/{{ apache_conf_dir }}" - # owner: root - # group: root - # mode: 0644 - when: osm_vector_maps_install | bool - -- name: Symlink /etc/apache2/sites-enabled/osm.conf -> /etc/{{ apache_conf_dir }}/osm.conf (debuntu) - file: - src: "/etc/{{ apache_conf_dir }}/osm.conf" - path: /etc/apache2/sites-enabled/osm.conf - state: link - when: is_debuntu and osm_vector_maps_enabled - -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template - template: - src: roles/httpd/templates/020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff - mode: 0755 - when: apache_allow_sudo | bool - -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff - file: - path: /etc/sudoers.d/020_apache_poweroff - state: absent - when: not apache_allow_sudo - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - state: restarted - enabled: yes - daemon_reload: yes diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index 03fb3cdf7..df3998db9 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -49,7 +49,7 @@ state: present when: is_redhat | bool -# remove symlinks for mpm-event, replace with mpm-prefork +# Remove symlinks for mpm_event, replace with mpm_prefork - name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) file: path: "/etc/apache2/mods-enabled/{{ item }}" @@ -69,6 +69,19 @@ - mpm_prefork.load when: is_debuntu | bool +# - name: Remove mpm_event.conf & mpm_event.load symlinks, using a2dissite +# command: "a2dissite {{ item }}" +# with_items: +# - mpm_event.conf +# - mpm_event.load +# ignore_errors: yes +# +# - name: Symlink mpm_prefork.conf & mpm_prefork.load, using a2ensite +# command: "a2ensite {{ item }}" +# with_items: +# - mpm_prefork.conf +# - mpm_prefork.load + #- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)' # command: a2enmod {{ item }} # with_items: @@ -100,11 +113,11 @@ - name: Create Apache's pid dir /var/run/{{ apache_user }} file: + state: directory path: "/var/run/{{ apache_user }}" owner: root group: root mode: '0755' - state: directory - name: 'Create group: admin' group: @@ -120,25 +133,25 @@ - name: Create Apache dir /var/log/{{ apache_service }} file: + state: directory path: "/var/log/{{ apache_service }}" owner: "{{ apache_user }}" group: "{{ apache_user }}" mode: '0755' - state: directory -- name: Enable Apache systemd service ({{ apache_service }}) - service: - name: "{{ apache_service }}" - enabled: yes - state: stopped +- name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' } + - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' } -- name: Create /library/www/html/info directory for http://box/info offline docs - file: - path: "{{ doc_root }}/info" - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: '0755' - state: directory +# - name: Enable & Stop '{{ apache_service }}' systemd service +# systemd: +# name: "{{ apache_service }}" +# enabled: yes +# state: stopped # RECORD Apache AS INSTALLED diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index e4fdd9c5c..266ab1693 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,20 +1,83 @@ # 2020-01-23 TO DO / Questions: -# - Validate input vars apache_install & apache_enabled here. +# - [DONE] Validate input vars apache_install & apache_enabled here. # - Use as nec, with 'when: apache_installed is undefined' -# - Encapsulate all 3 tasks below into httpd/roles/install.yml ? +# - [DONE: moved them to roles/web_support] Encapsulate all 3 tasks below into httpd/roles/install.yml ? # - Similarly sanity-check httpd/roles/enable.yml or httpd/roles/enable-or-disable.yml... # - Verify that 9-local-addons/tasks/main.yml's invocation of # roles/httpd/tasks/enable.yml (via roles/httpd-enable/tasks/main.yml, if # apache_enabled is True) does the right thing! # - And that we really don't want to invoke it hereunder? -# - Save relevant apache_* vars to /etc/iiab/iiab.ini +# - [DONE] Save relevant apache_* vars to /etc/iiab/iiab.ini -#- include_tasks: install.yml -- include_tasks: html.yml -- include_tasks: php-stem.yml +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) - template: - src: refresh-wiki-docs.sh - dest: /usr/bin/iiab-refresh-wiki-docs - mode: '0755' +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "apache_install is sameas true" (boolean not string etc) + assert: + that: apache_install is sameas true + fail_msg: "PLEASE SET 'apache_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "apache_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: apache_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'apache_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- debug: + var: apache_install +- debug: + var: apache_enabled +- debug: + var: apache_installed + + +- name: Install Apache if 'apache_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: apache_installed is undefined + + +- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf', if apache_enabled" + command: a2ensite 010-iiab.conf + when: apache_enabled | bool + +- name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite 010-iiab.conf', if not apache_enabled" + command: a2dissite 010-iiab.conf + when: not apache_enabled + +- name: Enable & (Re)Start {{ apache_service }} systemd service, if apache_enabled + systemd: + name: "{{ apache_service }}" + daemon_reload: yes + enabled: yes + state: restarted + when: apache_enabled | bool + +- name: Disable & Stop {{ apache_service }} systemd service, if not apache_enabled + systemd: + name: "{{ apache_service }}" + enabled: no + state: stopped + when: not apache_enabled + + +- name: Add 'apache' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: wordpress + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Apache + - option: description + value: '"The Apache HTTP Server (''httpd'')."' + - option: apache_install + value: "{{ apache_install }}" + - option: apache_enabled + value: "{{ apache_enabled }}" diff --git a/roles/httpd/templates/httpd.j2 b/roles/httpd/templates/httpd.j2.deprecated similarity index 100% rename from roles/httpd/templates/httpd.j2 rename to roles/httpd/templates/httpd.j2.deprecated diff --git a/roles/httpd/templates/iiab-http b/roles/httpd/templates/iiab-http.deprecated similarity index 100% rename from roles/httpd/templates/iiab-http rename to roles/httpd/templates/iiab-http.deprecated diff --git a/roles/httpd/templates/iiab-http.j2 b/roles/httpd/templates/iiab-http.j2.deprecated similarity index 100% rename from roles/httpd/templates/iiab-http.j2 rename to roles/httpd/templates/iiab-http.j2.deprecated diff --git a/roles/httpd/templates/php.ini.j2 b/roles/httpd/templates/php.ini.j2.deprecated similarity index 100% rename from roles/httpd/templates/php.ini.j2 rename to roles/httpd/templates/php.ini.j2.deprecated diff --git a/roles/internetarchive/tasks/main.yml b/roles/internetarchive/tasks/main.yml index 190880cf0..3b908a143 100644 --- a/roles/internetarchive/tasks/main.yml +++ b/roles/internetarchive/tasks/main.yml @@ -20,7 +20,7 @@ # 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza -# "UPDATE internetarchive" block should run whenever one is isn't installing +# "UPDATE internetarchive" block should run whenever one isn't installing # (or reinstalling) internetarchive, for now. We're aware this means slowness # during "./runrole internetarchive" but that's very intentional for now -- as # it leads to more testing of more recent versions of internetarchive, which diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml new file mode 100644 index 000000000..cf4c52488 --- /dev/null +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -0,0 +1,40 @@ +- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap + systemd: + name: "{{ apache_service }}" + state: stopped + +- name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only + template: + src: ports.conf.j2 + dest: "/etc/{{ apache_service }}/ports.conf" + when: nginx_enabled | bool + +- name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only + template: + src: stock-apache-ports.conf + dest: "/etc/{{ apache_service }}/ports.conf" + when: not nginx_enabled + +- name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it + systemd: + name: "{{ apache_service }}" + daemon_reload: yes + state: restarted + enabled: true + when: apache_enabled or not nginx_enabled + + +- name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled + systemd: + name: nginx + daemon_reload: yes + enabled: yes + state: restarted + when: nginx_enabled | bool + +- name: Disable & Stop 'nginx' systemd service, if not nginx_enabled + systemd: + name: nginx + enabled: no + state: stopped + when: not nginx_enabled diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index fcc04db91..d63c85e9e 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,4 +1,14 @@ -- name: Install NGINX required and helper packages +# This stanza can likely be removed later in 2020: +- name: 'Remove legacy files if present: /etc/systemd/system/uwsgi.service, {{ nginx_conf_dir }}/usb-lib.conf, {{ nginx_conf_dir }}/modules.conf' + file: + path: "{{ item.path }}" + state: absent + with_items: + - { path: "/etc/systemd/system/uwsgi.service" } + - { path: "{{ nginx_conf_dir }}/usb-lib.conf" } + - { path: "{{ nginx_conf_dir }}/modules.conf" } + +- name: Install required and helper packages for NGINX package: name: "{{ item }}" state: present @@ -9,7 +19,7 @@ - php-fpm - libnginx-mod-http-subs-filter -- name: Add http server user to shadow group, so it can authenticate Admin Console +- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console user: name: "{{ apache_user }}" groups: shadow @@ -19,29 +29,30 @@ path: /etc/nginx/sites-enabled/default state: absent -- name: 'Install 4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, /etc/systemd/system/uwsgi.service' +- name: 'Install 3-or-4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf' template: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - - { src: 'roles/nginx/templates/server.conf.j2', dest: '/etc/nginx/server.conf' } - - { src: 'roles/nginx/templates/nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - - { src: 'roles/nginx/templates/ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } + - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' } + - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } + #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # Moved to enable-or-disable.yml + - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } -# php stem extension is installed in role httpd +# php-stem extension installed by roles/web_support/tasks/php-stem.yml # here it is linked to php-fpm -- name: Create softlink 20-stem.ini to /etc/php/{{ php_version }}/mods-available/stem.ini +- name: Symlink /etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini -> /etc/php/{{ php_version }}/mods-available/stem.ini file: src: "/etc/php/{{ php_version }}/mods-available/stem.ini" path: "/etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini" state: link - when: nginx_enabled + #when: nginx_enabled | bool -- name: Restart php{{ php_version }}-fpm service - service: +- name: Restart php{{ php_version }}-fpm systemd service + systemd: name: "php{{ php_version }}-fpm" state: restarted - when: nginx_enabled + #when: nginx_enabled | bool # RECORD NGINX AS INSTALLED diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 567459612..54884bb0d 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,70 +1,51 @@ -- name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_conf_dir }} - file: - path: "{{ item.path }}" - state: absent +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "nginx_install is sameas true" (boolean not string etc) + assert: + that: nginx_install is sameas true + fail_msg: "PLEASE SET 'nginx_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "nginx_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: nginx_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'nginx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- debug: + var: nginx_install +- debug: + var: nginx_enabled +- debug: + var: nginx_installed + + +- name: Install NGINX if 'nginx_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nginx_installed is undefined + + +- include_tasks: enable-or-disable.yml + + +- name: Add 'nginx' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: wordpress + option: "{{ item.option }}" + value: "{{ item.value | string }}" with_items: - - { path: "/etc/systemd/system/uwsgi.service" } - - { path: "{{ nginx_conf_dir }}/usb-lib.conf" } - - { path: "{{ nginx_conf_dir }}/modules.conf" } - -- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap - systemd: - name: "{{ apache_service }}" - state: stopped - -- name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_conf_dir }}/iiab.conf" - template: - src: "{{ item.src}}" - dest: "{{ item.dest }}" - with_items: - - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' } - - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - - { src: 'ports.conf.j2', dest: "/etc/{{ apache_service }}/ports.conf" } - - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } - when: nginx_enabled | bool - -# the below slides in nginx's proxypass config files for apache on localhost -# via the ports.conf file installed above -#- name: Install proxpass to Apache running on localhost port {{ apache_port }} -# include_tasks: uses_apache.yml -# when: apache_enabled | bool - -# the below task contains the same logic contained in the playbooks to enable -# 'runrole nginx' to do the right thing but with the 'src' path set to role's -# templates path ie roles//template/ -#- name: Install proxpass to other services 'dual mode' roles -# include_tasks: only_nginx.yml -# when: nginx_enabled | bool - -- name: Stop & Disable 'nginx' systemd service, when not nginx_enabled - systemd: - name: nginx - state: stopped - enabled: false - when: not nginx_enabled - -- name: Disable Apache port {{ apache_port }} localhost only, when not nginx_enabled - template: - dest: /etc/{{ apache_service }}/ports.conf - src: stock-apache-ports.conf - when: not nginx_enabled - -# should have the logic to handle both modes in the playbook -#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled -# include_tasks: disable.yml -# when: not nginx_enabled - -- name: Enable & Restart Apache, since we stopped it ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - daemon_reload: yes - state: restarted - enabled: true - when: apache_enabled or not nginx_enabled - -- name: Enable & Restart NGINX, to pick up the config files installed - systemd: - name: nginx - state: restarted - enabled: true - when: nginx_enabled | bool + - option: name + value: NGINX + - option: description + value: '"NGINX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache."' + - option: nginx_install + value: "{{ nginx_install }}" + - option: nginx_enabled + value: "{{ nginx_enabled }}" diff --git a/roles/httpd/files/html/assets/lang_codes.json b/roles/web_support/files/html/assets/lang_codes.json similarity index 100% rename from roles/httpd/files/html/assets/lang_codes.json rename to roles/web_support/files/html/assets/lang_codes.json diff --git a/roles/httpd/files/html/css/bootstrap-theme.css b/roles/web_support/files/html/css/bootstrap-theme.css similarity index 100% rename from roles/httpd/files/html/css/bootstrap-theme.css rename to roles/web_support/files/html/css/bootstrap-theme.css diff --git a/roles/httpd/files/html/css/bootstrap-theme.css.map b/roles/web_support/files/html/css/bootstrap-theme.css.map similarity index 100% rename from roles/httpd/files/html/css/bootstrap-theme.css.map rename to roles/web_support/files/html/css/bootstrap-theme.css.map diff --git a/roles/httpd/files/html/css/bootstrap-theme.min.css b/roles/web_support/files/html/css/bootstrap-theme.min.css similarity index 100% rename from roles/httpd/files/html/css/bootstrap-theme.min.css rename to roles/web_support/files/html/css/bootstrap-theme.min.css diff --git a/roles/httpd/files/html/css/bootstrap-theme.min.css.map b/roles/web_support/files/html/css/bootstrap-theme.min.css.map similarity index 100% rename from roles/httpd/files/html/css/bootstrap-theme.min.css.map rename to roles/web_support/files/html/css/bootstrap-theme.min.css.map diff --git a/roles/httpd/files/html/css/bootstrap.css b/roles/web_support/files/html/css/bootstrap.css similarity index 100% rename from roles/httpd/files/html/css/bootstrap.css rename to roles/web_support/files/html/css/bootstrap.css diff --git a/roles/httpd/files/html/css/bootstrap.css.map b/roles/web_support/files/html/css/bootstrap.css.map similarity index 100% rename from roles/httpd/files/html/css/bootstrap.css.map rename to roles/web_support/files/html/css/bootstrap.css.map diff --git a/roles/httpd/files/html/css/bootstrap.min.css b/roles/web_support/files/html/css/bootstrap.min.css similarity index 100% rename from roles/httpd/files/html/css/bootstrap.min.css rename to roles/web_support/files/html/css/bootstrap.min.css diff --git a/roles/httpd/files/html/css/bootstrap.min.css.map b/roles/web_support/files/html/css/bootstrap.min.css.map similarity index 100% rename from roles/httpd/files/html/css/bootstrap.min.css.map rename to roles/web_support/files/html/css/bootstrap.min.css.map diff --git a/roles/httpd/files/html/css/bootstrap4.min.css b/roles/web_support/files/html/css/bootstrap4.min.css similarity index 100% rename from roles/httpd/files/html/css/bootstrap4.min.css rename to roles/web_support/files/html/css/bootstrap4.min.css diff --git a/roles/httpd/files/html/css/fa.all.min.css b/roles/web_support/files/html/css/fa.all.min.css similarity index 100% rename from roles/httpd/files/html/css/fa.all.min.css rename to roles/web_support/files/html/css/fa.all.min.css diff --git a/roles/httpd/files/html/css/font-faces.css b/roles/web_support/files/html/css/font-faces.css similarity index 100% rename from roles/httpd/files/html/css/font-faces.css rename to roles/web_support/files/html/css/font-faces.css diff --git a/roles/httpd/files/html/css/xo-common.css b/roles/web_support/files/html/css/xo-common.css similarity index 100% rename from roles/httpd/files/html/css/xo-common.css rename to roles/web_support/files/html/css/xo-common.css diff --git a/roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff b/roles/web_support/files/html/fonts/bubblegum-sans-v6-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff rename to roles/web_support/files/html/fonts/bubblegum-sans-v6-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 b/roles/web_support/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 rename to roles/web_support/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 diff --git a/roles/httpd/files/html/fonts/fa-solid-900.woff b/roles/web_support/files/html/fonts/fa-solid-900.woff similarity index 100% rename from roles/httpd/files/html/fonts/fa-solid-900.woff rename to roles/web_support/files/html/fonts/fa-solid-900.woff diff --git a/roles/httpd/files/html/fonts/fa-solid-900.woff2 b/roles/web_support/files/html/fonts/fa-solid-900.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/fa-solid-900.woff2 rename to roles/web_support/files/html/fonts/fa-solid-900.woff2 diff --git a/roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff b/roles/web_support/files/html/fonts/finger-paint-v7-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff rename to roles/web_support/files/html/fonts/finger-paint-v7-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff2 b/roles/web_support/files/html/fonts/finger-paint-v7-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/finger-paint-v7-latin-regular.woff2 rename to roles/web_support/files/html/fonts/finger-paint-v7-latin-regular.woff2 diff --git a/roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff b/roles/web_support/files/html/fonts/flavors-v6-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff rename to roles/web_support/files/html/fonts/flavors-v6-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff2 b/roles/web_support/files/html/fonts/flavors-v6-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/flavors-v6-latin-regular.woff2 rename to roles/web_support/files/html/fonts/flavors-v6-latin-regular.woff2 diff --git a/roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff b/roles/web_support/files/html/fonts/freckle-face-v6-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff rename to roles/web_support/files/html/fonts/freckle-face-v6-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff2 b/roles/web_support/files/html/fonts/freckle-face-v6-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/freckle-face-v6-latin-regular.woff2 rename to roles/web_support/files/html/fonts/freckle-face-v6-latin-regular.woff2 diff --git a/roles/httpd/files/html/fonts/glyphicons-halflings-regular.eot b/roles/web_support/files/html/fonts/glyphicons-halflings-regular.eot similarity index 100% rename from roles/httpd/files/html/fonts/glyphicons-halflings-regular.eot rename to roles/web_support/files/html/fonts/glyphicons-halflings-regular.eot diff --git a/roles/httpd/files/html/fonts/glyphicons-halflings-regular.svg b/roles/web_support/files/html/fonts/glyphicons-halflings-regular.svg similarity index 100% rename from roles/httpd/files/html/fonts/glyphicons-halflings-regular.svg rename to roles/web_support/files/html/fonts/glyphicons-halflings-regular.svg diff --git a/roles/httpd/files/html/fonts/glyphicons-halflings-regular.ttf b/roles/web_support/files/html/fonts/glyphicons-halflings-regular.ttf similarity index 100% rename from roles/httpd/files/html/fonts/glyphicons-halflings-regular.ttf rename to roles/web_support/files/html/fonts/glyphicons-halflings-regular.ttf diff --git a/roles/httpd/files/html/fonts/glyphicons-halflings-regular.woff b/roles/web_support/files/html/fonts/glyphicons-halflings-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/glyphicons-halflings-regular.woff rename to roles/web_support/files/html/fonts/glyphicons-halflings-regular.woff diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff b/roles/web_support/files/html/fonts/open-sans-v15-latin-600.woff similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff rename to roles/web_support/files/html/fonts/open-sans-v15-latin-600.woff diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff2 b/roles/web_support/files/html/fonts/open-sans-v15-latin-600.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-600.woff2 rename to roles/web_support/files/html/fonts/open-sans-v15-latin-600.woff2 diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff b/roles/web_support/files/html/fonts/open-sans-v15-latin-700.woff similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff rename to roles/web_support/files/html/fonts/open-sans-v15-latin-700.woff diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff2 b/roles/web_support/files/html/fonts/open-sans-v15-latin-700.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-700.woff2 rename to roles/web_support/files/html/fonts/open-sans-v15-latin-700.woff2 diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff b/roles/web_support/files/html/fonts/open-sans-v15-latin-regular.woff similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff rename to roles/web_support/files/html/fonts/open-sans-v15-latin-regular.woff diff --git a/roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff2 b/roles/web_support/files/html/fonts/open-sans-v15-latin-regular.woff2 similarity index 100% rename from roles/httpd/files/html/fonts/open-sans-v15-latin-regular.woff2 rename to roles/web_support/files/html/fonts/open-sans-v15-latin-regular.woff2 diff --git a/roles/httpd/files/html/html/credits.html b/roles/web_support/files/html/html/credits.html similarity index 100% rename from roles/httpd/files/html/html/credits.html rename to roles/web_support/files/html/html/credits.html diff --git a/roles/httpd/files/html/js/Markdown.Converter.js b/roles/web_support/files/html/js/Markdown.Converter.js similarity index 100% rename from roles/httpd/files/html/js/Markdown.Converter.js rename to roles/web_support/files/html/js/Markdown.Converter.js diff --git a/roles/httpd/files/html/js/Markdown.Sanitizer.js b/roles/web_support/files/html/js/Markdown.Sanitizer.js similarity index 100% rename from roles/httpd/files/html/js/Markdown.Sanitizer.js rename to roles/web_support/files/html/js/Markdown.Sanitizer.js diff --git a/roles/httpd/files/html/js/XMLDisplay.js b/roles/web_support/files/html/js/XMLDisplay.js similarity index 100% rename from roles/httpd/files/html/js/XMLDisplay.js rename to roles/web_support/files/html/js/XMLDisplay.js diff --git a/roles/httpd/files/html/js/bootstrap.js b/roles/web_support/files/html/js/bootstrap.js similarity index 100% rename from roles/httpd/files/html/js/bootstrap.js rename to roles/web_support/files/html/js/bootstrap.js diff --git a/roles/httpd/files/html/js/bootstrap.min.js b/roles/web_support/files/html/js/bootstrap.min.js similarity index 100% rename from roles/httpd/files/html/js/bootstrap.min.js rename to roles/web_support/files/html/js/bootstrap.min.js diff --git a/roles/httpd/files/html/js/bootstrap4.min.js b/roles/web_support/files/html/js/bootstrap4.min.js similarity index 100% rename from roles/httpd/files/html/js/bootstrap4.min.js rename to roles/web_support/files/html/js/bootstrap4.min.js diff --git a/roles/httpd/files/html/js/jquery.min.js b/roles/web_support/files/html/js/jquery.min.js similarity index 100% rename from roles/httpd/files/html/js/jquery.min.js rename to roles/web_support/files/html/js/jquery.min.js diff --git a/roles/httpd/files/html/services/power_off.php b/roles/web_support/files/html/services/power_off.php similarity index 100% rename from roles/httpd/files/html/services/power_off.php rename to roles/web_support/files/html/services/power_off.php diff --git a/roles/httpd/tasks/html.yml b/roles/web_support/tasks/html.yml similarity index 100% rename from roles/httpd/tasks/html.yml rename to roles/web_support/tasks/html.yml diff --git a/roles/web_support/tasks/main.yml b/roles/web_support/tasks/main.yml new file mode 100644 index 000000000..d6accbdc9 --- /dev/null +++ b/roles/web_support/tasks/main.yml @@ -0,0 +1,36 @@ +- include_tasks: html.yml + + +- include_tasks: php-stem.yml + +# DOES THE FLAG BELOW (apache_high_php_limits) WORK WITH NGINX TOO? + +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively + lineinfile: + path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + when: apache_high_php_limits | bool + with_items: + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } + - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } + + +- name: Create dir {{ doc_root }}/info for http://box/info offline docs + file: + state: directory + path: "{{ doc_root }}/info" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + #mode: '0755' + +- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) + template: + src: iiab-refresh-wiki-docs.sh + dest: /usr/bin/iiab-refresh-wiki-docs + mode: '0755' diff --git a/roles/httpd/tasks/php-stem.yml b/roles/web_support/tasks/php-stem.yml similarity index 93% rename from roles/httpd/tasks/php-stem.yml rename to roles/web_support/tasks/php-stem.yml index 395c69378..8678e4d33 100644 --- a/roles/httpd/tasks/php-stem.yml +++ b/roles/web_support/tasks/php-stem.yml @@ -23,7 +23,7 @@ remote_src: yes when: ansible_machine == "x86_64" -# link to php done in nginx when php-fpm is installed +# link to php done in roles/nginx/tasks/install.yml when php-fpm is installed # Not sure what to do for apache, so do nothing for now diff --git a/roles/httpd/templates/020_apache_poweroff.j2 b/roles/web_support/templates/020_apache_poweroff.j2 similarity index 100% rename from roles/httpd/templates/020_apache_poweroff.j2 rename to roles/web_support/templates/020_apache_poweroff.j2 diff --git a/roles/httpd/templates/refresh-wiki-docs.sh b/roles/web_support/templates/iiab-refresh-wiki-docs.sh similarity index 100% rename from roles/httpd/templates/refresh-wiki-docs.sh rename to roles/web_support/templates/iiab-refresh-wiki-docs.sh From 5247b7f00c9221346500603707cc14d0749c1c39 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 03:14:57 -0500 Subject: [PATCH 05/31] Update roles/3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index e42cefcef..648388ca0 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -14,15 +14,14 @@ #when: web_support_install | bool when: apache_install or nginx_install -- name: APACHE (install now, configure LATER in Stage 9) +- name: APACHE include_role: name: httpd when: apache_install | bool -- name: NGINX (install now, configure LATER in Stage 9) +- name: NGINX include_role: name: nginx - #include_tasks: roles/nginx/tasks/install.yml when: nginx_install | bool - name: dnsmasq (install now, configure LATER in 'network') From 1779f9db40c32576402451248a1ae51113b7c777 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 03:38:04 -0500 Subject: [PATCH 06/31] Update 3-base-server & 4-server-options --- roles/3-base-server/tasks/main.yml | 4 ++-- roles/4-server-options/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 648388ca0..4c4b0fff9 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -14,7 +14,7 @@ #when: web_support_install | bool when: apache_install or nginx_install -- name: APACHE +- name: HTTPD (Apache) include_role: name: httpd when: apache_install | bool @@ -24,7 +24,7 @@ name: nginx when: nginx_install | bool -- name: dnsmasq (install now, configure LATER in 'network') +- name: dnsmasq (install now, configure LATER in 'network', after Stage 9) include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install | bool diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 7af710e70..c72b27065 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -48,7 +48,7 @@ - name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template template: - src: 020_apache_poweroff.j2 + src: roles/web_support/templates/020_apache_poweroff.j2 dest: /etc/sudoers.d/020_apache_poweroff mode: '0755' when: apache_allow_sudo | bool From 7b067ca2ab500bb6858b31523d254839b6a5ee42 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 04:02:50 -0500 Subject: [PATCH 07/31] Update internetarchive/tasks/install.yml --- roles/internetarchive/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 3985956a9..41896e647 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -41,7 +41,7 @@ state: absent path: "{{ internetarchive_dir }}/node_modules" -- name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~15 MINUTES) +- name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~5 MINUTES) shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror args: chdir: "{{ internetarchive_dir }}" From ac8e160e522b4d9bf63a550b974cf14b6d86404f Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 05:23:57 -0500 Subject: [PATCH 08/31] Interim solution to iiab_home_url not being softcoded --- .../homepage/tasks/main.yml | 21 ++++++++++++++ .../homepage/templates/iiab-homepage.conf | 0 roles/3-base-server/tasks/main.yml | 1 - roles/4-server-options/tasks/main.yml | 10 +++---- roles/homepage/tasks/main.yml | 19 ------------ roles/httpd/tasks/install.yml | 29 +++++++++++++++++++ roles/httpd/tasks/main.yml | 8 ----- roles/httpd/templates/iiab-homepage.conf | 9 ++++++ roles/web_support/tasks/main.yml | 11 +++++++ 9 files changed, 74 insertions(+), 34 deletions(-) create mode 100644 roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml rename roles/{ => 0-DEPRECATED-ROLES}/homepage/templates/iiab-homepage.conf (100%) delete mode 100644 roles/homepage/tasks/main.yml create mode 100644 roles/httpd/templates/iiab-homepage.conf diff --git a/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml b/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml new file mode 100644 index 000000000..10203e4cd --- /dev/null +++ b/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml @@ -0,0 +1,21 @@ +- name: Create dir {{ doc_root }}/home + file: + state: directory + path: "{{ doc_root }}/home" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: '0755' + +- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/ + template: + src: iiab-homepage.conf + dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" + +#- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu) +- name: Enable iiab-homepage.conf via Apache + command: a2ensite: iiab-homepage.conf + # file: + # src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" + # path: /etc/apache2/sites-enabled/iiab-homepage.conf + # state: link + # when: is_debuntu | bool diff --git a/roles/homepage/templates/iiab-homepage.conf b/roles/0-DEPRECATED-ROLES/homepage/templates/iiab-homepage.conf similarity index 100% rename from roles/homepage/templates/iiab-homepage.conf rename to roles/0-DEPRECATED-ROLES/homepage/templates/iiab-homepage.conf diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 4c4b0fff9..715d59b1c 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -11,7 +11,6 @@ - name: WEB_SUPPORT include_role: name: web_support - #when: web_support_install | bool when: apache_install or nginx_install - name: HTTPD (Apache) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index c72b27065..ebe33c7ab 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -27,12 +27,10 @@ name: usb_lib when: usb_lib_install | bool -# This is in Stage 4-SERVER-OPTIONS (rather than 3-BASE-SERVER) because var -# iiab_home_url changes, and may need to be re-run in the field/offline/etc. -- name: HOMEPAGE under Apache - include_role: - name: homepage - when: not nginx_enabled +# 2020-02-12: what was roles/homepage lives in roles/web_support & roles/httpd +# for now. Eventually softcoding of iiab_home_url should happen everywhere +# (incl Admin Console) to allow more field options, e.g. changing +# /library/www/html/home even when offline... - name: CUPS include_role: diff --git a/roles/homepage/tasks/main.yml b/roles/homepage/tasks/main.yml deleted file mode 100644 index d54a806ee..000000000 --- a/roles/homepage/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ -- name: Create dir {{ doc_root }}/home - file: - path: "{{ doc_root }}/home" - owner: "{{ apache_user }}" - group: "{{ apache_user }}" - mode: 0755 - state: directory - -- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/ - template: - src: iiab-homepage.conf - dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" - -- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu) - file: - src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" - path: /etc/apache2/sites-enabled/iiab-homepage.conf - state: link - when: is_debuntu | bool diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index df3998db9..076488a85 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -147,6 +147,35 @@ - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' } - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' } +- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/ + template: + src: iiab-homepage.conf + dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" + +- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf'" + command: a2ensite 010-iiab.conf + #when: apache_enabled | bool + +# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite 010-iiab.conf', if not apache_enabled" +# command: a2dissite 010-iiab.conf +# when: not apache_enabled + +# MOVED FROM roles/homepage/tasks/main.yml (as NGINX-only IIAB's won't need it) +# and 'mkdir /library/www/html/home' is now done by roles/web_support for Admin +# Console which hard-codes that as a requirement as of 2020-02-12. +# +# './runrole --reinstall apache' is a decent solution today, for folks needing +# changes, but to make sure such things work in the field/offline/etc: soft- +# coding of iiab_home_url should probably be taken more seriously thruout IIAB! +# +- name: "IN CASE NGINX IS DISABLED: Enable iiab-homepage.conf via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'" + command: a2ensite: iiab-homepage.conf + #when: apache_enabled | bool + +# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled" +# command: a2dissite iiab-homepage.conf +# when: not apache_enabled + # - name: Enable & Stop '{{ apache_service }}' systemd service # systemd: # name: "{{ apache_service }}" diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 266ab1693..85795c048 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -42,14 +42,6 @@ when: apache_installed is undefined -- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf', if apache_enabled" - command: a2ensite 010-iiab.conf - when: apache_enabled | bool - -- name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite 010-iiab.conf', if not apache_enabled" - command: a2dissite 010-iiab.conf - when: not apache_enabled - - name: Enable & (Re)Start {{ apache_service }} systemd service, if apache_enabled systemd: name: "{{ apache_service }}" diff --git a/roles/httpd/templates/iiab-homepage.conf b/roles/httpd/templates/iiab-homepage.conf new file mode 100644 index 000000000..0fc7a8e2e --- /dev/null +++ b/roles/httpd/templates/iiab-homepage.conf @@ -0,0 +1,9 @@ +# IIAB Home Page + +# Redirect to home page on School Server +# Default [was] xs-portal [and is now generally] home + +# RedirectMatch of root to homepage +# See the note in default_vars.yml + +RedirectMatch ^/$ {{ iiab_home_url }} diff --git a/roles/web_support/tasks/main.yml b/roles/web_support/tasks/main.yml index d6accbdc9..4594125bf 100644 --- a/roles/web_support/tasks/main.yml +++ b/roles/web_support/tasks/main.yml @@ -21,6 +21,17 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } +# 2020-02-12: *REQUIRED* by iiab-admin-console/roles/js-menu/tasks/main.yml, +# which should probably instead softcode iiab_home_url as set in local_vars.yml +- name: Create dir {{ doc_root }}/home + file: + state: directory + path: "{{ doc_root }}/home" # /library/www/html + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: '0755' + + - name: Create dir {{ doc_root }}/info for http://box/info offline docs file: state: directory From 4b1b2780deb9cd7e2e7f3ac9f75c36e777238c08 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 05:45:48 -0500 Subject: [PATCH 09/31] Cleaner roles/web_support & httpd/tasks/install.yml --- roles/httpd/tasks/install.yml | 4 +- .../files/html/assets/lang_codes.json | 0 .../files/html/css/bootstrap-theme.css | 0 .../files/html/css/bootstrap-theme.css.map | 0 .../files/html/css/bootstrap-theme.min.css | 0 .../web_support/files/html/css/bootstrap.css | 0 .../files/html/css/bootstrap.css.map | 0 .../files/html/css/bootstrap.min.css | 0 .../web_support/files/html/css/xo-common.css | 0 .../fonts/glyphicons-halflings-regular.eot | Bin .../fonts/glyphicons-halflings-regular.svg | 0 .../fonts/glyphicons-halflings-regular.ttf | Bin .../fonts/glyphicons-halflings-regular.woff | Bin .../web_support/files/html/html/credits.html | 0 .../files/html/js/Markdown.Converter.js | 0 .../files/html/js/Markdown.Sanitizer.js | 0 roles/web_support/files/html/js/XMLDisplay.js | 0 roles/web_support/files/html/js/bootstrap.js | 0 .../files/html/js/bootstrap.min.js | 0 roles/web_support/files/html/js/jquery.min.js | 0 roles/web_support/tasks/html.yml | 72 +++++++++--------- 21 files changed, 38 insertions(+), 38 deletions(-) mode change 100755 => 100644 roles/web_support/files/html/assets/lang_codes.json mode change 100755 => 100644 roles/web_support/files/html/css/bootstrap-theme.css mode change 100755 => 100644 roles/web_support/files/html/css/bootstrap-theme.css.map mode change 100755 => 100644 roles/web_support/files/html/css/bootstrap-theme.min.css mode change 100755 => 100644 roles/web_support/files/html/css/bootstrap.css mode change 100755 => 100644 roles/web_support/files/html/css/bootstrap.css.map mode change 100755 => 100644 roles/web_support/files/html/css/bootstrap.min.css mode change 100755 => 100644 roles/web_support/files/html/css/xo-common.css mode change 100755 => 100644 roles/web_support/files/html/fonts/glyphicons-halflings-regular.eot mode change 100755 => 100644 roles/web_support/files/html/fonts/glyphicons-halflings-regular.svg mode change 100755 => 100644 roles/web_support/files/html/fonts/glyphicons-halflings-regular.ttf mode change 100755 => 100644 roles/web_support/files/html/fonts/glyphicons-halflings-regular.woff mode change 100755 => 100644 roles/web_support/files/html/html/credits.html mode change 100755 => 100644 roles/web_support/files/html/js/Markdown.Converter.js mode change 100755 => 100644 roles/web_support/files/html/js/Markdown.Sanitizer.js mode change 100755 => 100644 roles/web_support/files/html/js/XMLDisplay.js mode change 100755 => 100644 roles/web_support/files/html/js/bootstrap.js mode change 100755 => 100644 roles/web_support/files/html/js/bootstrap.min.js mode change 100755 => 100644 roles/web_support/files/html/js/jquery.min.js diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index 076488a85..1f9ce1629 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -162,14 +162,14 @@ # MOVED FROM roles/homepage/tasks/main.yml (as NGINX-only IIAB's won't need it) # and 'mkdir /library/www/html/home' is now done by roles/web_support for Admin -# Console which hard-codes that as a requirement as of 2020-02-12. +# Console which hard-codes that as a requirement, as of 2020-02-12. # # './runrole --reinstall apache' is a decent solution today, for folks needing # changes, but to make sure such things work in the field/offline/etc: soft- # coding of iiab_home_url should probably be taken more seriously thruout IIAB! # - name: "IN CASE NGINX IS DISABLED: Enable iiab-homepage.conf via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'" - command: a2ensite: iiab-homepage.conf + command: a2ensite iiab-homepage.conf #when: apache_enabled | bool # - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled" diff --git a/roles/web_support/files/html/assets/lang_codes.json b/roles/web_support/files/html/assets/lang_codes.json old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/css/bootstrap-theme.css b/roles/web_support/files/html/css/bootstrap-theme.css old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/css/bootstrap-theme.css.map b/roles/web_support/files/html/css/bootstrap-theme.css.map old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/css/bootstrap-theme.min.css b/roles/web_support/files/html/css/bootstrap-theme.min.css old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/css/bootstrap.css b/roles/web_support/files/html/css/bootstrap.css old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/css/bootstrap.css.map b/roles/web_support/files/html/css/bootstrap.css.map old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/css/bootstrap.min.css b/roles/web_support/files/html/css/bootstrap.min.css old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/css/xo-common.css b/roles/web_support/files/html/css/xo-common.css old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/fonts/glyphicons-halflings-regular.eot b/roles/web_support/files/html/fonts/glyphicons-halflings-regular.eot old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/fonts/glyphicons-halflings-regular.svg b/roles/web_support/files/html/fonts/glyphicons-halflings-regular.svg old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/fonts/glyphicons-halflings-regular.ttf b/roles/web_support/files/html/fonts/glyphicons-halflings-regular.ttf old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/fonts/glyphicons-halflings-regular.woff b/roles/web_support/files/html/fonts/glyphicons-halflings-regular.woff old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/html/credits.html b/roles/web_support/files/html/html/credits.html old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/js/Markdown.Converter.js b/roles/web_support/files/html/js/Markdown.Converter.js old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/js/Markdown.Sanitizer.js b/roles/web_support/files/html/js/Markdown.Sanitizer.js old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/js/XMLDisplay.js b/roles/web_support/files/html/js/XMLDisplay.js old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/js/bootstrap.js b/roles/web_support/files/html/js/bootstrap.js old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/js/bootstrap.min.js b/roles/web_support/files/html/js/bootstrap.min.js old mode 100755 new mode 100644 diff --git a/roles/web_support/files/html/js/jquery.min.js b/roles/web_support/files/html/js/jquery.min.js old mode 100755 new mode 100644 diff --git a/roles/web_support/tasks/html.yml b/roles/web_support/tasks/html.yml index 1ea7d920a..a0f51e363 100644 --- a/roles/web_support/tasks/html.yml +++ b/roles/web_support/tasks/html.yml @@ -1,68 +1,68 @@ -- name: Copy css files to {{ doc_root }}/common/css # doc_root is /library/www/html +- name: Copy css files to {{ doc_root }}/common/css copy: src: "{{ item }}" - dest: "{{ doc_root }}/common/css" - mode: 0644 - owner: root - group: root + dest: "{{ doc_root }}/common/css" # /library/www/html + # owner: root + # group: root + # mode: '0644' with_fileglob: - html/css/*.css -- name: Copy js files to {{ doc_root }}/common/js # doc_root is /library/www/html +- name: Copy js files to {{ doc_root }}/common/js copy: src: "{{ item }}" - dest: "{{ doc_root }}/common/js" - mode: 0644 - owner: root - group: root + dest: "{{ doc_root }}/common/js" # /library/www/html + # owner: root + # group: root + # mode: '0644' with_fileglob: - html/js/*.js -- name: Copy fonts files to {{ doc_root }}/common/fonts # doc_root is /library/www/html +- name: Copy fonts files to {{ doc_root }}/common/fonts copy: src: "{{ item }}" - dest: "{{ doc_root }}/common/fonts" - mode: 0644 - owner: root - group: root + dest: "{{ doc_root }}/common/fonts" # /library/www/html + # owner: root + # group: root + # mode: '0644' with_fileglob: - html/fonts/* -- name: Copy html files to {{ doc_root }}/common/html # doc_root is /library/www/html +- name: Copy html files to {{ doc_root }}/common/html copy: src: "{{ item }}" - dest: "{{ doc_root }}/common/html" - mode: 0644 - owner: root - group: root + dest: "{{ doc_root }}/common/html" # /library/www/html + # owner: root + # group: root + # mode: '0644' with_fileglob: - html/html/* -- name: Copy assets files to {{ doc_root }}/common/assets # doc_root is /library/www/html +- name: Copy assets files to {{ doc_root }}/common/assets copy: src: "{{ item }}" - dest: "{{ doc_root }}/common/assets" - mode: 0644 - owner: root - group: root + dest: "{{ doc_root }}/common/assets" # /library/www/html + # owner: root + # group: root + # mode: '0644' with_fileglob: - html/assets/* -# copy all services, even if not permissioned elsewhere -- name: Copy services files to {{ doc_root }}/common/services # doc_root is /library/www/html +# Copy all services, even if not permissioned elsewhere +- name: Copy services files to {{ doc_root }}/common/services copy: src: "{{ item }}" - dest: "{{ doc_root }}/common/services" - mode: 0644 - owner: root - group: root + dest: "{{ doc_root }}/common/services" # /library/www/html + # owner: root + # group: root + # mode: '0644' with_fileglob: - html/services/* -- name: Symlink {{ doc_root }}/common/assets/iiab.ini to {{ iiab_ini_file }} # doc_root is /library/www/html +- name: Symlink {{ doc_root }}/common/assets/iiab.ini -> {{ iiab_ini_file }} file: - src: "{{ iiab_ini_file }}" - path: "{{ doc_root }}/common/assets/iiab.ini" - owner: root - group: root + src: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + path: "{{ doc_root }}/common/assets/iiab.ini" # /library/www/html + # owner: root + # group: root state: link From 692461d193c962f53a91f50a3ef5986451452968 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 06:27:23 -0500 Subject: [PATCH 10/31] Update 0-DEPRECATED-ROLES/homepage/tasks/main.yml --- roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml b/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml index 10203e4cd..d3eccd12c 100644 --- a/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml +++ b/roles/0-DEPRECATED-ROLES/homepage/tasks/main.yml @@ -13,7 +13,7 @@ #- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu) - name: Enable iiab-homepage.conf via Apache - command: a2ensite: iiab-homepage.conf + command: a2ensite iiab-homepage.conf # file: # src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" # path: /etc/apache2/sites-enabled/iiab-homepage.conf From 494dad9f125862efcb2bf4fd939a05a28be5feef Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 06:57:14 -0500 Subject: [PATCH 11/31] Typo, comments refined --- roles/4-server-options/tasks/main.yml | 3 ++- roles/httpd/tasks/main.yml | 11 ----------- roles/nginx/tasks/enable-or-disable.yml | 8 ++++---- roles/nginx/tasks/install.yml | 4 ++-- roles/web_support/tasks/main.yml | 3 ++- 5 files changed, 10 insertions(+), 19 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index ebe33c7ab..56ed4e2cb 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -42,7 +42,8 @@ name: samba when: samba_install | bool -# DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ? +# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ? +# COMPARE apache_high_php_limits @ web_support/tasks/main.yml - name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template template: diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 85795c048..300a315dc 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,14 +1,3 @@ -# 2020-01-23 TO DO / Questions: -# - [DONE] Validate input vars apache_install & apache_enabled here. -# - Use as nec, with 'when: apache_installed is undefined' -# - [DONE: moved them to roles/web_support] Encapsulate all 3 tasks below into httpd/roles/install.yml ? -# - Similarly sanity-check httpd/roles/enable.yml or httpd/roles/enable-or-disable.yml... -# - Verify that 9-local-addons/tasks/main.yml's invocation of -# roles/httpd/tasks/enable.yml (via roles/httpd-enable/tasks/main.yml, if -# apache_enabled is True) does the right thing! -# - And that we really don't want to invoke it hereunder? -# - [DONE] Save relevant apache_* vars to /etc/iiab/iiab.ini - # "How do i fail a task in Ansible if the variable contains a boolean value? # I want to perform input validation for Ansible playbooks" # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml index cf4c52488..edd6cb2a8 100644 --- a/roles/nginx/tasks/enable-or-disable.yml +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -1,23 +1,23 @@ - name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap systemd: - name: "{{ apache_service }}" + name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml state: stopped - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only template: src: ports.conf.j2 - dest: "/etc/{{ apache_service }}/ports.conf" + dest: "/etc/{{ apache_service }}/ports.conf" # apache2 or httpd when: nginx_enabled | bool - name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only template: src: stock-apache-ports.conf - dest: "/etc/{{ apache_service }}/ports.conf" + dest: "/etc/{{ apache_service }}/ports.conf" # apache2 or httpd when: not nginx_enabled - name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it systemd: - name: "{{ apache_service }}" + name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml daemon_reload: yes state: restarted enabled: true diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index d63c85e9e..313a877ae 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -29,7 +29,7 @@ path: /etc/nginx/sites-enabled/default state: absent -- name: 'Install 3-or-4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf' +- name: 'Install 3 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, {{ nginx_conf_dir }}/iiab.conf' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -37,7 +37,7 @@ - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' } - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # Moved to enable-or-disable.yml - - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } + - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # /etc/nginx/conf.d # php-stem extension installed by roles/web_support/tasks/php-stem.yml # here it is linked to php-fpm diff --git a/roles/web_support/tasks/main.yml b/roles/web_support/tasks/main.yml index 4594125bf..3d1f05b22 100644 --- a/roles/web_support/tasks/main.yml +++ b/roles/web_support/tasks/main.yml @@ -3,7 +3,8 @@ - include_tasks: php-stem.yml -# DOES THE FLAG BELOW (apache_high_php_limits) WORK WITH NGINX TOO? +# 2020-02-12: DOES THE FLAG BELOW (apache_high_php_limits) WORK WITH NGINX TOO? +# COMPARE apache_allow_sudo @ 4-server-options/tasks/main.yml # For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! From 5f8745a794a86d85cb787f210c97b28ca08e9ff9 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 07:23:17 -0500 Subject: [PATCH 12/31] Clarify httpd/tasks/install.yml & web_support/tasks/main.yml --- roles/httpd/tasks/install.yml | 15 ++++++++------- roles/web_support/tasks/main.yml | 5 +++++ 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index 1f9ce1629..723f7bfdb 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -139,6 +139,7 @@ group: "{{ apache_user }}" mode: '0755' + - name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates template: src: "{{ item.src }}" @@ -147,11 +148,6 @@ - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' } - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' } -- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/ - template: - src: iiab-homepage.conf - dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" - - name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf'" command: a2ensite 010-iiab.conf #when: apache_enabled | bool @@ -161,13 +157,18 @@ # when: not apache_enabled # MOVED FROM roles/homepage/tasks/main.yml (as NGINX-only IIAB's won't need it) -# and 'mkdir /library/www/html/home' is now done by roles/web_support for Admin -# Console which hard-codes that as a requirement, as of 2020-02-12. +# and 'mkdir /library/www/html/home' is now done by web_support/tasks/main.yml +# for Admin Console which hard-codes that as a requirement, as of 2020-02-12. # # './runrole --reinstall apache' is a decent solution today, for folks needing # changes, but to make sure such things work in the field/offline/etc: soft- # coding of iiab_home_url should probably be taken more seriously thruout IIAB! # +- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/ + template: + src: iiab-homepage.conf + dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" + - name: "IN CASE NGINX IS DISABLED: Enable iiab-homepage.conf via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'" command: a2ensite iiab-homepage.conf #when: apache_enabled | bool diff --git a/roles/web_support/tasks/main.yml b/roles/web_support/tasks/main.yml index 3d1f05b22..b75900b01 100644 --- a/roles/web_support/tasks/main.yml +++ b/roles/web_support/tasks/main.yml @@ -24,6 +24,11 @@ # 2020-02-12: *REQUIRED* by iiab-admin-console/roles/js-menu/tasks/main.yml, # which should probably instead softcode iiab_home_url as set in local_vars.yml +# +# SEE httpd/tasks/install.yml for related 'a2ensite iiab-homepage.conf' +# +# (Both mkdir & iiab-homepage.conf stuff used to be in homepage/tasks/main.yml) +# - name: Create dir {{ doc_root }}/home file: state: directory From b07bb5d3dbcd1755cdb0fdff9e497938a42cf9c4 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 07:45:04 -0500 Subject: [PATCH 13/31] Add 15 roles & Subtract 1: tests/test.yml --- tests/test.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tests/test.yml b/tests/test.yml index 26f0b40b6..726ba679d 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -16,8 +16,12 @@ #- { role: ajenti } #- { role: authserver } - { role: awstats } + - { role: azuracast } + - { role: bluetooth } - { role: calibre } - { role: calibre-web } + - { role: captiveportal } + - { role: cham } - { role: cups } #- { role: debian_schooltool } #- { role: docker } @@ -25,28 +29,37 @@ #- { role: ejabberd } #- { role: ejabberd_xs } - { role: elgg } - - { role: homepage } + - { role: gitea } + #- { role: homepage } - { role: httpd } #- { role: idmgr } - { role: iiab-admin } + - { role: internetarchive } - { role: kalite } - { role: kiwix } - { role: kolibri } - { role: lokole } - { role: mediawiki } + - { role: minetest } - { role: mongodb } - { role: monit } - { role: moodle } #- { role: moodle-1.9 } + - { role: mosquitto } - { role: munin } - { role: mysql } - { role: network } - { role: nextcloud } + - { role: nginx } + - { role: nodejs } + - { role: nodered } #- { role: nodogsplash } - { role: openvpn } + - { role: osm-vectors-maps } #- { role: osm } #- { role: owncloud } #- { role: pathagar } + - { role: pbx } - { role: phpmyadmin } - { role: postgresql } #- { role: rachel } @@ -59,7 +72,9 @@ - { role: transmission } - { role: usb_lib } - { role: vnstat } + - { role: web-support } - { role: wordpress } + - { role: yarn } #- { roles: xovis } # Let's try to keep the above list synchronized with: From 14e085d91f7431025aed6c6025a9d1421537d10e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 07:49:22 -0500 Subject: [PATCH 14/31] cham isn't ready for tests/test.yml --- tests/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test.yml b/tests/test.yml index 726ba679d..767aed6c0 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -21,7 +21,7 @@ - { role: calibre } - { role: calibre-web } - { role: captiveportal } - - { role: cham } + #- { role: cham } - { role: cups } #- { role: debian_schooltool } #- { role: docker } From 3f1b1e23aa6d18d0bedd3aabc16554b814400a30 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 07:52:13 -0500 Subject: [PATCH 15/31] Typo in tests/test.yml --- tests/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test.yml b/tests/test.yml index 767aed6c0..709891eec 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -55,7 +55,7 @@ - { role: nodered } #- { role: nodogsplash } - { role: openvpn } - - { role: osm-vectors-maps } + - { role: osm-vector-maps } #- { role: osm } #- { role: owncloud } #- { role: pathagar } From 8ae9e0a9fd84e61bfce0ec4a641f367654dc4b38 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 07:55:33 -0500 Subject: [PATCH 16/31] Another typo in tests/test.yml --- tests/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test.yml b/tests/test.yml index 709891eec..dae66056b 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -72,7 +72,7 @@ - { role: transmission } - { role: usb_lib } - { role: vnstat } - - { role: web-support } + - { role: web_support } - { role: wordpress } - { role: yarn } #- { roles: xovis } From 2342190016aba163a5cd193e2cf98132ab899c5c Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 10:31:08 -0500 Subject: [PATCH 17/31] /etc/iiab/iiab.ini section headers --- roles/httpd/tasks/main.yml | 2 +- roles/nginx/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 300a315dc..354212d7f 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -50,7 +50,7 @@ - name: Add 'apache' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: wordpress + section: apache option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 54884bb0d..fb272a29c 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -37,7 +37,7 @@ - name: Add 'nginx' variable values to {{ iiab_ini_file }} ini_file: path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: wordpress + section: nginx option: "{{ item.option }}" value: "{{ item.value | string }}" with_items: From c2bda065455555f4788e87d12651a0aabe2dd07e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 16:49:43 -0500 Subject: [PATCH 18/31] Apache must be off when NGINX installs --- roles/4-server-options/tasks/main.yml | 2 +- roles/nginx/tasks/install.yml | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 56ed4e2cb..0decf2a4b 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -58,7 +58,7 @@ state: absent when: not apache_allow_sudo -- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) +- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/web_support/tasks/main.yml) command: /usr/bin/iiab-refresh-wiki-docs when: internet_available and not nodocs diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 313a877ae..6b3a7e25b 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -8,6 +8,12 @@ - { path: "{{ nginx_conf_dir }}/usb-lib.conf" } - { path: "{{ nginx_conf_dir }}/modules.conf" } +- name: Stop '{{ apache_service }}' systemd service + systemd: + name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml + state: stopped + ignore_errors: yes + - name: Install required and helper packages for NGINX package: name: "{{ item }}" @@ -21,7 +27,7 @@ - name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console user: - name: "{{ apache_user }}" + name: "{{ apache_user }}" # www-data or apache, per /opt/iiab/iiab/vars/.yml groups: shadow - name: Remove NGINX default config /etc/nginx/sites-enabled/default From efd62be6060c2d6be9239769c7f09d277fae35dd Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 20:53:36 -0500 Subject: [PATCH 19/31] Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4 --- roles/3-base-server/tasks/main.yml | 7 +- roles/4-server-options/tasks/main.yml | 32 +++------ roles/9-local-addons/tasks/main.yml | 4 +- roles/httpd/tasks/homepage.yml | 17 +++++ roles/httpd/tasks/install.yml | 23 +------ roles/nginx/tasks/enable-or-disable.yml | 4 +- roles/nginx/tasks/homepage.yml | 9 +++ roles/nginx/tasks/install.yml | 10 ++- .../files/html/assets/lang_codes.json | 0 .../files/html/css/bootstrap-theme.css | 0 .../files/html/css/bootstrap-theme.css.map | 0 .../files/html/css/bootstrap-theme.min.css | 0 .../html/css/bootstrap-theme.min.css.map | 0 .../files/html/css/bootstrap.css | 0 .../files/html/css/bootstrap.css.map | 0 .../files/html/css/bootstrap.min.css | 0 .../files/html/css/bootstrap.min.css.map | 0 .../files/html/css/bootstrap4.min.css | 0 .../files/html/css/fa.all.min.css | 0 .../files/html/css/font-faces.css | 0 .../files/html/css/xo-common.css | 0 .../bubblegum-sans-v6-latin-regular.woff | Bin .../bubblegum-sans-v6-latin-regular.woff2 | Bin .../files/html/fonts/fa-solid-900.woff | Bin .../files/html/fonts/fa-solid-900.woff2 | Bin .../fonts/finger-paint-v7-latin-regular.woff | Bin .../fonts/finger-paint-v7-latin-regular.woff2 | Bin .../html/fonts/flavors-v6-latin-regular.woff | Bin .../html/fonts/flavors-v6-latin-regular.woff2 | Bin .../fonts/freckle-face-v6-latin-regular.woff | Bin .../fonts/freckle-face-v6-latin-regular.woff2 | Bin .../fonts/glyphicons-halflings-regular.eot | Bin .../fonts/glyphicons-halflings-regular.svg | 0 .../fonts/glyphicons-halflings-regular.ttf | Bin .../fonts/glyphicons-halflings-regular.woff | Bin .../html/fonts/open-sans-v15-latin-600.woff | Bin .../html/fonts/open-sans-v15-latin-600.woff2 | Bin .../html/fonts/open-sans-v15-latin-700.woff | Bin .../html/fonts/open-sans-v15-latin-700.woff2 | Bin .../fonts/open-sans-v15-latin-regular.woff | Bin .../fonts/open-sans-v15-latin-regular.woff2 | Bin .../files/html/html/credits.html | 0 .../files/html/js/Markdown.Converter.js | 0 .../files/html/js/Markdown.Sanitizer.js | 0 .../files/html/js/XMLDisplay.js | 0 .../files/html/js/bootstrap.js | 0 .../files/html/js/bootstrap.min.js | 0 .../files/html/js/bootstrap4.min.js | 0 .../files/html/js/jquery.min.js | 0 .../files/html/services/power_off.php | 0 .../tasks/html.yml | 0 .../tasks/main.yml | 35 ++++++---- .../tasks/php-stem.yml | 0 .../templates/iiab-refresh-wiki-docs.sh | 0 roles/www_front_end/tasks/main.yml | 61 ++++++++++++++++++ .../templates/020_apache_poweroff.j2 | 0 tests/test.yml | 3 +- 57 files changed, 139 insertions(+), 66 deletions(-) create mode 100644 roles/httpd/tasks/homepage.yml create mode 100644 roles/nginx/tasks/homepage.yml rename roles/{web_support => www_back_end}/files/html/assets/lang_codes.json (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap-theme.css (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap-theme.css.map (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap-theme.min.css (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap-theme.min.css.map (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap.css (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap.css.map (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap.min.css (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap.min.css.map (100%) rename roles/{web_support => www_back_end}/files/html/css/bootstrap4.min.css (100%) rename roles/{web_support => www_back_end}/files/html/css/fa.all.min.css (100%) rename roles/{web_support => www_back_end}/files/html/css/font-faces.css (100%) rename roles/{web_support => www_back_end}/files/html/css/xo-common.css (100%) rename roles/{web_support => www_back_end}/files/html/fonts/bubblegum-sans-v6-latin-regular.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 (100%) rename roles/{web_support => www_back_end}/files/html/fonts/fa-solid-900.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/fa-solid-900.woff2 (100%) rename roles/{web_support => www_back_end}/files/html/fonts/finger-paint-v7-latin-regular.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/finger-paint-v7-latin-regular.woff2 (100%) rename roles/{web_support => www_back_end}/files/html/fonts/flavors-v6-latin-regular.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/flavors-v6-latin-regular.woff2 (100%) rename roles/{web_support => www_back_end}/files/html/fonts/freckle-face-v6-latin-regular.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/freckle-face-v6-latin-regular.woff2 (100%) rename roles/{web_support => www_back_end}/files/html/fonts/glyphicons-halflings-regular.eot (100%) rename roles/{web_support => www_back_end}/files/html/fonts/glyphicons-halflings-regular.svg (100%) rename roles/{web_support => www_back_end}/files/html/fonts/glyphicons-halflings-regular.ttf (100%) rename roles/{web_support => www_back_end}/files/html/fonts/glyphicons-halflings-regular.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/open-sans-v15-latin-600.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/open-sans-v15-latin-600.woff2 (100%) rename roles/{web_support => www_back_end}/files/html/fonts/open-sans-v15-latin-700.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/open-sans-v15-latin-700.woff2 (100%) rename roles/{web_support => www_back_end}/files/html/fonts/open-sans-v15-latin-regular.woff (100%) rename roles/{web_support => www_back_end}/files/html/fonts/open-sans-v15-latin-regular.woff2 (100%) rename roles/{web_support => www_back_end}/files/html/html/credits.html (100%) rename roles/{web_support => www_back_end}/files/html/js/Markdown.Converter.js (100%) rename roles/{web_support => www_back_end}/files/html/js/Markdown.Sanitizer.js (100%) rename roles/{web_support => www_back_end}/files/html/js/XMLDisplay.js (100%) rename roles/{web_support => www_back_end}/files/html/js/bootstrap.js (100%) rename roles/{web_support => www_back_end}/files/html/js/bootstrap.min.js (100%) rename roles/{web_support => www_back_end}/files/html/js/bootstrap4.min.js (100%) rename roles/{web_support => www_back_end}/files/html/js/jquery.min.js (100%) rename roles/{web_support => www_back_end}/files/html/services/power_off.php (100%) rename roles/{web_support => www_back_end}/tasks/html.yml (100%) rename roles/{web_support => www_back_end}/tasks/main.yml (69%) rename roles/{web_support => www_back_end}/tasks/php-stem.yml (100%) rename roles/{web_support => www_back_end}/templates/iiab-refresh-wiki-docs.sh (100%) create mode 100644 roles/www_front_end/tasks/main.yml rename roles/{web_support => www_front_end}/templates/020_apache_poweroff.j2 (100%) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 715d59b1c..a4895f44b 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -8,10 +8,11 @@ name: mysql when: mysql_install | bool -- name: WEB_SUPPORT +- name: WWW_BACK_END (WWW_FRONT_END should be installed later) include_role: - name: web_support - when: apache_install or nginx_install + name: www_back_end + # when: www_back_end | bool + # when: apache_install or nginx_install - name: HTTPD (Apache) include_role: diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 0decf2a4b..0ee84f133 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -27,11 +27,6 @@ name: usb_lib when: usb_lib_install | bool -# 2020-02-12: what was roles/homepage lives in roles/web_support & roles/httpd -# for now. Eventually softcoding of iiab_home_url should happen everywhere -# (incl Admin Console) to allow more field options, e.g. changing -# /library/www/html/home even when offline... - - name: CUPS include_role: name: cups @@ -42,25 +37,16 @@ name: samba when: samba_install | bool -# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ? -# COMPARE apache_high_php_limits @ web_support/tasks/main.yml +# 2020-02-12: what was roles/homepage lives in roles/www_back_end & +# roles/www_front_end for now. Eventually softcoding of iiab_home_url +# should happen everywhere (incl Admin Console) to allow more field +# options, e.g. changing /library/www/html/home even when offline... -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template - template: - src: roles/web_support/templates/020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff - mode: '0755' - when: apache_allow_sudo | bool - -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff - file: - path: /etc/sudoers.d/020_apache_poweroff - state: absent - when: not apache_allow_sudo - -- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/web_support/tasks/main.yml) - command: /usr/bin/iiab-refresh-wiki-docs - when: internet_available and not nodocs +- name: WWW_FRONT_END (WWW_BACK_END should have been installed earlier) + include_role: + name: www_front_end + # when: www_front_end | bool + # when: apache_install or nginx_install - name: Recording STAGE 4 HAS COMPLETED ================== lineinfile: diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 2ab2ce0b2..00f7712dd 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -30,8 +30,8 @@ name: calibre-web when: calibreweb_install | bool -# Could split these two below to Stage 10? 2020-02-11: Experimentally moving -# stuff below to roles/web_support, 4-server-options, roles/httpd, roles/nginx. +# Could split these two below to Stage 10? 2020-02-12: Experimentally moving +# stuff to roles/3-base-server, 4-server-options, roles/httpd, roles/nginx. # - name: "Set 'nginx_enabled: True'" # set_fact: diff --git a/roles/httpd/tasks/homepage.yml b/roles/httpd/tasks/homepage.yml new file mode 100644 index 000000000..25773ba31 --- /dev/null +++ b/roles/httpd/tasks/homepage.yml @@ -0,0 +1,17 @@ +# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml: +# +# httpd/tasks/homepage.yml +# nginx/tasks/homepage.yml + +- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from httpd/templates, so Apache redirects http://box to http://box{{ iiab_home_url }} # /home + template: + src: roles/httpd/templates/iiab-homepage.conf + dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" # apache2/sites-available (on debuntu) + +- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'" + command: a2ensite iiab-homepage.conf + #when: apache_enabled | bool + +# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled" +# command: a2dissite iiab-homepage.conf +# when: not apache_enabled diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index 723f7bfdb..8ffd6382f 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -156,26 +156,9 @@ # command: a2dissite 010-iiab.conf # when: not apache_enabled -# MOVED FROM roles/homepage/tasks/main.yml (as NGINX-only IIAB's won't need it) -# and 'mkdir /library/www/html/home' is now done by web_support/tasks/main.yml -# for Admin Console which hard-codes that as a requirement, as of 2020-02-12. -# -# './runrole --reinstall apache' is a decent solution today, for folks needing -# changes, but to make sure such things work in the field/offline/etc: soft- -# coding of iiab_home_url should probably be taken more seriously thruout IIAB! -# -- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/ - template: - src: iiab-homepage.conf - dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" - -- name: "IN CASE NGINX IS DISABLED: Enable iiab-homepage.conf via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'" - command: a2ensite iiab-homepage.conf - #when: apache_enabled | bool - -# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled" -# command: a2dissite iiab-homepage.conf -# when: not apache_enabled +- debug: + msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url) +# - include_tasks: roles/httpd/tasks/homepage.yml # - name: Enable & Stop '{{ apache_service }}' systemd service # systemd: diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml index edd6cb2a8..beebc2da5 100644 --- a/roles/nginx/tasks/enable-or-disable.yml +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -6,13 +6,13 @@ - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only template: src: ports.conf.j2 - dest: "/etc/{{ apache_service }}/ports.conf" # apache2 or httpd + dest: "/etc/{{ apache_service }}/ports.conf" when: nginx_enabled | bool - name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only template: src: stock-apache-ports.conf - dest: "/etc/{{ apache_service }}/ports.conf" # apache2 or httpd + dest: "/etc/{{ apache_service }}/ports.conf" when: not nginx_enabled - name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it diff --git a/roles/nginx/tasks/homepage.yml b/roles/nginx/tasks/homepage.yml new file mode 100644 index 000000000..fb01aa96f --- /dev/null +++ b/roles/nginx/tasks/homepage.yml @@ -0,0 +1,9 @@ +# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml: +# +# httpd/tasks/homepage.yml +# nginx/tasks/homepage.yml + +- name: Install {{ nginx_conf_dir }}/iiab.conf from nginx/templates, so NGINX redirects http://box to http://box{{ iiab_home_url }} # /home + template: + src: roles/nginx/templates/iiab.conf.j2 + dest: "{{ nginx_conf_dir }}/iiab.conf" # /etc/nginx/conf.d diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 6b3a7e25b..2fb3f2e44 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -35,7 +35,7 @@ path: /etc/nginx/sites-enabled/default state: absent -- name: 'Install 3 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, {{ nginx_conf_dir }}/iiab.conf' +- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -43,9 +43,13 @@ - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' } - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # Moved to enable-or-disable.yml - - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # /etc/nginx/conf.d + #- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml below -# php-stem extension installed by roles/web_support/tasks/php-stem.yml +- debug: + msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url) +# - include_tasks: roles/nginx/tasks/homepage.yml + +# php-stem extension installed by roles/www_back_end/tasks/php-stem.yml # here it is linked to php-fpm - name: Symlink /etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini -> /etc/php/{{ php_version }}/mods-available/stem.ini file: diff --git a/roles/web_support/files/html/assets/lang_codes.json b/roles/www_back_end/files/html/assets/lang_codes.json similarity index 100% rename from roles/web_support/files/html/assets/lang_codes.json rename to roles/www_back_end/files/html/assets/lang_codes.json diff --git a/roles/web_support/files/html/css/bootstrap-theme.css b/roles/www_back_end/files/html/css/bootstrap-theme.css similarity index 100% rename from roles/web_support/files/html/css/bootstrap-theme.css rename to roles/www_back_end/files/html/css/bootstrap-theme.css diff --git a/roles/web_support/files/html/css/bootstrap-theme.css.map b/roles/www_back_end/files/html/css/bootstrap-theme.css.map similarity index 100% rename from roles/web_support/files/html/css/bootstrap-theme.css.map rename to roles/www_back_end/files/html/css/bootstrap-theme.css.map diff --git a/roles/web_support/files/html/css/bootstrap-theme.min.css b/roles/www_back_end/files/html/css/bootstrap-theme.min.css similarity index 100% rename from roles/web_support/files/html/css/bootstrap-theme.min.css rename to roles/www_back_end/files/html/css/bootstrap-theme.min.css diff --git a/roles/web_support/files/html/css/bootstrap-theme.min.css.map b/roles/www_back_end/files/html/css/bootstrap-theme.min.css.map similarity index 100% rename from roles/web_support/files/html/css/bootstrap-theme.min.css.map rename to roles/www_back_end/files/html/css/bootstrap-theme.min.css.map diff --git a/roles/web_support/files/html/css/bootstrap.css b/roles/www_back_end/files/html/css/bootstrap.css similarity index 100% rename from roles/web_support/files/html/css/bootstrap.css rename to roles/www_back_end/files/html/css/bootstrap.css diff --git a/roles/web_support/files/html/css/bootstrap.css.map b/roles/www_back_end/files/html/css/bootstrap.css.map similarity index 100% rename from roles/web_support/files/html/css/bootstrap.css.map rename to roles/www_back_end/files/html/css/bootstrap.css.map diff --git a/roles/web_support/files/html/css/bootstrap.min.css b/roles/www_back_end/files/html/css/bootstrap.min.css similarity index 100% rename from roles/web_support/files/html/css/bootstrap.min.css rename to roles/www_back_end/files/html/css/bootstrap.min.css diff --git a/roles/web_support/files/html/css/bootstrap.min.css.map b/roles/www_back_end/files/html/css/bootstrap.min.css.map similarity index 100% rename from roles/web_support/files/html/css/bootstrap.min.css.map rename to roles/www_back_end/files/html/css/bootstrap.min.css.map diff --git a/roles/web_support/files/html/css/bootstrap4.min.css b/roles/www_back_end/files/html/css/bootstrap4.min.css similarity index 100% rename from roles/web_support/files/html/css/bootstrap4.min.css rename to roles/www_back_end/files/html/css/bootstrap4.min.css diff --git a/roles/web_support/files/html/css/fa.all.min.css b/roles/www_back_end/files/html/css/fa.all.min.css similarity index 100% rename from roles/web_support/files/html/css/fa.all.min.css rename to roles/www_back_end/files/html/css/fa.all.min.css diff --git a/roles/web_support/files/html/css/font-faces.css b/roles/www_back_end/files/html/css/font-faces.css similarity index 100% rename from roles/web_support/files/html/css/font-faces.css rename to roles/www_back_end/files/html/css/font-faces.css diff --git a/roles/web_support/files/html/css/xo-common.css b/roles/www_back_end/files/html/css/xo-common.css similarity index 100% rename from roles/web_support/files/html/css/xo-common.css rename to roles/www_back_end/files/html/css/xo-common.css diff --git a/roles/web_support/files/html/fonts/bubblegum-sans-v6-latin-regular.woff b/roles/www_back_end/files/html/fonts/bubblegum-sans-v6-latin-regular.woff similarity index 100% rename from roles/web_support/files/html/fonts/bubblegum-sans-v6-latin-regular.woff rename to roles/www_back_end/files/html/fonts/bubblegum-sans-v6-latin-regular.woff diff --git a/roles/web_support/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 similarity index 100% rename from roles/web_support/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/bubblegum-sans-v6-latin-regular.woff2 diff --git a/roles/web_support/files/html/fonts/fa-solid-900.woff b/roles/www_back_end/files/html/fonts/fa-solid-900.woff similarity index 100% rename from roles/web_support/files/html/fonts/fa-solid-900.woff rename to roles/www_back_end/files/html/fonts/fa-solid-900.woff diff --git a/roles/web_support/files/html/fonts/fa-solid-900.woff2 b/roles/www_back_end/files/html/fonts/fa-solid-900.woff2 similarity index 100% rename from roles/web_support/files/html/fonts/fa-solid-900.woff2 rename to roles/www_back_end/files/html/fonts/fa-solid-900.woff2 diff --git a/roles/web_support/files/html/fonts/finger-paint-v7-latin-regular.woff b/roles/www_back_end/files/html/fonts/finger-paint-v7-latin-regular.woff similarity index 100% rename from roles/web_support/files/html/fonts/finger-paint-v7-latin-regular.woff rename to roles/www_back_end/files/html/fonts/finger-paint-v7-latin-regular.woff diff --git a/roles/web_support/files/html/fonts/finger-paint-v7-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/finger-paint-v7-latin-regular.woff2 similarity index 100% rename from roles/web_support/files/html/fonts/finger-paint-v7-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/finger-paint-v7-latin-regular.woff2 diff --git a/roles/web_support/files/html/fonts/flavors-v6-latin-regular.woff b/roles/www_back_end/files/html/fonts/flavors-v6-latin-regular.woff similarity index 100% rename from roles/web_support/files/html/fonts/flavors-v6-latin-regular.woff rename to roles/www_back_end/files/html/fonts/flavors-v6-latin-regular.woff diff --git a/roles/web_support/files/html/fonts/flavors-v6-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/flavors-v6-latin-regular.woff2 similarity index 100% rename from roles/web_support/files/html/fonts/flavors-v6-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/flavors-v6-latin-regular.woff2 diff --git a/roles/web_support/files/html/fonts/freckle-face-v6-latin-regular.woff b/roles/www_back_end/files/html/fonts/freckle-face-v6-latin-regular.woff similarity index 100% rename from roles/web_support/files/html/fonts/freckle-face-v6-latin-regular.woff rename to roles/www_back_end/files/html/fonts/freckle-face-v6-latin-regular.woff diff --git a/roles/web_support/files/html/fonts/freckle-face-v6-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/freckle-face-v6-latin-regular.woff2 similarity index 100% rename from roles/web_support/files/html/fonts/freckle-face-v6-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/freckle-face-v6-latin-regular.woff2 diff --git a/roles/web_support/files/html/fonts/glyphicons-halflings-regular.eot b/roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.eot similarity index 100% rename from roles/web_support/files/html/fonts/glyphicons-halflings-regular.eot rename to roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.eot diff --git a/roles/web_support/files/html/fonts/glyphicons-halflings-regular.svg b/roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.svg similarity index 100% rename from roles/web_support/files/html/fonts/glyphicons-halflings-regular.svg rename to roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.svg diff --git a/roles/web_support/files/html/fonts/glyphicons-halflings-regular.ttf b/roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.ttf similarity index 100% rename from roles/web_support/files/html/fonts/glyphicons-halflings-regular.ttf rename to roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.ttf diff --git a/roles/web_support/files/html/fonts/glyphicons-halflings-regular.woff b/roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.woff similarity index 100% rename from roles/web_support/files/html/fonts/glyphicons-halflings-regular.woff rename to roles/www_back_end/files/html/fonts/glyphicons-halflings-regular.woff diff --git a/roles/web_support/files/html/fonts/open-sans-v15-latin-600.woff b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-600.woff similarity index 100% rename from roles/web_support/files/html/fonts/open-sans-v15-latin-600.woff rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-600.woff diff --git a/roles/web_support/files/html/fonts/open-sans-v15-latin-600.woff2 b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-600.woff2 similarity index 100% rename from roles/web_support/files/html/fonts/open-sans-v15-latin-600.woff2 rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-600.woff2 diff --git a/roles/web_support/files/html/fonts/open-sans-v15-latin-700.woff b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-700.woff similarity index 100% rename from roles/web_support/files/html/fonts/open-sans-v15-latin-700.woff rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-700.woff diff --git a/roles/web_support/files/html/fonts/open-sans-v15-latin-700.woff2 b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-700.woff2 similarity index 100% rename from roles/web_support/files/html/fonts/open-sans-v15-latin-700.woff2 rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-700.woff2 diff --git a/roles/web_support/files/html/fonts/open-sans-v15-latin-regular.woff b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-regular.woff similarity index 100% rename from roles/web_support/files/html/fonts/open-sans-v15-latin-regular.woff rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-regular.woff diff --git a/roles/web_support/files/html/fonts/open-sans-v15-latin-regular.woff2 b/roles/www_back_end/files/html/fonts/open-sans-v15-latin-regular.woff2 similarity index 100% rename from roles/web_support/files/html/fonts/open-sans-v15-latin-regular.woff2 rename to roles/www_back_end/files/html/fonts/open-sans-v15-latin-regular.woff2 diff --git a/roles/web_support/files/html/html/credits.html b/roles/www_back_end/files/html/html/credits.html similarity index 100% rename from roles/web_support/files/html/html/credits.html rename to roles/www_back_end/files/html/html/credits.html diff --git a/roles/web_support/files/html/js/Markdown.Converter.js b/roles/www_back_end/files/html/js/Markdown.Converter.js similarity index 100% rename from roles/web_support/files/html/js/Markdown.Converter.js rename to roles/www_back_end/files/html/js/Markdown.Converter.js diff --git a/roles/web_support/files/html/js/Markdown.Sanitizer.js b/roles/www_back_end/files/html/js/Markdown.Sanitizer.js similarity index 100% rename from roles/web_support/files/html/js/Markdown.Sanitizer.js rename to roles/www_back_end/files/html/js/Markdown.Sanitizer.js diff --git a/roles/web_support/files/html/js/XMLDisplay.js b/roles/www_back_end/files/html/js/XMLDisplay.js similarity index 100% rename from roles/web_support/files/html/js/XMLDisplay.js rename to roles/www_back_end/files/html/js/XMLDisplay.js diff --git a/roles/web_support/files/html/js/bootstrap.js b/roles/www_back_end/files/html/js/bootstrap.js similarity index 100% rename from roles/web_support/files/html/js/bootstrap.js rename to roles/www_back_end/files/html/js/bootstrap.js diff --git a/roles/web_support/files/html/js/bootstrap.min.js b/roles/www_back_end/files/html/js/bootstrap.min.js similarity index 100% rename from roles/web_support/files/html/js/bootstrap.min.js rename to roles/www_back_end/files/html/js/bootstrap.min.js diff --git a/roles/web_support/files/html/js/bootstrap4.min.js b/roles/www_back_end/files/html/js/bootstrap4.min.js similarity index 100% rename from roles/web_support/files/html/js/bootstrap4.min.js rename to roles/www_back_end/files/html/js/bootstrap4.min.js diff --git a/roles/web_support/files/html/js/jquery.min.js b/roles/www_back_end/files/html/js/jquery.min.js similarity index 100% rename from roles/web_support/files/html/js/jquery.min.js rename to roles/www_back_end/files/html/js/jquery.min.js diff --git a/roles/web_support/files/html/services/power_off.php b/roles/www_back_end/files/html/services/power_off.php similarity index 100% rename from roles/web_support/files/html/services/power_off.php rename to roles/www_back_end/files/html/services/power_off.php diff --git a/roles/web_support/tasks/html.yml b/roles/www_back_end/tasks/html.yml similarity index 100% rename from roles/web_support/tasks/html.yml rename to roles/www_back_end/tasks/html.yml diff --git a/roles/web_support/tasks/main.yml b/roles/www_back_end/tasks/main.yml similarity index 69% rename from roles/web_support/tasks/main.yml rename to roles/www_back_end/tasks/main.yml index b75900b01..12741954f 100644 --- a/roles/web_support/tasks/main.yml +++ b/roles/www_back_end/tasks/main.yml @@ -1,10 +1,16 @@ +# Role "www_back_end" runs here, probably in 3-BASE-SERVER. +# Role "www_front_end" runs later, likely in 4-SERVER-OPTIONS. +# +# (Don't take either name too literally!) + + - include_tasks: html.yml - include_tasks: php-stem.yml # 2020-02-12: DOES THE FLAG BELOW (apache_high_php_limits) WORK WITH NGINX TOO? -# COMPARE apache_allow_sudo @ 4-server-options/tasks/main.yml +# COMPARE apache_allow_sudo @ roles/www_front_end/tasks/main.yml # For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! @@ -22,21 +28,13 @@ - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } -# 2020-02-12: *REQUIRED* by iiab-admin-console/roles/js-menu/tasks/main.yml, -# which should probably instead softcode iiab_home_url as set in local_vars.yml -# -# SEE httpd/tasks/install.yml for related 'a2ensite iiab-homepage.conf' -# -# (Both mkdir & iiab-homepage.conf stuff used to be in homepage/tasks/main.yml) -# -- name: Create dir {{ doc_root }}/home +- name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_front_end/tasks/main.yml file: state: directory path: "{{ doc_root }}/home" # /library/www/html owner: "{{ apache_user }}" group: "{{ apache_user }}" - mode: '0755' - + # mode: '0755' - name: Create dir {{ doc_root }}/info for http://box/info offline docs file: @@ -44,10 +42,23 @@ path: "{{ doc_root }}/info" # /library/www/html owner: "{{ apache_user }}" group: "{{ apache_user }}" - #mode: '0755' + # mode: '0755' - name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) template: src: iiab-refresh-wiki-docs.sh dest: /usr/bin/iiab-refresh-wiki-docs mode: '0755' + + +# RECORD www_back_end AS INSTALLED + +- name: "Set 'www_back_end_installed: True'" + set_fact: + www_back_end_installed: True + +- name: "Add 'www_back_end_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^www_back_end_installed' + line: 'www_back_end_installed: True' diff --git a/roles/web_support/tasks/php-stem.yml b/roles/www_back_end/tasks/php-stem.yml similarity index 100% rename from roles/web_support/tasks/php-stem.yml rename to roles/www_back_end/tasks/php-stem.yml diff --git a/roles/web_support/templates/iiab-refresh-wiki-docs.sh b/roles/www_back_end/templates/iiab-refresh-wiki-docs.sh similarity index 100% rename from roles/web_support/templates/iiab-refresh-wiki-docs.sh rename to roles/www_back_end/templates/iiab-refresh-wiki-docs.sh diff --git a/roles/www_front_end/tasks/main.yml b/roles/www_front_end/tasks/main.yml new file mode 100644 index 000000000..f4525a861 --- /dev/null +++ b/roles/www_front_end/tasks/main.yml @@ -0,0 +1,61 @@ +# Role "www_back_end" runs earlier, likely in 3-BASE-SERVER. +# Role "www_front_end" runs here, probably in 4-SERVER-OPTIONS. +# +# (Don't take either name too literally!) + + +# HOMEPAGE + +- name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.) + file: + state: directory + path: "{{ doc_root }}{{ iiab_home_url }}" # /library/www/html/home + owner: "{{ apache_user }}" + group: "{{ apache_user }}" + mode: '0755' + +- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" + include_tasks: roles/httpd/tasks/homepage.yml + when: apache_install | bool + +- name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install + include_tasks: roles/nginx/tasks/homepage.yml + when: nginx_install | bool + + +# 'Is a "Rapid Power Off" button possible for low-electricity environments?' +# gives more details here: http://FAQ.IIAB.IO + +# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ? +# COMPARE apache_high_php_limits @ roles/www_back_end/tasks/main.yml + +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template + template: + src: 020_apache_poweroff.j2 + dest: /etc/sudoers.d/020_apache_poweroff + mode: '0755' + when: apache_allow_sudo | bool + +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff + file: + path: /etc/sudoers.d/020_apache_poweroff + state: absent + when: not apache_allow_sudo + + +- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_back_end/tasks/main.yml) + command: /usr/bin/iiab-refresh-wiki-docs + when: internet_available and not nodocs + + +# RECORD www_front_end AS INSTALLED + +- name: "Set 'www_front_end_installed: True'" + set_fact: + www_front_end_installed: True + +- name: "Add 'www_front_end_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^www_front_end_installed' + line: 'www_front_end_installed: True' diff --git a/roles/web_support/templates/020_apache_poweroff.j2 b/roles/www_front_end/templates/020_apache_poweroff.j2 similarity index 100% rename from roles/web_support/templates/020_apache_poweroff.j2 rename to roles/www_front_end/templates/020_apache_poweroff.j2 diff --git a/tests/test.yml b/tests/test.yml index dae66056b..a79a8d2e1 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -72,8 +72,9 @@ - { role: transmission } - { role: usb_lib } - { role: vnstat } - - { role: web_support } - { role: wordpress } + - { role: www_back_end } + - { role: www_front_end } - { role: yarn } #- { roles: xovis } From a77cfa53b831a414226c6c83ca25ec990ab01410 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 12 Feb 2020 21:49:10 -0500 Subject: [PATCH 20/31] Typos in 3-base-server, 4-server-options --- roles/3-base-server/tasks/main.yml | 2 +- roles/4-server-options/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index a4895f44b..e61a11289 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -11,7 +11,7 @@ - name: WWW_BACK_END (WWW_FRONT_END should be installed later) include_role: name: www_back_end - # when: www_back_end | bool + # when: www_back_end_install | bool # when: apache_install or nginx_install - name: HTTPD (Apache) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 0ee84f133..2fc36f209 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -45,7 +45,7 @@ - name: WWW_FRONT_END (WWW_BACK_END should have been installed earlier) include_role: name: www_front_end - # when: www_front_end | bool + # when: www_front_end_install | bool # when: apache_install or nginx_install - name: Recording STAGE 4 HAS COMPLETED ================== From 6e22d73f70d0dd40ee5d08876fe454d655804962 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Feb 2020 20:31:34 -0500 Subject: [PATCH 21/31] roles/kiwix spring cleaning w/ 3.0.2 --- roles/kiwix/defaults/main.yml | 50 +++++----- roles/kiwix/tasks/apache.yml | 14 +++ roles/kiwix/tasks/enable-or-disable.yml | 45 +++++++++ roles/kiwix/tasks/enable.yml | 97 ------------------- roles/kiwix/tasks/install.yml | 59 ++++++++--- roles/kiwix/tasks/main.yml | 82 +++++++++------- roles/kiwix/tasks/nginx.yml | 17 ++++ ...b.py => iiab-make-kiwix-lib.py.deprecated} | 0 .../{kiwix-nginx.conf => kiwix-nginx.conf.j2} | 3 +- roles/kiwix/templates/kiwix-serve.service.j2 | 2 +- roles/kiwix/templates/kiwix.conf.j2 | 6 +- 11 files changed, 199 insertions(+), 176 deletions(-) create mode 100644 roles/kiwix/tasks/apache.yml create mode 100644 roles/kiwix/tasks/enable-or-disable.yml delete mode 100644 roles/kiwix/tasks/enable.yml create mode 100644 roles/kiwix/tasks/nginx.yml rename roles/kiwix/templates/{iiab-make-kiwix-lib.py => iiab-make-kiwix-lib.py.deprecated} (100%) rename roles/kiwix/templates/{kiwix-nginx.conf => kiwix-nginx.conf.j2} (93%) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 0801516e0..8fd2a066d 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -7,36 +7,40 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# Which kiwix-tools to download from http://download.iiab.io/packages/ -# As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/ -kiwix_version_armhf: "kiwix-tools_linux-armhf-3.0.1-8" -kiwix_version_linux64: "kiwix-tools_linux-x86_64-3.0.1-8" -kiwix_version_i686: "kiwix-tools_linux-i586-3.0.1-8" -# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" -# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") -# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier: -# https://github.com/kiwix/kiwix-build/issues/94 -# https://github.com/kiwix/kiwix-tools/issues/170 +# INSTRUCTIONS TO REINSTALL Kiwix: +# (1) VERIFY THESE VARS IN /etc/iiab/local_vars.yml +# kiwix_install: True +# kiwix_enabled: True +# (2) RUN: cd /opt/iiab/iiab; ./runrole --reinstall kiwix -kiwix_src_file_armhf: "{{ kiwix_version_armhf }}.tar.gz" -kiwix_src_file_linux64: "{{ kiwix_version_linux64 }}.tar.gz" -kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.gz" -# Used for Kiwix proxy http://box/kiwix/ -kiwix_url_without_slash: /kiwix -kiwix_url: "{{ kiwix_url_without_slash }}/" # /kiwix/ -kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix - -# /library/zims contains 3 important things: +# FYI /library/zims contains 3 important things: # - library.xml # - content = directory for all *.zim's # - index = directory for legacy *.zim.idx's kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" -# INSTRUCTIONS TO REINSTALL kiwix (1) VERIFY ITS VARS IN /etc/iiab/local_vars.yml (2) THEN RUN EITHER BELOW... -# - NEW WAY: cd /opt/iiab/iiab; ./runrole --reinstall kiwix -# - OLD WAY: rm /opt/iiab/kiwix/bin/kiwix-serve; cd /opt/iiab/iiab; ./runrole kiwix -kiwix_force_install: False +# The next 3 lines specify which version(s) of kiwix-tools to download from... +# http://download.iiab.io/packages/ ...as originally obtained from... +# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... +# http://download.kiwix.org/nightly/ + +kiwix_version_armhf: "kiwix-tools_linux-armhf-3.0.2" +kiwix_version_linux64: "kiwix-tools_linux-x86_64-3.0.2" +kiwix_version_i686: "kiwix-tools_linux-i586-3.0.2" + +# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" +# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") +# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, +# thx to @mgautierfr / Matthieu Gautier: +# https://github.com/kiwix/kiwix-build/issues/94 +# https://github.com/kiwix/kiwix-tools/issues/170 + +# Used for Kiwix proxy http://box/kiwix/ +kiwix_url: /kiwix +kiwix_url_plus_slash: "{{ kiwix_url }}/" # /kiwix/ +kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix + kiwix_nginx_timeout: 600 kiwix_threads: 4 diff --git a/roles/kiwix/tasks/apache.yml b/roles/kiwix/tasks/apache.yml new file mode 100644 index 000000000..2162825cb --- /dev/null +++ b/roles/kiwix/tasks/apache.yml @@ -0,0 +1,14 @@ +- name: Enable http://box{{ kiwix_url }} via Apache + command: a2ensite kiwix.conf + when: apache_install and kiwix_enabled + +- name: Disable http://box{{ kiwix_url }} via Apache + command: a2dissite kiwix.conf + when: apache_install and not kiwix_enabled + +- name: Restart Apache systemd service ({{ apache_service }}) + systemd: + name: "{{ apache_service }}" + daemon-reload: yes + state: restarted + when: apache_enabled | bool diff --git a/roles/kiwix/tasks/enable-or-disable.yml b/roles/kiwix/tasks/enable-or-disable.yml new file mode 100644 index 000000000..c64b6e911 --- /dev/null +++ b/roles/kiwix/tasks/enable-or-disable.yml @@ -0,0 +1,45 @@ +- name: Enable & Restart 'kiwix-serve' systemd service + systemd: + name: kiwix-serve + daemon_reload: yes + enabled: yes + state: restarted + when: kiwix_enabled | bool + +- name: Disable & Stop 'kiwix-serve' systemd service + systemd: + name: kiwix-serve + enabled: no + state: stopped + when: not kiwix_enabled + + +# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" + +# In the past kiwix-serve did not stay running, so we'd been doing this hourly. +# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in +# future, whenever service fails, if this really catches all cases?? +# https://github.com/iiab/iiab/issues/484#issuecomment-342151726 +- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) + lineinfile: + # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed + line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" + dest: /etc/crontab + when: kiwix_enabled and is_debuntu + +- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) +# * * * * * user-name command to be executed + lineinfile: + # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed + line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" + dest: /etc/crontab + when: kiwix_enabled and is_redhat + + +- name: Enable/Disable/Restart Apache if primary + include_tasks: apache.yml + when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool diff --git a/roles/kiwix/tasks/enable.yml b/roles/kiwix/tasks/enable.yml deleted file mode 100644 index 0276b08a6..000000000 --- a/roles/kiwix/tasks/enable.yml +++ /dev/null @@ -1,97 +0,0 @@ -- name: Enable & Restart 'kiwix-serve' systemd service - systemd: - name: kiwix-serve - daemon_reload: yes - enabled: yes - state: restarted - when: kiwix_enabled | bool - -- name: Disable & Stop 'kiwix-serve' systemd service - systemd: - name: kiwix-serve - enabled: no - state: stopped - when: not kiwix_enabled - -# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled" - -# In the past kiwix-serve did not stay running, so we'd been doing this hourly. -# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in -# future, whenever service fails, if this really catches all cases?? -# https://github.com/iiab/iiab/issues/484#issuecomment-342151726 -- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu) - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: kiwix_enabled and is_debuntu - -- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat) -# * * * * * user-name command to be executed - lineinfile: - # mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed - line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service" - dest: /etc/crontab - when: kiwix_enabled and is_redhat - -# Apache - -- name: Enable http://box{{ kiwix_url_without_slash }} via Apache - command: a2ensite kiwix.conf - when: apache_install and kiwix_enabled - -- name: Disable http://box{{ kiwix_url_without_slash }} via Apache - command: a2dissite kiwix.conf - when: apache_install and not kiwix_enabled - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - daemon-reload: yes - state: restarted - when: apache_enabled | bool - -# NGINX - -- name: Enable http://box{{ kiwix_url_without_slash }} via NGINX, by installing {{ nginx_conf_dir }}/kiwix-nginx.conf from template - template: - src: kiwix-nginx.conf - dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" - when: nginx_install and kiwix_enabled - -- name: Disable http://box{{ kiwix_url_without_slash }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf - file: - path: "{{ nginx_conf_dir }}/kiwix-nginx.conf" - state: absent - when: nginx_install and not kiwix_enabled - -- name: Restart 'nginx' systemd service - systemd: - name: nginx - state: restarted - when: nginx_enabled | bool - - -- name: Add 'kiwix' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: kiwix - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Kiwix - - option: description - value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' - - option: kiwix_url - value: "{{ kiwix_url }}" - - option: kiwix_path - value: "{{ kiwix_path }}" - - option: kiwix_port - value: "{{ kiwix_port }}" - - option: iiab_zim_path - value: "{{ iiab_zim_path }}" - - option: kiwix_library_xml - value: "{{ kiwix_library_xml }}" - - option: kiwix_enabled - value: "{{ kiwix_enabled }}" diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 0e8235d86..c2fb6fa6c 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -1,29 +1,56 @@ -# 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE +# 0. SET CPU ARCHITECTURE -- name: Download Kiwix software to /opt/iiab/downloads +- name: "Initialize 'kiwix_src_dir: False' just in case CPU architecture is not supported" + set_fact: + kiwix_src_dir: False + +- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71)" + set_fact: + kiwix_src_dir: "{{ kiwix_version_armhf }}" + when: ansible_machine == "armv7l" or ansible_machine == "armv6l" + +- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)" + set_fact: + kiwix_src_dir: "{{ kiwix_version_linux64 }}" + when: ansible_machine == "x86_64" + +- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_i686 }}' (i686)" + set_fact: + kiwix_src_dir: "{{ kiwix_version_i686 }}" + when: ansible_machine == "i686" +# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017) + +- name: Force Ansible to exit (FAIL) if kiwix-tools appears unavailable for your architecture ({{ ansible_machine }}) + fail: + msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." + when: not kiwix_src_dir + +- name: "Set fact 'kiwix_src_file: {{ kiwix_src_dir }}.tar.gz'" + set_fact: + kiwix_src_file: "{{ kiwix_src_dir }}.tar.gz" + + +# 1. PUT IN PLACE: ESSENTIAL DIRS, library.xml, test.zim + +- name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads get_url: - url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" + url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" timeout: "{{ download_timeout }}" when: internet_available | bool -- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} - stat: - path: "{{ downloads_dir }}/{{ kiwix_src_file }}" - register: kiwix_src - -- name: Create directory {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files +- name: Create dir {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files file: path: "{{ item }}" state: directory with_items: - - "{{ iiab_zim_path }}" + - "{{ iiab_zim_path }}" # /library/zims - "{{ iiab_zim_path }}/content" - "{{ iiab_zim_path }}/index" -- name: Check for {{ kiwix_library_xml }} # /library/zims/library.xml +- name: Check for {{ kiwix_library_xml }} stat: - path: "{{ kiwix_library_xml }}" + path: "{{ kiwix_library_xml }}" # /library/zims/library.xml register: kiwix_xml - name: Install stub /library/zims/library.xml from template, if one doesn't exist @@ -39,9 +66,9 @@ dest: "{{ iiab_zim_path }}/content/test.zim" force: no -- name: Create {{ kiwix_path }}/bin directory # /opt/iiab/kiwix/bin +- name: Create {{ kiwix_path }}/bin directory file: - path: "{{ kiwix_path }}/bin" + path: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix state: directory @@ -52,8 +79,8 @@ src: "{{ downloads_dir }}/{{ kiwix_src_file }}" dest: /tmp -- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686) - shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" +- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location {{ kiwix_path }}/bin + shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" # /opt/iiab/kiwix # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 8d65b3f04..de744d8b0 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -1,40 +1,54 @@ -- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_armhf }} (armv6l or armv71)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_armhf }}" - kiwix_src_file: "{{ kiwix_src_file_armhf }}" - when: ansible_machine == "armv7l" or ansible_machine == "armv6l" - -- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_linux64 }}" - kiwix_src_file: "{{ kiwix_src_file_linux64 }}" - when: ansible_machine == "x86_64" +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)" - set_fact: - kiwix_src_dir: "{{ kiwix_version_i686 }}" - kiwix_src_file: "{{ kiwix_src_file_i686 }}" - when: ansible_machine == "i686" -# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017) +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible -- name: FAIL (force Ansible to exit) IF kiwix-tools appears unavailable for OS/architecture -# debug: - fail: - msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." - when: not kiwix_src_file +- name: Assert that "kiwix_install is sameas true" (boolean not string etc) + assert: + that: kiwix_install is sameas true + fail_msg: "PLEASE SET 'kiwix_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes -- name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary - stat: - path: "{{ kiwix_path }}/bin/kiwix-serve" - register: kiwix_bin +- name: Assert that "kiwix_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: kiwix_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'kiwix_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes -- name: Set fact kiwix_force_install if kiwix-serve not found - set_fact: - kiwix_force_install: True - when: not kiwix_bin.stat.exists or reinstall is defined -- include_tasks: install.yml - when: (kiwix_install and not kiwix_installed is defined) or kiwix_force_install +- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kiwix_installed is undefined -- include_tasks: enable.yml - when: kiwix_enabled # or kiwix_installed is defined + +- include_tasks: enable-or-disable.yml + + +- name: Add 'kiwix' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: kiwix + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Kiwix + - option: description + value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' + - option: kiwix_url + value: "{{ kiwix_url }}" + - option: kiwix_url_plus_slash + value: "{{ kiwix_url_plus_slash }}" + - option: kiwix_path + value: "{{ kiwix_path }}" + - option: kiwix_port + value: "{{ kiwix_port }}" + - option: iiab_zim_path + value: "{{ iiab_zim_path }}" + - option: kiwix_library_xml + value: "{{ kiwix_library_xml }}" + - option: kiwix_enabled + value: "{{ kiwix_enabled }}" diff --git a/roles/kiwix/tasks/nginx.yml b/roles/kiwix/tasks/nginx.yml new file mode 100644 index 000000000..c52b61a17 --- /dev/null +++ b/roles/kiwix/tasks/nginx.yml @@ -0,0 +1,17 @@ +- name: Enable http://box{{ kiwix_url }} via NGINX, by installing {{ nginx_conf_dir }}/kiwix-nginx.conf from template + template: + src: kiwix-nginx.conf.j2 + dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" + when: nginx_install and kiwix_enabled + +- name: Disable http://box{{ kiwix_url }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf + file: + path: "{{ nginx_conf_dir }}/kiwix-nginx.conf" + state: absent + when: nginx_install and not kiwix_enabled + +- name: Restart 'nginx' systemd service + systemd: + name: nginx + state: restarted + when: nginx_enabled | bool diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py.deprecated similarity index 100% rename from roles/kiwix/templates/iiab-make-kiwix-lib.py rename to roles/kiwix/templates/iiab-make-kiwix-lib.py.deprecated diff --git a/roles/kiwix/templates/kiwix-nginx.conf b/roles/kiwix/templates/kiwix-nginx.conf.j2 similarity index 93% rename from roles/kiwix/templates/kiwix-nginx.conf rename to roles/kiwix/templates/kiwix-nginx.conf.j2 index 2c5f96f80..000a3dcc2 100644 --- a/roles/kiwix/templates/kiwix-nginx.conf +++ b/roles/kiwix/templates/kiwix-nginx.conf.j2 @@ -1,4 +1,4 @@ -location /kiwix { +location {{ kiwix_url }} { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_http_version 1.1; @@ -8,5 +8,4 @@ location /kiwix { proxy_read_timeout {{ kiwix_nginx_timeout }}; send_timeout {{ kiwix_nginx_timeout }}; proxy_pass http://127.0.0.1:3000; - } diff --git a/roles/kiwix/templates/kiwix-serve.service.j2 b/roles/kiwix/templates/kiwix-serve.service.j2 index 30157bbac..4a8462675 100644 --- a/roles/kiwix/templates/kiwix-serve.service.j2 +++ b/roles/kiwix/templates/kiwix-serve.service.j2 @@ -4,7 +4,7 @@ After=syslog.target network.target local-fs.target [Service] Type=forking -ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }} --threads {{ kiwix_threads }} +ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url_plus_slash }} --threads {{ kiwix_threads }} TimeoutStartSec=180 Restart=on-abort RestartSec=5s diff --git a/roles/kiwix/templates/kiwix.conf.j2 b/roles/kiwix/templates/kiwix.conf.j2 index e37f6b517..41a35b4af 100644 --- a/roles/kiwix/templates/kiwix.conf.j2 +++ b/roles/kiwix/templates/kiwix.conf.j2 @@ -2,14 +2,14 @@ # 2018-08-31: FAILS to enable http://box/kiwix #RewriteEngine on -#RewriteRule ^{{ kiwix_url_without_slash }}$ {{ kiwix_url }} [R] +#RewriteRule ^{{ kiwix_url }}$ {{ kiwix_url_plus_slash }} [R] # 2018-08-31: SUCCEEDS in enabling http://box/kiwix -RedirectMatch ^{{ kiwix_url_without_slash }}$ {{ kiwix_url }} +RedirectMatch ^{{ kiwix_url }}$ {{ kiwix_url_plus_slash }} # 2018-08-31: SUCCEEDS in enabling http://box/kiwix/ & http://box/kiwix/zim & http://box/kiwix/zim/ #ProxyPreserveHost On -ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port}}{{ kiwix_url }} +ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port}}{{ kiwix_url_plus_slash }} # CLARIF: ProxyPassReverse rewrites internal links, that come back from Apache # proxy. Whereas e.g. calibre-web.conf (and others) use this, kiwix.conf does From f17c5077dd2372bde6abb64ce437811981a9dcf9 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Feb 2020 20:47:09 -0500 Subject: [PATCH 22/31] Clean kiwix/tasks/apache.yml & kiwix/tasks/nginx.yml --- roles/kiwix/tasks/apache.yml | 14 ++++++-------- roles/kiwix/tasks/nginx.yml | 13 ++++++------- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/roles/kiwix/tasks/apache.yml b/roles/kiwix/tasks/apache.yml index 2162825cb..8e01dd6e9 100644 --- a/roles/kiwix/tasks/apache.yml +++ b/roles/kiwix/tasks/apache.yml @@ -1,14 +1,12 @@ -- name: Enable http://box{{ kiwix_url }} via Apache +- name: Enable http://box{{ kiwix_url }} via Apache # http://box/kiwix command: a2ensite kiwix.conf - when: apache_install and kiwix_enabled + when: kiwix_enabled | bool -- name: Disable http://box{{ kiwix_url }} via Apache +- name: Disable http://box{{ kiwix_url }} via Apache # http://box/kiwix command: a2dissite kiwix.conf - when: apache_install and not kiwix_enabled + when: not kiwix_enabled -- name: Restart Apache systemd service ({{ apache_service }}) +- name: (Re)Start '{{ apache_service }}' systemd service systemd: - name: "{{ apache_service }}" - daemon-reload: yes + name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml state: restarted - when: apache_enabled | bool diff --git a/roles/kiwix/tasks/nginx.yml b/roles/kiwix/tasks/nginx.yml index c52b61a17..74be639aa 100644 --- a/roles/kiwix/tasks/nginx.yml +++ b/roles/kiwix/tasks/nginx.yml @@ -1,17 +1,16 @@ -- name: Enable http://box{{ kiwix_url }} via NGINX, by installing {{ nginx_conf_dir }}/kiwix-nginx.conf from template +- name: Enable http://box{{ kiwix_url }} via NGINX, by installing {{ nginx_conf_dir }}/kiwix-nginx.conf from template # http://box/kiwix template: src: kiwix-nginx.conf.j2 - dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" - when: nginx_install and kiwix_enabled + dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" # /etc/nginx/conf.d + when: kiwix_enabled | bool -- name: Disable http://box{{ kiwix_url }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf +- name: Disable http://box{{ kiwix_url }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf # http://box/kiwix file: - path: "{{ nginx_conf_dir }}/kiwix-nginx.conf" + path: "{{ nginx_conf_dir }}/kiwix-nginx.conf" # /etc/nginx/conf.d state: absent - when: nginx_install and not kiwix_enabled + when: not kiwix_enabled - name: Restart 'nginx' systemd service systemd: name: nginx state: restarted - when: nginx_enabled | bool From 4c00e019f47af4f9a9e128732ddac921e5ef3f72 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Feb 2020 20:52:28 -0500 Subject: [PATCH 23/31] Explain kiwix/defaults/main.yml --- roles/kiwix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 8fd2a066d..eb13da3e6 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -21,7 +21,7 @@ # - index = directory for legacy *.zim.idx's kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" -# The next 3 lines specify which version(s) of kiwix-tools to download from... +# 3 lines below specify which version(s) of kiwix-tools to download from... # http://download.iiab.io/packages/ ...as originally obtained from... # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ From e1929e0bfbe1f84c5913d3d1b4c1f133734b75ed Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Feb 2020 20:59:44 -0500 Subject: [PATCH 24/31] Revise roles/nginx/README.md --- roles/nginx/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 602d8f245..90999d07f 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -18,13 +18,13 @@ * IIAB documentation (http://box/info) * osm-vector-maps * OER2Go/RACHEL modules - * usb-lib [*] + * usb-lib 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) for your testing). * awstats * calibre-web * gitea - * kiwix [*] + * kiwix * kolibri * mediawiki * munin From 6351dc3e57b77a4108c65cad7772b1b473844804 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Feb 2020 22:53:19 -0500 Subject: [PATCH 25/31] Restart web server(s) as www_front_end completes --- roles/www_front_end/tasks/main.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/roles/www_front_end/tasks/main.yml b/roles/www_front_end/tasks/main.yml index f4525a861..af3672bbe 100644 --- a/roles/www_front_end/tasks/main.yml +++ b/roles/www_front_end/tasks/main.yml @@ -14,10 +14,12 @@ group: "{{ apache_user }}" mode: '0755' +# Used to be run by httpd/tasks/install.yml - name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" include_tasks: roles/httpd/tasks/homepage.yml when: apache_install | bool +# Used to be run by nginx/tasks/install.yml - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install include_tasks: roles/nginx/tasks/homepage.yml when: nginx_install | bool @@ -48,6 +50,19 @@ when: internet_available and not nodocs +- name: (Re)Start '{{ apache_service }}' systemd service, if apache_enabled + systemd: + name: "{{ apache_service }}" # apache2 on debuntu + state: restarted + when: apache_enabled | bool + +- name: (Re)Start 'nginx' systemd service, if nginx_enabled + systemd: + name: nginx + state: restarted + when: nginx_enabled | bool + + # RECORD www_front_end AS INSTALLED - name: "Set 'www_front_end_installed: True'" From 2fe1dc6b0361b769a96096e5fa6bd70c7d288d55 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 13 Feb 2020 23:11:07 -0500 Subject: [PATCH 26/31] 3-base-server/tasks/main.yml, 4-server-options/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 4 ++-- roles/4-server-options/tasks/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index e61a11289..509829cbc 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -11,8 +11,8 @@ - name: WWW_BACK_END (WWW_FRONT_END should be installed later) include_role: name: www_back_end - # when: www_back_end_install | bool - # when: apache_install or nginx_install + #when: www_back_end_install | bool + #when: apache_install or nginx_install - name: HTTPD (Apache) include_role: diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 2fc36f209..8189e6bac 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -45,8 +45,8 @@ - name: WWW_FRONT_END (WWW_BACK_END should have been installed earlier) include_role: name: www_front_end - # when: www_front_end_install | bool - # when: apache_install or nginx_install + #when: www_front_end_install | bool + #when: apache_install or nginx_install - name: Recording STAGE 4 HAS COMPLETED ================== lineinfile: From d5489b228d1c9b51faf07e91efb40ba8765b8380 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Feb 2020 23:38:58 -0500 Subject: [PATCH 27/31] Update default_vars.yml --- vars/default_vars.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 23f845f85..17b435793 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -538,15 +538,15 @@ watchdog: - postgresql - squid -munin_install: True -munin_enabled: True +munin_install: False +munin_enabled: False # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False -vnstat_install: True -vnstat_enabled: True +vnstat_install: False +vnstat_enabled: False # 9-LOCAL-ADDONS From c24ed7d728c7e465d057574acadf394917bde36a Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Feb 2020 23:39:35 -0500 Subject: [PATCH 28/31] Update local_vars_min.yml --- vars/local_vars_min.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index bbfe4755c..c4b783739 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -322,15 +322,15 @@ awstats_enabled: True monit_install: False monit_enabled: False -munin_install: True -munin_enabled: True +munin_install: False +munin_enabled: False # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False -vnstat_install: True -vnstat_enabled: True +vnstat_install: False +vnstat_enabled: False # 9-LOCAL-ADDONS From fdff78885f76a71788bb90443e8df8dec481bdb4 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Feb 2020 23:40:03 -0500 Subject: [PATCH 29/31] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index d3bbf38b4..c85943b5c 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -322,15 +322,15 @@ awstats_enabled: True monit_install: False monit_enabled: False -munin_install: True -munin_enabled: True +munin_install: False +munin_enabled: False # Handy for maintaining tables, but DANGEROUS if not locked down phpmyadmin_install: False phpmyadmin_enabled: False -vnstat_install: True -vnstat_enabled: True +vnstat_install: False +vnstat_enabled: False # 9-LOCAL-ADDONS From 1c55ff0fde8efb6ba939932122e730762fa0eceb Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 13 Feb 2020 23:59:32 -0500 Subject: [PATCH 30/31] Update munin/defaults/main.yml --- roles/munin/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/munin/defaults/main.yml b/roles/munin/defaults/main.yml index 39031c933..aaddd2597 100644 --- a/roles/munin/defaults/main.yml +++ b/roles/munin/defaults/main.yml @@ -1,5 +1,5 @@ -# munin_install: True -# munin_enabled: True +# munin_install: False +# munin_enabled: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! From 65e8f795ec55e0ff9a95d9a016937e5124597ae9 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 14 Feb 2020 01:04:08 -0500 Subject: [PATCH 31/31] Symlink --- roles/minetest/tasks/rpi_minetest_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/minetest/tasks/rpi_minetest_install.yml b/roles/minetest/tasks/rpi_minetest_install.yml index d126ccdaa..0541d2174 100644 --- a/roles/minetest/tasks/rpi_minetest_install.yml +++ b/roles/minetest/tasks/rpi_minetest_install.yml @@ -30,7 +30,7 @@ owner: root group: root -- name: Create symbolic link /library/games/minetest +- name: Symlink /library/games/minetest -> /library/games/0.4.17.1 file: state: link src: /library/games/0.4.17.1