1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Merge pull request #373 from iiab/master

sync from iiab:master
This commit is contained in:
A Holt 2020-02-14 01:52:25 -05:00 committed by GitHub
commit a79798aa85
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
90 changed files with 778 additions and 505 deletions

View file

@ -0,0 +1,21 @@
- name: Create dir {{ doc_root }}/home
file:
state: directory
path: "{{ doc_root }}/home" # /library/www/html
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0755'
- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/
template:
src: iiab-homepage.conf
dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
#- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu)
- name: Enable iiab-homepage.conf via Apache
command: a2ensite iiab-homepage.conf
# file:
# src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
# path: /etc/apache2/sites-enabled/iiab-homepage.conf
# state: link
# when: is_debuntu | bool

View file

@ -3,21 +3,28 @@
- name: ...IS BEGINNING ===================================== - name: ...IS BEGINNING =====================================
command: echo command: echo
- name: HTTPD (APACHE)
include_role:
name: httpd
when: apache_install | bool
- name: MYSQL - name: MYSQL
include_role: include_role:
name: mysql name: mysql
when: mysql_install | bool when: mysql_install | bool
- name: Install NGINX (configured LATER, in Stage 9-LOCAL-ADDONS) - name: WWW_BACK_END (WWW_FRONT_END should be installed later)
include_tasks: roles/nginx/tasks/install.yml include_role:
name: www_back_end
#when: www_back_end_install | bool
#when: apache_install or nginx_install
- name: HTTPD (Apache)
include_role:
name: httpd
when: apache_install | bool
- name: NGINX
include_role:
name: nginx
when: nginx_install | bool when: nginx_install | bool
- name: Install dnsmasq - name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
include_tasks: roles/network/tasks/dnsmasq.yml include_tasks: roles/network/tasks/dnsmasq.yml
when: dnsmasq_install | bool when: dnsmasq_install | bool

View file

@ -20,33 +20,33 @@
- name: Install Bluetooth - only on Raspberry Pi - name: Install Bluetooth - only on Raspberry Pi
include_role: include_role:
name: bluetooth name: bluetooth
when: is_rpi and bluetooth_install # or bluetooth_installed is defined when: is_rpi and bluetooth_install
- name: USB_LIB - name: USB_LIB
include_role: include_role:
name: usb_lib name: usb_lib
when: usb_lib_install | bool when: usb_lib_install | bool
# This is in Stage 4-SERVER-OPTIONS (rather than 3-BASE-SERVER) because var
# iiab_home_url changes, and may need to be re-run in the field/offline/etc.
- name: HOMEPAGE
include_role:
name: homepage
# has no "when: XXXXX_install" flag
- name: CUPS - name: CUPS
include_role: include_role:
name: cups name: cups
when: cups_install # or cups_installed is defined when: cups_install | bool
- name: SAMBA - name: SAMBA
include_role: include_role:
name: samba name: samba
when: samba_install # or samba_installed is defined when: samba_install | bool
- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed at the beginning of Stage 3 = roles/3-base-server/tasks/main.yml, which ran Apache playbook = roles/httpd/tasks/main.yml) # 2020-02-12: what was roles/homepage lives in roles/www_back_end &
command: /usr/bin/iiab-refresh-wiki-docs # roles/www_front_end for now. Eventually softcoding of iiab_home_url
when: internet_available and not nodocs # should happen everywhere (incl Admin Console) to allow more field
# options, e.g. changing /library/www/html/home even when offline...
- name: WWW_FRONT_END (WWW_BACK_END should have been installed earlier)
include_role:
name: www_front_end
#when: www_front_end_install | bool
#when: apache_install or nginx_install
- name: Recording STAGE 4 HAS COMPLETED ================== - name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile: lineinfile:

View file

@ -30,24 +30,34 @@
name: calibre-web name: calibre-web
when: calibreweb_install | bool when: calibreweb_install | bool
# Could split these two below to Stage 10? # Could split these two below to Stage 10? 2020-02-12: Experimentally moving
# stuff to roles/3-base-server, 4-server-options, roles/httpd, roles/nginx.
- name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True # - name: "Set 'nginx_enabled: True'"
include_role: # set_fact:
name: nginx # nginx_enabled: True
when: nginx_enabled | bool # WAS: nginx_install #
# If just CONFIGURING (etc) shouldn't we use one of the following instead ?? # - name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True
# include_tasks: roles/nginx/tasks/setup.yml # include_role:
# include_tasks: roles/nginx/tasks/enable.yml # name: nginx
# when: nginx_enabled | bool # WAS: nginx_install
# # If just CONFIGURING (etc) shouldn't we use one of the following instead ??
# # include_tasks: roles/nginx/tasks/setup.yml
# # include_tasks: roles/nginx/tasks/enable.yml
- name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True # - name: "Set 'apache_enabled: True'"
include_role: # set_fact:
name: httpd-enable # apache_enabled: True
when: apache_enabled | bool # WAS: apache_install #
# WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE! # - name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True
# https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44 # include_role:
# Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md # name: httpd
# 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml # #name: httpd-enable
# when: apache_enabled | bool # WAS: apache_install
# # WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE!
# # https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44
# # Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
# # 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml
- name: Recording STAGE 9 HAS COMPLETED ==================== - name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile: lineinfile:

View file

@ -1,19 +0,0 @@
- name: Create dir {{ doc_root }}/home
file:
path: "{{ doc_root }}/home"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: 0755
state: directory
- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/
template:
src: iiab-homepage.conf
dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
- name: Symlink /etc/apache2/sites-enabled/iiab-homepage.conf to /etc/{{ apache_conf_dir }}/iiab-homepage.conf (debuntu)
file:
src: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
path: /etc/apache2/sites-enabled/iiab-homepage.conf
state: link
when: is_debuntu | bool

View file

@ -1,69 +0,0 @@
# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively
lineinfile:
path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
when: apache_high_php_limits | bool
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }
- { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
- name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
# owner: root
# group: root
# mode: 0644
with_items:
- { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' }
- { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' }
- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu)
file:
src: "/etc/{{ apache_conf_dir }}/010-iiab.conf"
path: /etc/apache2/sites-enabled/010-iiab.conf
state: link
when: is_debuntu | bool
# SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways)
- name: Install /etc/{{ apache_conf_dir }}/osm.conf for http://box/maps (all OS's)
copy:
src: roles/httpd/files/osm.conf
dest: "/etc/{{ apache_conf_dir }}"
# owner: root
# group: root
# mode: 0644
when: osm_vector_maps_install | bool
- name: Symlink /etc/apache2/sites-enabled/osm.conf -> /etc/{{ apache_conf_dir }}/osm.conf (debuntu)
file:
src: "/etc/{{ apache_conf_dir }}/osm.conf"
path: /etc/apache2/sites-enabled/osm.conf
state: link
when: is_debuntu and osm_vector_maps_enabled
- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template
template:
src: roles/httpd/templates/020_apache_poweroff.j2
dest: /etc/sudoers.d/020_apache_poweroff
mode: 0755
when: apache_allow_sudo | bool
- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff
file:
path: /etc/sudoers.d/020_apache_poweroff
state: absent
when: not apache_allow_sudo
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
state: restarted
enabled: yes
daemon_reload: yes

View file

@ -0,0 +1,17 @@
# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml:
#
# httpd/tasks/homepage.yml
# nginx/tasks/homepage.yml
- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from httpd/templates, so Apache redirects http://box to http://box{{ iiab_home_url }} # /home
template:
src: roles/httpd/templates/iiab-homepage.conf
dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" # apache2/sites-available (on debuntu)
- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'"
command: a2ensite iiab-homepage.conf
#when: apache_enabled | bool
# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled"
# command: a2dissite iiab-homepage.conf
# when: not apache_enabled

View file

@ -1,68 +0,0 @@
- name: Copy css files to {{ doc_root }}/common/css # doc_root is /library/www/html
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/css"
mode: 0644
owner: root
group: root
with_fileglob:
- html/css/*.css
- name: Copy js files to {{ doc_root }}/common/js # doc_root is /library/www/html
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/js"
mode: 0644
owner: root
group: root
with_fileglob:
- html/js/*.js
- name: Copy fonts files to {{ doc_root }}/common/fonts # doc_root is /library/www/html
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/fonts"
mode: 0644
owner: root
group: root
with_fileglob:
- html/fonts/*
- name: Copy html files to {{ doc_root }}/common/html # doc_root is /library/www/html
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/html"
mode: 0644
owner: root
group: root
with_fileglob:
- html/html/*
- name: Copy assets files to {{ doc_root }}/common/assets # doc_root is /library/www/html
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/assets"
mode: 0644
owner: root
group: root
with_fileglob:
- html/assets/*
# copy all services, even if not permissioned elsewhere
- name: Copy services files to {{ doc_root }}/common/services # doc_root is /library/www/html
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/services"
mode: 0644
owner: root
group: root
with_fileglob:
- html/services/*
- name: Symlink {{ doc_root }}/common/assets/iiab.ini to {{ iiab_ini_file }} # doc_root is /library/www/html
file:
src: "{{ iiab_ini_file }}"
path: "{{ doc_root }}/common/assets/iiab.ini"
owner: root
group: root
state: link

View file

@ -49,7 +49,7 @@
state: present state: present
when: is_redhat | bool when: is_redhat | bool
# remove symlinks for mpm-event, replace with mpm-prefork # Remove symlinks for mpm_event, replace with mpm_prefork
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu) - name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu)
file: file:
path: "/etc/apache2/mods-enabled/{{ item }}" path: "/etc/apache2/mods-enabled/{{ item }}"
@ -69,6 +69,19 @@
- mpm_prefork.load - mpm_prefork.load
when: is_debuntu | bool when: is_debuntu | bool
# - name: Remove mpm_event.conf & mpm_event.load symlinks, using a2dissite
# command: "a2dissite {{ item }}"
# with_items:
# - mpm_event.conf
# - mpm_event.load
# ignore_errors: yes
#
# - name: Symlink mpm_prefork.conf & mpm_prefork.load, using a2ensite
# command: "a2ensite {{ item }}"
# with_items:
# - mpm_prefork.conf
# - mpm_prefork.load
#- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)' #- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)'
# command: a2enmod {{ item }} # command: a2enmod {{ item }}
# with_items: # with_items:
@ -100,11 +113,11 @@
- name: Create Apache's pid dir /var/run/{{ apache_user }} - name: Create Apache's pid dir /var/run/{{ apache_user }}
file: file:
state: directory
path: "/var/run/{{ apache_user }}" path: "/var/run/{{ apache_user }}"
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
state: directory
- name: 'Create group: admin' - name: 'Create group: admin'
group: group:
@ -120,25 +133,38 @@
- name: Create Apache dir /var/log/{{ apache_service }} - name: Create Apache dir /var/log/{{ apache_service }}
file: file:
state: directory
path: "/var/log/{{ apache_service }}" path: "/var/log/{{ apache_service }}"
owner: "{{ apache_user }}" owner: "{{ apache_user }}"
group: "{{ apache_user }}" group: "{{ apache_user }}"
mode: '0755' mode: '0755'
state: directory
- name: Enable Apache systemd service ({{ apache_service }})
service:
name: "{{ apache_service }}"
enabled: yes
state: stopped
- name: Create /library/www/html/info directory for http://box/info offline docs - name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates
file: template:
path: "{{ doc_root }}/info" src: "{{ item.src }}"
owner: "{{ apache_user }}" dest: "{{ item.dest }}"
group: "{{ apache_user }}" with_items:
mode: '0755' - { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' }
state: directory - { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' }
- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf'"
command: a2ensite 010-iiab.conf
#when: apache_enabled | bool
# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite 010-iiab.conf', if not apache_enabled"
# command: a2dissite 010-iiab.conf
# when: not apache_enabled
- debug:
msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
# - include_tasks: roles/httpd/tasks/homepage.yml
# - name: Enable & Stop '{{ apache_service }}' systemd service
# systemd:
# name: "{{ apache_service }}"
# enabled: yes
# state: stopped
# RECORD Apache AS INSTALLED # RECORD Apache AS INSTALLED

View file

@ -1,20 +1,64 @@
# 2020-01-23 TO DO / Questions: # "How do i fail a task in Ansible if the variable contains a boolean value?
# - Validate input vars apache_install & apache_enabled here. # I want to perform input validation for Ansible playbooks"
# - Use as nec, with 'when: apache_installed is undefined' # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
# - Encapsulate all 3 tasks below into httpd/roles/install.yml ?
# - Similarly sanity-check httpd/roles/enable.yml or httpd/roles/enable-or-disable.yml...
# - Verify that 9-local-addons/tasks/main.yml's invocation of
# roles/httpd/tasks/enable.yml (via roles/httpd-enable/tasks/main.yml, if
# apache_enabled is True) does the right thing!
# - And that we really don't want to invoke it hereunder?
# - Save relevant apache_* vars to /etc/iiab/iiab.ini
- include_tasks: install.yml # We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
- include_tasks: html.yml # to re-check whether vars are defined here. As Ansible vars cannot be unset:
- include_tasks: php-stem.yml # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) - name: Assert that "apache_install is sameas true" (boolean not string etc)
template: assert:
src: refresh-wiki-docs.sh that: apache_install is sameas true
dest: /usr/bin/iiab-refresh-wiki-docs fail_msg: "PLEASE SET 'apache_install: True' e.g. IN: /etc/iiab/local_vars.yml"
mode: '0755' quiet: yes
- name: Assert that "apache_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: apache_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'apache_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- debug:
var: apache_install
- debug:
var: apache_enabled
- debug:
var: apache_installed
- name: Install Apache if 'apache_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: apache_installed is undefined
- name: Enable & (Re)Start {{ apache_service }} systemd service, if apache_enabled
systemd:
name: "{{ apache_service }}"
daemon_reload: yes
enabled: yes
state: restarted
when: apache_enabled | bool
- name: Disable & Stop {{ apache_service }} systemd service, if not apache_enabled
systemd:
name: "{{ apache_service }}"
enabled: no
state: stopped
when: not apache_enabled
- name: Add 'apache' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: apache
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Apache
- option: description
value: '"The Apache HTTP Server (''httpd'')."'
- option: apache_install
value: "{{ apache_install }}"
- option: apache_enabled
value: "{{ apache_enabled }}"

View file

@ -0,0 +1,9 @@
# IIAB Home Page
# Redirect to home page on School Server
# Default [was] xs-portal [and is now generally] home
# RedirectMatch of root to homepage
# See the note in default_vars.yml
RedirectMatch ^/$ {{ iiab_home_url }}

View file

@ -41,7 +41,7 @@
state: absent state: absent
path: "{{ internetarchive_dir }}/node_modules" path: "{{ internetarchive_dir }}/node_modules"
- name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~15 MINUTES) - name: Run 'yarn add @internetarchive/dweb-mirror' to download/populate {{ internetarchive_dir }}/node_modules (CAN TAKE ~5 MINUTES)
shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror shell: yarn config set child-concurrency 1 && yarn add @internetarchive/dweb-mirror
args: args:
chdir: "{{ internetarchive_dir }}" chdir: "{{ internetarchive_dir }}"

View file

@ -20,7 +20,7 @@
# 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza # 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza
# "UPDATE internetarchive" block should run whenever one is isn't installing # "UPDATE internetarchive" block should run whenever one isn't installing
# (or reinstalling) internetarchive, for now. We're aware this means slowness # (or reinstalling) internetarchive, for now. We're aware this means slowness
# during "./runrole internetarchive" but that's very intentional for now -- as # during "./runrole internetarchive" but that's very intentional for now -- as
# it leads to more testing of more recent versions of internetarchive, which # it leads to more testing of more recent versions of internetarchive, which

View file

@ -7,36 +7,40 @@
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
# Which kiwix-tools to download from http://download.iiab.io/packages/
# As obtained from http://download.kiwix.org/release/kiwix-tools/ or http://download.kiwix.org/nightly/
kiwix_version_armhf: "kiwix-tools_linux-armhf-3.0.1-8" # INSTRUCTIONS TO REINSTALL Kiwix:
kiwix_version_linux64: "kiwix-tools_linux-x86_64-3.0.1-8" # (1) VERIFY THESE VARS IN /etc/iiab/local_vars.yml
kiwix_version_i686: "kiwix-tools_linux-i586-3.0.1-8" # kiwix_install: True
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # kiwix_enabled: True
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") # (2) RUN: cd /opt/iiab/iiab; ./runrole --reinstall kiwix
# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018, thx to Matthieu Gautier:
# https://github.com/kiwix/kiwix-build/issues/94
# https://github.com/kiwix/kiwix-tools/issues/170
kiwix_src_file_armhf: "{{ kiwix_version_armhf }}.tar.gz"
kiwix_src_file_linux64: "{{ kiwix_version_linux64 }}.tar.gz"
kiwix_src_file_i686: "{{ kiwix_version_i686 }}.tar.gz"
# Used for Kiwix proxy http://box/kiwix/ # FYI /library/zims contains 3 important things:
kiwix_url_without_slash: /kiwix
kiwix_url: "{{ kiwix_url_without_slash }}/" # /kiwix/
kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix
# /library/zims contains 3 important things:
# - library.xml # - library.xml
# - content = directory for all *.zim's # - content = directory for all *.zim's
# - index = directory for legacy *.zim.idx's # - index = directory for legacy *.zim.idx's
kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# INSTRUCTIONS TO REINSTALL kiwix (1) VERIFY ITS VARS IN /etc/iiab/local_vars.yml (2) THEN RUN EITHER BELOW... # 3 lines below specify which version(s) of kiwix-tools to download from...
# - NEW WAY: cd /opt/iiab/iiab; ./runrole --reinstall kiwix # http://download.iiab.io/packages/ ...as originally obtained from...
# - OLD WAY: rm /opt/iiab/kiwix/bin/kiwix-serve; cd /opt/iiab/iiab; ./runrole kiwix # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
kiwix_force_install: False # http://download.kiwix.org/nightly/
kiwix_version_armhf: "kiwix-tools_linux-armhf-3.0.2"
kiwix_version_linux64: "kiwix-tools_linux-x86_64-3.0.2"
kiwix_version_i686: "kiwix-tools_linux-i586-3.0.2"
# kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
# v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")
# v0.10 for i686 published Oct 2016 ("experimental") REPLACED IN EARLY 2018,
# thx to @mgautierfr / Matthieu Gautier:
# https://github.com/kiwix/kiwix-build/issues/94
# https://github.com/kiwix/kiwix-tools/issues/170
# Used for Kiwix proxy http://box/kiwix/
kiwix_url: /kiwix
kiwix_url_plus_slash: "{{ kiwix_url }}/" # /kiwix/
kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix
kiwix_nginx_timeout: 600 kiwix_nginx_timeout: 600
kiwix_threads: 4 kiwix_threads: 4

View file

@ -0,0 +1,12 @@
- name: Enable http://box{{ kiwix_url }} via Apache # http://box/kiwix
command: a2ensite kiwix.conf
when: kiwix_enabled | bool
- name: Disable http://box{{ kiwix_url }} via Apache # http://box/kiwix
command: a2dissite kiwix.conf
when: not kiwix_enabled
- name: (Re)Start '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted

View file

@ -0,0 +1,45 @@
- name: Enable & Restart 'kiwix-serve' systemd service
systemd:
name: kiwix-serve
daemon_reload: yes
enabled: yes
state: restarted
when: kiwix_enabled | bool
- name: Disable & Stop 'kiwix-serve' systemd service
systemd:
name: kiwix-serve
enabled: no
state: stopped
when: not kiwix_enabled
# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled"
# In the past kiwix-serve did not stay running, so we'd been doing this hourly.
# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in
# future, whenever service fails, if this really catches all cases??
# https://github.com/iiab/iiab/issues/484#issuecomment-342151726
- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu)
lineinfile:
# mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed
line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service"
dest: /etc/crontab
when: kiwix_enabled and is_debuntu
- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat)
# * * * * * user-name command to be executed
lineinfile:
# mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed
line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service"
dest: /etc/crontab
when: kiwix_enabled and is_redhat
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled | bool

View file

@ -1,97 +0,0 @@
- name: Enable & Restart 'kiwix-serve' systemd service
systemd:
name: kiwix-serve
daemon_reload: yes
enabled: yes
state: restarted
when: kiwix_enabled | bool
- name: Disable & Stop 'kiwix-serve' systemd service
systemd:
name: kiwix-serve
enabled: no
state: stopped
when: not kiwix_enabled
# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled"
# In the past kiwix-serve did not stay running, so we'd been doing this hourly.
# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in
# future, whenever service fails, if this really catches all cases??
# https://github.com/iiab/iiab/issues/484#issuecomment-342151726
- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu)
lineinfile:
# mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed
line: "0 4 * * * root /bin/systemctl restart kiwix-serve.service"
dest: /etc/crontab
when: kiwix_enabled and is_debuntu
- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat)
# * * * * * user-name command to be executed
lineinfile:
# mn hr dy mo day-of-week[Sunday=0] username command-to-be-executed
line: "0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service"
dest: /etc/crontab
when: kiwix_enabled and is_redhat
# Apache
- name: Enable http://box{{ kiwix_url_without_slash }} via Apache
command: a2ensite kiwix.conf
when: apache_install and kiwix_enabled
- name: Disable http://box{{ kiwix_url_without_slash }} via Apache
command: a2dissite kiwix.conf
when: apache_install and not kiwix_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
daemon-reload: yes
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box{{ kiwix_url_without_slash }} via NGINX, by installing {{ nginx_conf_dir }}/kiwix-nginx.conf from template
template:
src: kiwix-nginx.conf
dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf"
when: nginx_install and kiwix_enabled
- name: Disable http://box{{ kiwix_url_without_slash }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf
file:
path: "{{ nginx_conf_dir }}/kiwix-nginx.conf"
state: absent
when: nginx_install and not kiwix_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'kiwix' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: kiwix
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kiwix
- option: description
value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
- option: kiwix_url
value: "{{ kiwix_url }}"
- option: kiwix_path
value: "{{ kiwix_path }}"
- option: kiwix_port
value: "{{ kiwix_port }}"
- option: iiab_zim_path
value: "{{ iiab_zim_path }}"
- option: kiwix_library_xml
value: "{{ kiwix_library_xml }}"
- option: kiwix_enabled
value: "{{ kiwix_enabled }}"

View file

@ -1,29 +1,56 @@
# 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE # 0. SET CPU ARCHITECTURE
- name: Download Kiwix software to /opt/iiab/downloads - name: "Initialize 'kiwix_src_dir: False' just in case CPU architecture is not supported"
set_fact:
kiwix_src_dir: False
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_armhf }}' (armv6l or armv71)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_armhf }}"
when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_linux64 }}' (x86_64)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_linux64 }}"
when: ansible_machine == "x86_64"
- name: "Set fact 'kiwix_src_dir: {{ kiwix_version_i686 }}' (i686)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_i686 }}"
when: ansible_machine == "i686"
# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017)
- name: Force Ansible to exit (FAIL) if kiwix-tools appears unavailable for your architecture ({{ ansible_machine }})
fail:
msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE."
when: not kiwix_src_dir
- name: "Set fact 'kiwix_src_file: {{ kiwix_src_dir }}.tar.gz'"
set_fact:
kiwix_src_file: "{{ kiwix_src_dir }}.tar.gz"
# 1. PUT IN PLACE: ESSENTIAL DIRS, library.xml, test.zim
- name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads
get_url: get_url:
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages
dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" dest: "{{ downloads_dir }}/{{ kiwix_src_file }}"
timeout: "{{ download_timeout }}" timeout: "{{ download_timeout }}"
when: internet_available | bool when: internet_available | bool
- name: Check for /opt/iiab/downloads/{{ kiwix_src_file }} - name: Create dir {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files
stat:
path: "{{ downloads_dir }}/{{ kiwix_src_file }}"
register: kiwix_src
- name: Create directory {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
with_items: with_items:
- "{{ iiab_zim_path }}" - "{{ iiab_zim_path }}" # /library/zims
- "{{ iiab_zim_path }}/content" - "{{ iiab_zim_path }}/content"
- "{{ iiab_zim_path }}/index" - "{{ iiab_zim_path }}/index"
- name: Check for {{ kiwix_library_xml }} # /library/zims/library.xml - name: Check for {{ kiwix_library_xml }}
stat: stat:
path: "{{ kiwix_library_xml }}" path: "{{ kiwix_library_xml }}" # /library/zims/library.xml
register: kiwix_xml register: kiwix_xml
- name: Install stub /library/zims/library.xml from template, if one doesn't exist - name: Install stub /library/zims/library.xml from template, if one doesn't exist
@ -39,9 +66,9 @@
dest: "{{ iiab_zim_path }}/content/test.zim" dest: "{{ iiab_zim_path }}/content/test.zim"
force: no force: no
- name: Create {{ kiwix_path }}/bin directory # /opt/iiab/kiwix/bin - name: Create {{ kiwix_path }}/bin directory
file: file:
path: "{{ kiwix_path }}/bin" path: "{{ kiwix_path }}/bin" # /opt/iiab/kiwix
state: directory state: directory
@ -52,8 +79,8 @@
src: "{{ downloads_dir }}/{{ kiwix_src_file }}" src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
dest: /tmp dest: /tmp
- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686) - name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location {{ kiwix_path }}/bin
shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/" # /opt/iiab/kiwix
# 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU # 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU

View file

@ -1,40 +1,54 @@
- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_armhf }} (armv6l or armv71)" # "How do i fail a task in Ansible if the variable contains a boolean value?
set_fact: # I want to perform input validation for Ansible playbooks"
kiwix_src_dir: "{{ kiwix_version_armhf }}" # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
kiwix_src_file: "{{ kiwix_src_file_armhf }}"
when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)"
set_fact:
kiwix_src_dir: "{{ kiwix_version_linux64 }}"
kiwix_src_file: "{{ kiwix_src_file_linux64 }}"
when: ansible_machine == "x86_64"
- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)" # We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
set_fact: # to re-check whether vars are defined here. As Ansible vars cannot be unset:
kiwix_src_dir: "{{ kiwix_version_i686 }}" # https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
kiwix_src_file: "{{ kiwix_src_file_i686 }}"
when: ansible_machine == "i686"
# COMMENT OUT LINE ABOVE TO TEST i686 CODE PATH ON X86_64 (WORKS NOV 2017)
- name: FAIL (force Ansible to exit) IF kiwix-tools appears unavailable for OS/architecture - name: Assert that "kiwix_install is sameas true" (boolean not string etc)
# debug: assert:
fail: that: kiwix_install is sameas true
msg: "WARNING: kiwix-tools SOFTWARE APPEARS UNAVAILABLE FOR YOUR {{ ansible_machine }} OS/ARCHITECTURE." fail_msg: "PLEASE SET 'kiwix_install: True' e.g. IN: /etc/iiab/local_vars.yml"
when: not kiwix_src_file quiet: yes
- name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary - name: Assert that "kiwix_enabled | type_debug == 'bool'" (boolean not string etc)
stat: assert:
path: "{{ kiwix_path }}/bin/kiwix-serve" that: kiwix_enabled | type_debug == 'bool'
register: kiwix_bin fail_msg: "PLEASE GIVE VARIABLE 'kiwix_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Set fact kiwix_force_install if kiwix-serve not found
set_fact:
kiwix_force_install: True
when: not kiwix_bin.stat.exists or reinstall is defined
- include_tasks: install.yml - name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
when: (kiwix_install and not kiwix_installed is defined) or kiwix_force_install include_tasks: install.yml
when: kiwix_installed is undefined
- include_tasks: enable.yml
when: kiwix_enabled # or kiwix_installed is defined - include_tasks: enable-or-disable.yml
- name: Add 'kiwix' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}"
section: kiwix
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Kiwix
- option: description
value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."'
- option: kiwix_url
value: "{{ kiwix_url }}"
- option: kiwix_url_plus_slash
value: "{{ kiwix_url_plus_slash }}"
- option: kiwix_path
value: "{{ kiwix_path }}"
- option: kiwix_port
value: "{{ kiwix_port }}"
- option: iiab_zim_path
value: "{{ iiab_zim_path }}"
- option: kiwix_library_xml
value: "{{ kiwix_library_xml }}"
- option: kiwix_enabled
value: "{{ kiwix_enabled }}"

View file

@ -0,0 +1,16 @@
- name: Enable http://box{{ kiwix_url }} via NGINX, by installing {{ nginx_conf_dir }}/kiwix-nginx.conf from template # http://box/kiwix
template:
src: kiwix-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/kiwix-nginx.conf" # /etc/nginx/conf.d
when: kiwix_enabled | bool
- name: Disable http://box{{ kiwix_url }} via NGINX, by removing {{ nginx_conf_dir }}/kiwix-nginx.conf # http://box/kiwix
file:
path: "{{ nginx_conf_dir }}/kiwix-nginx.conf" # /etc/nginx/conf.d
state: absent
when: not kiwix_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted

View file

@ -1,4 +1,4 @@
location /kiwix { location {{ kiwix_url }} {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_http_version 1.1; proxy_http_version 1.1;
@ -8,5 +8,4 @@ location /kiwix {
proxy_read_timeout {{ kiwix_nginx_timeout }}; proxy_read_timeout {{ kiwix_nginx_timeout }};
send_timeout {{ kiwix_nginx_timeout }}; send_timeout {{ kiwix_nginx_timeout }};
proxy_pass http://127.0.0.1:3000; proxy_pass http://127.0.0.1:3000;
} }

View file

@ -4,7 +4,7 @@ After=syslog.target network.target local-fs.target
[Service] [Service]
Type=forking Type=forking
ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url }} --threads {{ kiwix_threads }} ExecStart={{ iiab_base }}/kiwix/bin/kiwix-serve --daemon --port {{ kiwix_port }} --nolibrarybutton --library {{ kiwix_library_xml }} --urlRootLocation={{ kiwix_url_plus_slash }} --threads {{ kiwix_threads }}
TimeoutStartSec=180 TimeoutStartSec=180
Restart=on-abort Restart=on-abort
RestartSec=5s RestartSec=5s

View file

@ -2,14 +2,14 @@
# 2018-08-31: FAILS to enable http://box/kiwix # 2018-08-31: FAILS to enable http://box/kiwix
#RewriteEngine on #RewriteEngine on
#RewriteRule ^{{ kiwix_url_without_slash }}$ {{ kiwix_url }} [R] #RewriteRule ^{{ kiwix_url }}$ {{ kiwix_url_plus_slash }} [R]
# 2018-08-31: SUCCEEDS in enabling http://box/kiwix # 2018-08-31: SUCCEEDS in enabling http://box/kiwix
RedirectMatch ^{{ kiwix_url_without_slash }}$ {{ kiwix_url }} RedirectMatch ^{{ kiwix_url }}$ {{ kiwix_url_plus_slash }}
# 2018-08-31: SUCCEEDS in enabling http://box/kiwix/ & http://box/kiwix/zim & http://box/kiwix/zim/ # 2018-08-31: SUCCEEDS in enabling http://box/kiwix/ & http://box/kiwix/zim & http://box/kiwix/zim/
#ProxyPreserveHost On #ProxyPreserveHost On
ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port}}{{ kiwix_url }} ProxyPass {{ kiwix_url }} http://127.0.0.1:{{ kiwix_port}}{{ kiwix_url_plus_slash }}
# CLARIF: ProxyPassReverse rewrites internal links, that come back from Apache # CLARIF: ProxyPassReverse rewrites internal links, that come back from Apache
# proxy. Whereas e.g. calibre-web.conf (and others) use this, kiwix.conf does # proxy. Whereas e.g. calibre-web.conf (and others) use this, kiwix.conf does

View file

@ -30,7 +30,7 @@
owner: root owner: root
group: root group: root
- name: Create symbolic link /library/games/minetest - name: Symlink /library/games/minetest -> /library/games/0.4.17.1
file: file:
state: link state: link
src: /library/games/0.4.17.1 src: /library/games/0.4.17.1

View file

@ -1,5 +1,5 @@
# munin_install: True # munin_install: False
# munin_enabled: True # munin_enabled: False
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

View file

@ -18,13 +18,13 @@
* IIAB documentation (http://box/info) * IIAB documentation (http://box/info)
* osm-vector-maps * osm-vector-maps
* OER2Go/RACHEL modules * OER2Go/RACHEL modules
* usb-lib [*] * usb-lib
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) for your testing). 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L40-L44) for your testing).
* awstats * awstats
* calibre-web * calibre-web
* gitea * gitea
* kiwix [*] * kiwix
* kolibri * kolibri
* mediawiki * mediawiki
* munin * munin

View file

@ -0,0 +1,40 @@
- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap
systemd:
name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
state: stopped
- name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
template:
src: ports.conf.j2
dest: "/etc/{{ apache_service }}/ports.conf"
when: nginx_enabled | bool
- name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
template:
src: stock-apache-ports.conf
dest: "/etc/{{ apache_service }}/ports.conf"
when: not nginx_enabled
- name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it
systemd:
name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
daemon_reload: yes
state: restarted
enabled: true
when: apache_enabled or not nginx_enabled
- name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled
systemd:
name: nginx
daemon_reload: yes
enabled: yes
state: restarted
when: nginx_enabled | bool
- name: Disable & Stop 'nginx' systemd service, if not nginx_enabled
systemd:
name: nginx
enabled: no
state: stopped
when: not nginx_enabled

View file

@ -0,0 +1,9 @@
# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml:
#
# httpd/tasks/homepage.yml
# nginx/tasks/homepage.yml
- name: Install {{ nginx_conf_dir }}/iiab.conf from nginx/templates, so NGINX redirects http://box to http://box{{ iiab_home_url }} # /home
template:
src: roles/nginx/templates/iiab.conf.j2
dest: "{{ nginx_conf_dir }}/iiab.conf" # /etc/nginx/conf.d

View file

@ -1,4 +1,20 @@
- name: Install NGINX required and helper packages # This stanza can likely be removed later in 2020:
- name: 'Remove legacy files if present: /etc/systemd/system/uwsgi.service, {{ nginx_conf_dir }}/usb-lib.conf, {{ nginx_conf_dir }}/modules.conf'
file:
path: "{{ item.path }}"
state: absent
with_items:
- { path: "/etc/systemd/system/uwsgi.service" }
- { path: "{{ nginx_conf_dir }}/usb-lib.conf" }
- { path: "{{ nginx_conf_dir }}/modules.conf" }
- name: Stop '{{ apache_service }}' systemd service
systemd:
name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
state: stopped
ignore_errors: yes
- name: Install required and helper packages for NGINX
package: package:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
@ -9,9 +25,9 @@
- php-fpm - php-fpm
- libnginx-mod-http-subs-filter - libnginx-mod-http-subs-filter
- name: Add http server user to shadow group, so it can authenticate Admin Console - name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
user: user:
name: "{{ apache_user }}" name: "{{ apache_user }}" # www-data or apache, per /opt/iiab/iiab/vars/<OS>.yml
groups: shadow groups: shadow
- name: Remove NGINX default config /etc/nginx/sites-enabled/default - name: Remove NGINX default config /etc/nginx/sites-enabled/default
@ -19,29 +35,34 @@
path: /etc/nginx/sites-enabled/default path: /etc/nginx/sites-enabled/default
state: absent state: absent
- name: 'Install 4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, /etc/systemd/system/uwsgi.service' - name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf'
template: template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
with_items: with_items:
- { src: 'roles/nginx/templates/server.conf.j2', dest: '/etc/nginx/server.conf' } - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
- { src: 'roles/nginx/templates/nginx.conf.j2', dest: '/etc/nginx/nginx.conf' } - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
- { src: 'roles/nginx/templates/ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # Moved to enable-or-disable.yml
#- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml below
# php stem extension is installed in role httpd - debug:
msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
# - include_tasks: roles/nginx/tasks/homepage.yml
# php-stem extension installed by roles/www_back_end/tasks/php-stem.yml
# here it is linked to php-fpm # here it is linked to php-fpm
- name: Create softlink 20-stem.ini to /etc/php/{{ php_version }}/mods-available/stem.ini - name: Symlink /etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini -> /etc/php/{{ php_version }}/mods-available/stem.ini
file: file:
src: "/etc/php/{{ php_version }}/mods-available/stem.ini" src: "/etc/php/{{ php_version }}/mods-available/stem.ini"
path: "/etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini" path: "/etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini"
state: link state: link
when: nginx_enabled #when: nginx_enabled | bool
- name: Restart php{{ php_version }}-fpm service - name: Restart php{{ php_version }}-fpm systemd service
service: systemd:
name: "php{{ php_version }}-fpm" name: "php{{ php_version }}-fpm"
state: restarted state: restarted
when: nginx_enabled #when: nginx_enabled | bool
# RECORD NGINX AS INSTALLED # RECORD NGINX AS INSTALLED

View file

@ -1,70 +1,51 @@
- name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_conf_dir }} # "How do i fail a task in Ansible if the variable contains a boolean value?
file: # I want to perform input validation for Ansible playbooks"
path: "{{ item.path }}" # https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
state: absent
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "nginx_install is sameas true" (boolean not string etc)
assert:
that: nginx_install is sameas true
fail_msg: "PLEASE SET 'nginx_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "nginx_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: nginx_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'nginx_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- debug:
var: nginx_install
- debug:
var: nginx_enabled
- debug:
var: nginx_installed
- name: Install NGINX if 'nginx_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: nginx_installed is undefined
- include_tasks: enable-or-disable.yml
- name: Add 'nginx' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: nginx
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items: with_items:
- { path: "/etc/systemd/system/uwsgi.service" } - option: name
- { path: "{{ nginx_conf_dir }}/usb-lib.conf" } value: NGINX
- { path: "{{ nginx_conf_dir }}/modules.conf" } - option: description
value: '"NGINX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache."'
- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap - option: nginx_install
systemd: value: "{{ nginx_install }}"
name: "{{ apache_service }}" - option: nginx_enabled
state: stopped value: "{{ nginx_enabled }}"
- name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_conf_dir }}/iiab.conf"
template:
src: "{{ item.src}}"
dest: "{{ item.dest }}"
with_items:
- { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
- { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
- { src: 'ports.conf.j2', dest: "/etc/{{ apache_service }}/ports.conf" }
- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }
when: nginx_enabled | bool
# the below slides in nginx's proxypass config files for apache on localhost
# via the ports.conf file installed above
#- name: Install proxpass to Apache running on localhost port {{ apache_port }}
# include_tasks: uses_apache.yml
# when: apache_enabled | bool
# the below task contains the same logic contained in the playbooks to enable
# 'runrole nginx' to do the right thing but with the 'src' path set to role's
# templates path ie roles/<rolename>/template/
#- name: Install proxpass to other services 'dual mode' roles
# include_tasks: only_nginx.yml
# when: nginx_enabled | bool
- name: Stop & Disable 'nginx' systemd service, when not nginx_enabled
systemd:
name: nginx
state: stopped
enabled: false
when: not nginx_enabled
- name: Disable Apache port {{ apache_port }} localhost only, when not nginx_enabled
template:
dest: /etc/{{ apache_service }}/ports.conf
src: stock-apache-ports.conf
when: not nginx_enabled
# should have the logic to handle both modes in the playbook
#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled
# include_tasks: disable.yml
# when: not nginx_enabled
- name: Enable & Restart Apache, since we stopped it ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
daemon_reload: yes
state: restarted
enabled: true
when: apache_enabled or not nginx_enabled
- name: Enable & Restart NGINX, to pick up the config files installed
systemd:
name: nginx
state: restarted
enabled: true
when: nginx_enabled | bool

View file

Before

Width:  |  Height:  |  Size: 62 KiB

After

Width:  |  Height:  |  Size: 62 KiB

Before After
Before After

View file

@ -0,0 +1,68 @@
- name: Copy css files to {{ doc_root }}/common/css
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/css" # /library/www/html
# owner: root
# group: root
# mode: '0644'
with_fileglob:
- html/css/*.css
- name: Copy js files to {{ doc_root }}/common/js
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/js" # /library/www/html
# owner: root
# group: root
# mode: '0644'
with_fileglob:
- html/js/*.js
- name: Copy fonts files to {{ doc_root }}/common/fonts
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/fonts" # /library/www/html
# owner: root
# group: root
# mode: '0644'
with_fileglob:
- html/fonts/*
- name: Copy html files to {{ doc_root }}/common/html
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/html" # /library/www/html
# owner: root
# group: root
# mode: '0644'
with_fileglob:
- html/html/*
- name: Copy assets files to {{ doc_root }}/common/assets
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/assets" # /library/www/html
# owner: root
# group: root
# mode: '0644'
with_fileglob:
- html/assets/*
# Copy all services, even if not permissioned elsewhere
- name: Copy services files to {{ doc_root }}/common/services
copy:
src: "{{ item }}"
dest: "{{ doc_root }}/common/services" # /library/www/html
# owner: root
# group: root
# mode: '0644'
with_fileglob:
- html/services/*
- name: Symlink {{ doc_root }}/common/assets/iiab.ini -> {{ iiab_ini_file }}
file:
src: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
path: "{{ doc_root }}/common/assets/iiab.ini" # /library/www/html
# owner: root
# group: root
state: link

View file

@ -0,0 +1,64 @@
# Role "www_back_end" runs here, probably in 3-BASE-SERVER.
# Role "www_front_end" runs later, likely in 4-SERVER-OPTIONS.
#
# (Don't take either name too literally!)
- include_tasks: html.yml
- include_tasks: php-stem.yml
# 2020-02-12: DOES THE FLAG BELOW (apache_high_php_limits) WORK WITH NGINX TOO?
# COMPARE apache_allow_sudo @ roles/www_front_end/tasks/main.yml
# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147
# WARNING: Enabling this might cause excess use of RAM/disk or other resources!
- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively
lineinfile:
path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
when: apache_high_php_limits | bool
with_items:
- { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' }
- { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' }
- { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' }
- { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' }
- { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' }
- name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_front_end/tasks/main.yml
file:
state: directory
path: "{{ doc_root }}/home" # /library/www/html
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
# mode: '0755'
- name: Create dir {{ doc_root }}/info for http://box/info offline docs
file:
state: directory
path: "{{ doc_root }}/info" # /library/www/html
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
# mode: '0755'
- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
template:
src: iiab-refresh-wiki-docs.sh
dest: /usr/bin/iiab-refresh-wiki-docs
mode: '0755'
# RECORD www_back_end AS INSTALLED
- name: "Set 'www_back_end_installed: True'"
set_fact:
www_back_end_installed: True
- name: "Add 'www_back_end_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^www_back_end_installed'
line: 'www_back_end_installed: True'

View file

@ -23,7 +23,7 @@
remote_src: yes remote_src: yes
when: ansible_machine == "x86_64" when: ansible_machine == "x86_64"
# link to php done in nginx when php-fpm is installed # link to php done in roles/nginx/tasks/install.yml when php-fpm is installed
# Not sure what to do for apache, so do nothing for now # Not sure what to do for apache, so do nothing for now

View file

@ -0,0 +1,76 @@
# Role "www_back_end" runs earlier, likely in 3-BASE-SERVER.
# Role "www_front_end" runs here, probably in 4-SERVER-OPTIONS.
#
# (Don't take either name too literally!)
# HOMEPAGE
- name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized. (Standard path {{doc_root}}/home was created earlier.)
file:
state: directory
path: "{{ doc_root }}{{ iiab_home_url }}" # /library/www/html/home
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0755'
# Used to be run by httpd/tasks/install.yml
- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install"
include_tasks: roles/httpd/tasks/homepage.yml
when: apache_install | bool
# Used to be run by nginx/tasks/install.yml
- name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install
include_tasks: roles/nginx/tasks/homepage.yml
when: nginx_install | bool
# 'Is a "Rapid Power Off" button possible for low-electricity environments?'
# gives more details here: http://FAQ.IIAB.IO
# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ?
# COMPARE apache_high_php_limits @ roles/www_back_end/tasks/main.yml
- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template
template:
src: 020_apache_poweroff.j2
dest: /etc/sudoers.d/020_apache_poweroff
mode: '0755'
when: apache_allow_sudo | bool
- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff
file:
path: /etc/sudoers.d/020_apache_poweroff
state: absent
when: not apache_allow_sudo
- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_back_end/tasks/main.yml)
command: /usr/bin/iiab-refresh-wiki-docs
when: internet_available and not nodocs
- name: (Re)Start '{{ apache_service }}' systemd service, if apache_enabled
systemd:
name: "{{ apache_service }}" # apache2 on debuntu
state: restarted
when: apache_enabled | bool
- name: (Re)Start 'nginx' systemd service, if nginx_enabled
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
# RECORD www_front_end AS INSTALLED
- name: "Set 'www_front_end_installed: True'"
set_fact:
www_front_end_installed: True
- name: "Add 'www_front_end_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^www_front_end_installed'
line: 'www_front_end_installed: True'

View file

@ -16,8 +16,12 @@
#- { role: ajenti } #- { role: ajenti }
#- { role: authserver } #- { role: authserver }
- { role: awstats } - { role: awstats }
- { role: azuracast }
- { role: bluetooth }
- { role: calibre } - { role: calibre }
- { role: calibre-web } - { role: calibre-web }
- { role: captiveportal }
#- { role: cham }
- { role: cups } - { role: cups }
#- { role: debian_schooltool } #- { role: debian_schooltool }
#- { role: docker } #- { role: docker }
@ -25,28 +29,37 @@
#- { role: ejabberd } #- { role: ejabberd }
#- { role: ejabberd_xs } #- { role: ejabberd_xs }
- { role: elgg } - { role: elgg }
- { role: homepage } - { role: gitea }
#- { role: homepage }
- { role: httpd } - { role: httpd }
#- { role: idmgr } #- { role: idmgr }
- { role: iiab-admin } - { role: iiab-admin }
- { role: internetarchive }
- { role: kalite } - { role: kalite }
- { role: kiwix } - { role: kiwix }
- { role: kolibri } - { role: kolibri }
- { role: lokole } - { role: lokole }
- { role: mediawiki } - { role: mediawiki }
- { role: minetest }
- { role: mongodb } - { role: mongodb }
- { role: monit } - { role: monit }
- { role: moodle } - { role: moodle }
#- { role: moodle-1.9 } #- { role: moodle-1.9 }
- { role: mosquitto }
- { role: munin } - { role: munin }
- { role: mysql } - { role: mysql }
- { role: network } - { role: network }
- { role: nextcloud } - { role: nextcloud }
- { role: nginx }
- { role: nodejs }
- { role: nodered }
#- { role: nodogsplash } #- { role: nodogsplash }
- { role: openvpn } - { role: openvpn }
- { role: osm-vector-maps }
#- { role: osm } #- { role: osm }
#- { role: owncloud } #- { role: owncloud }
#- { role: pathagar } #- { role: pathagar }
- { role: pbx }
- { role: phpmyadmin } - { role: phpmyadmin }
- { role: postgresql } - { role: postgresql }
#- { role: rachel } #- { role: rachel }
@ -60,6 +73,9 @@
- { role: usb_lib } - { role: usb_lib }
- { role: vnstat } - { role: vnstat }
- { role: wordpress } - { role: wordpress }
- { role: www_back_end }
- { role: www_front_end }
- { role: yarn }
#- { roles: xovis } #- { roles: xovis }
# Let's try to keep the above list synchronized with: # Let's try to keep the above list synchronized with:

View file

@ -538,15 +538,15 @@ watchdog:
- postgresql - postgresql
- squid - squid
munin_install: True munin_install: False
munin_enabled: True munin_enabled: False
# Handy for maintaining tables, but DANGEROUS if not locked down # Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False phpmyadmin_install: False
phpmyadmin_enabled: False phpmyadmin_enabled: False
vnstat_install: True vnstat_install: False
vnstat_enabled: True vnstat_enabled: False
# 9-LOCAL-ADDONS # 9-LOCAL-ADDONS

View file

@ -322,15 +322,15 @@ awstats_enabled: True
monit_install: False monit_install: False
monit_enabled: False monit_enabled: False
munin_install: True munin_install: False
munin_enabled: True munin_enabled: False
# Handy for maintaining tables, but DANGEROUS if not locked down # Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False phpmyadmin_install: False
phpmyadmin_enabled: False phpmyadmin_enabled: False
vnstat_install: True vnstat_install: False
vnstat_enabled: True vnstat_enabled: False
# 9-LOCAL-ADDONS # 9-LOCAL-ADDONS

View file

@ -322,15 +322,15 @@ awstats_enabled: True
monit_install: False monit_install: False
monit_enabled: False monit_enabled: False
munin_install: True munin_install: False
munin_enabled: True munin_enabled: False
# Handy for maintaining tables, but DANGEROUS if not locked down # Handy for maintaining tables, but DANGEROUS if not locked down
phpmyadmin_install: False phpmyadmin_install: False
phpmyadmin_enabled: False phpmyadmin_enabled: False
vnstat_install: True vnstat_install: False
vnstat_enabled: True vnstat_enabled: False
# 9-LOCAL-ADDONS # 9-LOCAL-ADDONS