external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-12 19:22:24 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into file-module-fixes

Browse source
This commit is contained in:
A Holt 2017-11-09 06:48:50 -05:00 committed by GitHub
commit a849080fb4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
165 changed files with 2618 additions and 1682 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.github/ISSUE_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,5 @@
### Expected behavior and actual behavior.
### Steps to reproduce the problem.
### Specifications like the version of the IIAB, operating system version, or hardware details.

7
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,7 @@
### Fixes Bug
### Description of changes proposed in this pull request.
### Smoke-tested in operating system.
### Mention a team member for further information or comment using @ name

143
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,143 @@
Contributing to Internet-in-a-Box (IIAB)
=======================================
Internet-in-a-Box runs on various GNU/Linux operating systems such as Fedora, Ubuntu, Debian, CentOS and Raspbian.
You can install Internet-in-a-Box on most late model desktop and laptop computers. It also supports Intel NUC, Intel Gigabyte BRIX, OLPC XO-1.5, XO-1.75, XO-4, Raspberry Pi 2 and Raspberry Pi 3. A VirtualBox VM can also used for testing purposes. Using Docker containers however is not recommended as our Ansible provisioning system requires low-level access to the operating system.
Please refer to [IIAB Platforms](https://github.com/iiab/iiab/wiki/IIAB-Platforms) for more information.
Internet-in-a-Box uses [Ansible](https://www.ansible.com/) infrastructure automation tool to deploy and configure all software packages. Ansible uses [playbooks](http://docs.ansible.com/ansible/latest/playbooks.html) a human readable instruction files in YAML format. Playbooks are divided into hosts, roles and tasks.
```
├── roles
│ ├── 1-prep
│ │ ├─ defaults
| | | ├──main.yml (lowest precedence variable definitions, overridden by <repo_root>/vars/default_vars.yml, overridden by ./vars/local_vars.yml.
│ │ ├── README.rst
│ │ ├── tasks
| | | ├──main.yml (specifies the actions to install this role
│ │ └── templates
| | | ├<(text files where ansible variables are substituted, specified via {% <variable> %} containers-(jinja2 language).
│ ├── 2-common
│ │ ├── README.rst
│ │ ├── tasks
│ │ └── templates
```
At runtime, Ansible gathers system information and makes it available (called 'facts') and combines this with playbook defined 'variables' to guide the installation process. The execution follows a sequence of cascading steps:
1. Bash script `./runansible` follows instructions in `iiab.yml` in the root directory.
2. `iiab.yml` calls 9 aggregate roles (the numbered directories under `./roles/`).
3. Each aggregate role has a `<role>/meta/main.yml` which calls the individual named roles.
Please refer to the [IIAB Architecture](https://github.com/iiab/iiab/wiki/IIAB-Architecture) and [IIAB Variables]( https://github.com/iiab/iiab/wiki/IIAB-Variables) pages for more information.
Installation
============
Before you start the installation please refer to the [hardware section of FAQ](http://wiki.laptop.org/go/IIAB/FAQ#What_hardware_should_I_use.3F) page for memory, storage and network requirements for your platform. Also note that downloading content might take a long time on slower Internet connections.
If you are a developer, please consider [building Internet-in-a-Box from scratch](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch).
Please refer to the [IIAB Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) page for more information.
Setting up development environment
===================================
( This section uses experimental development environment for Internet-in-a-Box. It is being developed in the [iiab-dev-mode repository](https://github.com/arky/iiab-dev-mode). )
This section provide a quick setup of Internet-in-a-Box (IIAB) development environment using [Vagrant](https://www.vagrantup.com/). You will need a computer with [virtualization enabled](https://www.virtualbox.org/manual/UserManual.html) and git, Vagrant (2.0 or later) and [VirtualBox](https://www.virtualbox.org/) installed.
## Requirements
* git
* [Vagrant (2.0 or later)](https://www.vagrantup.com/)
* [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
* Editor ([Atom](www.atom.io), Emacs, vi, etc)
## Setup Instructions
1. Check out the repository and its submodules onto your development machine.
`git clone --recursive git@github.com:arky/iiab-dev-mode.git`
2. Change directory into 'iiab-dev-mode' with `cd iiab-dev-mode`. You can update all the submodules to latest master using `git submodule foreach git pull origin master`
3. Set up a vagrant machine with `vagrant up` and provision it with `vagrant provision`. Please select the available bridge network interface (wlan0 or eth0) that connects your host machine to the Internet.
4. Connect to your vagrant machine with `vagrant ssh`. All your local development files available as shared folder in `/opt/iiab` directory.
5. Install IIAB itself from the Ansible playbooks by following [IIAB Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation#do-everything-from-scratch) instructions:
```
cd /opt/iiab/iiab/scripts/
./ansible
cd /opt/iiab/iiab/
./runansible
cd /opt/iiab/iiab-admin-console/
./install
cd /opt/iiab/iiab-menu/
./cp-menus
```
6. Hack away!
7. You can commit your local changes to your personal forks of Internet-in-a-Box repository and then send pull request to IIAB project. Once you forked a repository, you change directory into that repository and setting a default git remote push setting with the following command.
`cd <repo> && git remote set-url --push origin git@github.com:<your_username>/<your_forked_iiab_repo_name>.git`
Learn more by reading blog post [Different git Push & Pull(fetch) URLs](http://blog.yuriy.tymch.uk/2012/05/different-git-push-pullfetch-urls.html) and the [Git Basics - Working with Remotes](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) chapter of Scott Chacon and Ben Straub's "Git Pro" book.
8. Once you are done, you can stop your vagrant machine with `vagrant halt` or remove it completely with `vagrant destroy`.
Debugging
=========
Here are few strategies for debugging problems during the Internet-in-a-Box installation.
* When a installation task fails, Ansible halts printing out a descriptive error message to the screen. This error information is also written to `iiab-install.log` file within `/opt/iiab/iiab`. (Look through logs to check if any preceding line contains the error).
* When an installation succeeds, the last lines printed on the screen will look like the following (failed=0):
```
PLAY RECAP *********************************************************************
127.0.0.1 : ok=405 changed=125 unreachable=0 failed=0
```
* Search through the Ansible playbooks using `egrep -rn <string from the failing step> /opt/iiab/iiab/roles/*>` to find the failed task.
* You can add additional [debug print statements](http://docs.ansible.com/ansible/latest/debug_module.html) to Ansible playbooks for debugging the problem.
* Talk to us or report a bug using the information below.
Please refer to [Ansible playbook documentation](http://docs.ansible.com/ansible/latest/playbooks.html) for more information.
Testing your code with Travis CI
=================================
To maintain the quality of the Internet-in-a-Box (IIAB) code we use [Travis Continuous Integration (CI)](https://travis-ci.org) build infrastructure. Travis CI does tests to
ensure the code syntax is correct and the code is formatted properly using `ansible` syntax checker, `ansible-lint` and `ansible-review` tools. The results of Travis CI Internet-in-a-Box (IIAB) could be seen [here](https://travis-ci.org/iiab/iiab).
Every pull request is automatically tested by Travis CI. The results of these tests are added to the pull request. This aids Internet-in-a-Box (IIAB) developers in reviewing the quality of the code in a pull request.
To test your forked repository of Internet-in-a-Box (IIAB) code. You have to enable automatic build tests in your [Travis-ci.org](https://travis-ci.org) profile page.
* Login to [Travis-ci.org](https://travis-ci.org) using your Github account.
* Go to your Travis CI profile page and enable the repository you want to build.
* The builds will start whenever a new commit is pushed to your repository.
Please refer to [Travis CI documentation](https://docs.travis-ci.com/user/getting-started/) for more information.
Reporting Bugs
==============
You can file bug reports on [GitHub](https://github.com/):
* Sign up for a [GitHub](https://github.com/) account
* Go to the [issue tracker on GitHub](https://github.com/iiab/iiab/issues)
* Search for existing issues using the search field
* If you don't find any similar issues, file a new issue!
Please consider providing a descriptive title, your operating system information, error messages and steps to reproduce the issue.
Get in touch
============
* Join our [technology](http://lists.laptop.org/listinfo/server-devel) and [learning design](https://groups.google.com/group/unleashkids) mailing lists
* Join our [live calls](http://minutes.iiab.io) most Mondays and Thursday
* Join us on IRC live chat: [#schoolserver](https://webchat.freenode.net/?channels=#schoolserver) on [freenode]( https://www.freenode.net/)
* Post an idea or question to our [community forums](http://iiab.io/)
* Read our Frequently Asked Questions ([FAQ.IIAB.IO](http://FAQ.IIAB.IO))

0
LICENSE → LICENSE.md
View file

4
README-historical.md
View file

@ -34,8 +34,8 @@ Please read the `installation`_ documentation.
See the `XSCE project`_ for more information about the project.
.. _XSCE wiki: https://github.com/XSCE/iiab/wiki
.. _installation: https://github.com/XSCE/iiab/wiki/XSCE-Installation
.. _XSCE wiki: https://github.com/XSCE/xsce/wiki
.. _installation: https://github.com/XSCE/xsce/wiki/XSCE-Installation
.. _ansible: http://www.ansibleworks.com/
.. _ansible documentation: http://www.ansibleworks.com/docs/
.. _XSCE project: http://schoolserver.org/

3
iiab-base.yml
View file

@ -8,5 +8,6 @@
- vars/local_vars.yml
roles:
- { role: 1-prep, tags: ['prep','platform','base'] }
- { role: 0-init, tags: ['0-init'] }
- { role: 1-prep, tags: ['1-prep','platform','base'] }
- { role: openvpn, tags: ['openvpn'] }

14
iiab-from-console.yml
View file

@ -9,10 +9,10 @@
- /etc/iiab/config_vars.yml
roles:
- { role: 1-prep, tags: ['prep','platform','base'] }
- { role: 4-server-options, tags: ['options'] }
- { role: 5-xo-services, tags: ['xo-services'] }
- { role: 6-generic-apps, tags: ['generic-apps'] }
- { role: 7-edu-apps, tags: ['edu-apps'] }
- { role: 8-mgmt-tools, tags: ['tools'] }
- { role: 9-local-addons, tags: ['addons'] }
- { role: 0-init, tags: ['0-init'] }
- { role: 4-server-options, tags: ['4-server-options'] }
- { role: 5-xo-services, tags: ['5-xo-services'] }
- { role: 6-generic-apps, tags: ['6-generic-apps'] }
- { role: 7-edu-apps, tags: ['7-edu-apps'] }
- { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] }
- { role: 9-local-addons, tags: ['9-local-addons'] }

90
iiab-install Executable file
View file

@ -0,0 +1,90 @@
#!/bin/bash -e
# running from a git repo
# Add cmdline options for passing to ansible
# todo add proper shift to gobble up --debug --reinstall
ARGS=""
OLD_RPI_KERN="4.9.41-v7+"
PLAYBOOK="iiab-stages.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
OS=`grep ^ID= /etc/*release|cut -d= -f2`
OS=${OS//\"/}
function version_gt() { [ "$(printf '%s\n' "$@" | sort -V | head -1)" != "$1" ]; }
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f $PLAYBOOK ]; then
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit 1
fi
if [ $OS == "raspbian" ]; then
echo "Found Raspbian"
CURRENT_KERN=`uname -r`
if version_gt $CURRENT_KERN $OLD_RPI_KERN ; then
echo "Kernel looks ok - continuing"
else
echo "Kernel "$CURRENT_KERN" is too old. Before running './iiab-install' you first need"
echo "to update your system with 'apt update' then 'apt dist-upgrade' then reboot."
echo "INSTALL INSTRUCTIONS: https://github.com/iiab/iiab/wiki/IIAB-Installation"
exit 1
fi
fi
if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then
mkdir -p /etc/ansible/facts.d
fi
cp ./scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact
STAGE=""
if [ ! -f /etc/iiab/iiab.env ]; then
mkdir -p /etc/iiab
# ./scripts/ansible # needs discussion
else
OLD=`grep XSCE /etc/iiab/iiab.env | wc -l`
if [ "$OLD" != 0 ] || [ "$1" == "--reinstall" ]; then
echo "Found old XSCE install - re-installing from scratch"
rm /etc/iiab/iiab.env
# check ansible version here and force ansible upgrade if needed
else
source /etc/iiab/iiab.env
if [ "$1" == "--debug" ]; then
echo "Entering debug mode"
sed -i -e 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env
elif [ ! $STAGE == 9 ]; then
echo "Restarting *after* STAGE $STAGE..as soon as Stage 0 completes. Stage 9 comes last."
elif [ $STAGE == 9 ]; then
# place keeper add read response
# "offer 'Y' or stage number dialog box option to override"
echo "'iiab-install' has already been completed."
echo "Use --debug to override."
#echo "In demo mode not preventing second run"
echo "Exiting."
exit 1
fi
fi
fi
# if vars/local_vars.yml is missing, put a default one in place - First Run
if [ ! -f ./vars/local_vars.yml ]; then
case $OS in
OLPC | fedora)
cp ./vars/olpc.localvars ./vars/local_vars.yml
;;
centos | debian | ubuntu | raspbian)
cp ./vars/medium.localvars ./vars/local_vars.yml
;;
*)
echo "IIAB supports raspbian, debian, ubuntu, centos, and OLPC - exiting now..."
exit 1
;;
esac
fi
echo "Running local playbooks! "
ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null
ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local

33
iiab-network
View file

@ -1,17 +1,12 @@
#!/bin/bash
if [ -f /etc/iiab/iiab.env ]
then
. /etc/iiab/iiab.env
cd $XSCE_DIR
else
echo /etc/iiab/iiab.env is missing. Playbook has not been run.
exit 1
fi
# running from a git repo
# ansible files exist
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
if [ ! -f iiab-network.yml ]
then
echo "XSCE Playbook not found."
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit
@ -22,16 +17,24 @@ then
touch /etc/iiab/config_vars.yml
fi
export ANSIBLE_LOG_PATH="$XSCE_DIR/iiab-network.log"
Start=`date`
ansible-playbook -i ansible_hosts iiab-network.yml --connection=local
End=`date`
echo "" >> iiab-network.log
ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log
if [ ! "OS" == "debian" ]; then
ls -la /etc/sys*/net*/ifcfg* >> iiab-network.log
nmcli d >> iiab-network.log
nmcli c >> iiab-network.log
fi
brctl show >> iiab-network.log
echo "run on:" >> iiab-network.log
date >> iiab-network.log
echo "" >> iiab-network.log
ip r >> iiab-network.log
echo "" >> iiab-network.log
brctl show br0>> iiab-network.log
echo "run start: $Start" >> iiab-network.log
echo "run end: $End" >> iiab-network.log
echo "" >> iiab-network.log
echo "" >> iiab-network.log
ip r
brctl show br0
echo "run start:$Start"
echo "run end: $End"

2
iiab-network.yml
View file

@ -9,5 +9,5 @@
- /etc/iiab/config_vars.yml
roles:
- { role: 1-prep, tags: ['prep','platform','base'] }
- { role: 0-init, tags: ['network'] }
- { role: network, tags: ['network','base'] }

70
iiab-stages.yml Normal file
View file

@ -0,0 +1,70 @@
---
- hosts: all
become: yes
vars_files:
- roles/0-init/defaults/main.yml
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
tasks:
- name: 0-init
include_role:
name: 0-init
tags: 0-init
- name: 1-prep
include_role:
name: 1-prep
when: ansible_local.local_facts.stage|int < 1
tags: 1-prep, platform, base
- name: 2-common
include_role:
name: 2-common
when: ansible_local.local_facts.stage|int < 2
tags: 2-common, base
- name: 3-base-server
include_role:
name: 3-base-server
when: ansible_local.local_facts.stage|int < 3
tags: 3-base-server, base
- name: 4-server-options
include_role:
name: 4-server-options
when: ansible_local.local_facts.stage|int < 4
tags: 4-server-options
- name: 5-xo-services
include_role:
name: 5-xo-services
when: ansible_local.local_facts.stage|int < 5
tags: 5-xo-services
- name: 6-generic-apps
include_role:
name: 6-generic-apps
when: ansible_local.local_facts.stage|int < 6
tags: 6-generic-apps
- name: 7-edu-apps
include_role:
name: 7-edu-apps
when: ansible_local.local_facts.stage|int < 7
tags: 7-edu-apps
- name: 8-mgmt-tools
include_role:
name: 8-mgmt-tools
when: ansible_local.local_facts.stage|int < 8
tags: 8-mgmt-tools
- name: 9-local-addons
include_role:
name: 9-local-addons
when: ansible_local.local_facts.stage|int < 9
tags: 9-local-addons

21
iiab.yml
View file

@ -4,17 +4,18 @@
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver}}.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
- /etc/iiab/config_vars.yml
roles:
- { role: 1-prep, tags: ['prep','platform','base'] }
- { role: 2-common, tags: ['common','base'] }
- { role: 3-base-server, tags: ['base'] }
- { role: 4-server-options, tags: ['options'] }
# - { role: 5-xo-services, tags: ['xo-services'] }
- { role: 6-generic-apps, tags: ['generic-apps'] }
- { role: 7-edu-apps, tags: ['edu-apps'] }
- { role: 8-mgmt-tools, tags: ['tools'] }
- { role: 9-local-addons, tags: ['addons'] }
- { role: 0-init, tags: ['0-init'] }
- { role: 1-prep, tags: ['1-prep','platform','base'] }
- { role: 2-common, tags: ['2-common','base'] }
- { role: 3-base-server, tags: ['3-base-server','base'] }
- { role: 4-server-options, tags: ['4-server-options'] }
- { role: 5-xo-services, tags: ['5-xo-services'] }
- { role: 6-generic-apps, tags: ['6-generic-apps'] }
- { role: 7-edu-apps, tags: ['7-edu-apps'] }
- { role: 8-mgmt-tools, tags: ['8-mgmt-tools'] }
- { role: 9-local-addons, tags: ['9-local-addons'] }

4
install-support
View file

@ -2,6 +2,9 @@
PLAYBOOK="iiab-base.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f $PLAYBOOK ]
then
@ -14,5 +17,4 @@ fi
sed -i -e "s/openvpn_install: False/openvpn_install: True/" vars/local_vars.yml
sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" vars/local_vars.yml
export ANSIBLE_LOG_PATH="$XSCE_DIR/iiab-install.log"
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local

32
roles/0-init/defaults/main.yml Normal file
View file

@ -0,0 +1,32 @@
# use these as a tag a release at a point in time
iiab_base_ver: 6.4
gui_version: 2
# These entries should never be changed in this file.
# These are defaults for boolean routines,
first_run: False
rpi_model: none
is_rpi: False
xo_model: none
gw_active: none
internet_available: False
discovered_wan_iface: none
# old defs
gui_port: 80
exFAT_enabled: False
is_F18: False
# Set default 1-prep discovered hardware
rtc_id: ds3231
NUC6_firmware_needed: False
# used in 2-common xo.yml
wifi_id: none
# used 3+ others
installing: False
# network
no_net_restart: False
no_NM_reload: False

149
roles/1-prep/tasks/computed_vars.yml → roles/0-init/tasks/computed_vars.yml
View file

@ -1,41 +1,71 @@
# get local vars from scripts in /etc/ansible/facts.d
# on first run, this will generate UUID
- name: re-read facts
- name: re-read local_facts.facts from /etc/ansible/facts.d
setup: filter=ansible_local
# set top level variables from local facts for convenience
- set_fact:
xo_model: '{{ ansible_local["local_facts"]["xo_model"] }}'
phplib_dir: '{{ ansible_local["local_facts"]["phplib_dir"] }}'
xo_model: '{{ ansible_local.local_facts.xo_model }}'
phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}'
iiab_stage: '{{ ansible_local.local_facts.stage }}'
- name: Set exFAT enabled for XOs
# Networking uses a different file for the rpi
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: True
no_net_restart: True
when: ansible_local.local_facts.os == "raspbian"
- name: Set exFAT enabled for XO laptops
set_fact:
exFAT_enabled: True
when: xo_model != "none"
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'runtime_branch'
value: '{{ ansible_local["local_facts"]["iiab_branch"] }}'
- option: 'runtime_commit'
value: '{{ ansible_local["local_facts"]["iiab_commit"] }}'
- option: 'runtime_date'
value: '{{ ansible_date_time["iso8601"] }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- name: set FQDN
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: FQDN changed
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
- name: Now check FQDN
include_tasks: roles/2-common/tasks/hostname.yml
when: FQDN_changed
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
- name: Finding gateway
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
iiab_wan_iface: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: Verify gateway present
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
when: discovered_wan_iface != "none"
register: gw_active_test
- name: Recording gateway response
set_fact:
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: Test for internet access
get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt
ignore_errors: True
# async: 10
# poll: 2
register: internet_access_test
- name: Set internet_available true if wget succeeded
set_fact:
internet_available: True
when: not internet_access_test|failed and not disregard_network
- name: Cleanup internet test file
file: path=/tmp/heart-beat.txt
state=absent
# Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC
@ -52,7 +82,7 @@
gui_port: 443
when: adm_cons_force_ssl
- name: Turn on mysql if elgg or rachel enabled
- name: Require MySQL to be on
set_fact:
mysql_install: True
mysql_enabled: True
@ -68,13 +98,13 @@
# when: sugarizer_enabled
# There might be other db's
- name: Turn on postgresql if moodle or pathagar enabled
- name: Turn on PostgreSQL if Moodle or Pathagar enabled
set_fact:
postgresql_install: True
postgresql_enabled: True
when: moodle_enabled or pathagar_enabled
- name: Turn on docker if schooltool is to be installed
- name: Turn on Docker if SchoolTool is to be installed
set_fact:
docker_install: True
docker_enabled: True
@ -94,18 +124,18 @@
# but 'mariadb', which is its real name can
# on fedora 18 we need to use 'mysqld'
- name: Set mysqld service name to mariadb by default
- name: Set mysqld_service to mariadb by default
set_fact:
mysql_service: mariadb
- name: Set mysqld service name to mysqld for fedora 18
- name: Set mysqld_service to mysqld for Fedora 18
set_fact:
mysql_service: mysqld
no_NM_reload: True
is_F18: True
when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
- name: Set mysql service name to mysql for debian
- name: Set mysql_service to mysql for Debian
set_fact:
mysql_service: mysql
when: is_debuntu
@ -140,3 +170,52 @@
set_fact:
is_CentOS: True
when: ansible_distribution == "CentOS"
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'iiab_stage'
value: '{{ iiab_stage }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'runtime_branch'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'runtime_commit'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'runtime_date'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'ansible_version'
value: '{{ ansible_local.local_facts.ansible_version }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'is_rpi'
value: '{{ is_rpi }}'
- option: 'first_run'
value: '{{ first_run }}'
- option: 'local_tz'
value: '{{ local_tz }}'
- option: 'FQDN_changed'
value: '{{ FQDN_changed }}'
- name: STAGE 0 HAS COMPLETED ======================================
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'is_VM'
value: 'yes'
when: is_VM is defined

210
roles/0-init/tasks/main.yml Normal file
View file

@ -0,0 +1,210 @@
# Initialize
- name: ...IS BEGINNING ============================================
stat: path=/etc/iiab/iiab.env
register: NewInstall
- name: Setting first run flag
set_fact:
first_run: True
when: not NewInstall.stat.exists
# we need to inialize the ini file and only write the location and version sections once and only
# once to preserve the install date and git hash.
- name: Write iiab_ini.yml for the first time
include_tasks: roles/1-prep/tasks/iiab_ini.yml
when: first_run
#- name: Loading computed_vars
# include_tasks: roles/0-init/tasks/computed_vars.yml
- name: re-read local_facts.facts from /etc/ansible/facts.d
setup: filter=ansible_local
# set top level variables from local facts for convenience
- set_fact:
xo_model: '{{ ansible_local.local_facts.xo_model }}'
phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}'
iiab_stage: '{{ ansible_local.local_facts.stage }}'
# Networking uses a different file for the rpi
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: True
# no_net_restart: True
# nobridge: True
when: ansible_local.local_facts.os == "raspbian"
- name: Set exFAT enabled for XO laptops
set_fact:
exFAT_enabled: True
when: xo_model != "none"
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
- name: Finding gateway
set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
iiab_wan_iface: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: Verify gateway present
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
when: discovered_wan_iface != "none"
register: gw_active_test
- name: Recording gateway response
set_fact:
gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: Test for internet access
get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt
ignore_errors: True
# async: 10
# poll: 2
register: internet_access_test
- name: Set internet_available true if wget succeeded
set_fact:
internet_available: True
when: not internet_access_test|failed and not disregard_network
- name: Cleanup internet test file
file: path=/tmp/heart-beat.txt
state=absent
# Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC
set_fact: local_tz='UTC'
when: local_tz == ""
- name: Set port 80 for Admin Console
set_fact:
gui_port: 80
when: not adm_cons_force_ssl
- name: Set port 443 for Admin Console
set_fact:
gui_port: 443
when: adm_cons_force_ssl
- name: Require MySQL to be on
set_fact:
mysql_install: True
mysql_enabled: True
# we decided to enable mysql unconditionally
# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install
# Commenting out MongoDB on a trial basis, for a more basic/lightweight Sugarizer, per https://github.com/iiab/iiab/pull/427
# - name: Turn on mongodb if sugarizer enabled
# set_fact:
# mongodb_install: True
# mongodb_enabled: True
# when: sugarizer_enabled
# There might be other db's
- name: Turn on PostgreSQL if Moodle or Pathagar enabled
set_fact:
postgresql_install: True
postgresql_enabled: True
when: moodle_enabled or pathagar_enabled
- name: Turn on Docker if SchoolTool is to be installed
set_fact:
docker_install: True
docker_enabled: True
when: schooltool_enabled or schooltool_install
- name: Set python_path for is_redhat
set_fact:
python_path: /usr/lib/python2.7/site-packages/
when: is_redhat
- name: Set python_path for is_debuntu
set_fact:
python_path: /usr/local/lib/python2.7/dist-packages/
when: is_debuntu
# for various reasons the mysql service can not be enabled on fedora 20,
# but 'mariadb', which is its real name can
# on fedora 18 we need to use 'mysqld'
- name: Set mysqld_service to mariadb by default
set_fact:
mysql_service: mariadb
- name: Set mysqld_service to mysqld for Fedora 18
set_fact:
mysql_service: mysqld
no_NM_reload: True
is_F18: True
when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
- name: Set mysql_service to mysql for Debian
set_fact:
mysql_service: mysql
when: is_debuntu
- name: set FQDN
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: FQDN changed
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'iiab_stage'
value: '{{ iiab_stage }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'runtime_branch'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'runtime_commit'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'runtime_date'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'ansible_version'
value: '{{ ansible_local.local_facts.ansible_version }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'is_rpi'
value: '{{ is_rpi }}'
- option: 'first_run'
value: '{{ first_run }}'
- option: 'local_tz'
value: '{{ local_tz }}'
- option: 'FQDN_changed'
value: '{{ FQDN_changed }}'
- name: Now changing FQDN
include_tasks: roles/2-common/tasks/hostname.yml
when: FQDN_changed
- name: STAGE 0 HAS COMPLETED ======================================
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'is_VM'
value: 'yes'
when: is_VM is defined

5
roles/1-prep/README.rst
View file

@ -2,5 +2,6 @@
Prep README
===========
This role is a sort on init or startup. It includes preliminaries like hostname and is where things
that are specific to a particular platform, such as the XO, are done before the bulk of the install.
This role is primarily hardware-focused, prior to OS additions/mods. Traditionally it included
preliminaries like hostname and things specific to a particular platform, such as the XO laptop,
done before the bulk of the install.

54
roles/1-prep/defaults/main.yml
View file

@ -1,54 +0,0 @@
# use these as a tag a release at a point in time
iiab_base_ver: 6.4
gui_version: 2
# These entries should never be changed in this file.
# These are defaults for boolean routines,
first_run: False
installing: False
NUC6_firmware_needed: False
exFAT_enabled: False
no_NM_reload: False
has_WAN: False
wireless_lan_present: False
strict_networking: False
iiab_demo_mode: False
gw_active: False
gui_static_wan: False
internet_available: False
is_F18: False
is_F20: False
is_F21: False
is_F22: False
is_F23: False
is_F24: False
# Set default for discovered hardware
driver_name: nl80211
rpi_model: none
is_rpi: False
xo_model: none
rtc_id: ds3231
# Set defaults for discovery process as strings
wifi1: "not found-1"
wifi2: "not found-2"
discovered_wan_iface: "none"
discovered_lan_iface: "none"
discovered_wireless_iface: "none"
iiab_wireless_lan_iface: "none"
iiab_lan_iface: "none"
iiab_wan_iface: "none"
device_gw: "none"
has_ifcfg_gw: "none"
has_wifi_gw: "none"
ap_device: "none"
device_gw2: ""
gui_port: 80
# must keep roles/iiab-admin/defaults/main.yml sync'd
admin_console_path: "{{ iiab_base }}/admin_console"
cmdsrv_path: "{{ iiab_base }}/iiab_cmdsrv"
iiab_cmdsrv_dbname : "iiab_cmdsrv.0.2.db"
wifi_id: none

6
roles/1-prep/tasks/iiab_ini.yml
View file

@ -25,10 +25,10 @@
- option: 'arch'
value: '{{ ansible_architecture }}'
- option: 'iiab_branch'
value: '{{ ansible_local["local_facts"]["iiab_branch"] }}'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'iiab_commit'
value: '{{ ansible_local["local_facts"]["iiab_commit"] }}'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'install_date'
value: '{{ ansible_date_time["iso8601"] }}'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'install_xo'
value: '{{ xo_model }}'

68
roles/1-prep/tasks/main.yml
View file

@ -1,27 +1,14 @@
- name: Determine if runansible was run
stat: path=/etc/iiab/iiab.env
register: NewInstall
# Preparations (Hardware Level)
- name: Setting first run flag
set_fact:
first_run: True
when: NewInstall.stat.exists is defined and not NewInstall.stat.exists
- name: ...IS BEGINNING ============================================
command: echo
# we need to inialize the ini file
- include: iiab_ini.yml
when: first_run
- name: Set flag for fedora 18
set_fact:
is_F18: True
when: ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18"
- name: get the uuidgen program
- name: Get the uuidgen program
package: name=uuid-runtime
state=present
when: is_debuntu
- name: Test for UUID file
- name: Test for /etc/iiab/uuid file
stat: path=/etc/iiab/uuid
register: uuid_file
@ -38,11 +25,11 @@
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
when: not uuid_file.stat.exists
- name: get the uuid
- name: Get the uuid
command: cat /etc/iiab/uuid
register: stored_uuid
- name: get the value into a variable
- name: Get the value into a variable
set_fact:
uuid={{ stored_uuid.stdout_lines[0] }}
@ -61,46 +48,41 @@
dest=/etc/chrony.conf
src=chrony.conf.j2
- name: Disable apparmor -- on by default in ubuntu
- name: Disable AppArmor -- on by default in Ubuntu
service: name=apparmor enabled=False state=stopped
when: first_run and is_ubuntu
when: is_ubuntu
ignore_errors: true
- name: Disable selinux on next boot
- name: Disable SELinux on next boot
selinux: state=disabled
register: selinux_disabled
when: first_run and not is_debuntu
when: not is_debuntu
- name: Disable selinux for this session (if needed)
- name: Disable SELinux for this session (if needed)
command: setenforce Permissive
when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
## DISCOVER PLATFORMS ######
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: "True"
when: ansible_local.local_facts.os == "raspbian"
ignore_errors: true
- include: prep.yml
- include: computed_vars.yml
- include: detected_network.yml
when: not installing
- include_tasks: prep.yml
# Put conditional actions for hardware platforms here
- include: raspberry_pi_2.yml
- include_tasks: raspberry_pi_2.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for intel's NUC6 builtin wifi is present
- name: Check if the identifier for Intel's NUC6 builtin WiFi is present
shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'"
register: usb_NUC6
ignore_errors: true
when: first_run
- name: download the firmware for built in wifi on NUC6
- name: Download the firmware for built-in WiFi on NUC6
get_url: dest=/lib/firmware
url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode
when: first_run and usb_NUC6.stdout|int > 0
when: usb_NUC6.stdout|int > 0
# this script can be sourced to get IIAB location
- name: Recording STAGE 1 HAS COMPLETED ============================
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644

9
roles/1-prep/tasks/raspberry_pi_2.yml
View file

@ -26,23 +26,23 @@
mode=0644
when: rtc_id != "none"
- name: pre-Install packages
- name: Pre-install packages
package: name={{ item }}
state=latest
with_items:
- ntp
- name: increase the swap file size (kalite pip download fails)
- name: Increase the swap file size (kalite pip download fails)
lineinfile: regexp="^CONF_SWAPSIZE"
line=CONF_SWAPSIZE=500
dest=/etc/dphys-swapfile
when: is_debuntu
- name: restart the swap service
- name: Restart the swap service
command: /etc/init.d/dphys-swapfile restart
when: is_debuntu
- name: Add rpi rootfs resizing service
- name: Add RPi rootfs resizing service
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
@ -55,4 +55,3 @@
- name: Enable rootfs resizing service
service: name=iiab-rpi-root-resize
enabled=yes

7
roles/1-prep/templates/iiab.env.j2
View file

@ -1,7 +1,8 @@
# This is a configuration file for XSCE
# This is a configuration file for IIAB
# It can sourced in a shell script or read into an application
XSCE_BASE_PATH={{ iiab_base }}
XSCE_DIR={{ iiab_dir }}
IIAB_BASE_PATH={{ iiab_base }}
IIAB_DIR={{ iiab_dir }}
OS={{ ansible_local.local_facts.os }}
OS_VER={{ ansible_local.local_facts.os_ver }}
WWWROOT={{ doc_root }}
STAGE=1

52
roles/2-common/tasks/hostname.yml Normal file
View file

@ -0,0 +1,52 @@
- name: Create filesytem layout
include_tasks: roles/2-common/tasks/fl.yml
when: first_run
- name: Turn the crank for systemd
shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
when: is_debuntu
- name: Configure /etc/sysconfig/network
template: src=roles/network/templates/network/sysconfig.network.j2
dest=/etc/sysconfig/network
owner=root
group=root
mode=0644
when: is_redhat
- name: Configure short hostname in /etc/hosts
lineinfile: dest=/etc/hosts
regexp='^127\.0\.0\.1'
line='127.0.0.1 localhost.localdomain localhost box {{ iiab_hostname }}'
owner=root
group=root
mode=0644
- name: Configuring named
include_tasks: roles/network/tasks/named.yml
tags:
- named
- network
- domain
- name: Configuring dhcpd
include_tasks: roles/network/tasks/dhcpd.yml
tags:
- dhcpd
- network
- domain
- name: Configuring Squid
include_tasks: roles/network/tasks/squid.yml
when: squid_install
tags:
- squid
- network
- name: Re-configuring httpd - not initial install
include_tasks: roles/httpd/tasks/main.yml
when: iiab_stage|int > 3
- name: Re-configuring rest of networking - not initial install
include_tasks: roles/network/tasks/main.yml
when: iiab_stage|int > 4

2
roles/2-common/tasks/iiab_ini.yml
View file

@ -14,7 +14,7 @@
- option: 'iiab_dir'
value: '{{ iiab_dir }}'
- name: add version section
- name: Add version section
ini_file: dest='{{ iiab_config_file }}'
section=version
option='{{ item.option }}'

32
roles/2-common/tasks/main.yml
View file

@ -1,20 +1,26 @@
# Common OS-Level Additions & Mods (that only need to be performed once)
- include: iiab_ini.yml
- name: ...IS BEGINNING ==========================================
command: echo
# create the directory structure for XSCE
- include: fl.yml
#- include_tasks: iiab_ini.yml
- include: xo.yml
# create the directory structure for IIAB
#- include_tasks: fl.yml
- include_tasks: xo.yml
when: xo_model != "none" or osbuilder is defined
- include: centos.yml
- include_tasks: roles/network/tasks/iptables.yml
- include_tasks: centos.yml
when: ansible_distribution == "CentOS"
- include: fedora.yml
- include_tasks: fedora.yml
when: ansible_distribution == "Fedora"
# the following installs common packages for both debian and fedora
- include: packages.yml
- include_tasks: packages.yml
- sysctl: name=net.ipv4.ip_forward value=1 state=present
- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present
@ -28,7 +34,7 @@
- sysctl: name=net.ipv6.conf.default.disable_ipv6 value=1 state=present
- sysctl: name=net.ipv6.conf.lo.disable_ipv6 value=1 state=present
- name: Set default Timezone
- name: Set default Time Zone
shell: ln -sf /usr/share/zoneinfo/{{ iiab_TZ }} /etc/localtime
when: iiab_TZ is defined and iiab_TZ != ""
@ -39,7 +45,13 @@
mode=0644
backup=no
- include: net_mods.yml
- include_tasks: net_mods.yml
when: not is_debuntu and not is_F18
- include: udev.yml
- include_tasks: udev.yml
- name: Recording STAGE 2 HAS COMPLETED ==========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=2'
state=present

23
roles/2-common/tasks/packages.yml
View file

@ -1,16 +1,16 @@
- name: install yum deps for arm!!!
- name: Install yum deps for arm!!!
shell: dnf install -y python-urlgrabber pyxattr yum-metadata-parser
when: ansible_distribution == "Fedora" and ansible_machine == "armv7l" and ansible_distribution_version|int >= 22
- name: install yum from Fedora 23 for arm!!!
- name: Install yum from Fedora 23 for arm!!!
shell: dnf install -y https://kojipkgs.fedoraproject.org//packages/yum/3.4.3/506.fc23/noarch/yum-3.4.3-506.fc23.noarch.rpm python-dnf
when: ansible_distribution == "Fedora" and ansible_machine == "armv7l" and ansible_distribution_version|int >= 22
- name: install yum if it has been dropped from our distribution -- Fedora 22 uses dnf!!!
- name: Install yum if it has been dropped from our distribution -- Fedora 22 uses dnf!!!
shell: dnf install -y yum
when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 and ansible_machine != "armv7l"
- name: get the createrepo program
- name: Get the createrepo program
package: name=createrepo
state=present
when: is_redhat
@ -19,7 +19,7 @@
shell: createrepo {{ yum_packages_dir }}
when: is_redhat
- name: Install local repo file.
- name: Install local repo file
template: dest=/etc/yum.repos.d/iiab-local.repo
src=local.repo
owner=root
@ -36,6 +36,9 @@
- linux-firmware
- syslog
- xml-common
- nss-mdns
- avahi
- avahi-tools
when: is_redhat
- name: Download usbmount -- not in debian-9
@ -52,6 +55,9 @@
with_items:
- inetutils-syslogd
- wpasupplicant
- libnss-mdns
- avahi-daemon
- avahi-discover
when: is_debuntu
- name: Install common packages
@ -83,6 +89,7 @@
- curl
- pandoc
- lynx
- ntfs-3g
#- name: Install pip as a commonly required package management system
# command: curl https://bootstrap.pypa.io/get-pip.py -o {{ downloads_dir }}/get-pip.py
@ -90,7 +97,7 @@
#- name: Run the install script for pip
# command: python {{ downloads_dir }}/get-pip.py
- name: Install Common python packages
- name: Install common Python packages
package: name={{ item }}
state=present
with_items:
@ -98,7 +105,7 @@
- python-setuptools
- python-virtualenv
- name: Update common packages (not debian
- name: Update common packages (not Debian)
package: name={{ item }}
state=latest
with_items:
@ -108,7 +115,7 @@
- iptables
when: is_redhat
- name: Update common packages (debian)
- name: Update common packages (Debian)
package: name={{ item }}
state=latest
with_items:

7
roles/2-common/tasks/udev.yml
View file

@ -23,13 +23,12 @@
shell: systemctl daemon-reload
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
- name: restart so systemd recognizes the changes
- name: Restart so systemd recognizes the changes
shell: systemctl restart systemd-udevd.service
when: udev_unit.stat.exists is defined and udev_unit.stat.exists
- name: reload systemd-udevd so it has rootfs open read-write
- name: Reload systemd-udevd so it has rootfs open read-write
template: src=udev-reload.service dest=/etc/systemd/system/
- name: enable the reload service
- name: Enable the reload service
shell: systemctl enable udev-reload.service

8
roles/2-common/tasks/xo.yml
View file

@ -25,7 +25,7 @@
regexp='^%_excludedocs'
state=absent
- name: pre-Install packages
- name: Pre-install packages
package: name={{ item }}
state=latest
with_items:
@ -34,7 +34,7 @@
- man-db
- man-pages
- name: re-Install packages
- name: Re-install packages
shell: yum -y reinstall sed libidn grep which util-linux wget gnupg2 groff gnash yum
when: not osbuilder is defined
@ -44,7 +44,7 @@
option=plugins
value=ifcfg-rh,keyfile
- name: check for modem config file
- name: Check for modem config file
stat: path=/etc/NetworkManager/system-connections/"Sugar Modem Connection"
register: config
@ -109,7 +109,7 @@
state=absent
- name: Download substitute software for i386 on FC18 XO1.5
get_url: url="{{ iiab_download_url }}/{{ item }}" dest={{ downloads_dir}}/{{ item }}
get_url: url="{{ iiab_download_url }}/{{ item }}" dest={{ downloads_dir }}/{{ item }}
with_items:
- hostapd_8188_i386
when: wifi_id == "tplink_WM725M" and xo_model == "XO-1.5" and internet_available

0
roles/2-common/tasks/yum.yml → roles/2-common/tasks/yum-historical.yml
View file

3
roles/3-base-server/README.rst
View file

@ -6,7 +6,6 @@ This role is a place to aggregate roles that are required to create a basic web
The functionality here is not packages that are not directly consumed by users, which are in common,
nor specific applications, such as those found in the apps and tools roles.
The difference between this aggregate and server-options is that the roles here are required.
The difference between this aggregate (3-base-server) and 4-server-options is that the roles here are required.
Eventually a graphical configuration console will be added here.

3
roles/3-base-server/meta/main.yml
View file

@ -1,3 +0,0 @@
dependencies:
- { role: httpd, tags: ['services','httpd','base'] }
- { role: iiab-admin, tags: ['services','iiab-admin','base'] }

36
roles/3-base-server/tasks/main.yml
View file

@ -1,18 +1,36 @@
# Base Server
- name: ...IS BEGINNING =====================================
command: echo
- name: HTTPD
include_role:
name: httpd
# has no "when: XXXXX_install" flag
tags: base, httpd
- name: IIAB-ADMIN
include_role:
name: iiab-admin
# has no "when: XXXXX_install" flag
tags: base, iiab-admin
- name: MYSQL
include_role:
name: mysql
# has no "when: XXXXX_install" flag
tags: base, mysql
- name: Make sure there is a content directory
file: dest={{ doc_root }}/local_content
state=directory
- name: Base Server Installed
command: echo Base Server Installed
- name: Restart httpd
service: name={{ apache_service }}
state=restarted
when: not installing
# If we got here we're done
#- name: Record base gui version
# lineinfile: dest=/etc/iiab/iiab.env
# regexp='^BASE_VERSION=*'
# line='BASE_VERSION="{{ gui_version }}"'
# state=present
- name: Record STAGE 3 HAS COMPLETED ========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=3'
state=present

9
roles/4-server-options/meta/main.yml
View file

@ -1,9 +0,0 @@
dependencies:
- { role: sshd, tags: ['services','sshd','base'] }
- { role: network, tags: ['services','base','network'] }
- { role: postgresql, tags: ['services','postgresql','base'], when: postgresql_install }
- { role: authserver, tags: ['services','authserver','base'], when: authserver_install }
- { role: openvpn, tags: ['options','openvpn'], when: openvpn_install }
- { role: samba, tags: ['services','samba','options'], when: samba_install }
- { role: usb-lib, tags: ['services','usb-lib','options'], when: usb_lib_install }
- { role: cups, tags: ['services','cups','options'], when: cups_install }

95
roles/4-server-options/tasks/main.yml
View file

@ -1,40 +1,71 @@
- name: Server Options Installed
command: echo Server Options Installed
# Server Options
- name: ...IS BEGINNING ==================================
command: echo
# this script can be sourced to get iiab location
- name: Create iiab.env file
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644
- name: SSHD
include_role:
name: sshd
# has no "when: XXXXX_install" flag
tags: base, sshd
- name: put a python interface to iiab.env
- name: OPENVPN
include_role:
name: openvpn
when: openvpn_install
tags: openvpn
- name: NETWORK
include_role:
name: network
# has no "when: XXXXX_install" flag
tags: base, network
- name: HOMEPAGE
include_role:
name: homepage
# has no "when: XXXXX_install" flag
tags: base, homepage
- name: POSTGRESQL
include_role:
name: postgresql
when: postgresql_install
tags: postgresql, pathagar, moodle
- name: AUTHSERVER
include_role:
name: authserver
when: authserver_install
tags: olpc, authserver
- name: CUPS
include_role:
name: cups
when: cups_install
tags: cups
- name: SAMBA
include_role:
name: samba
when: samba_install
tags: samba
- name: USB-LIB
include_role:
name: usb-lib
when: usb_lib_install
tags: usb-lib
- name: Create a Python interface to iiab.env
template: src=roles/1-prep/templates/iiab_env.py.j2
dest=/etc/iiab/iiab_env.py
- name: generate the offline documents
- name: Generate the offline documents
command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs
- name: Stop postgresql service
command: "/etc/init.d/postgresql stop"
ignore_errors: True
when: postgresql_install and is_debuntu
- name: Start postgresql service
service: name=postgresql-iiab
state=restarted
enabled=yes
when: postgresql_enabled
- name: Stop authserver service
service: name=xs-authserver
state=stopped
enabled=no
when: not authserver_enabled and authserver_install
- name: Start xs-authserver service
service: name=xs-authserver
state=restarted
when: authserver_enabled
- name: Recording STAGE 4 HAS COMPLETED ==================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=4'
state=present

3
roles/5-xo-services/README.rst
View file

@ -2,5 +2,4 @@
XO Services README
==================
This role is a place to aggregate roles that provide XO specific services.
This role is a place to aggregate roles that provide specific services for One Laptop Per Child's XO laptops.

4
roles/5-xo-services/meta/main.yml
View file

@ -1,4 +0,0 @@
dependencies:
- { role: ejabberd_xs, tags: ['olpc','ejabberd-xs','xo-services'], when: ejabberd_xs_install }
- { role: idmgr, tags: ['olpc','idmgr','xo-services'], when: idmgr_install }
- { role: activity-server, tags: ['olpc','activity-server','xo-services'], when: activity_server_install }

28
roles/5-xo-services/tasks/main.yml
View file

@ -1,3 +1,27 @@
- name: XO Services Installed
command: echo XO Services Installed
# XO Services
- name: ...IS BEGINNING =====================================
command: echo
- name: ACTIVITY-SERVER
include_role:
name: activity-server
when: activity_server_install
tags: olpc, activity-server
- name: EJABBERD_XS
include_role:
name: ejabberd_xs
when: ejabberd_xs_install
tags: olpc, ejabberd-xs
- name: IDMGR
include_role:
name: idmgr
when: idmgr_install
tags: olpc, idmgr
- name: Recording STAGE 5 HAS COMPLETED =====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=5'
state=present

6
roles/6-generic-apps/README.rst
View file

@ -2,6 +2,6 @@
Generic Apps README
===================
This role is a place to aggregate roles that install apps of a more generic nature, as opposed to educational or managment.
Content Management Systems or Chat or Wiki applications would go here.
This role is a place to aggregate roles that install apps of a more generic or collaborative nature,
as opposed to educational or managment. Content Management Systems or Chat or Wiki applications
would go here.

9
roles/6-generic-apps/meta/main.yml
View file

@ -1,9 +0,0 @@
dependencies:
- { role: mysql, tags: ['generic','mysql'], when: mysql_install }
- { role: elgg, tags: ['generic','elgg'], when: elgg_install }
- { role: owncloud, tags: ['generic','owncloud'], when: owncloud_install }
- { role: nextcloud, tags: ['generic','nextcloud'], when: nextcloud_install }
- { role: dokuwiki, tags: ['generic','dokuwiki'], when: dokuwiki_install }
- { role: wordpress, tags: ['generic','wordpress'], when: wordpress_install }
- { role: calibre, tags: ['generic','calibre'], when: calibre_install }
- { role: ejabberd, tags: ['generic','ejabberd'], when: ejabberd_install }

52
roles/6-generic-apps/tasks/main.yml
View file

@ -1,3 +1,51 @@
- name: Generic Apps Installed
command: echo Generic Apps Installed
# Generic Apps
- name: ...IS BEGINNING ====================================
command: echo
- name: CALIBRE
include_role:
name: calibre
when: calibre_install
tags: calibre
- name: DOKUWIKI
include_role:
name: dokuwiki
when: dokuwiki_install
tags: dokuwiki
- name: ELGG
include_role:
name: elgg
when: elgg_install
tags: elgg
- name: EJABBERD
include_role:
name: ejabberd
when: ejabberd_install
tags: ejabberd
- name: NEXTCLOUD
include_role:
name: nextcloud
when: nextcloud_install
tags: nextcloud
- name: OWNCLOUD
include_role:
name: owncloud
when: owncloud_install
tags: owncloud
- name: WORDPRESS
include_role:
name: wordpress
when: wordpress_install
tags: wordpress
- name: Recording STAGE 6 HAS COMPLETED ====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=6'
state=present

2
roles/7-edu-apps/README.rst
View file

@ -3,4 +3,4 @@ Educational Apps and Content README
===================================
This role is a place to aggregate roles that provide Educational Content or
are specifically targetted at pedagogical activities.
are specifically targetted at pedagogical activities.

9
roles/7-edu-apps/meta/main.yml
View file

@ -1,9 +0,0 @@
dependencies:
- { role: moodle, tags: ['olpc','moodle','edu-apps'], when: moodle_install }
- { role: osm, tags: ['osm','edu-apps'], when: osm_install }
- { role: pathagar, tags: ['pathagar','edu-apps'], when: pathagar_install }
- { role: rachel, tags: ['rachel','edu-apps'], when: rachel_install }
- { role: kalite, tags: ['kalite','edu-apps'], when: kalite_install }
- { role: kiwix, tags: ['kiwix','edu-apps'], when: kiwix_install }
- { role: sugarizer, tags: ['sugarizer','edu-apps'], when: sugarizer_install }
# - { role: debian_schooltool, tags: ['schooltool','debian_schooltool','edu-apps'], when: debian_schooltool_install and is_debuntu }

46
roles/7-edu-apps/tasks/main.yml
View file

@ -1,3 +1,45 @@
- name: Educational Apps and Content Installed
command: echo Educational Apps and Content Installed
# Educational Apps
- name: ...IS BEGINNING ========================================
command: echo
- name: KALITE
include_role:
name: kalite
when: kalite_install
tags: kalite
- name: KIWIX
include_role:
name: kiwix
when: kiwix_install
tags: kiwix
- name: MOODLE
include_role:
name: moodle
when: moodle_install
tags: olpc, moodle
- name: OSM
include_role:
name: osm
when: osm_install
tags: osm
- name: PATHAGAR
include_role:
name: pathagar
when: pathagar_install
tags: pathagar
- name: SUGARIZER
include_role:
name: sugarizer
when: sugarizer_install
tags: sugarizer
- name: Recording STAGE 7 HAS COMPLETED ========================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=7'
state=present

10
roles/8-mgmt-tools/meta/main.yml
View file

@ -1,10 +0,0 @@
dependencies:
# - { role: sugar-stats, tags: ['olpc','sugar-stats','tools'], when: sugar_stats_install and ansible_distribution != "CentOS" }
# - { role: ajenti, tags: ['services','ajenti','tools'], when: ajenti_install }
- { role: munin, tags: ['services','munin','tools'], when: munin_install }
- { role: monit, tags: ['services','monit','tools'], when: monit_install }
- { role: vnstat, tags: ['services','vnstat','tools'], when: vnstat_install }
# - { role: xovis, tags: ['services','xovis','tools'], when: xovis_install and ansible_distribution != "CentOS" }
- { role: phpmyadmin, tags: ['services','phpmyadmin','tools'], when: phpmyadmin_install }
- { role: awstats, tags: ['services','awstats','tools'], when: awstats_install }
- { role: teamviewer, tags: ['services','teamviewer','tools'], when: teamviewer_install }

59
roles/8-mgmt-tools/tasks/main.yml
View file

@ -1,3 +1,58 @@
- name: Assessment and Monitoring Tools Installed
command: echo Assessment and Monitoring Tools Installed
# Assessment and Monitoring Tools
- name: ...IS BEGINNING ======================================
command: echo
- name: AWSTATS
include_role:
name: awstats
when: awstats_install
tags: awstats
- name: MONIT
include_role:
name: monit
when: monit_install
tags: monit
- name: MUNIN
include_role:
name: munin
when: munin_install
tags: munin
- name: PHPMYADMIN
include_role:
name: phpmyadmin
when: phpmyadmin_install
tags: phpmyadmin
- name: SUGAR-STATS
include_role:
name: sugar-stats
when: sugar_stats_install and ansible_distribution != "CentOS"
tags: olpc, sugar-stats
- name: TEAMVIEWER
include_role:
name: teamviewer
when: teamviewer_install
tags: teamviewer
- name: VNSTAT
include_role:
name: vnstat
when: vnstat_install
tags: vnstat
- name: XOVIS
include_role:
name: xovis
when: xovis_install and ansible_distribution != "CentOS"
tags: xovis
- name: Recording STAGE 8 HAS COMPLETED ======================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=8'
state=present

6
roles/9-local-addons/README.rst
View file

@ -7,15 +7,15 @@ This role is a place to aggregate roles developed by various contributors or loc
Development
-----------
Create the role you wish to add to the XSCE School Server by following the pattern of another role or any other means.
Create the role you wish to add to Internet-in-a-Box by following the pattern of another role or any other means.
Packaging
---------
Add your role into the main.yml file in the meta directory of the 7-local-addons role. It will now get installed as part of
Add your role into the main.yml file in the tasks directory of the 9-local-addons role. It will now get installed as part of
the next ansible run.
More Info
---------
Have a look at the docs section of this git repo for more detailed information.
Have a look at https://github.com/iiab/iiab/wiki/IIAB-Architecture (offline at http://box/info/IIAB-Architecture.html) for more detailed information.

2
roles/9-local-addons/meta/main.yml
View file

@ -1,2 +0,0 @@
# Add your role to this list and then uncomment dependencies. Adding a tag is handy for testing.
#dependencies:

11
roles/9-local-addons/tasks/main.yml
View file

@ -1,3 +1,10 @@
- name: Addon services installed
command: echo Addon services installed
# Local Add-ons
- name: ...IS BEGINNING ====================================
command: echo
- name: Recording STAGE 9 HAS COMPLETED ====================
lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=9'
state=present

2
roles/activity-server/tasks/main.yml
View file

@ -16,7 +16,7 @@
# Wish synchronize worked, but it doesn't
- name: Copy language templates
command: rsync -a {{iiab_dir}}/roles/activity-server/files/lang_templates /library/xs-activity-server/
command: rsync -a {{ iiab_dir }}/roles/activity-server/files/lang_templates /library/xs-activity-server/
- name: Copy default index files
copy: src={{ item }}

2
roles/ajenti/tasks/main.yml
View file

@ -37,7 +37,7 @@
mode=0744
state=file
- include: ajenti-wondershaper.yml
- include_tasks: ajenti-wondershaper.yml
when: 'iiab_lan_iface != ""'
# handler doesn't fire

9
roles/authserver/tasks/main.yml
View file

@ -38,8 +38,15 @@
environment:
XS_AUTHSERVER_DATABASE: /var/lib/xs-authserver/data.db
- name: Enable xs-authserver service
- name: Stop authserver service
service: name=xs-authserver
state=stopped
enabled=no
when: not authserver_enabled
- name: Start xs-authserver service
service: name=xs-authserver
state=restarted
enabled=yes
when: authserver_enabled

22
roles/awstats/tasks/install.yml
View file

@ -1,4 +1,4 @@
- name: Install awstats package
- name: Install AWStats package
package: name={{ item }}
state=present
with_items:
@ -8,7 +8,7 @@
tags:
- download
- name: Install awstats package
- name: Install AWStats package
package: name={{ item }}
state=present
with_items:
@ -22,7 +22,7 @@
command: a2enmod cgi
when: is_debuntu
- name: Create directory for awstat to use as intermediate summary storage
- name: Create directory for AWStats to use as intermediate summary storage
file: path={{ item }}
mode=0750
owner={{ apache_user }}
@ -33,7 +33,7 @@
- "{{ awstats_data_dir }}"
- "{{ apache_log_dir }}"
- name: Install the Apache config for Advanced Web Statistics
- name: Install the Apache config for AWStats
template: src=apache.conf
dest=/etc/{{ apache_config_dir }}/awstats.conf
owner=root
@ -41,7 +41,7 @@
mode=0644
when: awstats_enabled and is_debuntu
- name: Install the Apache config for Advanced Web Statistics
- name: Install the Apache config for AWStats
template: src=apache-awstats.conf
dest=/etc/{{ apache_config_dir }}/awstats.conf
owner=root
@ -63,18 +63,18 @@
command: mv /etc/awstats/awstats.conf /etc/awstats/awstats.conf.dist
when: awstats.stat.islnk is defined and not awstats.stat.islnk
- name: Enable Awstats
- name: Enable AWStats
file: src=/etc/apache2/sites-available/awstats.conf
path=/etc/apache2/sites-enabled/awstats.conf
state=link
when: awstats_enabled and is_debuntu
- name: Disable Awstats
- name: Disable AWStats
file: path=/etc/apache2/sites-enabled/awstats.conf
state=absent
when: not awstats_enabled and is_debuntu
- name: Install the awstats config for Advanced Web Statistics
- name: Install the AWStats config
template: src=awstats.schoolserver.conf.j2
dest=/etc/awstats/awstats.schoolserver.conf
owner=root
@ -82,16 +82,16 @@
mode=0644
when: awstats_enabled
- name: Create a symbolic link to use when access is by ip address
- name: Create a symbolic link to use when access is by IP address
file: src=/etc/awstats/awstats.schoolserver.conf
dest=/etc/awstats/awstats.conf
state=link
when: awstats_enabled
- name: On first enabling of awstats, summarize httpd logs up to now
- name: On first enabling of AWStats, summarize httpd logs up to now
shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
when: awstats_enabled and not is_debuntu
- name: On first enabling of awstats, summarize httpd logs up to now
- name: On first enabling of AWStats, summarize httpd logs up to now
shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
when: awstats_enabled and is_debuntu

6
roles/awstats/tasks/main.yml
View file

@ -1,7 +1,7 @@
- include: install.yml
- include_tasks: install.yml
when: awstats_install
- name: Add awstats to service list
- name: Add AWStats to service list
ini_file: dest='{{ service_filelist }}'
section=awstats
option='{{ item.option }}'
@ -10,7 +10,7 @@
- option: name
value: awstats
- option: description
value: '"Awstats is Advanced Web Statistics package written in perl which generates static or dynamic html summaries based upon web server logs"'
value: '"AWStats is Advanced Web Statistics package written in Perl which generates static or dynamic html summaries based upon web server logs"'
- option: installed
value: "{{ awstats_install }}"
- option: enabled

8
roles/calibre/tasks/main.yml
View file

@ -6,13 +6,13 @@
mode=0755
when: ansible_distribution == "CentOS"
- name: Install Calibre
- name: Install Calibre (CentOS)
shell: "{{ downloads_dir }}/calibre-installer.py >> /dev/null"
args:
creates: /usr/bin/calibre-uninstall
when: calibre_install and ansible_distribution == 'CentOS'
- name: Install Calibre rpms
- name: Install Calibre (OS's other than CentOS)
# the fedora rpm arm version, though older, takes care of dependencies, and exists
package: name={{ item }}
state=present
@ -20,7 +20,7 @@
- calibre
when: calibre_install and ansible_distribution != 'CentOS'
- name: Create Calibre service(s) and support scripts
- name: Create calibre-serve.service and calibre.conf
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
@ -52,7 +52,7 @@
state=stopped
when: not calibre_enabled
- name: Add Calibre to service list
- name: Add 'calibre-serve' to service list
ini_file: dest='{{ service_filelist }}'
section=calibre
option='{{ item.option }}'

18
roles/cups/tasks/main.yml
View file

@ -1,5 +1,5 @@
# administer this service by browsing to localhost:631
- name: get the CUPS package installed
- name: Get the CUPS package installed
package: name={{ item }}
state=present
with_items:
@ -8,7 +8,7 @@
tags:
- download
- name: Put our own config file in place, to permit local lan admin
- name: Put our own config file in place, to permit local LAN admin
template: dest=/etc/cups/cupsd.conf
src=cupsd.conf
@ -22,7 +22,7 @@
state=link
when: cups_enabled and is_debuntu
- name: Enable services for cups
- name: Enable services for CUPS (OS's other than Fedora 18)
service: name={{ item }}
state=started
enabled=yes
@ -31,17 +31,17 @@
- cups-browsed
when: cups_enabled and not is_F18
- name: Enable services for cups for xo's
- name: Enable services for CUPS (Fedora 18, for XO laptops)
service: name=cups
state=started
enabled=yes
when: cups_enabled and is_F18
- name: Permit headless admin of CUPS -- only works when cups daemon is running
- name: Permit headless admin of CUPS -- only works when CUPS daemon is running
shell: "cupsctl --remote-admin"
when: cups_enabled
- name: Disable services for cups
- name: Disable services for CUPS (OS's other than Fedora 18)
service: name={{ item }}
state=stopped
enabled=no
@ -50,13 +50,13 @@
- cups-browsed
when: not cups_enabled and not is_F18
- name: Disable services for cups for xo's
- name: Disable services for CUPS (Fedora 18, for XO laptops)
service: name=cups
state=stopped
enabled=no
when: not cups_enabled and is_F18
- name: add cups to service list
- name: Add 'cups' to service list
ini_file: dest={{ service_filelist }}
section=cups
option={{ item.option }}
@ -65,7 +65,7 @@
- option: name
value: '"Common UNIX Printing System (CUPS)"'
- option: description
value: '"CUPS is a modular printing system which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
value: '"CUPS is a modular printing system which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer."'
- option: installed
value: "{{ cups_install }}"
- option: enabled

8
roles/dokuwiki/README.rst
View file

@ -1,5 +1,5 @@
===============
Dokuwiki README
DokuWiki README
===============
DokuWiki is a simple to use and highly versatile Open Source wiki software that
@ -10,12 +10,12 @@ make DokuWiki especially useful in the enterprise context and the large number o
plugins contributed by its vibrant community allow for a broad range of use cases
beyond a traditional wiki.
http://dokuwiki.org/
http://dokuwiki.org
After Installation
------------------
Head to http://schoolserver.lan/wiki. The webpage will probably throw up an error
Head to http://box.lan/wiki. The webpage will probably throw up an error
saying you haven't run install.php yet, with a link to it. Click the link to be
taken to the install page which does the initial configuration of the wiki. After
this, you should be all set!
@ -33,4 +33,4 @@ None yet other than the basic enabled/disabled. Haven't really tested if they wo
Todo
----
* Preinstall some popular plugins.
* Additional XSCE customizations.
* Additional IIAB customizations.

14
roles/dokuwiki/tasks/install.yml
View file

@ -1,5 +1,5 @@
- name: Get the Dokuwiki software
get_url: url="{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" dest={{ downloads_dir}}/
- name: Get the DokuWiki software
get_url: url="{{ iiab_download_url }}/{{ dokuwiki_version }}.tgz" dest={{ downloads_dir }}/
when: internet_available
- name: Copy it to permanent location /library
@ -8,24 +8,24 @@
- name: Symlink /library/dokuwiki* to /library/dokuwiki
shell: if [ ! -d /library/dokuwiki ]; then ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki; fi
- name: Install config file for dokuwiki in Apache
- name: Install config file for DokuWiki in Apache
template: src=dokuwiki.conf.j2 dest=/etc/{{ apache_config_dir }}/dokuwiki.conf
when: dokuwiki_enabled
- name: enable the dokuwiki
- name: Enable the DokuWiki
file: path=/etc/apache2/sites-enabled/dokuwiki.conf
src=/etc/apache2/sites-available/dokuwiki.conf
state=link
when: dokuwiki_enabled and is_debuntu
- name: disable the dokuwiki
- name: Disable the DokuWiki
file: path=/etc/apache2/sites-enabled/dokuwiki.conf
state=absent
when: not dokuwiki_enabled and is_debuntu
- name: Change permissions on engine directory so apache can write
- name: Change permissions on engine directory so Apache can write
file: path=/library/{{ dokuwiki_version }} owner={{ apache_user }} mode=0755 state=directory recurse=yes
- name: Restart apache, so it picks up the new aliases
- name: Restart Apache, so it picks up the new aliases
service: name={{ apache_service }} state=restarted

4
roles/dokuwiki/tasks/main.yml
View file

@ -1,8 +1,8 @@
- name: Include the install playbook
include: install.yml
include_tasks: install.yml
when: dokuwiki_install
- name: Add dokuwiki to service list
- name: Add DokuWiki to service list
ini_file: dest='{{ service_filelist }}'
section=dokuwiki
option='{{ item.option }}'

47
roles/ejabberd/tasks/main.yml
View file

@ -14,25 +14,30 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'ejabberd-xs.cfg.j2', dest: '/etc/ejabberd/ejabberd-xs.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl.cfg', mode: '0644' }
- { src: 'ejabberd-xs', dest: '/etc/sysconfig/ejabberd-xs', mode: '0755' }
- { src: 'ejabberd-iiab.cfg.j2', dest: '/etc/ejabberd/ejabberd-iiab.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl-iiab.cfg', mode: '0644' }
- { src: 'ejabberd-iiab', dest: '/etc/sysconfig/ejabberd-iiab', mode: '0755' }
# - { src: 'ejabberd-domain-config', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd', mode: '0755'}
# - { src: 'ejabberd', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd' , mode: '0755' }
- { src: 'ejabberd-xs.service.j2', dest: '/etc/systemd/system/ejabberd-xs.service', mode: '0755' }
- { src: 'xs-ejabberd-srg', dest: '/usr/bin/xs-ejabberd-srg' , mode: '0755' }
- { src: '10-ejabberdmoodle', dest: '/etc/sudoers.d/10-ejabberdmoodle', mode: '0440' }
- { src: 'ejabberd-iiab.service.j2', dest: '/etc/systemd/system/ejabberd-iiab.service', mode: '0755' }
- { src: 'iiab-ejabberd-srg', dest: '/usr/bin/iiab-ejabberd-srg' , mode: '0755' }
# - { src: '10-ejabberdmoodle', dest: '/etc/sudoers.d/10-ejabberdmoodle', mode: '0440' }
- { src: 'ejabberd.tmpfiles', dest: '/etc/tmpfiles.d/ejabberd.conf', mode: '0640' }
register: ejabberd_config
- name: Stop and disable OS provided systemd ejabberd service
service: name=ejabberd
state=stopped
enabled=no
- name: Put the startup script in place - debian
template: src='ejabberd-xs.init'
dest='/etc/init.d/ejabberd-xs'
template: src='ejabberd-iiab.init'
dest='/etc/init.d/ejabberd-iiab'
when: is_debuntu
- name: Put the startup script in place - non debian
template: src='ejabberd-xs.init'
dest='/usr/libexec/ejabberd-xs'
template: src='ejabberd-iiab.init'
dest='/usr/libexec/ejabberd-iiab'
when: not is_debuntu
- name: Remove ejabberd_domain if domain changes
@ -41,14 +46,14 @@
when: ejabberd_config.changed
- name: Enable ejabberd service
file: src=/etc/systemd/system/ejabberd-xs.service
dest=/etc/systemd/system/multi-user.target.wants/ejabberd-xs.service
file: src=/etc/systemd/system/ejabberd-iiab.service
dest=/etc/systemd/system/multi-user.target.wants/ejabberd-iiab.service
owner=root
group=root
state=link
- name: Start ejabberd service
service: name=ejabberd-xs
service: name=ejabberd-iiab
state=restarted
enabled=yes
when: ejabberd_config.changed and ejabberd_enabled
@ -60,10 +65,14 @@
timeout=300
when: ejabberd_config.changed and ejabberd_enabled
- name: Create online group
shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
when: ejabberd_config.changed and not is_debuntu
# ejabberd-iiab.init has the logic for the below, needs to be done once
# and only if the group does not exist based on presence of
# /var/lib/ejabberd online_src_created
- name: Add all users to online group
shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
when: ejabberd_config.changed and not is_debuntu
#- name: Create online group
# shell: ejabberdctl srg_create Online "{{ iiab_hostname }}" Online "Online_Users" Online
# when: ejabberd_config.changed
#- name: Add all users to online group
# shell: ejabberdctl srg_user_add '@online@' "{{ iiab_hostname }}" Online "schoolserver"
# when: ejabberd_config.changed

4
roles/ejabberd/templates/ejabberd
View file

@ -3,9 +3,9 @@
#
# ejabberd now handles domain changes in the initrd script
#
SERVICE_NAME=ejabberd-xs
SERVICE_NAME=ejabberd-iiab
CONFIG_LIST="/etc/ejabberd/ejabberd-xs.cfg"
CONFIG_LIST="/etc/ejabberd/ejabberd-iiab.cfg"
# taken from ejabberd spec %post
# taken from ejabberd spec %post

2
roles/ejabberd/templates/ejabberd-xs → roles/ejabberd/templates/ejabberd-iiab
View file

@ -2,7 +2,7 @@
## Where should ejabberd find its configuration file?
#
CONFIG_FILE=/etc/ejabberd/ejabberd-xs.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-iiab.cfg
## ULIMIT_MAX_FILES alters the number of files that ejabberd is
## allowed to have open at once. If it is unset the system default

0
roles/ejabberd/templates/ejabberd-xs.cfg.j2 → roles/ejabberd/templates/ejabberd-iiab.cfg.j2
View file

24
roles/ejabberd/templates/ejabberd-xs.init → roles/ejabberd/templates/ejabberd-iiab.init
View file

@ -17,14 +17,17 @@
# Description: A distributed, fault-tolerant Jabber/XMPP server
### END INIT INFO
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
. /etc/rc.d/init.d/functions
if [ -r /etc/sysconfig/ejabberd-xs ]; then
. /etc/sysconfig/ejabberd-xs
if [ -r /etc/sysconfig/ejabberd-iiab ]; then
. /etc/sysconfig/ejabberd-iiab
fi
if [ ! "$CONFIG_FILE" ]; then
CONFIG_FILE=/etc/ejabberd/ejabberd.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-iiab.cfg
fi
# /var/run is tmpfs in fc18, so need to create every time
@ -34,25 +37,22 @@ chown ejabberd:ejabberd /var/run/ejabberd
# avoid using consolehelper, call ejabberdctl directly
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
check_domain_configured() {
if [ ! -e /etc/sysconfig/xs_domain_name ]; then
echo "Domain not configured yet" > /dev/stderr
if [ ! -e $SYS_DOMAIN_FILE ]; then
echo "Domain not configured yet 1" > /dev/stderr
exit 1;
fi
domain=`cat "$SYS_DOMAIN_FILE" `
if [ "$domain" == "random.xs.laptop.org" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 2" > /dev/stderr
exit 1;
fi
#hostname=`hostname -f`
hostname=`hostname `
if [ "$hostname" == "localhost.localdomain" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 3" > /dev/stderr
fi
# if [ "$hostname" != "schoolserver.$domain" ]; then
@ -149,7 +149,7 @@ start() {
fi
daemon --user=ejabberd $progctl start --config $CONFIG_FILE \
--ctl-config /etc/ejabberd/ejabberdctl.cfg \
--ctl-config /etc/ejabberd/ejabberdctl-iiab.cfg \
--logs "/var/log/ejabberd" \
--spool "/var/lib/ejabberd/spool" \
2>/dev/null
@ -218,5 +218,3 @@ case "$1" in
esac
exit $RETVAL

6
roles/ejabberd/templates/ejabberd-xs.service.j2 → roles/ejabberd/templates/ejabberd-iiab.service.j2
View file

@ -8,9 +8,9 @@ User=root
Group=root
LimitNOFILE=50000
RestartSec=5
EnvironmentFile=/etc/sysconfig/ejabberd-xs
ExecStart=/usr/libexec/ejabberd-xs start
ExecStop=/usr/libexec/ejabberd-xs stop
EnvironmentFile=/etc/sysconfig/ejabberd-iiab
ExecStart=/usr/libexec/ejabberd-iiab start
ExecStop=/usr/libexec/ejabberd-iiab stop
RemainAfterExit=yes
[Install]

2
roles/ejabberd/templates/xs-ejabberd-srg → roles/ejabberd/templates/iiab-ejabberd-srg
View file

@ -2,7 +2,7 @@
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
setup_online_srg() {

17
roles/ejabberd_xs/tasks/main.yml
View file

@ -34,7 +34,7 @@
mode={{ item.mode }}
with_items:
- { src: 'ejabberd-xs.cfg.j2', dest: '/etc/ejabberd/ejabberd-xs.cfg' , mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl.cfg', mode: '0644' }
- { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl-xs.cfg', mode: '0644' }
- { src: 'ejabberd-xs', dest: '/etc/sysconfig/ejabberd-xs', mode: '0755' }
# - { src: 'ejabberd-domain-config', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd', mode: '0755'}
# - { src: 'ejabberd', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd' , mode: '0755' }
@ -76,13 +76,10 @@
timeout=300
when: ejabberd_config.changed and ejabberd_xs_enabled
- name: Create online group
shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
- name: Add all users to online group
shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
#- name: Create online group
# shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
# when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
#- name: Add all users to online group
# shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
# when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled

18
roles/ejabberd_xs/templates/ejabberd-xs.init
View file

@ -17,6 +17,9 @@
# Description: A distributed, fault-tolerant Jabber/XMPP server
### END INIT INFO
SYS_DOMAIN_FILE=/etc/sysconfig/iiab_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
. /etc/rc.d/init.d/functions
if [ -r /etc/sysconfig/ejabberd-xs ]; then
@ -24,7 +27,7 @@ if [ -r /etc/sysconfig/ejabberd-xs ]; then
fi
if [ ! "$CONFIG_FILE" ]; then
CONFIG_FILE=/etc/ejabberd/ejabberd.cfg
CONFIG_FILE=/etc/ejabberd/ejabberd-xs.cfg
fi
# /var/run is tmpfs in fc18, so need to create every time
@ -34,25 +37,22 @@ chown ejabberd:ejabberd /var/run/ejabberd
# avoid using consolehelper, call ejabberdctl directly
progctl=/usr/sbin/ejabberdctl
SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
check_domain_configured() {
if [ ! -e /etc/sysconfig/xs_domain_name ]; then
echo "Domain not configured yet" > /dev/stderr
if [ ! -e $SYS_DOMAIN_FILE ]; then
echo "Domain not configured yet 1" > /dev/stderr
exit 1;
fi
domain=`cat "$SYS_DOMAIN_FILE" `
if [ "$domain" == "random.xs.laptop.org" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 2" > /dev/stderr
exit 1;
fi
#hostname=`hostname -f`
hostname=`hostname `
if [ "$hostname" == "localhost.localdomain" ]; then
echo "Domain not configured yet" > /dev/stderr
echo "Domain not configured yet 3" > /dev/stderr
fi
# if [ "$hostname" != "schoolserver.$domain" ]; then
@ -149,7 +149,7 @@ start() {
fi
daemon --user=ejabberd $progctl start --config $CONFIG_FILE \
--ctl-config /etc/ejabberd/ejabberdctl.cfg \
--ctl-config /etc/ejabberd/ejabberdctl-xs.cfg \
--logs "/var/log/ejabberd" \
--spool "/var/lib/ejabberd/spool" \
2>/dev/null

3
roles/elgg/meta/main.yml
View file

@ -1,3 +0,0 @@
---
dependencies:
- { role: mysql }

22
roles/elgg/tasks/main.yml
View file

@ -1,7 +1,7 @@
# Assume we only get here if elgg_install: True
# Assume mysql is running
- name: download current version from our copy
- name: Download current version from our copy
shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }}
creates={{ downloads_dir }}/elgg-{{ elgg_version }}.zip
when: internet_available
@ -18,7 +18,7 @@
shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt"
when: elgg.stat.exists is defined and not elgg.stat.exists
- name: Create a link to the versioned elgg folder
- name: Create a link to the versioned elgg-* folder
file: src=./elgg-{{ elgg_version }}
dest=/opt/elgg
owner={{ apache_user }}
@ -36,7 +36,7 @@
group={{ apache_user }}
# The name of this file changed from 1.9 to 1.10.
- name: Copy default .htaccess to the root directory of elgg tree
- name: Copy default .htaccess to the root directory of Elgg tree
copy: src="/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
dest="/opt/{{ elgg_xx }}/.htaccess"
mode=0644
@ -51,24 +51,24 @@
insertafter='^#RewriteBase'
line="RewriteBase {{ elgg_url }}/"
- name: Change permissions on engine directory so apache can write
- name: Change permissions on engine directory so Apache can write
file: path=/opt/elgg/engine/ owner={{ apache_user }} mode=0755 state=directory
- name: Create an upload directory that Apache can write in or elgg
file: path={{ elgg_upload_path }} state=directory owner={{ apache_user }}
- name: change ownership
- name: Change ownership
file: path=/opt/elgg-{{ elgg_version }}
owner={{ apache_user }}
group={{ apache_user }}
recurse=yes
state=directory
- name: Create a mysql database for elgg - can be run more than once
- name: Create a MySQL database for Elgg - can be run more than once
mysql_db: name={{ dbname }}
register: create_elgg_database
- name: Create a user to access the elgg database - can be run more than once
- name: Create a user to access the Elgg database - can be run more than once
mysql_user: name={{ dbuser }} host={{ item }} password={{ dbpassword }} priv={{ dbname }}.*:ALL
with_items:
- 127.0.0.1
@ -95,23 +95,23 @@
- name: Install config file for elgg in Apache
template: src=elgg.conf dest=/etc/{{ apache_config_dir }}/elgg.conf
- name: Enable elgg for debuntu (will already be enabled above for Redhat)
- name: Enable Elgg for debuntu (will already be enabled above for Redhat)
file: path=/etc/apache2/sites-enabled/elgg.conf
src=/etc/apache2/sites-available/elgg.conf
state=link
when: elgg_enabled and is_debuntu
- name: Disable elgg for debuntu
- name: Disable Elgg for debuntu
file: path=/etc/apache2/sites-enabled/elgg.conf
state=absent
when: not elgg_enabled and is_debuntu
- name: Disable elgg for Redhat - remove config file for elgg in Apache
- name: Disable Elgg for Redhat - remove config file for Elgg in Apache
file: dest=/etc/{{ apache_config_dir }}/elgg.conf
state=absent
when: not elgg_enabled and is_redhat
- name: add elgg to service list
- name: Add Elgg to service list
ini_file: dest='{{ service_filelist }}'
section=elgg
option='{{ item.option }}'

24
roles/elgg/templates/settings.php.j2
View file

@ -35,21 +35,21 @@ if (!isset($CONFIG)) {
*
* @global string $CONFIG->dbuser
*/
$CONFIG->dbuser = '{{dbuser}}';
$CONFIG->dbuser = '{{ dbuser }}';
/**
* The database password
*
* @global string $CONFIG->dbpass
*/
$CONFIG->dbpass = '{{dbpassword}}';
$CONFIG->dbpass = '{{ dbpassword }}';
/**
* The database name
*
* @global string $CONFIG->dbname
*/
$CONFIG->dbname = '{{dbname}}';
$CONFIG->dbname = '{{ dbname }}';
/**
* The database host.
@ -58,7 +58,7 @@ $CONFIG->dbname = '{{dbname}}';
*
* @global string $CONFIG->dbhost
*/
$CONFIG->dbhost = '{{dbhost}}';
$CONFIG->dbhost = '{{ dbhost }}';
/**
* The database prefix
@ -69,7 +69,7 @@ $CONFIG->dbhost = '{{dbhost}}';
*
* @global string $CONFIG->dbprefix
*/
$CONFIG->dbprefix = '{{dbprefix}}';
$CONFIG->dbprefix = '{{ dbprefix }}';
/**
* Multiple database connections
@ -130,17 +130,17 @@ $CONFIG->dbprefix = '{{dbprefix}}';
/**
* Cookie configuration
*
* Elgg uses 2 cookies: a PHP session cookie and an extended login cookie
* Elgg uses 2 cookies: a PHP session cookie and an extended login cookie
* (also called the remember me cookie). See the PHP manual for documentation on
* each of these parameters. Possible options:
*
*
* - Set the session name to share the session across applications.
* - Set the path because Elgg is not installed in the root of the web directory.
* - Set the secure option to true if you only serve the site over HTTPS.
* - Set the expire option on the remember me cookie to change its lifetime
*
* To use, uncomment the appropriate sections below and update for your site.
*
*
* @global array $CONFIG->cookies
*/
// get the default parameters from php.ini
@ -197,16 +197,16 @@ $CONFIG->min_password_length = 6;
/**
* This is an optional script used to override Elgg's default handling of
* uncaught exceptions.
*
*
* This should be an absolute file path to a php script that will be called
* any time an uncaught exception is thrown.
*
*
* The script will have access to the following variables as part of the scope
* global $CONFIG
* $exception - the unhandled exception
*
*
* @warning - the database may not be available
*
*
* @global string $CONFIG->exception_include
*/
$CONFIG->exception_include = '';

16
roles/homepage/tasks/main.yml Normal file
View file

@ -0,0 +1,16 @@
- name: Create home directory
file: path={{ doc_root }}/home
mode=0755
owner={{ apache_user }}
group={{ apache_user }}
state=directory
- name: Install admin homepage into apache2
template: src=iiab-homepage.conf
dest=/etc/{{ apache_config_dir }}/iiab-homepage.conf
- name: Enable the home page
file: src=/etc/{{ apache_config_dir }}/iiab-homepage.conf
dest=/etc/apache2/sites-enabled/iiab-homepage.conf
state=link
when: is_debuntu

6
roles/httpd/templates/iiab-home-page.conf → roles/homepage/templates/iiab-homepage.conf
View file

@ -1,9 +1,9 @@
# XSCE Home Page
# IIAB Home Page
# Redirect to home page on School Server
# Default is xs-portal
# Default [was] xs-portal [and is now generally] home
# RedirectMatch of root to home page
# RedirectMatch of root to homepage
# See the note in default_vars.yml
RedirectMatch ^/$ {{ iiab_home_url }}

16
roles/httpd/tasks/home-page.yml
View file

@ -1,16 +0,0 @@
- name: Create home directory
file: path={{ doc_root }}/home
mode=0755
owner={{ apache_user }}
group={{ apache_user }}
state=directory
- name: Install admin home page into apache2
template: src=iiab-home-page.conf
dest=/etc/{{ apache_config_dir }}/iiab-home-page.conf
- name: Enable the home page
file: src=/etc/{{ apache_config_dir }}/iiab-home-page.conf
dest=/etc/apache2/sites-enabled/iiab-home-page.conf
state=link
when: is_debuntu

16
roles/httpd/tasks/main.yml
View file

@ -40,7 +40,7 @@
- download
when: is_redhat
- name: remove the default apache2 config file
- name: Remove the default apache2 config file
file: path=/etc/apache2/sites-enabled/000-default.conf
src=/etc/apache2/sites-available/000-default.conf
state=absent
@ -67,7 +67,7 @@
- mpm_event.load
when: is_debuntu
- name: create symlinks for mpm-prefork
- name: Create symlinks for mpm-prefork
file: path=/etc/apache2/mods-enabled/{{ item }}
src=/etc/apache2/mods-available/{{ item }}
state=link
@ -76,7 +76,7 @@
- mpm_prefork.load
when: is_debuntu
- name: turn on mod_proxy
- name: Turn on mod_proxy
command: a2enmod {{ item }}
with_items:
- proxy
@ -85,7 +85,7 @@
- rewrite
when: is_debuntu
- name: create symlinks for enabling our site
- name: Create symlinks for enabling our site
file: path=/etc/apache2/sites-enabled/{{ item }}
src=/etc/apache2/sites-available/{{ item }}
state=link
@ -105,7 +105,7 @@
group=root
state=directory
- name: create admin group
- name: Create admin group
group: name=admin
state=present
@ -142,13 +142,11 @@
state=absent
when: is_debuntu
- include: html.yml
- include_tasks: html.yml
tags:
- base
- include: home-page.yml
- name: place the script to generate home pages
- name: Place the script to generate homepages
template: src=refresh-wiki-docs.sh
dest=/usr/bin/iiab-refresh-wiki-docs
mode=0755

4
roles/iiab-admin/README.rst
View file

@ -1,5 +1,5 @@
=================
XSCE Admin README
IIAB Admin README
=================
This role is home to a number of administrative playbooks. Those implemented are:
@ -22,4 +22,4 @@ Add Packages for Remote Access
Admin Console
-------------
Has been moved to a separate git repo
Has been moved to separate git repo: https://github.com/iiab/iiab-admin-console

10
roles/iiab-admin/tasks/admin-user.yml
View file

@ -32,26 +32,26 @@
# backup=yes
- name: edit the sudoers file--first make it editable
- name: Edit the sudoers file -- first make it editable
file: path=/etc/sudoers
mode=0640
- name: have sudo log all commands it handles
- name: Have sudo log all commands it handles
lineinfile: regexp=logfile
line='Defaults logfile = /var/log/sudo.log'
state=present
dest=/etc/sudoers
- name: lets wheel sudo without password
- name: Lets wheel sudo without password
lineinfile:
line: "%wheel ALL= NOPASSWD: ALL"
dest: /etc/sudoers
- name: remove the line which requires tty
- name: Remove the line which requires tty
lineinfile: regexp=requiretty
state=absent
dest=/etc/sudoers
- name: end editing the sudoers file-- protect it again
- name: End editing the sudoers file -- protect it again
file: path=/etc/sudoers
mode=0440

8
roles/iiab-admin/tasks/main.yml
View file

@ -1,9 +1,9 @@
- include: admin-user.yml
- include_tasks: admin-user.yml
tags:
- base
when: not no_admin is defined
- include: access.yml
- include_tasks: access.yml
tags:
- base
@ -28,12 +28,12 @@
stat: path=/home/pi/.config/lxsession
register: lx
- name: Do the same if running on raspbian
- name: Do the same if running on Raspbian
template: src=lxde_ssh_warn.sh
dest=/home/pi/.config/lxsession/LXDE-pi/
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
- name: put a autostart line to check for default password in LXDE
- name: Put an autostart line to check for default password in LXDE
lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh
dest=/home/pi/.config/lxsession/LXDE-pi/autostart
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu

10
roles/kalite/README.rst
View file

@ -1,13 +1,13 @@
==============
KA-Lite README
KA Lite README
==============
This role installs KA-Lite, an offline version of the Khan Academy (https://www.khanacademy.org/),
This role installs KA Lite, an offline version of the Khan Academy (https://www.khanacademy.org/),
written by Learning Equality (https://learningequality.org/ka-lite/).
KA Lite has two servers, a light httpd server that serves KA videos, and a cron server that sets
up cron jobs to download language packs and KA videos from the internet. There are separate flags
to enable these two servers.
KA Lite has two servers, a light httpd server that serves Khan Academy videos, and a cron server
that sets up cron jobs to download language packs and KA videos from the internet. There are
separate flags to enable these two servers.
Access
------

6
roles/kalite/tasks/enable.yml
View file

@ -1,18 +1,18 @@
# By the time we get here we should have ka-lite of some version
# And the systemd unit files should be defined
- name: Enable kalite server
- name: Enable 'kalite-serve' service
service: name=kalite-serve
enabled=yes
state=started
- name: Disable kalite server
- name: Disable 'kalite-serve' service
service: name=kalite-serve
enabled=no
state=stopped
when: not kalite_enabled
# Since Fedora 18 we don't have a separate unit fiile for kalite-cron
# Since Fedora 18 we don't have a separate unit file for kalite-cron
- name: Disable kalite cron server F18
service: name=kalite-cron

20
roles/kalite/tasks/install-f18.yml
View file

@ -1,6 +1,6 @@
# This is for Fedora 18, assumed to be an XO
- name: Install dependent packages F18
- name: Install dependent packages (Fedora 18)
package: name={{ item }}
state=present
with_items:
@ -8,35 +8,35 @@
- expect
when: is_F18
- name: Install dependent pip packages F18
- name: Install dependent pip packages (Fedora 18)
pip: name=selenium
when: internet_available and is_F18
when: internet_available and is_F18
- name: Determine if kalite is already downloaded
- name: Determine if KA Lite is already downloaded
stat: path={{ downloads_dir }}/ka-lite
register: kalite
- name: Download the latest kalite repo
- name: Download the latest KA Lite repo
git: repo={{ kalite_repo_url }}
dest={{ downloads_dir }}/ka-lite
depth=1
version="0.13.x"
ignore_errors: yes
when: internet_available and kalite.stat.exists is defined and not kalite.stat.exists
when: internet_available and kalite.stat.exists is defined and not kalite.stat.exists
- name: Create iiab-kalite user and password F18
- name: Create iiab-kalite user and password (Fedora 18)
user: name={{ kalite_user }}
password={{ kalite_password_hash }}
update_password=on_create
- name: Create kalite_root directory F18
- name: Create kalite_root directory (Fedora 18)
file: path={{ kalite_root }}
owner=root
group=root
mode=0755
state=directory
- name: Copy the kalite repo into place F18
- name: Copy the KA Lite repo into place (Fedora 18)
command: "rsync -at {{ downloads_dir }}/ka-lite/ {{ kalite_root }}"
- name: Make kalite_user owner
@ -54,7 +54,7 @@
group={{ kalite_user }}
mode=0644
- name: Create kalite service(s) and support scripts
- name: Create kalite-serve & kalite-cron services, and iiab_cronservectl.sh
template: backup=no
src={{ item.src }}
dest={{ item.dest }}

36
roles/kalite/tasks/install.yml
View file

@ -1,6 +1,6 @@
# This is for an OS other than Fedora 18
- name: Install missing packages required for kalite startup
- name: Install missing packages required for KA Lite startup
package: name={{ item }}
state=present
with_items:
@ -10,34 +10,32 @@
get_url: url={{ kalite_requirements }} dest={{ pip_packages_dir }}/kalite.txt
when: internet_available
- name: Install ka-lite dependencies with pip
pip: requirements={{ pip_packages_dir }}/kalite.txt
virtualenv={{ kalite_venv }}
virtualenv_site_packages=no
extra_args="--no-cache-dir"
#- name: Install KA Lite non-static + reqs file with pip - (debuntu)
# pip: requirements={{ pip_packages_dir }}/kalite.txt
# virtualenv={{ kalite_venv }}
# virtualenv_site_packages=no
# extra_args="--no-cache-dir"
# extra_args="--disable-pip-version-check"
when: internet_available and is_debuntu
# when: internet_available and is_debuntu
- name: Install ka-lite with pip
- name: Install KA Lite static with pip - (debuntu)
pip: name=ka-lite-static
version={{ kalite_version }}
virtualenv={{ kalite_venv }}
virtualenv_site_packages=no
extra_args="--no-cache-dir"
# extra_args="--no-cache-dir"
# extra_args="--disable-pip-version-check"
when: internet_available and is_debuntu
- name: Install ka-lite dependencies with pip
pip: requirements={{ pip_packages_dir }}/kalite.txt
virtualenv={{ kalite_venv }}
virtualenv_site_packages=no
#- name: Install KA Lite non-static + reqs file with pip - (OS's other than debuntu)
# pip: requirements={{ pip_packages_dir }}/kalite.txt
# virtualenv={{ kalite_venv }}
# virtualenv_site_packages=no
# extra_args="--no-cache-dir"
# extra_args="--disable-pip-version-check"
when: internet_available and not is_debuntu
# when: internet_available and not is_debuntu
- name: Install ka-lite with pip
- name: Install KA Lite static with pip - (OS's other than debuntu)
pip: name=ka-lite-static
version={{ kalite_version }}
virtualenv={{ kalite_venv }}
@ -46,7 +44,7 @@
# extra_args="--disable-pip-version-check"
when: internet_available and not is_debuntu
- name: Default is to have cronserve started with kalite
- name: Default is to have cronserve started with KA Lite
set_fact:
job_scheduler_stanza: ""
@ -55,7 +53,7 @@
job_scheduler_stanza: "--skip-job-scheduler "
when: not kalite_cron_enabled
- name: Create kalite service(s) and support scripts
- name: Create 'kalite-serve' service, kalite.sh and kalite.conf
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
@ -65,9 +63,9 @@
with_items:
- { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'}
- { src: 'kalite.sh.j2', dest: '/etc/profile.d/kalite.sh', mode: '0644'}
- { src: 'kalite.conf', dest: '/etc/{{ apache_config_dir}}', mode: '0644'}
- { src: 'kalite.conf', dest: '/etc/{{ apache_config_dir }}', mode: '0644'}
- name: Create symlink to kalite bin file in path
file: path=/usr/bin/kalite
src={{kalite_venv}}/bin/kalite
src={{ kalite_venv }}/bin/kalite
state=link

22
roles/kalite/tasks/main.yml
View file

@ -2,39 +2,39 @@
# Assume all XOs are F18 and nothing else is
- name: Calc kalite db file name F18
- name: Calc KA Lite db file name (Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/kalite/database/data.sqlite"
when: is_F18
- name: Calc kalite db file name
- name: Calc KA Lite db file name (OS's other than Fedora 18)
set_fact:
kalite_db_name: "{{ kalite_root }}/database/data.sqlite"
when: not is_F18
- name: See if kalite is already configured
- name: See if KA Lite is already configured
stat: path="{{ kalite_db_name }}"
register: kalite_installed
- include: install-f18.yml
- include_tasks: install-f18.yml
when: not kalite_installed.stat.exists and is_F18
- include: install.yml
- include_tasks: install.yml
when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18
- name: ask systemd to reread the unit files
- name: Ask systemd to reread the unit files
shell: systemctl daemon-reload
when: not kalite_installed.stat.exists
- include: setup-f18.yml
- include_tasks: setup-f18.yml
when: not kalite_installed.stat.exists and is_F18
- include: setup.yml
- include_tasks: setup.yml
when: not kalite_installed.stat.exists and not is_F18
- include: enable.yml
- include_tasks: enable.yml
- name: Add kalite to service list
- name: Add 'kalite-serve' to service list
ini_file: dest='{{ service_filelist }}'
section=kalite
option='{{ item.option }}'
@ -43,7 +43,7 @@
- option: name
value: kalite
- option: description
value: '"KA-Lite is a server to present Khan Academy videos offline and to download them."'
value: '"KA Lite is a server to present Khan Academy videos offline and to download them."'
- option: path
value: "{{ kalite_root }}"
- option: server_name

4
roles/kalite/tasks/setup-f18.yml
View file

@ -1,11 +1,11 @@
# This is for Fedora 18, assumed to be an XO
- name: Run the setup using kalite manage F18
- name: Run the setup using 'kalite manage' (Fedora 18)
command: "/usr/bin/su {{ kalite_user }} -c '{{ kalite_root }}/bin/kalite manage setup --username={{ kalite_user }} --password={{ kalite_password }} --noinput'"
async: 900
poll: 10
- name: Finish setup by running kalite start F18
- name: Finish setup by running 'kalite start' (Fedora 18)
command: "/usr/bin/su {{ kalite_user }} -c '{{ kalite_root }}/bin/kalite start'"
async: 900
poll: 10

2
roles/kalite/tasks/setup.yml
View file

@ -7,7 +7,7 @@
mode=0755
state=directory
- name: Run the setup using kalite manage
- name: Run the setup using 'kalite manage'
command: "{{ kalite_program }} manage setup --username={{ kalite_admin_user }} --password={{ kalite_admin_password }} --noinput"
environment:
KALITE_HOME: "{{ kalite_root }}"

34
roles/kiwix/tasks/kiwix_install.yml
View file

@ -1,4 +1,4 @@
- name: Create various directories for zims
- name: Create various directories for Kiwix's ZIM files
file: path={{ item }}
owner=root
group=root
@ -9,16 +9,16 @@
- "{{ kiwix_content_path }}"
- "{{ iiab_zim_path }}/index"
- name: Check for kiwix-serve binary
- name: Check for 'kiwix-serve' binary
stat: path={{ iiab_base }}/kiwix/bin/kiwix-serve
register: kiwix_bin
- name: Set kiwix first pass
- name: Set kiwix_first_pass
set_fact:
kiwix_first_pass: True
when: kiwix_bin.stat.exists is defined and not kiwix_bin.stat.exists
- name: Copy kiwix library file if needed
- name: Copy Kiwix library file if needed
template: src={{ item }}
dest="{{ kiwix_library_xml }}"
mode=0644
@ -47,14 +47,14 @@
group=root
when: not kiwix_src_bin_only and kiwix_first_pass
- name: Create directory for kiwix bin
- name: Create kiwix/bin directory
file: path="{{ iiab_base }}/kiwix/bin"
owner=root
group=root
mode=0755
state=directory
- name: enable the mods which permit apache to proxy
- name: Enable the mods which permit Apache to proxy
apache2_module: name={{ item }}
with_items:
- proxy
@ -63,7 +63,7 @@
- rewrite
when: is_debuntu
- name: Unarchive it to permanent location - bin only
- name: Unarchive Kiwix to permanent location - bin only
unarchive: src="{{ downloads_dir }}/{{ kiwix_src_file }}"
dest="{{ iiab_base }}/kiwix/bin"
owner=root
@ -71,25 +71,25 @@
when: kiwix_src_bin_only and kiwix_first_pass
# workaround because unarchive does not set ownership properly
- name: Set kiwix ownership
command: "chown -R root:root {{ iiab_base }}"
- name: "Set ownership: 'chown -R root:root /opt/iiab/kiwix'"
command: "chown -R root:root {{ iiab_base }}/kiwix"
# workaround because kiwix-serve does not stay running
- name: Make an entry in crontab to restart every hour
- name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu)
# * * * * * user-name command to be executed
lineinfile: line="15 * * * * root /bin/systemctl restart kiwix-serve.service"
lineinfile: line="0 4 * * * root /bin/systemctl restart kiwix-serve.service"
dest=/etc/crontab
when: is_debuntu
- name: Make an entry in crontab to restart every hour
- name: Make a crontab entry to restart kiwix-serve at 4AM (redhat)
# * * * * * user-name command to be executed
lineinfile: line="15 * * * * root /usr/bin/systemctl restart kiwix-serve.service"
lineinfile: line="0 4 * * * root /usr/bin/systemctl restart kiwix-serve.service"
dest=/etc/crontab
when: is_redhat
# Create kiwix service
- name: Create kiwix-serve service
- name: Create 'kiwix-serve' service
template: backup=no
src={{ item.src }}
dest={{ item.dest }}
@ -105,7 +105,7 @@
- { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'}
- name: add kiwix to service list
- name: Add 'kiwix-serve' to list of services
ini_file: dest='{{ service_filelist }}'
section=kiwix-serve
option='{{ item.option }}'
@ -130,13 +130,13 @@
- option: enabled
value: "{{ kiwix_enabled }}"
- name: Enable kiwix-serve service
- name: Enable 'kiwix-serve' service
service: name=kiwix-serve
enabled=yes
state=restarted
when: kiwix_enabled
- name: Disable kiwix-serve service
- name: Disable 'kiwix-serve' service
service: name=kiwix-serve
enabled=no
state=stopped

8
roles/kiwix/tasks/main.yml
View file

@ -6,21 +6,21 @@
- name: Set kiwix source file name x86_64
set_fact:
kiwix_src_file: "kiwix-tools_linux64_2017-10-11.tar.gz"
kiwix_src_file: "kiwix-tools_linux64_2017-10-25.tar.gz"
kiwix_src_bin_only: True
when: ansible_machine == "x86_64"
- name: Set kiwix source file name armv7l
set_fact:
kiwix_src_file: "kiwix-tools_armhf_2017-10-11.tar.gz"
kiwix_src_file: "kiwix-tools_armhf_2017-10-25.tar.gz"
kiwix_src_bin_only: True
when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
- name: Get the kiwix software
- name: Get the Kiwix software
get_url: url="{{ iiab_download_url }}/{{ kiwix_src_file }}" dest="{{ downloads_dir }}/{{ kiwix_src_file }}"
when: internet_available
- include: kiwix_install.yml
- include_tasks: kiwix_install.yml
when: kiwix_src_file is defined
tags:
- kiwix

2
roles/kiwix/templates/iiab-make-kiwix-lib
View file

@ -1,6 +1,6 @@
#!/bin/sh
{{systemctl_program }} stop kiwix-serve
{{ systemctl_program }} stop kiwix-serve
/usr/bin/iiab-make-kiwix-lib.py
/usr/bin/iiab-make-apache-config.py
{{ systemctl_program }} start kiwix-serve

10
roles/monit/tasks/main.yml
View file

@ -1,10 +1,10 @@
- name: Install monit package
- name: Install Monit package
package: name=monit
state=present
tags:
- download
- name: Install chkconfig package -- not in debian 9
- name: Install chkconfig package -- not in Debian 8
package: name=chkconfig
state=present
when: is_debian and ansible_distribution_major_version == "8"
@ -34,14 +34,14 @@
delay: 1
#TODO: create systemd script
- name: Enable monit service
- name: Enable 'monit' service
command: chkconfig monit on
when: is_debian and ansible_local.local_facts.os_ver == "debian-8"
#- name: Restart monit service
# command: service monit restart
- name: Add monit to service list
- name: Add 'monit' to service list
ini_file: dest='{{ service_filelist }}'
section=monit
option='{{ item.option }}'
@ -50,6 +50,6 @@
- option: name
value: monit
- option: description
value: '"Monit is a background service monitor which can correct problems, send email, restart services"'
value: '"Monit is a background service monitor which can correct problems, send email, restart services."'
- option: enabled
value: "{{ monit_enabled }}"

3
roles/moodle/meta/main.yml
View file

@ -1,3 +0,0 @@
---
dependencies:
- { role: postgresql }

38
roles/moodle/tasks/main.yml
View file

@ -1,5 +1,5 @@
---
- name: Install moodle required packages
- name: Install Moodle required packages
package: name={{ item }}
state=present
with_items:
@ -7,7 +7,7 @@
- php-pgsql
when: not is_debuntu
- name: Install moodle required packages
- name: Install Moodle required packages
package: name={{ item }}
state=present
with_items:
@ -21,19 +21,19 @@
- php{{ php_version }}-cli
when: is_debuntu
- name: php-zip debian 8-9 changed name
- name: php-zip name for Debian 9 or Ubuntu
package: name=php{{ php_version }}-zip
when: is_debian_9 or is_ubuntu
- name: php-zip debian 8-9 changed name
- name: php-zip name for Debian 8
package: name=php-pclzip
when: is_debian_8
- name: Determine if moodle is already downloaded
- name: Determine if Moodle is already downloaded
stat: path={{ moodle_base }}/config-dist.php
register: moodle
- name: Download the latest moodle repo
- name: Download the latest Moodle repo
git: repo={{ moodle_repo_url }}
dest={{ moodle_base }}
depth=1
@ -42,30 +42,30 @@
# ignore_errors: yes
when: internet_available and moodle.stat.exists is defined and not moodle.stat.exists
- name: Prepare the downloaded directory so apache can install config file
- name: Prepare the downloaded directory so Apache can install config file
file: path={{ moodle_base }}
owner={{ apache_user }}
recurse=yes
state=directory
- name: Give apache permission to write moodle data directory
- name: Give Apache permission to write Moodle data directory
file: path={{ content_base }}/dbdata/moodle
owner={{ apache_user }}
mode=0755
state=directory
- name: Create a moodle data dir with apache permission to write
- name: Create a Moodle data dir with Apache permission to write
file: path={{ moodle_data }}
owner={{ apache_user }}
group={{ apache_user }}
mode=0770
state=directory
- name: Remove stock moodle conf
- name: Remove stock Moodle conf
file: path='/etc/{{ apache_config_dir }}/moodle.conf'
state=absent
- name: Put moodle config file in place
- name: Put Moodle config file in place
template: src=022-moodle.j2
dest=/etc/{{ apache_config_dir }}/022-moodle.conf
owner=root
@ -73,13 +73,13 @@
mode=0644
when: moodle_enabled
- name: Enable moodle
- name: Enable Moodle
file: path=/etc/apache2/sites-enabled/022-moodle.conf
src=/etc/apache2/sites-available/022-moodle.conf
state=link
when: moodle_enabled and is_debuntu
- name: Disable moodle
- name: Disable Moodle
file: path=/etc/apache2/sites-enabled/022-moodle.conf
state=absent
when: not moodle_enabled and is_debuntu
@ -106,7 +106,7 @@
become_user: postgres
- name: Put a startup install script in place
template: dest={{moodle_base}}
template: dest={{ moodle_base }}
src=moodle_installer
mode=0755
@ -116,24 +116,24 @@
enabled=yes
when: moodle_enabled
- name: Restart apache
- name: Restart Apache
service: name={{ apache_service }}
state=restarted
- name: see if the config.php file exists
- name: See if the config.php file exists
stat: path='{{ moodle_base }}/config.php'
register: config
- name: Execute moodle startup script
- name: Execute Moodle startup script
shell: '{{ moodle_base }}/moodle_installer'
when: config.stat.exists is defined and not config.stat.exists
- name: Give apache permission to read config file
- name: Give Apache permission to read config file
# command: chown -R {{ apache_user }} {{ moodle_base }}
file: path={{ moodle_base }}/config.php
mode=0644
- name: add moodle to service list
- name: Add Moodle to service list
ini_file: dest='{{ service_filelist }}'
section=moodle
option='{{ item.option }}'

13
roles/munin/tasks/main.yml
View file

@ -1,4 +1,4 @@
- name: Install munin package
- name: Install Munin package
package: name={{ item }}
state=present
with_items:
@ -11,7 +11,7 @@
- download
when: is_debuntu
- name: Install munin package
- name: Install Munin package
package: name={{ item }}
state=present
with_items:
@ -21,7 +21,7 @@
- download
when: not is_debuntu
- name: Copy munin config file
- name: Copy Munin config file
template: src={{ item.src }}
dest={{ item.dest }}
owner=root
@ -44,13 +44,13 @@
state=started
when: munin_enabled
- name: Enable apache lookup
- name: Enable Apache lookup
file: src=/etc/apache2/sites-available/munin24.conf
dest=/etc/apache2/sites-enabled/munin24.conf
state=link
when: munin_enabled and is_debuntu
- name: disable apache lookup
- name: Disable Apache lookup
file: src=/etc/apache2/sites-available/munin24.conf
dest=/etc/apache2/sites-enabled/munin24.conf
state=absent
@ -62,7 +62,7 @@
state=stopped
when: not munin_enabled
- name: If mysql is enabled, let munin monitor it
- name: If MySQL is enabled, let Munin monitor it
copy: dest=/etc/munin/plugins/
src={{ item }}
with_items:
@ -89,4 +89,3 @@
value: "{{ munin_install }}"
- option: enabled
value: "{{ munin_enabled }}"

2
roles/mysql/defaults/main.yml
View file

@ -1,4 +1,2 @@
phpMyAdmin: "phpMyAdmin-4.2.7.1-all-languages.zip"
mysql_install: True
mysql_enabled: False
phpmyadmin_enabled: False

29
roles/mysql/tasks/main.yml
View file

@ -1,4 +1,4 @@
- name: Install MySQL Debian
- name: Install MySQL (debuntu)
package: name={{ item }}
state=present
with_items:
@ -18,15 +18,15 @@
tags:
- download
- name: php-xml for ubuntu and debian-9
- name: php-xml for 'ubuntu' and 'debian-9'
package: name=php{{ php_version }}-xml state=present
when: is_ubuntu or is_debian_9
- name: php-xml for debian-8
- name: php-xml for 'debian-8'
package: name=php-xml-parser state=present
when: is_debian_8
- name: Install MySQL
- name: Install MySQL (OS's other than debuntu)
package: name={{ item }}
state=present
with_items:
@ -45,12 +45,12 @@
tags:
- download
- include: centos.yml
- include_tasks: centos.yml
when: ansible_distribution == "CentOS"
tags:
- download
- include: fedora.yml
- include_tasks: fedora.yml
when: ansible_distribution == "Fedora"
tags:
- download
@ -68,17 +68,17 @@
# 'localhost' needs to be the last item for idempotency, see
# http://ansible.cc/docs/modules.html#mysql-user
# unfortunately it still doesn't work
- name: update mysql root password for localhost root accounts
- name: Update MySQL root password for localhost root accounts
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} priv=*.*:ALL,GRANT
with_items:
- localhost
when: mysql_enabled
- name: copy .my.cnf file with root password credentials
- name: Copy .my.cnf file with root password credentials
template: src=my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
when: mysql_enabled
- name: update mysql root password for all remaining root accounts
- name: Update MySQL root password for all remaining root accounts
mysql_user: name=root host={{ item }} password={{ mysql_root_password }} priv=*.*:ALL,GRANT
with_items:
# - "{{ iiab_hostname }}.{{ iiab_domain }}"
@ -86,15 +86,15 @@
- ::1
when: mysql_enabled
- name: delete anonymous MySQL server user for {{ ansible_hostname }}
- name: Delete anonymous MySQL server user for {{ ansible_hostname }}
mysql_user: user="" host="{{ ansible_hostname }}" state="absent"
when: mysql_enabled
- name: delete anonymous MySQL server user for localhost
- name: Delete anonymous MySQL server user for localhost
mysql_user: user="" state="absent"
when: mysql_enabled
- name: remove the MySQL test database
- name: Remove the MySQL test database
mysql_db: db=test state=absent
when: mysql_enabled
@ -105,8 +105,7 @@
state=stopped
when: not mysql_enabled
- name: add mysql to service list
- name: Add 'mysql' to service list
ini_file: dest='{{ service_filelist }}'
section=mysql
option='{{ item.option }}'
@ -115,6 +114,6 @@
- option: name
value: mysql-database
- option: description
value: '"mySQL is a widely used database service on the Internet which runs on many platforms, and is often offered and available at hosting Internet Service Providers"'
value: '"MySQL is a widely used free and open source (GPLv2) database, offered by most web hosting services, on a diversity of platforms."'
- option: enabled
value: "{{ mysql_enabled }}"

45
roles/network/defaults/main.yml
View file

@ -1,13 +1,44 @@
---
# Defaults for network detection
wireless_lan_present: False
strict_networking: False
iiab_demo_mode: False
gui_static_wan: False
# Set defaults for discovery process as strings
wifi1: "not found-1"
wifi2: "not found-2"
ap_device: "none"
device_gw: "none"
device_gw2: ""
iiab_wan_iface: "none"
iiab_lan_iface: "none"
#discovered_lan_iface: "none"
discovered_wired_iface: "none"
discovered_wireless_iface: "none"
#iiab_wired_lan_iface: "none"
#iiab_wireless_lan_iface: "none"
#Redhat
has_WAN: False
has_ifcfg_gw: "none"
has_wifi_gw: "none"
#Debian
dhcpcd_result: ""
wan_in_interfaces: False
# The values here are default local variables.
gui_wan_iface: "unset"
gui_static_wan_ip: "unset"
gui_desired_network_role: Gateway
wondershaper_dspeed: "4096"
wondershaper_upspeed: "1024"
# WiFi
host_ssid: IIAB
hostapd_wait: 10
hostapd_wait: 1
host_wifi_mode: g
host_channel: 6
host_wireless_n: False
@ -15,7 +46,17 @@ host_country_code: US
hostapd_secure: True
hostapd_password: "iiab2017"
driver_name: nl80211
network_config_dir: /etc/network/interfaces.d
iiab_network_mode: "Gateway"
#iiab_network_mode: "Gateway"
dns_jail_enabled: False
services_externally_visible: False
# following variables set for old apache,dhcpd,named usage
dhcpd_install: True
dhcpd_enabled: True
named_install: True
named_enabled: True
dnsmasq_enabled: False
dnsmasq_install: False
captive_portal_enabled: False

2
roles/network/tasks/NM.yml
View file

@ -1,4 +1,4 @@
- name: restart NetworkManager services
- name: Restart NetworkManager services
service: name=NetworkManager
enabled=yes
state=stopped

26
roles/network/tasks/avahi.yml
View file

@ -1,25 +1,3 @@
- name: Install avahi package
package: name={{ item }}
state=present
with_items:
- libnss-mdns
- avahi-daemon
- avahi-discover
when: is_debuntu
tags:
- download
- name: Install avahi package
package: name={{ item }}
state=present
with_items:
- nss-mdns
- avahi
- avahi-tools
when: not is_debuntu
tags:
- download
- name: Create a user for avahi
user: name=avahi
createhome=no
@ -50,10 +28,10 @@
dest='/etc/avahi/services/'
when: is_debuntu
- name: set ssh port for avahi
- name: Set ssh port for avahi
lineinfile: dest=/etc/avahi/services/ssh.service
regexp='</port>$'
line=' <port>{{ssh_port}}</port>'
line=' <port>{{ ssh_port }}</port>'
state=present
backrefs=yes

30
roles/network/tasks/computed_network.yml
View file

@ -1,7 +1,7 @@
# just lie about active gateway present on XOs to suppress ifcfg-WAN
# auto-creation/moving with XOs using NM/system-connections/ via keyfile.
# ifcfg-rh acts on /etc/sys*/net*/ifcfg-* where we search for devices.
- name: Setting XO has wifi gateway
- name: Setting XO has WiFi gateway
set_fact:
user_wan_iface: "{{ discovered_wan_iface }}"
when: discovered_wan_iface != "none" and xo_model != "none" and has_ifcfg_gw == "none"
@ -20,7 +20,7 @@
iiab_demo_mode: True
when: teamviewer_install and not strict_networking
- name: XO wants usb wifi interface as AP mode
- name: XO laptop wants USB WiFi interface as AP mode
set_fact:
iiab_wireless_lan_iface: "{{ discovered_lan_iface }}"
when: num_wifi_interfaces >= "2" and xo_model != "none" and discovered_wan_iface != "none" and discovered_wireless_iface == "eth0"
@ -32,7 +32,7 @@
gui_static_wan_ip: undefined
when: gui_static_wan_ip != "unset" and not gui_static_wan
- name: undo gui-static-wan by requesting new template file
- name: Undo gui-static-wan by requesting new template file
set_fact:
has_WAN: False
when: gui_static_wan_ip != "unset" and not gui_static_wan
@ -64,7 +64,7 @@
# gui wants LanController # keeps ifcfg-WAN but onboot=no
# the change over might be a little bumpy ATM.
- name: Setting GUI wants LanController
- name: Setting GUI wants 'LanController'
set_fact:
device_gw: "none"
user_wan_iface: "none"
@ -75,13 +75,13 @@
# single interface vars/ users would need to set iiab_wan_enabled False as above, to disable the WAN
# and set user_lan_iface = <device> to suppress the auto detection for the same effect.
- name: Setting user_lan_iface for LanController for single interface
- name: Setting user_lan_iface for 'LanController' for single interface
set_fact:
user_lan_iface: "{{ discovered_wan_iface }}"
when: discovered_wan_iface != "none" and num_lan_interfaces == "0" and gui_desired_network_role is defined and gui_desired_network_role == "LanController"
# override with user_wan_iface setting if no longer in auto
- name: setting user WAN fact
- name: Setting user WAN fact
set_fact:
iiab_wan_iface: "{{ user_wan_iface }}"
when: user_wan_iface != "auto"
@ -93,14 +93,14 @@
when: 'not iiab_lan_enabled'
# gui wants Appliance Note: could of used iiab_lan_enabled false
- name: Setting GUI wants Appliance
- name: Setting GUI wants 'Appliance'
set_fact:
user_lan_iface: "none"
iiab_gateway_enabled: "False"
when: gui_desired_network_role is defined and gui_desired_network_role == "Appliance"
# gui wants Gateway
- name: Setting GUI wants and has active Gateway
- name: Setting GUI wants and has active 'Gateway'
set_fact:
user_lan_iface: "auto"
user_wan_iface: "{{ iiab_wan_iface }}"
@ -114,17 +114,17 @@
user_wan_iface: "{{ discovered_lan_iface }}"
when: num_lan_interfaces == "1" and user_lan_iface == "auto" and user_wan_iface == "auto"
- name: No LAN configured - Appliance mode
- name: No LAN configured - 'Appliance' mode
set_fact:
iiab_network_mode: "Appliance"
when: iiab_lan_iface == "none"
- name: LAN configured - LanController mode
- name: LAN configured - 'LanController' mode
set_fact:
iiab_network_mode: "LanController"
when: iiab_lan_iface != "" and iiab_wan_iface == "none"
- name: LAN configured - Gateway mode
- name: LAN configured - 'Gateway' mode
set_fact:
iiab_network_mode: "Gateway"
when: iiab_lan_iface != "none" and iiab_wan_iface != "none"
@ -136,17 +136,17 @@
when: 'user_lan_iface != "auto"'
# so this works
- name: interface count
- name: Interface count
shell: ls /sys/class/net | grep -v -e lo | wc | awk '{print $1}'
register: adapter_count
# well if there ever was a point to tell the user thing are FUBAR this is it.
# well if there ever was a point to tell the user things are FUBAR this is it.
- name: We're hosed no work interfaces
set_fact:
iiab_network_mode: "No_network_found"
when: adapter_count.stdout|int == "0"
# well if there ever was a point to tell the user thing are FUBAR this is it.
# well if there ever was a point to tell the user things are FUBAR this is it.
- name: I'm not guessing declare gateway please
set_fact:
iiab_network_mode: "Undetectable_use_local_vars"
@ -155,7 +155,7 @@
- name: Add location section to config file
ini_file: dest='{{ iiab_config_file }}'
section=network
section=computed_network
option='{{ item.option }}'
value='{{ item.value }}'
with_items:

39
roles/network/tasks/computed_services.yml
View file

@ -1,29 +1,44 @@
- name: No LAN configured - Appliance mode
- name: No LAN configured - 'Appliance' mode
set_fact:
dansguardian_enabled: False
squid_enabled: False
named_enabled: True
dhcpd_enabled: False
wondershaper_enabled: False
iiab_network_mode: "Appliance"
when: iiab_lan_iface == "none" or user_lan_iface == "none"
- name: LAN configured - LanController mode
- name: LAN configured - 'LanController' mode
set_fact:
named_enabled: True
dhcpd_enabled: True
dansguardian_enabled: False
squid_enabled: False
wondershaper_enabled: False
iiab_network_mode: "LanController"
when: iiab_lan_iface != "" and iiab_wan_iface == "none"
- name: LAN configured - Gateway mode
- name: LAN configured - 'Gateway' mode
set_fact:
iiab_network_mode: "Gateway"
when: iiab_lan_iface != "none" and iiab_wan_iface != "none"
- name: No LAN configured - non-dnsmasq
set_fact:
named_enabled: True
dhcpd_enabled: False
dhcp_service2: "dhcpd"
when: not dnsmasq_enabled and iiab_network_mode == "Appliance"
- name: LAN configured - non-dnsmasq
set_fact:
named_enabled: True
dhcpd_enabled: True
iiab_network_mode: "Gateway"
when: 'iiab_lan_iface != "none" and iiab_wan_iface != "none"'
dhcp_service2: "dhcpd"
when: not dnsmasq_enabled and iiab_network_mode != "Appliance"
- name: LAN configured - dnsmasq
set_fact:
named_enabled: False
dhcpd_enabled: False
dhcp_service2: "dnsmasq"
when: dnsmasq_install and dnsmasq_enabled and iiab_network_mode != "Appliance"
- name: Add location section to config file
ini_file: dest='{{ iiab_config_file }}'
@ -33,3 +48,9 @@
with_items:
- option: 'iiab_network_mode_applied'
value: '{{ iiab_network_mode }}'
- option: 'dhcp_service2'
value: '{{ dhcp_service2 }}'
- option: 'dnsmasq_enabled'
value: '{{ dnsmasq_enabled }}'
- option: 'no_net_restart'
value: '{{ no_net_restart }}'

18
roles/network/tasks/dansguardian.yml
View file

@ -1,4 +1,4 @@
- name: Install dansguardian packages
- name: Install DansGuardian packages
package: name={{ item }}
state=present
with_items:
@ -6,31 +6,31 @@
tags:
- download
- name: Copy dansguardian config file
template: src=squid/dansguardian.conf.j2
- name: Copy DansGuardian config file
template: src=roles/network/templates/squid/dansguardian.conf.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=dansguardian
mode=0640
when: ansible_distribution == "Fedora"
- name: Copy dansguardian config file
template: src=squid/dansguardian.conf.debian.j2
- name: Copy DansGuardian config file
template: src=roles/network/templates/squid/dansguardian.conf.debian.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=dansguardian
mode=0640
when: is_debuntu
- name: Copy dansguardian config file for CentOS
template: src=squid/dansguardian.conf.centos.j2
- name: Copy DansGuardian config file for CentOS
template: src=roles/network/templates/squid/dansguardian.conf.centos.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=vscan
mode=0640
when: ansible_distribution == "CentOS"
- name: Create dansguardian log directory
- name: Create 'dansguardian' log directory
file: path=/var/log/dansguardian
owner=dansguardian
group=dansguardian
@ -38,7 +38,7 @@
state=directory
when: ansible_distribution != "CentOS"
- name: Create dansguardian log directory for CentOS
- name: Create DansGuardian log directory for CentOS
file: path=/var/log/dansguardian
owner=dansguardian
group=vscan

128
roles/network/tasks/debian.yml
View file

@ -9,94 +9,70 @@
# 4. In lan_controller: wan is off, eth0 and wlan0 under br0
# 5. In gateway: eth0 is wan, and wlan0 is under br0 (only one adapter under br0)
# 6. As a slight concess to auto config, if eth1 exists, make it wan, and force gateway
#- name: In upgrade from earlier IIAB 6.2, delete the resolvconf
# package: name=resolvconf
# state=absent
# enabled=False
# ignore_errors: True
- name: in upgrade from earlier 6.2, delete the resolvconf
package: name=resolvconf
state=absent
enabled=False
ignore_errors: True
#- name: Get the dhcp client daemon used in recent raspbian
# package: name=dhcpcd5
# state=present
- name: Get the dhcp client daemon used in recent raspbian
package: name=dhcpcd5
state=present
- name: for upgrades from earlier 6.2, remove br0 file
- name: For upgrades from earlier IIAB 6.2, remove br0 file
file: path=/etc/network/interfaces.d/br0
state=absent
when: iiab_lan_iface != "br0" and wan_ip == "dhcp"
- name: default to lan controller
set_fact:
gui_desired_network_role: "lan_controller"
when: not gui_desired_network_role is defined
- name: Supply resolvconf.conf
template: dest=/etc/resolvconf.conf
src=network/resolvconf.j2
- name: Recover from putting config in /etc/network/interfaces
template: dest=/etc/network/interfaces
src=network/interfaces.j2
- name: Supply dhcpcd.conf
template: dest=/etc/dhcpcd.conf
src=network/dhcpcd.conf.j2
when: dhcpcd_result == "enabled"
- name: Copy the bridge script
template: dest=/etc/network/interfaces.d/iiab
src=network/iiab.j2
register: interface
src=network/systemd.j2
when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp")
- name: start up the dhcpcd service
service: name=dhcpcd
enabled=True
state=started
- name: Copy the bridge script for RPi
template: dest=/etc/network/interfaces.d/iiab
src=network/rpi.j2
when: is_rpi and iiab_lan_iface == "br0"
- name: If this was a change, things need to shift
service: name=hostapd state=stopped
when: interface.changed
- name: bind may be affected
service: name={{ dns_service }} state=stopped
when: named_install and dnsmasq_enabled
- name: dhcpd may be affected
service: name=bind9 state=stopped
when: interface.changed
# dhcpd_server release the interface
- name: dhcpd_server may be affected - stopping dhcpd
service: name=dhcpd state=stopped
when: dhcpd_install
- name: dhcpd_server may be affected - stopping dnsmasq
service: name=dnsmasq state=stopped
when: dnsmasq_install
- name: reload systemd
shell: systemctl daemon-reload
# now pick up denyinterfaces
- name: restart dhcpcd
service: name=dhcpcd state=restarted
when: dhcpcd_result == "enabled"
- name: restart the networking service
service: name=networking state=restarted
when: interface.changed
service: name=networking state=restarted
when: not nobridge is defined and not no_net_restart
- name: restart hostapd when wifi is present
service: name=hostapd state=restarted
when: iiab_wireless_lan_iface is defined and hostapd_enabled and iiab_network_mode != "Appliance"
- name: start up hostapd again
service: name=hostapd state=started
when: interface.changed
- name: dhcpd may be affected
service: name=bind9 state=started
when: interface.changed
#create lan br0 if lan_controller or gateway
#create wan br0 if appliance
#allocate wlan0 under br0 in all cases
#allocate eth0 under br0 if appliance, alone if gateway
- name: Add location section to config file
ini_file: dest='{{ iiab_config_file }}'
section=network
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'gateway_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'gateway_ifcfg'
value: '{{ has_ifcfg_gw }}'
- option: 'detected_gateway'
value: '{{ discovered_wan_iface }}'
- option: 'prior_gateway'
value: '{{ device_gw2 }}'
- option: 'wireless_list_1'
value: '{{ wifi1 }}'
- option: 'wireless_list_2'
value: '{{ wifi2 }}'
- option: 'num_wifi_interfaces'
value: '{{ num_wifi_interfaces }}'
- option: 'discovered_wireless_iface'
value: '{{ discovered_wireless_iface }}'
- option: 'iiab_wireless_lan_iface'
value: '{{ iiab_wireless_lan_iface }}'
- option: 'num_lan_interfaces'
value: '{{ num_lan_interfaces }}'
- option: 'detected_lan'
value: '{{ discovered_lan_iface }}'
- option: 'static_wan'
value: '{{ gui_static_wan }}'
#- name: dhcp_server may be affected - starting - user choice
# service: name={{ dhcp_service2 }} state=started
# when: iiab_network_mode != "Appliance"

Some files were not shown because too many files have changed in this diff Show more