external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'iiab:master' into freepbx-readme

Browse source
This commit is contained in:
lemueldsouza 2021-08-13 20:08:36 +05:30 committed by GitHub
commit a8844dbad5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
82 changed files with 1843 additions and 867 deletions
Download patch file Download diff file Expand all files Collapse all files

0
roles/elgg/README.rst → roles/0-DEPRECATED-ROLES/elgg/README.rst
View file

0
roles/elgg/defaults/main.yml → roles/0-DEPRECATED-ROLES/elgg/defaults/main.yml
View file

0
roles/elgg/tasks/apache.yml → roles/0-DEPRECATED-ROLES/elgg/tasks/apache.yml.unused
View file

39
roles/elgg/tasks/install.yml → roles/0-DEPRECATED-ROLES/elgg/tasks/install.yml
View file

@ -1,11 +1,12 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
set_fact:
apache_install: True
apache_enabled: True
# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
# set_fact:
# apache_install: True
# apache_enabled: True
#
# - name: APACHE - run 'httpd' role
# include_role:
# name: httpd
- name: APACHE - run 'httpd' role
include_role:
name: httpd
# 2020-06-15: roles/httpd/tasks/install.yml now takes care of this.
# # 2020-05-21: Required now that mysql/tasks/install.yml installs
@ -32,7 +33,7 @@
# creates: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip"
get_url:
url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip"
dest: "{{ downloads_dir }}"
dest: "{{ downloads_dir }}" # /opt/iiab/downloads
timeout: "{{ download_timeout }}"
when: internet_available
@ -41,7 +42,7 @@
path: "/opt/elgg-{{ elgg_version }}/index.php"
register: elgg
- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist
- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist ({{ apache_user }}:{{ apache_user }})
#shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt"
unarchive:
#remote_src: yes
@ -52,7 +53,7 @@
group: "{{ apache_user }}"
when: elgg.stat.exists is defined and not elgg.stat.exists
- name: Create softlink from /opt/elgg to /opt/elgg-{{ elgg_version }}
- name: Symlink /opt/elgg -> /opt/elgg-{{ elgg_version }}
file:
src: "./elgg-{{ elgg_version }}"
path: /opt/elgg
@ -69,13 +70,13 @@
group: "{{ apache_user }}"
# The name of this file changed from 1.9 to 1.10.
- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree
- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree (0644)
copy:
src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
dest: "/opt/{{ elgg_xx }}/.htaccess"
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0644'
mode: 0644
#regexp='^#RewriteBase'
- name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }} # http://box/elgg
@ -86,12 +87,12 @@
insertafter: '^#RewriteBase'
line: "RewriteBase {{ elgg_url }}/"
- name: Set /opt/elgg/engine directory permissions to 0755 so Apache can write there
- name: Set /opt/elgg/engine directory permissions to 0755 (owner {{ apache_user }}) so Apache can write there
file:
state: directory
path: /opt/elgg/engine/
owner: "{{ apache_user }}"
mode: '0755'
mode: 0755
- name: Change /opt/elgg-{{ elgg_version }} ownership to {{ apache_user }}:{{ apache_user }} (likely not nec, as unarchive & all do this above)
file:
@ -103,14 +104,14 @@
- name: Create upload directory {{ elgg_upload_path }} that Apache (and Elgg) can write to
file:
path: "{{ elgg_upload_path }}"
path: "{{ elgg_upload_path }}" # /library/elgg
state: directory
owner: "{{ apache_user }}"
- name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }} # http://box/elgg
template:
src: elgg.conf
dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
# - name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }} # http://box/elgg
# template:
# src: elgg.conf
# dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
- name: Set up Elgg's MySQL database

9
roles/elgg/tasks/main.yml → roles/0-DEPRECATED-ROLES/elgg/tasks/main.yml
View file

@ -24,14 +24,13 @@
when: elgg_installed is undefined
#- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
include_tasks: apache.yml
#when: not nginx_enabled
# #- name: Enable/Disable/Restart Apache if primary
# - name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
# include_tasks: apache.yml
# #when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled
- name: Add 'elgg' variable values to {{ iiab_ini_file }}

0
roles/elgg/tasks/nginx.yml → roles/0-DEPRECATED-ROLES/elgg/tasks/nginx.yml
View file

0
roles/elgg/tasks/setup.yml → roles/0-DEPRECATED-ROLES/elgg/tasks/setup.yml
View file

0
roles/elgg/templates/elgg-nginx.conf.j2 → roles/0-DEPRECATED-ROLES/elgg/templates/elgg-nginx.conf.j2
View file

0
roles/elgg/templates/elgg.conf → roles/0-DEPRECATED-ROLES/elgg/templates/elgg.conf.unused
View file

0
roles/elgg/templates/elggdb.sql.j2 → roles/0-DEPRECATED-ROLES/elgg/templates/elggdb.sql.j2
View file

0
roles/elgg/templates/settings.php.j2 → roles/0-DEPRECATED-ROLES/elgg/templates/settings.php.j2
View file

0
roles/httpd/README.md → roles/0-DEPRECATED-ROLES/httpd/README.md
View file

0
roles/httpd/defaults/main.yml → roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml
View file

0
roles/httpd/tasks/homepage.yml → roles/0-DEPRECATED-ROLES/httpd/tasks/homepage.yml
View file

2
roles/httpd/tasks/install.yml → roles/0-DEPRECATED-ROLES/httpd/tasks/install.yml
View file

@ -4,7 +4,7 @@
#name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS?
name:
- "{{ apache_service }}" # apache2 on Debuntu
- libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -- 2021-06-28 FYI: this also drags in libsodium23 (likewise installed via nginx/tasks/install.yml AND moodle/tasks/install.yml)
- libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle, roles/pbx's FreePBX & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -- 2021-06-28 FYI: this also drags in libsodium23 (likewise installed via nginx/tasks/install.yml AND moodle/tasks/install.yml)
#- "php{{ php_version }}"
#- "php{{ php_version }}-curl"
state: present

0
roles/httpd/tasks/main.yml → roles/0-DEPRECATED-ROLES/httpd/tasks/main.yml
View file

0
roles/httpd/templates/010-iiab.conf.j2 → roles/0-DEPRECATED-ROLES/httpd/templates/010-iiab.conf.j2
View file

0
roles/httpd/templates/iiab-homepage.conf → roles/0-DEPRECATED-ROLES/httpd/templates/iiab-homepage.conf
View file

0
roles/httpd/templates/proxy_ajp.conf.j2 → roles/0-DEPRECATED-ROLES/httpd/templates/proxy_ajp.conf.j2
View file

4
roles/0-init/tasks/main.yml
View file

@ -56,8 +56,8 @@
- name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?"
include_tasks: tz.yml
- name: Test Gateway + Test Internet + Set new hostname/domain if nec + Set 'gui_port' to 80 or 443 for Admin Console
include_tasks: network.yml # Can run hostname.yml
- name: Test Gateway + Test Internet + Set new hostname/domain (hostname.yml) if nec + Set 'gui_port' to 80 or 443 for Admin Console
include_tasks: network.yml
- name: Add 'runtime' variable values to {{ iiab_ini_file }}

16
roles/0-init/tasks/validate_vars.yml
View file

@ -61,9 +61,9 @@
# https://github.com/iiab/iiab/blob/master/tests/test.yml
# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml
#
# 2020-11-04: Fix validation of 5 core dependencies, for ./runrole etc
# 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc
- name: Set vars_checklist for 46 + 46 + 41 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
- name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked
set_fact:
vars_checklist:
- hostapd
@ -76,7 +76,7 @@
- openvpn
- admin_console
#- nginx # MANDATORY
- apache # Dependency - excluded from _installed check below
#- apache # Unmaintained - former dependency
#- mysql # MANDATORY
- squid
- dansguardian
@ -90,7 +90,7 @@
- azuracast
#- dokuwiki # Unmaintained
#- ejabberd # Unmaintained
- elgg
#- elgg # Unmaintained
- gitea
- jupyterhub
- lokole
@ -99,7 +99,6 @@
- nodejs # Dependency - excluded from _installed check below
- nodered
- nextcloud
- pbx
- wordpress
- kalite
- kolibri
@ -116,11 +115,12 @@
- phpmyadmin
- vnstat
- yarn # Dependency - excluded from _installed check below
- internetarchive
- captiveportal
- internetarchive
- minetest
- calibre
- calibreweb
- calibre
- pbx
- name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined
assert:
@ -162,5 +162,5 @@
that: "{{ item }}_install or {{ item }}_installed is undefined"
fail_msg: "DISALLOWED: '{{ item }}_install: False' (e.g. in /etc/iiab/local_vars.yml) WHEN '{{ item }}_installed' is defined (e.g. in /etc/iiab/iiab_state.yml) -- IIAB DOES NOT SUPPORT UNINSTALLS -- please verify those 2 files especially, and other places variables are defined?"
quiet: yes
when: item != 'apache' and item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies
when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies
loop: "{{ vars_checklist }}"

2
roles/2-common/tasks/packages.yml
View file

@ -30,6 +30,8 @@
#- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml
- pandoc # For /usr/bin/iiab-refresh-wiki-docs
- pastebinit # For /usr/bin/iiab-diagnostics
#- python3-pip # 2021-07-29: Already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc
#- python3-venv # 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 do not.
- rsync
#- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
- sqlite3

4
roles/6-generic-apps/tasks/main.yml
View file

@ -3,7 +3,6 @@
- name: ...IS BEGINNING ====================================
meta: noop
# UNMAINTAINED
- name: AZURACAST
include_role:
name: azuracast
@ -21,10 +20,11 @@
name: ejabberd
when: ejabberd_install is defined and ejabberd_install
# UNMAINTAINED
- name: ELGG
include_role:
name: elgg
when: elgg_install
when: elgg_install is defined and elgg_install
- name: GITEA
include_role:

2
roles/calibre-web/tasks/install.yml
View file

@ -1,4 +1,4 @@
- name: "Install ImageMagick package: imagemagick"
- name: "Install packages: imagemagick, python3-venv"
package:
name:
- imagemagick

4
roles/calibre/tasks/install.yml
View file

@ -37,13 +37,13 @@
# 2. SYSTEMD SERVICES
- name: Create /etc/systemd/system/calibre-serve.service and /etc/{{ apache_conf_dir }}/calibre.conf
- name: 'Install from template: /etc/systemd/system/calibre-serve.service'
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: 'calibre-serve.service.j2', dest: '/etc/systemd/system/calibre-serve.service' }
- { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}' } # apache2/sites-available (this doesn't work, see #529: let's try to create /etc/nginx/conf.d/calibre-nginx.conf in future!)
#- { src: 'calibre.conf', dest: '/etc/{{ apache_conf_dir }}' } # apache2/sites-available (this doesn't work, see #529: let's try to create /etc/nginx/conf.d/calibre-nginx.conf in future!)
- name: Stop service 'calibre-serve' (/usr/bin/calibre-server by Kovid Goyal)
systemd:

0
roles/calibre/templates/calibre.conf → roles/calibre/templates/calibre.conf.unused
View file

0
roles/internetarchive/tasks/apache.yml → roles/internetarchive/tasks/apache.yml.unused
View file

6
roles/internetarchive/tasks/install.yml
View file

@ -62,12 +62,6 @@
src: internetarchive.service.j2
dest: /etc/systemd/system/internetarchive.service
- name: "Install from template: /etc/{{ apache_conf_dir }}/internetarchive.conf"
template:
src: internetarchive.conf
dest: "/etc/{{ apache_conf_dir }}/internetarchive.conf" # apache2/sites-available
when: apache_installed is defined
# 4. RECORD Internet Archive AS INSTALLED

8
roles/internetarchive/tasks/main.yml
View file

@ -68,13 +68,13 @@
state: stopped
when: not internetarchive_enabled
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: apache_installed is defined and not nginx_enabled
# - name: Enable/Disable/Restart Apache if primary
# include_tasks: apache.yml
# when: apache_installed is defined and not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
include_tasks: nginx.yml
when: nginx_enabled
#when: nginx_enabled
- name: Add 'internetarchive' variable values to {{ iiab_ini_file }}

0
roles/internetarchive/templates/internetarchive.conf → roles/internetarchive/templates/internetarchive.conf.unused
View file

36
roles/jupyterhub/README.md
View file

@ -1,10 +1,32 @@
## JupyterHub programming environment with student Notebooks
#### High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog:
#### Secondary schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their own blog-like "Jupyter Notebooks."
* Jupyter Notebooks are widely used in the scientific community.
* This IIAB package permits individual users to start using their own notebook on the server (http://box.lan/jupyterhub) without needing an individual server account.
* Once a user signs in with a username and password, these credentials are stored, and are used thereafter to gain access to the user's files.
* Individual folders are created for all student work in the path `/var/lib/protected/` — individual students will only be able to see their own work in that directory.
* Students will not have any privileges outside of their own folder.
* They may upload Jupyter Notebooks from a local machine, and download the current state of their work via a normal browser download.
* Jupyter Notebooks are widely used in the scientific community:
* [Intitutional FAQ](https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html)
* [Getting Started](https://jupyterhub.readthedocs.io/en/stable/getting-started/)
* Students create their own accounts on first use — e.g. at http://box.lan/jupyterhub — just as if they're logging in regularly (unfortunately the login screen doesn't make that clear, but the teacher _does not_ need to be involved!)
* A student can then sign in with their username and password, to gain access to their files (Jupyter Notebooks).
* The teacher should set and protect JupyterHub's overall ``Admin`` password, just in case. As with student accounts, the login screen doesn't make that clear — so just log in with username `Admin` using any password that you want to become permanent.
* Individual student folders are created in ``/var/lib/private/`` on the Internet-in-a-Box (IIAB) server:
* A student will only be able to see their own work — they do not have privileges outside of their own folder.
* Students may upload Jupyter Notebooks to the IIAB server, and download the current state of their work via a normal browser.
### Settings
Linux administrators please see `/opt/iiab/jupyterhub/etc/jupyterhub/jupyterhub_config.py` which originates from:
https://github.com/iiab/iiab/blob/master/roles/jupyterhub/templates/jupyterhub_config.py
Note that `/opt/iiab/jupyterhub` is a Python 3 virtual environment, that can be activated with the usual formula:
```
source /opt/iiab/jupyterhub/bin/activate
```
### Known Issues
* 2021-08-07: The page that allows you to reset/change your own password is not accessible. Likewise Admin users cannot reset/change the password of any _individual_ user at this time. <sub><sub>[#2918](https://github.com/iiab/iiab/pull/2918)</sub></sub>
* If necessary, a Linux administrator can delete the `/passwords.dbm.db` file at the very top of your Linux filesystem, allowing all JupyterHub users to (re)create new passwords. This does work, but is very heavy-handed. <sub><sub>[PR #2892](https://github.com/iiab/iiab/pull/2892#issuecomment-890551682)</sub></sub>
* 2021-08-07: Teachers (i.e. Admin users) cannot currently access the very helpful "administrator's page" discussed at [JupyterHub FAQ >> "How do I manage users?"](https://jupyterhub.readthedocs.io/en/stable/getting-started/institutional-faq.html#how-do-i-manage-users) and [roles/jupyterhub/templates/jupyterhub_config.py#L1049-L1054 >> "Admin users have extra privileges"](https://github.com/iiab/iiab/blob/d0e8e048347bf46c02a2cdb0da9c5cd0c489fe40/roles/jupyterhub/templates/jupyterhub_config.py#L1049-L1054). <sub><sub>[#2919](https://github.com/iiab/iiab/pull/2919)</sub></sub>
* 2021-08-08: Password [dbm file](https://github.com/jupyterhub/firstuseauthenticator#firstuseauthenticatordbm_path) `/passwords.dbm.db` should be moved from the top of the filesystem to a better place — e.g. to `/opt/iiab/jupyterhub/etc/` ? <sub><sub>[PR #2892](https://github.com/iiab/iiab/pull/2892#issuecomment-890579789)</sub></sub>

9
roles/jupyterhub/tasks/install.yml
View file

@ -13,6 +13,11 @@
when: nodejs_installed is undefined
- name: "Install package: python3-venv"
package:
name: python3-venv
state: present
- name: Make 3 directories to hold JupyterHub config
file:
state: directory
@ -40,8 +45,8 @@
- jupyterhub-systemdspawner
virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub
virtualenv_site_packages: no
virtualenv_command: /usr/bin/virtualenv
virtualenv_python: python3
virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below
#virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2)
extra_args: "--no-cache-dir"
when: internet_available

4
roles/jupyterhub/templates/jupyterhub_config.py
View file

@ -64,7 +64,7 @@
#
# Users should be properly informed if this is enabled.
# Default: False
# c.JupyterHub.admin_access = False
c.JupyterHub.admin_access = True
## DEPRECATED since version 0.7.2, use Authenticator.admin_users instead.
# Default: set()
@ -1057,7 +1057,7 @@ c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner'
#
# Defaults to an empty set, in which case no user has admin access.
# Default: set()
c.Authenticator.admin_users = set('iiab-admin')
c.Authenticator.admin_users = set('Admin')
## Set of usernames that are allowed to log in.
#

17
roles/kalite/tasks/install.yml
View file

@ -11,13 +11,14 @@
# ignore_errors: yes
# when: is_raspbian
- name: Install python2, if Raspbian/Debian > 10 or Ubuntu > 19
- name: 'Install packages: python2, python-setuptools, virtualenv (for Python 2)'
package:
name:
- python2
- python-setuptools # provides setuptools-44 last version compatible with python2
- python-setuptools # Provides setuptools-44 on recent OS's (last version compatible with python2)
- virtualenv # For Ansible module 'pip' when used with 'virtualenv_command: /usr/bin/virtualenv' and 'virtualenv_python: python2.7' -- compare package 'python3-venv' used by roles {calibre-web, jupyterhub, lokole}
state: present
when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19)
#when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19)
# 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already.
- name: Use pip to pin setuptools to 44 in {{ kalite_venv }} if Raspbian/Debian > 10 or Ubuntu > 19
@ -53,11 +54,11 @@
# Useless stanza, for 2 reasons: (1) http://box/kalite was never made to work
# (2) /etc/apache2/sites-available does not exist on many IIAB's w/o Apache
- name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)"
template:
src: kalite.conf
dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu
when: apache_installed is defined
# - name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf (useless, as http://box/kalite was never made to work)"
# template:
# src: kalite.conf
# dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu
# when: apache_installed is defined
- name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian > 10 or Ubuntu > 19
replace:

7
roles/munin/tasks/install.yml
View file

@ -1,11 +1,12 @@
- name: "Install 4 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl"
- name: "Install 5 packages: libcgi-fast-perl, munin, munin-node, munin-plugins-extra, python3-passlib"
package:
name:
#- libapache2-mod-fcgid
- libcgi-fast-perl
- munin
- munin-node
- munin-plugins-extra
- libcgi-fast-perl
#- libapache2-mod-fcgid
- python3-passlib # For Ansible module 'htpasswd' in Ansible collection community.general -- used just below
state: present
- name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd

104
roles/mysql/tasks/install.yml
View file

@ -1,110 +1,28 @@
# Stanzas as of 2021-08-02:
#
# - 1 base install
# - 6 double timeout for slow CPUs
# - 2 DB config
# - 2 record as installed
- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql'
- name: 'Install MySQL packages: mariadb-server, mariadb-client, php{{ php_version }}-mysql, python3-pymysql'
package:
name:
- mariadb-server
- mariadb-client
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
- php{{ php_version }}-mysql # Likewise installed in nextcloud/tasks/install.yml, pbx/tasks/freepbx.yml, wordpress/tasks/install.yml
- python3-pymysql # For Ansible modules {mysql_db, mysql_user} in Ansible collection community.mysql -- used in MySQL roles {mediawiki, nextcloud, wordpress} and possibly {elgg, pbx}
state: present
# 2020-07-11:
# 10 PHP package installs moved to roles/www_base/tasks/main.yml
# 2020-07-11: 10 PHP package installs moved to roles/www_base/tasks/main.yml
# php{{ php_version }}-sqlite3 install moved to roles/osm-vector-maps/tasks/install.yml
# - name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
# package:
# name:
# - MySQL-python
# - mysql
# - php
# - php-mysql
# - php-pear
# - php-gd
# - php-imap
# - php-ldap
# - php-odbc
# - php-xml
# - php-xmlrpc
# state: present
# when: not is_debuntu
#
# - include_tasks: centos.yml
# when: ansible_distribution == "CentOS"
#
# - include_tasks: fedora.yml
# when: ansible_distribution == "Fedora"
# 2019-07-03 @jvonau @holta: the next 50 lines (6 stanzas) double MariaDB's
# default boot timeout (90s to 180s) for slow CPUs like this Ubuntu 18.04.2 VM:
# https://github.com/iiab/iiab/issues/1802
# 2021-08-11: 50 lines (6 stanzas) removed, that had been doubling MariaDB's
# default boot timeout (90s to 180s) since 2019-07-03, for slow CPUs like this
# Ubuntu 18.04.2 VM: https://github.com/iiab/iiab/issues/1802 -> PR #1813
# https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd
- name: Check if /lib/systemd/system/mariadb.service exists
stat:
path: /lib/systemd/system/mariadb.service
register: mariadb_unit_file
- name: Copy pkg's /lib/systemd/system/mariadb.service to /etc/systemd/system/ to be customized (CREATES TIMESTAMPED BACKUPS OF /etc/systemd/system/mariadb.service e.g. IF OPERATOR CUSTOMIZED IT, EVEN DESPITE WARNING BELOW!)
copy:
force: yes
backup: yes
src: /lib/systemd/system/mariadb.service
dest: /etc/systemd/system/
when: mariadb_unit_file.stat.exists
- name: Symlink /etc/systemd/system/mysql.service -> /etc/systemd/system/mariadb.service
file:
state: link
force: yes
src: /etc/systemd/system/mariadb.service
path: /etc/systemd/system/mysql.service
when: mariadb_unit_file.stat.exists
- name: Symlink /etc/systemd/system/mysqld.service -> /etc/systemd/system/mariadb.service
file:
state: link
force: yes
src: /etc/systemd/system/mariadb.service
path: /etc/systemd/system/mysqld.service
when: mariadb_unit_file.stat.exists
- name: "WARN OPERATOR: Changes made to /etc/systemd/system/mariadb.service WILL BE LOST whenever 'mysql' playbook is run"
lineinfile:
path: /etc/systemd/system/mariadb.service
insertbefore: BOF # Beginning of file
line: "# WARNING: CHANGES TO THIS FILE WILL BE REGULARLY *OVERWRITTEN* BY:\n# /opt/iiab/iiab/roles/mysql/tasks/main.yml\n"
when: mariadb_unit_file.stat.exists
- name: Set systemd boot timeout to 180 seconds for slow machines, in /etc/systemd/system/mariadb.service
lineinfile:
path: /etc/systemd/system/mariadb.service
insertafter: '^\[Service\]$'
regexp: "^TimeoutStartSec="
line: "\n# 2019-07-03: @jvonau @holta doubled MariaDB's default boot timeout, from\n# 90 seconds to 180 seconds, for slow machines like this Ubuntu 18.04.2 VM:\n# https://github.com/iiab/iiab/issues/1802\n# https://mariadb.com/kb/en/library/what-to-do-if-mariadb-doesnt-start/#systemd\nTimeoutStartSec=180\n"
# If the line above were to be run repeatedly (never happens here!) Ansible
# would pollute MariaDB's systemd unit file. As multi-line regexp's are
# not allowed (both regexp's should match, for idempotency). If nec, use
# the 1-liner below, or Ansible's 'blockinfile' which pollutes config files
# in its own way...surrounding blocks with marker lines.
# line: "TimeoutStartSec=180"
when: mariadb_unit_file.stat.exists
# 2 STANZAS BELOW...could later be put into setup.yml or config.yml or or provision.yml ?
# OS's have finally caught up - default timeout is now 900 seconds:
# https://github.com/iiab/iiab/pull/2936
# Name of MySQL service varies by OS, so hardcoded in /opt/iiab/iiab/vars/<OS>.yml (formerly in roles/0-init/tasks/main.yml)
- name: Start MySQL systemd service ({{ mysql_service }}) to permit configuration
- name: Restart MySQL systemd service ({{ mysql_service }}) to permit configuration
systemd:
name: "{{ mysql_service }}"
daemon_reload: yes
name: "{{ mysql_service }}"
state: restarted
- name: "Install /root/.my.cnf file from template -- used to contain root password credential, prior to 2020-08-24: https://github.com/iiab/iiab/pull/2488"

18
roles/nginx/README.md
View file

@ -2,15 +2,15 @@
1. Initial testing strategy (December 2019 - February 2020) was to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) &mdash; creating "Shims" for each IIAB App/Service in *Section iii.* below.
Until "Native" NGINX is later implemented for each such IIAB App/Service &mdash; allowing each to move up to *Section ii.* below.
Until "Native" NGINX was later implemented for each such IIAB App/Service &mdash; allowing each to move up to *Section ii.* below.
And potentially later moving each up to *Section i.* if its Apache support is dropped!
And progressively later moving each up to *Section i.* when its Apache support was dropped.
(Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles))
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
2. Without PHP available via FastCGI, any function at all for PHP-based applications validated NGINX.
3. Current state of IIAB App/Service migrations as of 2021-07-24: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
3. Current state of IIAB App/Service migrations as of 2021-08-08: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
1. These support "Native" NGINX but ***NOT*** Apache
@ -37,11 +37,11 @@
2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
* NONE: Apache support is being fully removed starting 2021-07-06 ([PR #2850](https://github.com/iiab/iiab/pull/2850))
* **NONE: Apache support is now fully REMOVED as of 2021-08-08** ([PR #2850](https://github.com/iiab/iiab/pull/2850))
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache.
* elgg [*, should be deprecated, or considered for a complete overhaul from ancient Elgg 2.x to 4.x?]
* elgg [deprecated -- consider assisting with a complete overhaul from Elgg 2.x to 4.x ?]
4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
@ -53,11 +53,11 @@
* minetest
* mosquitto
* openvpn
* pbx [*, requires Apache for now, as in Section iii., [PR #2862](https://github.com/iiab/iiab/pull/2862)]
* pbx [*, recommends Apache for now, as in Section iii., [#2914](https://github.com/iiab/iiab/issues/2914)]
* phpmyadmin [*, requires Apache for now, as in Section iii.]
* samba
* samba [*, [PR #2923](https://github.com/iiab/iiab/pull/2923)]
* sshd
* transmission
* vnstat
[*] The 4 above starred roles could use improvement, as of 2021-07-24.
[*] The 4 above starred roles could use improvement, as of 2021-08-08.

46
roles/nginx/tasks/enable-or-disable.yml
View file

@ -1,29 +1,29 @@
- name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap
systemd:
name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
state: stopped
ignore_errors: yes
# 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!)
# - name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap
# systemd:
# name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
# state: stopped
# ignore_errors: yes
# # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!)
- name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
template:
src: ports.conf.j2
dest: "/etc/{{ apache_service }}/ports.conf"
when: nginx_enabled
# - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
# template:
# src: ports.conf.j2
# dest: "/etc/{{ apache_service }}/ports.conf"
# when: nginx_enabled
- name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
template:
src: stock-apache-ports.conf
dest: "/etc/{{ apache_service }}/ports.conf"
when: not nginx_enabled
# - name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
# template:
# src: stock-apache-ports.conf
# dest: "/etc/{{ apache_service }}/ports.conf"
# when: not nginx_enabled
- name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it
systemd:
name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
daemon_reload: yes
state: restarted
enabled: true
when: apache_installed is defined and apache_enabled # or not nginx_enabled
# - name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it
# systemd:
# name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
# daemon_reload: yes
# state: restarted
# enabled: true
# when: apache_installed is defined and apache_enabled # or not nginx_enabled
- name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled

36
roles/nginx/tasks/install.yml
View file

@ -1,25 +1,42 @@
- name: Stop '{{ apache_service }}' systemd service
- name: Stop & Disable '{{ apache_service }}' systemd service, in case it exists
systemd:
name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
state: stopped
enabled: no
ignore_errors: yes
# 'when: apache_installed is defined' insuff b/c mysql's php installs apache2
# 'when: apache_installed is defined' insuff b/c mysql's php (etc) can install apache2
- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php{{ php_version }}-fpm, uwsgi, uwsgi-plugin-python3'
package:
name:
- libnginx-mod-http-subs-filter
- nginx-extras
- php{{ php_version }}-fpm # Drags in [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
- php{{ php_version }}-fpm # INSTALLS [0] /etc/apache2/conf-available/php{{ php_version }}-fpm.conf AND DRAGS IN [1] php{{ php_version }}-cli (superset of php{{ php_version }}-common) [2] libsodium23 (likewise installed in moodle/tasks/install.yml AND wordpress/tasks/install.yml) [3] php{{ php_version }}-json if PHP < 8.0 (NEEDED FOR nextcloud/tasks/install.yml AND pbx/tasks/freepbx_dependencies.yml AND wordpress/tasks/install.yml)
- uwsgi # Admin Console & roles/captiveportal should really install
- uwsgi-plugin-python3 # these 2 packages on demand (not every IIAB needs these).
state: present
# 2021-08-07: Legacy from roles/httpd/tasks/install.yml
# - name: 'Create group: admin'
# group:
# name: admin
# 2020-10-16: Removed per #2560
#- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
# user:
# name: "{{ apache_user }}" # www-data or apache, per /opt/iiab/iiab/vars/<OS>.yml
# groups: shadow
# - name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
# user:
# name: "{{ apache_user }}" # www-data or apache, per /opt/iiab/iiab/vars/<OS>.yml
# groups: shadow
# - name: Add user {{ apache_user }} (from variable apache_user) to groups admin, shadow
# user:
# name: "{{ apache_user }}" # www-data on Debuntu
# #groups: admin,shadow
# groups: shadow # 2020-06-04: shadow nec for Admin Console login (this line had been clobbering user www-data's membership in group shadow, as set earlier by nginx/tasks/install.yml, SEE #2431)
# createhome: no
# append: yes
- name: Remove NGINX default config /etc/nginx/sites-enabled/default
file:
@ -34,8 +51,8 @@
- { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
- { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
- { src: 'mime.types.j2', dest: '/etc/nginx/mime.types' }
#- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' } # Moved to enable-or-disable.yml
#- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml below
# - { src: 'ports.conf', dest: '/etc/{{ apache_service }}/ports.conf' } # 2021-08-09: Restored from enable-or-disable.yml then moved to roles/pbx/tasks/apache.yml
# - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" } # Moved into homepage.yml, invoked later by roles/www_options/tasks/main.yml (see below!)
- debug:
msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
@ -45,7 +62,6 @@
systemd:
name: "php{{ php_version }}-fpm"
state: restarted
#when: nginx_enabled
# RECORD NGINX AS INSTALLED

4
roles/nginx/templates/server.conf.j2
View file

@ -1,6 +1,8 @@
server {
root {{ doc_root }};
server_name {{ iiab_hostname }};
server_name $hostname; # e.g. box.lan, set dynamically when NGINX starts
#server_name {{ iiab_hostname }}.{{ iiab_domain }};
#server_name {{ iiab_hostname }};
listen 80;
index index.php index.html index.htm;

0
roles/nginx/templates/stock-apache-ports.conf → roles/nginx/templates/stock-apache-ports.conf.unused
View file

42
roles/nodejs/tasks/install.yml
View file

@ -7,11 +7,12 @@
# 2019-07-04: FOR A SOMEWHAT MORE MODERN "VERSION DETECTOR" SEE:
# github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml#L1-L40
- name: Try to run 'nodejs -v' to get Node.js version
# 'node -v' doesn't work with older versions e.g. Ubuntu 16.04's nodejs 4.2.6
- name: Try to run 'node -v' to get Node.js version
# 'node -v' doesn't work with older versions e.g. Ubuntu 16.04's Node.js 4.2.6
# 'nodejs -v' doesn't work with newer versions e.g. Node.js 16.x
# Both below convert v10.15.1 to 10.x, but this is safer: (removes non-digits)
shell: nodejs -v | sed 's/[^0-9]*//' | sed 's/[^0-9].*/.x/'
#shell: nodejs -v | sed 's/^[vV]//' | sed 's/\..*/.x/'
shell: node -v | sed 's/[^0-9]*//' | sed 's/[^0-9].*/.x/'
#shell: node -v | sed 's/^[vV]//' | sed 's/\..*/.x/'
register: nodejs_version_installed
#- debug:
@ -32,12 +33,13 @@
# /etc/iiab/local_vars.yml -- then re-run this IIAB installer.
# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stderr == ""
# 2021-08-04: Regardless, nodesource.com (below) overwrites /etc/apt/sources.list.d/nodesource.list
# Forces < 16.x or > 16.x to be removed, ignored if file is absent
- name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
file:
state: absent
path: /etc/apt/sources.list.d/nodesource.list
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
#- name: Remove /etc/apt/sources.list.d/nodesource.list if nodejs_version_installed.stdout is not {{ nodejs_version }}
# file:
# state: absent
# path: /etc/apt/sources.list.d/nodesource.list
# when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# BRUTAL but ensures consistency across OS's / distros like Raspbian Desktop & Ubermix that often include an older version of Node.js
# Forces < 16.x or > 16.x to be uninstalled
@ -45,9 +47,9 @@
package:
name: nodejs
state: absent
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version
#when: nodejs_version_installed is defined and nodejs_version_installed.stdout != nodejs_version and nodejs_version_installed.stdout != ""
# Forces == 16.x
- name: Warn if Node.js {{ nodejs_version}} already installed & might be updated
debug:
msg: "WARN: YOUR Node.js {{ nodejs_version }} MIGHT NOW BE UPDATED USING nodesource.com"
@ -65,12 +67,12 @@
# state: absent
# when: internet_available and is_debuntu
- name: Set up Node.js {{ nodejs_version }} apt sources
- name: Run 'curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -' to overwrite /etc/apt/sources.list.d/nodesource.list
shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash -
args:
warn: no
creates: /etc/apt/sources.list.d/nodesource.list
when: internet_available
#args:
# warn: no
# creates: /etc/apt/sources.list.d/nodesource.list
#when: internet_available # 2021-08-04: Better to fail & notify implementer!
#when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
# NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/<OS>.yml
# DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!)
@ -86,15 +88,9 @@
name: nodejs
state: latest
#state: present
when: internet_available
#when: internet_available # 2021-08-04: Better to fail & notify implementer!
#when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17)
# - name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat)
# shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash -
# args:
# warn: no
# when: internet_available and is_redhat
# 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm
# 1.4.21) & Debian 9 (apt offers no npm!) STILL NEED the above

10
roles/openvpn/tasks/install.yml
View file

@ -1,18 +1,12 @@
- name: "Install packages: nmap, openvpn, sudo"
- name: "Install packages: ncat, nmap, openvpn, sudo"
package:
name:
- ncat # Newer versions of NMap do not include NCat, needed to announce /etc/iiab/openvpn_handle (if Debian > 9 or Ubuntu > 18)
- nmap
- openvpn
- sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by 1-prep here, (3) Is definitely installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!)
state: present
# Newer versions of NMap do not include NCat, needed to announce /etc/iiab/openvpn_handle
- name: Install Ncat package (if Debian > 9 or Ubuntu > 18)
package:
name: ncat
state: present
when: is_debuntu and not (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18)
- name: Install ssh public keys for remote support (if openvpn_install)
lineinfile:
line: "{{ item.pubkey }}"

11
roles/pbx/defaults/main.yml
View file

@ -5,21 +5,24 @@
# pbx_install: False
# pbx_enabled: False
# pbx_try_nginx: False # 2021-08-07: PLEASE TRY NGINX INSTEAD OF APACHE,
# # AFTER READING https://github.com/iiab/iiab/issues/2914 AND #2916, THX !
# asterisk_chan_dongle: False
# pbx_signaling_ports_chan_sip: 5160:5161
# pbx_signaling_ports_chan_pjsip: 5060
# pbx_data_ports: 10000:20000
# pbx_http_port: 83
#
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
asterisk_url: http://downloads.asterisk.org/pub/telephony/asterisk/
asterisk_url: http://downloads.asterisk.org/pub/telephony/asterisk
asterisk_src_file: asterisk-18-current.tar.gz
asterisk_src_dir: /opt/iiab/asterisk
freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4/
freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4
freepbx_src_file: freepbx-16.0-latest.tgz # Beta as of 2021-06-21 but looking great! Does NOT support PHP < 7.4 (you've been warned!) Please review https://github.com/iiab/iiab/blob/master/roles/pbx/README.rst
freepbx_src_dir: /opt/iiab/freepbx
freepbx_install_dir: /var/www/html/freepbx
@ -30,6 +33,6 @@ asterisk_db_dbname: asterisk
asterisk_db_password: asterisk
asterisk_db_cdrdbname: asteriskcdrdb
chan_dongle_url: https://github.com/wdoekes/asterisk-chan-dongle/archive/
chan_dongle_url: https://github.com/wdoekes/asterisk-chan-dongle/archive
chan_dongle_src_file: master.zip
chan_dongle_src_dir: /opt/iiab/chan_dongle

41
roles/pbx/tasks/apache.yml Normal file
View file

@ -0,0 +1,41 @@
# Must happen before install of Apache, or it'll collide with NGINX port 80.
# 2021-08-09: Used to be done by roles/nginx/tasks/install.yml
- name: "FreePBX - Install from template: /etc/{{ apache_service }}/ports.conf containing 'Listen {{ pbx_http_port }}'" # i.e. port 83
template:
src: ports.conf
dest: /etc/{{ apache_service }}/
- name: "FreePBX - Install Apache packages: {{ apache_service }}, libapache2-mod-php, libapache2-mpm-itk"
package:
name:
- "{{ apache_service }}" # 2021-08-07: Install apache2 directly, as we prepare to deprecate roles/httpd
- libapache2-mod-php # NOTE duplication: roles/httpd/tasks.install.yml installed libapache2-mod-php{{ php_version }} ostensibly for "Elgg, Moodle, etc"
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user (#2914: Is this possible via NGINX?)
- name: 'FreePBX - Enable Apache module, as with "a2enmod" command: rewrite'
apache2_module:
name: rewrite
# Legacy code from roles/httpd/tasks/install.yml
# - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
# apache2_module:
# name: "{{ item }}"
# with_items:
# - headers
# - proxy
# - proxy_html
# - proxy_http
# - rewrite
# 2021-08-08: Security risks? But official install doc recommends this:
# https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
# (lineinfile doesn't quite do the job, as all instances are replaced)
- name: FreePBX - Run "sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf"
command: sed -i 's/AllowOverride None/AllowOverride All/' /etc/apache2/apache2.conf
- name: FreePBX - Install /etc/{{ apache_service }}/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
template:
src: freepbx.conf.j2
dest: /etc/{{ apache_service }}/sites-available/freepbx.conf # apache2
owner: "{{ apache_user }}" # www-data
group: "{{ apache_user }}"

110
roles/pbx/tasks/asterisk.yml
View file

@ -1,80 +1,91 @@
# 2021-08-03: Asterisk's own install_prereq (below) handles these?
#- name: Asterisk - Install dependencies
# include: asterisk_dependencies.yml
# 2021-08-05: Asterisk's own install_prereq (below) handles essentially all of these
# - name: Asterisk - Install dependencies
# include_tasks: asterisk_dependencies.yml
- name: Asterisk - Download software to /opt/iiab/downloads
# BEWARE: 'systemctl is-active asterix' falsely reports 'inactive' even when systemd
# is compiled in below! FWIW: /opt/iiab/asterisk/contrib/systemd/asterisk.service
# https://github.com/asterisk/asterisk/blob/master/contrib/systemd/asterisk.service
- name: Asterisk - Install package 'libsystemd-dev' so Asterisk compiles in imperfect-but-improving systemd support -- if ./configure below places '#define HAVE_SYSTEMD 1' in /opt/iiab/asterisk/include/asterisk/autoconfig.h -- please later confirm with 'ldd /usr/sbin/asterisk | grep systemd' -- per https://community.asterisk.org/t/systemctl-start-asterisk-is-fail-with-timeout/81123/3
package:
name: libsystemd-dev
state: present
- name: Asterisk - Download {{ asterisk_url }}/{{ asterisk_src_file }} to {{ downloads_dir }}
get_url:
url: "{{ asterisk_url }}/{{ asterisk_src_file }}"
dest: "{{ downloads_dir }}/{{ asterisk_src_file }}"
dest: "{{ downloads_dir }}" # e.g. /opt/iiab/downloads/asterisk-18-current.tar.gz
timeout: "{{ download_timeout }}"
when: internet_available
- name: Asterisk - Check for /opt/iiab/downloads/{{ asterisk_src_file }}
- name: Asterisk - Check for {{ downloads_dir }}/{{ asterisk_src_file }}
stat:
path: "{{ downloads_dir }}/{{ asterisk_src_file }}"
register: asterisk_src
- name: Asterisk - FAIL (force Ansible to exit) IF /opt/iiab/downloads/{{ asterisk_src_file }} doesn't exist
- name: Asterisk - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ asterisk_src_file }} doesn't exist
fail:
msg: "{ downloads_dir }}/{{ asterisk_src_file }} is REQUIRED in order to install."
msg: "{{ downloads_dir }}/{{ asterisk_src_file }} is REQUIRED to install Asterisk."
when: not asterisk_src.stat.exists
- name: Asterisk - Create install source directory
- name: Asterisk - Create source dir {{ asterisk_src_dir }}
file:
path: "{{ asterisk_src_dir }}"
path: "{{ asterisk_src_dir }}" # /opt/iiab/asterisk
state: directory
- name: Asterisk - Extract source
- name: Asterisk - Extract to source dir (root:root by default)
unarchive:
src: "{{ downloads_dir }}/{{ asterisk_src_file }}"
dest: "{{ asterisk_src_dir }}"
owner: root
group: root
# owner: root
# group: root
extra_opts: [--strip-components=1]
creates: "{{ asterisk_src_dir }}/Makefile"
# 2021-08-03: Asterisk's install_prereq script (stanza just below) installs
# 'aptitude' regardless, within handle_debian() here:
# https://github.com/asterisk/asterisk/blob/master/contrib/scripts/install_prereq#L262-L271
#
#- name: Asterisk - Install aptitude (otherwise install_prereq fails?)
# package:
# name: aptitude
# state: latest
# - name: Asterisk - Install aptitude (otherwise install_prereq fails?)
# package:
# name: aptitude
# state: latest
- name: Asterisk - Ensure all dependencies are resolved - CAN TAKE 5 MIN OR LONGER!
- name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 5 MIN OR LONGER!
shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install
args:
chdir: "{{ asterisk_src_dir }}"
# 2021-08-03: Requires subversion (installed just above)
- name: Asterisk - Download mp3 decoder library into source tree
- name: Asterisk - Download mp3 decoder library into source tree - requires 'subversion' installed just above
command: ./contrib/scripts/get_mp3_source.sh
args:
chdir: "{{ asterisk_src_dir }}"
creates: addons/mp3/mpg123.h
- name: Asterisk - Run the configure script
command: ./configure --with-jansson-bundled
- name: Asterisk - Run './configure --with-pjproject-bundled --with-jansson-bundled'
command: ./configure --with-pjproject-bundled --with-jansson-bundled
args:
chdir: "{{ asterisk_src_dir }}"
- name: Asterisk - Run make menuselect.makeopts
- name: Asterisk - Run 'make menuselect.makeopts'
command: make menuselect.makeopts
args:
chdir: "{{ asterisk_src_dir }}"
creates: menuselect.makeopts
- name: Asterisk - Do a bit of menuselect configuration
command: >
menuselect/menuselect --enable app_macro --enable format_mp3
--enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722
--enable EXTRA-SOUNDS-EN-WAV --enable EXTRA-SOUNDS-EN-G722 --enable EXTRA-SOUNDS-EN-GSM
--disable-category MENUSELECT_MOH
command: menuselect/menuselect --enable app_macro --enable format_mp3 menuselect.makeopts
# 2021-08-06: Let's standardize (ABOVE) if 6 others (BELOW) aren't needed?
# command: >
# menuselect/menuselect --enable app_macro --enable format_mp3
# --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-G722
# --enable EXTRA-SOUNDS-EN-WAV --enable EXTRA-SOUNDS-EN-G722 --enable EXTRA-SOUNDS-EN-GSM
# --disable-category MENUSELECT_MOH
args:
chdir: "{{ asterisk_src_dir }}"
- name: Asterisk - Run 'make' - CAN TAKE 30 MIN OR LONGER!
- name: Asterisk - Run 'make' - CAN TAKE 8-30 MIN OR LONGER!
command: make
args:
chdir: "{{ asterisk_src_dir }}"
@ -91,37 +102,52 @@
args:
chdir: "{{ asterisk_src_dir }}"
- name: Asterisk - Run 'make samples'
- name: Asterisk - Run 'make samples' - this creates /etc/asterisk/asterisk.conf used below
command: make samples
args:
chdir: "{{ asterisk_src_dir }}"
- name: Asterisk - Run 'ldconfig'
shell: ldconfig
command: ldconfig
args:
chdir: "{{ asterisk_src_dir }}"
- name: Asterisk - Ensure group 'asterisk' exists
group:
name: asterisk
state: present
# 2021-08-06: Most install recipes do 'update-rc.d -f asterisk remove' here.
# Can't hurt but we do that a bit later in freepbx.yml
- name: Asterisk - Ensure user 'asterisk' exists, and belongs to the required groups
# 2021-08-06: Taken care of just below
# - name: Asterisk - Ensure group 'asterisk' exists
# group:
# name: asterisk
# state: present
#- name: Asterisk - Ensure system user 'asterisk' has primary group 'asterisk', groups 'audio,dialout', home '/var/lib/asterisk'
- name: Asterisk - Create Linux user 'asterisk'
user:
name: asterisk
group: asterisk
groups: audio,dialout
home: /var/lib/asterisk
system: yes
append: yes
# group: asterisk # 2021-08-06: Implicit
groups: audio,dialout # 2021-08-08: Plausibly might help?
home: /var/lib/asterisk # 2021-08-07: /home/asterisk (default) ok too
system: yes # 2021-08-08: No evidence this is needed. Hopefully it doesn't cause harm? (FYI Ansible doesn't change pre-existing users)
append: yes # 2021-08-08: Not essential. So Ansible adds groups w/o deleting existing group memberships.
- name: "Asterisk - Set ownership of 5 directories: /etc/asterisk, /var/lib/asterisk, /var/log/asterisk, /var/spool/asterisk, /usr/lib/asterisk (asterisk:asterisk)"
- name: Asterisk - Add user 'www-data' to group 'asterisk' - if pbx_try_nginx
user:
name: www-data
groups: asterisk
# system: yes # 2021-08-06: Ansible doesn't change pre-existing users
append: yes
when: pbx_try_nginx
- name: Asterisk - Set ownership for 6 directories (asterisk:asterisk, recurse)
file:
dest: "{{ item }}"
owner: asterisk
group: asterisk
recurse: yes
with_items:
- /var/run/asterisk
- /etc/asterisk
- /var/lib/asterisk
- /var/log/asterisk

6
roles/pbx/tasks/asterisk_dependencies.yml.unused
View file

@ -1,12 +1,12 @@
- name: Asterisk - Install dependencies
package:
name:
- git
- curl
- git # 2021-08-05: Not in Asterisk's install_prereq
- curl # 2021-08-05: Not in Asterisk's install_prereq
- wget
- libnewt-dev
- libssl-dev
- libncurses5-dev
- libncurses5-dev # 2021-08-05: Not in Asterisk's install_prereq
- subversion
- libsqlite3-dev
- build-essential

36
roles/pbx/tasks/chan_dongle.yml
View file

@ -1,49 +1,52 @@
- name: chan_dongle - Download software to /opt/iiab/downloads
# RPi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html
- name: chan_dongle - Download {{ chan_dongle_url }}/{{ chan_dongle_src_file }} to {{ downloads_dir }}
get_url:
url: "{{ chan_dongle_url }}/{{ chan_dongle_src_file }}"
dest: "{{ downloads_dir }}/{{ chan_dongle_src_file }}"
url: "{{ chan_dongle_url }}/{{ chan_dongle_src_file }}" # /opt/iiab/downloads/master.zip
dest: "{{ downloads_dir }}/{{ chan_dongle_src_file }}" # Keep name as "master.zip" whereas browsers rename it to asterisk-chan-dongle-master.zip
timeout: "{{ download_timeout }}"
when: internet_available
- name: chan_dongle - Check for /opt/iiab/downloads/{{ chan_dongle_src_file }}
- name: chan_dongle - Check for {{ downloads_dir }}/{{ chan_dongle_src_file }}
stat:
path: "{{ downloads_dir }}/{{ chan_dongle_src_file }}"
register: chan_dongle_src
- name: chan_dongle - FAIL (force Ansible to exit) IF /opt/iiab/downloads/{{ chan_dongle_src_file }} doesn't exist
fail:
msg: "{ downloads_dir }}/{{ chan_dongle_src_file }} is REQUIRED in order to install."
msg: "{ downloads_dir }}/{{ chan_dongle_src_file }} is REQUIRED to install chan_dongle."
when: not chan_dongle_src.stat.exists
- name: chan_dongle - Create install source directory
- name: chan_dongle - Create source dir {{ chan_dongle_src_dir }}
file:
path: "{{ chan_dongle_src_dir }}"
path: "{{ chan_dongle_src_dir }}" # /opt/iiab/chan_dongle
state: directory
- name: chan_dongle - Extract source
- name: chan_dongle - Extract to {{ downloads_dir }} (root:root)
unarchive:
src: "{{ downloads_dir }}/{{ chan_dongle_src_file }}"
dest: "{{ downloads_dir }}"
owner: root
group: root
- name: chan_dongle - move to {{ chan_dongle_src_dir }}
- name: chan_dongle - Run 'rsync -av {{ downloads_dir }}/asterisk-chan-dongle-master/ {{ chan_dongle_src_dir }}'
command: rsync -av {{ downloads_dir }}/asterisk-chan-dongle-master/ {{ chan_dongle_src_dir }}
args:
chdir: "{{ downloads_dir }}"
- name: chan_dongle - Run the bootstrap script
command: "./bootstrap"
- name: chan_dongle - Run './bootstrap'
command: ./bootstrap
args:
chdir: "{{ chan_dongle_src_dir }}"
creates: "{{ chan_dongle_src_dir }}/configure"
- name: chan_dongle - Find out asterisk version
shell: asterisk -V |cut -d " " -f 2
- name: chan_dongle - Run 'asterisk -V | cut -d " " -f 2' for asterisk_ver
shell: asterisk -V | cut -d " " -f 2
register: asterisk_ver
- name: chan_dongle - Run the configure script
command: "./configure --with-astversion={{asterisk_ver.stdout}}"
- name: chan_dongle - Run './configure --with-astversion={{ asterisk_ver.stdout }}'
command: ./configure --with-astversion={{ asterisk_ver.stdout }}
args:
chdir: "{{ chan_dongle_src_dir }}"
creates: "{{ chan_dongle_src_dir }}/Makefile"
@ -60,9 +63,8 @@
chdir: "{{ chan_dongle_src_dir }}"
creates: "/usr/lib/asterisk/modules/chan_dongle.so"
- name: chan_dongle - Copy dongle.conf over
- name: chan_dongle - Run 'cp {{ chan_dongle_src_dir }}/etc/dongle.conf /etc/asterisk/'
command: cp {{ chan_dongle_src_dir }}/etc/dongle.conf /etc/asterisk/
args:
chdir: "{{ chan_dongle_src_dir }}"
creates: "/etc/asterisk/dongle.conf"

94
roles/pbx/tasks/enable-or-disable.yml
View file

@ -1,44 +1,82 @@
- name: Enable & (Re)start 'asterisk' systemd service (if pbx_enabled)
- name: Enable & (Re)start 'freepbx' systemd service, if pbx_enabled
systemd:
daemon_reload: yes
name: asterisk
enabled: yes
state: restarted
when: pbx_enabled
- name: Disable & Stop 'asterisk' systemd service (if not pbx_enabled)
systemd:
daemon_reload: yes
name: asterisk
enabled: no
state: stopped
when: not pbx_enabled
- name: Enable & (Re)start 'freepbx' systemd service (if pbx_enabled)
systemd:
name: freepbx
enabled: yes
state: restarted
when: pbx_enabled
- name: Disable & Stop 'freepbx' systemd service (if not pbx_enabled)
- name: Disable & Stop 'freepbx' systemd service, if not pbx_enabled
systemd:
daemon_reload: yes
name: freepbx
enabled: no
state: stopped
when: not pbx_enabled
- name: Enable http://box:{{ pbx_http_port }}/freepbx via Apache, if pbx_enabled # http://box:83/freepbx
command: a2ensite freepbx.conf
when: pbx_enabled
- block:
- name: Disable http://box:{{ pbx_http_port }}/freepbx via Apache, if not pbx_enabled
command: a2dissite freepbx.conf
when: not pbx_enabled
- name: Enable http://box:{{ pbx_http_port }}/freepbx via Apache, if pbx_enabled # http://box:83/freepbx
command: a2ensite freepbx.conf
when: pbx_enabled
- name: Restart Apache service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # httpd or apache2
state: restarted
- name: Disable http://box:{{ pbx_http_port }}/freepbx via Apache, if not pbx_enabled
command: a2dissite freepbx.conf
when: not pbx_enabled
- name: Restart & Enable '{{ apache_service }}' systemd service, if pbx_enabled
systemd:
name: "{{ apache_service }}" # apache2
state: restarted
enabled: yes
when: pbx_enabled
- name: Stop & Disable '{{ apache_service }}' systemd service, if not pbx_enabled
systemd:
name: "{{ apache_service }}"
state: stopped
enabled: no
when: not pbx_enabled
when: not pbx_try_nginx
- block:
- name: Install /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf converted from www.conf for user 'asterisk', if pbx_enabled
copy:
src: roles/pbx/templates/asterisk.conf
dest: /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
when: pbx_enabled
- name: Remove /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf, if not pbx_enabled
file:
path: /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
state: absent
when: not pbx_enabled
- name: Enable & Restart 'php{{ php_version }}-fpm' systemd service
systemd:
name: php{{ php_version }}-fpm
state: restarted
enabled: yes
- name: Enable http://box/freepbx via NGINX, by installing {{ nginx_conf_dir }}/freepbx-nginx.conf from template, if pbx_enabled
template:
src: freepbx-nginx.conf.j2
dest: "{{ nginx_conf_dir }}/freepbx-nginx.conf" # /etc/nginx/conf.d
when: pbx_enabled
- name: Disable http://box/freepbx via NGINX, by removing {{ nginx_conf_dir }}/freepbx-nginx.conf, if not pbx_enabled
file:
path: "{{ nginx_conf_dir }}/freepbx-nginx.conf"
state: absent
when: not pbx_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: pbx_try_nginx

281
roles/pbx/tasks/freepbx.yml
View file

@ -1,10 +1,73 @@
- name: FreePBX - Install dependencies
include: freepbx_dependencies.yml
# "Official" recipe: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9
# Comprehensive & recent recipe for RPi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html
# Quirky but still useful for comparison: https://computingforgeeks.com/how-to-install-asterisk-16-with-freepbx-15-on-ubuntu-debian/
# 2012-2017: http://www.raspberry-asterisk.org
- name: FreePBX - Download software to /opt/iiab/downloads
# 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via
# systemd-sysv-install, to '/etc/init.d/asterisk status' etc) is Enabled but
# Not Active at this point.
# 2021-08-05: Asterisk's systemd / systemctl support is getting there but Very
# Imperfect (even when compiled in, as a result of package 'libsystemd-dev' at
# the top of asterisk.yml).
# 2021-08-12: Let's try to track the "official" init.d / update-rc.d
# instructions ('update-rc.d -f asterisk remove') but using systemd instead,
# to be more future-proof?
- name: "FreePBX - Disable 'asterisk' systemd service, giving FreePBX full control during boot - similar to officially recommended 'update-rc.d -f asterisk remove' at: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9"
systemd:
daemon_reload: yes
name: asterisk
#state: stopped
enabled: no
- name: FreePBX - Install wget, git, unixodbc, sudo, net-tools, cron, sox + ~12 PHP dependencies (run 'php -m' or 'php -i' to verify PHP modules)
package:
name:
- wget
- git
- unixodbc # For Asterisk CDR (Call Detail Records)
- sudo # Required by FreePBX install script
- net-tools # Required by FWConsole (command-line utility, that controls FreePBX)
- cron # Required by FreePBX UCP package (User Control Panel)
- sox # Required for CDR web-playback
# - php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
- php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-cgi
# - php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml
# - php{{ php_version }}-gettext
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
- php{{ php_version }}-imap
# - php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
# - python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
- php{{ php_version }}-snmp
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
state: latest
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
# - name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
- name: FreePBX - Install and configure Apache - if not pbx_try_nginx
include_tasks: apache.yml
when: not pbx_try_nginx
- name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }}
get_url:
url: "{{ freepbx_url }}/{{ freepbx_src_file }}"
dest: "{{ downloads_dir }}/{{ freepbx_src_file }}"
dest: "{{ downloads_dir }}" # e.g. /opt/iiab/downloads/freepbx-16.0-latest.tgz
timeout: "{{ download_timeout }}"
when: internet_available
@ -15,15 +78,15 @@
- name: FreePBX - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ freepbx_src_file }} doesn't exist
fail:
msg: "{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED in order to install."
msg: "{{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED to install FreePBX."
when: not freepbx_src.stat.exists
- name: FreePBX - Create install source directory
- name: FreePBX - Create source dir {{ freepbx_src_dir }}
file:
path: "{{ freepbx_src_dir }}"
path: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx
state: directory
- name: FreePBX - Extract source
- name: FreePBX - Extract to source dir (root:root)
unarchive:
src: "{{ downloads_dir }}/{{ freepbx_src_file }}"
dest: "{{ freepbx_src_dir }}"
@ -32,53 +95,68 @@
extra_opts: [--strip-components=1]
creates: "{{ freepbx_src_dir }}/install"
- name: FreePBX - Patch FreePBX source - IIAB Bug 1685
patch:
src: roles/pbx/templates/71-freepbx-framework.patch
dest: "{{ freepbx_src_dir }}/amp_conf/htdocs/admin/libraries/BMO/Framework.class.php"
# 2021-08-04: FreePBX 16 no longer needs this FreePBX 15 patch
# - name: FreePBX - Patch FreePBX source - IIAB Bug 1685
# patch:
# src: roles/pbx/templates/71-freepbx-framework.patch
# dest: "{{ freepbx_src_dir }}/amp_conf/htdocs/admin/libraries/BMO/Framework.class.php"
- name: FreePBX - Patch FreePBX source - wants [] not {}
patch:
src: roles/pbx/templates/pbx.patch
dest: "{{ freepbx_src_dir }}/amp_conf/htdocs/admin/libraries/Composer/vendor/neitanod/forceutf8/src/ForceUTF8/Encoding.php"
# 2021-08-04: FreePBX 16 no longer needs this FreePBX 15 patch
# - name: FreePBX - Patch FreePBX source - wants [] not {}
# patch:
# src: roles/pbx/templates/pbx.patch
# dest: "{{ freepbx_src_dir }}/amp_conf/htdocs/admin/libraries/Composer/vendor/neitanod/forceutf8/src/ForceUTF8/Encoding.php"
- name: FreePBX - Disable & Stop asterisk service
systemd:
daemon_reload: yes
name: asterisk
enabled: no
state: stopped
# 2021-08-04: FreePBX 16 no longer needs this FreePBX 15 patch
# - name: FreePBX - Patch FreePBX source - disable get_magic_quotes_gpc()
# patch:
# src: roles/pbx/templates/pbx2.patch
# dest: "{{ freepbx_install_dir }}/admin/libraries/view.functions.php"
- name: FreePBX - Add mysql user
- name: FreePBX - Add MySQL user ({{ asterisk_db_user }})
mysql_user:
name: "{{ asterisk_db_user }}"
password: "{{ asterisk_db_password }}"
name: "{{ asterisk_db_user }}" # asterisk
password: "{{ asterisk_db_password }}" # asterisk
priv: "{{ asterisk_db_dbname }}.*:ALL/{{ asterisk_db_cdrdbname }}.*:ALL"
# login_host: "{{ asterisk_db_host }}"
# login_user: root
# login_password: "{{ mysql_root_password }}"
# login_host: "{{ asterisk_db_host }}"
# login_user: root
# login_password: "{{ mysql_root_password }}"
host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}"
state: present
- name: FreePBX - Add mysql db
- name: FreePBX - Add MySQL db ({{ asterisk_db_dbname }})
mysql_db:
name: "{{ asterisk_db_dbname }}"
name: "{{ asterisk_db_dbname }}" # asterisk
encoding: utf8
collation: utf8_general_ci
# login_host: "{{ asterisk_db_host }}"
# login_user: root
# login_password: "{{ mysql_root_password }}"
# login_host: "{{ asterisk_db_host }}"
# login_user: root
# login_password: "{{ mysql_root_password }}"
state: present
- name: FreePBX - Add cdr mysql db
- name: FreePBX - Add cdr MySQL db ({{ asterisk_db_cdrdbname }})
mysql_db:
name: "{{ asterisk_db_cdrdbname }}"
name: "{{ asterisk_db_cdrdbname }}" # asteriskcdrdb
encoding: utf8
collation: utf8_general_ci
login_host: "{{ asterisk_db_host }}"
state: present
- name: FreePBX - Don't let freepbx take over the php sessions dir
- name: FreePBX - Create new php sessions dir /var/lib/php/asterisk_sessions/ - SEE 'php_value session.save_path /var/lib/php/asterisk_sessions/' IN pbx/templates/freepbx.conf.j2
file:
path: /var/lib/php/asterisk_sessions/
state: directory
- name: FreePBX - Set ownership for new php sessions dir (asterisk:asterisk)
file:
dest: /var/lib/php/asterisk_sessions/
owner: asterisk
group: asterisk
recurse: yes
- name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions" # And possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache
blockinfile:
content: |
[blacklist]
@ -89,60 +167,99 @@
group: asterisk
create: yes
- name: FreePBX - Create php sessions directory
file:
path: /var/lib/php/asterisk_sessions/
state: directory
- name: FreePBX - Set ownership for php sessions directory
file:
dest: /var/lib/php/asterisk_sessions/
owner: asterisk
group: asterisk
recurse: yes
- name: FreePBX - Install (just run once) - CAN TAKE 12 MIN OR LONGER!
command: ./start_asterisk start
- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - CAN TAKE 3-12 MIN OR LONGER!
command: "{{ item }}"
args:
chdir: "{{ freepbx_src_dir }}"
creates: "{{ freepbx_install_dir }}"
creates: "{{ freepbx_install_dir }}" # /var/www/html/freepbx
with_items:
- ./start_asterisk start
- ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }}
- name: FreePBX - Install (just run once) - CAN TAKE 12 MIN OR LONGER!
command: ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }}
args:
chdir: "{{ freepbx_src_dir }}"
creates: "{{ freepbx_install_dir }}"
- name: "Run 'fwconsole stop' and 'killall -9 safe_asterisk' to stop both Asterisk processes -- this avoids \"Unable to run Pre-Asterisk hooks, because Asterisk is already running\" in 'journalctl -u freepbx' logs"
command: "{{ item }}"
with_items:
- fwconsole stop
- killall -9 safe_asterisk # 2021-08-08: Stronger medicine needed for 64-bit Ubuntu Server 21.04 on RPi 4. Originally from @jvonau's PR #2912.
- killall -9 "PM2 v4.5.0: God" # 2021-08-09: Missed by fwconsole (does this matter?)
# - killall -9 asterisk # 2021-08-05: Also from @jvonau's PR #2912, to brute force this. In the end, above 'fwconsole stop' works more gracefully.
# - ./start_asterisk stop # Buggy!
# - /usr/sbin/asterisk -rx "core stop gracefully"
# - fwconsole reload
# - fwconsole restart
# - fwconsole ma disablerepo commercial
# - fwconsole ma installall
# - fwconsole ma delete firewall
# - fwconsole reload
# - fwconsole restart
ignore_errors: yes # 2021-08-08: For things like 'killall -9 safe_asterisk' that fail when process doesn't exist
# 2021-08-02: FreePBX 16 seems to no longer need this FreePBX 15 patch?
#- name: FreePBX - Patch FreePBX source - disable get_magic_quotes_gpc()
# patch:
# src: roles/pbx/templates/pbx2.patch
# dest: "{{ freepbx_install_dir }}/admin/libraries/view.functions.php"
# 2021-08-06: This stanza works, but above is more graceful. (FYI PRs #2908,
# #2912, #2913 didn't quite work -- whereas this PR #2915 at least worked!)
# - name: FreePBX - Run 'systemctl restart freepbx' TWICE (THIS IS 1 OF 2) to get past 'systemctl status freepbx' glitch "Unable to run Pre-Asterisk hooks, because Asterisk is already running"
# systemd:
# daemon_reload: yes
# name: freepbx
# enabled: yes
# state: restarted
- name: FreePBX - Install /etc/odbc.ini from template (root:root, 0644 by default)
- name: FreePBX - Install /etc/odbc.ini from template (root:root, 0644 by default) for CDR 'asteriskcdrdb' - in future consider compiling ODBC driver for aarch64 per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ?
template:
src: odbc.ini.j2
dest: /etc/odbc.ini
# owner: root
# group: root
# mode: '0644'
src: odbc.ini
dest: /etc/
- name: FreePBX - Install /etc/apache2/sites-available/freepbx.conf from template ({{ apache_user }}:{{ apache_user }}, 0644 by default)
- name: FreePBX - Install /etc/systemd/system/freepbx.service from template (root:root, 0644 by default)
template:
src: freepbx.conf.j2
dest: /etc/apache2/sites-available/freepbx.conf
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
# mode: '0644'
src: freepbx.service
dest: /etc/systemd/system/
- name: FreePBX - Add directive "Listen {{ pbx_http_port }}" to /etc/apache2/ports.conf
lineinfile:
path: /etc/apache2/ports.conf
line: "Listen {{ pbx_http_port }}"
#insertafter: Listen 80
- name: FreePBX - Install /etc/systemd/system/freepbx.service systemd unit file from template (root:root, 0644 by default)
template:
src: freepbx.service.j2
dest: /etc/systemd/system/freepbx.service
# mode: '0755' # Let's go with '0644' per unit file norms
- name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 2 MIN OR LONGER!
command: fwconsole ma upgradeall
- name: FreePBX - Run 'fwconsole set CHECKREFERER 0' (0 means false) - if pbx_try_nginx - so 'Submit' button definitively works at http://box/freepbx >> Settings >> Advanced Settings -- FYI you can run 'fwconsole set -l' or 'fwconsole set CHECKREFERER' to view FreePBX settings -- FYI /etc/freepbx.conf can completely override FreePBX's stored settings if nec
command: fwconsole set CHECKREFERER 0 # Or/later run 'fwconsole set CHECKREFERER 1' (1 means true) to restore FreePBX's default strict checking.
when: pbx_try_nginx
# - name: Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_try_nginx"
# lineinfile:
# path: /etc/freepbx.conf
# insertbefore: '^\?>$' # Match exact line '?>' -- BOTTOM OF FILE NEC!
# line: "$amp_conf['CHECKREFERER'] = false;"
# when: pbx_try_nginx
# - name: 'FreePBX - fix file permissions for NGINX: /etc/freepbx.conf (0644), /var/log/asterisk/freepbx.log (0666)'
# file:
# #state: file
# path: "{{ item.path }}"
# mode: "{{ item.mode }}"
# with_items:
# - { path: '/etc/freepbx.conf', mode: u=rw,g=r,o=r } # 2021-08-04: LATER ENDS UP AS 0660
# - { path: '/var/log/asterisk/freepbx.log', mode: u=rw,g=rw,o=rw } # 2021-08-04: LATER ENDS UP AS 0664
# when: pbx_try_nginx
# - name: 'FreePBX - fix dir permissions for NGINX: /var/spool/asterisk/cache (0777)'
# file:
# state: directory
# path: "{{ item }}"
# mode: u=rwx,g=rwx,o=rwx # 2021-08-04: MOST CONTENT THEREIN ENDS UP AS asterisk:asterisk 664 (files) & 775 (dirs)
# # recurse: yes # Probably Doesn't Help?
# with_items:
# # - /var/www/html/freepbx/admin/assets/less/cache
# - /var/spool/asterisk/cache
# when: pbx_try_nginx
# For 'pbx_try_nginx: True' -- FreePBX's initial page (Admin user registration)
# tries to set up a cron job but fails:
# "Exception: Trying to edit user asterisk, when I'm running as www-data"
# 2021-08-10: Hacking /etc/freepbx.conf WAS NOT TESTED PROPERLY -- AS VARS MUST
# BE NEAR BOTTOM OF FILE: github.com/iiab/iiab/pull/2916#issuecomment-894585322
# - name: "2021-08-06: Try \"$amp_conf['AMPASTERISKWEBUSER'] = 'www-data';\" in /etc/freepbx.conf for #2916 registration cron fix ?'"
# lineinfile:
# path: /etc/freepbx.conf
# #insertafter: '^<\?php$' # Match exact line '<?php' -- BUT TOP OF FILE FAILS :(
# insertbefore: '^\?>$' # Match exact line '?>' -- BOTTOM OF FILE NECESSARY :)
# line: "$amp_conf['AMPASTERISKWEBUSER'] = 'www-data';"
# when: pbx_try_nginx

34
roles/pbx/tasks/freepbx_dependencies.yml → roles/pbx/tasks/freepbx_dependencies.yml.unused
View file

@ -1,39 +1,37 @@
- name: FreePBX - Install dependencies (run 'php -m' or 'php -i' to verify PHP modules)
- name: FreePBX - Install wget, git, unixodbc, sudo, net-tools, cron, sox + ~12 PHP dependencies (run 'php -m' or 'php -i' to verify PHP modules)
package:
name:
- wget
- git
- unixodbc # for Asterisk CDR (Call Detail Records)
- sudo # required by FreePBX install script
- net-tools # required by FWConsole (command-line utility, that controls FreePBX)
- cron # required by FreePBX UCP package (User Control Panel)
- sox # required for CDR web-playback
#- php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
- unixodbc # For Asterisk CDR (Call Detail Records)
- sudo # Required by FreePBX install script
- net-tools # Required by FWConsole (command-line utility, that controls FreePBX)
- cron # Required by FreePBX UCP package (User Control Panel)
- sox # Required for CDR web-playback
# - php{{ php_version }} # Basically drags in phpX.Y-cgi (already below!)
- php{{ php_version }}-bcmath # Likewise installed in nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-cgi
#- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
# - php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml
- php{{ php_version }}-curl # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php{{ php_version }}-fpm # Likewise installed in nginx/tasks/install.yml
#- php{{ php_version }}-gettext
# - php{{ php_version }}-gettext
- php{{ php_version }}-gd # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml
- php{{ php_version }}-imap
#- php{{ php_version }}-json # See stanza just below
# - php{{ php_version }}-json # See stanza just below
- php{{ php_version }}-mbstring # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
# - python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
- php{{ php_version }}-mysql # Likewise installed in mysql/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- php-pear # Likewise installed for ADMIN CONSOLE https://github.com/iiab/iiab-admin-console/blob/master/roles/cmdsrv/tasks/main.yml#L19
- php{{ php_version }}-snmp
- php{{ php_version }}-xml # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml -- AND REGARDLESS dragged in later by Admin Console's use of php-pear for roles/cmdsrv/tasks/main.yml -- run 'php -m | grep -i xml' which in the end shows {libxml, SimpleXML, xml, xmlreader, xmlwriter}
- php{{ php_version }}-zip # Likewise installed in moodle/tasks/install.yml, nextcloud/tasks/install.yml, wordpress/tasks/install.yml
- libapache2-mod-php
#- python-mysqldb # https://github.com/Yannik/ansible-role-freepbx/blob/master/tasks/freepbx.yml#L33
- libapache2-mpm-itk # To serve FreePBX through a VirtualHost as asterisk user
state: latest
# For PHP >= 8.0: phpX.Y-json is baked into PHP itself.
# For PHP < 8.0: phpX.Y-json auto-installed by phpX.Y-fpm AND phpX.Y-cli in 3-base-server's nginx/tasks/install.yml, as confirmed by: apt rdepends phpX.Y-json
#
#- name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')
# - name: Install php{{ php_version }}-json if PHP < 8.0
# package:
# name: php{{ php_version }}-json
# state: present
# when: php_version is version('8.0', '<')

45
roles/pbx/tasks/install.yml
View file

@ -16,50 +16,29 @@
msg: "PBX install cannot proceed, as Node.js is not installed."
when: nodejs_installed is undefined
#- name: FAIL (STOP THE INSTALL) IF 'nodejs_version != "12.x"'
# fail:
# msg: "PBX install cannot proceed, as it currently requires Node.js 12.x, whereas nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc."
# when: nodejs_version != "12.x"
# - name: FAIL (STOP THE INSTALL) IF 'nodejs_version != "12.x"'
# fail:
# msg: "PBX install cannot proceed, as it currently requires Node.js 12.x, whereas nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc."
# when: nodejs_version != "12.x"
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
set_fact:
apache_install: True
apache_enabled: True
# 2021-08-09: Moved to roles/pbx/tasks/apache.yml
- name: APACHE - run 'httpd' role
include_role:
name: httpd
# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
# set_fact:
# apache_install: True
# apache_enabled: True
# - name: APACHE - run 'httpd' role
# include_role:
# name: httpd
# 2021-07-27: Taken care of by main.yml
#- name: TODO: Check if asterisk and freepbx are already installed
#
#- name: Check if /etc/systemd/system/freepbx.service is already installed
# stat:
# path: /etc/systemd/system/freepbx.service
# register: freepbx_installed
#
#- debug:
# msg: >-
# FreePBX already installed. Reinstall shall be skipped
# when: freepbx_installed.stat.exists
# 2021-08-03: Taken care of by asterisk.yml's scripts/install_prereq
#- name: Install 'make' package
# package:
# name: make
# state: present
- name: Install Asterisk
include_tasks: asterisk.yml
#when: internet_available and pbx_install and (pbx_installed is undefined) and is_debuntu and (not freepbx_installed.stat.exists)
#when: internet_available and pbx_install and (not pbx_installed) and ((is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18)
- name: Install FreePBX
include_tasks: freepbx.yml
#when: internet_available and pbx_install and (pbx_installed is undefined) and is_debuntu and (not freepbx_installed.stat.exists)
#when: internet_available and pbx_install and (not pbx_installed) and ((is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18)
# RECORD PBX AS INSTALLED

2
roles/pbx/tasks/main.yml
View file

@ -26,7 +26,7 @@
- include_tasks: enable-or-disable.yml
- name: Asterisk - Install chan_dongle
- name: Install chan_dongle for Huawei USB modems - if asterisk_chan_dongle
include: chan_dongle.yml
when: asterisk_chan_dongle

0
roles/pbx/templates/71-freepbx-framework.patch → roles/pbx/templates/71-freepbx-framework.patch.unused
View file

467
roles/pbx/templates/asterisk.conf Normal file
View file

@ -0,0 +1,467 @@
; 2021-08-10: @jvonau derived this from /etc/php/7.4/fpm/pool.d/www.conf (apt
; package php7.4-fpm) with just 4 changes: (github.com/iiab/iiab/pull/2930)
;
; 1. [www] -> [asterisk]
; 2. user = www-data -> user = asterisk
; 3. listen = /run/php/php7.4-fpm.sock -> listen = /run/php/php-asterisk.sock
; 4. listen.owner = www-data -> listen.owner = asterisk
;
; See also the top of asterisk.conf.patch and asterisk.conf.diff here:
; https://github.com/iiab/iiab/tree/master/roles/pbx/templates
;
; "One set of workers is running as www-data and the other set of workers is
; running as asterisk but on different sockets."
;
; This should resolve both iiab/iiab#2914 -> iiab/iiab#2916 "NGINX" issues:
; (1) As you tried to register at http://box/freepbx, cron setup failed with
; exception "Trying to edit user asterisk, when I'm running as www-data"
; https://github.com/iiab/iiab/pull/2916#issuecomment-894585322
; (2) When you clicked Settings >> Advanced Settings >> Submit >> Apply Config,
; it failed with "Unknown Error. Please Run: fwconsole reload --verbose"
; https://github.com/iiab/iiab/pull/2916#issuecomment-894604982
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[asterisk]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = asterisk
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /run/php/php-asterisk.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = asterisk
listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
;pm.max_children = 5
pm.max_children=120
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
;pm.start_servers = 2
pm.start_servers=12
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.min_spare_servers = 1
pm.min_spare_servers=6
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.max_spare_servers = 3
pm.max_spare_servers=18
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/7.4/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
env[PATH]=/usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

40
roles/pbx/templates/asterisk.conf.diff Normal file
View file

@ -0,0 +1,40 @@
4c4
< [www]
---
> [asterisk]
23c23
< user = www-data
---
> user = asterisk
36c36
< listen = /run/php/php7.4-fpm.sock
---
> listen = /run/php/php-asterisk.sock
48c48
< listen.owner = www-data
---
> listen.owner = asterisk
114c114,115
< pm.max_children = 5
---
> ;pm.max_children = 5
> pm.max_children=120
119c120,121
< pm.start_servers = 2
---
> ;pm.start_servers = 2
> pm.start_servers=12
124c126,127
< pm.min_spare_servers = 1
---
> ;pm.min_spare_servers = 1
> pm.min_spare_servers=6
129c132,133
< pm.max_spare_servers = 3
---
> ;pm.max_spare_servers = 3
> pm.max_spare_servers=18
397a402
> clear_env = no
411a417
> env[PATH]=/usr/local/bin:/usr/bin:/bin

85
roles/pbx/templates/asterisk.conf.patch Normal file
View file

@ -0,0 +1,85 @@
--- /etc/php/7.4/fpm/pool.d/www.conf 2021-07-01 23:59:48.000000000 -0400
+++ /etc/php/7.4/fpm/pool.d/asterisk.conf 2021-08-10 05:25:09.808067373 -0400
@@ -1,7 +1,7 @@
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
-[www]
+[asterisk]
; Per pool prefix
; It only applies on the following directives:
@@ -20,7 +20,7 @@
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
-user = www-data
+user = asterisk
group = www-data
; The address on which to accept FastCGI requests.
@@ -33,7 +33,7 @@
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
-listen = /run/php/php7.4-fpm.sock
+listen = /run/php/php-asterisk.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
@@ -45,7 +45,7 @@
; and group can be specified either by name or by their numeric IDs.
; Default Values: user and group are set as the running user
; mode is set to 0660
-listen.owner = www-data
+listen.owner = asterisk
listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
@@ -111,22 +111,26 @@
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
-pm.max_children = 5
+;pm.max_children = 5
+pm.max_children=120
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
-pm.start_servers = 2
+;pm.start_servers = 2
+pm.start_servers=12
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = 1
+;pm.min_spare_servers = 1
+pm.min_spare_servers=6
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 3
+;pm.max_spare_servers = 3
+pm.max_spare_servers=18
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
@@ -395,6 +399,7 @@
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
+clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
@@ -409,6 +414,7 @@
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[PATH]=/usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

31
roles/pbx/templates/freepbx-nginx.conf.j2 Normal file
View file

@ -0,0 +1,31 @@
location ~ ^/freepbx(|/.*)$ { # '~' -> '~*' for case-insensitive regex
root /var/www/html;
# root {{ freepbx_install_dir }}; # /var/www/html/freepbx
# root {{ doc_root }}; # /library/www/html
# location ~ ^/freepbx {
# root {{ doc_root }};
# }
location ~ ^/freepbx(.*)\.php(.*)$ {
alias {{ freepbx_install_dir }}$1.php$2;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php-asterisk.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
#fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTACCESS on; # disables FreePBX htaccess warning
}
# disallows the things that the FreePBX .htaccess files disallow
location ~ /freepbx(/\.ht|/\.git|\.ini$|/libraries|/helpers|/i18n|/node|/views/.+php$) {
deny all;
}
# from the api module .htaccess file
rewrite ^/freepbx/admin/api/([^/]*)/([^/]*)/?(.*)?$ /freepbx/admin/api/api.php?module=$1&command=$2&route=$3 last;
}

17
roles/pbx/templates/freepbx.service Normal file
View file

@ -0,0 +1,17 @@
[Unit]
Description=FreePBX VoIP Server
After=mysql.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start
ExecStop=/usr/sbin/fwconsole stop
ExecStopPost=killall -9 "PM2 v4.5.0: God"
# 2021-08-10: Asterisk stuff doesn't stop reliably, right after freepbx.yml
# 'install -n' completes -- hence "Unable to run Pre-Asterisk hooks, because
# Asterisk is already running" issue when freepbx.service next tries to start
# it. See pbx/tasks/freepbx.yml workarounds e.g. github.com/iiab/iiab/pull/2915
[Install]
WantedBy=multi-user.target

12
roles/pbx/templates/freepbx.service.j2
View file

@ -1,12 +0,0 @@
[Unit]
Description=FreePBX VoIP Server
After=mysql.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/fwconsole start
ExecStop=/usr/sbin/fwconsole stop
[Install]
WantedBy=multi-user.target

0
roles/pbx/templates/odbc.ini.j2 → roles/pbx/templates/odbc.ini
View file

0
roles/pbx/templates/pbx.patch → roles/pbx/templates/pbx.patch.unused
View file

9
roles/nginx/templates/ports.conf.j2 → roles/pbx/templates/ports.conf
View file

@ -2,7 +2,14 @@
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 127.0.0.1:{{ apache_port }}
# Apache's stock default
#Listen 80
# IIAB NGINX proxying to legacy svcs (Dec 2019 - Aug 2021)
#Listen 127.0.0.1:8090
# IIAB FreePBX for Asterisk
Listen {{ pbx_http_port }}
#<IfModule ssl_module>
# Listen 443

16
roles/phpmyadmin/tasks/enable-or-disable.yml
View file

@ -1,9 +1,9 @@
- name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
command: a2ensite phpmyadmin.conf
when: phpmyadmin_enabled
#when: apache_installed is defined and phpmyadmin_enabled
# - name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
# command: a2ensite phpmyadmin.conf
# when: phpmyadmin_enabled
# #when: apache_installed is defined and phpmyadmin_enabled
- name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
command: a2dissite phpmyadmin.conf
when: not phpmyadmin_enabled
#when: apache_installed is defined and not phpmyadmin_enabled
# - name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
# command: a2dissite phpmyadmin.conf
# when: not phpmyadmin_enabled
# #when: apache_installed is defined and not phpmyadmin_enabled

28
roles/phpmyadmin/tasks/install.yml
View file

@ -1,17 +1,17 @@
- name: "Set 'apache_install: True' and 'apache_enabled: True'"
set_fact:
apache_install: True
apache_enabled: True
- name: APACHE - run 'httpd' role
include_role:
name: httpd
# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
# set_fact:
# apache_install: True
# apache_enabled: True
#
# - name: APACHE - run 'httpd' role
# include_role:
# name: httpd
- name: Unarchive {{ phpmyadmin_dl_url }} (7+ MB) to /opt (60+ MB)
unarchive:
remote_src: yes # Overwrite even if "already exists on the target"
src: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.tar.xv
src: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.tar.xv
dest: /opt
owner: "{{ apache_user }}" # www-data on debuntu
group: "{{ apache_user }}"
@ -33,11 +33,11 @@
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
- name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template
template:
src: phpmyadmin.j2
dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
#when: apache_installed is defined
# - name: Install /etc/{{ apache_conf_dir }}/phpmyadmin.conf from template
# template:
# src: phpmyadmin.j2
# dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
# #when: apache_installed is defined
# RECORD phpMyAdmin AS INSTALLED

5
roles/phpmyadmin/tasks/main.yml
View file

@ -19,12 +19,13 @@
quiet: yes
- name: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
- name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: phpmyadmin_installed is undefined
- include_tasks: enable-or-disable.yml
- name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06
include_tasks: enable-or-disable.yml
- name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }}

0
roles/phpmyadmin/templates/phpmyadmin.j2 → roles/phpmyadmin/templates/phpmyadmin.j2.unused
View file

1
roles/postgresql/tasks/install.yml
View file

@ -3,6 +3,7 @@
name:
- postgresql
- postgresql-client
- python3-psycopg2 # For Ansible modules {postgresql_db, postgresql_user} in Ansible collection community.postgresql -- used in moodle/tasks/install.yml
state: present
- name: Install /etc/systemd/system/postgresql-iiab.service from template (0644 by default)

0
roles/usb_lib/tasks/apache.yml → roles/usb_lib/tasks/apache.yml.unused
View file

11
roles/usb_lib/tasks/install.yml
View file

@ -47,13 +47,13 @@
state: present
when: is_ubuntu
- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear (0775)
file:
state: directory
path: "{{ doc_root }}/local_content"
owner: "{{ apache_user }}"
group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222)
mode: '0775'
mode: 0775
- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh'
template:
@ -81,13 +81,6 @@
path: /etc/usbmount/mount.d/00_create_model_symlink
state: absent
# 2021-03-25: Consider removing this stanza & all of this role's Apache logic!
- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
template:
src: content_dir.conf
dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu
when: apache_installed is defined
# RECORD 'USB_LIB' AS INSTALLED

8
roles/usb_lib/tasks/main.yml
View file

@ -56,13 +56,9 @@
when: not usb_lib_umask0000_for_kolibri
- name: Enable/Disable/Restart Apache if primary
include_tasks: apache.yml
when: not nginx_enabled
- name: Enable/Disable/Restart NGINX if primary
- name: Enable/Disable/Restart NGINX
include_tasks: nginx.yml
when: nginx_enabled
# 2021-04-29: Clean up here to catch the already installed users, remove for the next release (PR #2760)
- name: Remove /etc/usbmount/mount.d/00_create_model_symlink

9
roles/www_options/tasks/main.yml
View file

@ -85,6 +85,10 @@
- { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' }
when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install
# WARNING: This might cause excess use of RAM/disk or other resources!
# The first 5 values below were chosen by @ericnitschke and @kananigit on
# 2018-09-19: https://github.com/iiab/iiab/issues/1147
# 2020-03-08: IIAB DOES NOT SUPPORT UNINSTALLING APPS, so additional
# clauses (to reset/restore PHP's defaults) are not necessary at this time.
@ -92,12 +96,7 @@
# editing /etc/php/{{ php_version }}/cli/php.ini (below) -- though during
# regular operation it uses: .../fpm/php.ini
# And in the past it used: .../apache2/php.ini
#
# SEE ALSO roles/moodle/tasks/install.yml WHERE SIMILAR SURGERY'S DONE TO
# /etc/php/{{ php_version }}/apache2/php.ini UNTIL MOODLE'S PORTED TO NGINX!
# WARNING: This might cause excess use of RAM/disk or other resources!
# The 5 first values below were chosen by @ericnitschke and @kananigit in ~2018.
- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)"
lineinfile:
path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini