From 223c92f5c54da4753397fb5b863c5750acad57e0 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 17:51:56 -0400 Subject: [PATCH 01/28] Install Apache on demand, for TK: ./runrole elgg|lokole|moodle|nodered --- roles/0-init/defaults/main.yml | 3 +-- roles/0-init/tasks/main.yml | 27 ++++----------------------- roles/3-base-server/tasks/main.yml | 9 +++++---- roles/elgg/tasks/install.yml | 13 +++++++++++-- roles/lokole/tasks/install.yml | 11 +++++++++++ roles/moodle/tasks/install.yml | 10 ++++++++++ roles/nodered/tasks/install.yml | 10 ++++++++++ roles/www_base/tasks/main.yml | 4 ---- roles/www_options/tasks/main.yml | 2 -- vars/default_vars.yml | 12 +++++++----- vars/local_vars_big.yml | 3 --- vars/local_vars_medium.yml | 3 --- vars/local_vars_min.yml | 3 --- 13 files changed, 59 insertions(+), 51 deletions(-) diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 9fd76d2e4..4a9b1e4c1 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -1,5 +1,5 @@ # (PRE-)release version number, for {{ iiab_env_file }} = /etc/iiab/iiab.env -# iiab_base_ver: 7.0 +# iiab_base_ver: 7.1 # iiab_revision: 0 # ABOVE MOVED TO /opt/iiab/iiab/vars/default_vars.yml @@ -14,7 +14,6 @@ discovered_wan_iface: none # Old defs gui_port: 80 -exFAT_enabled: False is_F18: False # Set default 1-prep discovered hardware diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index f768d3b3f..f43ad00a8 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -43,29 +43,10 @@ - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml -# SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -- name: "apache_install is currently '{{ apache_install }}' and apache_enabled is currently '{{ apache_enabled }}'. Now let's set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not to be enabled OR if any of {Elgg, Lokole, Moodle, Node-RED} are set to install." - set_fact: - apache_install: True - apache_enabled: True - when: not nginx_enabled or elgg_install or lokole_install or moodle_install or nodered_install -# -#- name: "Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install" -# assert: -# that: apache_install and apache_enabled or not (dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install) -# fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF YOU'RE TRYING TO INSTALL ANY OF {dokuwiki, elgg, lokole, moodle, nextcloud, nodered} e.g. IN: /etc/iiab/local_vars.yml" -# quiet: yes -# -#- name: "Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support" -# assert: -# that: apache_install and apache_enabled or nginx_enabled -# fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF 'nginx_enabled: False' e.g. IN: /etc/iiab/local_vars.yml" -# quiet: yes - -- name: Set exFAT_enabled if xo_model != "none" - set_fact: - exFAT_enabled: True - when: xo_model != "none" +#- name: Set exFAT_enabled if xo_model != "none" +# set_fact: +# exFAT_enabled: True +# when: xo_model != "none" # Discover: do we have a gateway? # If Ansible detects gateway, becomes WAN candidate. diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index e56b33f2d..c3b9a5901 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -8,10 +8,11 @@ name: mysql when: mysql_install | bool -- name: HTTPD (Apache) - include_role: - name: httpd - when: apache_install | bool +# 2020-05-16: invoked as nec by roles {elgg, lokole, moodle, nodered} +# - name: HTTPD (Apache) +# include_role: +# name: httpd +# when: apache_install | bool - name: NGINX include_role: diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml index 4e745c5ba..262b69ffd 100644 --- a/roles/elgg/tasks/install.yml +++ b/roles/elgg/tasks/install.yml @@ -1,6 +1,15 @@ -# Assume (enforce!) we only get here if elgg_install: True -# Assume (enforce?) MySQL is running +- name: "Set 'apache_install: True' and 'apache_enabled: True'" + set_fact: + apache_install: True + apache_enabled: True +- name: APACHE - run 'httpd' role + include_role: + name: httpd + + +# Assume (enforce?) MySQL is running +# # - name: "Set 'mysql_install: True' and 'mysql_enabled: True'" # set_fact: # mysql_install: True diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index d49757e49..dcb4c1106 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -1,6 +1,17 @@ # Lokole PDF (User's Guide) gets copied for offline use (http://box/info) here: # https://github.com/iiab/iiab/blob/master/roles/httpd/templates/refresh-wiki-docs.sh#L51-L52 + +- name: "Set 'apache_install: True' and 'apache_enabled: True'" + set_fact: + apache_install: True + apache_enabled: True + +- name: APACHE - run 'httpd' role + include_role: + name: httpd + + - name: "Install 8 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, python3-bcrypt, libffi-dev, libssl-dev, libopenjp2-7" apt: name: diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 528b0666d..33b3d9f08 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -1,3 +1,13 @@ +- name: "Set 'apache_install: True' and 'apache_enabled: True'" + set_fact: + apache_install: True + apache_enabled: True + +- name: APACHE - run 'httpd' role + include_role: + name: httpd + + - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" set_fact: postgresql_install: True diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 6953ae0a0..8ea03a52b 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -1,3 +1,13 @@ +- name: "Set 'apache_install: True' and 'apache_enabled: True'" + set_fact: + apache_install: True + apache_enabled: True + +- name: APACHE - run 'httpd' role + include_role: + name: httpd + + # 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) & # npm to roles/nodejs/tasks/main.yml diff --git a/roles/www_base/tasks/main.yml b/roles/www_base/tasks/main.yml index 68930417c..4ee7dd2a7 100644 --- a/roles/www_base/tasks/main.yml +++ b/roles/www_base/tasks/main.yml @@ -1,7 +1,5 @@ # Role "www_base" runs here, probably in 3-BASE-SERVER. # Role "www_options" runs later, likely in 4-SERVER-OPTIONS. -# -# (Don't take either name too literally!) - name: Using html.yml include_tasks: html.yml @@ -15,7 +13,6 @@ path: "{{ doc_root }}/home" # /library/www/html owner: "{{ apache_user }}" group: "{{ apache_user }}" - # mode: '0755' - name: Create dir {{ doc_root }}/info for http://box/info offline docs file: @@ -23,7 +20,6 @@ path: "{{ doc_root }}/info" # /library/www/html owner: "{{ apache_user }}" group: "{{ apache_user }}" - # mode: '0755' - name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml) template: diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 675ace98f..c767298c2 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -1,7 +1,5 @@ # Role "www_base" runs earlier, likely in 3-BASE-SERVER. # Role "www_options" runs here, probably in 4-SERVER-OPTIONS. -# -# (Don't take either name too literally!) # HOMEPAGE diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 6686971e2..56e0e1c57 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -223,10 +223,6 @@ pi_swap_file_size: 1024 # 2-COMMON -# Auto-enabled in roles/2-common/tasks/packages.yml as set in -# 0-init/defaults/main.yml AND 0-init/tasks/main.yml : -exFAT_enabled: True - # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. @@ -260,13 +256,19 @@ nginx_high_php_limits: False # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini # See also Apache vars {default_language, language_priority} @ top of this file +# +# 2020-05-16: apache_install is completely ignored as Node.js is installed +# on demand as a dependency -- by Elgg, Lokole, Moodle and/or Node-RED -- +# but for now we set fake value 'apache_install: True' so that +# 'apache_installed is defined' input validation works, e.g. in +# 0-init/tasks/validate_vars.yml apache_install: True apache_enabled: False # # NGINX proxies to Apache for legacy IIAB services, using: apache_port: 8090 apache_interface: 127.0.0.1 # 2020-01-13: Var unused -# + # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index f03702059..e39639121 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -138,9 +138,6 @@ pi_swap_file_size: 1024 # 2-COMMON -# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml -# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml - # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 5a3bb51c0..69202f6b1 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -138,9 +138,6 @@ pi_swap_file_size: 1024 # 2-COMMON -# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml -# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml - # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index bb6f8ddcc..dd3e57de1 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -138,9 +138,6 @@ pi_swap_file_size: 1024 # 2-COMMON -# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml -# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml - # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2. From b0f0ed505925f726b4fc9175897e28bd2006fc7a Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 17:59:28 -0400 Subject: [PATCH 02/28] Put 'apache_allow_sudo: True' closer to NGINX, in default_vars.yml --- vars/default_vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 56e0e1c57..fb4572340 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -255,6 +255,9 @@ nginx_high_php_limits: False # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L67 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php//fpm/php.ini +# Make this False to disable http://box/common/services/power_off.php button: +apache_allow_sudo: True + # See also Apache vars {default_language, language_priority} @ top of this file # # 2020-05-16: apache_install is completely ignored as Node.js is installed @@ -269,9 +272,6 @@ apache_enabled: False apache_port: 8090 apache_interface: 127.0.0.1 # 2020-01-13: Var unused -# Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True - # 4-SERVER-OPTIONS From 42d1f1ba218fb09ea2d0cd34e25c2cfc1f45f10b Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 18:22:55 -0400 Subject: [PATCH 03/28] CUPS too: install Apache on demand --- roles/cups/tasks/main.yml | 14 ++++++++++++-- roles/nginx/tasks/install.yml | 3 ++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 72ffec896..a8e488573 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -3,8 +3,18 @@ # TO DO: # - validate input vars + prereqs -# - move 5 top stanzas into install.yml -# - move 5-7 next stanzas into enable-or-disable.yml +# - move 7 top stanzas into install.yml +# - move 7 next stanzas into enable-or-disable.yml + + +- name: "Set 'apache_install: True' and 'apache_enabled: True'" + set_fact: + apache_install: True + apache_enabled: True + +- name: APACHE - run 'httpd' role + include_role: + name: httpd - name: Install 'cups' package diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 25b0ce120..457640a27 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -12,7 +12,8 @@ systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml state: stopped - ignore_errors: yes + when: apache_installed | bool + #ignore_errors: yes - name: Install required and helper packages for NGINX package: From a0a3b01c44b69d5752a19ab1c030f34c5d48f6c9 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 19:40:54 -0400 Subject: [PATCH 04/28] NGINX play: stop Apache if apache_installed is undefined --- roles/nginx/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 457640a27..4d65d60c7 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -12,7 +12,7 @@ systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml state: stopped - when: apache_installed | bool + when: apache_installed is defined #ignore_errors: yes - name: Install required and helper packages for NGINX From 52e8d30f009f836376a1363aaddb701e92594603 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 20:40:01 -0400 Subject: [PATCH 05/28] Reduce dependency on Apache in nginx/tasks/enable-or-disable.yml --- roles/nginx/tasks/enable-or-disable.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml index beebc2da5..8294903ca 100644 --- a/roles/nginx/tasks/enable-or-disable.yml +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -1,7 +1,8 @@ -- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap +- name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml state: stopped + when: apache_installed is defined - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only template: @@ -21,7 +22,7 @@ daemon_reload: yes state: restarted enabled: true - when: apache_enabled or not nginx_enabled + when: apache_installed is defined and apache_enabled # or not nginx_enabled - name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled From 83b44f0a8968cd33fba87a947151306e2232c737 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 21:12:20 -0400 Subject: [PATCH 06/28] Note: php forces install of Apache in mysql/tasks/install.yml --- roles/mysql/tasks/install.yml | 58 +++++++++++++---------------------- 1 file changed, 22 insertions(+), 36 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 29116b500..49634a5f0 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -1,7 +1,6 @@ # Stanzas as of 2020-02-04: # -# - 4 base install -# - Remove the last 3 above, as CentOS & Fedora no longer supported ? +# - 1 base install # - 6 double timeout for slow CPUs # - 7 DB config # - 2 record as installed @@ -11,7 +10,7 @@ name: - mariadb-server - mariadb-client - - php{{ php_version }} + - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - php{{ php_version }}-mysql - php-pear - php{{ php_version }}-gd @@ -23,41 +22,28 @@ state: present when: is_debuntu | bool -# - name: Install package 'php{{ php_version }}-xml' (debuntu) # WAS: (ubuntu or debian 9+) +# - name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)" # package: -# name: "php{{ php_version }}-xml" +# name: +# - MySQL-python +# - mysql +# - php +# - php-mysql +# - php-pear +# - php-gd +# - php-imap +# - php-ldap +# - php-odbc +# - php-xml +# - php-xmlrpc # state: present -# when: is_debuntu | bool -# #when: is_ubuntu or (is_debian and not is_debian_8) - -#- name: Install php-xml-parser (debian-8) -# package: -# name: php-xml-parser -# state: present -# when: is_debian_8 | bool - -- name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)" - package: - name: - - MySQL-python - - mysql - - php - - php-mysql - - php-pear - - php-gd - - php-imap - - php-ldap - - php-odbc - - php-xml - - php-xmlrpc - state: present - when: not is_debuntu - -- include_tasks: centos.yml - when: ansible_distribution == "CentOS" - -- include_tasks: fedora.yml - when: ansible_distribution == "Fedora" +# when: not is_debuntu +# +# - include_tasks: centos.yml +# when: ansible_distribution == "CentOS" +# +# - include_tasks: fedora.yml +# when: ansible_distribution == "Fedora" # 2019-07-03 @jvonau @holta: the next 50 lines (6 stanzas) double MariaDB's From 13bc1e960fe9c86206c46a379b485fd1a83f7133 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 22:48:52 -0400 Subject: [PATCH 07/28] Reduce dependency on Apache in 9 playbooks --- roles/awstats/tasks/install.yml | 12 ++++++------ roles/calibre-web/tasks/install.yml | 4 ++-- roles/kalite/tasks/install.yml | 16 +++++++++------- roles/kiwix/tasks/install.yml | 10 ++++++++-- roles/nextcloud/tasks/install.yml | 2 +- roles/sugarizer/tasks/install.yml | 20 +++++++++----------- roles/usb_lib/tasks/install.yml | 2 +- roles/wordpress/tasks/install.yml | 2 +- roles/www_options/tasks/main.yml | 9 +++++---- 9 files changed, 42 insertions(+), 35 deletions(-) diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index a66324784..255698cd1 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,7 +1,7 @@ # TO DO: # # - Prepare for a possible future w/o Apache by verifying/refining below... -# - 5 'when: apache_install | bool' +# - 5 'when: apache_installed is defined' # - 1 'when: nginx_install | bool' # - 8 core stanzas w/o such 'when:' clauses @@ -19,11 +19,11 @@ - libapache2-mod-authnz-external - apache2-utils state: present - when: apache_install | bool + when: apache_installed is defined - name: Run 'a2enmod cgi' to enable cgi execution via Apache command: a2enmod cgi - when: apache_install | bool + when: apache_installed is defined - name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx file: @@ -34,7 +34,7 @@ group: "{{ apache_user }}" mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits #force: yes - when: apache_install | bool + when: apache_installed is defined - name: Create 2 directories... mkdir {{ awstats_data_dir }} (intermediate summary storage) and /usr/lib/cgi-bin/awstats, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx file: @@ -53,13 +53,13 @@ template: src: apache-awstats.conf dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu - when: apache_install | bool + when: apache_installed is defined - name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable template: src: logrotate.d.apache2 dest: /etc/logrotate.d/apache2 - when: apache_install | bool + when: apache_installed is defined - name: Does /etc/awstats/awstats.conf exist? stat: diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 6c35db157..dee048b87 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -22,8 +22,8 @@ mode: '0755' with_items: - "{{ calibreweb_home }}" # /library/calibre-web - - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web - "{{ calibreweb_config }}" # /library/calibre-web/config + - "{{ calibreweb_venv_path }}" # /usr/local/calibre-web-py3 ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456 - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }} @@ -61,7 +61,7 @@ template: src: calibre-web.conf.j2 dest: "/etc/{{ apache_conf_dir }}/calibre-web.conf" # apache2/sites-available on debuntu - when: apache_install | bool + when: apache_installed is defined - name: Does /library/calibre-web/metadata.db exist? stat: diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index 5f6c96632..473761d68 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -43,18 +43,20 @@ extra_args: "--no-cache-dir" when: internet_available | bool -- name: "Install from template: venv wrapper /usr/bin/kalite, systemd unit file kalite-serve.service, Apache's kalite.conf" +- name: "Install from templates: venv wrapper /usr/bin/kalite, systemd unit file kalite-serve.service" template: - backup: no src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root mode: "{{ item.mode }}" with_items: - - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755'} - - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'} - - { src: 'kalite.conf', dest: '/etc/{{ apache_conf_dir }}', mode: '0644'} + - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755' } + - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644' } + +- name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf" + template: + src: kalite.conf + dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu + when: apache_installed is defined - name: Fix KA Lite bug in regex parsing ifconfig output, for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 replace: diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index d8b5c59c8..104d6bb7c 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -100,7 +100,7 @@ # 4. INSTALL iiab-make-kiwix-lib*, kiwix-serve.service, kiwix.conf for Apache -- name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py, kiwix.conf' +- name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py' template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -109,7 +109,13 @@ - { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644' } - { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755' } - { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755' } - - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kiwix.conf', mode: '0644' } + +- name: "Install from template: Apache's kiwix.conf" + template: + src: kiwix.conf.j2 + dest: "/etc/{{ apache_conf_dir }}/kiwix.conf" + #mode: '0644' + when: apache_installed is defined # 5. RECORD Kiwix AS INSTALLED diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index 9ccaf8565..665ede20c 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -109,7 +109,7 @@ template: src: nextcloud.conf.j2 dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf" # apache2/sites-available on debuntu - when: apache_install | bool + when: apache_installed is defined # RECORD Nextcloud AS INSTALLED diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 3645f1507..6a10b494a 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -148,18 +148,16 @@ # 5. CONFIG FILES -- name: "Install from templates: /etc/systemd/system/sugarizer.service, /etc/apache2/sites-available/sugarizer.conf" +- name: "Install from template: /etc/systemd/system/sugarizer.service" template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: '0644' - with_items: - - { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' } - - { src: 'sugarizer.conf.j2', dest: "/etc/{{ apache_conf_dir }}/sugarizer.conf" } - #- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' } - #- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' } + src: sugarizer.service + dest: /etc/systemd/system + +- name: "Install from template: /etc/{{ apache_conf_dir }}/sugarizer.conf" + template: + src: sugarizer.conf.j2 + dest: "/etc/{{ apache_conf_dir }}/sugarizer.conf" # apache2/sites-available + when: apache_installed is defined # 3 [WAS 4] STANZAS ADDED BELOW JAN/FEB 2019, HOPING THIS MIGHT "JUST WORK" # WITH FUTURE UPGRADES BEYOND SUGARIZER 1.1?! diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml index 03eb685c6..afc33b53b 100644 --- a/roles/usb_lib/tasks/install.yml +++ b/roles/usb_lib/tasks/install.yml @@ -28,7 +28,7 @@ template: src: content_dir.conf dest: "/etc/{{ apache_conf_dir }}" # apache2/sites-available on debuntu - when: apache_install + when: apache_installed is defined # RECORD 'USB_LIB' AS INSTALLED diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index e3f9bf2af..6fdd06fda 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -89,7 +89,7 @@ template: src: wordpress.conf.j2 dest: "/etc/{{ apache_conf_dir }}/wordpress.conf" - when: apache_enabled | bool + when: apache_installed is defined # RECORD WordPress AS INSTALLED diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index c767298c2..b33b5c92b 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -15,12 +15,13 @@ # Used to be run by httpd/tasks/install.yml - name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install" include_tasks: roles/httpd/tasks/homepage.yml - when: apache_install | bool + when: apache_installed is defined # Used to be run by nginx/tasks/install.yml - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install include_tasks: roles/nginx/tasks/homepage.yml - when: nginx_install | bool + when: nginx_installed is defined + #when: nginx_install | bool - debug: msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (nginx_high_php_limits or moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled' @@ -100,11 +101,11 @@ when: internet_available and not nodocs -- name: (Re)Start '{{ apache_service }}' systemd service, if apache_enabled +- name: (Re)Start '{{ apache_service }}' systemd service, if installed & enabled systemd: name: "{{ apache_service }}" # apache2 on debuntu state: restarted - when: apache_enabled | bool + when: apache_installed is defined and apache_enabled - name: (Re)Start 'nginx' systemd service, if nginx_enabled systemd: From a16702743ea8b770a33ea8769f25d6cdbe9b5a00 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 22:58:48 -0400 Subject: [PATCH 08/28] Clarify Apache residue in 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index c3b9a5901..1b15ea0ac 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -8,7 +8,11 @@ name: mysql when: mysql_install | bool -# 2020-05-16: invoked as nec by roles {elgg, lokole, moodle, nodered} +# 2020-05-16: Invoked as nec by 5 roles {cups, elgg, lokole, moodle, nodered}. +# These 9 roles conditionally touch Apache .conf files etc: awstats, calibre- +# web, kalite, kiwix, nextcloud, sugarizer, usb_lib, wordpress, www_options. +# CAUTION: mysql/tasks/install.yml's php install drags in apache2 regardless ! +# # - name: HTTPD (Apache) # include_role: # name: httpd From dde8a3285a9fef8ff71f24c4bf9056f627eb0b87 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 May 2020 23:50:22 -0400 Subject: [PATCH 09/28] Reduce dependency on Apache in gitea/kolibri/mediawiki/munin etc --- roles/3-base-server/tasks/main.yml | 5 +++-- roles/gitea/tasks/install.yml | 15 +++++++------ roles/kolibri/tasks/install.yml | 28 ++++++++----------------- roles/mediawiki/tasks/install.yml | 5 +++-- roles/munin/tasks/install.yml | 18 ++++++++-------- roles/nginx/README.md | 9 ++++---- roles/nginx/tasks/enable-or-disable.yml | 2 +- 7 files changed, 39 insertions(+), 43 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 1b15ea0ac..7957a594d 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -9,8 +9,9 @@ when: mysql_install | bool # 2020-05-16: Invoked as nec by 5 roles {cups, elgg, lokole, moodle, nodered}. -# These 9 roles conditionally touch Apache .conf files etc: awstats, calibre- -# web, kalite, kiwix, nextcloud, sugarizer, usb_lib, wordpress, www_options. +# These 13 roles conditionally touch Apache .conf files etc: awstats, +# calibre-web, gitea, kalite, kiwix, kolibri, mediawiki, munin, nextcloud, +# sugarizer, usb_lib, wordpress, www_options. SEE ALSO: roles/nginx/README.md # CAUTION: mysql/tasks/install.yml's php install drags in apache2 regardless ! # # - name: HTTPD (Apache) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index b919608bf..1981222f2 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -97,13 +97,16 @@ # 4. Create systemd service & prepare Apache for http://box/gitea -- name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf" +- name: "Install from template: /etc/systemd/system/gitea.service" template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'gitea.service.j2', dest: '/etc/systemd/system/gitea.service' } - - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" } + src: gitea.service.j2 + dest: /etc/systemd/system/gitea.service + +- name: "Install from template: /etc/{{ apache_conf_dir }}/gitea.conf" + template: + src: gitea.conf.j2 + dest: "/etc/{{ apache_conf_dir }}/gitea.conf" # apache2/sites-available + when: apache_installed is defined # 5. RECORD Gitea AS INSTALLED diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 7dbc7e2de..182647b3d 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -15,31 +15,21 @@ path: "{{ kolibri_home }}" # /library/kolibri owner: "{{ kolibri_user }}" # kolibri group: "{{ apache_user }}" # www-data (on Debian/Ubuntu/Raspbian) - mode: '0755' - name: Create directory /etc/kolibri file: state: directory name: /etc/kolibri - # owner: root - # group: root - # mode: '0755' - name: Save kolibri_user ({{ kolibri_user }}) to /etc/kolibri/username copy: content: "{{ kolibri_user }}" dest: /etc/kolibri/username - # owner: root - # group: root - # mode: '0644' - name: Save kolibri_home (KOLIBRI_HOME="{{ kolibri_home }}") to /etc/kolibri/daemon.conf copy: content: 'KOLIBRI_HOME="{{ kolibri_home }}"' dest: /etc/kolibri/daemon.conf - # owner: root - # group: root - # mode: '0644' - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri apt: @@ -49,16 +39,16 @@ KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later when: internet_available | bool -- name: 'Install from templates: /etc/systemd/system/kolibri.service & /etc/{{ apache_conf_dir }}/kolibri.conf' +- name: 'Install from template: /etc/systemd/system/kolibri.service' template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: '0644' - with_items: - - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service' } - - { src: 'kolibri.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kolibri.conf' } # apache2/sites-available + src: kolibri.service.j2 + dest: /etc/systemd/system/kolibri.service + +- name: 'Install from template: /etc/{{ apache_conf_dir }}/kolibri.conf' + template: + src: kolibri.conf.j2 + dest: "/etc/{{ apache_conf_dir }}/kolibri.conf" # apache2/sites-available + when: apache_installed is defined - name: Stop 'kolibri' systemd service, for Kolibri provisioning (after daemon_reload) systemd: diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index a260c0e04..561aaccd8 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -80,10 +80,11 @@ regexp: '^\$wgServer =' line: '$wgServer = "//" . $_SERVER["HTTP_HOST"];' -- name: Install /etc/{{ apache_conf_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache +- name: 'Install from template: /etc/{{ apache_conf_dir }}/mediawiki.conf -- for http://box{{ mediawiki_url }}' template: src: mediawiki.conf.j2 - dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf" # apache2/sites-available on debuntu + dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf" # apache2/sites-available + when: apache_installed is defined # RECORD MediaWiki AS INSTALLED diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index 56a0f4386..bcf6b05fe 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -17,16 +17,16 @@ state: present when: not is_debuntu -- name: Install /etc/munin/munin.conf and Apache's munin24.conf, from templates +- name: 'Install from template: /etc/munin/munin.conf' template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: 0644 - with_items: - - { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' } - - { src: 'munin24.conf.j2', dest: '/etc/{{ apache_conf_dir }}/munin24.conf' } + src: munin.conf.j2 + dest: /etc/munin/munin.conf + +- name: 'Install from template: /etc/{{ apache_conf_dir }}/munin24.conf' + template: + src: munin24.conf.j2 + dest: "/etc/{{ apache_conf_dir }}/munin24.conf" # apache2/sites-available + when: apache_installed is defined - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd htpasswd: diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 6b8edd323..8c278ac52 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,7 +10,7 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2020-04-29: +3. Current state of IIAB App/Service migrations as of 2020-05-16: 1. These support "Native" NGINX but ***NOT*** Apache * Admin Console @@ -20,7 +20,7 @@ * OER2Go/RACHEL modules * usb_lib - 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L47-L51) for your testing). + 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from roles/3-base-server/tasks/main.yml * awstats * calibre-web * gitea @@ -32,7 +32,8 @@ * sugarizer * wordpress - 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/0-init/tasks/main.yml#L47-L51](../0-init/tasks/main.yml#L47-L51) for a list of these IIAB Apps/Services, that auto-enable Apache. + 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of these IIAB Apps/Services, that auto-enable Apache. + * cups ? * elgg * lokole * moodle @@ -47,4 +48,4 @@ * pbx [*] * transmission [*] -[*] The 4 above starred roles could use improvement, as of 2020-04-29. +[*] The 4 above starred roles could use improvement, as of 2020-05-16. diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml index 8294903ca..988abce03 100644 --- a/roles/nginx/tasks/enable-or-disable.yml +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -16,7 +16,7 @@ dest: "/etc/{{ apache_service }}/ports.conf" when: not nginx_enabled -- name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it +- name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml daemon_reload: yes From 333feadba0a950897ab142135b3b19d602cc42fd Mon Sep 17 00:00:00 2001 From: root Date: Sun, 17 May 2020 00:00:17 -0400 Subject: [PATCH 10/28] Clarify apache_* vars in default_vars.yml --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index fb4572340..cd36101d0 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -260,8 +260,8 @@ apache_allow_sudo: True # See also Apache vars {default_language, language_priority} @ top of this file # -# 2020-05-16: apache_install is completely ignored as Node.js is installed -# on demand as a dependency -- by Elgg, Lokole, Moodle and/or Node-RED -- +# 2020-05-16: apache_install is completely ignored as Apache is installed on +# demand as a dependency -- by CUPS, Elgg, Lokole, Moodle and/or Node-RED -- # but for now we set fake value 'apache_install: True' so that # 'apache_installed is defined' input validation works, e.g. in # 0-init/tasks/validate_vars.yml From b1fcec30fe0dcefe8574c66068e2f27c36df3f5a Mon Sep 17 00:00:00 2001 From: root Date: Sun, 17 May 2020 01:06:48 -0400 Subject: [PATCH 11/28] Reduce Apache dependency in usb_lib & nginx roles --- roles/4-server-options/tasks/main.yml | 7 +++---- roles/nginx/tasks/enable-or-disable.yml | 3 ++- roles/nginx/tasks/install.yml | 21 ++++++++++--------- roles/usb_lib/tasks/apache.yml | 12 +++++++++++ roles/usb_lib/tasks/main.yml | 8 ++++++- .../{enable-or-disable.yml => nginx.yml} | 11 ++++------ 6 files changed, 39 insertions(+), 23 deletions(-) create mode 100644 roles/usb_lib/tasks/apache.yml rename roles/usb_lib/tasks/{enable-or-disable.yml => nginx.yml} (74%) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 9b748157f..c17ad17e7 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -41,10 +41,9 @@ name: samba when: samba_install | bool -# 2020-02-12: what was roles/homepage lives in roles/www_base & -# roles/www_options for now. Eventually softcoding of iiab_home_url -# should happen everywhere (incl Admin Console) to allow more field -# options, e.g. changing /library/www/html/home even when offline... +# 2020-20-17: what was roles/homepage lives in roles/www_options. Eventually +# softcoding of iiab_home_url should happen everywhere (incl Admin Console) for +# more field options, e.g. changing /library/www/html/home even when offline... - name: WWW_OPTIONS (WWW_BASE should have been installed earlier) include_role: diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml index 988abce03..61f1d312d 100644 --- a/roles/nginx/tasks/enable-or-disable.yml +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -2,7 +2,8 @@ systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml state: stopped - when: apache_installed is defined + ignore_errors: yes + # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only template: diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index 4d65d60c7..e5678abb2 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,19 +1,20 @@ # This stanza can likely be removed later in 2020: -- name: 'Remove legacy files if present: /etc/systemd/system/uwsgi.service, {{ nginx_conf_dir }}/usb-lib.conf, {{ nginx_conf_dir }}/modules.conf' - file: - path: "{{ item.path }}" - state: absent - with_items: - - { path: "/etc/systemd/system/uwsgi.service" } - - { path: "{{ nginx_conf_dir }}/usb-lib.conf" } - - { path: "{{ nginx_conf_dir }}/modules.conf" } +# +# - name: 'Remove legacy files if present: /etc/systemd/system/uwsgi.service, {{ nginx_conf_dir }}/usb-lib.conf, {{ nginx_conf_dir }}/modules.conf' +# file: +# path: "{{ item.path }}" +# state: absent +# with_items: +# - { path: "/etc/systemd/system/uwsgi.service" } +# - { path: "{{ nginx_conf_dir }}/usb-lib.conf" } +# - { path: "{{ nginx_conf_dir }}/modules.conf" } - name: Stop '{{ apache_service }}' systemd service systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml state: stopped - when: apache_installed is defined - #ignore_errors: yes + ignore_errors: yes + # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 - name: Install required and helper packages for NGINX package: diff --git a/roles/usb_lib/tasks/apache.yml b/roles/usb_lib/tasks/apache.yml new file mode 100644 index 000000000..d847184f8 --- /dev/null +++ b/roles/usb_lib/tasks/apache.yml @@ -0,0 +1,12 @@ +- name: Enable http://box/usb via Apache + command: a2ensite content_dir.conf + when: usb_lib_enabled | bool + +- name: Disable http://box/usb via Apache + command: a2dissite content_dir.conf + when: not usb_lib_enabled + +- name: (Re)Start '{{ apache_service }}' systemd service + systemd: + name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml + state: restarted diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml index eeea1ca48..6567de348 100644 --- a/roles/usb_lib/tasks/main.yml +++ b/roles/usb_lib/tasks/main.yml @@ -30,7 +30,13 @@ when: usb_lib_installed is undefined -- include_tasks: enable-or-disable.yml +- name: Enable/Disable/Restart Apache if primary + include_tasks: apache.yml + when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool - name: Put variable in iiab.env that enables display of content at root of USB diff --git a/roles/usb_lib/tasks/enable-or-disable.yml b/roles/usb_lib/tasks/nginx.yml similarity index 74% rename from roles/usb_lib/tasks/enable-or-disable.yml rename to roles/usb_lib/tasks/nginx.yml index 4800956cd..c9152b68b 100644 --- a/roles/usb_lib/tasks/enable-or-disable.yml +++ b/roles/usb_lib/tasks/nginx.yml @@ -28,10 +28,7 @@ state: absent when: not usb_lib_enabled -- name: Enable http://box/usb via Apache, if usb_lib_enabled - command: a2ensite content_dir.conf - when: apache_install and usb_lib_enabled - -- name: Disable http://box/usb via Apache, if not usb_lib_enabled - command: a2dissite content_dir.conf - when: apache_install and not usb_lib_enabled +- name: Restart 'nginx' systemd service + systemd: + name: nginx + state: restarted From 701b12ede748b9439156ba6e3838b355778af1d5 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 17 May 2020 01:53:11 -0400 Subject: [PATCH 12/28] Put today's date in roles/nginx/README.md & 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 2 +- roles/nginx/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 7957a594d..cbbcd3451 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -8,7 +8,7 @@ name: mysql when: mysql_install | bool -# 2020-05-16: Invoked as nec by 5 roles {cups, elgg, lokole, moodle, nodered}. +# 2020-05-17: Invoked as nec by 5 roles {cups, elgg, lokole, moodle, nodered}. # These 13 roles conditionally touch Apache .conf files etc: awstats, # calibre-web, gitea, kalite, kiwix, kolibri, mediawiki, munin, nextcloud, # sugarizer, usb_lib, wordpress, www_options. SEE ALSO: roles/nginx/README.md diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 8c278ac52..041a21b6a 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,7 +10,7 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2020-05-16: +3. Current state of IIAB App/Service migrations as of 2020-05-17: 1. These support "Native" NGINX but ***NOT*** Apache * Admin Console @@ -48,4 +48,4 @@ * pbx [*] * transmission [*] -[*] The 4 above starred roles could use improvement, as of 2020-05-16. +[*] The 4 above starred roles could use improvement, as of 2020-05-17. From 4d79c4e07f44171be4405fc96cdd7fab1ea6bb75 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 17 May 2020 01:55:18 -0400 Subject: [PATCH 13/28] Put today's date in vars/default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index cd36101d0..e4f0c9b3c 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -260,7 +260,7 @@ apache_allow_sudo: True # See also Apache vars {default_language, language_priority} @ top of this file # -# 2020-05-16: apache_install is completely ignored as Apache is installed on +# 2020-05-17: apache_install is completely ignored as Apache is installed on # demand as a dependency -- by CUPS, Elgg, Lokole, Moodle and/or Node-RED -- # but for now we set fake value 'apache_install: True' so that # 'apache_installed is defined' input validation works, e.g. in From 6188f30c0a06b41006b8df5075950abb8e2e5c06 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 17 May 2020 02:13:05 -0400 Subject: [PATCH 14/28] Cleaner roles/nginx/README.md --- roles/nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 041a21b6a..4128e6ae9 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -20,7 +20,7 @@ * OER2Go/RACHEL modules * usb_lib - 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from roles/3-base-server/tasks/main.yml + 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service. But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB. You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml) * awstats * calibre-web * gitea From 10af59c17dcc78e41d2ff805e00a6896b2261a6f Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 May 2020 15:06:21 -0400 Subject: [PATCH 15/28] Update roles/captiveportal/README.md --- roles/captiveportal/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md index 19014707a..11736aadd 100644 --- a/roles/captiveportal/README.md +++ b/roles/captiveportal/README.md @@ -1,3 +1,5 @@ +_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](http://wiki.laptop.org/go/IIAB/FAQ#Captive_Portal_Administration:_What_tips_.26_tricks_exist.3F)_ + ## Theory of Operation * The captive portal function is a feature of most modern operating systems. With the increased use of https/ssl (secure sockets layer), the automatic diversion to a specific web page runs the risk of being detected as a "man in the middle" attack. From b9c1b192d74a6bcb2c098309a4bf5f81a015d6fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 18 May 2020 17:17:11 -0400 Subject: [PATCH 16/28] kiwix-tools 3.1.0-2 -> 3.1.1 --- roles/kiwix/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 471115d9c..bc92d928e 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... # http://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.0-2 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.0-2 -kiwix_version_i686: kiwix-tools_linux-i586-3.1.0-2 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.1 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.1 +kiwix_version_i686: kiwix-tools_linux-i586-3.1.1 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") From 8efc06a273f980660461b62da91da94dafe1da04 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 18 May 2020 17:33:30 -0400 Subject: [PATCH 17/28] Comments/0-init/NGINX/Apache cleanup --- roles/0-init/tasks/main.yml | 5 ----- roles/httpd/tasks/install.yml | 41 ++++++++--------------------------- roles/httpd/tasks/main.yml | 5 ++--- roles/nginx/tasks/install.yml | 11 ---------- 4 files changed, 11 insertions(+), 51 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index f43ad00a8..7b4fa58c4 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -43,11 +43,6 @@ - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values. Also checks that "XYZ_install" is True when "XYZ_installed" is defined. include_tasks: validate_vars.yml -#- name: Set exFAT_enabled if xo_model != "none" -# set_fact: -# exFAT_enabled: True -# when: xo_model != "none" - # Discover: do we have a gateway? # If Ansible detects gateway, becomes WAN candidate. - name: "Do we have a gateway? If so set discovered_wan_iface: {{ ansible_default_ipv4.alias }}" diff --git a/roles/httpd/tasks/install.yml b/roles/httpd/tasks/install.yml index ae4a80ecf..861f5ee0f 100644 --- a/roles/httpd/tasks/install.yml +++ b/roles/httpd/tasks/install.yml @@ -69,28 +69,6 @@ - mpm_prefork.load when: is_debuntu | bool -# - name: Remove mpm_event.conf & mpm_event.load symlinks, using a2dissite -# command: "a2dissite {{ item }}" -# with_items: -# - mpm_event.conf -# - mpm_event.load -# ignore_errors: yes -# -# - name: Symlink mpm_prefork.conf & mpm_prefork.load, using a2ensite -# command: "a2ensite {{ item }}" -# with_items: -# - mpm_prefork.conf -# - mpm_prefork.load - -#- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)' -# command: a2enmod {{ item }} -# with_items: -# - proxy -# - proxy_html -# - headers -# - rewrite -# when: is_debuntu | bool - - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)' apache2_module: name: "{{ item }}" @@ -115,9 +93,9 @@ file: state: directory path: "/var/run/{{ apache_user }}" - owner: root - group: root - mode: '0755' + #owner: root + #group: root + #mode: '0755' - name: 'Create group: admin' group: @@ -131,13 +109,13 @@ state: present createhome: no -- name: Create Apache dir /var/log/{{ apache_service }} +- name: Create Apache dir /var/log/{{ apache_service }} ({{ apache_user }}:{{ apache_user }}) file: state: directory path: "/var/log/{{ apache_service }}" owner: "{{ apache_user }}" group: "{{ apache_user }}" - mode: '0755' + #mode: '0755' - name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates @@ -156,15 +134,14 @@ # command: a2dissite 010-iiab.conf # when: not apache_enabled + - debug: msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url) # - include_tasks: roles/httpd/tasks/homepage.yml -# - name: Enable & Stop '{{ apache_service }}' systemd service -# systemd: -# name: "{{ apache_service }}" -# enabled: yes -# state: stopped +- name: Run 'systemctl daemon-reload' + systemd: + daemon_reload: yes # RECORD Apache AS INSTALLED diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 354212d7f..01f43ba38 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -31,12 +31,11 @@ when: apache_installed is undefined -- name: Enable & (Re)Start {{ apache_service }} systemd service, if apache_enabled +- name: Enable & Start-if-nec {{ apache_service }} systemd service, if apache_enabled systemd: name: "{{ apache_service }}" - daemon_reload: yes enabled: yes - state: restarted + state: started # No need to restart, as many IIAB apps do that later when: apache_enabled | bool - name: Disable & Stop {{ apache_service }} systemd service, if not apache_enabled diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml index e5678abb2..359e1bdd8 100644 --- a/roles/nginx/tasks/install.yml +++ b/roles/nginx/tasks/install.yml @@ -1,14 +1,3 @@ -# This stanza can likely be removed later in 2020: -# -# - name: 'Remove legacy files if present: /etc/systemd/system/uwsgi.service, {{ nginx_conf_dir }}/usb-lib.conf, {{ nginx_conf_dir }}/modules.conf' -# file: -# path: "{{ item.path }}" -# state: absent -# with_items: -# - { path: "/etc/systemd/system/uwsgi.service" } -# - { path: "{{ nginx_conf_dir }}/usb-lib.conf" } -# - { path: "{{ nginx_conf_dir }}/modules.conf" } - - name: Stop '{{ apache_service }}' systemd service systemd: name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml From 5c904b30ea8f9c3a2a7c37e6c801429682fb0c7a Mon Sep 17 00:00:00 2001 From: root Date: Wed, 20 May 2020 19:38:09 -0400 Subject: [PATCH 18/28] Further reduce dependency on Apache --- roles/3-base-server/tasks/main.yml | 16 +++++++--------- roles/cups/tasks/main.yml | 6 ++++-- roles/internetarchive/tasks/install.yml | 15 +++++++++------ roles/internetarchive/tasks/main.yml | 6 ++---- roles/mysql/tasks/install.yml | 3 ++- roles/nginx/README.md | 9 +++++---- roles/phpmyadmin/tasks/main.yml | 16 +++++++++++++--- 7 files changed, 42 insertions(+), 29 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index cbbcd3451..d81eb560d 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -8,16 +8,14 @@ name: mysql when: mysql_install | bool -# 2020-05-17: Invoked as nec by 5 roles {cups, elgg, lokole, moodle, nodered}. -# These 13 roles conditionally touch Apache .conf files etc: awstats, -# calibre-web, gitea, kalite, kiwix, kolibri, mediawiki, munin, nextcloud, -# sugarizer, usb_lib, wordpress, www_options. SEE ALSO: roles/nginx/README.md -# CAUTION: mysql/tasks/install.yml's php install drags in apache2 regardless ! +# 2020-05-20: Apache role 'httpd' is installed as nec by any of these 6 roles: +# cups, elgg, lokole, moodle, nodered, phpmyadmin. # -# - name: HTTPD (Apache) -# include_role: -# name: httpd -# when: apache_install | bool +# These 14 roles conditionally touch Apache .conf files etc: awstats, +# calibre-web, gitea, internetarchive, kalite, kiwix, kolibri, mediawiki, +# munin, nextcloud, sugarizer, usb_lib, wordpress, www_options. +# +# SEE ALSO: roles/nginx/README.md - name: NGINX include_role: diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index a8e488573..3a4beda15 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -3,8 +3,10 @@ # TO DO: # - validate input vars + prereqs -# - move 7 top stanzas into install.yml -# - move 7 next stanzas into enable-or-disable.yml +# - move ~7 top stanzas into install.yml +# - move ~7 next stanzas into enable-or-disable.yml +# - create /etc/nginx/conf.d/cups-nginx.conf as SHIM to Apache on port 8090 ? +# - deprecate ~2 F18 stanzas? - name: "Set 'apache_install: True' and 'apache_enabled: True'" diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 41896e647..44ebcdc29 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -56,13 +56,16 @@ # 3. CONFIG FILES -- name: "Install from templates: /etc/systemd/system/internetarchive.service, /etc/{{ apache_conf_dir }}/internetarchive.conf" +- name: "Install from template: /etc/systemd/system/internetarchive.service" template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' } - - { src: 'internetarchive.conf', dest: '/etc/{{ apache_conf_dir }}/internetarchive.conf' } # apache2/sites-available + src: internetarchive.service.j2 + dest: /etc/systemd/system/internetarchive.service + +- name: "Install from template: /etc/{{ apache_conf_dir }}/internetarchive.conf" + template: + src: internetarchive.conf + dest: "{{ /etc/{{ apache_conf_dir }}/internetarchive.conf }}" # apache2/sites-available + when: apache_installed is defined # 4. RECORD Internet Archive AS INSTALLED diff --git a/roles/internetarchive/tasks/main.yml b/roles/internetarchive/tasks/main.yml index 3b908a143..06988fc2a 100644 --- a/roles/internetarchive/tasks/main.yml +++ b/roles/internetarchive/tasks/main.yml @@ -51,7 +51,6 @@ when: internetarchive_installed is undefined and internet_available - # ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ? - name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled @@ -69,10 +68,9 @@ state: stopped when: not internetarchive_enabled -#- name: Enable/Disable/Restart Apache if primary -- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache +- name: Enable/Disable/Restart Apache if primary include_tasks: apache.yml - #when: not nginx_enabled + when: apache_installed is defined and not nginx_enabled - name: Enable/Disable/Restart NGINX if primary include_tasks: nginx.yml diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 49634a5f0..6b5875a51 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -10,7 +10,8 @@ name: - mariadb-server - mariadb-client - - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC + # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC + - php{{ php_version }}-common # 2020-05-19: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec? - php{{ php_version }}-mysql - php-pear - php{{ php_version }}-gd diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 4128e6ae9..b2c35f702 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,7 +10,7 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2020-05-17: +3. Current state of IIAB App/Service migrations as of 2020-05-20: 1. These support "Native" NGINX but ***NOT*** Apache * Admin Console @@ -32,8 +32,8 @@ * sugarizer * wordpress - 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of these IIAB Apps/Services, that auto-enable Apache. - * cups ? + 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache. + * cups [*, shim not yet in place.] * elgg * lokole * moodle @@ -46,6 +46,7 @@ * minetest [*] * openvpn * pbx [*] + * phpmyadmin [*, requires Apache for now, as in Section 3.] * transmission [*] -[*] The 4 above starred roles could use improvement, as of 2020-05-17. +[*] The 6 above starred roles could use improvement, as of 2020-05-20. diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index bfc8587d7..e5911c92c 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -1,3 +1,13 @@ +- name: "Set 'apache_install: True' and 'apache_enabled: True'" + set_fact: + apache_install: True + apache_enabled: True + +- name: APACHE - run 'httpd' role + include_role: + name: httpd + + - name: Download {{ iiab_download_url }}/{{ phpmyadmin_name_zip }} to {{ downloads_dir }} get_url: url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}" @@ -49,7 +59,7 @@ template: src: phpmyadmin.j2 dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf" - when: apache_install | bool + when: apache_installed is defined # RECORD phpMyAdmin AS INSTALLED @@ -67,11 +77,11 @@ - name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled command: a2ensite phpmyadmin.conf - when: apache_install and phpmyadmin_enabled + when: apache_installed is defined and phpmyadmin_enabled - name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled command: a2dissite phpmyadmin.conf - when: apache_install and not phpmyadmin_enabled + when: apache_installed is defined and not phpmyadmin_enabled - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} From 2bc25d3c84738670f90f67252a4eb5a2d76e7624 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 May 2020 00:54:30 +0000 Subject: [PATCH 19/28] Fix internetarchive/tasks/install.yml --- roles/internetarchive/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/internetarchive/tasks/install.yml b/roles/internetarchive/tasks/install.yml index 44ebcdc29..180118367 100644 --- a/roles/internetarchive/tasks/install.yml +++ b/roles/internetarchive/tasks/install.yml @@ -64,7 +64,7 @@ - name: "Install from template: /etc/{{ apache_conf_dir }}/internetarchive.conf" template: src: internetarchive.conf - dest: "{{ /etc/{{ apache_conf_dir }}/internetarchive.conf }}" # apache2/sites-available + dest: "/etc/{{ apache_conf_dir }}/internetarchive.conf" # apache2/sites-available when: apache_installed is defined From 92af3485ec3bd367b1d7ff6b8bcc7fcb69b64db9 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 May 2020 02:49:11 -0400 Subject: [PATCH 20/28] elgg/tasks/install.yml needs pkg libapache2-mod-php{{ php_version }} --- roles/3-base-server/tasks/main.yml | 2 +- roles/elgg/tasks/install.yml | 5 +++++ roles/nginx/README.md | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index d81eb560d..bd8725822 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -8,7 +8,7 @@ name: mysql when: mysql_install | bool -# 2020-05-20: Apache role 'httpd' is installed as nec by any of these 6 roles: +# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles: # cups, elgg, lokole, moodle, nodered, phpmyadmin. # # These 14 roles conditionally touch Apache .conf files etc: awstats, diff --git a/roles/elgg/tasks/install.yml b/roles/elgg/tasks/install.yml index 262b69ffd..eb249c43a 100644 --- a/roles/elgg/tasks/install.yml +++ b/roles/elgg/tasks/install.yml @@ -7,6 +7,11 @@ include_role: name: httpd +# 2020-05-21: Required now that mysql/tasks/install.yml installs +# "php{{ php_version }}-common" rather than the full "php{{ php_version }}" +- name: "Install package: libapache2-mod-php{{ php_version }}" + package: + name: "libapache2-mod-php{{ php_version }}" # Assume (enforce?) MySQL is running # diff --git a/roles/nginx/README.md b/roles/nginx/README.md index b2c35f702..5dd5a829c 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,7 +10,7 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2020-05-20: +3. Current state of IIAB App/Service migrations as of 2020-05-21: 1. These support "Native" NGINX but ***NOT*** Apache * Admin Console @@ -49,4 +49,4 @@ * phpmyadmin [*, requires Apache for now, as in Section 3.] * transmission [*] -[*] The 6 above starred roles could use improvement, as of 2020-05-20. +[*] The 6 above starred roles could use improvement, as of 2020-05-21. From afd9ee43437f3c943959c274a074f328b45fa5a1 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 May 2020 03:05:22 -0400 Subject: [PATCH 21/28] Annotate comments with 2020-05-21 --- roles/mysql/tasks/install.yml | 4 ++-- vars/default_vars.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mysql/tasks/install.yml b/roles/mysql/tasks/install.yml index 6b5875a51..9c7d5678f 100644 --- a/roles/mysql/tasks/install.yml +++ b/roles/mysql/tasks/install.yml @@ -1,4 +1,4 @@ -# Stanzas as of 2020-02-04: +# Stanzas as of 2020-05-21: # # - 1 base install # - 6 double timeout for slow CPUs @@ -11,7 +11,7 @@ - mariadb-server - mariadb-client # - php{{ php_version }} # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC - - php{{ php_version }}-common # 2020-05-19: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec? + - php{{ php_version }}-common # 2020-05-21: @jvonau suggests this to avoid Apache above. Or its superset php{{ php_version }}-cli if absolutely nec? - php{{ php_version }}-mysql - php-pear - php{{ php_version }}-gd diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e4f0c9b3c..2d0ed6446 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -260,7 +260,7 @@ apache_allow_sudo: True # See also Apache vars {default_language, language_priority} @ top of this file # -# 2020-05-17: apache_install is completely ignored as Apache is installed on +# 2020-05-21: apache_install is completely ignored as Apache is installed on # demand as a dependency -- by CUPS, Elgg, Lokole, Moodle and/or Node-RED -- # but for now we set fake value 'apache_install: True' so that # 'apache_installed is defined' input validation works, e.g. in From 39cd30548c5be9be9c01874ab5a2325b82df2ba1 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 May 2020 17:00:01 +0000 Subject: [PATCH 22/28] More doc cleanup: rpi -> raspbian in mongodb/tasks/install.yml --- roles/mongodb/tasks/install.yml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 7fdbb1c6c..d0e17d32a 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,6 +1,6 @@ # 1. INSTALL MongoDB PACKAGES OR BINARIES -- name: "Install packages: mongodb, mongodb-server (not rpi)" +- name: "Install packages: mongodb, mongodb-server (not raspbian)" package: name: - mongodb-server @@ -9,8 +9,8 @@ when: internet_available and not is_raspbian # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so -# https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/ -# is being used on RPi, all I found! (Raspbian's apt pkg is MongoDB 2.4.14) +# https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/ is +# being used on Raspbian, all I found! (Raspbian's apt pkg is MongoDB 2.4.14) # # mongodb_stretch_3_0_14_core.zip (20M) & mongodb_stretch_3_0_14_tools.zip (15M) # were backed up from andyfelong.com to http://download.iiab.io/packages/ @@ -18,50 +18,50 @@ # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) -- name: Create dir /tmp/mongodb-3.0.1x (rpi) +- name: Create dir /tmp/mongodb-3.0.1x (raspbian) file: path: /tmp/mongodb-3.0.1x state: directory when: internet_available and is_raspbian -- name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (rpi) +- name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (raspbian) unarchive: remote_src: yes src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" dest: /tmp/mongodb-3.0.1x when: internet_available and is_raspbian -- name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (rpi) +- name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (raspbian) shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin when: internet_available and is_raspbian -- name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (rpi) +- name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (raspbian) unarchive: remote_src: yes src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" dest: /tmp/mongodb-3.0.1x when: internet_available and is_raspbian -- name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (rpi) +- name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (raspbian) shell: mv /tmp/mongodb-3.0.1x/tools/* /usr/bin when: internet_available and is_raspbian # OLD WAY / MUCH SLOWER: had put unnec duplicate copies in /opt/iiab/downloads/mongodb-3.0.1x # -#- name: Create dir /opt/iiab/downloads/mongodb-3.0.1x (rpi) +#- name: Create dir /opt/iiab/downloads/mongodb-3.0.1x (raspbian) # file: # path: "{{ downloads_dir }}/mongodb-3.0.1x" # state: directory # when: internet_available and is_raspbian # -#- name: Download & unzip MongoDB 3.0.14's 3 core binaries to /opt/iiab/downloads/mongodb-3.0.1x (rpi) +#- name: Download & unzip MongoDB 3.0.14's 3 core binaries to /opt/iiab/downloads/mongodb-3.0.1x (raspbian) # unarchive: # remote_src: yes # src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # dest: "{{ downloads_dir }}/mongodb-3.0.1x" # when: internet_available and is_raspbian # -#- name: Install (copy) 3 binaries from /opt/iiab/downloads/mongodb-3.0.1x/core to /usr/bin (rpi) +#- name: Install (copy) 3 binaries from /opt/iiab/downloads/mongodb-3.0.1x/core to /usr/bin (raspbian) # copy: # src: "{{ item }}" # dest: /usr/bin @@ -69,14 +69,14 @@ # - "{{ downloads_dir }}/mongodb-3.0.1x/core/*" # when: internet_available and is_raspbian # -#- name: Download & unzip MongoDB 3.0.15's 9 tools binaries to /opt/iiab/downloads/mongodb-3.0.1x (rpi) +#- name: Download & unzip MongoDB 3.0.15's 9 tools binaries to /opt/iiab/downloads/mongodb-3.0.1x (raspbian) # unarchive: # remote_src: yes # src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" # dest: "{{ downloads_dir }}/mongodb-3.0.1x" # when: internet_available and is_raspbian # -#- name: Install (copy) 9 binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (rpi) +#- name: Install (copy) 9 binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (raspbian) # copy: # src: "{{ item }}" # dest: /usr/bin @@ -84,13 +84,13 @@ # - "{{ downloads_dir }}/mongodb-3.0.1x/tools/*" # when: internet_available and is_raspbian -- name: Create Linux group mongodb (rpi) +- name: Create Linux group mongodb (raspbian) group: name: mongodb state: present when: is_raspbian | bool -- name: Create Linux user mongodb (rpi) +- name: Create Linux user mongodb (raspbian) user: name: mongodb group: mongodb # primary group From cd714402bfea95edbe3433c40f2719960bdb1b45 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 21 May 2020 18:07:51 +0000 Subject: [PATCH 23/28] Install apache2 at end of 9-local-addons if admin_console_install: True (TEMPORARY) --- roles/9-local-addons/tasks/main.yml | 32 ++++------------------------- vars/default_vars.yml | 6 +++--- 2 files changed, 7 insertions(+), 31 deletions(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 00f7712dd..eccf86b7c 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -30,34 +30,10 @@ name: calibre-web when: calibreweb_install | bool -# Could split these two below to Stage 10? 2020-02-12: Experimentally moving -# stuff to roles/3-base-server, 4-server-options, roles/httpd, roles/nginx. - -# - name: "Set 'nginx_enabled: True'" -# set_fact: -# nginx_enabled: True -# -# - name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True -# include_role: -# name: nginx -# when: nginx_enabled | bool # WAS: nginx_install -# # If just CONFIGURING (etc) shouldn't we use one of the following instead ?? -# # include_tasks: roles/nginx/tasks/setup.yml -# # include_tasks: roles/nginx/tasks/enable.yml - -# - name: "Set 'apache_enabled: True'" -# set_fact: -# apache_enabled: True -# -# - name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True -# include_role: -# name: httpd -# #name: httpd-enable -# when: apache_enabled | bool # WAS: apache_install -# # WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE! -# # https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44 -# # Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md -# # 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml +- name: '2020-05-21: TEMPORARILY INSTALL APACHE UNTIL ADMIN CONSOLE DECLARES (OR REMOVES?) ITS DEPENDENCY within [console : Enable ssl] to avoid error "Neither of apache2ctl nor apachctl found. At least one apache control binary is necessary." -- possibly var adm_cons_force_ssl is still useful here?' + package: + name: apache2 + when: admin_console_install | bool - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 2d0ed6446..e5ad0bc0f 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -229,9 +229,9 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER -# 2020-01-22: Both vars unused. SEE ABOVE js_menu_install. -admin_console_install: True -admin_console_enabled: True +# 2020-01-22: See also js_menu_install (above). +admin_console_install: True # For now in roles/9-local-addons/tasks/main.yml +admin_console_enabled: True # Not in active use as of 2020-05-21 # MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml mysql_install: True From 4f985b55345c580bad0a496879d533b2d11e77c8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 May 2020 14:47:16 -0400 Subject: [PATCH 24/28] Update default_vars.yml --- vars/default_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e5ad0bc0f..990be83af 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -261,8 +261,8 @@ apache_allow_sudo: True # See also Apache vars {default_language, language_priority} @ top of this file # # 2020-05-21: apache_install is completely ignored as Apache is installed on -# demand as a dependency -- by CUPS, Elgg, Lokole, Moodle and/or Node-RED -- -# but for now we set fake value 'apache_install: True' so that +# demand as a dependency -- by CUPS, Elgg, Lokole, Moodle, Node-RED and/or +# phpMyAdmin -- but for now we set fake value 'apache_install: True' so that # 'apache_installed is defined' input validation works, e.g. in # 0-init/tasks/validate_vars.yml apache_install: True From 0a298e4e95b9e3c91278ae0daa7d3540b9c9dd70 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 May 2020 00:38:18 -0400 Subject: [PATCH 25/28] Typo (comment) fix in 4-server-options/tasks/main.yml --- roles/4-server-options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index c17ad17e7..5cdd03e99 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -41,7 +41,7 @@ name: samba when: samba_install | bool -# 2020-20-17: what was roles/homepage lives in roles/www_options. Eventually +# 2020-02-17: what was roles/homepage lives in roles/www_options. Eventually # softcoding of iiab_home_url should happen everywhere (incl Admin Console) for # more field options, e.g. changing /library/www/html/home even when offline... From 82c1350f030eff3cab5a38888f26e8fe72a62e98 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 May 2020 01:12:07 -0400 Subject: [PATCH 26/28] Clarify in nginx/tasks/enable-or-disable.yml that... mysql's php no longer installs Apache --- roles/nginx/tasks/enable-or-disable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/tasks/enable-or-disable.yml b/roles/nginx/tasks/enable-or-disable.yml index 61f1d312d..d23bb6419 100644 --- a/roles/nginx/tasks/enable-or-disable.yml +++ b/roles/nginx/tasks/enable-or-disable.yml @@ -3,7 +3,7 @@ name: "{{ apache_service }}" # apache2 or httpd, per /opt/iiab/iiab/vars/.yml state: stopped ignore_errors: yes - # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2 + # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!) - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only template: From fc074b35b3f56d1a1588fdb6a80dfcaccfc4f730 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 22 May 2020 07:44:28 -0400 Subject: [PATCH 27/28] Clean Apache explanation in 3-base-server/tasks/main.yml --- roles/3-base-server/tasks/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index bd8725822..e8d34337f 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -9,13 +9,15 @@ when: mysql_install | bool # 2020-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles: -# cups, elgg, lokole, moodle, nodered, phpmyadmin. # -# These 14 roles conditionally touch Apache .conf files etc: awstats, -# calibre-web, gitea, internetarchive, kalite, kiwix, kolibri, mediawiki, -# munin, nextcloud, sugarizer, usb_lib, wordpress, www_options. +# cups, elgg, lokole, moodle, nodered, phpmyadmin # -# SEE ALSO: roles/nginx/README.md +# These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files: +# +# awstats, calibre-web, gitea, internetarchive, kalite, kiwix, kolibri, +# mediawiki, munin, nextcloud, sugarizer, usb_lib, wordpress, www_options +# +# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md - name: NGINX include_role: From 17f669597b3cc0aeb872e9cc73dd389446f997cb Mon Sep 17 00:00:00 2001 From: Tim Moody Date: Fri, 22 May 2020 10:27:40 -0400 Subject: [PATCH 28/28] js libs for nacl encryption --- roles/www_base/files/html/js/nacl-fast.min.js | 1 + roles/www_base/files/html/js/nacl-util.min.js | 1 + 2 files changed, 2 insertions(+) create mode 100644 roles/www_base/files/html/js/nacl-fast.min.js create mode 100644 roles/www_base/files/html/js/nacl-util.min.js diff --git a/roles/www_base/files/html/js/nacl-fast.min.js b/roles/www_base/files/html/js/nacl-fast.min.js new file mode 100644 index 000000000..348ec2e23 --- /dev/null +++ b/roles/www_base/files/html/js/nacl-fast.min.js @@ -0,0 +1 @@ +!function(i){"use strict";var v=function(r){var t,n=new Float64Array(16);if(r)for(t=0;t>24&255,r[t+1]=n>>16&255,r[t+2]=n>>8&255,r[t+3]=255&n,r[t+4]=e>>24&255,r[t+5]=e>>16&255,r[t+6]=e>>8&255,r[t+7]=255&e}function w(r,t,n,e,o){var i,h=0;for(i=0;i>>8)-1}function b(r,t,n,e){return w(r,t,n,e,16)}function g(r,t,n,e){return w(r,t,n,e,32)}function A(r,t,n,e){!function(r,t,n,e){for(var o,i=255&e[0]|(255&e[1])<<8|(255&e[2])<<16|(255&e[3])<<24,h=255&n[0]|(255&n[1])<<8|(255&n[2])<<16|(255&n[3])<<24,a=255&n[4]|(255&n[5])<<8|(255&n[6])<<16|(255&n[7])<<24,f=255&n[8]|(255&n[9])<<8|(255&n[10])<<16|(255&n[11])<<24,s=255&n[12]|(255&n[13])<<8|(255&n[14])<<16|(255&n[15])<<24,u=255&e[4]|(255&e[5])<<8|(255&e[6])<<16|(255&e[7])<<24,c=255&t[0]|(255&t[1])<<8|(255&t[2])<<16|(255&t[3])<<24,y=255&t[4]|(255&t[5])<<8|(255&t[6])<<16|(255&t[7])<<24,l=255&t[8]|(255&t[9])<<8|(255&t[10])<<16|(255&t[11])<<24,w=255&t[12]|(255&t[13])<<8|(255&t[14])<<16|(255&t[15])<<24,v=255&e[8]|(255&e[9])<<8|(255&e[10])<<16|(255&e[11])<<24,p=255&n[16]|(255&n[17])<<8|(255&n[18])<<16|(255&n[19])<<24,b=255&n[20]|(255&n[21])<<8|(255&n[22])<<16|(255&n[23])<<24,g=255&n[24]|(255&n[25])<<8|(255&n[26])<<16|(255&n[27])<<24,A=255&n[28]|(255&n[29])<<8|(255&n[30])<<16|(255&n[31])<<24,_=255&e[12]|(255&e[13])<<8|(255&e[14])<<16|(255&e[15])<<24,U=i,d=h,E=a,x=f,M=s,m=u,B=c,S=y,k=l,K=w,Y=v,L=p,T=b,z=g,R=A,P=_,N=0;N<20;N+=2)U^=(o=(T^=(o=(k^=(o=(M^=(o=U+T|0)<<7|o>>>25)+U|0)<<9|o>>>23)+M|0)<<13|o>>>19)+k|0)<<18|o>>>14,m^=(o=(d^=(o=(z^=(o=(K^=(o=m+d|0)<<7|o>>>25)+m|0)<<9|o>>>23)+K|0)<<13|o>>>19)+z|0)<<18|o>>>14,Y^=(o=(B^=(o=(E^=(o=(R^=(o=Y+B|0)<<7|o>>>25)+Y|0)<<9|o>>>23)+R|0)<<13|o>>>19)+E|0)<<18|o>>>14,P^=(o=(L^=(o=(S^=(o=(x^=(o=P+L|0)<<7|o>>>25)+P|0)<<9|o>>>23)+x|0)<<13|o>>>19)+S|0)<<18|o>>>14,U^=(o=(x^=(o=(E^=(o=(d^=(o=U+x|0)<<7|o>>>25)+U|0)<<9|o>>>23)+d|0)<<13|o>>>19)+E|0)<<18|o>>>14,m^=(o=(M^=(o=(S^=(o=(B^=(o=m+M|0)<<7|o>>>25)+m|0)<<9|o>>>23)+B|0)<<13|o>>>19)+S|0)<<18|o>>>14,Y^=(o=(K^=(o=(k^=(o=(L^=(o=Y+K|0)<<7|o>>>25)+Y|0)<<9|o>>>23)+L|0)<<13|o>>>19)+k|0)<<18|o>>>14,P^=(o=(R^=(o=(z^=(o=(T^=(o=P+R|0)<<7|o>>>25)+P|0)<<9|o>>>23)+T|0)<<13|o>>>19)+z|0)<<18|o>>>14;U=U+i|0,d=d+h|0,E=E+a|0,x=x+f|0,M=M+s|0,m=m+u|0,B=B+c|0,S=S+y|0,k=k+l|0,K=K+w|0,Y=Y+v|0,L=L+p|0,T=T+b|0,z=z+g|0,R=R+A|0,P=P+_|0,r[0]=U>>>0&255,r[1]=U>>>8&255,r[2]=U>>>16&255,r[3]=U>>>24&255,r[4]=d>>>0&255,r[5]=d>>>8&255,r[6]=d>>>16&255,r[7]=d>>>24&255,r[8]=E>>>0&255,r[9]=E>>>8&255,r[10]=E>>>16&255,r[11]=E>>>24&255,r[12]=x>>>0&255,r[13]=x>>>8&255,r[14]=x>>>16&255,r[15]=x>>>24&255,r[16]=M>>>0&255,r[17]=M>>>8&255,r[18]=M>>>16&255,r[19]=M>>>24&255,r[20]=m>>>0&255,r[21]=m>>>8&255,r[22]=m>>>16&255,r[23]=m>>>24&255,r[24]=B>>>0&255,r[25]=B>>>8&255,r[26]=B>>>16&255,r[27]=B>>>24&255,r[28]=S>>>0&255,r[29]=S>>>8&255,r[30]=S>>>16&255,r[31]=S>>>24&255,r[32]=k>>>0&255,r[33]=k>>>8&255,r[34]=k>>>16&255,r[35]=k>>>24&255,r[36]=K>>>0&255,r[37]=K>>>8&255,r[38]=K>>>16&255,r[39]=K>>>24&255,r[40]=Y>>>0&255,r[41]=Y>>>8&255,r[42]=Y>>>16&255,r[43]=Y>>>24&255,r[44]=L>>>0&255,r[45]=L>>>8&255,r[46]=L>>>16&255,r[47]=L>>>24&255,r[48]=T>>>0&255,r[49]=T>>>8&255,r[50]=T>>>16&255,r[51]=T>>>24&255,r[52]=z>>>0&255,r[53]=z>>>8&255,r[54]=z>>>16&255,r[55]=z>>>24&255,r[56]=R>>>0&255,r[57]=R>>>8&255,r[58]=R>>>16&255,r[59]=R>>>24&255,r[60]=P>>>0&255,r[61]=P>>>8&255,r[62]=P>>>16&255,r[63]=P>>>24&255}(r,t,n,e)}function _(r,t,n,e){!function(r,t,n,e){for(var o,i=255&e[0]|(255&e[1])<<8|(255&e[2])<<16|(255&e[3])<<24,h=255&n[0]|(255&n[1])<<8|(255&n[2])<<16|(255&n[3])<<24,a=255&n[4]|(255&n[5])<<8|(255&n[6])<<16|(255&n[7])<<24,f=255&n[8]|(255&n[9])<<8|(255&n[10])<<16|(255&n[11])<<24,s=255&n[12]|(255&n[13])<<8|(255&n[14])<<16|(255&n[15])<<24,u=255&e[4]|(255&e[5])<<8|(255&e[6])<<16|(255&e[7])<<24,c=255&t[0]|(255&t[1])<<8|(255&t[2])<<16|(255&t[3])<<24,y=255&t[4]|(255&t[5])<<8|(255&t[6])<<16|(255&t[7])<<24,l=255&t[8]|(255&t[9])<<8|(255&t[10])<<16|(255&t[11])<<24,w=255&t[12]|(255&t[13])<<8|(255&t[14])<<16|(255&t[15])<<24,v=255&e[8]|(255&e[9])<<8|(255&e[10])<<16|(255&e[11])<<24,p=255&n[16]|(255&n[17])<<8|(255&n[18])<<16|(255&n[19])<<24,b=255&n[20]|(255&n[21])<<8|(255&n[22])<<16|(255&n[23])<<24,g=255&n[24]|(255&n[25])<<8|(255&n[26])<<16|(255&n[27])<<24,A=255&n[28]|(255&n[29])<<8|(255&n[30])<<16|(255&n[31])<<24,_=255&e[12]|(255&e[13])<<8|(255&e[14])<<16|(255&e[15])<<24,U=0;U<20;U+=2)i^=(o=(b^=(o=(l^=(o=(s^=(o=i+b|0)<<7|o>>>25)+i|0)<<9|o>>>23)+s|0)<<13|o>>>19)+l|0)<<18|o>>>14,u^=(o=(h^=(o=(g^=(o=(w^=(o=u+h|0)<<7|o>>>25)+u|0)<<9|o>>>23)+w|0)<<13|o>>>19)+g|0)<<18|o>>>14,v^=(o=(c^=(o=(a^=(o=(A^=(o=v+c|0)<<7|o>>>25)+v|0)<<9|o>>>23)+A|0)<<13|o>>>19)+a|0)<<18|o>>>14,_^=(o=(p^=(o=(y^=(o=(f^=(o=_+p|0)<<7|o>>>25)+_|0)<<9|o>>>23)+f|0)<<13|o>>>19)+y|0)<<18|o>>>14,i^=(o=(f^=(o=(a^=(o=(h^=(o=i+f|0)<<7|o>>>25)+i|0)<<9|o>>>23)+h|0)<<13|o>>>19)+a|0)<<18|o>>>14,u^=(o=(s^=(o=(y^=(o=(c^=(o=u+s|0)<<7|o>>>25)+u|0)<<9|o>>>23)+c|0)<<13|o>>>19)+y|0)<<18|o>>>14,v^=(o=(w^=(o=(l^=(o=(p^=(o=v+w|0)<<7|o>>>25)+v|0)<<9|o>>>23)+p|0)<<13|o>>>19)+l|0)<<18|o>>>14,_^=(o=(A^=(o=(g^=(o=(b^=(o=_+A|0)<<7|o>>>25)+_|0)<<9|o>>>23)+b|0)<<13|o>>>19)+g|0)<<18|o>>>14;r[0]=i>>>0&255,r[1]=i>>>8&255,r[2]=i>>>16&255,r[3]=i>>>24&255,r[4]=u>>>0&255,r[5]=u>>>8&255,r[6]=u>>>16&255,r[7]=u>>>24&255,r[8]=v>>>0&255,r[9]=v>>>8&255,r[10]=v>>>16&255,r[11]=v>>>24&255,r[12]=_>>>0&255,r[13]=_>>>8&255,r[14]=_>>>16&255,r[15]=_>>>24&255,r[16]=c>>>0&255,r[17]=c>>>8&255,r[18]=c>>>16&255,r[19]=c>>>24&255,r[20]=y>>>0&255,r[21]=y>>>8&255,r[22]=y>>>16&255,r[23]=y>>>24&255,r[24]=l>>>0&255,r[25]=l>>>8&255,r[26]=l>>>16&255,r[27]=l>>>24&255,r[28]=w>>>0&255,r[29]=w>>>8&255,r[30]=w>>>16&255,r[31]=w>>>24&255}(r,t,n,e)}var U=new Uint8Array([101,120,112,97,110,100,32,51,50,45,98,121,116,101,32,107]);function d(r,t,n,e,o,i,h){var a,f,s=new Uint8Array(16),u=new Uint8Array(64);for(f=0;f<16;f++)s[f]=0;for(f=0;f<8;f++)s[f]=i[f];for(;64<=o;){for(A(u,s,h,U),f=0;f<64;f++)r[t+f]=n[e+f]^u[f];for(a=1,f=8;f<16;f++)a=a+(255&s[f])|0,s[f]=255&a,a>>>=8;o-=64,t+=64,e+=64}if(0>>=8;n-=64,t+=64}if(0>>13|n<<3),e=255&r[4]|(255&r[5])<<8,this.r[2]=7939&(n>>>10|e<<6),o=255&r[6]|(255&r[7])<<8,this.r[3]=8191&(e>>>7|o<<9),i=255&r[8]|(255&r[9])<<8,this.r[4]=255&(o>>>4|i<<12),this.r[5]=i>>>1&8190,h=255&r[10]|(255&r[11])<<8,this.r[6]=8191&(i>>>14|h<<2),a=255&r[12]|(255&r[13])<<8,this.r[7]=8065&(h>>>11|a<<5),f=255&r[14]|(255&r[15])<<8,this.r[8]=8191&(a>>>8|f<<8),this.r[9]=f>>>5&127,this.pad[0]=255&r[16]|(255&r[17])<<8,this.pad[1]=255&r[18]|(255&r[19])<<8,this.pad[2]=255&r[20]|(255&r[21])<<8,this.pad[3]=255&r[22]|(255&r[23])<<8,this.pad[4]=255&r[24]|(255&r[25])<<8,this.pad[5]=255&r[26]|(255&r[27])<<8,this.pad[6]=255&r[28]|(255&r[29])<<8,this.pad[7]=255&r[30]|(255&r[31])<<8};function B(r,t,n,e,o,i){var h=new m(i);return h.update(n,e,o),h.finish(r,t),0}function S(r,t,n,e,o,i){var h=new Uint8Array(16);return B(h,0,n,e,o,i),b(r,t,h,0)}function k(r,t,n,e,o){var i;if(n<32)return-1;for(M(r,0,t,0,n,e,o),B(r,16,r,32,n-32,r),i=0;i<16;i++)r[i]=0;return 0}function K(r,t,n,e,o){var i,h=new Uint8Array(32);if(n<32)return-1;if(x(h,0,32,e,o),0!==S(t,16,t,32,n-32,h))return-1;for(M(r,0,t,0,n,e,o),i=0;i<32;i++)r[i]=0;return 0}function Y(r,t){var n;for(n=0;n<16;n++)r[n]=0|t[n]}function L(r){var t,n,e=1;for(t=0;t<16;t++)n=r[t]+e+65535,e=Math.floor(n/65536),r[t]=n-65536*e;r[0]+=e-1+37*(e-1)}function T(r,t,n){for(var e,o=~(n-1),i=0;i<16;i++)e=o&(r[i]^t[i]),r[i]^=e,t[i]^=e}function z(r,t){var n,e,o,i=v(),h=v();for(n=0;n<16;n++)h[n]=t[n];for(L(h),L(h),L(h),e=0;e<2;e++){for(i[0]=h[0]-65517,n=1;n<15;n++)i[n]=h[n]-65535-(i[n-1]>>16&1),i[n-1]&=65535;i[15]=h[15]-32767-(i[14]>>16&1),o=i[15]>>16&1,i[14]&=65535,T(h,i,1-o)}for(n=0;n<16;n++)r[2*n]=255&h[n],r[2*n+1]=h[n]>>8}function R(r,t){var n=new Uint8Array(32),e=new Uint8Array(32);return z(n,r),z(e,t),g(n,0,e,0)}function P(r){var t=new Uint8Array(32);return z(t,r),1&t[0]}function N(r,t){var n;for(n=0;n<16;n++)r[n]=t[2*n]+(t[2*n+1]<<8);r[15]&=32767}function O(r,t,n){for(var e=0;e<16;e++)r[e]=t[e]+n[e]}function C(r,t,n){for(var e=0;e<16;e++)r[e]=t[e]-n[e]}function F(r,t,n){var e,o,i=0,h=0,a=0,f=0,s=0,u=0,c=0,y=0,l=0,w=0,v=0,p=0,b=0,g=0,A=0,_=0,U=0,d=0,E=0,x=0,M=0,m=0,B=0,S=0,k=0,K=0,Y=0,L=0,T=0,z=0,R=0,P=n[0],N=n[1],O=n[2],C=n[3],F=n[4],I=n[5],Z=n[6],G=n[7],q=n[8],D=n[9],V=n[10],X=n[11],j=n[12],H=n[13],J=n[14],Q=n[15];i+=(e=t[0])*P,h+=e*N,a+=e*O,f+=e*C,s+=e*F,u+=e*I,c+=e*Z,y+=e*G,l+=e*q,w+=e*D,v+=e*V,p+=e*X,b+=e*j,g+=e*H,A+=e*J,_+=e*Q,h+=(e=t[1])*P,a+=e*N,f+=e*O,s+=e*C,u+=e*F,c+=e*I,y+=e*Z,l+=e*G,w+=e*q,v+=e*D,p+=e*V,b+=e*X,g+=e*j,A+=e*H,_+=e*J,U+=e*Q,a+=(e=t[2])*P,f+=e*N,s+=e*O,u+=e*C,c+=e*F,y+=e*I,l+=e*Z,w+=e*G,v+=e*q,p+=e*D,b+=e*V,g+=e*X,A+=e*j,_+=e*H,U+=e*J,d+=e*Q,f+=(e=t[3])*P,s+=e*N,u+=e*O,c+=e*C,y+=e*F,l+=e*I,w+=e*Z,v+=e*G,p+=e*q,b+=e*D,g+=e*V,A+=e*X,_+=e*j,U+=e*H,d+=e*J,E+=e*Q,s+=(e=t[4])*P,u+=e*N,c+=e*O,y+=e*C,l+=e*F,w+=e*I,v+=e*Z,p+=e*G,b+=e*q,g+=e*D,A+=e*V,_+=e*X,U+=e*j,d+=e*H,E+=e*J,x+=e*Q,u+=(e=t[5])*P,c+=e*N,y+=e*O,l+=e*C,w+=e*F,v+=e*I,p+=e*Z,b+=e*G,g+=e*q,A+=e*D,_+=e*V,U+=e*X,d+=e*j,E+=e*H,x+=e*J,M+=e*Q,c+=(e=t[6])*P,y+=e*N,l+=e*O,w+=e*C,v+=e*F,p+=e*I,b+=e*Z,g+=e*G,A+=e*q,_+=e*D,U+=e*V,d+=e*X,E+=e*j,x+=e*H,M+=e*J,m+=e*Q,y+=(e=t[7])*P,l+=e*N,w+=e*O,v+=e*C,p+=e*F,b+=e*I,g+=e*Z,A+=e*G,_+=e*q,U+=e*D,d+=e*V,E+=e*X,x+=e*j,M+=e*H,m+=e*J,B+=e*Q,l+=(e=t[8])*P,w+=e*N,v+=e*O,p+=e*C,b+=e*F,g+=e*I,A+=e*Z,_+=e*G,U+=e*q,d+=e*D,E+=e*V,x+=e*X,M+=e*j,m+=e*H,B+=e*J,S+=e*Q,w+=(e=t[9])*P,v+=e*N,p+=e*O,b+=e*C,g+=e*F,A+=e*I,_+=e*Z,U+=e*G,d+=e*q,E+=e*D,x+=e*V,M+=e*X,m+=e*j,B+=e*H,S+=e*J,k+=e*Q,v+=(e=t[10])*P,p+=e*N,b+=e*O,g+=e*C,A+=e*F,_+=e*I,U+=e*Z,d+=e*G,E+=e*q,x+=e*D,M+=e*V,m+=e*X,B+=e*j,S+=e*H,k+=e*J,K+=e*Q,p+=(e=t[11])*P,b+=e*N,g+=e*O,A+=e*C,_+=e*F,U+=e*I,d+=e*Z,E+=e*G,x+=e*q,M+=e*D,m+=e*V,B+=e*X,S+=e*j,k+=e*H,K+=e*J,Y+=e*Q,b+=(e=t[12])*P,g+=e*N,A+=e*O,_+=e*C,U+=e*F,d+=e*I,E+=e*Z,x+=e*G,M+=e*q,m+=e*D,B+=e*V,S+=e*X,k+=e*j,K+=e*H,Y+=e*J,L+=e*Q,g+=(e=t[13])*P,A+=e*N,_+=e*O,U+=e*C,d+=e*F,E+=e*I,x+=e*Z,M+=e*G,m+=e*q,B+=e*D,S+=e*V,k+=e*X,K+=e*j,Y+=e*H,L+=e*J,T+=e*Q,A+=(e=t[14])*P,_+=e*N,U+=e*O,d+=e*C,E+=e*F,x+=e*I,M+=e*Z,m+=e*G,B+=e*q,S+=e*D,k+=e*V,K+=e*X,Y+=e*j,L+=e*H,T+=e*J,z+=e*Q,_+=(e=t[15])*P,h+=38*(d+=e*O),a+=38*(E+=e*C),f+=38*(x+=e*F),s+=38*(M+=e*I),u+=38*(m+=e*Z),c+=38*(B+=e*G),y+=38*(S+=e*q),l+=38*(k+=e*D),w+=38*(K+=e*V),v+=38*(Y+=e*X),p+=38*(L+=e*j),b+=38*(T+=e*H),g+=38*(z+=e*J),A+=38*(R+=e*Q),i=(e=(i+=38*(U+=e*N))+(o=1)+65535)-65536*(o=Math.floor(e/65536)),h=(e=h+o+65535)-65536*(o=Math.floor(e/65536)),a=(e=a+o+65535)-65536*(o=Math.floor(e/65536)),f=(e=f+o+65535)-65536*(o=Math.floor(e/65536)),s=(e=s+o+65535)-65536*(o=Math.floor(e/65536)),u=(e=u+o+65535)-65536*(o=Math.floor(e/65536)),c=(e=c+o+65535)-65536*(o=Math.floor(e/65536)),y=(e=y+o+65535)-65536*(o=Math.floor(e/65536)),l=(e=l+o+65535)-65536*(o=Math.floor(e/65536)),w=(e=w+o+65535)-65536*(o=Math.floor(e/65536)),v=(e=v+o+65535)-65536*(o=Math.floor(e/65536)),p=(e=p+o+65535)-65536*(o=Math.floor(e/65536)),b=(e=b+o+65535)-65536*(o=Math.floor(e/65536)),g=(e=g+o+65535)-65536*(o=Math.floor(e/65536)),A=(e=A+o+65535)-65536*(o=Math.floor(e/65536)),_=(e=_+o+65535)-65536*(o=Math.floor(e/65536)),i=(e=(i+=o-1+37*(o-1))+(o=1)+65535)-65536*(o=Math.floor(e/65536)),h=(e=h+o+65535)-65536*(o=Math.floor(e/65536)),a=(e=a+o+65535)-65536*(o=Math.floor(e/65536)),f=(e=f+o+65535)-65536*(o=Math.floor(e/65536)),s=(e=s+o+65535)-65536*(o=Math.floor(e/65536)),u=(e=u+o+65535)-65536*(o=Math.floor(e/65536)),c=(e=c+o+65535)-65536*(o=Math.floor(e/65536)),y=(e=y+o+65535)-65536*(o=Math.floor(e/65536)),l=(e=l+o+65535)-65536*(o=Math.floor(e/65536)),w=(e=w+o+65535)-65536*(o=Math.floor(e/65536)),v=(e=v+o+65535)-65536*(o=Math.floor(e/65536)),p=(e=p+o+65535)-65536*(o=Math.floor(e/65536)),b=(e=b+o+65535)-65536*(o=Math.floor(e/65536)),g=(e=g+o+65535)-65536*(o=Math.floor(e/65536)),A=(e=A+o+65535)-65536*(o=Math.floor(e/65536)),_=(e=_+o+65535)-65536*(o=Math.floor(e/65536)),i+=o-1+37*(o-1),r[0]=i,r[1]=h,r[2]=a,r[3]=f,r[4]=s,r[5]=u,r[6]=c,r[7]=y,r[8]=l,r[9]=w,r[10]=v,r[11]=p,r[12]=b,r[13]=g,r[14]=A,r[15]=_}function I(r,t){F(r,t,t)}function Z(r,t){var n,e=v();for(n=0;n<16;n++)e[n]=t[n];for(n=253;0<=n;n--)I(e,e),2!==n&&4!==n&&F(e,e,t);for(n=0;n<16;n++)r[n]=e[n]}function G(r,t){var n,e=v();for(n=0;n<16;n++)e[n]=t[n];for(n=250;0<=n;n--)I(e,e),1!==n&&F(e,e,t);for(n=0;n<16;n++)r[n]=e[n]}function q(r,t,n){var e,o,i=new Uint8Array(32),h=new Float64Array(80),a=v(),f=v(),s=v(),u=v(),c=v(),y=v();for(o=0;o<31;o++)i[o]=t[o];for(i[31]=127&t[31]|64,i[0]&=248,N(h,n),o=0;o<16;o++)f[o]=h[o],u[o]=a[o]=s[o]=0;for(a[0]=u[0]=1,o=254;0<=o;--o)T(a,f,e=i[o>>>3]>>>(7&o)&1),T(s,u,e),O(c,a,s),C(a,a,s),O(s,f,u),C(f,f,u),I(u,c),I(y,a),F(a,s,a),F(s,f,c),O(c,a,s),C(a,a,s),I(f,a),C(s,u,y),F(a,s,p),O(a,a,u),F(s,s,a),F(a,u,y),F(u,f,h),I(f,c),T(a,f,e),T(s,u,e);for(o=0;o<16;o++)h[o+16]=a[o],h[o+32]=s[o],h[o+48]=f[o],h[o+64]=u[o];var l=h.subarray(32),w=h.subarray(16);return Z(l,l),F(w,w,l),z(r,w),0}function D(r,t){return q(r,t,n)}function V(r,t){return h(t,32),D(r,t)}function X(r,t,n){var e=new Uint8Array(32);return q(e,n,t),_(r,o,e,U)}m.prototype.blocks=function(r,t,n){for(var e,o,i,h,a,f,s,u,c,y,l,w,v,p,b,g,A,_,U,d=this.fin?0:2048,E=this.h[0],x=this.h[1],M=this.h[2],m=this.h[3],B=this.h[4],S=this.h[5],k=this.h[6],K=this.h[7],Y=this.h[8],L=this.h[9],T=this.r[0],z=this.r[1],R=this.r[2],P=this.r[3],N=this.r[4],O=this.r[5],C=this.r[6],F=this.r[7],I=this.r[8],Z=this.r[9];16<=n;)y=c=0,y+=(E+=8191&(e=255&r[t+0]|(255&r[t+1])<<8))*T,y+=(x+=8191&(e>>>13|(o=255&r[t+2]|(255&r[t+3])<<8)<<3))*(5*Z),y+=(M+=8191&(o>>>10|(i=255&r[t+4]|(255&r[t+5])<<8)<<6))*(5*I),y+=(m+=8191&(i>>>7|(h=255&r[t+6]|(255&r[t+7])<<8)<<9))*(5*F),c=(y+=(B+=8191&(h>>>4|(a=255&r[t+8]|(255&r[t+9])<<8)<<12))*(5*C))>>>13,y&=8191,y+=(S+=a>>>1&8191)*(5*O),y+=(k+=8191&(a>>>14|(f=255&r[t+10]|(255&r[t+11])<<8)<<2))*(5*N),y+=(K+=8191&(f>>>11|(s=255&r[t+12]|(255&r[t+13])<<8)<<5))*(5*P),y+=(Y+=8191&(s>>>8|(u=255&r[t+14]|(255&r[t+15])<<8)<<8))*(5*R),l=c+=(y+=(L+=u>>>5|d)*(5*z))>>>13,l+=E*z,l+=x*T,l+=M*(5*Z),l+=m*(5*I),c=(l+=B*(5*F))>>>13,l&=8191,l+=S*(5*C),l+=k*(5*O),l+=K*(5*N),l+=Y*(5*P),c+=(l+=L*(5*R))>>>13,l&=8191,w=c,w+=E*R,w+=x*z,w+=M*T,w+=m*(5*Z),c=(w+=B*(5*I))>>>13,w&=8191,w+=S*(5*F),w+=k*(5*C),w+=K*(5*O),w+=Y*(5*N),v=c+=(w+=L*(5*P))>>>13,v+=E*P,v+=x*R,v+=M*z,v+=m*T,c=(v+=B*(5*Z))>>>13,v&=8191,v+=S*(5*I),v+=k*(5*F),v+=K*(5*C),v+=Y*(5*O),p=c+=(v+=L*(5*N))>>>13,p+=E*N,p+=x*P,p+=M*R,p+=m*z,c=(p+=B*T)>>>13,p&=8191,p+=S*(5*Z),p+=k*(5*I),p+=K*(5*F),p+=Y*(5*C),b=c+=(p+=L*(5*O))>>>13,b+=E*O,b+=x*N,b+=M*P,b+=m*R,c=(b+=B*z)>>>13,b&=8191,b+=S*T,b+=k*(5*Z),b+=K*(5*I),b+=Y*(5*F),g=c+=(b+=L*(5*C))>>>13,g+=E*C,g+=x*O,g+=M*N,g+=m*P,c=(g+=B*R)>>>13,g&=8191,g+=S*z,g+=k*T,g+=K*(5*Z),g+=Y*(5*I),A=c+=(g+=L*(5*F))>>>13,A+=E*F,A+=x*C,A+=M*O,A+=m*N,c=(A+=B*P)>>>13,A&=8191,A+=S*R,A+=k*z,A+=K*T,A+=Y*(5*Z),_=c+=(A+=L*(5*I))>>>13,_+=E*I,_+=x*F,_+=M*C,_+=m*O,c=(_+=B*N)>>>13,_&=8191,_+=S*P,_+=k*R,_+=K*z,_+=Y*T,U=c+=(_+=L*(5*Z))>>>13,U+=E*Z,U+=x*I,U+=M*F,U+=m*C,c=(U+=B*O)>>>13,U&=8191,U+=S*N,U+=k*P,U+=K*R,U+=Y*z,E=y=8191&(c=(c=((c+=(U+=L*T)>>>13)<<2)+c|0)+(y&=8191)|0),x=l+=c>>>=13,M=w&=8191,m=v&=8191,B=p&=8191,S=b&=8191,k=g&=8191,K=A&=8191,Y=_&=8191,L=U&=8191,t+=16,n-=16;this.h[0]=E,this.h[1]=x,this.h[2]=M,this.h[3]=m,this.h[4]=B,this.h[5]=S,this.h[6]=k,this.h[7]=K,this.h[8]=Y,this.h[9]=L},m.prototype.finish=function(r,t){var n,e,o,i,h=new Uint16Array(10);if(this.leftover){for(i=this.leftover,this.buffer[i++]=1;i<16;i++)this.buffer[i]=0;this.fin=1,this.blocks(this.buffer,0,16)}for(n=this.h[1]>>>13,this.h[1]&=8191,i=2;i<10;i++)this.h[i]+=n,n=this.h[i]>>>13,this.h[i]&=8191;for(this.h[0]+=5*n,n=this.h[0]>>>13,this.h[0]&=8191,this.h[1]+=n,n=this.h[1]>>>13,this.h[1]&=8191,this.h[2]+=n,h[0]=this.h[0]+5,n=h[0]>>>13,h[0]&=8191,i=1;i<10;i++)h[i]=this.h[i]+n,n=h[i]>>>13,h[i]&=8191;for(h[9]-=8192,e=(1^n)-1,i=0;i<10;i++)h[i]&=e;for(e=~e,i=0;i<10;i++)this.h[i]=this.h[i]&e|h[i];for(this.h[0]=65535&(this.h[0]|this.h[1]<<13),this.h[1]=65535&(this.h[1]>>>3|this.h[2]<<10),this.h[2]=65535&(this.h[2]>>>6|this.h[3]<<7),this.h[3]=65535&(this.h[3]>>>9|this.h[4]<<4),this.h[4]=65535&(this.h[4]>>>12|this.h[5]<<1|this.h[6]<<14),this.h[5]=65535&(this.h[6]>>>2|this.h[7]<<11),this.h[6]=65535&(this.h[7]>>>5|this.h[8]<<8),this.h[7]=65535&(this.h[8]>>>8|this.h[9]<<5),o=this.h[0]+this.pad[0],this.h[0]=65535&o,i=1;i<8;i++)o=(this.h[i]+this.pad[i]|0)+(o>>>16)|0,this.h[i]=65535&o;r[t+0]=this.h[0]>>>0&255,r[t+1]=this.h[0]>>>8&255,r[t+2]=this.h[1]>>>0&255,r[t+3]=this.h[1]>>>8&255,r[t+4]=this.h[2]>>>0&255,r[t+5]=this.h[2]>>>8&255,r[t+6]=this.h[3]>>>0&255,r[t+7]=this.h[3]>>>8&255,r[t+8]=this.h[4]>>>0&255,r[t+9]=this.h[4]>>>8&255,r[t+10]=this.h[5]>>>0&255,r[t+11]=this.h[5]>>>8&255,r[t+12]=this.h[6]>>>0&255,r[t+13]=this.h[6]>>>8&255,r[t+14]=this.h[7]>>>0&255,r[t+15]=this.h[7]>>>8&255},m.prototype.update=function(r,t,n){var e,o;if(this.leftover){for(n<(o=16-this.leftover)&&(o=n),e=0;e>>16,m=65535&(d=N),B=d>>>16,x+=65535&(E=((w=Z)>>>14|(a=z)<<18)^(Z>>>18|z<<14)^(z>>>9|Z<<23)),M+=E>>>16,m+=65535&(d=(z>>>14|Z<<18)^(z>>>18|Z<<14)^(Z>>>9|z<<23)),B+=d>>>16,x+=65535&(E=Z&(v=G)^~Z&(p=q)),M+=E>>>16,m+=65535&(d=z&(f=R)^~z&(s=P)),B+=d>>>16,d=J[2*_],x+=65535&(E=J[2*_+1]),M+=E>>>16,m+=65535&d,B+=d>>>16,d=S[_%16],M+=(E=k[_%16])>>>16,m+=65535&d,B+=d>>>16,m+=(M+=(x+=65535&E)>>>16)>>>16,x=65535&(E=A=65535&x|M<<16),M=E>>>16,m=65535&(d=g=65535&m|(B+=m>>>16)<<16),B=d>>>16,x+=65535&(E=(O>>>28|K<<4)^(K>>>2|O<<30)^(K>>>7|O<<25)),M+=E>>>16,m+=65535&(d=(K>>>28|O<<4)^(O>>>2|K<<30)^(O>>>7|K<<25)),B+=d>>>16,M+=(E=O&C^O&F^C&F)>>>16,m+=65535&(d=K&Y^K&L^Y&L),B+=d>>>16,u=65535&(m+=(M+=(x+=65535&E)>>>16)>>>16)|(B+=m>>>16)<<16,b=65535&x|M<<16,x=65535&(E=l),M=E>>>16,m=65535&(d=h),B=d>>>16,M+=(E=A)>>>16,m+=65535&(d=g),B+=d>>>16,Y=K,L=o,T=i,z=h=65535&(m+=(M+=(x+=65535&E)>>>16)>>>16)|(B+=m>>>16)<<16,R=a,P=f,N=s,K=u,C=O,F=c,I=y,Z=l=65535&x|M<<16,G=w,q=v,D=p,O=b,_%16==15)for(U=0;U<16;U++)d=S[U],x=65535&(E=k[U]),M=E>>>16,m=65535&d,B=d>>>16,d=S[(U+9)%16],x+=65535&(E=k[(U+9)%16]),M+=E>>>16,m+=65535&d,B+=d>>>16,g=S[(U+1)%16],x+=65535&(E=((A=k[(U+1)%16])>>>1|g<<31)^(A>>>8|g<<24)^(A>>>7|g<<25)),M+=E>>>16,m+=65535&(d=(g>>>1|A<<31)^(g>>>8|A<<24)^g>>>7),B+=d>>>16,g=S[(U+14)%16],M+=(E=((A=k[(U+14)%16])>>>19|g<<13)^(g>>>29|A<<3)^(A>>>6|g<<26))>>>16,m+=65535&(d=(g>>>19|A<<13)^(A>>>29|g<<3)^g>>>6),B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,S[U]=65535&m|B<<16,k[U]=65535&x|M<<16;x=65535&(E=O),M=E>>>16,m=65535&(d=K),B=d>>>16,d=r[0],M+=(E=t[0])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[0]=K=65535&m|B<<16,t[0]=O=65535&x|M<<16,x=65535&(E=C),M=E>>>16,m=65535&(d=Y),B=d>>>16,d=r[1],M+=(E=t[1])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[1]=Y=65535&m|B<<16,t[1]=C=65535&x|M<<16,x=65535&(E=F),M=E>>>16,m=65535&(d=L),B=d>>>16,d=r[2],M+=(E=t[2])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[2]=L=65535&m|B<<16,t[2]=F=65535&x|M<<16,x=65535&(E=I),M=E>>>16,m=65535&(d=T),B=d>>>16,d=r[3],M+=(E=t[3])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[3]=T=65535&m|B<<16,t[3]=I=65535&x|M<<16,x=65535&(E=Z),M=E>>>16,m=65535&(d=z),B=d>>>16,d=r[4],M+=(E=t[4])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[4]=z=65535&m|B<<16,t[4]=Z=65535&x|M<<16,x=65535&(E=G),M=E>>>16,m=65535&(d=R),B=d>>>16,d=r[5],M+=(E=t[5])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[5]=R=65535&m|B<<16,t[5]=G=65535&x|M<<16,x=65535&(E=q),M=E>>>16,m=65535&(d=P),B=d>>>16,d=r[6],M+=(E=t[6])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[6]=P=65535&m|B<<16,t[6]=q=65535&x|M<<16,x=65535&(E=D),M=E>>>16,m=65535&(d=N),B=d>>>16,d=r[7],M+=(E=t[7])>>>16,m+=65535&d,B+=d>>>16,B+=(m+=(M+=(x+=65535&E)>>>16)>>>16)>>>16,r[7]=N=65535&m|B<<16,t[7]=D=65535&x|M<<16,V+=128,e-=128}return e}function W(r,t,n){var e,o=new Int32Array(8),i=new Int32Array(8),h=new Uint8Array(256),a=n;for(o[0]=1779033703,o[1]=3144134277,o[2]=1013904242,o[3]=2773480762,o[4]=1359893119,o[5]=2600822924,o[6]=528734635,o[7]=1541459225,i[0]=4089235720,i[1]=2227873595,i[2]=4271175723,i[3]=1595750129,i[4]=2917565137,i[5]=725511199,i[6]=4215389547,i[7]=327033209,Q(o,i,t,n),n%=128,e=0;e>(7&o)&1),$(t,r),$(r,r),rr(r,t,e)}function er(r,t){var n=[v(),v(),v(),v()];Y(n[0],e),Y(n[1],a),Y(n[2],u),F(n[3],e,a),nr(r,n,t)}function or(r,t,n){var e,o=new Uint8Array(64),i=[v(),v(),v(),v()];for(n||h(t,32),W(o,t,32),o[0]&=248,o[31]&=127,o[31]|=64,er(i,o),tr(r,i),e=0;e<32;e++)t[e+32]=r[e];return 0}var ir=new Float64Array([237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]);function hr(r,t){var n,e,o,i;for(e=63;32<=e;--e){for(n=0,o=e-32,i=e-12;o>4)*ir[o],n=t[o]>>8,t[o]&=255;for(o=0;o<32;o++)t[o]-=n*ir[o];for(e=0;e<32;e++)t[e+1]+=t[e]>>8,r[e]=255&t[e]}function ar(r){var t,n=new Float64Array(64);for(t=0;t<64;t++)n[t]=r[t];for(t=0;t<64;t++)r[t]=0;hr(r,n)}function fr(r,t,n,e){var o,i,h=new Uint8Array(64),a=new Uint8Array(64),f=new Uint8Array(64),s=new Float64Array(64),u=[v(),v(),v(),v()];W(h,e,32),h[0]&=248,h[31]&=127,h[31]|=64;var c=n+64;for(o=0;o>7&&C(r[0],s,r[0]),F(r[3],r[0],r[1])}(f,e))return-1;for(o=0;o