Merge pull request #1269 from holta/ansible-output

Make Ansible output readable in: 2-common, packages, iptables, iiab-startup, 3-base-server, httpd, php-stem, 4-server-options, squid, dansguardian

roles/2-common/tasks/iiab-startup.yml

@@ -3,20 +3,20 @@
     path: /usr/libexec/iiab-startup.sh
   register: startup_script
 
-- name: Copy template script to /usr/libexec/iiab-startup.sh
+- name: If not, install /usr/libexec/iiab-startup.sh from template
   template:
     src: iiab-startup.sh
-    dest: /usr/libexec/
+    path: /usr/libexec/
     mode: 0755
   when: not startup_script.stat.exists
 
-- name: Copy iiab-startup.service to {{ systemd_location }}
+- name: Install {{ systemd_location }}/iiab-startup.service from template
   template:
     src: iiab-startup.service
-    dest: "{{ systemd_location }}"
+    path: "{{ systemd_location }}"
   when: not startup_script.stat.exists
 
-- name: Enable & restart the systemd service after daemon-reload
+- name: Enable & restart systemd service (iiab-startup) after daemon-reload
   # shell: systemctl daemon-reload
   # shell: systemctl restart iiab-startup.service
   # shell: systemctl enable iiab-startup.service

roles/2-common/tasks/iptables.yml

@@ -4,12 +4,13 @@
     enabled: no
   when: not is_debuntu
 
-- name: Use larger hammer to disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
+# Likely no longer nec as of 2019
-  shell: "systemctl disable firewalld.service"
+- name: Use larger hammer -- systemctl disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
+  shell: systemctl disable firewalld.service
   when: not is_debuntu
 
 - name: Mask firewalld service (OS's other than debuntu)
-  shell: 'systemctl mask firewalld'
+  shell: systemctl mask firewalld
   ignore_errors: yes
   when: not installing and not is_debuntu
 
@@ -20,17 +21,17 @@
   ignore_errors: yes
   when: not installing and not is_debuntu
 
-- name: Remove iptables.service file from /etc
+- name: Remove /etc/systemd/system/iptables.service
   file:
     path: /etc/systemd/system/iptables.service
     state: absent
 
-- name: Remove iptables-xs.service file from /etc
+#- name: Remove iptables-xs.service file from /etc
-  file:
+#  file:
-    path: /etc/systemd/system/iptables-xs.service
+#    path: /etc/systemd/system/iptables-xs.service
-    state: absent
+#    state: absent
 
-- name: Install iptables service package (debuntu)
+- name: Install package iptables-persistent (debuntu)
   package:
     name: iptables-persistent
     state: present
@@ -38,7 +39,7 @@
   tags:
     - download
 
-- name: Install iptables service package (OS's other than debuntu)
+- name: Install package iptables-services (OS's other than debuntu)
   package:
     name: iptables-services
     state: present
@@ -46,17 +47,15 @@
   tags:
     - download
 
-- name: Install iptables services
+- name: Install /etc/sysconfig/iptables-config from template
   template:
-    src: "{{ item.0 }}"
+    src: iptables-config
-    dest: "{{ item.1 }}"
+    dest: /etc/sysconfig/iptables-config
     owner: root
     group: root
-    mode: "{{ item.2 }}"
+    mode: 0644
-  with_items:
-   - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
 
-- name: Install Debian config (debuntu)
+- name: Install /etc/network/if-pre-up.d/iptables from template (debuntu)
   template:
     src: iptables
     dest: /etc/network/if-pre-up.d/iptables

roles/2-common/tasks/main.yml

@@ -72,7 +72,7 @@
     value: 1
     state: present
 
-- name: Install custom profile file
+- name: Install custom /etc/profile.d/zzz_iiab.sh from template
   template:
     dest: /etc/profile.d/zzz_iiab.sh
     src: zzz_iiab.sh

roles/2-common/tasks/packages.yml

@@ -1,72 +1,72 @@
-- name: Install yum/dnf packages (redhat)
+- name: Install 10 yum/dnf packages {avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils} (redhat)
   package:
     name:
-      - yum-utils
-      - createrepo
-      - wpa_supplicant
-      - linux-firmware
-      - syslog
-      - xml-common
-      - nss-mdns
       - avahi
       - avahi-tools
+      - createrepo
+      - linux-firmware
+      - nss-mdns
+      - openssl    # FC 18 does not supply, but pear requires
+      - syslog
+      - wpa_supplicant
+      - xml-common
+      - yum-utils
     state: present
   when: is_redhat
 
-- name: Download & install usbmount, missing from Debian Stretch (debian-9)
+- name: Install {{ iiab_download_url }}/usbmount_0.0.14.1_all.deb, missing from Debian Stretch (debian-9)
   apt:
     deb: "{{ iiab_download_url }}/usbmount_0.0.14.1_all.deb"
     #timeout: "{{ download_timeout }}"    # Ansible's apt module doesn't support timeout parameter; that's ok as usbmount_0.0.14.1_all.deb is only 10KB
   when: internet_available and is_debian_9
 
-- name: Install packages (debuntu)
+- name: Install 7 packages {avahi-daemon, avahi-discover, exfat-fuse, exfat-utils, inetutils-syslogd, libnss-mdns, wpasupplicant} (debuntu)
   package:
     name:
-      - inetutils-syslogd
-      - wpasupplicant
-      - libnss-mdns
       - avahi-daemon
       - avahi-discover
       - exfat-fuse
       - exfat-utils
+      - inetutils-syslogd
+      - libnss-mdns
+      - wpasupplicant
     state: present
   when: is_debuntu
 
-- name: Install common packages
+- name: Install 23 common packages {acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, openssh-server, pandoc, rsync, sudo, tar, unzip, usbmount, usbutils, wget}
   package:
     name:
       - acpid
-      - mlocate
+      - bridge-utils
-      - rsync
+      - bzip2
-      - htop
+      - curl
       #- etckeeper    # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146
-      - python-passlib
+      - gawk
-      - usbmount
+      - hostapd
-      - net-tools
+      - htop
-      - openssh-server
+      - i2c-tools
-      - sudo
       - logrotate
+      #- lynx    # already installed by 1-prep's roles/iiab-admin/tasks/access.yml
       - make
+      - mlocate
+      - netmask
+      - net-tools
+      - ntfs-3g
+      - openssh-server
+      - pandoc
+      - rsync
+      - sudo
       - tar
       - unzip
-      - bzip2
+      - usbmount
-      - i2c-tools
-      - bridge-utils
-      - netmask
       - usbutils
-      - hostapd
       - wget
-      - openssl    # FC 18 does not supply, but pear requires
-      - gawk
-      - curl
-      - pandoc
-      - lynx    # already installed by 1-prep's roles/iiab-admin/tasks/access.yml
-      - ntfs-3g
     state: present
 
-- name: Install common Python packages {python-pip, python-setuptools, python-virtualenv}
+- name: Install 4 common Python packages {python-passlib, python-pip, python-setuptools, python-virtualenv}
   package:
     name:
+      - python-passlib
       - python-pip
       - python-setuptools
       - python-virtualenv

roles/3-base-server/tasks/main.yml

@@ -15,8 +15,8 @@
   # has no "when: XXXXX_install" flag
   tags: base, mysql
 
-- name: Restart httpd
+- name: Restart Apache systemd service ({{ apache_service }})
-  service:
+  systemd:
     name: "{{ apache_service }}"
     state: restarted
   when: not installing

roles/4-server-options/tasks/main.yml

@@ -3,22 +3,22 @@
 - name: ...IS BEGINNING ==================================
   command: echo
 
-- name: Installing dnsmasq
+- name: Install dnsmasq
   include_tasks: roles/network/tasks/dnsmasq.yml
   when: dnsmasq_install
   tags: base, domain, dnsmasq, network
 
-- name: Installing named
+- name: Install named / BIND
   include_tasks: roles/network/tasks/named.yml
   when: named_install
   tags: base, named, network, domain
 
-- name: Installing dhcpd
+- name: Install dhcpd
   include_tasks: roles/network/tasks/dhcpd.yml
   when: dhcpd_install
   tags: base, dhcpd, network, domain
 
-- name: Installing Squid
+- name: Install Squid (and DansGuardian if dansguardian_install)
   include_tasks: roles/network/tasks/squid.yml
   when: squid_install
   tags: base, squid, network, domain

roles/httpd/tasks/main.yml

@@ -1,4 +1,4 @@
-- name: Install Apache's required packages (debian)
+- name: 'Install 3 packages: apache2, php{{ php_version }}, php{{ php_version }}-curl (debian)'
   package:
     #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl']    # FAILS ('u' for Unicode strings)
     #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl']       # WORKS?
@@ -11,17 +11,7 @@
   tags:
     - download
 
-- name: Debian changed SQLite name (debian-8)
+- name: 'Install 2 packages: apache2, php (ubuntu)'
-  package:
-    name: "php{{ php_version }}-sqlite"
-  when: is_debian and ansible_distribution_major_version == "8"
-
-- name: Debian changed SQLite3 name (debian-9)
-  package:
-    name: "php{{ php_version }}-sqlite3"
-  when: is_debian and ansible_distribution_major_version == "9"
-
-- name: Install Apache's required packages (ubuntu)
   package:
     #name: [u'apache2', u'php']    # FAILS ('u' for Unicode strings)
     #name: ['apache2', 'php']      # WORKS
@@ -33,32 +23,31 @@
   tags:
     - download
 
-- name: SQLite3 no longer included in another package (ubuntu-18)
+- name: Install php{{ php_version }}-sqlite (debian-8)
   package:
-    name: php{{ php_version }}-sqlite3
+    name: "php{{ php_version }}-sqlite"
-  when: is_ubuntu_18
+  when: is_debian and ansible_distribution_major_version == "8"
 
-- name: Install Apache's required packages (redhat)
+# SQLite3 no longer included in another package
+- name: Install php{{ php_version }}-sqlite3 (debian-9 or ubuntu-18)
+  package:
+    name: "php{{ php_version }}-sqlite3"
+  when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18
+
+- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)'
   package:
     #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external']    # FAILS ('u' for Unicode strings)
     #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external']        # WORKS
     name:
       - httpd
+      - mod_authnz_external
       - php
       - php-curl
-      - mod_authnz_external
     state: present
   when: is_redhat
   tags:
     - download
 
-# MOVED DOWN ~58 LINES
-#- name: Remove the default apache2 config file (debuntu)
-#  file:
-#    path: /etc/apache2/sites-enabled/000-default.conf
-#    state: absent
-#  when: is_debuntu
-
 - name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates
   template:
     backup: yes
@@ -88,7 +77,7 @@
     - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
 
 # remove symlinks for mpm-event, replace with mpm-prefork
-- name: Remove mpm event symlinks (debuntu)
+- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled (debuntu)
   file:
     path: "/etc/apache2/mods-enabled/{{ item }}"
     state: absent
@@ -97,7 +86,7 @@
     - mpm_event.load
   when: is_debuntu
 
-- name: Create symlinks for mpm-prefork (debuntu)
+- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available (debuntu)
   file:
     src: "/etc/apache2/mods-available/{{ item }}"
     path: "/etc/apache2/mods-enabled/{{ item }}"
@@ -107,7 +96,7 @@
     - mpm_prefork.load
   when: is_debuntu
 
-- name: Turn on mod_proxy (debuntu)
+- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)'
   command: a2enmod {{ item }}
   with_items:
     - proxy
@@ -116,14 +105,14 @@
     - rewrite
   when: is_debuntu
 
-- name: Create 010-iiab.conf symlink enabling our site (debuntu)
+- name: Enable our site, creating 010-iiab.conf symlink from sites-enabled to sites-available (debuntu)
   file:
     src: "/etc/{{ apache_config_dir }}/010-iiab.conf"
     path: /etc/apache2/sites-enabled/010-iiab.conf
     state: link
   when: is_debuntu
 
-- name: Remove apache2 default config files (debuntu)
+- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled (debuntu)
   file:
     path: "{{ item }}"
     state: absent
@@ -140,19 +129,19 @@
     group: root
     state: directory
 
-- name: Create admin group
+- name: 'Create group: admin'
   group:
     name: admin
     state: present
 
-- name: Add user {{ apache_user }} (from variable apache_user) to admin group
+- name: Add user {{ apache_user }} (from variable apache_user) to group admin
   user:
     name: "{{ apache_user }}"
     groups: admin
     state: present
     createhome: no
 
-- name: Create Apache's log dir /var/log/{{ apache_service }}
+- name: Create Apache dir /var/log/{{ apache_service }}
   file:
     path: "/var/log/{{ apache_service }}"
     mode: 0755
@@ -160,7 +149,7 @@
     group: "{{ apache_user }}"
     state: directory
 
-- name: Enable systemd service {{ apache_service }}
+- name: Enable {{ apache_service }} systemd service
   service:
     name: "{{ apache_service }}"
     enabled: yes
@@ -173,23 +162,8 @@
     group: "{{ apache_user }}"
     state: directory
 
-# roles/httpd/templates/iiab-info.conf.j2.deprecated is no longer needed, as
-# Apache serves http://box/info directly from above /library/www/html/info
-# directly (as generated by /usr/bin/iiab-refresh-wiki-docs)
-#
-#- name: Remove iiab-info.conf
-#  file:
-#    path: "/etc/{{ apache_config_dir }}/iiab-info.conf"
-#    state: absent
-#
-#- name: Remove iiab-info.conf symlink (debuntu)
-#  file:
-#    path: /etc/apache2/sites-enabled/iiab-info.conf
-#    state: absent
-#  when: is_debuntu
-
 # SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways)
-- name: Copy osm.conf for http://box/maps (all OS's)
+- name: Copy osm.conf to /etc/{{ apache_config_dir }} for http://box/maps (all OS's)
   copy:
     src: osm.conf
     dest: "/etc/{{ apache_config_dir }}"
@@ -215,7 +189,7 @@
   tags:
     - base
 
-- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (This script will run at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
+- name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
   template:
     src: refresh-wiki-docs.sh
     dest: /usr/bin/iiab-refresh-wiki-docs
@@ -233,3 +207,8 @@
     path: /etc/sudoers.d/020_apache_poweroff
     state: absent
   when: not apache_allow_sudo
+
+- name: Restart Apache systemd service ({{ apache_service }})
+  systemd:
+    name: "{{ apache_service }}"
+    state: restarted

roles/httpd/tasks/php-stem.yml

@@ -11,7 +11,7 @@
 #  command: cd /; wget http://download.iiab.io/packages/php-stem.x64.tar
 #  when: not is_rpi
 
-- name: Download & unpack php-stem.rpi.tar to / (rpi)
+- name: Unarchive http://download.iiab.io/packages/php-stem.rpi.tar to / (rpi)
   unarchive:
     src: http://download.iiab.io/packages/php-stem.rpi.tar
     dest: /
@@ -21,7 +21,7 @@
     remote_src: yes
   when: is_rpi
 
-- name: Download & unpack php-stem.x86.tar to / (debian-9 on x86_64 only)
+- name: Unarchive http://download.iiab.io/packages/php-stem.x64.tar to / (debian-9 on x86_64 only)
   unarchive:
     src: http://download.iiab.io/packages/php-stem.x64.tar
     dest: /
@@ -33,9 +33,3 @@
 # Presumably fails on Debian 8 & 10?
 # Fails on Debian i686 as of 2018-08-07: https://github.com/iiab/iiab/issues/983
 # Fails on Ubuntu 18.04 as of 2018-07-28: https://github.com/iiab/iiab/issues/829
-
-# No need to do this twice?  Happens later @ https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml#L24-L28
-#- name: Restart apache2 / httpd
-#  service:
-#    name: "{{ apache_service }}"
-#    state: restarted

roles/network/tasks/dansguardian.yml

@@ -5,7 +5,7 @@
   tags:
     - download
 
-- name: Copy DansGuardian config file (Fedora)
+- name: Install /etc/dansguardian/dansguardian.conf from template (Fedora)
   template:
     src: roles/network/templates/squid/dansguardian.conf.j2
     dest: /etc/dansguardian/dansguardian.conf
@@ -14,7 +14,7 @@
     mode: 0640
   when: ansible_distribution == "Fedora"
 
-- name: Copy DansGuardian config file (debuntu)
+- name: Install /etc/dansguardian/dansguardian.conf from template (debuntu)
   template:
     src: roles/network/templates/squid/dansguardian.conf.debian.j2
     dest: /etc/dansguardian/dansguardian.conf
@@ -23,7 +23,7 @@
     mode: 0640
   when: is_debuntu
 
-- name: Copy DansGuardian config file (CentOS)
+- name: Install /etc/dansguardian/dansguardian.conf from template (CentOS)
   template:
     src: roles/network/templates/squid/dansguardian.conf.centos.j2
     dest: /etc/dansguardian/dansguardian.conf
@@ -32,7 +32,7 @@
     mode: 0640
   when: ansible_distribution == "CentOS"
 
-- name: Create 'dansguardian' log directory (OS's other than CentOS)
+- name: Create directory /var/log/dansguardian (OS's other than CentOS)
   file:
     path: /var/log/dansguardian
     owner: dansguardian
@@ -41,7 +41,7 @@
     state: directory
   when: ansible_distribution != "CentOS"
 
-- name: Create DansGuardian log directory (CentOS)
+- name: Create directory /var/log/dansguardian (CentOS)
   file:
     path: /var/log/dansguardian
     owner: dansguardian

roles/network/tasks/squid.yml

@@ -1,4 +1,4 @@
-- name: Install Squid packages {{ proxy }} and cadaver
+- name: 'Install packages: {{ proxy }} and cadaver'
   package:
     name:
       - "{{ proxy }}"
@@ -7,7 +7,7 @@
   tags:
     - download
 
-- name: Bigger hammer for Ubuntu
+- name: 'Bigger hammer for Ubuntu, run: /etc/init.d/squid stop'
   command: /etc/init.d/squid stop
   when: is_ubuntu
 
@@ -17,13 +17,13 @@
     state: stopped
   when: not installing
 
-- name: Create the Squid user
+- name: 'Create the Squid user: {{ proxy_user }}'
   user:
     name: "{{ proxy_user }}"
     createhome: False
     shell: /bin/false
 
-- name: Copy init script and config file
+- name: 'Install from template: /usr/bin/iiab-httpcache, /etc/sysconfig/squid, /etc/{{ proxy }}/sites.whitelist.txt and 3 .rules files'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
@@ -62,7 +62,7 @@
       group: 'root'
       mode: '0755'
 
-- name: Create Squid cache directory
+- name: Create Squid directory /library/cache
   file:
     path: /library/cache
     owner: "{{ proxy_user }}"
@@ -70,7 +70,7 @@
     mode: 0750
     state: directory
 
-- name: Create Squid log directory
+- name: Create Squid directory /var/log/{{ proxy }}
   file:
     path: "/var/log/{{ proxy }}"
     owner: "{{ proxy_user }}"
@@ -82,7 +82,7 @@
   when: dansguardian_install
 
 # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
-- name: Add '{{ proxy }}' to list of services at {{ iiab_ini_file }}
+- name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }}
   ini_file:
     dest: "{{ iiab_ini_file }}"
     section: "{{ proxy }}"