Merge pull request #458 from iiab/master

Sync from iiab/iiab:master

collections.yml

@@ -0,0 +1,13 @@
+# IIAB requires the Ansible Collections listed below.  Explanations here:
+# http://FAQ.IIAB.IO > "What is Ansible and what version should I use?"
+# https://github.com/iiab/iiab/blob/master/scripts/ansible.md
+
+---
+collections:
+  - name: community.general
+  - name: community.mysql
+  - name: ansible.posix    # 2020-11-28: For ~3 modules below...
+
+# selinux WAS in /opt/iiab/iiab/roles/1-prep/tasks/main.yml
+# sysctl      in /opt/iiab/iiab/roles/2-common/tasks/main.yml
+# synchronize in /opt/iiab/iiab-admin-console/roles/js-menu/tasks/main.yml

iiab-install

@@ -8,7 +8,7 @@ INVENTORY=ansible_hosts
 IIAB_STATE_FILE=/etc/iiab/iiab_state.yml
 ARGS=""
 CWD=`pwd`
-OS=`grep ^ID= /etc/*release|cut -d= -f2`
+OS=`grep ^ID= /etc/os-release | cut -d= -f2`
 OS=${OS//\"/}
 MIN_RPI_KERN=4.19.97       # If using Raspbian, 'rpi-update' should no longer be nec -- please use Raspbian 2020-02-13 or higher: https://github.com/iiab/iiab/issues/1993
 MIN_ANSIBLE_VER=2.8.11     # Ansible 2.8.3 and 2.8.6 have serious bugs, preventing their use with IIAB.

roles/1-prep/tasks/main.yml

@@ -7,6 +7,7 @@
   include_tasks: roles/network/tasks/dnsmasq.yml
   #when: dnsmasq_install    # Flag might be used in future?
 
+
 - name: Install uuid-runtime package (debuntu)
   package:
     name: 
@@ -37,13 +38,6 @@
   set_fact:
     uuid: "{{ stored_uuid.stdout_lines[0] }}"
 
-#- name: Does directory /ro exist? (indicating OS is Ubermix)
-#  stat:
-#    path: /ro
-#  register: ro_dir
-
-#- debug:
-#    var: ro_dir
 
 - name: Does 'ubermix' exist in /etc/lsb-release?
   shell: grep -i ubermix /etc/lsb-release    # Pipe to cat to avoid red errors?
@@ -52,9 +46,6 @@
   #ignore_errors: True
   #check_mode: no
 
-#- debug:
-#    var: grep_ubermix
-
 - name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix
   copy:
     src: roles/1-prep/files/iiab.conf
@@ -64,7 +55,6 @@
     # mode: '0644'
     force: yes
   when: grep_ubermix.rc == 0    # 1 if absent in file, 2 if file doesn't exist
-  #when: ro_dir.stat.exists
 
 # 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml
 # This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*
@@ -75,6 +65,7 @@
   shell: apt -y remove "libgeos-*"
   when: grep_ubermix.rc == 0    # 1 if absent in file, 2 if file doesn't exist
 
+
 # Required by OpenVPN below.  Also run by roles/4-server-options/tasks/main.yml
 - name: SSHD
   include_role:
@@ -91,20 +82,24 @@
     name: openvpn
   when: openvpn_install
 
+
 # Debian 10 "Buster" is apparently enabling AppArmor in 2019:
 # https://wiki.debian.org/AppArmor/Progress
 # https://wiki.debian.org/AppArmor/HowToUse
 # https://packages.debian.org/buster/apparmor
 # Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10
 # pre-releases, during @floydianslips' March 2019 testing anyway!  SEE #1387
-- name: Disable AppArmor -- override OS default (ubuntu)
-  systemd:
-    name: apparmor
-    enabled: False
-    state: stopped
-  when: is_ubuntu
-  ignore_errors: True
 
+# PR #2654 - AppArmor works w/ IIAB on Debian 10/11, so also now on Ubuntu?
+#- name: Disable AppArmor -- override OS default (ubuntu)
+#  systemd:
+#    name: apparmor
+#    enabled: False
+#    state: stopped
+#  when: is_ubuntu
+#  ignore_errors: True
+
+# PR #2648 - Can be restored in future if truly nec, w ansible.posix collection
 #- name: Disable SELinux on next boot (OS's other than debuntu)
 #  selinux:
 #    state: disabled
@@ -115,8 +110,10 @@
 #  command: setenforce Permissive
 #  when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
 
+
 ##  DISCOVER PLATFORMS ######
 # Put conditional actions for hardware platforms here
+
 - include_tasks: raspberry_pi.yml
   when: first_run and rpi_model != "none"
 
@@ -132,7 +129,8 @@
     timeout: "{{ download_timeout }}"
   when: internet_available and usb_NUC6.stdout|int > 0
 
-# this script can be sourced to get IIAB location
+
+# This script can be sourced to get IIAB path/location
 - name: Recording STAGE 1 HAS COMPLETED ============================
   template:
     src: roles/1-prep/templates/iiab.env.j2

roles/gitea/defaults/main.yml

@@ -9,7 +9,7 @@
 
 # Info needed to install Gitea:
 
-gitea_version: 1.12.6
+gitea_version: 1.13.0
 iset_suffixes:
   i386: 386
   x86_64: amd64

roles/moodle/defaults/main.yml

@@ -7,7 +7,7 @@
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 
-moodle_version: 39
+moodle_version: 310
 moodle_repo_url: https://github.com/moodle/moodle.git
 #moodle_repo_url: git://git.moodle.org/moodle.git    # 2020-10-16: VERY Slow!
 moodle_base: "{{ iiab_base }}/moodle"    # /opt/iiab

roles/moodle/tasks/install.yml

@@ -26,15 +26,17 @@
 #     state: present
 #   when: not is_debuntu
 
-- name: Install 4 php packages (debuntu)
+- name: Install 8 php packages (debuntu)
   package:
     name:
       - php{{ php_version }}-pgsql
       - php{{ php_version }}-curl
       - php{{ php_version }}-zip
       - php{{ php_version }}-gd
-      - php{{ php_version }}-mbstring    # 2020-06-15: Now required by Moodle 3.9+
-      - php{{ php_version }}-cli    # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
+      - php{{ php_version }}-mbstring    # 2020-06-15: Required by Moodle 3.9+
+      - php{{ php_version }}-cli     # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS.
+      - php{{ php_version }}-intl    # 2020-12-03: Required by Moodle 3.10+
+      - php{{ php_version }}-soap    # 2020-12-03: Recommended by Moodle 3.10+
     state: present
   when: is_debuntu
 

scripts/ansible

@@ -5,7 +5,7 @@
 
 APT_PATH=/usr/bin    # Avoids problematic /usr/local/bin/apt on Linux Mint
 CURR_VER="undefined"    # Ansible version you currently have installed
-GOOD_VER="2.10.3"    # Orig for 'yum install [rpm]' & XO laptops (pip install)
+GOOD_VER="2.10.4"    # Orig for 'yum install [rpm]' & XO laptops (pip install)
 # We install latest 'ansible-base' from PPA: (may be more recent than GOOD-VER)
 # https://launchpad.net/~ansible/+archive/ubuntu/ansible
 # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10
@@ -15,8 +15,8 @@ GOOD_VER="2.10.3"    # Orig for 'yum install [rpm]' & XO laptops (pip install)
 # IIAB implementers might instead consider these 2 GENERAL TECHNIQUES below
 # ("in an emergency!") e.g. if you must install an older version of Ansible:
 
-# TEMPORARILY USE ANSIBLE 2.9.13 (REMOVE IT WITH "pip uninstall ansible")
-#pip install ansible==2.9.13
+# TEMPORARILY USE ANSIBLE 2.9.16 (REMOVE IT WITH "pip uninstall ansible")
+#pip install ansible==2.9.16
 
 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669
 #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb"
@@ -93,14 +93,15 @@ $APT_PATH/apt -y --allow-downgrades install ansible-base \
 
 # (Re)running collection installs appears safe, with --force-with-deps to force
 # upgrade of collection and dependencies it pulls in.  Note Ansible may support
-# upgrading all collections cleanly in future.  See PR #2652 (links) & PR #2653
-echo -e "\n\nIIAB requires these 3 Ansible Collections: (we upgrade them here if possible!)\n"
-ansible-galaxy collection install --force-with-deps community.general
-ansible-galaxy collection install --force-with-deps community.mysql
-ansible-galaxy collection install --force-with-deps ansible.posix # For 3 below
-# selinux WAS in /opt/iiab/iiab/roles/1-prep/tasks/main.yml
-# sysctl in      /opt/iiab/iiab/roles/2-common/tasks/main.yml
-# synchronize in /opt/iiab/iiab-admin-console/roles/js-menu/tasks/main.yml
+# upgrading all collections cleanly in future.  See PRs #2647 #2652 #2653 #2655
+echo -e "\n\nIIAB requires these ~3 Ansible Collections: (we upgrade them here if possible!)\n"
+ansible-galaxy collection install --force-with-deps \
+               -r /opt/iiab/iiab/collections.yml \
+               -p /usr/share/ansible/collections
+# 2020-11-28: The ~3 Ansible Collections used by IIAB (~37MB) once lived here:
+#    /root/.ansible/collections/ansible_collections
+# But going forward they'll be stored herein:
+#    /usr/share/ansible/collections/ansible_collections
 
 echo -e "\n\nCreating/verifying directory /etc/ansible & installing /etc/ansible/hosts\n"
 mkdir -p /etc/ansible

scripts/iiab-diagnostics

@@ -31,28 +31,28 @@ outfile=/etc/iiab/diag/${IIAB_RELEASE}_${OS_VER}_${YMDT}_$nickname
 # roles/0-init/tasks/main.yml.  A bit like system logs, but only on request.
 
 function cat_file_raw() {    # $1 = path/filename; $2 = # of lines, for tail
-    if [ -f $1 ]; then
-        ls -l $1 >> $outfile
-        if [ ! -s $1 ]; then
+    if [ -f "$1" ]; then
+        ls -l "$1" >> $outfile
+        if [ ! -s "$1" ]; then
             echo >> $outfile
             echo "FILE EXISTS BUT IS EMPTY!" >> $outfile
         elif [ $# -eq 1 ]; then
             echo >> $outfile
             # Redact most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ')
-            cat $1 | sed 's/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile
+            cat "$1" | sed 's/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile
         else    # e.g. last 100 lines, maximum
             echo "                        ...ITS LAST $2 LINES FOLLOW..." >> $outfile
             echo >> $outfile
-	    tail -$2 $1 | sed 's/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile
+            tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile
         fi
         echo >> $outfile
-    elif [ -h $1 ]; then
-        ls -l $1 >> $outfile
+    elif [ -h "$1" ]; then
+        ls -l "$1" >> $outfile
         echo >> $outfile
         echo "SYMLINK DOES NOT LEAD TO A REGULAR FILE!" >> $outfile
         echo >> $outfile
-    elif [ -d $1 ]; then
-        ls -ld $1 >> $outfile
+    elif [ -d "$1" ]; then
+        ls -ld "$1" >> $outfile
         echo >> $outfile
         echo "THIS IS A DIRECTORY NOT A FILE!" >> $outfile
         echo >> $outfile
@@ -64,7 +64,7 @@ function cat_file_raw() {    # $1 = path/filename; $2 = # of lines, for tail
 function cat_file() {
     echo "     $1"
     echo "=IIAB==========================================================================" >> $outfile
-    cat_file_raw $1
+    cat_file_raw "$1"
 }
 
 function cat_dir() {
@@ -72,9 +72,10 @@ function cat_dir() {
     echo "=IIAB==========================================================================" >> $outfile
     if [ -d "$1" ]; then
         echo "DIRECTORY $1 FILES WILL FOLLOW...IF THEY EXIST" >> $outfile
-        for f in $(ls $1); do
+        shopt -s nullglob    # To avoid looping over empty directories
+        for f in "$1"/*; do
             echo "-IIAB--------------------------------------------------------------------------" >> $outfile
-            cat_file_raw $1/$f 100
+            cat_file_raw "$f" 100
         done
     else
         echo "DIRECTORY DOES NOT EXIST: $1" >> $outfile
@@ -84,7 +85,7 @@ function cat_dir() {
 function cat_cmd() {                        # $1 = command + params, $2 = explanation
     echo "     $1  # $2"
     echo "=IIAB==========================================================================" >> $outfile
-    cmd=$(echo $1 | sed 's/\s.*$//')        # Keep command on left; Drop params on right
+    cmd=$(echo "$1" | sed 's/\s.*$//')        # Keep command on left; Drop params on right
     pth=$(which $cmd | sed 's/[^/]*$//')    # Keep only path on left; Drop command on right
     echo "COMMAND: $pth$1    # $2" >> $outfile
     echo >> $outfile
@@ -99,7 +100,7 @@ function cat_cmd() {                        # $1 = command + params, $2 = explan
 function cat_tail() {     # $1 = path/filename; $2 = # of lines, for tail
     echo "     $1"
     echo "=IIAB==========================================================================" >> $outfile
-    cat_file_raw $1 $2    # e.g. last 100 lines, maximum
+    cat_file_raw "$1" $2    # e.g. last 100 lines, maximum
 }
 
 # START BUILDING UP THE FILE THAT'LL CONTAIN THE DIAGNOSTICS!

scripts/iiab-diagnostics.README.md

@@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things:
 
 ## Source Code
 
-Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 105-221 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.
+Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-222 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.