diff --git a/collections.yml b/collections.yml new file mode 100644 index 000000000..77c100ee3 --- /dev/null +++ b/collections.yml @@ -0,0 +1,13 @@ +# IIAB requires the Ansible Collections listed below. Explanations here: +# http://FAQ.IIAB.IO > "What is Ansible and what version should I use?" +# https://github.com/iiab/iiab/blob/master/scripts/ansible.md + +--- +collections: + - name: community.general + - name: community.mysql + - name: ansible.posix # 2020-11-28: For ~3 modules below... + +# selinux WAS in /opt/iiab/iiab/roles/1-prep/tasks/main.yml +# sysctl in /opt/iiab/iiab/roles/2-common/tasks/main.yml +# synchronize in /opt/iiab/iiab-admin-console/roles/js-menu/tasks/main.yml diff --git a/iiab-install b/iiab-install index 261893cf3..f4d45d05c 100755 --- a/iiab-install +++ b/iiab-install @@ -8,7 +8,7 @@ INVENTORY=ansible_hosts IIAB_STATE_FILE=/etc/iiab/iiab_state.yml ARGS="" CWD=`pwd` -OS=`grep ^ID= /etc/*release|cut -d= -f2` +OS=`grep ^ID= /etc/os-release | cut -d= -f2` OS=${OS//\"/} MIN_RPI_KERN=4.19.97 # If using Raspbian, 'rpi-update' should no longer be nec -- please use Raspbian 2020-02-13 or higher: https://github.com/iiab/iiab/issues/1993 MIN_ANSIBLE_VER=2.8.11 # Ansible 2.8.3 and 2.8.6 have serious bugs, preventing their use with IIAB. diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index bb499df5c..273aedc94 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -7,6 +7,7 @@ include_tasks: roles/network/tasks/dnsmasq.yml #when: dnsmasq_install # Flag might be used in future? + - name: Install uuid-runtime package (debuntu) package: name: @@ -37,13 +38,6 @@ set_fact: uuid: "{{ stored_uuid.stdout_lines[0] }}" -#- name: Does directory /ro exist? (indicating OS is Ubermix) -# stat: -# path: /ro -# register: ro_dir - -#- debug: -# var: ro_dir - name: Does 'ubermix' exist in /etc/lsb-release? shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors? @@ -52,9 +46,6 @@ #ignore_errors: True #check_mode: no -#- debug: -# var: grep_ubermix - - name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix copy: src: roles/1-prep/files/iiab.conf @@ -64,7 +55,6 @@ # mode: '0644' force: yes when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist - #when: ro_dir.stat.exists # 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml # This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-* @@ -75,6 +65,7 @@ shell: apt -y remove "libgeos-*" when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist + # Required by OpenVPN below. Also run by roles/4-server-options/tasks/main.yml - name: SSHD include_role: @@ -91,20 +82,24 @@ name: openvpn when: openvpn_install + # Debian 10 "Buster" is apparently enabling AppArmor in 2019: # https://wiki.debian.org/AppArmor/Progress # https://wiki.debian.org/AppArmor/HowToUse # https://packages.debian.org/buster/apparmor # Curiously this has NOT stopped IIAB 7.0/master from working on Debian 10 # pre-releases, during @floydianslips' March 2019 testing anyway! SEE #1387 -- name: Disable AppArmor -- override OS default (ubuntu) - systemd: - name: apparmor - enabled: False - state: stopped - when: is_ubuntu - ignore_errors: True +# PR #2654 - AppArmor works w/ IIAB on Debian 10/11, so also now on Ubuntu? +#- name: Disable AppArmor -- override OS default (ubuntu) +# systemd: +# name: apparmor +# enabled: False +# state: stopped +# when: is_ubuntu +# ignore_errors: True + +# PR #2648 - Can be restored in future if truly nec, w ansible.posix collection #- name: Disable SELinux on next boot (OS's other than debuntu) # selinux: # state: disabled @@ -115,8 +110,10 @@ # command: setenforce Permissive # when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed + ## DISCOVER PLATFORMS ###### # Put conditional actions for hardware platforms here + - include_tasks: raspberry_pi.yml when: first_run and rpi_model != "none" @@ -132,7 +129,8 @@ timeout: "{{ download_timeout }}" when: internet_available and usb_NUC6.stdout|int > 0 -# this script can be sourced to get IIAB location + +# This script can be sourced to get IIAB path/location - name: Recording STAGE 1 HAS COMPLETED ============================ template: src: roles/1-prep/templates/iiab.env.j2 diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 8d1d9a9ac..126020cc2 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.12.6 +gitea_version: 1.13.0 iset_suffixes: i386: 386 x86_64: amd64 diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index d3163b3d5..2bb7fe704 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -7,7 +7,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -moodle_version: 39 +moodle_version: 310 moodle_repo_url: https://github.com/moodle/moodle.git #moodle_repo_url: git://git.moodle.org/moodle.git # 2020-10-16: VERY Slow! moodle_base: "{{ iiab_base }}/moodle" # /opt/iiab diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index f28594d10..2f9495179 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -26,15 +26,17 @@ # state: present # when: not is_debuntu -- name: Install 4 php packages (debuntu) +- name: Install 8 php packages (debuntu) package: name: - php{{ php_version }}-pgsql - php{{ php_version }}-curl - php{{ php_version }}-zip - php{{ php_version }}-gd - - php{{ php_version }}-mbstring # 2020-06-15: Now required by Moodle 3.9+ - - php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. + - php{{ php_version }}-mbstring # 2020-06-15: Required by Moodle 3.9+ + - php{{ php_version }}-cli # 2020-06-15: In the past this included (above) mbstring? However this is not true on Ubuntu Server 20.04 LTS. + - php{{ php_version }}-intl # 2020-12-03: Required by Moodle 3.10+ + - php{{ php_version }}-soap # 2020-12-03: Recommended by Moodle 3.10+ state: present when: is_debuntu diff --git a/scripts/ansible b/scripts/ansible index bfd02e073..33d725383 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -5,7 +5,7 @@ APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint CURR_VER="undefined" # Ansible version you currently have installed -GOOD_VER="2.10.3" # Orig for 'yum install [rpm]' & XO laptops (pip install) +GOOD_VER="2.10.4" # Orig for 'yum install [rpm]' & XO laptops (pip install) # We install latest 'ansible-base' from PPA: (may be more recent than GOOD-VER) # https://launchpad.net/~ansible/+archive/ubuntu/ansible # https://launchpad.net/~ansible/+archive/ubuntu/ansible-2.10 @@ -15,8 +15,8 @@ GOOD_VER="2.10.3" # Orig for 'yum install [rpm]' & XO laptops (pip install) # IIAB implementers might instead consider these 2 GENERAL TECHNIQUES below # ("in an emergency!") e.g. if you must install an older version of Ansible: -# TEMPORARILY USE ANSIBLE 2.9.13 (REMOVE IT WITH "pip uninstall ansible") -#pip install ansible==2.9.13 +# TEMPORARILY USE ANSIBLE 2.9.16 (REMOVE IT WITH "pip uninstall ansible") +#pip install ansible==2.9.16 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 #echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" @@ -93,14 +93,15 @@ $APT_PATH/apt -y --allow-downgrades install ansible-base \ # (Re)running collection installs appears safe, with --force-with-deps to force # upgrade of collection and dependencies it pulls in. Note Ansible may support -# upgrading all collections cleanly in future. See PR #2652 (links) & PR #2653 -echo -e "\n\nIIAB requires these 3 Ansible Collections: (we upgrade them here if possible!)\n" -ansible-galaxy collection install --force-with-deps community.general -ansible-galaxy collection install --force-with-deps community.mysql -ansible-galaxy collection install --force-with-deps ansible.posix # For 3 below -# selinux WAS in /opt/iiab/iiab/roles/1-prep/tasks/main.yml -# sysctl in /opt/iiab/iiab/roles/2-common/tasks/main.yml -# synchronize in /opt/iiab/iiab-admin-console/roles/js-menu/tasks/main.yml +# upgrading all collections cleanly in future. See PRs #2647 #2652 #2653 #2655 +echo -e "\n\nIIAB requires these ~3 Ansible Collections: (we upgrade them here if possible!)\n" +ansible-galaxy collection install --force-with-deps \ + -r /opt/iiab/iiab/collections.yml \ + -p /usr/share/ansible/collections +# 2020-11-28: The ~3 Ansible Collections used by IIAB (~37MB) once lived here: +# /root/.ansible/collections/ansible_collections +# But going forward they'll be stored herein: +# /usr/share/ansible/collections/ansible_collections echo -e "\n\nCreating/verifying directory /etc/ansible & installing /etc/ansible/hosts\n" mkdir -p /etc/ansible diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 2354ae9c0..b64423262 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -31,28 +31,28 @@ outfile=/etc/iiab/diag/${IIAB_RELEASE}_${OS_VER}_${YMDT}_$nickname # roles/0-init/tasks/main.yml. A bit like system logs, but only on request. function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail - if [ -f $1 ]; then - ls -l $1 >> $outfile - if [ ! -s $1 ]; then + if [ -f "$1" ]; then + ls -l "$1" >> $outfile + if [ ! -s "$1" ]; then echo >> $outfile echo "FILE EXISTS BUT IS EMPTY!" >> $outfile elif [ $# -eq 1 ]; then echo >> $outfile # Redact most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') - cat $1 | sed 's/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + cat "$1" | sed 's/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile - tail -$2 $1 | sed 's/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile fi echo >> $outfile - elif [ -h $1 ]; then - ls -l $1 >> $outfile + elif [ -h "$1" ]; then + ls -l "$1" >> $outfile echo >> $outfile echo "SYMLINK DOES NOT LEAD TO A REGULAR FILE!" >> $outfile echo >> $outfile - elif [ -d $1 ]; then - ls -ld $1 >> $outfile + elif [ -d "$1" ]; then + ls -ld "$1" >> $outfile echo >> $outfile echo "THIS IS A DIRECTORY NOT A FILE!" >> $outfile echo >> $outfile @@ -64,7 +64,7 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail function cat_file() { echo " $1" echo "=IIAB==========================================================================" >> $outfile - cat_file_raw $1 + cat_file_raw "$1" } function cat_dir() { @@ -72,9 +72,10 @@ function cat_dir() { echo "=IIAB==========================================================================" >> $outfile if [ -d "$1" ]; then echo "DIRECTORY $1 FILES WILL FOLLOW...IF THEY EXIST" >> $outfile - for f in $(ls $1); do + shopt -s nullglob # To avoid looping over empty directories + for f in "$1"/*; do echo "-IIAB--------------------------------------------------------------------------" >> $outfile - cat_file_raw $1/$f 100 + cat_file_raw "$f" 100 done else echo "DIRECTORY DOES NOT EXIST: $1" >> $outfile @@ -84,7 +85,7 @@ function cat_dir() { function cat_cmd() { # $1 = command + params, $2 = explanation echo " $1 # $2" echo "=IIAB==========================================================================" >> $outfile - cmd=$(echo $1 | sed 's/\s.*$//') # Keep command on left; Drop params on right + cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right pth=$(which $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command on right echo "COMMAND: $pth$1 # $2" >> $outfile echo >> $outfile @@ -99,7 +100,7 @@ function cat_cmd() { # $1 = command + params, $2 = explan function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail echo " $1" echo "=IIAB==========================================================================" >> $outfile - cat_file_raw $1 $2 # e.g. last 100 lines, maximum + cat_file_raw "$1" $2 # e.g. last 100 lines, maximum } # START BUILDING UP THE FILE THAT'LL CONTAIN THE DIAGNOSTICS! diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 3bf5cfdb2..00ae4ddc7 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -62,4 +62,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 105-221 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 106-222 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible.