From 41b0343d47c89ea500b5c95ee87e4db8b5b28de6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Sep 2017 14:33:58 -0500 Subject: [PATCH 01/13] Close the backdoor if rquested --- roles/iiab-admin/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index e7b815195..77807ff23 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -1,6 +1,7 @@ - include: admin-user.yml tags: - base + when: not no_admin is defined - include: access.yml tags: From 4b620b0e0f0f690ad4d578ffc7b4239f61ac042b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Sep 2017 14:34:09 -0500 Subject: [PATCH 02/13] Keep iiab-admin files together --- roles/3-base-server/tasks/main.yml | 18 ------------------ roles/iiab-admin/tasks/main.yml | 18 ++++++++++++++++++ .../templates/lxde_ssh_warn.sh | 0 .../templates/profile_ssh_warn.sh | 0 4 files changed, 18 insertions(+), 18 deletions(-) rename roles/{3-base-server => iiab-admin}/templates/lxde_ssh_warn.sh (100%) rename roles/{3-base-server => iiab-admin}/templates/profile_ssh_warn.sh (100%) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index df14c7495..1da08a920 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -2,24 +2,6 @@ file: dest={{ doc_root }}/local_content state=directory -- name: Set up to issue warning if iiab-admin password is still default - template: src=profile_ssh_warn.sh - dest=/etc/profile.d/ - -- name: Is this LXDE? - stat: path=/home/pi/.config/lxsession - register: lx - -- name: Do the same if running on raspbian - template: src=lxde_ssh_warn.sh - dest=/home/pi/.config/lxsession/LXDE-pi/ - when: lx.stat.isdir is defined and lx.staat.isdir and is_rpi and is_debuntu - -- name: put a autostart line to check for default password in LXDE - lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh - dest=/home/pi/.config/lxsession/LXDE-pi/autostart - when: lx.stat.isdir is defined and lx.staat.isdir and is_rpi and is_debuntu - - name: Base Server Installed command: echo Base Server Installed diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 77807ff23..ccd34a9d3 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -19,3 +19,21 @@ value: '"Admin User"' - option: iiab_admin_user value: "{{ iiab_admin_user }}" + +- name: Set up to issue warning if iiab-admin password is still default + template: src=profile_ssh_warn.sh + dest=/etc/profile.d/ + +- name: Is this LXDE? + stat: path=/home/pi/.config/lxsession + register: lx + +- name: Do the same if running on raspbian + template: src=lxde_ssh_warn.sh + dest=/home/pi/.config/lxsession/LXDE-pi/ + when: lx.stat.isdir is defined and lx.staat.isdir and is_rpi and is_debuntu + +- name: put a autostart line to check for default password in LXDE + lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh + dest=/home/pi/.config/lxsession/LXDE-pi/autostart + when: lx.stat.isdir is defined and lx.staat.isdir and is_rpi and is_debuntu diff --git a/roles/3-base-server/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh similarity index 100% rename from roles/3-base-server/templates/lxde_ssh_warn.sh rename to roles/iiab-admin/templates/lxde_ssh_warn.sh diff --git a/roles/3-base-server/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh similarity index 100% rename from roles/3-base-server/templates/profile_ssh_warn.sh rename to roles/iiab-admin/templates/profile_ssh_warn.sh From 1dd9f699f4e8da5df80a0ed7bc83381415815114 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Sep 2017 13:00:46 -0500 Subject: [PATCH 03/13] fix whitespace on moved files --- roles/iiab-admin/templates/lxde_ssh_warn.sh | 2 +- roles/iiab-admin/templates/profile_ssh_warn.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh index 3d20f0653..4f1fcf1b8 100755 --- a/roles/iiab-admin/templates/lxde_ssh_warn.sh +++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash # credit to the folks at raspberry pi foundatioon check_hash () { diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index 68a6d466d..4e93769f7 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash # credit to the folks at raspberry pi foundatioon check_hash () { From ad04450565e3da965e4a1809fdc8ed3736cd8a87 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Sep 2017 01:17:33 -0500 Subject: [PATCH 04/13] noted error #265 Refs #189 #137 #191 --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 713a3c83b..15c79d665 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -86,7 +86,7 @@ when: rpi_model != "none" - name: Check if the identifier for intel's NUC6 builtin wifi is present - shell: "lsusb | grep 8087:0a2b | wc |gawk '{print $1}'" + shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'" register: usb_NUC6 ignore_errors: true From 3d1efee5a65de39569eff9570d48ff2ddff805f4 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Wed, 20 Sep 2017 00:48:30 -0500 Subject: [PATCH 05/13] isolate redhat network detection --- roles/1-prep/tasks/detected_network.yml | 81 ++--------------------- roles/1-prep/tasks/detected_redhat.yml | 86 +++++++++++++++++++++++++ 2 files changed, 91 insertions(+), 76 deletions(-) create mode 100644 roles/1-prep/tasks/detected_redhat.yml diff --git a/roles/1-prep/tasks/detected_network.yml b/roles/1-prep/tasks/detected_network.yml index 687b9a2be..0b089e34d 100644 --- a/roles/1-prep/tasks/detected_network.yml +++ b/roles/1-prep/tasks/detected_network.yml @@ -20,22 +20,6 @@ device_gw2: "{{ prior_gw.stdout }}" when: prior_gw is defined and prior_gw.stdout != "" -- name: Checking for ifcfg-WAN file - stat: path=/etc/sysconfig/network-scripts/ifcfg-WAN - register: has_ifcfg_WAN - -- name: Setting ifcfg-WAN True - set_fact: - has_WAN: True - when: has_ifcfg_WAN.stat.exists - -# DETECT -- gateway and wireless -- name: Get a list of slaves from previous config - shell: "egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* | awk -F'[-:]' '{print $3}'" - register: ifcfg_slaves - ignore_errors: True - changed_when: False - # Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate - name: Finding gateway set_fact: @@ -74,59 +58,9 @@ device_gw: "{{ discovered_wan_iface }}" when: discovered_wan_iface != "none" -# returns list of paths -- name: Find gateway config based on device - shell: "egrep -rn {{ device_gw }} /etc/sysconfig/network-scripts/ifcfg* | awk -F ':' '{print $1}'" - register: ifcfg_gw_device - ignore_errors: True - changed_when: False - when: device_gw != "none" - -# last match wins -- name: Setting has ifcfg gw based on device if found - set_fact: - has_ifcfg_gw: "{{ item|trim }}" - ignore_errors: True - when: ifcfg_gw_device.stdout_lines is defined and item|trim != "" and item|trim != "/etc/sysconfig/network-scripts/ifcfg-LAN" - with_items: - - "{{ ifcfg_gw_device.stdout_lines }}" - -# returns path -- name: Find active gateway config based on macaddress - shell: "egrep -irn {{ ansible_default_ipv4.macaddress }} /etc/sysconfig/network-scripts/ifcfg* | awk -F ':' '{print $1}' | head -n 1" - register: ifcfg_gw_mac - ignore_errors: True - changed_when: False - when: 'ansible_default_ipv4.gateway is defined' - -- name: Set has ifcfg gw based on on macaddress if found - set_fact: - has_ifcfg_gw: "{{ ifcfg_gw_mac.stdout|trim }}" - when: ifcfg_gw_mac.stdout is defined and ifcfg_gw_mac.stdout != "" - -# could use something else -- name: Find wifi gateway config if present - shell: egrep -rn ESSID /etc/sysconfig/network-scripts/ifcfg* | awk -F ':' '{print $1}' | awk -F '/' '{print $5}' - register: ifcfg_WAN_wifi - ignore_errors: True - -#returns file name -- name: Setting has_wifi_gw based on ESSID if found - set_fact: - has_wifi_gw: "{{ item|trim }}" - when: ifcfg_WAN_wifi.changed and item|trim != "" - with_items: - - "{{ ifcfg_WAN_wifi.stdout_lines }}" - -- name: Finding device for wifi AP gateway - shell: egrep -rn DEVICE /etc/sysconfig/network-scripts/{{ has_wifi_gw }} | awk -F '=' '{print $2}' - register: AP_device - when: has_wifi_gw != "none" and has_ifcfg_gw != "none" - -- name: Setting wifi device - set_fact: - ap_device: "{{ AP_device.stdout }}" - when: AP_device.stdout is defined and AP_device.stdout != "" +- name: RedHat Network detection + include: detected_redhat.yml + when: is_redhat # WIRELESS -- if any wireless is detected as gateway, it becomes WAN - name: Look for any wireless interfaces @@ -222,13 +156,8 @@ when: discovered_wireless_iface != "none" and discovered_wireless_iface != iiab_wan_iface #unused -- name: Get a list of ifcfg files to delete - shell: "ls -1 /etc/sysconfig/network-scripts/ifcfg-* | grep -v -e ifcfg-lo -e ifcfg-WAN -e {{ has_wifi_gw }}" - register: ifcfg_files - changed_when: False - ignore_errors: True - when: num_lan_interfaces >= "1" or iiab_wireless_lan_iface != "none" -# +#- name: Get a list of ifcfg files to delete +# moved to detected_redhat # use value only if present - name: Setting detected lan diff --git a/roles/1-prep/tasks/detected_redhat.yml b/roles/1-prep/tasks/detected_redhat.yml new file mode 100644 index 000000000..fb22a397c --- /dev/null +++ b/roles/1-prep/tasks/detected_redhat.yml @@ -0,0 +1,86 @@ +# temp +- name: temp placekeeper + set_fact: + first_run: False + +- name: Checking for ifcfg-WAN file - Can Fail + stat: path=/etc/sysconfig/network-scripts/ifcfg-WAN + register: has_ifcfg_WAN + when: not first_run + +- name: Setting ifcfg-WAN True + set_fact: + has_WAN: True + when: has_ifcfg_WAN.stat.exists + +# DETECT -- gateway and wireless +- name: Get a list of slaves from previous config - Can Fail + shell: "egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* | gawk -F'[-:]' '{print $3}'" + register: ifcfg_slaves + ignore_errors: True + changed_when: False + when: not first_run + +# returns list of paths +- name: Find gateway config based on device + shell: "egrep -rn {{ device_gw }} /etc/sysconfig/network-scripts/ifcfg* | gawk -F ':' '{print $1}'" + register: ifcfg_gw_device + ignore_errors: True + changed_when: False + when: not first_run and device_gw != "none" + +# last match wins +- name: Setting has ifcfg gw based on device if found + set_fact: + has_ifcfg_gw: "{{ item|trim }}" + ignore_errors: True + when: ifcfg_gw_device.stdout_lines is defined and item|trim != "" and item|trim != "/etc/sysconfig/network-scripts/ifcfg-LAN" + with_items: + - "{{ ifcfg_gw_device.stdout_lines }}" + +# returns path +- name: Find active gateway config based on macaddress - Can Fail + shell: "egrep -irn {{ ansible_default_ipv4.macaddress }} /etc/sysconfig/network-scripts/ifcfg* | gawk -F ':' '{print $1}' | head -n 1" + register: ifcfg_gw_mac + ignore_errors: True + changed_when: False + when: ansible_default_ipv4.gateway is defined + +- name: Set has ifcfg gw based on on macaddress if found + set_fact: + has_ifcfg_gw: "{{ ifcfg_gw_mac.stdout|trim }}" + when: ifcfg_gw_mac.changed and ifcfg_gw_mac.stdout != "" + +# could use something else +- name: Find wifi gateway config if present - Can Fail + shell: egrep -rn ESSID /etc/sysconfig/network-scripts/ifcfg* | gawk -F ':' '{print $1}' | gawk -F '/' '{print $5}' + ignore_errors: True + register: ifcfg_WAN_wifi + +#returns file name +- name: Setting has_wifi_gw based on ESSID if found - Can Fail + set_fact: + has_wifi_gw: "{{ item|trim }}" + when: ifcfg_WAN_wifi.changed and item|trim != "" + with_items: + - "{{ ifcfg_WAN_wifi.stdout_lines }}" + +- name: Finding device for wifi AP gateway - Can Fail + shell: egrep -rn DEVICE /etc/sysconfig/network-scripts/{{ has_wifi_gw }} | gawk -F '=' '{print $2}' + ignore_errors: True + register: AP_device + when: has_wifi_gw != "none" and has_ifcfg_gw != "none" + +- name: Setting wifi device + set_fact: + ap_device: "{{ AP_device.stdout }}" + when: AP_device.stdout is defined and AP_device.stdout != "" + +#unused +#- name: Get a list of ifcfg files to delete - Can Fail +# shell: "ls -1 /etc/sysconfig/network-scripts/ifcfg-* | grep -v -e ifcfg-lo -e ifcfg-WAN -e {{ has_wifi_gw }}" +# register: ifcfg_files +# changed_when: False +# ignore_errors: True +# when: num_lan_interfaces >= "1" or iiab_wireless_lan_iface != "none" + From 53b884450b9493ae98e0d4c54babad59a19af170 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 21 Sep 2017 23:17:20 -0500 Subject: [PATCH 06/13] move ignore_errors after register --- roles/1-prep/tasks/detected_redhat.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/tasks/detected_redhat.yml b/roles/1-prep/tasks/detected_redhat.yml index fb22a397c..0f072a65f 100644 --- a/roles/1-prep/tasks/detected_redhat.yml +++ b/roles/1-prep/tasks/detected_redhat.yml @@ -54,8 +54,8 @@ # could use something else - name: Find wifi gateway config if present - Can Fail shell: egrep -rn ESSID /etc/sysconfig/network-scripts/ifcfg* | gawk -F ':' '{print $1}' | gawk -F '/' '{print $5}' - ignore_errors: True register: ifcfg_WAN_wifi + ignore_errors: True #returns file name - name: Setting has_wifi_gw based on ESSID if found - Can Fail @@ -67,8 +67,8 @@ - name: Finding device for wifi AP gateway - Can Fail shell: egrep -rn DEVICE /etc/sysconfig/network-scripts/{{ has_wifi_gw }} | gawk -F '=' '{print $2}' - ignore_errors: True register: AP_device + ignore_errors: True when: has_wifi_gw != "none" and has_ifcfg_gw != "none" - name: Setting wifi device From e57ff51ca8a280c5050ba71ba8801bba1b792a40 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Sep 2017 02:44:04 -0500 Subject: [PATCH 07/13] move config_vars.yml creation --- iiab.yml | 1 - roles/9-local-addons/tasks/main.yml | 2 ++ runansible | 9 ++------- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/iiab.yml b/iiab.yml index 6be4ebaac..8a2df7715 100644 --- a/iiab.yml +++ b/iiab.yml @@ -6,7 +6,6 @@ - vars/default_vars.yml - vars/{{ ansible_local.local_facts.os_ver}}.yml - vars/local_vars.yml - - /etc/iiab/config_vars.yml roles: - { role: 1-prep, tags: ['prep','platform','base'] } diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index ce546dfe9..62d761ab3 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -1,3 +1,5 @@ - name: Addon services installed command: echo Addon services installed +- name: Installation Complete + shell: echo "{}" > /etc/iiab/config_vars.yml diff --git a/runansible b/runansible index 431ca47da..3f731f2ae 100755 --- a/runansible +++ b/runansible @@ -1,11 +1,5 @@ -#!/bin/bash - +#!/bin/bash # copy var files to /etc/iiab for subsequent use -mkdir -p /etc/iiab -if [ ! -f /etc/iiab/config_vars.yml ]; then - echo "{}" > /etc/iiab/config_vars.yml -fi - # if vars/local_vars.yml is missing, put a default one in place if [ ! -f ./vars/local_vars.yml ]; then OS=`grep ^ID= /etc/*release|cut -d= -f2` @@ -77,3 +71,4 @@ export ANSIBLE_LOG_PATH="$XSCE_DIR/iiab-install.log" ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local +#ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --syntax-check From 6e4540fa08b705b0e7eec23282f05d95e81cce7d Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 19 Sep 2017 02:46:37 -0500 Subject: [PATCH 08/13] first_run framework just remove it --- roles/1-prep/defaults/main.yml | 3 ++- roles/1-prep/tasks/detected_network.yml | 10 +++++---- roles/1-prep/tasks/detected_redhat.yml | 5 ----- roles/1-prep/tasks/iiab_ini.yml | 2 -- roles/1-prep/tasks/main.yml | 27 ++++++++++++++++--------- 5 files changed, 26 insertions(+), 21 deletions(-) diff --git a/roles/1-prep/defaults/main.yml b/roles/1-prep/defaults/main.yml index ff30bafbb..71af080a7 100644 --- a/roles/1-prep/defaults/main.yml +++ b/roles/1-prep/defaults/main.yml @@ -1,9 +1,10 @@ # use these as a tag a release at a point in time -iiab_base_ver: 0 +iiab_base_ver: 6.4 gui_version: 2 # These entries should never be changed in this file. # These are defaults for boolean routines, +first_run: False installing: False NUC6_firmware_needed: False exFAT_enabled: False diff --git a/roles/1-prep/tasks/detected_network.yml b/roles/1-prep/tasks/detected_network.yml index 0b089e34d..b3637d5ba 100644 --- a/roles/1-prep/tasks/detected_network.yml +++ b/roles/1-prep/tasks/detected_network.yml @@ -1,24 +1,26 @@ - name: Checking iiab_domain_name shell: "cat /etc/sysconfig/iiab_domain_name" register: prior_domain - ignore_errors: True + when: not first_run # above always registers - name: Checking for prior domain name set_fact: iiab_domain: "{{ prior_domain.stdout }}" - when: prior_domain.stdout != "lan" and prior_domain.stdout != "" + when: not first_run and prior_domain.stdout != "lan" and prior_domain.stdout != "" - name: iiab_wan_device shell: "cat /etc/sysconfig/iiab_wan_device" register: prior_gw - ignore_errors: True + when: not first_run - name: Checking for old device gateway interface for device test set_fact: device_gw: "{{ prior_gw.stdout }}" device_gw2: "{{ prior_gw.stdout }}" - when: prior_gw is defined and prior_gw.stdout != "" + when: not first_run and prior_gw is defined and prior_gw.stdout != "" + +#pause checking # Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate - name: Finding gateway diff --git a/roles/1-prep/tasks/detected_redhat.yml b/roles/1-prep/tasks/detected_redhat.yml index 0f072a65f..a74fd5f07 100644 --- a/roles/1-prep/tasks/detected_redhat.yml +++ b/roles/1-prep/tasks/detected_redhat.yml @@ -1,8 +1,3 @@ -# temp -- name: temp placekeeper - set_fact: - first_run: False - - name: Checking for ifcfg-WAN file - Can Fail stat: path=/etc/sysconfig/network-scripts/ifcfg-WAN register: has_ifcfg_WAN diff --git a/roles/1-prep/tasks/iiab_ini.yml b/roles/1-prep/tasks/iiab_ini.yml index f059cd739..c78970507 100755 --- a/roles/1-prep/tasks/iiab_ini.yml +++ b/roles/1-prep/tasks/iiab_ini.yml @@ -30,7 +30,5 @@ value: '{{ ansible_local["local_facts"]["iiab_commit"] }}' - option: 'install_date' value: '{{ ansible_date_time["iso8601"] }}' - - option: 'Universal Unique ID (uuid)' - value: '{{ uuid }}' - option: 'install_xo' value: '{{ xo_model }}' diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 15c79d665..2e682ff7a 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -1,3 +1,16 @@ +- name: Determine if runansible was run + stat: path=/etc/iiab/config_vars.yml + register: NewInstall + +- name: Setting first run flag + set_fact: + first_run: True + when: NewInstall.stat.exists is defined and not NewInstall.stat.exists + +# we need to inialize the ini file +- include: iiab_ini.yml + when: first_run + - name: Set flag for fedora 18 set_fact: is_F18: True @@ -50,13 +63,13 @@ - name: Disable apparmor -- on by default in ubuntu service: name=apparmor enabled=False state=stopped - when: is_ubuntu + when: first_run and is_ubuntu ignore_errors: true - name: Disable selinux on next boot selinux: state=disabled register: selinux_disabled - when: ansible_selinux is defined and ansible_version >= '2' and ansible_selinux or ansible_selinux['status'] is defined and ansible_version < '2' and ansible_selinux['status'] != 'disabled' + when: first_run - name: Disable selinux for this session (if needed) command: setenforce Permissive @@ -72,26 +85,22 @@ - include: prep.yml -# we need to inialize the ini file -- include: iiab_ini.yml - - include: computed_vars.yml - include: detected_network.yml when: not installing - # Put conditional actions for hardware platforms here - include: raspberry_pi_2.yml - when: rpi_model != "none" + when: first_run and rpi_model != "none" - name: Check if the identifier for intel's NUC6 builtin wifi is present shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'" register: usb_NUC6 ignore_errors: true + when: first_run - name: download the firmware for built in wifi on NUC6 get_url: dest=/lib/firmware url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode - when: usb_NUC6.stdout|int > 0 - + when: first_run and usb_NUC6.stdout|int > 0 From 91c2063a94841f8ef10b3b3fb97499cf663f2d6c Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sat, 23 Sep 2017 14:58:09 -0400 Subject: [PATCH 09/13] elgg fix --- roles/elgg/tasks/main.yml | 96 ++++++++++++++++++++------------------- 1 file changed, 50 insertions(+), 46 deletions(-) diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index a6ce63e0d..a54f4919a 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -1,5 +1,6 @@ - name: download current version from our copy shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }} + creates={{ downloads_dir }}/elgg-{{ elgg_version }}.zip when: internet_available - name: Determine if software is already expanded @@ -14,19 +15,62 @@ shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt" when: elgg.stat.exists is defined and not elgg.stat.exists -- name: change ownership - file: path=/opt/elgg-{{elgg_version }} - owner={{ apache_user }} - recurse=yes - state=directory - - name: Create a link to the versioned elgg folder file: src=./elgg-{{ elgg_version }} dest=/opt/elgg + owner={{ apache_user }} + group={{ apache_user }} state=link force=true +# use template to fix up settings in engine/settings.php with our variables substituted +# into engine/settings.example.php +- name: Substitute our parameters in engine/settings.example.php + template: src="settings.php.j2" + dest="/opt/{{ elgg_xx }}/elgg-config/settings.php" + owner={{ apache_user }} + group={{ apache_user }} + +# The name of this file changed from 1.9 to 1.10. +- name: Copy default .htaccess to the root directory of elgg tree + copy: src="/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist" + dest="/opt/{{ elgg_xx }}/.htaccess" + mode=0644 + owner={{ apache_user }} + group={{ apache_user }} + +#regexp='^#RewriteBase' +- name: Modify .htaccess to have RewriteBase as our directory + lineinfile: backup=no + dest="/opt/{{ elgg_xx }}/.htaccess" + state=present + insertafter='^#RewriteBase' + line="RewriteBase {{ elgg_url }}/" + +- name: Change permissions on engine directory so apache can write + file: path=/opt/elgg/engine/ owner={{ apache_user }} mode=0755 state=directory + +- name: Create an upload directory that Apache can write in or elgg + file: path={{ elgg_upload_path }} state=directory owner={{ apache_user }} + +- name: change ownership + file: path=/opt/elgg-{{ elgg_version }} + owner={{ apache_user }} + group={{ apache_user }} + recurse=yes + state=directory + # elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql +# tar up a mysqldump of freshly installed database and use it in the install to avoid the startup +# form, which worries me a lot. (/var/lib/mysql/elggdb) + +- name: Create a user to access the elgg database + mysql_user: name={{ dbuser }} host={{ item }} password={{ dbpassword }} priv=*.*:ALL + with_items: + - 127.0.0.1 + - ::1 + - localhost + when: mysql_enabled and elgg_enabled and not elgg.stat.exists - name: Create file to load database template: src=elggdb.sql.j2 @@ -46,39 +90,6 @@ - name: Remove database dump after load file: name=/tmp/elggdb.sql state=absent -- name: Create a user to access the elgg database - mysql_user: name={{ dbuser }} host={{ item }} password={{ dbpassword }} priv=*.*:ALL - with_items: - - 127.0.0.1 - - ::1 - - localhost - when: mysql_enabled and elgg_enabled - -# The name of this file changed from 1.9 to 1.10. -- name: Copy default .htaccess to the root directory of elgg tree - copy: src="/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist" - dest="/opt/{{ elgg_xx }}/.htaccess" - mode=0644 - owner={{ apache_user }} - group=root - -- name: Modify .htaccess to have RewriteBase as our directory - lineinfile: backup=yes - dest="/opt/{{ elgg_xx }}/.htaccess" - state=present - insertafter='^#RewriteBase' - line="RewriteBase {{ elgg_url }}/" - -#regexp='^#RewriteBase' - -#- tar up a mysqldump of freshly installed database and use it in the install to avoid the startup form, which worries me a lot. (/var/lib/mysql/elggdb) - -#- use template to fix up settings in engine/settings.php with our variables substituted into engine/settings.example.php -- name: Substitute our parameters in engine/settings.example.php - template: src="settings.php.j2" - dest="/opt/{{ elgg_xx }}/elgg-config/settings.php" - owner={{ apache_user }} - - name: Install config file for elgg in Apache template: src=elgg.conf dest=/etc/{{ apache_config_dir }}/elgg.conf when: mysql_enabled and elgg_enabled @@ -94,12 +105,6 @@ state=absent when: not elgg_enabled and is_debuntu -- name: Change permissions on engine directory so apache can write - file: path=/opt/elgg/engine/ owner={{ apache_user }} mode=0755 state=directory - -- name: Create an upload directory that Apache can write in or elgg - file: path={{ elgg_upload_path }} state=directory owner={{ apache_user }} - - name: add elgg to service list ini_file: dest='{{ service_filelist }}' section=elgg @@ -117,4 +122,3 @@ - name: Restart apache, so it picks up the new aliases service: name={{ apache_service }} state=restarted - From b40bcd31f9020fcfcf9c89433affb807bb783dc9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 24 Sep 2017 10:15:16 -0500 Subject: [PATCH 10/13] fix indent --- roles/elgg/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index a54f4919a..9a1946e2f 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -1,6 +1,6 @@ - name: download current version from our copy shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }} - creates={{ downloads_dir }}/elgg-{{ elgg_version }}.zip + creates={{ downloads_dir }}/elgg-{{ elgg_version }}.zip when: internet_available - name: Determine if software is already expanded From d6c566c032f0ec4e47e753ebbf03945da7af574b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Sun, 24 Sep 2017 16:30:02 -0400 Subject: [PATCH 11/13] elgg - handle upgrades --- roles/elgg/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 9a1946e2f..ed703b722 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -4,7 +4,7 @@ when: internet_available - name: Determine if software is already expanded - stat: path=/opt/elgg/index.php + stat: path=/opt/elgg-{{ elgg_version }}/index.php register: elgg # use unzip and shell until unarchive works again From a9df337ac516b707c75affb345aa6b374664bd06 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 25 Sep 2017 11:17:52 -0500 Subject: [PATCH 12/13] correct selinux for non-redhat installs --- roles/1-prep/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 2e682ff7a..e5507797f 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -69,11 +69,11 @@ - name: Disable selinux on next boot selinux: state=disabled register: selinux_disabled - when: first_run + when: first_run and not is_debuntu - name: Disable selinux for this session (if needed) command: setenforce Permissive - when: selinux_disabled is defined and selinux_disabled.changed + when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed ## DISCOVER PLATFORMS ###### - name: Discover if this is a rpi -- assume if so it is running raspbian From 5d57c6f250d1ec9d32a1b21652bfaba54249e2f9 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 25 Sep 2017 13:24:01 -0500 Subject: [PATCH 13/13] missing mkdir in runansible --- runansible | 1 + 1 file changed, 1 insertion(+) diff --git a/runansible b/runansible index 3f731f2ae..8368c0312 100755 --- a/runansible +++ b/runansible @@ -25,6 +25,7 @@ then cd $XSCE_DIR else XSCE_DIR=/opt/iiab/iiab + mkdir -p /etc/iiab fi if [ ! -f iiab.yml ]