Merge pull request #455 from iiab/master

Sync from iiab/iiab:master

roles/1-prep/tasks/main.yml

@@ -105,15 +105,15 @@
   when: is_ubuntu
   ignore_errors: True
 
-- name: Disable SELinux on next boot (OS's other than debuntu)
+#- name: Disable SELinux on next boot (OS's other than debuntu)
-  selinux:
+#  selinux:
-    state: disabled
+#    state: disabled
-  register: selinux_disabled
+#  register: selinux_disabled
-  when: not is_debuntu
+#  when: not is_debuntu
 
-- name: Disable SELinux for this session (OS's other than debuntu, if needed)
+#- name: Disable SELinux for this session (OS's other than debuntu, if needed)
-  command: setenforce Permissive
+#  command: setenforce Permissive
-  when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
+#  when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
 
 ##  DISCOVER PLATFORMS ######
 # Put conditional actions for hardware platforms here

roles/2-common/tasks/main.yml

@@ -21,21 +21,25 @@
 - include_tasks: packages.yml
 - include_tasks: iptables.yml
 
-- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible
+# 2020-11-27 emergency patch+experiment til this is answered more methodically:
-  sysctl:
+# https://github.com/iiab/iiab/issues/2650
-    name: "{{ item.name }}"
+# https://github.com/iiab/iiab/pull/2651
-    value: "{{ item.value }}"
+#
-  with_items:
+#- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible
-    - { name: 'net.ipv4.ip_forward', value: '1' }
+#  sysctl:
-    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
+#    name: "{{ item.name }}"
-    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
+#    value: "{{ item.value }}"
-    - { name: 'kernel.sysrq', value: '1' }
+#  with_items:
-    - { name: 'kernel.core_uses_pid', value: '1' }
+#    - { name: 'net.ipv4.ip_forward', value: '1' }
-    - { name: 'net.ipv4.tcp_syncookies', value: '1' }
+#    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
-    - { name: 'kernel.shmmax', value: '268435456' }
+#    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
-    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
+#    - { name: 'kernel.sysrq', value: '1' }
-    - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
+#    - { name: 'kernel.core_uses_pid', value: '1' }
-    - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }
+#    - { name: 'net.ipv4.tcp_syncookies', value: '1' }
+#    - { name: 'kernel.shmmax', value: '268435456' }
+#    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
+#    - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
+#    - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }
 
 - name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
   template:

roles/gitea/tasks/install.yml

@@ -48,6 +48,7 @@
     url: "{{ gitea_download_url }}"
     dest: "{{ gitea_install_path }}"
     mode: '0775'
+    timeout: "{{ download_timeout }}"
   when: internet_available
 
 - name: Download Gitea GPG signature

scripts/ansible

@@ -94,6 +94,7 @@ $APT_PATH/apt -y --allow-downgrades install ansible-base \
 echo -e "\n\nIIAB requires these 2 Ansible Collections: (w/ ansible-base 2.10.0 or higher)\n"
 ansible-galaxy collection install community.general    # Re-running these
 ansible-galaxy collection install community.mysql      # appears to be safe!?
+#ansible-galaxy collection install ansible.posix       # 2020-11-27: See roles/1-prep/tasks/main.yml & PR #2647, PR #2648, #2650, PR #2651
 
 echo -e "\n\nCreating/verifying directory /etc/ansible & installing /etc/ansible/hosts\n"
 mkdir -p /etc/ansible