From 5f76bbb0c2ff4801db6433be8729566318573212 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Oct 2018 01:46:16 -0400 Subject: [PATCH 01/63] Update main.yml --- roles/iiab-admin/defaults/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/iiab-admin/defaults/main.yml b/roles/iiab-admin/defaults/main.yml index 10c2940e5..e4cccaf61 100644 --- a/roles/iiab-admin/defaults/main.yml +++ b/roles/iiab-admin/defaults/main.yml @@ -1,5 +1,4 @@ ---- -# must keep roles/0-once/defaults/main.yml sync'd -# The values here are defaults. +# Must keep roles/0-init/defaults/main.yml sync'd ? (Seems no longer true as of 2018-10-15) +# Oddly this is used by roles/usb-lib/tasks/main.yml to set group perm for /library/www/html/local_content iiab_admin_user: iiab-admin From 41c17a842a46b0824f60965221ee51a784e36f29 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Oct 2018 01:48:23 -0400 Subject: [PATCH 02/63] Update main.yml --- roles/iiab-admin/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 5267c18fe..8b7a1f466 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -1,7 +1,7 @@ - include_tasks: admin-user.yml tags: - base - when: admin_install + when: iiab_admin_install - include_tasks: access.yml tags: From 07e930f2523cc668d10f6abe10d0b5a4e4ae67de Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Oct 2018 01:48:49 -0400 Subject: [PATCH 03/63] Update main.yml --- roles/iiab-admin/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/iiab-admin/defaults/main.yml b/roles/iiab-admin/defaults/main.yml index e4cccaf61..b1782eeec 100644 --- a/roles/iiab-admin/defaults/main.yml +++ b/roles/iiab-admin/defaults/main.yml @@ -1,4 +1,6 @@ # Must keep roles/0-init/defaults/main.yml sync'd ? (Seems no longer true as of 2018-10-15) +iiab_admin_install: True + # Oddly this is used by roles/usb-lib/tasks/main.yml to set group perm for /library/www/html/local_content iiab_admin_user: iiab-admin From a506f9f3e66896456ebd0f37470da61682323d98 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Oct 2018 01:58:34 -0400 Subject: [PATCH 04/63] No longer used in 2018 --- .../templates/{settings.py.j2 => settings.py.j2.deprecated} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/kalite/templates/{settings.py.j2 => settings.py.j2.deprecated} (100%) diff --git a/roles/kalite/templates/settings.py.j2 b/roles/kalite/templates/settings.py.j2.deprecated similarity index 100% rename from roles/kalite/templates/settings.py.j2 rename to roles/kalite/templates/settings.py.j2.deprecated From 837f5953fdd03c02e76c96becedc26325e2db38b Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Oct 2018 02:46:15 -0400 Subject: [PATCH 05/63] Update lxde_ssh_warn.sh --- roles/iiab-admin/templates/lxde_ssh_warn.sh | 38 +++++++++++++-------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh index 4f1fcf1b8..2e8f6a482 100755 --- a/roles/iiab-admin/templates/lxde_ssh_warn.sh +++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh @@ -1,22 +1,32 @@ #!/bin/bash + +function check_user_pwd() { + # $meth (hashing method) is typically '6' which implies 5000 rounds + # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password + meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2) + salt=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f3) + hash=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f4) + [ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ] +} + # credit to the folks at raspberry pi foundatioon -check_hash () -{ +check_hash () { if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi - test -x /usr/bin/mkpasswd || return 0 - SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)" - test -n "${SHADOW}" || return 0 - if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi - SHADOW_PW=$(echo $SHADOW | cut -d: -f2) - if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi - - if echo "${SHADOW}" | grep -q "${HASH}"; then - zenity --warning --text="SSH is enabled and the default password for the 'iiab-admin' user has not been changed.\nThis is a security risk - please go to the iiab-console and use utilities-> change password to set a new password." + #test -x /usr/bin/mkpasswd || return 0 + #SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)" + #test -n "${SHADOW}" || return 0 + #if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi + #SHADOW_PW=$(echo $SHADOW | cut -d: -f2) + #if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi + #if echo "${SHADOW}" | grep -q "${HASH}"; then + if check_user_pwd "iiab-admin" "g0adm1n"; then + zenity --warning --text="SSH is enabled and the default password for user 'iiab-admin' is in use.\nThis is a security risk - please change the password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password." fi } -if service ssh status | grep -q running; then - check_hash -fi +#if service ssh status | grep -q running; then +# check_hash +#fi +systemctl is-active {{ sshd_service }} > /dev/null && check_hash unset check_hash From 1cc054b7201a00891d1b3158e40de7914cca63b3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Oct 2018 02:46:20 -0400 Subject: [PATCH 06/63] Update profile_ssh_warn.sh --- .../iiab-admin/templates/profile_ssh_warn.sh | 36 +++++++++++-------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index 4e93769f7..189bd6ea6 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -1,19 +1,27 @@ #!/bin/bash -# credit to the folks at raspberry pi foundatioon -check_hash () -{ - if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi - if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi - SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)" - test -n "${SHADOW}" || return 0 - if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi - SHADOW_PW=$(echo $SHADOW | cut -d: -f2) - if [ "$SHADOW_PW" != '{{ iiab_admin_passw_hash }}' ]; then return 0 ; fi - echo - echo "SSH is enabled and the default password for the 'iiab-admin' user is unchanged." - echo "This is a security risk - please login as the 'iiab-admin' user and type 'passwd' to change password." - echo +function check_user_pwd() { + # $meth (hashing method) is typically '6' which implies 5000 rounds + # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password + meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2) + salt=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f3) + hash=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f4) + [ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ] +} + +# credit to the folks at raspberry pi foundatioon +check_hash () { + if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi + if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi + #SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)" + #test -n "${SHADOW}" || return 0 + #if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi + #SHADOW_PW=$(echo $SHADOW | cut -d: -f2) + #if [ "$SHADOW_PW" != '{{ iiab_admin_passw_hash }}' ]; then return 0 ; fi + if check_user_pwd "iiab-admin" "g0adm1n"; then + echo -e "\nSSH is enabled and the default password for the 'iiab-admin' user is unchanged." + echo -e "This is a security risk - please login as user 'iiab-admin' and run 'passwd' to change its password.\n" + fi } systemctl is-active {{ sshd_service }} > /dev/null && check_hash From 29214645df277230b59e813fac8f4f16bf30a2ee Mon Sep 17 00:00:00 2001 From: A Holt Date: Mon, 15 Oct 2018 03:05:34 -0400 Subject: [PATCH 07/63] Update default_vars.yml --- vars/default_vars.yml | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index e2912ecef..03d11ca75 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -30,22 +30,23 @@ disregard_network: False # use cache or error out if cache does not exist # Users and Passwords +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -# Obtain a password hash with: +# Password hash to be used if Ansible creates the above user: +iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -iiab_admin_passw_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. -admin_install: True -# Set admin_install: False if you don't want iiab_admin_user & wheel group -# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based -# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n - -# If admin_install: False, set iiab_admin_user (above) to an existing Linux -# user that has sudo access, so you can login to Admin Console http://box/admin - -# Languages +# Languages (for Apache) default_language: en -language_priority: en es +language_priority: en es fr # Time Zone (php needs timezone to be set) local_tz: "{{ ansible_date_time.tz }}" From c48ab36cfe8b52d7383af4d9396599ad9ec286b3 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:17:49 -0400 Subject: [PATCH 08/63] Update default_vars.yml --- vars/default_vars.yml | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 03d11ca75..2a5357af4 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -5,11 +5,10 @@ # By convention we use True/False to indicate boolean constants. -# Installation Constants -content_base: "/library" -#doc_base: "/var" -doc_base: "{{ content_base }}/www" -doc_root: "{{ doc_base }}/html" +# Configuration File(s) +iiab_local_vars_file: /etc/iiab/local_vars.yml +iiab_config_file: /etc/iiab/iiab.ini +service_filelist: "{{ iiab_config_file }}" iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" @@ -17,18 +16,17 @@ pip_packages_dir: "{{ iiab_base }}/pip-packages" yum_packages_dir: "{{ iiab_base }}/yum-packages" downloads_dir: "{{ iiab_base }}/downloads" iiab_download_url: http://download.iiab.io/packages + +content_base: "/library" +doc_base: "{{ content_base }}/www" +doc_root: "{{ doc_base }}/html" + # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Configuration File(s) -iiab_config_file: /etc/iiab/iiab.ini -iiab_local_vars_file: /etc/iiab/local_vars.yml -service_filelist: "{{ iiab_config_file }}" - -# The following variable may be useful in debugging -disregard_network: False # use cache or error out if cache does not exist - -# Users and Passwords +# Languages (for Apache) +default_language: en +language_priority: en es fr # Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel # group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- @@ -44,20 +42,19 @@ iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXi # Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -# Languages (for Apache) -default_language: en -language_priority: en es fr - # Time Zone (php needs timezone to be set) local_tz: "{{ ansible_date_time.tz }}" # Read https://github.com/iiab/iiab/wiki/IIAB-Networking # Also readable offline @ http://box/info/IIAB-Networking.html -# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 65 LINES, as enabled by Ansible's +# NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 100 LINES, as enabled by Ansible's # NETWORK role (/opt/iiab/iiab/roles/network/*) in 4-SERVER-OPTIONS below. # SEE ALSO: /opt/iiab/iiab/roles/network/defaults/main.yml +# The following variable may be useful in debugging +disregard_network: False # use cache or error out if cache does not exist + iiab_hostname: box iiab_domain: lan lan_ip: 172.18.96.1 From dc87ff92146aafb5d6bad0c361f3514fd759eb05 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:18:41 -0400 Subject: [PATCH 09/63] Update local_vars_min.yml --- vars/local_vars_min.yml | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 46b500224..25d7a6bb8 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -8,20 +8,23 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Users and Passwords +# Languages (for Apache) +default_language: en +language_priority: en es fr +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -# Obtain a password hash with: +# Password hash to be used if Ansible creates the above user: +iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -# iiab_admin_passw_hash: -admin_install: True - -# Set admin_install: False if you don't want iiab_admin_user & wheel group -# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based -# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n - -# If admin_install: False, set iiab_admin_user (above) to an existing Linux -# user that has sudo access, so you can login to Admin Console http://box/admin iiab_hostname: box iiab_domain: lan From 99676cc53ffacaa639c69b12639862308119e1ac Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:19:38 -0400 Subject: [PATCH 10/63] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 42d98329d..f6551d1a9 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -8,20 +8,23 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Users and Passwords +# Languages (for Apache) +default_language: en +language_priority: en es fr +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -# Obtain a password hash with: +# Password hash to be used if Ansible creates the above user: +iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -# iiab_admin_passw_hash: -admin_install: True - -# Set admin_install: False if you don't want iiab_admin_user & wheel group -# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based -# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n - -# If admin_install: False, set iiab_admin_user (above) to an existing Linux -# user that has sudo access, so you can login to Admin Console http://box/admin iiab_hostname: box iiab_domain: lan From 245f76bf034807a8cdc2a86d66cf2b8d4738b147 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:19:59 -0400 Subject: [PATCH 11/63] Update local_vars_big.yml --- vars/local_vars_big.yml | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index a8b9194d1..7727ac078 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -8,20 +8,23 @@ # Ansible's default timeout for "get_url:" downloads (10 seconds) often fails download_timeout: 200 -# Users and Passwords +# Languages (for Apache) +default_language: en +language_priority: en es fr +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -# Obtain a password hash with: +# Password hash to be used if Ansible creates the above user: +iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: # python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' -# iiab_admin_passw_hash: -admin_install: True - -# Set admin_install: False if you don't want iiab_admin_user & wheel group -# auto-created in roles/iiab-admin/tasks/main.yml, thereby disabling sudo-based -# warnings on use of published passwords like pi/raspberry & iiab-admin/g0adm1n - -# If admin_install: False, set iiab_admin_user (above) to an existing Linux -# user that has sudo access, so you can login to Admin Console http://box/admin iiab_hostname: box iiab_domain: lan From 8ee06808fb157410b329534f9d351463c23a188f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:23:02 -0400 Subject: [PATCH 12/63] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 2a5357af4..4901744db 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -36,7 +36,7 @@ iiab_admin_user_install: True # Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin # Password hash to be used if Ansible creates the above user: -iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: # python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' # Obtain a password hash - OLD WAY: From faee3df4062eaea228170cce782200d7f0b444fb Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:23:20 -0400 Subject: [PATCH 13/63] Update local_vars_min.yml --- vars/local_vars_min.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 25d7a6bb8..44a4a52dc 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -20,7 +20,7 @@ iiab_admin_user_install: True # Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin # Password hash to be used if Ansible creates the above user: -iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: # python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' # Obtain a password hash - OLD WAY: From 513e607ecd9a81a3905a577683bd37fb0a68841b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:23:35 -0400 Subject: [PATCH 14/63] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index f6551d1a9..11b9a3ac3 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -20,7 +20,7 @@ iiab_admin_user_install: True # Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin # Password hash to be used if Ansible creates the above user: -iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: # python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' # Obtain a password hash - OLD WAY: From 0fce6306bf5ce785a2a27d6b361146159ec5d92d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:23:50 -0400 Subject: [PATCH 15/63] Update local_vars_big.yml --- vars/local_vars_big.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 7727ac078..13f8ea711 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -20,7 +20,7 @@ iiab_admin_user_install: True # Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin # Password hash to be used if Ansible creates the above user: -iiab_admin_new_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: # python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' # Obtain a password hash - OLD WAY: From 04fbf9cdbb5cf8921a384c1f24a5f83d7a0db5bd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:25:07 -0400 Subject: [PATCH 16/63] Update profile_ssh_warn.sh --- roles/iiab-admin/templates/profile_ssh_warn.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index 189bd6ea6..81662d7be 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -17,7 +17,7 @@ check_hash () { #test -n "${SHADOW}" || return 0 #if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi #SHADOW_PW=$(echo $SHADOW | cut -d: -f2) - #if [ "$SHADOW_PW" != '{{ iiab_admin_passw_hash }}' ]; then return 0 ; fi + #if [ "$SHADOW_PW" != '{{ iiab_admin_pwd_hash }}' ]; then return 0 ; fi if check_user_pwd "iiab-admin" "g0adm1n"; then echo -e "\nSSH is enabled and the default password for the 'iiab-admin' user is unchanged." echo -e "This is a security risk - please login as user 'iiab-admin' and run 'passwd' to change its password.\n" From 09bc69970d738ac18e38f698fe277dd7b94c9bbf Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:29:26 -0400 Subject: [PATCH 17/63] Update default_vars.yml --- vars/default_vars.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4901744db..5d515e9f6 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -35,7 +35,8 @@ iiab_admin_user_install: True # If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing # Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -# Password hash to be used if Ansible creates the above user: +iiab_admin_published_pwd: g0adm1n +# Password hash to override above, if Ansible creates above user: iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: # python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' From 4d639a22a37591b48ef3ba4a9d1f2559e748086c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:31:13 -0400 Subject: [PATCH 18/63] Update profile_ssh_warn.sh --- roles/iiab-admin/templates/profile_ssh_warn.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index 81662d7be..2b1361b60 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -18,9 +18,9 @@ check_hash () { #if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi #SHADOW_PW=$(echo $SHADOW | cut -d: -f2) #if [ "$SHADOW_PW" != '{{ iiab_admin_pwd_hash }}' ]; then return 0 ; fi - if check_user_pwd "iiab-admin" "g0adm1n"; then + if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then echo -e "\nSSH is enabled and the default password for the 'iiab-admin' user is unchanged." - echo -e "This is a security risk - please login as user 'iiab-admin' and run 'passwd' to change its password.\n" + echo -e "This is a security risk - please log in as user 'iiab-admin' and run 'passwd' to change its password.\n" fi } From 0f58d0b651bd9e0560038170968bf169204a37c7 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:32:22 -0400 Subject: [PATCH 19/63] Update lxde_ssh_warn.sh --- roles/iiab-admin/templates/lxde_ssh_warn.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh index 2e8f6a482..e0d8afcf2 100755 --- a/roles/iiab-admin/templates/lxde_ssh_warn.sh +++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh @@ -20,8 +20,8 @@ check_hash () { #SHADOW_PW=$(echo $SHADOW | cut -d: -f2) #if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi #if echo "${SHADOW}" | grep -q "${HASH}"; then - if check_user_pwd "iiab-admin" "g0adm1n"; then - zenity --warning --text="SSH is enabled and the default password for user 'iiab-admin' is in use.\nThis is a security risk - please change the password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password." + if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then + zenity --warning --text="SSH is enabled and the default password for user 'iiab-admin' is in use.\nThis is a security risk - please change its password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password." fi } From d9765e8c1b8caef9d1671f735b01cb662eacf8b2 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:36:52 -0400 Subject: [PATCH 20/63] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 5d515e9f6..364cb6ee8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -35,7 +35,7 @@ iiab_admin_user_install: True # If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing # Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -iiab_admin_published_pwd: g0adm1n +iiab_admin_published_pwd: g0adm1n # For live checks/alerts on published pwds # Password hash to override above, if Ansible creates above user: iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: From d2543f625b2c9e274485b21304bbdcea1abd156b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:42:04 -0400 Subject: [PATCH 21/63] Update main.yml --- roles/iiab-admin/defaults/main.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/defaults/main.yml b/roles/iiab-admin/defaults/main.yml index b1782eeec..be997eddb 100644 --- a/roles/iiab-admin/defaults/main.yml +++ b/roles/iiab-admin/defaults/main.yml @@ -1,6 +1,21 @@ # Must keep roles/0-init/defaults/main.yml sync'd ? (Seems no longer true as of 2018-10-15) -iiab_admin_install: True +# Set iiab_admin_user_install: False if you don't want iiab_admin_user & wheel +# group auto-created in roles/iiab-admin/tasks/main.yml (hence disabling sudo- +# checks/warnings of published passwds like pi/raspberry & iiab-admin/g0adm1n). +iiab_admin_user_install: True +# If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing +# Linux user that has sudo access, for login to Admin Console http://box/admin -# Oddly this is used by roles/usb-lib/tasks/main.yml to set group perm for /library/www/html/local_content +# ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml to set group perm for /library/www/html/local_content iiab_admin_user: iiab-admin + +# For live checks/alerts on published pwds +iiab_admin_published_pwd: g0adm1n + +# Password hash to override above, if Ansible creates above user: +iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. +# Obtain a password hash - NEW MORE SECURE WAY: +# python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))' +# Obtain a password hash - OLD WAY: +# python -c 'import crypt; print crypt.crypt("<plaintext>", "$6$<salt>")' From c3793c9c7ab0a8d07ed36e058ef901a7eef1d719 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:51:53 -0400 Subject: [PATCH 22/63] Update main.yml --- roles/usb-lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index e146ecf90..41eb8ae47 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -3,7 +3,7 @@ dest: "{{ doc_root }}/local_content" state: directory owner: "{{ apache_user }}" - group: "{{ iiab_admin_user }}" + group: "{{ iiab_admin_user }}" # ISN'T {{ apache_user }} MORE APPROPRIATE? mode: 0775 - name: Copy mount file to usbmount when enabled From 68d75b16bfb03117efe2daaaf0b2fcbf59509c37 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:53:00 -0400 Subject: [PATCH 23/63] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 364cb6ee8..4ff877f24 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -35,7 +35,7 @@ iiab_admin_user_install: True # If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing # Linux user that has sudo access, for login to Admin Console http://box/admin iiab_admin_user: iiab-admin -iiab_admin_published_pwd: g0adm1n # For live checks/alerts on published pwds +iiab_admin_published_pwd: g0adm1n # For live checks/alerts of published pwds # Password hash to override above, if Ansible creates above user: iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop. # Obtain a password hash - NEW MORE SECURE WAY: From 4856dcd269a91942f891cc833765da675348a8bc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 03:53:26 -0400 Subject: [PATCH 24/63] Update main.yml --- roles/iiab-admin/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/defaults/main.yml b/roles/iiab-admin/defaults/main.yml index be997eddb..f58901620 100644 --- a/roles/iiab-admin/defaults/main.yml +++ b/roles/iiab-admin/defaults/main.yml @@ -7,10 +7,10 @@ iiab_admin_user_install: True # If iiab_admin_user_install: False, set iiab_admin_user (below) to an existing # Linux user that has sudo access, for login to Admin Console http://box/admin -# ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml to set group perm for /library/www/html/local_content +# ODDLY THIS IS ALSO USED BY roles/usb-lib/tasks/main.yml TO SET GROUP PERM FOR /library/www/html/local_content (ISN'T {{ apache_user }} MORE APPROPRIATE?) iiab_admin_user: iiab-admin -# For live checks/alerts on published pwds +# For live checks/alerts of published pwds iiab_admin_published_pwd: g0adm1n # Password hash to override above, if Ansible creates above user: From e23a6531b3bdce9951305db3d0ca6d35cc1cce41 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:00:22 -0400 Subject: [PATCH 25/63] Update admin-user.yml --- roles/iiab-admin/tasks/admin-user.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index 7fa6ff147..9542881c3 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -1,7 +1,7 @@ -- name: Create iiab-admin user and password +- name: Create user {{ iiab_admin_user }} for Admin Console; set password from hardcoded hash if newly creating account user: name: "{{ iiab_admin_user }}" - password: "{{ iiab_admin_passw_hash }}" + password: "{{ iiab_admin_pwd_hash }}" update_password: on_create shell: /bin/bash @@ -16,7 +16,7 @@ state: present when: is_redhat -- name: Add user to wheel group +- name: 'Add user {{ iiab_admin_user }} to groups: wheel, sudo' user: name: "{{ iiab_admin_user }}" groups: wheel,sudo From 49a1905059d55a84ca68f2e77ec4485ddb7ecc78 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:02:22 -0400 Subject: [PATCH 26/63] Update main.yml --- roles/iiab-admin/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 8b7a1f466..63c65ee77 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -1,7 +1,7 @@ - include_tasks: admin-user.yml tags: - base - when: iiab_admin_install + when: iiab_admin_user_install - include_tasks: access.yml tags: From 5f294e7a4918853a970469a6cc183567d53f392f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:06:01 -0400 Subject: [PATCH 27/63] Update main.yml --- roles/usb-lib/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index 41eb8ae47..52177384a 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -3,7 +3,7 @@ dest: "{{ doc_root }}/local_content" state: directory owner: "{{ apache_user }}" - group: "{{ iiab_admin_user }}" # ISN'T {{ apache_user }} MORE APPROPRIATE? + group: "{{ iiab_admin_user }}" # ISN'T "{{ apache_user }}" MORE APPROPRIATE? mode: 0775 - name: Copy mount file to usbmount when enabled From 61800d4159c28351487169a72812dd0baabe5875 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:32:45 -0400 Subject: [PATCH 28/63] Update lxde_ssh_warn.sh --- roles/iiab-admin/templates/lxde_ssh_warn.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh index e0d8afcf2..863e2e665 100755 --- a/roles/iiab-admin/templates/lxde_ssh_warn.sh +++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh @@ -21,7 +21,7 @@ check_hash () { #if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi #if echo "${SHADOW}" | grep -q "${HASH}"; then if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then - zenity --warning --text="SSH is enabled and the default password for user 'iiab-admin' is in use.\nThis is a security risk - please change its password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password." + zenity --warning --text="SSH is enabled and the default password for user 'iiab-admin' is in use.\nTHIS IS A SECURITY RISK - please change its password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password." fi } From 98ad5fc65ca5ef0ed7e22963856e0ac06bc2707e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:34:18 -0400 Subject: [PATCH 29/63] Update lxde_ssh_warn.sh --- roles/iiab-admin/templates/lxde_ssh_warn.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh index 863e2e665..96180e07c 100755 --- a/roles/iiab-admin/templates/lxde_ssh_warn.sh +++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh @@ -21,7 +21,7 @@ check_hash () { #if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi #if echo "${SHADOW}" | grep -q "${HASH}"; then if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then - zenity --warning --text="SSH is enabled and the default password for user 'iiab-admin' is in use.\nTHIS IS A SECURITY RISK - please change its password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password." + zenity --warning --text="SSH is enabled and the published password for user 'iiab-admin' is in use.\nTHIS IS A SECURITY RISK - please change its password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password." fi } From f2860f859ff6832b0c92d53734bde6400e0d7c5d Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:35:13 -0400 Subject: [PATCH 30/63] Update profile_ssh_warn.sh --- roles/iiab-admin/templates/profile_ssh_warn.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index 2b1361b60..f18f4a097 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -19,8 +19,9 @@ check_hash () { #SHADOW_PW=$(echo $SHADOW | cut -d: -f2) #if [ "$SHADOW_PW" != '{{ iiab_admin_pwd_hash }}' ]; then return 0 ; fi if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then - echo -e "\nSSH is enabled and the default password for the 'iiab-admin' user is unchanged." - echo -e "This is a security risk - please log in as user 'iiab-admin' and run 'passwd' to change its password.\n" + echo -e "\nSSH is enabled and the published password for user 'iiab-admin' is in use." + echo -e "THIS IS A SECURITY RISK - please log in as user 'iiab-admin' and run 'passwd'" + echo =e "to change its password.\n" fi } From 6fbfed015c196dfb8d1f332dec3ef94277f627ab Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:44:56 -0400 Subject: [PATCH 31/63] Update default_vars.yml --- vars/default_vars.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4ff877f24..d4afa7ed6 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -7,8 +7,9 @@ # Configuration File(s) iiab_local_vars_file: /etc/iiab/local_vars.yml -iiab_config_file: /etc/iiab/iiab.ini -service_filelist: "{{ iiab_config_file }}" +iiab_ini_file: /etc/iiab/iiab.ini +service_filelist: "{{ iiab_ini_file }}" +iiab_env_file: /etc/iiab/iiab.env iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" From cda32ce957813c4da5a13a3228e168b41dedba69 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:46:14 -0400 Subject: [PATCH 32/63] Update default_vars.yml --- vars/default_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index d4afa7ed6..ad17c35ca 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -7,9 +7,9 @@ # Configuration File(s) iiab_local_vars_file: /etc/iiab/local_vars.yml +iiab_env_file: /etc/iiab/iiab.env iiab_ini_file: /etc/iiab/iiab.ini service_filelist: "{{ iiab_ini_file }}" -iiab_env_file: /etc/iiab/iiab.env iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" From 89cf8be11df6c271712eb928b113e857a520b86a Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:53:20 -0400 Subject: [PATCH 33/63] Update computed_network.yml --- roles/network/tasks/computed_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 5e1bcebe6..34a7fc32e 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -194,7 +194,7 @@ - name: Add 'computed_network' variable values to /etc/iiab/iiab.ini ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: computed_network option: "{{ item.option }}" value: "{{ item.value }}" From ad247eb8b4dc83590367974c56f92d68ebccac98 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:53:40 -0400 Subject: [PATCH 34/63] Update computed_services.yml --- roles/network/tasks/computed_services.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 73f9cfa61..118422786 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -51,7 +51,7 @@ - name: Add 'network' variable values (from computed_services.yml) to /etc/iiab/iiab.ini ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: network option: "{{ item.option }}" value: "{{ item.value }}" From a0d62e87fb63519b8b6af5547856ef295da8ef1b Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:54:01 -0400 Subject: [PATCH 35/63] Update detected_network.yml --- roles/network/tasks/detected_network.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index 4c9ea455c..b2f1fc588 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -190,7 +190,7 @@ - name: Add 'detected_network' variable values to /etc/iiab/iiab.ini ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: detected_network option: "{{ item.option }}" value: "{{ item.value }}" From dfebcd3120bd70e8c16b3a3d5f831c45ac5c59a0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 04:56:54 -0400 Subject: [PATCH 36/63] Update iiab_ini.yml --- roles/0-init/tasks/iiab_ini.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/0-init/tasks/iiab_ini.yml b/roles/0-init/tasks/iiab_ini.yml index 3475ec764..fb0233dd4 100644 --- a/roles/0-init/tasks/iiab_ini.yml +++ b/roles/0-init/tasks/iiab_ini.yml @@ -1,12 +1,12 @@ # workaround for fact that auto create does not work on ini_file - name: Create /etc/iiab/iiab.ini (iiab_config_file) file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" state: touch - name: Add location section to config file ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: location option: "{{ item.option }}" value: "{{ item.value }}" @@ -16,9 +16,9 @@ - option: iiab_dir value: "{{ iiab_dir }}" -- name: Add version section +- name: Add 'version' variable values to /etc/iiab/iiab.ini ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: version option: "{{ item.option }}" value: "{{ item.value }}" From 52d1757c35c534d47d0b97fa5f4809b177e61e6c Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:05:20 -0400 Subject: [PATCH 37/63] Update main.yml --- roles/0-init/tasks/main.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index ae246e1de..d2e598ba8 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -2,7 +2,7 @@ - name: ...IS BEGINNING ============================================ stat: - path: /etc/iiab/iiab.env + path: {{ iiab_env_file }} register: NewInstall - name: Setting first run flag @@ -165,9 +165,9 @@ include_tasks: hostname.yml when: FQDN_changed -- name: Add 'runtime' section alongside list of services at /etc/iiab/iiab.ini +- name: Add 'runtime' variable values to /etc/iiab/iiab.ini ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: runtime option: "{{ item.option }}" value: "{{ item.value }}" @@ -209,13 +209,9 @@ - option: FQDN_changed value: "{{ FQDN_changed }}" -#- name: Now changing FQDN -# include_tasks: hostname.yml -# when: FQDN_changed - -- name: STAGE 0 HAS COMPLETED ====================================== +- name: Add 'runtime' variable 'is_VM' value if defined, to /etc/iiab/iiab.ini ini_file: - dest: "{{ iiab_config_file }}" + dest: "{{ iiab_ini_file }}" section: runtime option: "{{ item.option }}" value: "{{ item.value }}" @@ -223,3 +219,5 @@ - option: is_VM value: "yes" when: is_VM is defined + +- name: STAGE 0 HAS COMPLETED ====================================== From 67f1592817528efca6f5d8882f26f05c2a5c6888 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:13:51 -0400 Subject: [PATCH 38/63] Update iiab-make-kiwix-lib.py --- roles/kiwix/templates/iiab-make-kiwix-lib.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index 8f993c0cb..f307ffb8d 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -29,13 +29,13 @@ if not IIAB_PATH in sys.path: from iiab_env import get_iiab_env # Config Files -# iiab_config_file should be in /etc/iiab/iiab.env -iiab_config_file = "{{ iiab_config_file }}" # nominally /etc/iiab/iiab.ini -# iiab_config_file = "/etc/iiab/iiab.ini" # comment out after testing +# iiab_ini_file should be in /etc/iiab/iiab.env +iiab_ini_file = "{{ iiab_ini_file }}" # nominally /etc/iiab/iiab.ini +# iiab_ini_file = "/etc/iiab/iiab.ini" # comment out after testing IIAB_INI = get_iiab_env('IIAB_INI') # future if IIAB_INI: - iiab_config_file = IIAB_INI + iiab_ini_file = IIAB_INI # Variables that should be read from config file # All of these variables will be read from config files and recomputed in init() From de58d97c75879ccbd18341eb492720f12b8df307 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:20:01 -0400 Subject: [PATCH 39/63] Update default_vars.yml --- vars/default_vars.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index ad17c35ca..a56ca8549 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -5,11 +5,12 @@ # By convention we use True/False to indicate boolean constants. -# Configuration File(s) +# Configuration Files iiab_local_vars_file: /etc/iiab/local_vars.yml iiab_env_file: /etc/iiab/iiab.env iiab_ini_file: /etc/iiab/iiab.ini -service_filelist: "{{ iiab_ini_file }}" +iiab_config_file: "{{ iiab_ini_file }}" # Legacy support / let's phase this out eventually +service_filelist: "{{ iiab_ini_file }}" # Legacy support / let's phase this out eventually iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" From a40d6d2a1ca2bbfe1f8d9ac2caeeaa2bd1ca6fd1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:27:51 -0400 Subject: [PATCH 40/63] Update main.yml --- roles/0-init/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index d2e598ba8..c537d24ad 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -2,7 +2,7 @@ - name: ...IS BEGINNING ============================================ stat: - path: {{ iiab_env_file }} + path: "{{ iiab_env_file }}" register: NewInstall - name: Setting first run flag From 34aa710c2eae1d23a4b3cd3d22864d66a1d47039 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:29:33 -0400 Subject: [PATCH 41/63] Update main.yml --- roles/1-prep/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 4fc6da152..40dabc96d 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -111,7 +111,7 @@ - name: Recording STAGE 1 HAS COMPLETED ============================ template: src: roles/1-prep/templates/iiab.env.j2 - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" owner: root group: root mode: 0644 From deb436b2f3a64c52f2275342602aa5a59e8353dc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:30:30 -0400 Subject: [PATCH 42/63] Update main.yml --- roles/2-common/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 95a14be16..48a072231 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -89,7 +89,7 @@ - name: Recording STAGE 2 HAS COMPLETED ========================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=2' state: present From b109d80f61a3315c9c99680b590df5ee59ee6631 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:31:13 -0400 Subject: [PATCH 43/63] Update main.yml --- roles/3-base-server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 7efb55682..78f2dffd5 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -23,7 +23,7 @@ - name: Recording STAGE 3 HAS COMPLETED ===================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=3' state: present From b3f973878c8081233e4761cf1a5a7253370e97f0 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:32:42 -0400 Subject: [PATCH 44/63] Update main.yml --- roles/4-server-options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 3dc010450..5b70af543 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -78,7 +78,7 @@ - name: Recording STAGE 4 HAS COMPLETED ================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=4' state: present From 29e9c20e746e36c6c0f1b1d27ea91ea81c1661f1 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:32:59 -0400 Subject: [PATCH 45/63] Update main.yml --- roles/5-xo-services/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/5-xo-services/tasks/main.yml b/roles/5-xo-services/tasks/main.yml index 95cc1a3dc..c1645d5be 100644 --- a/roles/5-xo-services/tasks/main.yml +++ b/roles/5-xo-services/tasks/main.yml @@ -23,7 +23,7 @@ - name: Recording STAGE 5 HAS COMPLETED ===================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=5' state: present From a64ea40c2c8a225f5422af61965d26031ba5f4d9 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:33:16 -0400 Subject: [PATCH 46/63] Update main.yml --- roles/6-generic-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 40a432e5d..01fcd7340 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -47,7 +47,7 @@ - name: Recording STAGE 6 HAS COMPLETED ==================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=6' state: present From 968472327cadf92f38de0d193bf4b6a5280420ea Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:33:30 -0400 Subject: [PATCH 47/63] Update main.yml --- roles/7-edu-apps/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index e9eced3ac..04b2ed8c6 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -47,7 +47,7 @@ - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=7' state: present From 2360fb68c753a8c7a7529d2cd05cd2416939e1ca Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:33:44 -0400 Subject: [PATCH 48/63] Update main.yml --- roles/8-mgmt-tools/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index b94404814..14766ddd2 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -59,7 +59,7 @@ - name: Recording STAGE 8 HAS COMPLETED ====================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=8' state: present From 8e69df0bb054f822ab8d017ef1e2fad25dd21d40 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:33:59 -0400 Subject: [PATCH 49/63] Update main.yml --- roles/9-local-addons/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml index 317c54d38..674245bc6 100644 --- a/roles/9-local-addons/tasks/main.yml +++ b/roles/9-local-addons/tasks/main.yml @@ -17,7 +17,7 @@ - name: Recording STAGE 9 HAS COMPLETED ==================== lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^STAGE=*' line: 'STAGE=9' state: present From a3c6c25c25463f64b35161334fdf0831a2c418ae Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 05:40:07 -0400 Subject: [PATCH 50/63] Update main.yml --- roles/0-init/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index c537d24ad..31a5ea711 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -221,3 +221,4 @@ when: is_VM is defined - name: STAGE 0 HAS COMPLETED ====================================== + meta: noop From 96d194acf00222f4ac796d0c38fd4c5b28c5efcc Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 06:04:19 -0400 Subject: [PATCH 51/63] Update iiab_ini.yml --- roles/0-init/tasks/iiab_ini.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/iiab_ini.yml b/roles/0-init/tasks/iiab_ini.yml index fb0233dd4..297aba9c4 100644 --- a/roles/0-init/tasks/iiab_ini.yml +++ b/roles/0-init/tasks/iiab_ini.yml @@ -1,5 +1,5 @@ # workaround for fact that auto create does not work on ini_file -- name: Create /etc/iiab/iiab.ini (iiab_config_file) +- name: Create /etc/iiab/iiab.ini (iiab_ini_file) file: dest: "{{ iiab_ini_file }}" state: touch From c72272e146b77f96587b2a5f8d2c8286d47499e5 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 06:06:24 -0400 Subject: [PATCH 52/63] Update iiab-make-kiwix-lib.py --- roles/kiwix/templates/iiab-make-kiwix-lib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index f307ffb8d..1efa285a8 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -187,7 +187,7 @@ def init(): global kiwix_manage config = ConfigParser.SafeConfigParser() - config.read(iiab_config_file) + config.read(iiab_ini_file) iiab_base_path = config.get('location','iiab_base') zim_path = config.get('kiwix','iiab_zim_path') kiwix_library_xml = config.get('kiwix','kiwix_library_xml') From d9c73cc804b884277f696207dad25379453b075d Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 06:13:57 -0400 Subject: [PATCH 53/63] service_filelist -> iiab_ini_file --- roles/activity-server/tasks/main.yml | 2 +- roles/ajenti/tasks/main.yml | 2 +- roles/authserver/tasks/main.yml | 2 +- roles/awstats/tasks/main.yml | 2 +- roles/calibre-web/tasks/main.yml | 2 +- roles/calibre/tasks/main.yml | 2 +- roles/cups/tasks/main.yml | 2 +- roles/docker/tasks/main.yml | 2 +- roles/dokuwiki/tasks/main.yml | 2 +- roles/elgg/tasks/main.yml | 2 +- roles/idmgr/tasks/main.yml | 2 +- roles/iiab-admin/tasks/main.yml | 2 +- roles/kalite/tasks/main.yml | 2 +- roles/kiwix/tasks/kiwix_install.yml | 2 +- roles/kolibri/tasks/main.yml | 2 +- roles/mediawiki/tasks/install.yml | 2 +- roles/mongodb/tasks/main.yml | 2 +- roles/monit/tasks/main.yml | 2 +- roles/moodle-1.9/moodle/tasks/main.yml | 2 +- roles/moodle/tasks/main.yml | 2 +- roles/munin/tasks/main.yml | 2 +- roles/mysql/tasks/main.yml | 2 +- roles/network/tasks/enable_services.yml | 6 +++--- roles/network/tasks/squid.yml | 4 ++-- roles/network/tasks/wondershaper.yml | 2 +- roles/nextcloud/tasks/main.yml | 2 +- roles/nodogsplash/tasks/rpi.yml | 2 +- roles/openvpn/tasks/main.yml | 2 +- roles/osm/tasks/main.yml | 2 +- roles/owncloud/tasks/main.yml | 2 +- roles/pathagar/tasks/main.yml | 2 +- roles/phpmyadmin/tasks/main.yml | 2 +- roles/postgresql/tasks/main.yml | 2 +- roles/rachel/tasks/main.yml | 2 +- roles/samba/tasks/main.yml | 2 +- roles/schooltool/tasks/main.yml | 2 +- roles/sugar-stats/tasks/main.yml | 2 +- roles/sugarizer/tasks/main.yml | 2 +- roles/teamviewer/tasks/main.yml | 2 +- roles/transmission/tasks/main.yml | 2 +- roles/usb-lib/tasks/main.yml | 2 +- roles/vnstat/tasks/main.yml | 2 +- roles/wordpress/tasks/install.yml | 2 +- roles/xovis/tasks/main.yml | 2 +- 44 files changed, 47 insertions(+), 47 deletions(-) diff --git a/roles/activity-server/tasks/main.yml b/roles/activity-server/tasks/main.yml index 29183b146..8be5c0805 100644 --- a/roles/activity-server/tasks/main.yml +++ b/roles/activity-server/tasks/main.yml @@ -117,7 +117,7 @@ state=restarted - name: add xs-activity-server to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=activity-server option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/ajenti/tasks/main.yml b/roles/ajenti/tasks/main.yml index 789afbf31..045403d93 100644 --- a/roles/ajenti/tasks/main.yml +++ b/roles/ajenti/tasks/main.yml @@ -48,7 +48,7 @@ when: ajenti_enabled - name: Add ajenti to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=ajenti option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/authserver/tasks/main.yml b/roles/authserver/tasks/main.yml index 304c72392..817068d0f 100644 --- a/roles/authserver/tasks/main.yml +++ b/roles/authserver/tasks/main.yml @@ -51,7 +51,7 @@ when: authserver_enabled - name: add xs-authserver to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=xs-authserver option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index e368ae8cf..c51f01aaf 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -3,7 +3,7 @@ - name: Add 'awstats' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: awstats option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 507bee572..0442c35ec 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -124,7 +124,7 @@ - name: Add 'calibre-web' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: calibre-web option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index f2adfef0d..0938ef2ab 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -134,7 +134,7 @@ - name: Add 'calibre' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: calibre option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index d765c4908..2742a04de 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -66,7 +66,7 @@ - name: Add 'cups' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: cups option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 6e9cf96cc..1692b1613 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -41,7 +41,7 @@ when: not docker_enabled - name: add docker to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=docker option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index c1cca0d1a..4f716d734 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -4,7 +4,7 @@ - name: Add 'dokuwiki' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: dokuwiki option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 555850615..5f0a04cec 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -140,7 +140,7 @@ - name: Add 'elgg' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: elgg option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/idmgr/tasks/main.yml b/roles/idmgr/tasks/main.yml index 1140ca947..5b49d3f76 100644 --- a/roles/idmgr/tasks/main.yml +++ b/roles/idmgr/tasks/main.yml @@ -80,7 +80,7 @@ line=allowsftp - name: Add idmgr to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=idmgr option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 63c65ee77..7ffb90e7e 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -9,7 +9,7 @@ - name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: iiab-admin option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 07c965d68..f785a3cd1 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -38,7 +38,7 @@ - name: Add 'kalite' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: kalite option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 40b19a002..30b81b97b 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -151,7 +151,7 @@ - name: Add 'kiwix' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: kiwix option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index ab04f2832..7353e9e8c 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -82,7 +82,7 @@ - name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: kolibri option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index bba5386da..54135b3af 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -87,7 +87,7 @@ - name: Add 'mediawiki' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: mediawiki option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index e52e10360..8ae8f030a 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -62,7 +62,7 @@ - name: Add 'mongodb' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: mongodb option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index 0f3b96658..fed7de6d2 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -47,7 +47,7 @@ - name: Add 'monit' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: monit option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/moodle-1.9/moodle/tasks/main.yml b/roles/moodle-1.9/moodle/tasks/main.yml index 8c355b9a4..0f1cb82be 100644 --- a/roles/moodle-1.9/moodle/tasks/main.yml +++ b/roles/moodle-1.9/moodle/tasks/main.yml @@ -76,7 +76,7 @@ register: moodlepw - name: add moodle to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=moodle option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 7374ae31e..7ba39ac60 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -157,7 +157,7 @@ - name: Add 'moodle' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: moodle option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 6becb81cf..31f755dfc 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -86,7 +86,7 @@ - name: Add 'munin' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: munin option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 3fad2b357..619fd2a3c 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -135,7 +135,7 @@ - name: Add 'mysql' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: mysql option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index c4b2fac76..703356c5e 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -152,7 +152,7 @@ - name: Add 'squid' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: squid option: "{{ item.option }}" value: "{{ item.value }}" @@ -162,7 +162,7 @@ - name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: dansguardian option: "{{ item.option }}" value: "{{ item.value }}" @@ -172,7 +172,7 @@ - name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: wondershaper option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index e4f504f32..38254cfbd 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -85,7 +85,7 @@ # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8 - name: Add '{{ proxy }}' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: "{{ proxy }}" option: "{{ item.option }}" value: "{{ item.value }}" @@ -99,7 +99,7 @@ - name: Add 'dansguardian' variable values to /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: dansguardian option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml index 43c6cd89c..4bfb45b72 100644 --- a/roles/network/tasks/wondershaper.yml +++ b/roles/network/tasks/wondershaper.yml @@ -40,7 +40,7 @@ - name: Add 'wondershaper' variable values to /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: wondershaper option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index d95bd15ff..398bed62d 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -164,7 +164,7 @@ - name: Add 'nextcloud' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: Nextcloud option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/nodogsplash/tasks/rpi.yml b/roles/nodogsplash/tasks/rpi.yml index b43838118..58772bed9 100644 --- a/roles/nodogsplash/tasks/rpi.yml +++ b/roles/nodogsplash/tasks/rpi.yml @@ -54,7 +54,7 @@ - name: Add 'nodogsplash' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: nodogsplash option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 6efc9cb9b..522a68655 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -208,7 +208,7 @@ - name: Add 'openvpn' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: openvpn option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/osm/tasks/main.yml b/roles/osm/tasks/main.yml index 83a2840c4..6c15e7746 100644 --- a/roles/osm/tasks/main.yml +++ b/roles/osm/tasks/main.yml @@ -176,7 +176,7 @@ - name: Add 'osm' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: osm option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml index 12bcbdcc8..e01b79149 100644 --- a/roles/owncloud/tasks/main.yml +++ b/roles/owncloud/tasks/main.yml @@ -106,7 +106,7 @@ when: owncloud_enabled - name: Add owncloud to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=owncloud option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/pathagar/tasks/main.yml b/roles/pathagar/tasks/main.yml index 059285172..42427b30f 100644 --- a/roles/pathagar/tasks/main.yml +++ b/roles/pathagar/tasks/main.yml @@ -195,7 +195,7 @@ - name: Add 'pathagar' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: pathagar option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index a66a13a83..abf92b81c 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -67,7 +67,7 @@ - name: Add 'phpmyadmin' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: phpmyadmin option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 57eab26bc..0e3a3088a 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -95,7 +95,7 @@ - name: Add 'postgresql' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: postgresql option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/rachel/tasks/main.yml b/roles/rachel/tasks/main.yml index f37843250..98c45c26f 100644 --- a/roles/rachel/tasks/main.yml +++ b/roles/rachel/tasks/main.yml @@ -24,7 +24,7 @@ when: rachel_enabled and rachel_content_found - name: Add rachel to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=rachel option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index fe8e646a5..57102782a 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -73,7 +73,7 @@ - name: Add 'samba' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: samba option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/schooltool/tasks/main.yml b/roles/schooltool/tasks/main.yml index f29f2c0f2..36a79d977 100644 --- a/roles/schooltool/tasks/main.yml +++ b/roles/schooltool/tasks/main.yml @@ -56,7 +56,7 @@ when: not schooltool_enabled - name: add schooltool to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=schooltool option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/sugar-stats/tasks/main.yml b/roles/sugar-stats/tasks/main.yml index 6f9f708dc..2dd60cd8e 100644 --- a/roles/sugar-stats/tasks/main.yml +++ b/roles/sugar-stats/tasks/main.yml @@ -41,7 +41,7 @@ - include_tasks: statistics-consolidation.yml - name: Add sugar-stats to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=sugar_stats option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index df2ce5cab..8077a5657 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -230,7 +230,7 @@ - name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: sugarizer option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/teamviewer/tasks/main.yml b/roles/teamviewer/tasks/main.yml index 7ea48de93..8fcede986 100644 --- a/roles/teamviewer/tasks/main.yml +++ b/roles/teamviewer/tasks/main.yml @@ -9,7 +9,7 @@ when: teamviewer_install - name: Add teamviewer to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=teamviewer option='{{ item.option }}' value='{{ item.value }}' diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index 2836816dc..63a46da1f 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -56,7 +56,7 @@ - name: Add transmission to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: transmission option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index 52177384a..1792cd584 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -87,7 +87,7 @@ - name: Add usb-lib to service list ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: usb-lib option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index 63fcbad7c..bc7836f7d 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -31,7 +31,7 @@ - name: Add 'vnstat' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: vnstat option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index 9a51aa587..b87ed9490 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -137,7 +137,7 @@ - name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini ini_file: - dest: "{{ service_filelist }}" + dest: "{{ iiab_ini_file }}" section: wordpress option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/roles/xovis/tasks/main.yml b/roles/xovis/tasks/main.yml index 38f4469db..e200239c0 100644 --- a/roles/xovis/tasks/main.yml +++ b/roles/xovis/tasks/main.yml @@ -82,7 +82,7 @@ when: xovis_enabled - name: Add xovis to service list - ini_file: dest='{{ service_filelist }}' + ini_file: dest='{{ iiab_ini_file }}' section=xovis option='{{ item.option }}' value='{{ item.value }}' From b973906dc38857b99b80daa126890a6d90b16e93 Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 06:41:58 -0400 Subject: [PATCH 54/63] iiab_env_file -> {{ iiab_env_file }} or "{{ iiab_env_file }}" --- roles/0-init/defaults/main.yml | 2 +- roles/1-prep/templates/iiab_env.py.j2 | 2 +- roles/2-common/templates/iiab-startup.sh | 2 +- roles/httpd/templates/refresh-wiki-docs.sh | 2 +- roles/kiwix/templates/iiab-make-kiwix-lib.py | 2 +- roles/network/tasks/computed_network.yml | 8 ++++---- roles/network/tasks/detected_network.yml | 2 +- roles/network/tasks/enable_services.yml | 4 ++-- roles/network/tasks/hostapd.yml | 4 ++-- roles/network/tasks/main.yml | 2 +- roles/network/templates/gateway/iiab-gen-iptables | 2 +- roles/network/templates/network/iiab-hotspot-off | 2 +- roles/network/templates/network/iiab-hotspot-on | 2 +- roles/openvpn/templates/announcer.j2 | 2 +- roles/usb-lib/tasks/main.yml | 2 +- roles/usb-lib/templates/iiab-usb-lib-show-all-off | 2 +- roles/usb-lib/templates/iiab-usb-lib-show-all-on | 2 +- roles/usb-lib/templates/mount.d/70-usb-library | 2 +- 18 files changed, 23 insertions(+), 23 deletions(-) diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 8901ff7eb..ccdfd58e0 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -1,4 +1,4 @@ -# Use these to tag a release at a point in time, for /etc/iiab/iiab.env +# Use these to tag a release at a point in time, for {{ iiab_env_file }} iiab_base_ver: 6.7 iiab_revision: 0 diff --git a/roles/1-prep/templates/iiab_env.py.j2 b/roles/1-prep/templates/iiab_env.py.j2 index e3484e08e..78c4869be 100644 --- a/roles/1-prep/templates/iiab_env.py.j2 +++ b/roles/1-prep/templates/iiab_env.py.j2 @@ -4,7 +4,7 @@ def get_iiab_env(name): """ read iiab.env file for a value, return "" if does not exist""" try: - fd = open("/etc/iiab/iiab.env","r") + fd = open("{{ iiab_env_file }}","r") for line in fd: line = line.lstrip() line = line.rstrip('\n') diff --git a/roles/2-common/templates/iiab-startup.sh b/roles/2-common/templates/iiab-startup.sh index b2bfeb397..b563b908d 100644 --- a/roles/2-common/templates/iiab-startup.sh +++ b/roles/2-common/templates/iiab-startup.sh @@ -15,7 +15,7 @@ fi if [[ $(grep -i raspbian /etc/*release) && #($(grep "hostapd_enabled = False" /etc/iiab/config_vars.yml) || #((! $(grep "hostapd_enabled = True" /etc/iiab/config_vars.yml)) && - ! $(grep "^HOSTAPD_ENABLED=True" /etc/iiab/iiab.env) ]]; + ! $(grep "^HOSTAPD_ENABLED=True" {{ iiab_env_file }}) ]]; # NEGATED LOGIC HELPS FORCE PROMISCUOUS MODE EARLY IN INSTALL # (when network/tasks/main.yml hasn't yet populated iiab.env) diff --git a/roles/httpd/templates/refresh-wiki-docs.sh b/roles/httpd/templates/refresh-wiki-docs.sh index f1124c714..1d6bb20b8 100755 --- a/roles/httpd/templates/refresh-wiki-docs.sh +++ b/roles/httpd/templates/refresh-wiki-docs.sh @@ -3,7 +3,7 @@ # Pull down repo's entire wiki (and similar) to create offline docs set -e -source /etc/iiab/iiab.env +source {{ iiab_env_file }} INPUT=/tmp/iiab-wiki OUTPUT=/tmp/iiab-wiki.out DESTPATH=/library/www/html/info diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index 1efa285a8..d5cbd97c4 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -29,7 +29,7 @@ if not IIAB_PATH in sys.path: from iiab_env import get_iiab_env # Config Files -# iiab_ini_file should be in /etc/iiab/iiab.env +# iiab_ini_file should be in {{ iiab_env_file }} iiab_ini_file = "{{ iiab_ini_file }}" # nominally /etc/iiab/iiab.ini # iiab_ini_file = "/etc/iiab/iiab.ini" # comment out after testing diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index 34a7fc32e..fb0108847 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -172,9 +172,9 @@ iiab_wan_iface: "none" when: adapter_count.stdout|int >= "5" and device_gw == "none" and gui_wan_iface == "unset" and gui_static_wan is defined -- name: Record IIAB_WAN_DEVICE to /etc/iiab/iiab.env +- name: Record IIAB_WAN_DEVICE to {{ iiab_env_file }} lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^IIAB_WAN_DEVICE=*' line: 'IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"' state: present @@ -182,9 +182,9 @@ tags: - network -- name: Record IIAB_LAN_DEVICE to /etc/iiab/iiab.env +- name: Record IIAB_LAN_DEVICE to {{ iiab_env_file }} lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^IIAB_LAN_DEVICE=*' line: 'IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"' state: present diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index b2f1fc588..cb58deef0 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,5 +1,5 @@ - name: iiab_wan_device - shell: grep IIAB_WAN_DEVICE /etc/iiab/iiab.env | awk -F "=" '{print $2}' + shell: grep IIAB_WAN_DEVICE {{ iiab_env_file }} | awk -F "=" '{print $2}' when: iiab_stage|int > 4 register: prior_gw diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index 703356c5e..e59c388f4 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -79,7 +79,7 @@ - name: Create xs_httpcache flag lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=True' state: present @@ -121,7 +121,7 @@ - name: Remove xs_httpcache flag lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=False' state: present diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index f27e60470..f44cce108 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -55,9 +55,9 @@ enabled: yes when: hostapd_enabled and iiab_wireless_lan_iface is defined and iiab_network_mode != "Appliance" -- name: Record HOSTAPD_ENABLED to /etc/iiab/iiab.env +- name: Record HOSTAPD_ENABLED to {{ iiab_env_file }} lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: '^HOSTAPD_ENABLED=*' line: 'HOSTAPD_ENABLED={{ hostapd_enabled }}' state: present diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d5736714d..8dde0ad30 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -11,7 +11,7 @@ no_net_restart: True # used below in (1) sysd-netd-debian.yml, # (2) debian.yml, (3) rpi_debian.yml when: discovered_wireless_iface == iiab_wan_iface and not reboot_to_AP -# EITHER WAY: hostapd_enabled's state is RECORDED into /etc/iiab/iiab.env +# EITHER WAY: hostapd_enabled's state is RECORDED into {{ iiab_env_file }} # in hostapd.yml for later use by... # /usr/libexec/iiab-startup.sh, iiab-hotspot-off & iiab-hotspot-on # diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 1494a2bee..83867f1bd 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -1,5 +1,5 @@ #!/bin/bash -x -source /etc/iiab/iiab.env +source {{ iiab_env_file }} {% if is_debuntu %} IPTABLES=/sbin/iptables IPTABLES_DATA=/etc/iptables.up.rules diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/network/iiab-hotspot-off index 31b1d5ffc..0bb81e8f2 100755 --- a/roles/network/templates/network/iiab-hotspot-off +++ b/roles/network/templates/network/iiab-hotspot-off @@ -16,4 +16,4 @@ if grep -qi raspbian /etc/*release; then ip link set dev wlan0 promisc on fi -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" /etc/iiab/iiab.env +sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=False/" {{ iiab_env_file }} diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/network/iiab-hotspot-on index bb264ca92..5d225abeb 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/network/iiab-hotspot-on @@ -17,6 +17,6 @@ if grep -qi raspbian /etc/*release; then ip link set dev wlan0 promisc off fi -sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" /etc/iiab/iiab.env +sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} echo -e "\nPlease consider rebooting now.\n" diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index f453abf24..9c301f065 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -19,7 +19,7 @@ if [ -f /etc/iiab/openvpn_handle ]; then #else # # Option #3: Dangerous to invoke hypothetical variables :( -# source /etc/iiab/iiab.env +# source {{ iiab_env_file }} # # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from /etc/iiab/iiab.ini, but safer now that relegated to #4 ? # if [ -z "$HANDLE" ]; then # HANDLE=`cat /etc/iiab/iiab.ini | gawk \ diff --git a/roles/usb-lib/tasks/main.yml b/roles/usb-lib/tasks/main.yml index 1792cd584..4fa46ca42 100644 --- a/roles/usb-lib/tasks/main.yml +++ b/roles/usb-lib/tasks/main.yml @@ -55,7 +55,7 @@ - name: Put variable in iiab.env that enables display of content at root of USB lineinfile: - dest: /etc/iiab/iiab.env + dest: "{{ iiab_env_file }}" regexp: "^IIAB_USB_LIB_SHOW_ALL.*" line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" diff --git a/roles/usb-lib/templates/iiab-usb-lib-show-all-off b/roles/usb-lib/templates/iiab-usb-lib-show-all-off index adeff4c81..06f36ba70 100644 --- a/roles/usb-lib/templates/iiab-usb-lib-show-all-off +++ b/roles/usb-lib/templates/iiab-usb-lib-show-all-off @@ -1,5 +1,5 @@ #!/bin/bash # turn on the flag which registers new USB sticks at root directory -sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=False/' /etc/iiab/iiab.env +sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=False/' {{ iiab_env_file }} diff --git a/roles/usb-lib/templates/iiab-usb-lib-show-all-on b/roles/usb-lib/templates/iiab-usb-lib-show-all-on index 297f37025..83a03f225 100644 --- a/roles/usb-lib/templates/iiab-usb-lib-show-all-on +++ b/roles/usb-lib/templates/iiab-usb-lib-show-all-on @@ -1,5 +1,5 @@ #!/bin/bash # turn on the flag which registers new USB sticks at root directory -sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=True/' /etc/iiab/iiab.env +sed -i -e's/^IIAB_USB_LIB_SHOW_ALL.*/IIAB_USB_LIB_SHOW_ALL=True/' {{ iiab_env_file }} diff --git a/roles/usb-lib/templates/mount.d/70-usb-library b/roles/usb-lib/templates/mount.d/70-usb-library index 02328339d..11358220d 100644 --- a/roles/usb-lib/templates/mount.d/70-usb-library +++ b/roles/usb-lib/templates/mount.d/70-usb-library @@ -9,7 +9,7 @@ # # by Tim Moody tim@timmoody.com -source /etc/iiab/iiab.env +source {{ iiab_env_file }} case $IIAB_USB_LIB_SHOW_ALL in 'True'|'true'|'TRUE') logger -p user.notice -t "70-usb-library" -- "Displaying root directory on $UM_MOUNTPOINT." From b5efe25edb44a3ddd9eb7d434ab4497fe022664e Mon Sep 17 00:00:00 2001 From: root <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 07:01:09 -0400 Subject: [PATCH 55/63] /etc/iiab/iiab.ini -> {{ iiab_ini_file }} --- roles/0-init/tasks/iiab_ini.yml | 4 ++-- roles/0-init/tasks/main.yml | 4 ++-- roles/1-prep/templates/iiab-network-reset | 4 ++-- roles/awstats/tasks/main.yml | 2 +- roles/calibre-web/tasks/main.yml | 2 +- roles/calibre/tasks/main.yml | 2 +- roles/cups/tasks/main.yml | 2 +- roles/dokuwiki/tasks/main.yml | 2 +- roles/elgg/tasks/main.yml | 2 +- roles/httpd/tasks/html.yml | 4 ++-- roles/iiab-admin/tasks/main.yml | 2 +- roles/kalite/tasks/main.yml | 2 +- roles/kiwix/tasks/kiwix_install.yml | 2 +- roles/kiwix/templates/iiab-make-kiwix-lib.py | 4 ++-- roles/kolibri/tasks/main.yml | 2 +- roles/mediawiki/tasks/install.yml | 2 +- roles/mongodb/tasks/main.yml | 2 +- roles/monit/tasks/main.yml | 2 +- roles/moodle/tasks/main.yml | 2 +- roles/munin/tasks/main.yml | 2 +- roles/mysql/tasks/main.yml | 2 +- roles/network/tasks/computed_network.yml | 2 +- roles/network/tasks/computed_services.yml | 2 +- roles/network/tasks/detected_network.yml | 2 +- roles/network/tasks/enable_services.yml | 6 +++--- roles/network/tasks/squid.yml | 4 ++-- roles/network/tasks/wondershaper.yml | 2 +- roles/network/templates/gateway/iiab-gen-iptables | 2 +- roles/nextcloud/tasks/main.yml | 2 +- roles/nodogsplash/tasks/rpi.yml | 2 +- roles/openvpn/tasks/main.yml | 2 +- roles/openvpn/templates/announcer.j2 | 4 ++-- roles/osm/tasks/main.yml | 2 +- roles/pathagar/tasks/main.yml | 2 +- roles/phpmyadmin/tasks/main.yml | 2 +- roles/postgresql/tasks/main.yml | 2 +- roles/samba/tasks/main.yml | 2 +- roles/sugarizer/tasks/main.yml | 2 +- roles/transmission/tasks/main.yml | 2 +- roles/vnstat/tasks/main.yml | 2 +- roles/wordpress/tasks/install.yml | 2 +- vars/default_vars.yml | 4 ++-- 42 files changed, 52 insertions(+), 52 deletions(-) diff --git a/roles/0-init/tasks/iiab_ini.yml b/roles/0-init/tasks/iiab_ini.yml index 297aba9c4..442f01681 100644 --- a/roles/0-init/tasks/iiab_ini.yml +++ b/roles/0-init/tasks/iiab_ini.yml @@ -1,5 +1,5 @@ # workaround for fact that auto create does not work on ini_file -- name: Create /etc/iiab/iiab.ini (iiab_ini_file) +- name: Create {{ iiab_ini_file }} (iiab_ini_file) file: dest: "{{ iiab_ini_file }}" state: touch @@ -16,7 +16,7 @@ - option: iiab_dir value: "{{ iiab_dir }}" -- name: Add 'version' variable values to /etc/iiab/iiab.ini +- name: Add 'version' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: version diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 31a5ea711..d4903c189 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -165,7 +165,7 @@ include_tasks: hostname.yml when: FQDN_changed -- name: Add 'runtime' variable values to /etc/iiab/iiab.ini +- name: Add 'runtime' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: runtime @@ -209,7 +209,7 @@ - option: FQDN_changed value: "{{ FQDN_changed }}" -- name: Add 'runtime' variable 'is_VM' value if defined, to /etc/iiab/iiab.ini +- name: Add 'runtime' variable 'is_VM' value if defined, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: runtime diff --git a/roles/1-prep/templates/iiab-network-reset b/roles/1-prep/templates/iiab-network-reset index fd0d10f3b..e17fe7add 100755 --- a/roles/1-prep/templates/iiab-network-reset +++ b/roles/1-prep/templates/iiab-network-reset @@ -38,8 +38,8 @@ echo "/etc/resolv.conf" cat /etc/resolv.conf echo echo "==========================================================" -echo "cat /etc/iiab/iiab.ini" -cat /etc/iiab/iiab.ini +echo "cat {{ iiab_ini_file }}" +cat {{ iiab_ini_file }} echo echo "==========================================================" echo "routing table" diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index c51f01aaf..eba3828b0 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -1,7 +1,7 @@ - include_tasks: install.yml when: awstats_install -- name: Add 'awstats' to list of services at /etc/iiab/iiab.ini +- name: Add 'awstats' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: awstats diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index 0442c35ec..0347aef79 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -122,7 +122,7 @@ name: "{{ apache_service }}" # httpd or apache2 state: restarted -- name: Add 'calibre-web' to list of services at /etc/iiab/iiab.ini +- name: Add 'calibre-web' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: calibre-web diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index 0938ef2ab..48e5ff470 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -132,7 +132,7 @@ name: "{{ apache_service }}" state: reloaded -- name: Add 'calibre' to list of services at /etc/iiab/iiab.ini +- name: Add 'calibre' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: calibre diff --git a/roles/cups/tasks/main.yml b/roles/cups/tasks/main.yml index 2742a04de..690d0f697 100644 --- a/roles/cups/tasks/main.yml +++ b/roles/cups/tasks/main.yml @@ -64,7 +64,7 @@ enabled: no when: not cups_enabled and is_F18 -- name: Add 'cups' to list of services at /etc/iiab/iiab.ini +- name: Add 'cups' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: cups diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index 4f716d734..f1dc4ea6e 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -2,7 +2,7 @@ include_tasks: install.yml when: dokuwiki_install -- name: Add 'dokuwiki' to list of services at /etc/iiab/iiab.ini +- name: Add 'dokuwiki' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: dokuwiki diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml index 5f0a04cec..5d36b6ad2 100644 --- a/roles/elgg/tasks/main.yml +++ b/roles/elgg/tasks/main.yml @@ -138,7 +138,7 @@ state: absent when: not elgg_enabled and is_redhat -- name: Add 'elgg' to list of services at /etc/iiab/iiab.ini +- name: Add 'elgg' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: elgg diff --git a/roles/httpd/tasks/html.yml b/roles/httpd/tasks/html.yml index df00e4266..459441df1 100644 --- a/roles/httpd/tasks/html.yml +++ b/roles/httpd/tasks/html.yml @@ -59,9 +59,9 @@ with_fileglob: - html/services/* -- name: Create symlink from assets to /etc/iiab/iiab.ini +- name: Create symlink from assets to {{ iiab_ini_file }} file: - src: "/etc/iiab/iiab.ini" + src: "{{ iiab_ini_file }}" dest: "{{ doc_root }}/common/assets/iiab.ini" owner: root group: root diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 7ffb90e7e..d0e05db90 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -7,7 +7,7 @@ tags: - base -- name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini +- name: Add 'iiab-admin' to list at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: iiab-admin diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index f785a3cd1..900ce6db3 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -36,7 +36,7 @@ - include_tasks: enable.yml -- name: Add 'kalite' to list of services at /etc/iiab/iiab.ini +- name: Add 'kalite' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: kalite diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml index 30b81b97b..71e4fc7ad 100644 --- a/roles/kiwix/tasks/kiwix_install.yml +++ b/roles/kiwix/tasks/kiwix_install.yml @@ -149,7 +149,7 @@ # 5. FINALIZE -- name: Add 'kiwix' to list of services at /etc/iiab/iiab.ini +- name: Add 'kiwix' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: kiwix diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index d5cbd97c4..e74ae5d65 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -30,8 +30,8 @@ from iiab_env import get_iiab_env # Config Files # iiab_ini_file should be in {{ iiab_env_file }} -iiab_ini_file = "{{ iiab_ini_file }}" # nominally /etc/iiab/iiab.ini -# iiab_ini_file = "/etc/iiab/iiab.ini" # comment out after testing +iiab_ini_file = "{{ iiab_ini_file }}" # nominally {{ iiab_ini_file }} +# iiab_ini_file = "{{ iiab_ini_file }}" # comment out after testing IIAB_INI = get_iiab_env('IIAB_INI') # future if IIAB_INI: diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index 7353e9e8c..e7f7cd8ec 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -80,7 +80,7 @@ state: stopped when: not kolibri_enabled -- name: Add 'kolibri' to list of services at /etc/iiab/iiab.ini +- name: Add 'kolibri' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: kolibri diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml index 54135b3af..e217e7e37 100644 --- a/roles/mediawiki/tasks/install.yml +++ b/roles/mediawiki/tasks/install.yml @@ -85,7 +85,7 @@ name: "{{ apache_service }}" state: restarted -- name: Add 'mediawiki' to list of services at /etc/iiab/iiab.ini +- name: Add 'mediawiki' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: mediawiki diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index 8ae8f030a..e29e852a9 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -60,7 +60,7 @@ # state: stopped # when: not mongodb_enabled -- name: Add 'mongodb' to list of services at /etc/iiab/iiab.ini +- name: Add 'mongodb' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: mongodb diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index fed7de6d2..512030f14 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -45,7 +45,7 @@ #- name: Restart monit service # command: service monit restart -- name: Add 'monit' to list of services at /etc/iiab/iiab.ini +- name: Add 'monit' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: monit diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 7ba39ac60..a13013c21 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -155,7 +155,7 @@ path: "{{ moodle_base }}/config.php" mode: 0644 -- name: Add 'moodle' to list of services at /etc/iiab/iiab.ini +- name: Add 'moodle' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: moodle diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 31f755dfc..9d983770f 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -84,7 +84,7 @@ - /usr/share/munin/plugins/mysql_threads when: mysql_enabled -- name: Add 'munin' to list of services at /etc/iiab/iiab.ini +- name: Add 'munin' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: munin diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml index 619fd2a3c..8fccfaf09 100644 --- a/roles/mysql/tasks/main.yml +++ b/roles/mysql/tasks/main.yml @@ -133,7 +133,7 @@ state: stopped when: not mysql_enabled - - name: Add 'mysql' to list of services at /etc/iiab/iiab.ini + - name: Add 'mysql' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: mysql diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index fb0108847..57b48ba06 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -192,7 +192,7 @@ tags: - network -- name: Add 'computed_network' variable values to /etc/iiab/iiab.ini +- name: Add 'computed_network' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: computed_network diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 118422786..de67c7c97 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -49,7 +49,7 @@ dhcp_service2: "dnsmasq disabled" when: dnsmasq_install and iiab_network_mode == "Appliance" -- name: Add 'network' variable values (from computed_services.yml) to /etc/iiab/iiab.ini +- name: Add 'network' variable values (from computed_services.yml) to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: network diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index cb58deef0..8374de92f 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -188,7 +188,7 @@ gui_wan_iface: "{{ device_gw }}" when: user_wan_iface == "auto" and device_gw != "none" and discovered_wan_iface == "none" -- name: Add 'detected_network' variable values to /etc/iiab/iiab.ini +- name: Add 'detected_network' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: detected_network diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index e59c388f4..1eb1d18d1 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -150,7 +150,7 @@ with_items: - { 0: 'gateway/iiab-gen-iptables', 1: '/usr/bin/iiab-gen-iptables' } -- name: Add 'squid' to list of services at /etc/iiab/iiab.ini +- name: Add 'squid' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: squid @@ -160,7 +160,7 @@ - option: enabled value: "{{ squid_enabled }}" -- name: Add 'dansguardian' to list of services at /etc/iiab/iiab.ini +- name: Add 'dansguardian' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: dansguardian @@ -170,7 +170,7 @@ - option: enabled value: "{{ dansguardian_enabled }}" -- name: Add 'wondershaper' to list of services at /etc/iiab/iiab.ini +- name: Add 'wondershaper' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: wondershaper diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml index 38254cfbd..311339056 100644 --- a/roles/network/tasks/squid.yml +++ b/roles/network/tasks/squid.yml @@ -83,7 +83,7 @@ when: dansguardian_install # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8 -- name: Add '{{ proxy }}' to list of services at /etc/iiab/iiab.ini +- name: Add '{{ proxy }}' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: "{{ proxy }}" @@ -97,7 +97,7 @@ - option: enabled value: "{{ squid_enabled }}" -- name: Add 'dansguardian' variable values to /etc/iiab/iiab.ini +- name: Add 'dansguardian' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: dansguardian diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml index 4bfb45b72..6f62922af 100644 --- a/roles/network/tasks/wondershaper.yml +++ b/roles/network/tasks/wondershaper.yml @@ -38,7 +38,7 @@ group: root state: link -- name: Add 'wondershaper' variable values to /etc/iiab/iiab.ini +- name: Add 'wondershaper' variable values to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: wondershaper diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 83867f1bd..4c77847a0 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -9,7 +9,7 @@ IPTABLES_DATA=/etc/sysconfig/iptables {% endif %} LANIF=$IIAB_LAN_DEVICE WANIF=$IIAB_WAN_DEVICE -MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` +MODE=`grep iiab_network_mode_applied {{ iiab_ini_file }} | gawk '{print $3}'` clear_fw() { $IPTABLES -F diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 398bed62d..af2930de5 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -162,7 +162,7 @@ # following enables and disables - include_tasks: nextcloud_enabled.yml -- name: Add 'nextcloud' to list of services at /etc/iiab/iiab.ini +- name: Add 'nextcloud' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: Nextcloud diff --git a/roles/nodogsplash/tasks/rpi.yml b/roles/nodogsplash/tasks/rpi.yml index 58772bed9..2bf76b9e2 100644 --- a/roles/nodogsplash/tasks/rpi.yml +++ b/roles/nodogsplash/tasks/rpi.yml @@ -52,7 +52,7 @@ state: stopped when: not nodogsplash_enabled -- name: Add 'nodogsplash' to list of services at /etc/iiab/iiab.ini +- name: Add 'nodogsplash' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: nodogsplash diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 522a68655..06263d4de 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -206,7 +206,7 @@ # when: not openvpn_enabled and not installing -- name: Add 'openvpn' to list of services at /etc/iiab/iiab.ini +- name: Add 'openvpn' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: openvpn diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2 index 9c301f065..bc71bb6c7 100755 --- a/roles/openvpn/templates/announcer.j2 +++ b/roles/openvpn/templates/announcer.j2 @@ -20,9 +20,9 @@ if [ -f /etc/iiab/openvpn_handle ]; then #else # # Option #3: Dangerous to invoke hypothetical variables :( # source {{ iiab_env_file }} -# # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from /etc/iiab/iiab.ini, but safer now that relegated to #4 ? +# # Option #4: CAUSED FAILURES IN AUGUST 2018, invoking stale variable from {{ iiab_ini_file }}, but safer now that relegated to #4 ? # if [ -z "$HANDLE" ]; then -# HANDLE=`cat /etc/iiab/iiab.ini | gawk \ +# HANDLE=`cat {{ iiab_ini_file }} | gawk \ # '{ if((toupper($1) == "HANDLE") && ($2 == "=")) { print $3;}}'` # fi fi diff --git a/roles/osm/tasks/main.yml b/roles/osm/tasks/main.yml index 6c15e7746..984b8ebd1 100644 --- a/roles/osm/tasks/main.yml +++ b/roles/osm/tasks/main.yml @@ -174,7 +174,7 @@ name: "{{ apache_service }}" state: restarted -- name: Add 'osm' to list of services at /etc/iiab/iiab.ini +- name: Add 'osm' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: osm diff --git a/roles/pathagar/tasks/main.yml b/roles/pathagar/tasks/main.yml index 42427b30f..f50e042f7 100644 --- a/roles/pathagar/tasks/main.yml +++ b/roles/pathagar/tasks/main.yml @@ -193,7 +193,7 @@ name: "{{ apache_service }}" state: reloaded -- name: Add 'pathagar' to list of services at /etc/iiab/iiab.ini +- name: Add 'pathagar' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: pathagar diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index abf92b81c..fabe8fd94 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -65,7 +65,7 @@ state: absent when: not phpmyadmin_enabled and is_debuntu -- name: Add 'phpmyadmin' to list of services at /etc/iiab/iiab.ini +- name: Add 'phpmyadmin' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: phpmyadmin diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 0e3a3088a..e425f1439 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -93,7 +93,7 @@ enabled: no when: not postgresql_enabled -- name: Add 'postgresql' to list of services at /etc/iiab/iiab.ini +- name: Add 'postgresql' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: postgresql diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml index 57102782a..e0ca97901 100755 --- a/roles/samba/tasks/main.yml +++ b/roles/samba/tasks/main.yml @@ -71,7 +71,7 @@ - samba when : not samba_enabled -- name: Add 'samba' to list of services at /etc/iiab/iiab.ini +- name: Add 'samba' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: samba diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index 8077a5657..c8bf1cb57 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -228,7 +228,7 @@ # state: stopped # when: not sugarizer_enabled -- name: Add 'sugarizer' to list of services at /etc/iiab/iiab.ini +- name: Add 'sugarizer' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: sugarizer diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index 63a46da1f..93096c8c1 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -54,7 +54,7 @@ state: stopped when: not transmission_enabled -- name: Add transmission to list of services at /etc/iiab/iiab.ini +- name: Add transmission to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: transmission diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index bc7836f7d..2a50284f5 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -29,7 +29,7 @@ enabled: yes state: started -- name: Add 'vnstat' to list of services at /etc/iiab/iiab.ini +- name: Add 'vnstat' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: vnstat diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index b87ed9490..6ad6ea2e9 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -135,7 +135,7 @@ name: "{{ apache_service }}" state: restarted -- name: Add 'wordpress' to list of services at /etc/iiab/iiab.ini +- name: Add 'wordpress' to list of services at {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" section: wordpress diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a56ca8549..bd6990ad9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -9,8 +9,8 @@ iiab_local_vars_file: /etc/iiab/local_vars.yml iiab_env_file: /etc/iiab/iiab.env iiab_ini_file: /etc/iiab/iiab.ini -iiab_config_file: "{{ iiab_ini_file }}" # Legacy support / let's phase this out eventually -service_filelist: "{{ iiab_ini_file }}" # Legacy support / let's phase this out eventually +#iiab_config_file: "{{ iiab_ini_file }}" # Legacy support / let's phase this out eventually +#service_filelist: "{{ iiab_ini_file }}" # Legacy support / let's phase this out eventually iiab_base: /opt/iiab iiab_dir: "{{ iiab_base }}/iiab" From 3de83185fcabf826d5e4cb0301cacb78af369047 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 07:05:15 -0400 Subject: [PATCH 56/63] Update iiab_ini.yml --- roles/0-init/tasks/iiab_ini.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/0-init/tasks/iiab_ini.yml b/roles/0-init/tasks/iiab_ini.yml index 442f01681..dcd7b06a3 100644 --- a/roles/0-init/tasks/iiab_ini.yml +++ b/roles/0-init/tasks/iiab_ini.yml @@ -1,5 +1,5 @@ -# workaround for fact that auto create does not work on ini_file -- name: Create {{ iiab_ini_file }} (iiab_ini_file) +# workaround for fact that auto create does not work on iiab_ini_file (/etc/iiab/iiab.ini) +- name: Create {{ iiab_ini_file }} file: dest: "{{ iiab_ini_file }}" state: touch From b0e179e7da412543ab12c315aab0d05db0768498 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 07:10:58 -0400 Subject: [PATCH 57/63] Update iiab-make-kiwix-lib.py --- roles/kiwix/templates/iiab-make-kiwix-lib.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib.py b/roles/kiwix/templates/iiab-make-kiwix-lib.py index e74ae5d65..29b2a4a68 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib.py +++ b/roles/kiwix/templates/iiab-make-kiwix-lib.py @@ -29,9 +29,9 @@ if not IIAB_PATH in sys.path: from iiab_env import get_iiab_env # Config Files -# iiab_ini_file should be in {{ iiab_env_file }} -iiab_ini_file = "{{ iiab_ini_file }}" # nominally {{ iiab_ini_file }} -# iiab_ini_file = "{{ iiab_ini_file }}" # comment out after testing +# iiab_ini_file should be in {{ iiab_env_file }} (/etc/iiab/iiab.env) ? +iiab_ini_file = "{{ iiab_ini_file }}" # nominally /etc/iiab/iiab.ini +# iiab_ini_file = "/etc/iiab/iiab.ini" # comment out after testing IIAB_INI = get_iiab_env('IIAB_INI') # future if IIAB_INI: From 54fda898e3a26428888dea8a8fa2c3d5a0926cee Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 08:40:33 -0400 Subject: [PATCH 58/63] Update main.yml --- roles/3-base-server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 78f2dffd5..5d07b28af 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -3,7 +3,7 @@ - name: ...IS BEGINNING ===================================== command: echo -- name: HTTPD +- name: HTTPD (APACHE) include_role: name: httpd # has no "when: XXXXX_install" flag From 259f2ec4ff580829411a795cff8c1e121199b40f Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 09:23:18 -0400 Subject: [PATCH 59/63] Update default_vars.yml --- vars/default_vars.yml | 48 +++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index bd6990ad9..4f3ec18a8 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -150,17 +150,36 @@ wan_nameserver: # exFAT is auto-enabled for all "debuntu" OS's as of Nov 2017, in roles/2-common/tasks/packages.yml#L35-L36 # exFAT_enabled: True -# Parameters by Aggregate Roles -# Each Role must have the following variables which are either True or False: +# Parameters for Aggregate Roles +# Each Role should have the following variables which are either True or False: # <role-name>_install # <role-name>_enabled -# Our past convention was to install everything in all aggregates +# Past convention had been to install everything in all aggregate roles (stages) # And to enable everything in 1-PREP, 2-COMMON, and 3-BASE-SERVER # 1-PREP +# sshd +sshd_enabled: True + +# roles/iiab-admin runs here +# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: e.g. iiab_admin_user_install, +# iiab_admin_user, iiab_admin_published_pwd, iiab_admin_pwd_hash + +# OpenVPN +openvpn_install: True +openvpn_enabled: False +# For /etc/iiab/openvpn_handle +openvpn_handle: "" +# cron seems necessary on CentOS: +openvpn_cron_enabled: False +# General OpenVPN settings +openvpn_server: xscenet.net +openvpn_server_virtual_ip: 10.8.0.1 +openvpn_server_port: 1194 + # 2-COMMON # 3-BASE-SERVER @@ -169,12 +188,10 @@ wan_nameserver: # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True - -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this (might) cause excess use of RAM or other resources? apache_high_php_limits: False - -# roles/iiab-admin runs here +# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # MySQL MANDATORY - THESE SETTINGS HAVE NO EFFECT - SEE roles/1-prep/tasks/computed_vars.yml, roles/mysql/tasks/main.yml mysql_install: True @@ -185,23 +202,6 @@ mysql_root_password: fixmysql # 4-SERVER-OPTIONS -# sshd -sshd_enabled: True - -# OpenVPN -openvpn_install: True -openvpn_enabled: False - -# For /etc/iiab/openvpn_handle -openvpn_handle: "" - -# cron seems necessary on CentOS: -openvpn_cron_enabled: False - -openvpn_server: xscenet.net -openvpn_server_virtual_ip: 10.8.0.1 -openvpn_server_port: 1194 - # roles/network runs here (MANY SETTINGS ABOVE) # Homepage From 91b103397865fd8c692bb728d632f61b05bfa0fd Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 09:23:22 -0400 Subject: [PATCH 60/63] Update local_vars_big.yml --- vars/local_vars_big.yml | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 13f8ea711..8b680a2cc 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -76,32 +76,34 @@ dansguardian_enabled: True # 1-PREP +# roles/sshd & roles/iiab-admin run here +# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: +# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: +openvpn_handle: "" +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True + # 2-COMMON # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True - -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this (might) cause excess use of RAM or other resources? apache_high_php_limits: False +# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS -# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security -openvpn_install: True -openvpn_enabled: False - -# Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" - -# The following seems necessary on CentOS: -# openvpn_cron_enabled: True - # roles/network runs here (MANY SETTINGS ABOVE) # PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! From 2c93cab13e9890945dc4a3fb385ae8c34de1586e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 09:23:26 -0400 Subject: [PATCH 61/63] Update local_vars_medium.yml --- vars/local_vars_medium.yml | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 11b9a3ac3..77f860faf 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -76,32 +76,34 @@ dansguardian_enabled: False # 1-PREP +# roles/sshd & roles/iiab-admin run here +# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: +# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: +openvpn_handle: "" +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True + # 2-COMMON # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True - -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this (might) cause excess use of RAM or other resources? apache_high_php_limits: False +# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS -# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security -openvpn_install: True -openvpn_enabled: False - -# Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" - -# The following seems necessary on CentOS: -# openvpn_cron_enabled: True - # roles/network runs here (MANY SETTINGS ABOVE) # PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! From 56133d0ab7451cf96bcf8e73f8cc741fd4bedf7e Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 09:23:30 -0400 Subject: [PATCH 62/63] Update local_vars_min.yml --- vars/local_vars_min.yml | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 44a4a52dc..f1d019891 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -76,32 +76,34 @@ dansguardian_enabled: False # 1-PREP +# roles/sshd & roles/iiab-admin run here +# SEE IIAB-ADMIN VARIABLES NEAR TOP OF THIS FILE: +# e.g. iiab_admin_user_install, iiab_admin_user, iiab_admin_pwd_hash + +# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security +openvpn_install: True +openvpn_enabled: False +# Set /etc/iiab/openvpn_handle in advance here: +openvpn_handle: "" +# The following seems necessary on CentOS: +# openvpn_cron_enabled: True + # 2-COMMON # 3-BASE-SERVER # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True - -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 # WARNING: Enabling this (might) cause excess use of RAM or other resources? apache_high_php_limits: False +# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) # 4-SERVER-OPTIONS -# SECURITY WARNING: See http://wiki.laptop.org/go/IIAB/Security -openvpn_install: True -openvpn_enabled: False - -# Set /etc/iiab/openvpn_handle in advance here: -openvpn_handle: "" - -# The following seems necessary on CentOS: -# openvpn_cron_enabled: True - # roles/network runs here (MANY SETTINGS ABOVE) # PostgreSQL - auto-installed by Moodle and/or Pathagar - no need to touch! From 2e05a327d57dc173caaa008aace978024f696191 Mon Sep 17 00:00:00 2001 From: A Holt <holta@users.noreply.github.com> Date: Mon, 15 Oct 2018 09:25:40 -0400 Subject: [PATCH 63/63] Update profile_ssh_warn.sh --- roles/iiab-admin/templates/profile_ssh_warn.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index f18f4a097..9f18e40be 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -21,7 +21,7 @@ check_hash () { if check_user_pwd "iiab-admin" "{{ iiab_admin_published_pwd }}"; then echo -e "\nSSH is enabled and the published password for user 'iiab-admin' is in use." echo -e "THIS IS A SECURITY RISK - please log in as user 'iiab-admin' and run 'passwd'" - echo =e "to change its password.\n" + echo -e "to change its password.\n" fi }