Merge pull request #365 from iiab/master

sync from iiab:master

roles/lokole/defaults/main.yml

@@ -4,14 +4,21 @@
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 
-# Info needed to install Lokole
-lokole_version: 0.5.10
-lokole_admin_user: admin    # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!)
+# Info needed to install Lokole:
+
+# By default, IIAB will always try to install the latest Lokole as published on
+# https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE:
+#lokole_commit:     # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/opwen-webapp/commits/master
+#lokole_version:    # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history
+
+lokole_admin_user: admin    # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole)
 lokole_admin_password: changeme
+
 lokole_install_path: "{{ content_base }}/lokole"    # /library/lokole
 lokole_venv: "{{ lokole_install_path }}/venv"       # /library/lokole/venv
 
-# Info needed to run Lokole
+# Info needed to run Lokole:
+
 lokole_user: lokole
 lokole_run_directory: "/home/{{ lokole_user }}/state"
 
@@ -20,8 +27,10 @@ lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}"
 
 lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock"
 
-# Global variables provided by setup-lokole.sh:
-# https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L140-L141
-# https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L182-L192
-opwen_server_locale: "{{ default_language }}"
-opwen_server_timezone: "{{ local_tz }}"
+# 2020-02-01: NO LONGER USED, or even meaningful.  Delete soon?
+#
+## Global variables provided by setup-lokole.sh:
+## https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L140-L141
+## https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L182-L192
+#opwen_server_locale: "{{ default_language }}"
+#opwen_server_timezone: "{{ local_tz }}"

roles/lokole/tasks/apache.yml

@@ -0,0 +1,12 @@
+- name: Enable http://box{{ lokole_url }} via Apache    # http://box/lokole
+  command: a2ensite lokole.conf
+  when: lokole_enabled | bool
+
+- name: Disable http://box{{ lokole_url }} via Apache    # http://box/lokole
+  command: a2dissite lokole.conf
+  when: not lokole_enabled
+
+- name: Restart '{{ apache_service }}' systemd service
+  systemd:
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
+    state: restarted

roles/lokole/tasks/enable.yml

@@ -1,71 +0,0 @@
-- name: Enable & Restart 'lokole' systemd service
-  systemd:
-    name: lokole
-    daemon_reload: yes
-    enabled: yes
-    state: restarted
-  when: lokole_enabled | bool
-
-- name: Disable & Stop 'lokole' systemd service
-  systemd:
-    name: lokole
-    enabled: no
-    state: stopped
-  when: not lokole_enabled
-
-# Apache
-
-- name: Enable http://box{{ lokole_url }} via Apache    # http://box/lokole
-  command: a2ensite lokole.conf
-  when: apache_install and lokole_enabled
-
-- name: Disable http://box{{ lokole_url }} via Apache    # http://box/lokole
-  command: a2dissite lokole.conf
-  when: apache_install and not lokole_enabled
-
-- name: Restart Apache systemd service ({{ apache_service }})
-  systemd:
-    name: "{{ apache_service }}"
-    state: restarted
-  when: apache_enabled | bool
-
-# NGINX
-
-- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template"    # http://box/lokole
-  template:
-    src: lokole-nginx.conf.j2
-    dest: "{{ nginx_conf_dir }}/lokole-nginx.conf"
-  when: nginx_install and lokole_enabled
-
-- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf"    # http://box/lokole
-  file:
-    path: "{{ nginx_conf_dir }}/lokole-nginx.conf"
-    state: absent
-  when: nginx_install and not lokole_enabled
-
-- name: Restart 'nginx' systemd service
-  systemd:
-    name: nginx
-    state: restarted
-  when: nginx_enabled | bool
-
-
-- name: Add 'lokole' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: lokole
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: lokole
-    - option: description
-      value: '"Lokole is an email service that works offline, for rural communities."'
-    - option: lokole_run_directory
-      value: "{{ lokole_run_directory }}"
-    - option: lokole_url
-      value: "{{ lokole_url }}"
-    - option: lokole_full_url
-      value: "{{ lokole_full_url }}"
-    - option: lokole_enabled
-      value: "{{ lokole_enabled }}"

roles/lokole/tasks/install.yml

@@ -1,35 +1,24 @@
 # Lokole PDF (User's Guide) gets copied for offline use (http://box/info) here:
-# https://github.com/iiab/iiab/blob/master/roles/httpd/templates/refresh-wiki-docs.sh#L47
+# https://github.com/iiab/iiab/blob/master/roles/httpd/templates/refresh-wiki-docs.sh#L51-L52
 
-- name: "Install 7 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, libffi-dev, libssl-dev, python3-bcrypt"
+- name: "Install 8 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, python3-bcrypt, libffi-dev, libssl-dev, libopenjp2-7"
   apt:
     name:
       - python3
       - python3-pip
       - python3-venv
       - python3-dev
+      - python3-bcrypt    # 2019-10-14: Should work across modern Linux OS's
+      #- bcrypt does not exist on Ubuntu 19.10
       - libffi-dev
       - libssl-dev
-      #- bcrypt does not exist on Ubuntu 19.10
-      - python3-bcrypt    # 2019-10-14: should work across modern Linux OS's
+      - libopenjp2-7    # 2020-02-01: To solve bug #2221
     state: present
 
-- name: pip install opwen_email_client (Lokole) {{ lokole_version }} from PyPI to {{ lokole_venv }}
-  pip:
-    name: opwen_email_client
-    version: "{{ lokole_version }}"
-    virtualenv: "{{ lokole_venv }}"
-    virtualenv_command: python3 -m venv "{{ lokole_venv }}"
-    extra_args: --no-cache-dir    # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
-  when:
-    - internet_available | bool
-    - lokole_commit is undefined
-
 # For development purposes -- To install Lokole from a given commit, add the
 # following line to roles/lokole/defaults/main.yml:
-# 
 # lokole_commit: <git_commit_id>
-- name: pip install opwen_email_client (Lokole) from git commit {{ lokole_commit }} (for development purposes)
+- name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined"
   pip:
     name: "git+https://github.com/ascoderu/opwen-webapp.git@{{ lokole_commit }}#egg=opwen_email_client"
     virtualenv: "{{ lokole_venv }}"
@@ -39,6 +28,30 @@
     - internet_available | bool
     - lokole_commit is defined
 
+# For development purposes -- To install a given pip version of Lokole, add
+# the following line to roles/lokole/defaults/main.yml:
+# lokole_version: <git_version_number>
+- name: "OPTIONAL: pip install opwen_email_client (Lokole, version {{ lokole_version }}) from PyPI to {{ lokole_venv }}, if lokole_version is defined"
+  pip:
+    name: opwen_email_client
+    version: "{{ lokole_version }}"
+    virtualenv: "{{ lokole_venv }}"
+    virtualenv_command: python3 -m venv "{{ lokole_venv }}"
+    extra_args: --no-cache-dir    # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
+  when:
+    - internet_available | bool
+    - lokole_version is defined
+
+- name: "DEFAULT: pip install opwen_email_client (Lokole, latest available version) from PyPI to {{ lokole_venv }}, if above vars both UNdefined"
+  pip:
+    name: opwen_email_client
+    virtualenv: "{{ lokole_venv }}"
+    virtualenv_command: python3 -m venv "{{ lokole_venv }}"
+    extra_args: --no-cache-dir    # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
+  when:
+    - internet_available | bool
+    - lokole_commit is undefined and lokole_version is undefined
+
 - name: Compile translations
   shell: |
     python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';)
@@ -46,10 +59,10 @@
   with_items:
     - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp"
 
-- name: Create dir {{ lokole_run_directory }}
+- name: mkdir {{ lokole_run_directory }}
   file: 
-    path: "{{ lokole_run_directory }}"
     state: directory
+    path: "{{ lokole_run_directory }}"
 
 - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
   template:
@@ -62,12 +75,12 @@
     dest: "{{ lokole_run_directory }}/webapp.sh"
     mode: a+x
 
-- name: Create admin user
+- name: Create admin user with password, for http://box{{ lokole_url }}    # http://box/lokole
   shell: |
     . {{ lokole_run_directory }}/webapp_secrets.sh
     {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
 
-- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache   # http://box/lokole
+- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache    # http://box/lokole
   template:
     src: lokole.conf.j2
     dest: "/etc/{{ apache_conf_dir }}/lokole.conf"
@@ -78,14 +91,6 @@
     src: lokole.service.j2
     dest: /etc/systemd/system/lokole.service
 
-# - name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled
-#   systemd:
-#     daemon_reload: yes
-#     name: lokole
-#     enabled: yes
-#     state: restarted
-#   when: lokole_enabled | bool
-
 
 # RECORD Lokole AS INSTALLED
 

roles/lokole/tasks/main.yml

@@ -1,7 +1,71 @@
-- name: Install Lokole {{ lokole_version }} if lokole_install
-  include_tasks: install.yml
-  when: lokole_install and not lokole_installed is defined
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
 
-- name: Enable Lokole
-  include_tasks: enable.yml
-  when: lokole_install or lokole_installed is defined
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "lokole_install is sameas true" (boolean not string etc)
+  assert:
+    that: lokole_install is sameas true
+    fail_msg: "PLEASE SET 'lokole_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "lokole_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: lokole_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'lokole_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Lokole {{ lokole_version }} if lokole_installed is not defined
+  include_tasks: install.yml
+  when: lokole_installed is undefined
+
+
+- name: Enable & Restart 'lokole' systemd service
+  systemd:
+    name: lokole
+    daemon_reload: yes
+    enabled: yes
+    state: restarted
+  when: lokole_enabled | bool
+
+- name: Disable & Stop 'lokole' systemd service
+  systemd:
+    name: lokole
+    enabled: no
+    state: stopped
+  when: not lokole_enabled
+
+#- name: Enable/Disable/Restart Apache if primary
+- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
+  include_tasks: apache.yml
+  #when: not nginx_enabled
+
+- name: Enable/Disable/Restart NGINX if primary
+  include_tasks: nginx.yml
+  when: nginx_enabled | bool
+
+
+- name: Add 'lokole' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab_state.yml
+    section: lokole
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: Lokole
+    - option: description
+      value: '"Lokole is an email service that works offline, for rural communities.  With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night — for almost no cost at all — depending on mobile data plans in your country."'
+      #value: '"Lokole is an email service that works offline, for rural communities.  In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."'
+    - option: lokole_run_directory
+      value: "{{ lokole_run_directory }}"
+    - option: lokole_url
+      value: "{{ lokole_url }}"
+    - option: lokole_full_url
+      value: "{{ lokole_full_url }}"
+    - option: lokole_enabled
+      value: "{{ lokole_enabled }}"

roles/lokole/tasks/nginx.yml

@@ -0,0 +1,16 @@
+- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template"    # http://box/lokole
+  template:
+    src: lokole-nginx.conf.j2
+    dest: "{{ nginx_conf_dir }}/lokole-nginx.conf"    # /etc/nginx/conf.d
+  when: lokole_enabled | bool
+
+- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf"    # http://box/lokole
+  file:
+    path: "{{ nginx_conf_dir }}/lokole-nginx.conf"    # /etc/nginx/conf.d
+    state: absent
+  when: not lokole_enabled
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted

roles/usb_lib/README.rst

@@ -1,5 +1,5 @@
 ==============
-usb-lib README
+usb_lib README
 ==============
 
 **PLEASE SEE "Can teachers display their own content?" WITHIN http://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.**

roles/usb_lib/tasks/main.yml~

@@ -1,109 +0,0 @@
-# TO DO:
-# - validate input vars + prereqs
-# - move 6 top stanzas into install.yml
-# - move 6 mid/lower stanzas into enable-or-disable.yml
-# - verify analogous NGINX logic from roles/nginx/* -- then integrate as nec?
-
-- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear
-  file:
-    state: directory
-    path: "{{ doc_root }}/local_content"
-    owner: "{{ apache_user }}"
-    group: "{{ iiab_admin_user }}"    # ISN'T "{{ apache_user }}" MORE APPROPRIATE?
-    mode: '0775'
-
-- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off'
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
-    - { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
-    - { src: 'iiab-usb_lib-show-all-on' , dest: '/usr/bin/', mode: '0755' }
-    - { src: 'iiab-usb_lib-show-all-off' , dest: '/usr/bin/', mode: '0755' }
-
-- name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf
-  lineinfile:
-    regexp: '^FILESYSTEMS.*'
-    line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
-    path: /etc/usbmount/usbmount.conf
-
-- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
-  template:
-    src: content_dir.conf
-    dest: "/etc/{{ apache_conf_dir }}"
-  when: apache_install
-
-
-# RECORD usb_lib AS INSTALLED
-
-- name: "Set 'usb_lib_installed: True'"
-  set_fact:
-    usb_lib_installed: True
-
-- name: "Add 'usb_lib_installed: True' to {{ iiab_state_file }}"
-  lineinfile:
-    dest: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^usb_lib_installed'
-    line: 'usb_lib_installed: True'
-
-
-- name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled
-  template:
-    src: mount.d/70-usb-library
-    dest: /etc/usbmount/mount.d/
-    owner: root
-    group: root
-    mode: '0751'
-  when: usb_lib_enabled | bool
-
-- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
-  template:
-    src: umount.d/70-usb-library
-    dest: /etc/usbmount/umount.d
-    owner: root
-    group: root
-    mode: '0751'
-  when: usb_lib_enabled | bool
-
-- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
-  file:
-    path: /etc/usbmount/mount.d/70-usb-library
-    state: absent
-  when: not usb_lib_enabled
-
-- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled
-  file:
-    path: /etc/usbmount/umount.d/70-usb-library
-    state: absent
-  when: not usb_lib_enabled
-
-- name: Enable http://box/usb via Apache, if usb_lib_enabled
-  shell: a2ensite content_dir.conf
-  when: apache_install and usb_lib_enabled
-
-- name: Disable http://box/usb via Apache, if not usb_lib_enabled
-  shell: a2dissite content_dir.conf
-  when: apache_install and not usb_lib_enabled
-
-
-- name: Put variable in iiab.env that enables display of content at root of USB
-  lineinfile:
-    path: "{{ iiab_env_file }}"
-    regexp: "^IIAB_USB_LIB_SHOW_ALL.*"
-    line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}"
-
-- name: Add 'usb_lib' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: usb_lib
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: usb_lib
-    - option: description
-      value: '"usb_lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"'
-    - option: enabled
-      value: "{{ usb_lib_enabled }}"