diff --git a/roles/lokole/defaults/main.yml b/roles/lokole/defaults/main.yml index 57b53c4e6..b9cfcfbda 100644 --- a/roles/lokole/defaults/main.yml +++ b/roles/lokole/defaults/main.yml @@ -4,14 +4,21 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# Info needed to install Lokole -lokole_version: 0.5.10 -lokole_admin_user: admin # lowercase seems nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation!) +# Info needed to install Lokole: + +# By default, IIAB will always try to install the latest Lokole as published on +# https://pypi.org/project/opwen-email-client/ ...OR... HARDCODE EITHER HERE: +#lokole_commit: # OPTIONAL: a 40-char git hash, from https://github.com/ascoderu/opwen-webapp/commits/master +#lokole_version: # OPTIONAL: e.g. master or 0.5.10 or a version number from https://pypi.org/project/opwen-email-client/#history + +lokole_admin_user: admin # lowercase is nec here (even though uppercase Admin/changeme is IIAB's OOB recommendation: BOTH WORK to log in to http://box/lokole) lokole_admin_password: changeme + lokole_install_path: "{{ content_base }}/lokole" # /library/lokole lokole_venv: "{{ lokole_install_path }}/venv" # /library/lokole/venv -# Info needed to run Lokole +# Info needed to run Lokole: + lokole_user: lokole lokole_run_directory: "/home/{{ lokole_user }}/state" @@ -20,8 +27,10 @@ lokole_full_url: "http://{{ iiab_hostname }}.{{ iiab_domain }}{{ lokole_url }}" lokole_domain_socket: "{{ lokole_run_directory }}/lokole_gunicorn.sock" -# Global variables provided by setup-lokole.sh: -# https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L140-L141 -# https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L182-L192 -opwen_server_locale: "{{ default_language }}" -opwen_server_timezone: "{{ local_tz }}" +# 2020-02-01: NO LONGER USED, or even meaningful. Delete soon? +# +## Global variables provided by setup-lokole.sh: +## https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L140-L141 +## https://github.com/ascoderu/opwen-webapp/blob/master/setup/setup-lokole.sh#L182-L192 +#opwen_server_locale: "{{ default_language }}" +#opwen_server_timezone: "{{ local_tz }}" diff --git a/roles/lokole/tasks/apache.yml b/roles/lokole/tasks/apache.yml new file mode 100644 index 000000000..f9ddedace --- /dev/null +++ b/roles/lokole/tasks/apache.yml @@ -0,0 +1,12 @@ +- name: Enable http://box{{ lokole_url }} via Apache # http://box/lokole + command: a2ensite lokole.conf + when: lokole_enabled | bool + +- name: Disable http://box{{ lokole_url }} via Apache # http://box/lokole + command: a2dissite lokole.conf + when: not lokole_enabled + +- name: Restart '{{ apache_service }}' systemd service + systemd: + name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml + state: restarted diff --git a/roles/lokole/tasks/enable.yml b/roles/lokole/tasks/enable.yml deleted file mode 100644 index a8701376c..000000000 --- a/roles/lokole/tasks/enable.yml +++ /dev/null @@ -1,71 +0,0 @@ -- name: Enable & Restart 'lokole' systemd service - systemd: - name: lokole - daemon_reload: yes - enabled: yes - state: restarted - when: lokole_enabled | bool - -- name: Disable & Stop 'lokole' systemd service - systemd: - name: lokole - enabled: no - state: stopped - when: not lokole_enabled - -# Apache - -- name: Enable http://box{{ lokole_url }} via Apache # http://box/lokole - command: a2ensite lokole.conf - when: apache_install and lokole_enabled - -- name: Disable http://box{{ lokole_url }} via Apache # http://box/lokole - command: a2dissite lokole.conf - when: apache_install and not lokole_enabled - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" - state: restarted - when: apache_enabled | bool - -# NGINX - -- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template" # http://box/lokole - template: - src: lokole-nginx.conf.j2 - dest: "{{ nginx_conf_dir }}/lokole-nginx.conf" - when: nginx_install and lokole_enabled - -- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf" # http://box/lokole - file: - path: "{{ nginx_conf_dir }}/lokole-nginx.conf" - state: absent - when: nginx_install and not lokole_enabled - -- name: Restart 'nginx' systemd service - systemd: - name: nginx - state: restarted - when: nginx_enabled | bool - - -- name: Add 'lokole' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: lokole - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: lokole - - option: description - value: '"Lokole is an email service that works offline, for rural communities."' - - option: lokole_run_directory - value: "{{ lokole_run_directory }}" - - option: lokole_url - value: "{{ lokole_url }}" - - option: lokole_full_url - value: "{{ lokole_full_url }}" - - option: lokole_enabled - value: "{{ lokole_enabled }}" diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml index ee7baa3c2..76099bde1 100644 --- a/roles/lokole/tasks/install.yml +++ b/roles/lokole/tasks/install.yml @@ -1,35 +1,24 @@ # Lokole PDF (User's Guide) gets copied for offline use (http://box/info) here: -# https://github.com/iiab/iiab/blob/master/roles/httpd/templates/refresh-wiki-docs.sh#L47 +# https://github.com/iiab/iiab/blob/master/roles/httpd/templates/refresh-wiki-docs.sh#L51-L52 -- name: "Install 7 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, libffi-dev, libssl-dev, python3-bcrypt" +- name: "Install 8 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, python3-bcrypt, libffi-dev, libssl-dev, libopenjp2-7" apt: name: - python3 - python3-pip - python3-venv - python3-dev + - python3-bcrypt # 2019-10-14: Should work across modern Linux OS's + #- bcrypt does not exist on Ubuntu 19.10 - libffi-dev - libssl-dev - #- bcrypt does not exist on Ubuntu 19.10 - - python3-bcrypt # 2019-10-14: should work across modern Linux OS's + - libopenjp2-7 # 2020-02-01: To solve bug #2221 state: present -- name: pip install opwen_email_client (Lokole) {{ lokole_version }} from PyPI to {{ lokole_venv }} - pip: - name: opwen_email_client - version: "{{ lokole_version }}" - virtualenv: "{{ lokole_venv }}" - virtualenv_command: python3 -m venv "{{ lokole_venv }}" - extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ - when: - - internet_available | bool - - lokole_commit is undefined - # For development purposes -- To install Lokole from a given commit, add the # following line to roles/lokole/defaults/main.yml: -# # lokole_commit: -- name: pip install opwen_email_client (Lokole) from git commit {{ lokole_commit }} (for development purposes) +- name: "OPTIONAL: pip install opwen_email_client (Lokole, git commit {{ lokole_commit }}) from GitHub to {{ lokole_venv }}, if lokole_commit is defined" pip: name: "git+https://github.com/ascoderu/opwen-webapp.git@{{ lokole_commit }}#egg=opwen_email_client" virtualenv: "{{ lokole_venv }}" @@ -39,6 +28,30 @@ - internet_available | bool - lokole_commit is defined +# For development purposes -- To install a given pip version of Lokole, add +# the following line to roles/lokole/defaults/main.yml: +# lokole_version: +- name: "OPTIONAL: pip install opwen_email_client (Lokole, version {{ lokole_version }}) from PyPI to {{ lokole_venv }}, if lokole_version is defined" + pip: + name: opwen_email_client + version: "{{ lokole_version }}" + virtualenv: "{{ lokole_venv }}" + virtualenv_command: python3 -m venv "{{ lokole_venv }}" + extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ + when: + - internet_available | bool + - lokole_version is defined + +- name: "DEFAULT: pip install opwen_email_client (Lokole, latest available version) from PyPI to {{ lokole_venv }}, if above vars both UNdefined" + pip: + name: opwen_email_client + virtualenv: "{{ lokole_venv }}" + virtualenv_command: python3 -m venv "{{ lokole_venv }}" + extra_args: --no-cache-dir # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/ + when: + - internet_available | bool + - lokole_commit is undefined and lokole_version is undefined + - name: Compile translations shell: | python_version=$(python3 -c 'from sys import version_info; print("%s.%s" % (version_info.major, version_info.minor));';) @@ -46,10 +59,10 @@ with_items: - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp" -- name: Create dir {{ lokole_run_directory }} +- name: mkdir {{ lokole_run_directory }} file: - path: "{{ lokole_run_directory }}" state: directory + path: "{{ lokole_run_directory }}" - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole template: @@ -62,12 +75,12 @@ dest: "{{ lokole_run_directory }}/webapp.sh" mode: a+x -- name: Create admin user +- name: Create admin user with password, for http://box{{ lokole_url }} # http://box/lokole shell: | . {{ lokole_run_directory }}/webapp_secrets.sh {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}' -- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole +- name: Install /etc/{{ apache_conf_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache # http://box/lokole template: src: lokole.conf.j2 dest: "/etc/{{ apache_conf_dir }}/lokole.conf" @@ -78,14 +91,6 @@ src: lokole.service.j2 dest: /etc/systemd/system/lokole.service -# - name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled -# systemd: -# daemon_reload: yes -# name: lokole -# enabled: yes -# state: restarted -# when: lokole_enabled | bool - # RECORD Lokole AS INSTALLED diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index cd33c7692..ba6321aed 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -1,7 +1,71 @@ -- name: Install Lokole {{ lokole_version }} if lokole_install - include_tasks: install.yml - when: lokole_install and not lokole_installed is defined +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- name: Enable Lokole - include_tasks: enable.yml - when: lokole_install or lokole_installed is defined +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "lokole_install is sameas true" (boolean not string etc) + assert: + that: lokole_install is sameas true + fail_msg: "PLEASE SET 'lokole_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "lokole_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: lokole_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'lokole_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install Lokole {{ lokole_version }} if lokole_installed is not defined + include_tasks: install.yml + when: lokole_installed is undefined + + +- name: Enable & Restart 'lokole' systemd service + systemd: + name: lokole + daemon_reload: yes + enabled: yes + state: restarted + when: lokole_enabled | bool + +- name: Disable & Stop 'lokole' systemd service + systemd: + name: lokole + enabled: no + state: stopped + when: not lokole_enabled + +#- name: Enable/Disable/Restart Apache if primary +- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache + include_tasks: apache.yml + #when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool + + +- name: Add 'lokole' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab_state.yml + section: lokole + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Lokole + - option: description + value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night — for almost no cost at all — depending on mobile data plans in your country."' + #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' + - option: lokole_run_directory + value: "{{ lokole_run_directory }}" + - option: lokole_url + value: "{{ lokole_url }}" + - option: lokole_full_url + value: "{{ lokole_full_url }}" + - option: lokole_enabled + value: "{{ lokole_enabled }}" diff --git a/roles/lokole/tasks/nginx.yml b/roles/lokole/tasks/nginx.yml new file mode 100644 index 000000000..59c259159 --- /dev/null +++ b/roles/lokole/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_conf_dir }}/lokole-nginx.conf from template" # http://box/lokole + template: + src: lokole-nginx.conf.j2 + dest: "{{ nginx_conf_dir }}/lokole-nginx.conf" # /etc/nginx/conf.d + when: lokole_enabled | bool + +- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_conf_dir }}/lokole-nginx.conf" # http://box/lokole + file: + path: "{{ nginx_conf_dir }}/lokole-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not lokole_enabled + +- name: Restart 'nginx' systemd service + systemd: + name: nginx + state: restarted diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst index 84a2b39f7..1f69bc402 100644 --- a/roles/usb_lib/README.rst +++ b/roles/usb_lib/README.rst @@ -1,5 +1,5 @@ ============== -usb-lib README +usb_lib README ============== **PLEASE SEE "Can teachers display their own content?" WITHIN http://FAQ.IIAB.IO FOR UP-TO-DATE DOCUMENTATION.** diff --git a/roles/usb_lib/tasks/main.yml~ b/roles/usb_lib/tasks/main.yml~ deleted file mode 100644 index 0ac13ad51..000000000 --- a/roles/usb_lib/tasks/main.yml~ +++ /dev/null @@ -1,109 +0,0 @@ -# TO DO: -# - validate input vars + prereqs -# - move 6 top stanzas into install.yml -# - move 6 mid/lower stanzas into enable-or-disable.yml -# - verify analogous NGINX logic from roles/nginx/* -- then integrate as nec? - -- name: Add dir {{ doc_root }}/local_content, where USB drive links can appear - file: - state: directory - path: "{{ doc_root }}/local_content" - owner: "{{ apache_user }}" - group: "{{ iiab_admin_user }}" # ISN'T "{{ apache_user }}" MORE APPROPRIATE? - mode: '0775' - -- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off' - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: 'usbmount@.service.j2' , dest: '/etc/systemd/system/usbmount@.service', mode: '0644' } - - { src: 'usbmount.rules.j2' , dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' } - - { src: 'iiab-usb_lib-show-all-on' , dest: '/usr/bin/', mode: '0755' } - - { src: 'iiab-usb_lib-show-all-off' , dest: '/usr/bin/', mode: '0755' } - -- name: Enable exFAT and NTFS in /etc/usbmount/usbmount.conf - lineinfile: - regexp: '^FILESYSTEMS.*' - line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"' - path: /etc/usbmount/usbmount.conf - -- name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template - template: - src: content_dir.conf - dest: "/etc/{{ apache_conf_dir }}" - when: apache_install - - -# RECORD usb_lib AS INSTALLED - -- name: "Set 'usb_lib_installed: True'" - set_fact: - usb_lib_installed: True - -- name: "Add 'usb_lib_installed: True' to {{ iiab_state_file }}" - lineinfile: - dest: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - regexp: '^usb_lib_installed' - line: 'usb_lib_installed: True' - - -- name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled - template: - src: mount.d/70-usb-library - dest: /etc/usbmount/mount.d/ - owner: root - group: root - mode: '0751' - when: usb_lib_enabled | bool - -- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled - template: - src: umount.d/70-usb-library - dest: /etc/usbmount/umount.d - owner: root - group: root - mode: '0751' - when: usb_lib_enabled | bool - -- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled - file: - path: /etc/usbmount/mount.d/70-usb-library - state: absent - when: not usb_lib_enabled - -- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled - file: - path: /etc/usbmount/umount.d/70-usb-library - state: absent - when: not usb_lib_enabled - -- name: Enable http://box/usb via Apache, if usb_lib_enabled - shell: a2ensite content_dir.conf - when: apache_install and usb_lib_enabled - -- name: Disable http://box/usb via Apache, if not usb_lib_enabled - shell: a2dissite content_dir.conf - when: apache_install and not usb_lib_enabled - - -- name: Put variable in iiab.env that enables display of content at root of USB - lineinfile: - path: "{{ iiab_env_file }}" - regexp: "^IIAB_USB_LIB_SHOW_ALL.*" - line: "IIAB_USB_LIB_SHOW_ALL={{ iiab_usb_lib_show_all }}" - -- name: Add 'usb_lib' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: usb_lib - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: usb_lib - - option: description - value: '"usb_lib automounts Teacher Content on USB drives to /library/www/html/local_content, so students can browse it almost immediately at http://box/usb"' - - option: enabled - value: "{{ usb_lib_enabled }}"