1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Modularize 1-prep, Tweak 2-common

This commit is contained in:
root 2021-07-31 16:43:29 -04:00
parent 43720da0e8
commit d328faf6e3
6 changed files with 85 additions and 90 deletions

View file

@ -0,0 +1,17 @@
## DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: raspberry_pi.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
register: usb_NUC6
ignore_errors: True
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: internet_available and usb_NUC6.stdout|int > 0

View file

@ -1,85 +1,31 @@
# Preparations (Hardware Level)
# Preparations (low-level, hardware, basic security)
- name: ...IS BEGINNING ============================================
meta: noop
- name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
include_tasks: roles/network/tasks/dnsmasq.yml
#when: dnsmasq_install # Flag might be used in future?
- name: 'Install packages: sudo, uuid-runtime'
package:
name:
- sudo
- uuid-runtime
state: present
- name: Does /etc/iiab/uuid exist?
stat:
path: /etc/iiab/uuid
register: uuid_file
- name: If not, run 'uuidgen' to create a uuid, in register uuid_response
command: uuidgen
register: uuid_response
when: not uuid_file.stat.exists
- name: Save it to /etc/iiab/uuid
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
when: not uuid_file.stat.exists
- name: Load /etc/iiab/uuid, into register stored_uuid
command: cat /etc/iiab/uuid
register: stored_uuid
- name: Store it in Ansible variable 'uuid'
set_fact:
uuid: "{{ stored_uuid.stdout_lines[0] }}"
- name: Does 'ubermix' exist in /etc/lsb-release?
shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?
register: grep_ubermix
failed_when: False # Universal way to hide alarmist red errors!
#ignore_errors: True
#check_mode: no
- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix
copy:
src: roles/1-prep/files/iiab.conf
dest: /etc/tmpfiles.d/
# owner: root
# group: root
# mode: '0644'
force: yes
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml
# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*
# pkgs are not installed FWIW. But it's included to safeguard us across all
# OS's, in case others OS's like Ubermix later appear. See #1382 for details.
# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix!
- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix
shell: apt -y remove "libgeos-*"
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
- name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml
include_role:
name: sshd
when: sshd_install
- name: IIAB-ADMIN
include_role:
name: iiab-admin
#when: iiab_admin_install # Flag might be created in future?
- name: OPENVPN
include_role:
name: openvpn
when: openvpn_install
- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml
include_role:
name: iiab-admin
#when: iiab_admin_install # Flag might be created in future?
- name: dnsmasq (install now, configure LATER in 'network', after Stage 9)
include_tasks: roles/network/tasks/dnsmasq.yml
#when: dnsmasq_install # Flag might be used in future?
- include_tasks: uuid.yml
- include_tasks: ubermix.yml
- include_tasks: hw_platforms.yml
# Debian 10 "Buster" is apparently enabling AppArmor in 2019:
# https://wiki.debian.org/AppArmor/Progress
@ -109,25 +55,6 @@
# when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
## DISCOVER PLATFORMS ######
# Put conditional actions for hardware platforms here
- include_tasks: raspberry_pi.yml
when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 built-in WiFi is present
shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'"
register: usb_NUC6
ignore_errors: True
- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages
get_url:
url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode"
dest: /lib/firmware
timeout: "{{ download_timeout }}"
when: internet_available and usb_NUC6.stdout|int > 0
- name: Recording STAGE 1 HAS COMPLETED ============================
template:
src: roles/1-prep/templates/iiab.env.j2

View file

@ -0,0 +1,25 @@
- name: Does 'ubermix' exist in /etc/lsb-release?
shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors?
register: grep_ubermix
failed_when: False # Universal way to hide alarmist red errors!
#ignore_errors: True
#check_mode: no
- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix (root:root, 0644 by default)
copy:
src: roles/1-prep/files/iiab.conf
dest: /etc/tmpfiles.d/
# owner: root
# group: root
# mode: 0644
force: yes
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist
# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml
# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-*
# pkgs are not installed FWIW. But it's included to safeguard us across all
# OS's, in case others OS's like Ubermix later appear. See #1382 for details.
# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix!
- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix
shell: apt -y remove "libgeos-*"
when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist

View file

@ -0,0 +1,26 @@
- name: "Install packages: uuid-runtime"
package:
name: uuid-runtime
state: present
- name: Does /etc/iiab/uuid exist?
stat:
path: /etc/iiab/uuid
register: uuid_file
- name: If not, run 'uuidgen' to create a uuid, in register uuid_response
command: uuidgen
register: uuid_response
when: not uuid_file.stat.exists
- name: Save it to /etc/iiab/uuid
shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid
when: not uuid_file.stat.exists
- name: Load /etc/iiab/uuid, into register stored_uuid
command: cat /etc/iiab/uuid
register: stored_uuid
- name: Store it in Ansible variable 'uuid'
set_fact:
uuid: "{{ stored_uuid.stdout_lines[0] }}"

View file

@ -8,7 +8,7 @@
- include_tasks: packages.yml
- name: 'Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml'
- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml"
include_tasks: network.yml
- include_tasks: iiab-startup.yml

View file

@ -4,7 +4,7 @@
- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml'
meta: noop
- name: "Install 20 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget, wpasupplicant"
- name: "Install 21 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, sudo, tar, unzip, usbutils, wget, wpasupplicant"
package:
name:
- acpid # Daemon for ACPI (power mgmt) events
@ -33,7 +33,7 @@
- rsync
#- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml
- sqlite3
#- sudo # Installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml
- sudo
- tar
- unzip
#- usbmount # Moved to roles/usb_lib/tasks/install.yml