diff --git a/roles/1-prep/tasks/hw_platforms.yml b/roles/1-prep/tasks/hw_platforms.yml new file mode 100644 index 000000000..2a5c5c2ba --- /dev/null +++ b/roles/1-prep/tasks/hw_platforms.yml @@ -0,0 +1,17 @@ +## DISCOVER PLATFORMS ###### +# Put conditional actions for hardware platforms here + +- include_tasks: raspberry_pi.yml + when: first_run and rpi_model != "none" + +- name: Check if the identifier for Intel's NUC6 built-in WiFi is present + shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" + register: usb_NUC6 + ignore_errors: True + +- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages + get_url: + url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" + dest: /lib/firmware + timeout: "{{ download_timeout }}" + when: internet_available and usb_NUC6.stdout|int > 0 diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index e7b950a3e..efaf78e54 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -1,85 +1,31 @@ -# Preparations (Hardware Level) +# Preparations (low-level, hardware, basic security) - name: ...IS BEGINNING ============================================ meta: noop -- name: dnsmasq (install now, configure LATER in 'network', after Stage 9) - include_tasks: roles/network/tasks/dnsmasq.yml - #when: dnsmasq_install # Flag might be used in future? - - -- name: 'Install packages: sudo, uuid-runtime' - package: - name: - - sudo - - uuid-runtime - state: present - -- name: Does /etc/iiab/uuid exist? - stat: - path: /etc/iiab/uuid - register: uuid_file - -- name: If not, run 'uuidgen' to create a uuid, in register uuid_response - command: uuidgen - register: uuid_response - when: not uuid_file.stat.exists - -- name: Save it to /etc/iiab/uuid - shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid - when: not uuid_file.stat.exists - -- name: Load /etc/iiab/uuid, into register stored_uuid - command: cat /etc/iiab/uuid - register: stored_uuid - -- name: Store it in Ansible variable 'uuid' - set_fact: - uuid: "{{ stored_uuid.stdout_lines[0] }}" - - -- name: Does 'ubermix' exist in /etc/lsb-release? - shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors? - register: grep_ubermix - failed_when: False # Universal way to hide alarmist red errors! - #ignore_errors: True - #check_mode: no - -- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix - copy: - src: roles/1-prep/files/iiab.conf - dest: /etc/tmpfiles.d/ - # owner: root - # group: root - # mode: '0644' - force: yes - when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist - -# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml -# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-* -# pkgs are not installed FWIW. But it's included to safeguard us across all -# OS's, in case others OS's like Ubermix later appear. See #1382 for details. -# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix! -- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix - shell: apt -y remove "libgeos-*" - when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist - - - name: SSHD -- required by OpenVPN below -- also run by roles/4-server-options/tasks/main.yml include_role: name: sshd when: sshd_install -- name: IIAB-ADMIN - include_role: - name: iiab-admin - #when: iiab_admin_install # Flag might be created in future? - - name: OPENVPN include_role: name: openvpn when: openvpn_install +- name: IIAB-ADMIN -- includes roles/iiab-admin/tasks/access.yml + include_role: + name: iiab-admin + #when: iiab_admin_install # Flag might be created in future? + +- name: dnsmasq (install now, configure LATER in 'network', after Stage 9) + include_tasks: roles/network/tasks/dnsmasq.yml + #when: dnsmasq_install # Flag might be used in future? + +- include_tasks: uuid.yml +- include_tasks: ubermix.yml +- include_tasks: hw_platforms.yml + # Debian 10 "Buster" is apparently enabling AppArmor in 2019: # https://wiki.debian.org/AppArmor/Progress @@ -109,25 +55,6 @@ # when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed -## DISCOVER PLATFORMS ###### -# Put conditional actions for hardware platforms here - -- include_tasks: raspberry_pi.yml - when: first_run and rpi_model != "none" - -- name: Check if the identifier for Intel's NUC6 built-in WiFi is present - shell: "lsusb | grep 8087:0a2b | wc | awk '{print $1}'" - register: usb_NUC6 - ignore_errors: True - -- name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 # iiab_download_url is http://download.iiab.io/packages - get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" - dest: /lib/firmware - timeout: "{{ download_timeout }}" - when: internet_available and usb_NUC6.stdout|int > 0 - - - name: Recording STAGE 1 HAS COMPLETED ============================ template: src: roles/1-prep/templates/iiab.env.j2 diff --git a/roles/1-prep/tasks/ubermix.yml b/roles/1-prep/tasks/ubermix.yml new file mode 100644 index 000000000..fa9e1c891 --- /dev/null +++ b/roles/1-prep/tasks/ubermix.yml @@ -0,0 +1,25 @@ +- name: Does 'ubermix' exist in /etc/lsb-release? + shell: grep -i ubermix /etc/lsb-release # Pipe to cat to avoid red errors? + register: grep_ubermix + failed_when: False # Universal way to hide alarmist red errors! + #ignore_errors: True + #check_mode: no + +- name: If so, install /etc/tmpfiles.d/iiab.conf to create /var/log subdirs on each boot, so {Apache, MongoDB, Munin} run on Ubermix (root:root, 0644 by default) + copy: + src: roles/1-prep/files/iiab.conf + dest: /etc/tmpfiles.d/ + # owner: root + # group: root + # mode: 0644 + force: yes + when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist + +# 2020-03-19: for KA Lite, but moved from roles/kalite/tasks/install.yml +# This effectively does nothing at all on Ubuntu & Raspbian, where libgeos-* +# pkgs are not installed FWIW. But it's included to safeguard us across all +# OS's, in case others OS's like Ubermix later appear. See #1382 for details. +# Removing pkgs libgeos-3.6.2 & libgeos-c1v5 fixed the situation on Ubermix! +- name: Remove libgeos-* pkgs, avoiding KA Lite Django failure on Ubermix + shell: apt -y remove "libgeos-*" + when: grep_ubermix.rc == 0 # 1 if absent in file, 2 if file doesn't exist diff --git a/roles/1-prep/tasks/uuid.yml b/roles/1-prep/tasks/uuid.yml new file mode 100644 index 000000000..28ab30340 --- /dev/null +++ b/roles/1-prep/tasks/uuid.yml @@ -0,0 +1,26 @@ +- name: "Install packages: uuid-runtime" + package: + name: uuid-runtime + state: present + +- name: Does /etc/iiab/uuid exist? + stat: + path: /etc/iiab/uuid + register: uuid_file + +- name: If not, run 'uuidgen' to create a uuid, in register uuid_response + command: uuidgen + register: uuid_response + when: not uuid_file.stat.exists + +- name: Save it to /etc/iiab/uuid + shell: echo {{ uuid_response.stdout_lines[0] }} > /etc/iiab/uuid + when: not uuid_file.stat.exists + +- name: Load /etc/iiab/uuid, into register stored_uuid + command: cat /etc/iiab/uuid + register: stored_uuid + +- name: Store it in Ansible variable 'uuid' + set_fact: + uuid: "{{ stored_uuid.stdout_lines[0] }}" diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 21ae62a6a..0693fd50e 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,7 +8,7 @@ - include_tasks: packages.yml -- name: 'Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml' +- name: "Network prep, including partial setup of iptables (firewall) -- SEE ALSO: 1-prep/tasks/raspberry_pi.yml" include_tasks: network.yml - include_tasks: iiab-startup.yml diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index 3362c0ce5..26c061b52 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -4,7 +4,7 @@ - name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' meta: noop -- name: "Install 20 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget, wpasupplicant" +- name: "Install 21 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, sudo, tar, unzip, usbutils, wget, wpasupplicant" package: name: - acpid # Daemon for ACPI (power mgmt) events @@ -33,7 +33,7 @@ - rsync #- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml - sqlite3 - #- sudo # Installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml + - sudo - tar - unzip #- usbmount # Moved to roles/usb_lib/tasks/install.yml