diff --git a/roles/1-prep/tasks/raspberry_pi.yml b/roles/1-prep/tasks/raspberry_pi.yml index 3c9ed54ad..232674dca 100644 --- a/roles/1-prep/tasks/raspberry_pi.yml +++ b/roles/1-prep/tasks/raspberry_pi.yml @@ -22,7 +22,7 @@ path: /boot/firmware/usercfg.txt line: "dtoverlay=i2c-rtc,{{ rtc_id }}=on" state: present - when: rtc_id is defined and rtc_id != "none" and is_ubuntu + when: rtc_id is defined and rtc_id != "none" and is_ubuntu # CLARIF: Ubuntu runs increasingly well on RPi hardware, starting in 2020 especially #- name: Enable bluetooth in /boot/firmware/syscfg.txt on Ubuntu (needs reboot) # lineinfile: @@ -31,15 +31,28 @@ # line: 'include btcfg.txt' # when: is_ubuntu -- name: 'Ensure packages are installed: dphys-swapfile, fake-hwclock, iw, rfkill, wireless-tools' +- name: '2021-07-27: SEE ALSO ~4 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml' + meta: noop + +- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' + meta: noop + +# 2021-07-27 explanation from @jvonau: The 3 BELOW (iw, rfkill, wireless-tools) +# are provided by RaspiOS. Ubuntu|Debian on the other hand are hit or miss: +# desktops might have some/all 3 preinstalled, while servers tend not to have +# these present at all, but are needed to be installed if you want to take full +# advantage of WiFi on Ubuntu and friends -- but it's only enforced on RPi +# hardware where we know in advance of the likelihood of WiFi being present. + +- name: 'Install packages: cloud-guest-utils, dphys-swapfile, fake-hwclock, iw, rfkill, wireless-tools' package: name: - - dphys-swapfile - - fake-hwclock - - iw - - rfkill - - wireless-tools - - cloud-guest-utils + - cloud-guest-utils # Contains 'growpart' for resizing a partition during boot, which is normally done with the aid of cloud-init + - dphys-swapfile # 2021-07-27: RaspiOS installs this regardless -- autogenerate and use a swap file + - fake-hwclock # 2021-07-27: RaspiOS installs this regardless -- save/restore system clock on machines without working RTC hardware + - iw # 2021-07-27: RaspiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/clone-wifi.service.j2 + - rfkill # 2021-07-27: RaspiOS installs this regardless -- enable & disable wireless devices + - wireless-tools # 2021-07-27: RaspiOS installs this regardless -- manipulate Linux Wireless Extensions state: present - name: Increase swap file size (to CONF_SWAPSIZE={{ pi_swap_file_size }} in /etc/dphys-swapfile) as kalite pip download fails diff --git a/roles/2-common/tasks/network.yml b/roles/2-common/tasks/network.yml index dc71f4a13..cc1615a58 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/2-common/tasks/network.yml @@ -1,23 +1,26 @@ +- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml' + meta: noop + +- name: '2021-07-27: SEE ALSO ~4 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/packages.yml' + meta: noop + - name: Install package networkd-dispatcher (OS's other than RaspiOS) package: - name: networkd-dispatcher + name: networkd-dispatcher # Dispatcher service for systemd-networkd connection status changes state: present when: not is_raspbian -# used in the network role -- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask (debuntu)' +- name: 'Install network packages: hostapd, iproute2, iptables-persistent, netmask -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - - iproute2 - - iptables-persistent - - hostapd - - netmask + - hostapd # IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired + - iproute2 # 2021-07-27: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools + - iptables-persistent # Boot-time loader for netfilter rules, iptables (firewall) plugin -- however 'netfilter' is ever moving forward so keep an eye on it! + - netmask # Handy utility -- helps determine network masks state: present - when: is_debuntu - name: Install /etc/network/if-pre-up.d/iptables from template (0755, debuntu) template: src: iptables dest: /etc/network/if-pre-up.d/iptables mode: '0755' - when: is_debuntu diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index a844e6c0b..bcb36cae1 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -1,59 +1,59 @@ -- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" - package: - name: - - avahi - - avahi-tools - - createrepo - - linux-firmware - - nss-mdns - - openssl # FC 18 does not supply, but pear requires - - syslog - - wpa_supplicant - - xml-common - - yum-utils - state: present - when: is_redhat +#- name: "Install 10 yum/dnf packages: avahi, avahi-tools, createrepo, linux-firmware, nss-mdns, openssl, syslog, wpa_supplicant, xml-common, yum-utils (redhat)" +# package: +# name: +# - avahi +# - avahi-tools +# - createrepo +# - linux-firmware +# - nss-mdns +# - openssl # FC 18 does not supply, but pear requires +# - syslog +# - wpa_supplicant +# - xml-common +# - yum-utils +# state: present +# when: is_redhat -- name: "Install 6 deb/apt packages: avahi-daemon, exfat-fuse, exfat-utils, inetutils-syslogd, libnss-mdns, wpasupplicant (debuntu)" - package: - name: - #- avahi-discover - - avahi-daemon - - exfat-fuse # Should no longer be nec with 5.4+ kernels - - exfat-utils # Likewise! - - inetutils-syslogd # Error logging facility - - libnss-mdns # Provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - - wpasupplicant - state: present - when: is_debuntu +- name: '2021-07-27: SEE ALSO ~3 networking packages EARLIER installed by https://github.com/iiab/iiab/blob/master/roles/1-prep/tasks/raspberry_pi.yml' + meta: noop -- name: "Install 18 common packages: acpid, bzip2, curl, gawk, htop, i2c-tools, logrotate, mlocate, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget" +- name: '2021-07-27: SEE ALSO 4-5 networking packages LATER installed by https://github.com/iiab/iiab/blob/master/roles/2-common/tasks/network.yml' + meta: noop + +- name: "Install 20 common packages: acpid, avahi-daemon, bzip2, curl, gawk, htop, i2c-tools, libnss-mdns, logrotate, mlocate, net-tools, pandoc, pastebinit, rsync, sqlite3, tar, unzip, usbutils, wget, wpasupplicant" package: name: - - acpid # Daemon for ACPI (power mgmt) events - - bzip2 # 2021-04-26: Prob not used, but can't hurt? - - curl # Used to install roles/nodejs and roles/nodered - #- etckeeper # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 + - acpid # Daemon for ACPI (power mgmt) events + - avahi-daemon # 2021-07-27: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml + #- avahi-discover # 2021-07-27: Commented out long ago + - bzip2 # 2021-04-26: Prob not used, but can't hurt? + - curl # Used to install roles/nodejs and roles/nodered + #- etckeeper # "nobody is really using etckeeper and it's bloating the filesystem every time apt runs" per @jvonau at https://github.com/iiab/iiab/issues/1146 + #- exfat-fuse # 2021-07-27: Should no longer be nec with 5.4+ kernels, so let's try commenting it out + #- exfat-utils # Ditto! See also 'ntfs-3g' below - gawk - htop - - i2c-tools # Low-level bus/chip/register/EEPROM tools e.g. for RTC - #- iproute2 # Installed by roles/2-common/tasks/network.yml + - i2c-tools # Low-level bus/chip/register/EEPROM tools e.g. for RTC + #- inetutils-syslogd # 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros + #- iproute2 # Installed by roles/2-common/tasks/network.yml - logrotate - #- lynx # Installed by 1-prep's roles/iiab-admin/tasks/access.yml - #- make # 2021-07-27: Currently used by roles/pbx and no other roles + - libnss-mdns # 2021-07-27: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi + #- lynx # Installed by 1-prep's roles/iiab-admin/tasks/access.yml + #- make # 2021-07-27: Currently used by roles/pbx and no other roles - mlocate - - net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - - ntfs-3g # Possibly no longer nec, similar to exfat packages above? + - net-tools # 2021-04-26: @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? + #- ntfs-3g # 2021-07-27: RaspiOS installs this regardless -- but this should no longer be nec, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g #- openssh-server # ssh (Raspbian) or openssh-server (other OS's) already installed by 1-prep's roles/sshd/tasks/main.yml - - pandoc # For /usr/bin/iiab-refresh-wiki-docs - - pastebinit # For /usr/bin/iiab-diagnostics + - pandoc # For /usr/bin/iiab-refresh-wiki-docs + - pastebinit # For /usr/bin/iiab-diagnostics - rsync - #- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml + #- screen # Installed by 1-prep's roles/iiab-admin/tasks/access.yml - sqlite3 - #- sudo # Installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml + #- sudo # Installed by 1-prep's roles/iiab-admin/tasks/sudo-prereqs.yml - tar - unzip - #- usbmount # Moved to roles/usb_lib/tasks/install.yml - - usbutils # 2021-04-26: Also move to roles/usb_lib/tasks/install.yml ? + #- usbmount # Moved to roles/usb_lib/tasks/install.yml + - usbutils # 2021-07-27: RaspiOS installs this regardless -- move to roles/usb_lib/tasks/install.yml ? - wget + - wpasupplicant # 2021-07-27: RaspiOS installs this regardless -- client library for connections to a WiFi AP state: present diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 1759c5b7d..faa5ce574 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -18,7 +18,7 @@ name: pylibs #when: pylibs_install # Flag might be created in future? -- name: SSHD - also run by roles/1-prep/tasks/main.yml as required by OpenVPN +- name: SSHD -- also run by roles/1-prep/tasks/main.yml as required by OpenVPN include_role: name: sshd when: sshd_install diff --git a/roles/elgg/defaults/main.yml b/roles/elgg/defaults/main.yml index 24d621f6f..2bfcb6bd8 100644 --- a/roles/elgg/defaults/main.yml +++ b/roles/elgg/defaults/main.yml @@ -21,7 +21,7 @@ dbname: elggdb dbhost: localhost dbprefix: elgg_ -# The following variables must be in sync with template/elggdb.sql.j2 +# The following variables must be in sync with templates/elggdb.sql.j2 # If you change them, you will probably have to rebuild the database. # They can be changed from the administrative interface once Elgg is installed. diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index e5bfc9b1e..fb0c5966a 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -6,12 +6,12 @@ state: stopped ignore_errors: yes -- name: Ensure group gitea exists +- name: Ensure group 'gitea' exists group: name: gitea state: present -- name: Create user gitea +- name: Create user 'gitea' user: name: gitea comment: Gitea daemon account @@ -26,7 +26,7 @@ group: gitea with_items: "{{ gitea_subdirectories }}" -- name: Make directories data, indexers, and log writable +- name: Make directories data, indexers, and log writable (0750) file: path: "{{ gitea_root_directory }}/{{ item }}" # /library/gitea mode: '0750' @@ -98,7 +98,7 @@ # 4. Create systemd service & prepare NGINX for http://box/gitea -- name: "Install from template: /etc/systemd/system/gitea.service" +- name: "Install from template: /etc/systemd/system/gitea.service (by default 0644)" template: src: gitea.service.j2 dest: /etc/systemd/system/gitea.service diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 948c5f453..f33d05191 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -13,22 +13,22 @@ when: nodejs_installed is undefined -- name: Make the directories to hold JupyterHub config +- name: Make 3 directories to hold JupyterHub config file: state: directory path: "{{ item }}" with_items: - - "{{ jupyterhub_venv }}/etc/jupyter" + - "{{ jupyterhub_venv }}/etc/jupyter" # /opt/iiab/jupyterhub - "{{ jupyterhub_venv }}/etc/jupyterhub" - "{{ jupyterhub_venv }}/etc/systemd" -- name: Use npm to install configurable-http-proxy +- name: Use npm to install 'configurable-http-proxy' npm: name: configurable-http-proxy global: yes state: latest -- name: "Use pip to install into a virtual environment: {{ jupyterhub_venv }} (~229 MB)" +- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~229 MB)" pip: name: - pip diff --git a/roles/moodle/tasks/install.yml b/roles/moodle/tasks/install.yml index 66dd5cb74..8e4f7c584 100644 --- a/roles/moodle/tasks/install.yml +++ b/roles/moodle/tasks/install.yml @@ -106,7 +106,7 @@ dest: "{{ moodle_base }}" mode: 0755 -- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini with PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation +- name: Execute {{ moodle_base }}/moodle_installer IF {{ moodle_base }}/config.php doesn't yet exist -- REQUIRES 'max_input_vars = 5000' (or higher) in /etc/php/{{ php_version }}/cli/php.ini IF PHP 8+ (as set up by www_options/tasks/main.yml) -- WHEREAS LATER Moodle uses /etc/php/{{ php_version }}/fpm/php.ini during regular operation shell: "{{ moodle_base }}/moodle_installer" args: creates: "{{ moodle_base }}/config.php" diff --git a/roles/munin/tasks/install.yml b/roles/munin/tasks/install.yml index c04aa97b4..0e7af8fe4 100644 --- a/roles/munin/tasks/install.yml +++ b/roles/munin/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "Install 5 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl" +- name: "Install 4 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl" package: name: - munin @@ -8,14 +8,6 @@ #- libapache2-mod-fcgid state: present -# - name: "Install 2 packages: munin, munin-node (OS's other than debuntu)" -# package: -# name: -# - munin -# - munin-node -# state: present -# when: not is_debuntu - - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd htpasswd: path: /etc/munin/munin-htpasswd diff --git a/roles/nodejs/tasks/install.yml b/roles/nodejs/tasks/install.yml index ba3536c96..33039d899 100644 --- a/roles/nodejs/tasks/install.yml +++ b/roles/nodejs/tasks/install.yml @@ -65,12 +65,12 @@ # state: absent # when: internet_available and is_debuntu -- name: Set up Node.js {{ nodejs_version }} apt sources (debuntu) +- name: Set up Node.js {{ nodejs_version }} apt sources shell: curl -sL https://deb.nodesource.com/setup_{{ nodejs_version }} | bash - args: warn: no creates: /etc/apt/sources.list.d/nodesource.list - when: internet_available and is_debuntu + when: internet_available #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) # NOT NEC TO TEST FOR is_raspbian_8 OR is_raspbian_9 AS /opt/iiab/iiab/vars/.yml # DEFINES THESE AS SUBSETS OF is_debian_8 OR is_debian_9 (FOR NOW!) @@ -80,20 +80,20 @@ # "npm install -g npm@latest" (all *SHOULD* be magically fixed by 2019-04-18 ?) # Forces update -- name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm (debuntu) +- name: Install latest Node.js {{ nodejs_version }} which includes /usr/bin/npm package: #name: nodejs={{ nodejs_version }} name: nodejs state: latest #state: present - when: internet_available and is_debuntu + when: internet_available #when: internet_available and (is_debian_8 or is_debian_9 or is_ubuntu_16 or is_ubuntu_17) -- name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat) - shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash - - args: - warn: no - when: internet_available and is_redhat +# - name: Set up & install Node.js {{ nodejs_version }} which includes /usr/bin/npm (redhat) +# shell: curl -sL https://rpm.nodesource.com/setup_{{ nodejs_version }} | bash - +# args: +# warn: no +# when: internet_available and is_redhat # 2018-07-14: BOTH STEPS ABOVE TAKE TIME, but Raspbian (apt offers npm diff --git a/roles/postgresql/tasks/install.yml b/roles/postgresql/tasks/install.yml index fc78589af..bc180c234 100644 --- a/roles/postgresql/tasks/install.yml +++ b/roles/postgresql/tasks/install.yml @@ -1,21 +1,11 @@ -- name: Install 'postgresql' package +- name: 'Install packages: postgresql, postgresql-client' package: - name: postgresql + name: + - postgresql + - postgresql-client state: present -- name: Install 'postgresql-client' package (debuntu) - package: - name: postgresql-client - state: present - when: is_debuntu - -- name: Install 'postgresql-server' package (OS's other than debuntu) - package: - name: postgresql-server - state: present - when: not is_debuntu - -- name: Install /etc/systemd/system/postgresql-iiab.service from template +- name: Install /etc/systemd/system/postgresql-iiab.service from template (0644 by default) template: src: postgresql-iiab.service dest: /etc/systemd/system/postgresql-iiab.service @@ -23,50 +13,47 @@ # group: root # mode: '0644' -- name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres +- name: Create PostgreSQL data dir /library/pgsql-iiab, owned by postgres:postgres (0700) file: + state: directory path: /library/pgsql-iiab owner: postgres group: postgres - mode: '0700' - state: directory + mode: 0700 -- name: Make sure locale {{ postgresql_locale }} is enabled (debuntu) # en_US.UTF-8 +- name: Make sure locale {{ postgresql_locale }} is enabled # en_US.UTF-8 lineinfile: dest: /etc/locale.gen line: "{{ postgresql_locale }} UTF-8" - when: is_debuntu -- name: Generate locales (debuntu) +- name: Generate locales command: /usr/sbin/locale-gen - when: is_debuntu -- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (debuntu) +- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf #command: su - postgres -c "/usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab" command: /usr/lib/postgresql/{{ postgresql_version }}/bin/initdb -E 'UTF-8' --locale={{ postgresql_locale }} -D /library/pgsql-iiab args: creates: /library/pgsql-iiab/pg_hba.conf become: yes become_user: postgres - when: is_debuntu -- name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (OS's other than debuntu) - #command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab" - command: /usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab - args: - creates: /library/pgsql-iiab/pg_hba.conf - become: yes - become_user: postgres - when: not is_debuntu +# - name: Initialize the PostgreSQL db, creating /library/pgsql-iiab/pg_hba.conf (OS's other than debuntu) +# #command: su - postgres -c "/usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab" +# command: /usr/bin/initdb -E 'UTF-8' --lc-collate={{ postgresql_locale }} --lc-ctype={{ postgresql_locale }} -D /library/pgsql-iiab +# args: +# creates: /library/pgsql-iiab/pg_hba.conf +# become: yes +# become_user: postgres +# when: not is_debuntu -- name: Install /library/pgsql-iiab/postgresql.conf owned by postgres:postgres, from template +- name: Install /library/pgsql-iiab/postgresql.conf from template (postgres:postgres, 0640) template: backup: yes src: postgresql.conf.j2 dest: /library/pgsql-iiab/postgresql.conf owner: postgres group: postgres - mode: '0640' + mode: 0640 - name: Disable & Stop stock 'postgresql' (parent) systemd service systemd: