From d08c6b1424cfa94cfd454b808b91a167463f939b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 21 Sep 2020 21:16:15 -0500 Subject: [PATCH 01/11] validate - prune mongodb --- roles/0-init/tasks/validate_vars.yml | 1 - vars/default_vars.yml | 6 ++---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index d79ef73c2..cfe0cdb0b 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -85,7 +85,6 @@ - kolibri - kiwix - moodle - - mongodb - sugarizer - osm_vector_maps - transmission diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 0e0a1e044..8034fdc0d 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -471,10 +471,8 @@ moodle_enabled: False # This role was formerly installed by roles/sugarizer/meta/main.yml # # 2020-02-04: mongodb_install is completely ignored as MongoDB is installed on -# demand as a dependency -- by Sugarizer -- but for now we set fake value -# 'mongodb_install: True' so that 'mongodb_installed is defined' input -# validation works, e.g. in 0-init/tasks/validate_vars.yml -mongodb_install: True +# demand as a dependency -- by Sugarizer +mongodb_install: False # FYI 'mongodb_enabled: False' works when Sugarizer is disabled. Required by # mongodb/tasks/enable.yml to shut down the service and log status, but that is # misleading as Sugarizer starts mongodb's systemd service on its own, due to From dfe8c3d5fb814f2cfffe676053ea5027950b3aa6 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 21 Sep 2020 21:18:00 -0500 Subject: [PATCH 02/11] validate - prune postgresql --- roles/0-init/tasks/validate_vars.yml | 1 - vars/default_vars.yml | 7 ++----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index cfe0cdb0b..a72eb0fc9 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -60,7 +60,6 @@ - mysql - squid - dansguardian - - postgresql - cups - samba - usb_lib diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 8034fdc0d..a1ed60de9 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -296,11 +296,8 @@ dansguardian_install: False dansguardian_enabled: False # 2020-02-04: postgresql_install is completely ignored as PostgreSQL is -# installed on demand as a dependency -- by Moodle &/or Pathagar -- but for now -# we set fake value 'postgresql_install: True' so that -# 'postgresql_installed is defined' input validation works, e.g. in -# 0-init/tasks/validate_vars.yml -postgresql_install: True +# installed on demand as a dependency -- by Moodle &/or Pathagar +postgresql_install: False postgresql_enabled: False # Common UNIX Printing System (CUPS) From 82e5c3b5719529ab0ae4996f7f68f6a5a6503506 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 21 Sep 2020 21:21:41 -0500 Subject: [PATCH 03/11] validate - prune nodejs --- roles/0-init/tasks/validate_vars.yml | 1 - vars/default_vars.yml | 5 +---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index a72eb0fc9..677a07a00 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -75,7 +75,6 @@ - lokole - mediawiki - mosquitto - - nodejs - nodered - nextcloud - pbx diff --git a/vars/default_vars.yml b/vars/default_vars.yml index a1ed60de9..9ed1bc98f 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -392,10 +392,7 @@ mosquitto_port: 1883 # 2020-02-04: nodejs_install is completely ignored as Node.js is installed on # demand as a dependency -- by Node-RED, Sugarizer and/or Internet Archive -- -# but for now we set fake value 'nodejs_install: True' so that -# 'nodejs_installed is defined' input validation works, e.g. in -# 0-init/tasks/validate_vars.yml -nodejs_install: True +nodejs_install: False nodejs_enabled: False # Node.js version used by roles/nodejs/tasks/main.yml for 3 roles: # nodered (Node-RED), pbx (Asterix, FreePBX) & sugarizer (Sugarizer) From 35d83aec98dfaeee58c1b67f656cb2cd9e0238f8 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 21 Sep 2020 21:41:12 -0500 Subject: [PATCH 04/11] validate - prune mysql - clean up 0-init --- roles/0-init/tasks/main.yml | 40 ---------------------------- roles/0-init/tasks/validate_vars.yml | 1 - roles/3-base-server/tasks/main.yml | 1 - 3 files changed, 42 deletions(-) diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 7b4fa58c4..34a45832d 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -96,46 +96,6 @@ gui_port: 443 when: adm_cons_force_ssl | bool -- name: Turn on both vars for MySQL (mandatory in Stage 3!) - set_fact: - mysql_install: True - mysql_enabled: True - -# We decided to enable mysql unconditionally. -# when: elgg_enabled or rachel_enabled or owncloud_enabled or phpmyadmin_enabled or wordpress_enabled or iiab_menu_install - -- name: "Set python_path: /lib/python2.7/site-packages/ (redhat)" - set_fact: - python_path: /lib/python2.7/site-packages/ - when: is_redhat | bool - -- name: "Set python_path: /usr/local/lib/python2.7/dist-packages/ (debuntu)" - set_fact: - python_path: /usr/local/lib/python2.7/dist-packages/ - when: is_debuntu | bool - -# For various reasons the mysql service cannot be enabled on Fedora 20, but -# 'mariadb', which is its real name can. On Fedora 18 we need to use 'mysqld'. - -# BETTER TO USE /opt/iiab/iiab/vars/.yml -#- name: "Set mysql_service: mariadb by default" -# set_fact: -# mysql_service: mariadb - -- name: "Set mysql_service: mysqld etc (Fedora 18)" - set_fact: - # BETTER TO USE /opt/iiab/iiab/vars/.yml - #mysql_service: mysqld - no_NM_reload: True - is_F18: True - when: (ansible_distribution_release == "based on Fedora 18" or ansible_distribution_version == "18") and ansible_distribution == "Fedora" - -# BETTER TO USE /opt/iiab/iiab/vars/.yml -#- name: "Set mysql_service: mysql (debuntu)" -# set_fact: -# mysql_service: mysql -# when: is_debuntu | bool - - name: "Set iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}" set_fact: iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 677a07a00..d926c134a 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -57,7 +57,6 @@ - admin_console - nginx - apache - - mysql - squid - dansguardian - cups diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index 96bd8cf3f..b620fce37 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -6,7 +6,6 @@ - name: MYSQL include_role: name: mysql - when: mysql_install | bool # 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles: # From c20ca679d9bbc8ce07f085f74ab7ada12e7007ef Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 21 Sep 2020 22:02:14 -0500 Subject: [PATCH 05/11] validate - prune nginx --- roles/0-init/tasks/validate_vars.yml | 1 - roles/3-base-server/tasks/main.yml | 1 - vars/default_vars.yml | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index d926c134a..137210a73 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -55,7 +55,6 @@ - sshd - openvpn - admin_console - - nginx - apache - squid - dansguardian diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml index b620fce37..4b8b536e4 100644 --- a/roles/3-base-server/tasks/main.yml +++ b/roles/3-base-server/tasks/main.yml @@ -21,7 +21,6 @@ - name: NGINX include_role: name: nginx - when: nginx_install | bool - name: WWW_BASE (WWW_OPTIONS should be installed later) include_role: diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 9ed1bc98f..f6a7d77a1 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -250,6 +250,7 @@ mysql_enabled: True # 2019-01-13: IIAB's use of NGINX is still evolving -- please review this # evolving doc: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md +# 2020-09-21: removed install |bool in stage 3, not optional and has no effect nginx_install: True nginx_enabled: True nginx_port: 80 From 0ebd09e46fffca53649629cc7bf0f65c00137213 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 21 Sep 2020 22:07:24 -0500 Subject: [PATCH 06/11] validate - prune apache & admin_console --- roles/0-init/tasks/validate_vars.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index 137210a73..adad0affa 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -54,8 +54,6 @@ - wondershaper - sshd - openvpn - - admin_console - - apache - squid - dansguardian - cups From 9be964462563d5792d19f34438149e254b9c972b Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Mon, 21 Sep 2020 22:12:04 -0500 Subject: [PATCH 07/11] The 7 removed roles part of stage 3, installed on demand, or does not exist --- roles/0-init/tasks/validate_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index adad0affa..bbbdbbbf1 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -42,7 +42,7 @@ # are officially now UNMAINTAINED in default_vars.yml and # https://github.com/iiab/iiab/blob/master/unmaintained-roles.txt etc? -- name: Set vars_checklist for 53 + 53 + up-to-53 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked +- name: Set vars_checklist for 46 + 46 + up-to-46 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd From 12d239cb2b45e7198f73f663576c9edbf21e49cb Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 22 Sep 2020 08:26:38 -0500 Subject: [PATCH 08/11] validate - prune dnsmasq --- roles/1-prep/tasks/main.yml | 1 - vars/local_vars_big.yml | 1 - vars/local_vars_medium.yml | 1 - vars/local_vars_min.yml | 1 - 4 files changed, 4 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 276babab0..9e3ad4900 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -5,7 +5,6 @@ - name: dnsmasq (install now, configure LATER in 'network', after Stage 9) include_tasks: roles/network/tasks/dnsmasq.yml - #when: dnsmasq_install | bool - name: Install uuid-runtime package (debuntu) package: diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index ae1d80df0..6219ca273 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -99,7 +99,6 @@ named_install: False named_enabled: False # dnsmasq - handles DHCP and DNS -dnsmasq_install: True dnsmasq_enabled: True # Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index aa7d4157e..ea57bc255 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -99,7 +99,6 @@ named_install: False named_enabled: False # dnsmasq - handles DHCP and DNS -dnsmasq_install: True dnsmasq_enabled: True # Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index d0394b364..2b1f0c96b 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -99,7 +99,6 @@ named_install: False named_enabled: False # dnsmasq - handles DHCP and DNS -dnsmasq_install: True dnsmasq_enabled: True # Enable AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" From b00ea49b4101580e3b8450fd534adb746bfe8e33 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 22 Sep 2020 08:52:26 -0500 Subject: [PATCH 09/11] bugfix - sshd --- roles/1-prep/tasks/main.yml | 1 - roles/4-server-options/tasks/main.yml | 4 ++++ vars/default_vars.yml | 2 +- vars/local_vars_big.yml | 1 + vars/local_vars_medium.yml | 1 + vars/local_vars_min.yml | 1 + 6 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 9e3ad4900..38e387902 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -77,7 +77,6 @@ - name: SSHD include_role: name: sshd - #when: sshd_install | bool # Flag might be created in future? - name: IIAB-ADMIN include_role: diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index dd581f84a..52fb7a2d0 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -18,6 +18,10 @@ name: pylibs #when: pylibs_install | bool # Flag might be created in future? +- name: SSHD + include_role: + name: sshd + - name: Install named / BIND include_tasks: roles/network/tasks/named.yml when: named_install | bool diff --git a/vars/default_vars.yml b/vars/default_vars.yml index f6a7d77a1..784036092 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -208,7 +208,7 @@ wan_try_dhcp_before_static_ip: True # Facilitate field updates w/ cablemodems # 1-PREP # SEE ssh_port var above. -sshd_install: True # 2020-01-21: do not rely on this var for now (might be implemented in future) +sshd_install: True sshd_enabled: True # roles/iiab-admin runs here diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 6219ca273..86c722cff 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -168,6 +168,7 @@ apache_allow_sudo: True # 4-SERVER-OPTIONS +sshd_enabled: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index ea57bc255..56c73486e 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -168,6 +168,7 @@ apache_allow_sudo: True # 4-SERVER-OPTIONS +sshd_enabled: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index 2b1f0c96b..e897512a9 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -168,6 +168,7 @@ apache_allow_sudo: True # 4-SERVER-OPTIONS +sshd_enabled: True # DNS prep (dnsmasq, named &/or dhcpd) run here. The full network stage runs # after 9-LOCAL-ADDONS (or manually run "cd /opt/iiab/iiab; ./iiab-network") From 5b46eb248d346d577084fb6b6d93b137f3740b17 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Tue, 22 Sep 2020 08:59:36 -0500 Subject: [PATCH 10/11] cleanup stage 1 & 4 of # out *_install lines --- roles/1-prep/tasks/main.yml | 1 - roles/4-server-options/tasks/main.yml | 2 -- 2 files changed, 3 deletions(-) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 38e387902..a9a91c182 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -81,7 +81,6 @@ - name: IIAB-ADMIN include_role: name: iiab-admin - #when: iiab_admin_install | bool # Flag might be created in future? - name: OPENVPN include_role: diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 52fb7a2d0..f5dce89c4 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -16,7 +16,6 @@ - name: Install pylibs (IIAB's python libs) include_role: name: pylibs - #when: pylibs_install | bool # Flag might be created in future? - name: SSHD include_role: @@ -61,7 +60,6 @@ - name: WWW_OPTIONS (WWW_BASE should have been installed earlier) include_role: name: www_options - #when: www_options_install | bool # Flag might be created in future? - name: Recording STAGE 4 HAS COMPLETED ================== lineinfile: From 79e2b5ba3fc8654d009a59f30599026aaf3b6a96 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 24 Sep 2020 08:06:33 -0500 Subject: [PATCH 11/11] Clean up default_vars --- vars/default_vars.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 784036092..1f188ceb5 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -272,10 +272,8 @@ apache_allow_sudo: True # # 2020-05-21: apache_install is completely ignored as Apache is installed on # demand as a dependency -- by CUPS, Elgg, Lokole, Moodle, Node-RED and/or -# phpMyAdmin -- but for now we set fake value 'apache_install: True' so that -# 'apache_installed is defined' input validation works, e.g. in -# 0-init/tasks/validate_vars.yml -apache_install: True +# phpMyAdmin +apache_install: False apache_enabled: False # # NGINX proxies to Apache for legacy IIAB services, using: @@ -558,10 +556,8 @@ vnstat_enabled: False # 9-LOCAL-ADDONS # 2020-02-04: yarn_install is completely ignored as the Yarn package manager is -# installed on demand as a dependency -- by Internet Archive -- but for now we -# set fake value 'yarn_install: True' so that 'yarn_installed is defined' input -# validation works, e.g. in 0-init/tasks/validate_vars.yml -yarn_install: True +# installed on demand as a dependency -- by Internet Archive +yarn_install: False yarn_enabled: False # Internet Archive Offline / Decentralized Web - create your own offline