external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

merge iiab-install

Browse source
This commit is contained in:
Jerry Vonau 2017-10-31 15:56:06 -05:00
commit dc25d97f80
46 changed files with 484 additions and 314 deletions
Download patch file Download diff file Expand all files Collapse all files

74
iiab-install Executable file
View file

@ -0,0 +1,74 @@
#!/bin/bash -e
# running from a git repo
PLAYBOOK="iiab-stages.yml"
INVENTORY="ansible_hosts"
CWD=`pwd`
# Add cmdline options for passing to ansible
# todo add proper shift to gobble up --debug --reinstall
ARGS=""
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f /etc/ansible/facts.d/local_facts.fact ]; then
mkdir -p /etc/ansible/facts.d
fi
cp ./scripts/local_facts.fact /etc/ansible/facts.d/local_facts.fact
STAGE=""
if [ ! -f /etc/iiab/iiab.env ]; then
mkdir -p /etc/iiab
else
OLD=`grep XSCE /etc/iiab/iiab.env | wc -l`
if [ "$OLD" != 0 ] || [ "$1" = "--reinstall" ]; then
echo "Found old XSCE install - re-installing from scratch"
rm /etc/iiab/iiab.env
# check ansible version here and force ansible upgrade if needed
else
source /etc/iiab/iiab.env
if [ $STAGE == 9 ] && [ "$1" = "--debug" ]; then
echo "Entering debug mode"
sed -i -e 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env
elif [ ! $STAGE == 9 ]; then
echo "Restarting *after* STAGE $STAGE..as soon as Stage 0 completes. Stage 9 comes last."
else
# place keeper add read response
# "offer 'Y' or stage number dialog box option to override"
echo "'iiab-install' has already been completed"
echo "use --debug to override "
#echo "In demo mode not preventing second run"
echo "Exiting."
exit 1
fi
fi
fi
if [ ! -f $PLAYBOOK ]; then
echo "IIAB Playbook not found."
echo "Please run this command from the top level of the git repo."
echo "Exiting."
exit 1
fi
# if vars/local_vars.yml is missing, put a default one in place - First Run
if [ ! -f ./vars/local_vars.yml ]; then
OS=`grep ^ID= /etc/*release|cut -d= -f2`
OS=${OS//\"/}
case $OS in
OLPC | fedora)
cp ./vars/olpc.localvars ./vars/local_vars.yml
;;
centos | debian | ubuntu | raspbian)
cp ./vars/medium.localvars ./vars/local_vars.yml
;;
*)
echo "IIAB supports raspbian, debian, ubuntu, centos, and OLPC - exiting now..."
exit 1
;;
esac
fi
echo "Running local playbooks! "
ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null
ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local

14
iiab-network
View file

@ -1,15 +1,8 @@
#!/bin/bash #!/bin/bash
# running from a git repo
if [ -f /etc/iiab/iiab.env ] # ansible files exist
then
. /etc/iiab/iiab.env
cd $IIAB_DIR
else
echo /etc/iiab/iiab.env is missing. Playbook has not been run.
exit 1
fi
CWD=`pwd` CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-network.log"
if [ ! -f iiab-network.yml ] if [ ! -f iiab-network.yml ]
then then
@ -25,7 +18,6 @@ then
fi fi
Start=`date` Start=`date`
export ANSIBLE_LOG_PATH="$XSCE_DIR/iiab-network.log"
ansible-playbook -i ansible_hosts iiab-network.yml --connection=local ansible-playbook -i ansible_hosts iiab-network.yml --connection=local
End=`date` End=`date`
echo "" >> iiab-network.log echo "" >> iiab-network.log

69
iiab-stages.yml Normal file
View file

@ -0,0 +1,69 @@
---
- hosts: all
become: yes
vars_files:
- vars/default_vars.yml
- vars/{{ ansible_local.local_facts.os_ver }}.yml
- vars/local_vars.yml
tasks:
- name: 0-init
include_role:
name: 0-init
tags: 0-init
- name: 1-prep
include_role:
name: 1-prep
when: ansible_local.local_facts.stage|int < 1
tags: 1-prep, platform, base
- name: 2-common
include_role:
name: 2-common
when: ansible_local.local_facts.stage|int < 2
tags: 2-common, base
- name: 3-base-server
include_role:
name: 3-base-server
when: ansible_local.local_facts.stage|int < 3
tags: 3-base-server, base
- name: 4-server-options
include_role:
name: 4-server-options
when: ansible_local.local_facts.stage|int < 4
tags: 4-server-options
- name: 5-xo-services
include_role:
name: 5-xo-services
when: ansible_local.local_facts.stage|int < 5
tags: 5-xo-services
- name: 6-generic-apps
include_role:
name: 6-generic-apps
when: ansible_local.local_facts.stage|int < 6
tags: 6-generic-apps
- name: 7-edu-apps
include_role:
name: 7-edu-apps
when: ansible_local.local_facts.stage|int < 7
tags: 7-edu-apps
- name: 8-mgmt-tools
include_role:
name: 8-mgmt-tools
when: ansible_local.local_facts.stage|int < 8
tags: 8-mgmt-tools
- name: 9-local-addons
include_role:
name: 9-local-addons
when: ansible_local.local_facts.stage|int < 9
tags: 9-local-addons

3
install-support
View file

@ -4,6 +4,8 @@ PLAYBOOK="iiab-base.yml"
INVENTORY="ansible_hosts" INVENTORY="ansible_hosts"
CWD=`pwd` CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
if [ ! -f $PLAYBOOK ] if [ ! -f $PLAYBOOK ]
then then
echo "IIAB Playbook not found." echo "IIAB Playbook not found."
@ -15,5 +17,4 @@ fi
sed -i -e "s/openvpn_install: False/openvpn_install: True/" vars/local_vars.yml sed -i -e "s/openvpn_install: False/openvpn_install: True/" vars/local_vars.yml
sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" vars/local_vars.yml sed -i -e "s/openvpn_enabled: False/openvpn_enabled: True/" vars/local_vars.yml
export ANSIBLE_LOG_PATH="$CWD/iiab-install.log"
ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local

6
roles/0-init/tasks/main.yml
View file

@ -1,7 +1,7 @@
# Initialize # Initialize
- name: ...IS BEGINNING ============================================ - name: ...IS BEGINNING ============================================
command: echo include_vars: roles/1-prep/defaults/main.yml
- name: Determine if runansible was run - name: Determine if runansible was run
stat: path=/etc/iiab/iiab.env stat: path=/etc/iiab/iiab.env
@ -14,10 +14,10 @@
# we need to inialize the ini file and only write the location and version sections once and only # we need to inialize the ini file and only write the location and version sections once and only
# once to preserve the install date and git hash. # once to preserve the install date and git hash.
- include: roles/1-prep/tasks/iiab_ini.yml - include_tasks: roles/1-prep/tasks/iiab_ini.yml
when: first_run when: first_run
# Now load the computed vars # Now load the computed vars
- include: roles/1-prep/tasks/computed_vars.yml - include_tasks: roles/1-prep/tasks/computed_vars.yml
- name: ...HAS COMPLETED =========================================== - name: ...HAS COMPLETED ===========================================
command: echo command: echo

108
roles/1-prep/tasks/computed_vars.yml
View file

@ -1,34 +1,54 @@
# get local vars from scripts in /etc/ansible/facts.d - name: re-read local_facts.facts from /etc/ansible/facts.d
# on first run, this will generate UUID
- name: re-read facts
setup: filter=ansible_local setup: filter=ansible_local
# set top level variables from local facts for convenience # set top level variables from local facts for convenience
- set_fact: - set_fact:
xo_model: '{{ ansible_local["local_facts"]["xo_model"] }}' xo_model: '{{ ansible_local.local_facts.xo_model }}'
phplib_dir: '{{ ansible_local["local_facts"]["phplib_dir"] }}' phplib_dir: '{{ ansible_local.local_facts.phplib_dir }}'
iiab_stage: '{{ ansible_local.local_facts.stage }}'
# Networking uses a different file for the rpi
- name: Discover if this is a rpi -- assume if so it is running raspbian
set_fact:
rpi_model: "rpi"
is_rpi: "True"
when: ansible_local.local_facts.os == "raspbian"
- name: Set exFAT enabled for XO laptops - name: Set exFAT enabled for XO laptops
set_fact: set_fact:
exFAT_enabled: True exFAT_enabled: True
when: xo_model != "none" when: xo_model != "none"
- name: set FQDN
set_fact:
iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}"
FQDN_changed: False
- name: FQDN changed
set_fact:
FQDN_changed: True
when: iiab_fqdn != ansible_fqdn
- name: Now check FQDN
include_tasks: roles/2-common/tasks/hostname.yml
when: FQDN_changed
# Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate # Discover do we have a gateway? -- if ansible detects gateway, becomes WAN candidate
- name: Finding gateway - name: Finding gateway
set_fact: set_fact:
discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" discovered_wan_iface: "{{ ansible_default_ipv4.alias }}"
when: 'ansible_default_ipv4.gateway is defined' iiab_wan_iface: "{{ discovered_wan_iface }}"
when: ansible_default_ipv4.gateway is defined
- name: Verify gateway present - name: Verify gateway present
shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" &> /dev/null ; echo $? shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l
when: discovered_wan_iface != "none" when: discovered_wan_iface != "none"
register: gw_active_test register: gw_active_test
- name: Recording gateway response - name: Recording gateway response
set_fact: set_fact:
gw_active: True gw_active: True
when: discovered_wan_iface != "none" and gw_active_test.stdout == "0" when: discovered_wan_iface != "none" and gw_active_test.stdout == "1"
- name: Test for internet access - name: Test for internet access
get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt get_url: url="{{ iiab_download_url }}/heart-beat.txt" dest=/tmp/heart-beat.txt
@ -39,40 +59,13 @@
- name: Set internet_available true if wget succeeded - name: Set internet_available true if wget succeeded
set_fact: set_fact:
internet_available: True internet_available: True
when: not internet_access_test|failed and not disregard_network when: not internet_access_test|failed and not disregard_network
- name: Cleanup internet test file - name: Cleanup internet test file
file: path=/tmp/heart-beat.txt file: path=/tmp/heart-beat.txt
state=absent state=absent
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'runtime_branch'
value: '{{ ansible_local["local_facts"]["iiab_branch"] }}'
- option: 'runtime_commit'
value: '{{ ansible_local["local_facts"]["iiab_commit"] }}'
- option: 'runtime_date'
value: '{{ ansible_date_time["iso8601"] }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
# Put all computed vars here so derive properly from any prior var file # Put all computed vars here so derive properly from any prior var file
- name: If the TZ is not set in env, set it to UTC - name: If the TZ is not set in env, set it to UTC
set_fact: local_tz='UTC' set_fact: local_tz='UTC'
@ -176,3 +169,40 @@
set_fact: set_fact:
is_CentOS: True is_CentOS: True
when: ansible_distribution == "CentOS" when: ansible_distribution == "CentOS"
- name: add version section
ini_file: dest='{{ iiab_config_file }}'
section=runtime
option='{{ item.option }}'
value='{{ item.value }}'
with_items:
- option: 'iiab_stage'
value: '{{ iiab_stage }}'
- option: 'runtime_php'
value: '{{ phplib_dir }}'
- option: 'runtime_branch'
value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'runtime_commit'
value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'runtime_date'
value: '{{ ansible_date_time.iso8601 }}'
- option: 'ansible_version'
value: '{{ ansible_local.local_facts.ansible_version }}'
- option: 'kernel'
value: '{{ ansible_kernel }}'
- option: 'memory_mb'
value: '{{ ansible_memtotal_mb }}'
- option: 'swap_mb'
value: '{{ ansible_swaptotal_mb }}'
- option: 'product_id'
value: '{{ ansible_product_uuid }}'
- option: 'gw_active'
value: '{{ gw_active }}'
- option: 'internet_available'
value: '{{ internet_available }}'
- option: 'first_run'
value: '{{ first_run }}'
- option: 'local_tz'
value: '{{ local_tz }}'
- option: 'FQDN_changed'
value: '{{ FQDN_changed }}'

6
roles/1-prep/tasks/iiab_ini.yml
View file

@ -25,10 +25,10 @@
- option: 'arch' - option: 'arch'
value: '{{ ansible_architecture }}' value: '{{ ansible_architecture }}'
- option: 'iiab_branch' - option: 'iiab_branch'
value: '{{ ansible_local["local_facts"]["iiab_branch"] }}' value: '{{ ansible_local.local_facts.iiab_branch }}'
- option: 'iiab_commit' - option: 'iiab_commit'
value: '{{ ansible_local["local_facts"]["iiab_commit"] }}' value: '{{ ansible_local.local_facts.iiab_commit }}'
- option: 'install_date' - option: 'install_date'
value: '{{ ansible_date_time["iso8601"] }}' value: '{{ ansible_date_time.iso8601 }}'
- option: 'install_xo' - option: 'install_xo'
value: '{{ xo_model }}' value: '{{ xo_model }}'

28
roles/1-prep/tasks/main.yml
View file

@ -50,43 +50,39 @@
- name: Disable AppArmor -- on by default in Ubuntu - name: Disable AppArmor -- on by default in Ubuntu
service: name=apparmor enabled=False state=stopped service: name=apparmor enabled=False state=stopped
when: first_run and is_ubuntu when: is_ubuntu
ignore_errors: true ignore_errors: true
- name: Disable SELinux on next boot - name: Disable SELinux on next boot
selinux: state=disabled selinux: state=disabled
register: selinux_disabled register: selinux_disabled
when: first_run and not is_debuntu when: not is_debuntu
- name: Disable SELinux for this session (if needed) - name: Disable SELinux for this session (if needed)
command: setenforce Permissive command: setenforce Permissive
when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed
## DISCOVER PLATFORMS ###### ## DISCOVER PLATFORMS ######
- name: Discover if this is an rpi -- assume it is running Raspbian if so - include_tasks: prep.yml
set_fact:
rpi_model: "rpi"
is_rpi: "True"
when: ansible_local.local_facts.os == "raspbian"
ignore_errors: true
- include: prep.yml
when: first_run
# Put conditional actions for hardware platforms here # Put conditional actions for hardware platforms here
- include: raspberry_pi_2.yml - include_tasks: raspberry_pi_2.yml
when: first_run and rpi_model != "none" when: first_run and rpi_model != "none"
- name: Check if the identifier for Intel's NUC6 builtin WiFi is present - name: Check if the identifier for Intel's NUC6 builtin WiFi is present
shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'" shell: "lsusb | grep 8087:0a2b | wc |awk '{print $1}'"
register: usb_NUC6 register: usb_NUC6
ignore_errors: true ignore_errors: true
when: first_run
- name: Download the firmware for built-in WiFi on NUC6 - name: Download the firmware for built-in WiFi on NUC6
get_url: dest=/lib/firmware get_url: dest=/lib/firmware
url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode url={{ iiab_download_url }}/iwlwifi-8000C-13.ucode
when: first_run and usb_NUC6.stdout|int > 0 when: usb_NUC6.stdout|int > 0
- name: ...HAS COMPLETED =========================================== # this script can be sourced to get IIAB location
command: echo - name: Recording STAGE 1 HAS COMPLETED ============================
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644

3
roles/1-prep/templates/iiab.env.j2
View file

@ -1,7 +1,8 @@
# This is a configuration file for XSCE # This is a configuration file for IIAB
# It can sourced in a shell script or read into an application # It can sourced in a shell script or read into an application
IIAB_BASE_PATH={{ iiab_base }} IIAB_BASE_PATH={{ iiab_base }}
IIAB_DIR={{ iiab_dir }} IIAB_DIR={{ iiab_dir }}
OS={{ ansible_local.local_facts.os }} OS={{ ansible_local.local_facts.os }}
OS_VER={{ ansible_local.local_facts.os_ver }} OS_VER={{ ansible_local.local_facts.os_ver }}
WWWROOT={{ doc_root }} WWWROOT={{ doc_root }}
STAGE=1

11
roles/2-common/tasks/hostname.yml Normal file
View file

@ -0,0 +1,11 @@
- name: turn the crank for systemd
shell: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}"
when: is_debuntu
- name: Configure /etc/sysconfig/network
template: src=roles/network/templates/network/sysconfig.network.j2
dest=/etc/sysconfig/network
owner=root
group=root
mode=0644
when: is_redhat

30
roles/2-common/tasks/main.yml
View file

@ -3,22 +3,29 @@
- name: ...IS BEGINNING ========================================== - name: ...IS BEGINNING ==========================================
command: echo command: echo
#- include: iiab_ini.yml #- include_tasks: iiab_ini.yml
# create the directory structure for IIAB # create the directory structure for IIAB
- include: fl.yml - include_tasks: fl.yml
- include: xo.yml - include_tasks: xo.yml
when: xo_model != "none" or osbuilder is defined when: xo_model != "none" or osbuilder is defined
- include: centos.yml # set FQDN for IIAB
- include_tasks: hostname.yml
tags:
- network
- domain
- hostname
- include_tasks: centos.yml
when: ansible_distribution == "CentOS" when: ansible_distribution == "CentOS"
- include: fedora.yml - include_tasks: fedora.yml
when: ansible_distribution == "Fedora" when: ansible_distribution == "Fedora"
# the following installs common packages for both debian and fedora # the following installs common packages for both debian and fedora
- include: packages.yml - include_tasks: packages.yml
- sysctl: name=net.ipv4.ip_forward value=1 state=present - sysctl: name=net.ipv4.ip_forward value=1 state=present
- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present - sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present
@ -43,10 +50,13 @@
mode=0644 mode=0644
backup=no backup=no
- include: net_mods.yml - include_tasks: net_mods.yml
when: not is_debuntu and not is_F18 when: not is_debuntu and not is_F18
- include: udev.yml - include_tasks: udev.yml
- name: ...HAS COMPLETED ========================================= - name: Recording STAGE 2 HAS COMPLETED ==========================
command: echo lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=2'
state=present

39
roles/3-base-server/tasks/main.yml
View file

@ -1,5 +1,4 @@
# Base Server # Base Server
- name: ...IS BEGINNING ===================================== - name: ...IS BEGINNING =====================================
command: echo command: echo
@ -21,6 +20,30 @@
# has no "when: XXXXX_install" flag # has no "when: XXXXX_install" flag
tags: base, mysql tags: base, mysql
- include_tasks: roles/network/tasks/named.yml
tags:
- named
- network
- domain
- include_tasks: roles/network/tasks/dhcpd.yml
tags:
- dhcpd
- network
- domain
- include_tasks: roles/network/tasks/squid.yml
tags:
- squid
- network
when: squid_install
- include_tasks: roles/network/tasks/wondershaper.yml
tags:
- wondershaper
- network
when: wondershaper_install
- name: Make sure there is a content directory - name: Make sure there is a content directory
file: dest={{ doc_root }}/local_content file: dest={{ doc_root }}/local_content
state=directory state=directory
@ -30,12 +53,8 @@
state=restarted state=restarted
when: not installing when: not installing
# If we got here we're done - name: Record STAGE 3 HAS COMPLETED ========================
#- name: Record base gui version lineinfile: dest=/etc/iiab/iiab.env
# lineinfile: dest=/etc/iiab/iiab.env regexp='^STAGE=*'
# regexp='^BASE_VERSION=*' line='STAGE=3'
# line='BASE_VERSION="{{ gui_version }}"' state=present
# state=present
- name: ...HAS COMPLETED ====================================
command: echo

16
roles/4-server-options/tasks/main.yml
View file

@ -1,5 +1,4 @@
# Server Options # Server Options
- name: ...IS BEGINNING ================================== - name: ...IS BEGINNING ==================================
command: echo command: echo
@ -57,14 +56,6 @@
when: usb_lib_install when: usb_lib_install
tags: usb-lib tags: usb-lib
# this script can be sourced to get IIAB location
- name: Create iiab.env file
template: src=roles/1-prep/templates/iiab.env.j2
dest=/etc/iiab/iiab.env
owner=root
group=root
mode=0644
- name: Put a Python interface to iiab.env - name: Put a Python interface to iiab.env
template: src=roles/1-prep/templates/iiab_env.py.j2 template: src=roles/1-prep/templates/iiab_env.py.j2
dest=/etc/iiab/iiab_env.py dest=/etc/iiab/iiab_env.py
@ -73,5 +64,8 @@
command: /usr/bin/iiab-refresh-wiki-docs command: /usr/bin/iiab-refresh-wiki-docs
when: not nodocs when: not nodocs
- name: ...HAS COMPLETED ================================= - name: Recording STAGE 4 HAS COMPLETED ==================
command: echo lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=4'
state=present

8
roles/5-xo-services/tasks/main.yml
View file

@ -1,5 +1,4 @@
# XO Services # XO Services
- name: ...IS BEGINNING ===================================== - name: ...IS BEGINNING =====================================
command: echo command: echo
@ -21,5 +20,8 @@
when: idmgr_install when: idmgr_install
tags: olpc, idmgr tags: olpc, idmgr
- name: ...HAS COMPLETED ==================================== - name: Recording STAGE 5 HAS COMPLETED =====================
command: echo lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=5'
state=present

8
roles/6-generic-apps/tasks/main.yml
View file

@ -1,5 +1,4 @@
# Generic Apps # Generic Apps
- name: ...IS BEGINNING ==================================== - name: ...IS BEGINNING ====================================
command: echo command: echo
@ -45,5 +44,8 @@
when: wordpress_install when: wordpress_install
tags: wordpress tags: wordpress
- name: ...HAS COMPLETED =================================== - name: Recording STAGE 6 HAS COMPLETED ====================
command: echo lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=6'
state=present

8
roles/7-edu-apps/tasks/main.yml
View file

@ -1,5 +1,4 @@
# Educational Apps # Educational Apps
- name: ...IS BEGINNING ======================================== - name: ...IS BEGINNING ========================================
command: echo command: echo
@ -39,5 +38,8 @@
when: sugarizer_install when: sugarizer_install
tags: sugarizer tags: sugarizer
- name: ...HAS COMPLETED ======================================= - name: Recording STAGE 7 HAS COMPLETED ========================
command: echo lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=7'
state=present

7
roles/8-mgmt-tools/tasks/main.yml
View file

@ -51,5 +51,8 @@
when: xovis_install and ansible_distribution != "CentOS" when: xovis_install and ansible_distribution != "CentOS"
tags: xovis tags: xovis
- name: ...HAS COMPLETED ===================================== - name: Recording STAGE 8 HAS COMPLETED ======================
command: echo lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=8'
state=present

7
roles/9-local-addons/tasks/main.yml
View file

@ -3,5 +3,8 @@
- name: ...IS BEGINNING ==================================== - name: ...IS BEGINNING ====================================
command: echo command: echo
- name: ...HAS COMPLETED =================================== - name: Recording STAGE 9 HAS COMPLETED ====================
command: echo lineinfile: dest=/etc/iiab/iiab.env
regexp='^STAGE=*'
line='STAGE=9'
state=present

2
roles/ajenti/tasks/main.yml
View file

@ -37,7 +37,7 @@
mode=0744 mode=0744
state=file state=file
- include: ajenti-wondershaper.yml - include_tasks: ajenti-wondershaper.yml
when: 'iiab_lan_iface != ""' when: 'iiab_lan_iface != ""'
# handler doesn't fire # handler doesn't fire

2
roles/awstats/tasks/main.yml
View file

@ -1,4 +1,4 @@
- include: install.yml - include_tasks: install.yml
when: awstats_install when: awstats_install
- name: Add AWStats to service list - name: Add AWStats to service list

2
roles/dokuwiki/tasks/main.yml
View file

@ -1,5 +1,5 @@
- name: Include the install playbook - name: Include the install playbook
include: install.yml include_tasks: install.yml
when: dokuwiki_install when: dokuwiki_install
- name: Add DokuWiki to service list - name: Add DokuWiki to service list

2
roles/httpd/tasks/main.yml
View file

@ -142,7 +142,7 @@
state=absent state=absent
when: is_debuntu when: is_debuntu
- include: html.yml - include_tasks: html.yml
tags: tags:
- base - base

4
roles/iiab-admin/tasks/main.yml
View file

@ -1,9 +1,9 @@
- include: admin-user.yml - include_tasks: admin-user.yml
tags: tags:
- base - base
when: not no_admin is defined when: not no_admin is defined
- include: access.yml - include_tasks: access.yml
tags: tags:
- base - base

10
roles/kalite/tasks/main.yml
View file

@ -16,23 +16,23 @@
stat: path="{{ kalite_db_name }}" stat: path="{{ kalite_db_name }}"
register: kalite_installed register: kalite_installed
- include: install-f18.yml - include_tasks: install-f18.yml
when: not kalite_installed.stat.exists and is_F18 when: not kalite_installed.stat.exists and is_F18
- include: install.yml - include_tasks: install.yml
when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18 when: kalite_installed is defined and not kalite_installed.stat.exists and not is_F18
- name: Ask systemd to reread the unit files - name: Ask systemd to reread the unit files
shell: systemctl daemon-reload shell: systemctl daemon-reload
when: not kalite_installed.stat.exists when: not kalite_installed.stat.exists
- include: setup-f18.yml - include_tasks: setup-f18.yml
when: not kalite_installed.stat.exists and is_F18 when: not kalite_installed.stat.exists and is_F18
- include: setup.yml - include_tasks: setup.yml
when: not kalite_installed.stat.exists and not is_F18 when: not kalite_installed.stat.exists and not is_F18
- include: enable.yml - include_tasks: enable.yml
- name: Add kalite to service list - name: Add kalite to service list
ini_file: dest='{{ service_filelist }}' ini_file: dest='{{ service_filelist }}'

2
roles/kiwix/tasks/main.yml
View file

@ -20,7 +20,7 @@
get_url: url="{{ iiab_download_url }}/{{ kiwix_src_file }}" dest="{{ downloads_dir }}/{{ kiwix_src_file }}" get_url: url="{{ iiab_download_url }}/{{ kiwix_src_file }}" dest="{{ downloads_dir }}/{{ kiwix_src_file }}"
when: internet_available when: internet_available
- include: kiwix_install.yml - include_tasks: kiwix_install.yml
when: kiwix_src_file is defined when: kiwix_src_file is defined
tags: tags:
- kiwix - kiwix

4
roles/mysql/tasks/main.yml
View file

@ -45,12 +45,12 @@
tags: tags:
- download - download
- include: centos.yml - include_tasks: centos.yml
when: ansible_distribution == "CentOS" when: ansible_distribution == "CentOS"
tags: tags:
- download - download
- include: fedora.yml - include_tasks: fedora.yml
when: ansible_distribution == "Fedora" when: ansible_distribution == "Fedora"
tags: tags:
- download - download

6
roles/network/tasks/dansguardian.yml
View file

@ -7,7 +7,7 @@
- download - download
- name: Copy DansGuardian config file - name: Copy DansGuardian config file
template: src=squid/dansguardian.conf.j2 template: src=roles/network/templates/squid/dansguardian.conf.j2
dest=/etc/dansguardian/dansguardian.conf dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian owner=dansguardian
group=dansguardian group=dansguardian
@ -15,7 +15,7 @@
when: ansible_distribution == "Fedora" when: ansible_distribution == "Fedora"
- name: Copy DansGuardian config file - name: Copy DansGuardian config file
template: src=squid/dansguardian.conf.debian.j2 template: src=roles/network/templates/squid/dansguardian.conf.debian.j2
dest=/etc/dansguardian/dansguardian.conf dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian owner=dansguardian
group=dansguardian group=dansguardian
@ -23,7 +23,7 @@
when: is_debuntu when: is_debuntu
- name: Copy DansGuardian config file for CentOS - name: Copy DansGuardian config file for CentOS
template: src=squid/dansguardian.conf.centos.j2 template: src=roles/network/templates/squid/dansguardian.conf.centos.j2
dest=/etc/dansguardian/dansguardian.conf dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian owner=dansguardian
group=vscan group=vscan

29
roles/network/tasks/detected_network.yml
View file

@ -1,33 +1,22 @@
- name: Checking iiab_domain_name
shell: "cat /etc/sysconfig/iiab_domain_name"
register: prior_domain
when: not first_run
# above always registers
- name: Checking for prior domain name
set_fact:
iiab_domain: "{{ prior_domain.stdout }}"
when: not first_run and prior_domain.stdout != "lan" and prior_domain.stdout != ""
- name: iiab_wan_device - name: iiab_wan_device
shell: "cat /etc/sysconfig/iiab_wan_device" shell: grep IIAB_WAN_DEVICE /etc/iiab/iiab.env | awk -F "=" '{print $2}'
when: iiab_stage|int > 4
register: prior_gw register: prior_gw
when: not first_run
- name: Checking for old device gateway interface for device test - name: Checking for old device gateway interface for device test
set_fact: set_fact:
device_gw: "{{ prior_gw.stdout }}" device_gw: "{{ prior_gw.stdout }}"
device_gw2: "{{ prior_gw.stdout }}" device_gw2: "{{ prior_gw.stdout }}"
when: not first_run and prior_gw is defined and prior_gw.stdout != "" when: iiab_stage|int > 4 and prior_gw is defined and prior_gw.stdout != ""
- name: Setting WAN if detected - name: Setting WAN if detected
set_fact: set_fact:
iiab_wan_iface: "{{ discovered_wan_iface }}" iiab_wan_iface: "{{ discovered_wan_iface }}"
device_gw: "{{ discovered_wan_iface }}" device_gw: "{{ discovered_wan_iface }}"
when: discovered_wan_iface != "none" when: ansible_default_ipv4.gateway is defined
- name: RedHat network detection - name: RedHat network detection
include: detected_redhat.yml include_tasks: detected_redhat.yml
when: is_redhat when: is_redhat
- name: check to see if dhcpcd is installed and active - Can Fail - name: check to see if dhcpcd is installed and active - Can Fail

3
roles/network/tasks/dhcpd.yml
View file

@ -24,8 +24,7 @@
group=root group=root
mode={{ item.mode }} mode={{ item.mode }}
with_items: with_items:
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' } - { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
- { src: 'dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
- name: Create dhcpd needed files - name: Create dhcpd needed files
command: touch /var/lib/dhcpd/dhcpd.leases command: touch /var/lib/dhcpd/dhcpd.leases

15
roles/network/tasks/enable_services.yml
View file

@ -23,7 +23,8 @@
mode={{ item.mode }} mode={{ item.mode }}
with_items: with_items:
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' } - { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
when: dhcpd_enabled and dhcpd_install - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
when: dhcpd_enabled
- name: Copy named file - name: Copy named file
template: src={{ item.src }} template: src={{ item.src }}
@ -70,8 +71,10 @@
when: not dansguardian_enabled and dansguardian_install when: not dansguardian_enabled and dansguardian_install
- name: Create xs_httpcache flag - name: Create xs_httpcache flag
shell: echo 1 > /etc/sysconfig/xs_httpcache_on lineinfile: dest=/etc/iiab/iiab.env
creates=/etc/sysconfig/xs_httpcache_on regexp='^HTTPCACHE_ON=*'
line='HTTPCACHE_ON=True'
state=present
when: squid_enabled and squid_install when: squid_enabled and squid_install
- name: Enable Squid service - name: Enable Squid service
@ -105,8 +108,10 @@
when: not squid_enabled and squid_install when: not squid_enabled and squid_install
- name: Remove xs_httpcache flag - name: Remove xs_httpcache flag
file: path=/etc/sysconfig/xs_httpcache_on lineinfile: dest=/etc/iiab/iiab.env
state=absent regexp='^HTTPCACHE_ON=*'
line='HTTPCACHE_ON=False'
state=present
when: not squid_enabled when: not squid_enabled
- name: Enable Wondershaper service - name: Enable Wondershaper service

8
roles/network/tasks/ifcfg_mods.yml
View file

@ -43,17 +43,17 @@
when: (num_lan_interfaces != "0" or iiab_wireless_lan_iface != "none") when: (num_lan_interfaces != "0" or iiab_wireless_lan_iface != "none")
## vars/ users should set user_wan_iface to avoid messy redetect ## vars/ users should set user_wan_iface to avoid messy redetect
- include: redetect.yml - include_tasks: redetect.yml
when: discovered_wan_iface == "none" and user_wan_iface == "auto" when: discovered_wan_iface == "none" and user_wan_iface == "auto"
# move gateway if not WAN # move gateway if not WAN
# might have wifi info if wireless is used as uplink. # might have wifi info if wireless is used as uplink.
- include: edit_ifcfg.yml - include_tasks: edit_ifcfg.yml
when: has_wifi_gw == "none" and has_ifcfg_gw != "none" and has_ifcfg_gw != "/etc/sysconfig/network-scripts/ifcfg-WAN" when: has_wifi_gw == "none" and has_ifcfg_gw != "none" and has_ifcfg_gw != "/etc/sysconfig/network-scripts/ifcfg-WAN"
# create ifcfg-WAN if missing # create ifcfg-WAN if missing
# if we get here we have gateway but no ifcfg file # if we get here we have gateway but no ifcfg file
- include: create_ifcfg.yml - include_tasks: create_ifcfg.yml
when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode when: iiab_wan_iface != "none" and not has_WAN and has_ifcfg_gw == "none" and xo_model == "none" and not iiab_demo_mode
- name: Configuring LAN interface as iiab_lan_iface - name: Configuring LAN interface as iiab_lan_iface
@ -76,7 +76,7 @@
tags: tags:
- network - network
- include: enable_wan.yml - include_tasks: enable_wan.yml
when: not installing and not iiab_demo_mode when: not installing and not iiab_demo_mode
- name: ask systemd to reread the unit files, picks up changes done - name: ask systemd to reread the unit files, picks up changes done

136
roles/network/tasks/main.yml
View file

@ -1,131 +1,83 @@
- include: detected_network.yml - include_tasks: detected_network.yml
when: not installing when: not installing
tags: tags:
- network - network
- network-discover - network-discover
- include: computed_network.yml - include_tasks: computed_network.yml
when: not installing when: not installing
tags: tags:
- network - network
- network-discover - network-discover
- name: Set hostname
template: dest=/etc/hostname
src=network/hostname.j2
owner=root
mode=0644
when: is_debuntu
register: hostname_change
tags:
- network
- domain
- name: Configure /etc/sysconfig/network
template: src=network/sysconfig.network.j2
dest=/etc/sysconfig/network
owner=root
group=root
mode=0644
when: is_redhat
register: hostname_change
tags:
- network
- domain
- name: Create iiab_domain_name flag
template: src=network/{{ item }}.j2
dest=/etc/sysconfig/{{ item }}
mode=0644
with_items:
- iiab_domain_name
tags:
- network
- domain
##### Start static ip address info for first run ##### ##### Start static ip address info for first run #####
#- include: static.yml #- include_tasks: static.yml
# when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"' # when: 'iiab_wan_iface != "none" and wan_ip != "dhcp"'
##### End static ip address info ##### End static ip address info
- include: hosts.yml - include_tasks: hosts.yml
tags: tags:
- network - network
- hostname
- domain - domain
##### end hostname setup - include_tasks: iptables.yml
##### start install portion
# only needs to be done once
- include: installing.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
- domain
# when: hostname_change.changed or installing
- include: avahi.yml
tags: tags:
- network - network
#### end install portion - include_tasks: avahi.yml
#### start network layout
# setting installing would skip configuring network
# but would configure but not start services
#- include: computed_network.yml
# when: not installing
# tags:
# - network
# - network-discover
- include: computed_services.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
# templates needed from above install section live here
- include: enable_services.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
- include: hostapd.yml
tags: tags:
- network - network
- include: ifcfg_mods.yml - include_tasks: hostapd.yml
when: not is_debuntu and not installing tags:
- network
- AP
- include_tasks: ifcfg_mods.yml
tags: tags:
- network - network
- include: debian.yml - include_tasks: debian.yml
when: is_debuntu and not installing
tags: tags:
- network - network
when: is_debuntu and not is_rpi and not installing
- name: Create IIAB network flags - include_tasks: rpi_debian.yml
template: src=network/{{ item }}.j2 tags:
dest=/etc/sysconfig/{{ item }} - network
mode=0644 when: is_debuntu and is_rpi and not installing
with_items:
- iiab_wan_device - name: Record iiab_wan_device
- iiab_lan_device lineinfile: dest=/etc/iiab/iiab.env
regexp='^IIAB_WAN_DEVICE=*'
line='IIAB_WAN_DEVICE="{{ iiab_wan_iface }}"'
state=present
when: not installing when: not installing
tags: tags:
- network - network
- name: Record iiab_lan_device
lineinfile: dest=/etc/iiab/iiab.env
regexp='^IIAB_LAN_DEVICE=*'
line='IIAB_LAN_DEVICE="{{ iiab_lan_iface }}"'
state=present
when: not installing
tags:
- network
#### end network layout #### end network layout
#### start services #### start services
- include_tasks: computed_services.yml
tags:
- network
- include: restart.yml - include_tasks: enable_services.yml
tags:
- network
- include_tasks: restart.yml
when: not installing when: not installing
tags: tags:
- network - network

46
roles/network/tasks/named.yml
View file

@ -41,37 +41,37 @@
group=root group=root
mode={{ item.mode }} mode={{ item.mode }}
with_items: with_items:
- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' } - { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
- { src: 'named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' } - { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
- { src: 'named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' } - { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
- { src: 'named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' } - { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' } - { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'} - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'} - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
- { src: 'named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'} - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
- name: Substitute our unit file which uses $OPTIONS from sysconfig - name: Substitute our unit file which uses $OPTIONS from sysconfig
template: src=named/{{ dns_service }}.service template: src=roles/network/templates/named/{{ dns_service }}.service
dest=/etc/systemd/system/{{ dns_service }}.service dest=/etc/systemd/system/{{ dns_service }}.service
mode=0644 mode=0644
- name: The dns-jail redirect requires the named.blackhole,disabling recursion - name: The dns-jail redirect requires the named.blackhole,disabling recursion
# in named-iiab.conf, and the redirection of 404 error documents to / # in named-iiab.conf, and the redirection of 404 error documents to /
template: src=named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/ template: src=roles/network/templates/named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
when: dns_jail_enabled when: dns_jail_enabled
- name: Separate enabling required for Debian - name: Separate enabling required for Debian

14
roles/network/tasks/squid.yml
View file

@ -19,32 +19,32 @@
group={{ item.group }} group={{ item.group }}
mode={{ item.mode }} mode={{ item.mode }}
with_items: with_items:
- src: 'squid/squid.sysconfig' - src: 'roles/network/templates/squid/squid.sysconfig'
dest: '/etc/sysconfig/squid' dest: '/etc/sysconfig/squid'
owner: 'root' owner: 'root'
group: 'root' group: 'root'
mode: '0755' mode: '0755'
- src: 'squid/sites.whitelist.txt' - src: 'roles/network/templates/squid/sites.whitelist.txt'
dest: '/etc/{{ proxy }}/sites.whitelist.txt' dest: '/etc/{{ proxy }}/sites.whitelist.txt'
owner: '{{ proxy_user }}' owner: '{{ proxy_user }}'
group: '{{ proxy_user }}' group: '{{ proxy_user }}'
mode: '0644' mode: '0644'
- src: 'squid/allowregex.rules' - src: 'roles/network/templates/squid/allowregex.rules'
dest: '/etc/{{ proxy }}/allowregex.rules' dest: '/etc/{{ proxy }}/allowregex.rules'
owner: '{{ proxy_user }}' owner: '{{ proxy_user }}'
group: '{{ proxy_user }}' group: '{{ proxy_user }}'
mode: '0644' mode: '0644'
- src: 'squid/denyregex.rules' - src: 'roles/network/templates/squid/denyregex.rules'
dest: '/etc/{{ proxy }}/denyregex.rules' dest: '/etc/{{ proxy }}/denyregex.rules'
owner: '{{ proxy_user }}' owner: '{{ proxy_user }}'
group: '{{ proxy_user }}' group: '{{ proxy_user }}'
mode: '0644' mode: '0644'
- src: 'squid/dstaddress.rules' - src: 'roles/network/templates/squid/dstaddress.rules'
dest: '/etc/{{ proxy }}/dstaddress.rules' dest: '/etc/{{ proxy }}/dstaddress.rules'
owner: '{{ proxy_user }}' owner: '{{ proxy_user }}'
group: '{{ proxy_user }}' group: '{{ proxy_user }}'
mode: '0644' mode: '0644'
- src: 'squid/iiab-httpcache.j2' - src: 'roles/network/templates/squid/iiab-httpcache.j2'
dest: '/usr/bin/iiab-httpcache' dest: '/usr/bin/iiab-httpcache'
owner: 'root' owner: 'root'
group: 'root' group: 'root'
@ -64,7 +64,7 @@
mode=0750 mode=0750
state=directory state=directory
- include: dansguardian.yml - include_tasks: roles/network/tasks/dansguardian.yml
when: dansguardian_install when: dansguardian_install
#- name: Stop Squid #- name: Stop Squid

2
roles/network/tasks/static.yml
View file

@ -4,7 +4,7 @@
template: src=network/ifcfg-WAN.j2 template: src=network/ifcfg-WAN.j2
dest=/etc/sysconfig/network-scripts/ifcfg-WAN dest=/etc/sysconfig/network-scripts/ifcfg-WAN
- include: NM.yml - include_tasks: NM.yml
when: 'ansible_distribution_version <= "20" and wan_ip != "dhcp"' when: 'ansible_distribution_version <= "20" and wan_ip != "dhcp"'
- name: Re-read network config files - name: Re-read network config files

6
roles/network/tasks/wondershaper.yml
View file

@ -1,12 +1,12 @@
- name: Copy Wondershaper service script - name: Copy Wondershaper service script
template: backup=yes template: backup=yes
src=wondershaper/wondershaper.service src=roles/network/templates/wondershaper/wondershaper.service
dest=/etc/systemd/system/wondershaper.service dest=/etc/systemd/system/wondershaper.service
mode=0644 mode=0644
- name: Copy Wondershaper script - name: Copy Wondershaper script
template: backup=yes template: backup=yes
src=wondershaper/wondershaper.j2 src=roles/network/templates/wondershaper/wondershaper.j2
dest=/usr/bin/wondershaper dest=/usr/bin/wondershaper
owner=root owner=root
group=root group=root
@ -20,7 +20,7 @@
state=directory state=directory
- name: Copy Wondershaper config script - name: Copy Wondershaper config script
template: src=wondershaper/wondershaper.conf template: src=roles/network/templates/wondershaper/wondershaper.conf
dest=/etc/conf.d/wondershaper.conf dest=/etc/conf.d/wondershaper.conf
owner=root owner=root
group=root group=root

9
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -1,4 +1,5 @@
#!/bin/bash -x #!/bin/bash -x
source /etc/iiab/iiab.env
{% if is_debuntu %} {% if is_debuntu %}
IPTABLES=/sbin/iptables IPTABLES=/sbin/iptables
IPTABLES_DATA=/etc/iptables.up.rules IPTABLES_DATA=/etc/iptables.up.rules
@ -6,8 +7,8 @@ IPTABLES_DATA=/etc/iptables.up.rules
IPTABLES=/usr/sbin/iptables IPTABLES=/usr/sbin/iptables
IPTABLES_DATA=/etc/sysconfig/iptables IPTABLES_DATA=/etc/sysconfig/iptables
{% endif %} {% endif %}
LANIF=`cat /etc/sysconfig/iiab_lan_device` LANIF=$IIAB_LAN_DEVICE
WANIF=`cat /etc/sysconfig/iiab_wan_device` WANIF=$IIAB_WAN_DEVICE
MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` MODE=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'`
clear_fw() { clear_fw() {
@ -33,7 +34,7 @@ $IPTABLES -A INPUT -p tcp --dport 5984 -j DROP
$IPTABLES -A INPUT -p udp --dport 5984 -j DROP $IPTABLES -A INPUT -p udp --dport 5984 -j DROP
} }
if [ "x$WANIF" == "x" ] || [ "$MODE" == 'Appliance' ]; then if [ "x$WANIF" == "xnone" ] || [ "$MODE" == 'Appliance' ]; then
clear_fw clear_fw
# save the rule set # save the rule set
{% if is_debuntu %} {% if is_debuntu %}
@ -119,7 +120,7 @@ if [ "$captive_portal_enabled" == "True" ];then
$IPTABLES -t mangle -A internet -j MARK --set-mark 99 $IPTABLES -t mangle -A internet -j MARK --set-mark 99
$IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }} $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
elif [ -f /etc/sysconfig/xs_httpcache_on ]; then elif [ "$HTTPCACHE_ON" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128 $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
fi fi

2
roles/nextcloud/tasks/main.yml
View file

@ -120,7 +120,7 @@
# Enable nextcloud by copying template to httpd config # Enable nextcloud by copying template to httpd config
# following enables and disables # following enables and disables
- include: nextcloud_enabled.yml - include_tasks: nextcloud_enabled.yml
- name: Add Nextcloud to service list - name: Add Nextcloud to service list
ini_file: dest='{{ service_filelist }}' ini_file: dest='{{ service_filelist }}'

2
roles/owncloud/tasks/main.yml
View file

@ -102,7 +102,7 @@
# Enable owncloud by copying template to httpd config # Enable owncloud by copying template to httpd config
- include: owncloud_enabled.yml - include_tasks: owncloud_enabled.yml
when: owncloud_enabled when: owncloud_enabled
- name: Add owncloud to service list - name: Add owncloud to service list

2
roles/rachel/tasks/main.yml
View file

@ -20,7 +20,7 @@
rachel_content_found: True rachel_content_found: True
when: rachel_content.stat.exists == true when: rachel_content.stat.exists == true
- include: rachel_enabled.yml - include_tasks: rachel_enabled.yml
when: rachel_enabled and rachel_content_found when: rachel_enabled and rachel_content_found
- name: Add rachel to service list - name: Add rachel to service list

2
roles/sugar-stats/tasks/main.yml
View file

@ -38,7 +38,7 @@
enabled=no enabled=no
when: not sugar_stats_enabled when: not sugar_stats_enabled
- include: statistics-consolidation.yml - include_tasks: statistics-consolidation.yml
- name: Add sugar-stats to service list - name: Add sugar-stats to service list
ini_file: dest='{{ service_filelist }}' ini_file: dest='{{ service_filelist }}'

2
roles/teamviewer/tasks/main.yml
View file

@ -5,7 +5,7 @@
when: ansible_architecture == "armv7l" or not is_redhat when: ansible_architecture == "armv7l" or not is_redhat
- name: Install Teamviewer if intel - name: Install Teamviewer if intel
include: install.yml include_tasks: install.yml
when: teamviewer_install when: teamviewer_install
- name: Add teamviewer to service list - name: Add teamviewer to service list

12
roles/vnstat/tasks/main.yml
View file

@ -14,6 +14,18 @@
owner=root owner=root
group=root group=root
- name: Checking if lan_iface is set 1
include_vars: roles/network/defaults/main.yml
when: not iiab_lan_iface is defined
- name: Checking if lan_iface is set 2
include_tasks: roles/network/tasks/detected_network.yml
when: not iiab_lan_iface is defined
#- name: Checking if lan_iface is set 3
# include_tasks: roles/network/tasks/computed_network.yml
# when: not iiab_lan_iface is defined
- name: Create database for WAN to collect vnStat data - name: Create database for WAN to collect vnStat data
shell: /usr/bin/vnstat -i {{ iiab_wan_iface }} shell: /usr/bin/vnstat -i {{ iiab_wan_iface }}

2
roles/wordpress/tasks/main.yml
View file

@ -1,3 +1,3 @@
- name: Include the install playbook - name: Include the install playbook
include: install.yml include_tasks: install.yml
when: wordpress_install when: wordpress_install

14
runtags
View file

@ -1,16 +1,11 @@
#!/bin/bash #!/bin/bash
# running from a git repo
PLAYBOOK="iiab.yml" PLAYBOOK="iiab.yml"
INVENTORY="ansible_hosts" INVENTORY="ansible_hosts"
# Pass cmdline options for ansible
if [ -f /etc/iiab/iiab.env ]
then
. /etc/iiab/iiab.env
cd $IIAB_DIR
fi
CWD=`pwd` CWD=`pwd`
export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log"
if [ ! -f $PLAYBOOK ] if [ ! -f $PLAYBOOK ]
then then
echo "IIAB Playbook not found." echo "IIAB Playbook not found."
@ -41,8 +36,6 @@ do
fi fi
done done
# echo $found
taglist=$1 taglist=$1
if [ "$found" == "N" ] if [ "$found" == "N" ]
@ -50,5 +43,4 @@ then
taglist="0-init,"$taglist taglist="0-init,"$taglist
fi fi
export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log"
ansible-playbook -i ansible_hosts iiab.yml --connection=local --tags="""$taglist""" ansible-playbook -i ansible_hosts iiab.yml --connection=local --tags="""$taglist"""

13
scripts/local_facts.fact
View file

@ -41,13 +41,24 @@ else
XO_VERSION="none" XO_VERSION="none"
fi fi
# upgrades return found, clean installs return 0
# interruptions return last stage number recorded (1-9)
if [ -f /etc/iiab/iiab.env ]
then
STAGE=1
source /etc/iiab/iiab.env
STAGE=$STAGE
else
STAGE=0
fi
ANSIBLE_VERSION=$(ansible --version|head -n 1|cut -f 2 -d " ") ANSIBLE_VERSION=$(ansible --version|head -n 1|cut -f 2 -d " ")
cat <<EOF cat <<EOF
{"phplib_dir" : "$PHPLIB_DIR", {"phplib_dir" : "$PHPLIB_DIR",
"stage" : "$STAGE",
"iiab_branch" : "$BRANCH", "iiab_branch" : "$BRANCH",
"iiab_commit" : "$COMMIT", "iiab_commit" : "$COMMIT",
"xo_model" : "$XO_VERSION", "xo_model" : "$XO_VERSION",
"ansble_version" : "$ANSIBLE_VERSION", "ansible_version" : "$ANSIBLE_VERSION",
"os" : "$OS", "os" : "$OS",
"os_ver" : "$OS_VER"} "os_ver" : "$OS_VER"}