Reduce dependency on Apache in gitea/kolibri/mediawiki/munin etc

2025-02-12 11:12:06 +00:00 · 2020-05-16 23:50:22 -04:00 · 2020-05-16 23:50:22 -04:00 · dde8a3285a
commit dde8a3285a
parent a16702743e
7 changed files with 39 additions and 43 deletions
--- a/roles/3-base-server/tasks/main.yml
+++ b/roles/3-base-server/tasks/main.yml
@ -9,8 +9,9 @@
  when: mysql_install | bool

 # 2020-05-16: Invoked as nec by 5 roles {cups, elgg, lokole, moodle, nodered}.
-# These 9 roles conditionally touch Apache .conf files etc: awstats, calibre-
-# web, kalite, kiwix, nextcloud, sugarizer, usb_lib, wordpress, www_options.
+# These 13 roles conditionally touch Apache .conf files etc: awstats,
+# calibre-web, gitea, kalite, kiwix, kolibri, mediawiki, munin, nextcloud,
+# sugarizer, usb_lib, wordpress, www_options.  SEE ALSO: roles/nginx/README.md
 # CAUTION: mysql/tasks/install.yml's php install drags in apache2 regardless !
 #
 # - name: HTTPD (Apache)
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@ -97,13 +97,16 @@

 # 4. Create systemd service & prepare Apache for http://box/gitea

- name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf"
+- name: "Install from template: /etc/systemd/system/gitea.service"
  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  with_items:
-    - { src: 'gitea.service.j2', dest: '/etc/systemd/system/gitea.service' }
-    - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" }
+    src: gitea.service.j2
+    dest: /etc/systemd/system/gitea.service
+
+- name: "Install from template: /etc/{{ apache_conf_dir }}/gitea.conf"
+  template:
+    src: gitea.conf.j2
+    dest: "/etc/{{ apache_conf_dir }}/gitea.conf"    # apache2/sites-available
+  when: apache_installed is defined


 # 5. RECORD Gitea AS INSTALLED
--- a/roles/kolibri/tasks/install.yml
+++ b/roles/kolibri/tasks/install.yml
@ -15,31 +15,21 @@
    path: "{{ kolibri_home }}"     # /library/kolibri
    owner: "{{ kolibri_user }}"    # kolibri
    group: "{{ apache_user }}"     # www-data (on Debian/Ubuntu/Raspbian)
-    mode: '0755'

 - name: Create directory /etc/kolibri
  file:
    state: directory
    name: /etc/kolibri
-    # owner: root
-    # group: root
-    # mode: '0755'

 - name: Save kolibri_user ({{ kolibri_user }}) to /etc/kolibri/username
  copy:
    content: "{{ kolibri_user }}"
    dest: /etc/kolibri/username
-    # owner: root
-    # group: root
-    # mode: '0644'

 - name: Save kolibri_home (KOLIBRI_HOME="{{ kolibri_home }}") to /etc/kolibri/daemon.conf
  copy:
    content: 'KOLIBRI_HOME="{{ kolibri_home }}"'
    dest: /etc/kolibri/daemon.conf
-    # owner: root
-    # group: root
-    # mode: '0644'

 - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database)    # i.e. /library/kolibri
  apt:
@ -49,16 +39,16 @@
    KOLIBRI_USER: "{{ kolibri_user }}"    # both can't hurt & Might Help Later
  when: internet_available | bool

- name: 'Install from templates: /etc/systemd/system/kolibri.service & /etc/{{ apache_conf_dir }}/kolibri.conf'
+- name: 'Install from template: /etc/systemd/system/kolibri.service'
  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    # owner: root
-    # group: root
-    # mode: '0644'
-  with_items:
-    - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service' }
-    - { src: 'kolibri.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kolibri.conf' }    # apache2/sites-available
+    src: kolibri.service.j2
+    dest: /etc/systemd/system/kolibri.service
+
+- name: 'Install from template: /etc/{{ apache_conf_dir }}/kolibri.conf'
+  template:
+    src: kolibri.conf.j2
+    dest: "/etc/{{ apache_conf_dir }}/kolibri.conf"    # apache2/sites-available
+  when: apache_installed is defined

 - name: Stop 'kolibri' systemd service, for Kolibri provisioning (after daemon_reload)
  systemd:
--- a/roles/mediawiki/tasks/install.yml
+++ b/roles/mediawiki/tasks/install.yml
@ -80,10 +80,11 @@
    regexp: '^\$wgServer ='
    line: '$wgServer = "//" . $_SERVER["HTTP_HOST"];'

- name: Install /etc/{{ apache_conf_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache
+- name: 'Install from template: /etc/{{ apache_conf_dir }}/mediawiki.conf -- for http://box{{ mediawiki_url }}'
  template:
    src: mediawiki.conf.j2
-    dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"    # apache2/sites-available on debuntu
+    dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"    # apache2/sites-available
+  when: apache_installed is defined


 # RECORD MediaWiki AS INSTALLED
--- a/roles/munin/tasks/install.yml
+++ b/roles/munin/tasks/install.yml
@ -17,16 +17,16 @@
    state: present
  when: not is_debuntu

- name: Install /etc/munin/munin.conf and Apache's munin24.conf, from templates
+- name: 'Install from template: /etc/munin/munin.conf'
  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    # owner: root
-    # group: root
-    # mode: 0644
-  with_items:
-    - { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' }
-    - { src: 'munin24.conf.j2', dest: '/etc/{{ apache_conf_dir }}/munin24.conf' }
+    src: munin.conf.j2
+    dest: /etc/munin/munin.conf
+
+- name: 'Install from template: /etc/{{ apache_conf_dir }}/munin24.conf'
+  template:
+    src: munin24.conf.j2
+    dest: "/etc/{{ apache_conf_dir }}/munin24.conf"    # apache2/sites-available
+  when: apache_installed is defined

 - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd
  htpasswd:
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@ -10,7 +10,7 @@

 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.

-3. Current state of IIAB App/Service migrations as of 2020-04-29:
+3. Current state of IIAB App/Service migrations as of 2020-05-16:

   1. These support "Native" NGINX but ***NOT*** Apache
      * Admin Console
@ -20,7 +20,7 @@
      * OER2Go/RACHEL modules
      * usb_lib

-   2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!)  Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service.  But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L47-L51) for your testing).
+   2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!)  Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service.  But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB.  You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from roles/3-base-server/tasks/main.yml
      * awstats
      * calibre-web
      * gitea
@ -32,7 +32,8 @@
      * sugarizer
      * wordpress

-   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/0-init/tasks/main.yml#L47-L51](../0-init/tasks/main.yml#L47-L51) for a list of these IIAB Apps/Services, that auto-enable Apache.
+   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of these IIAB Apps/Services, that auto-enable Apache.
+      * cups ?
      * elgg
      * lokole
      * moodle
@ -47,4 +48,4 @@
      * pbx [*]
      * transmission [*]

-[*] The 4 above starred roles could use improvement, as of 2020-04-29.
+[*] The 4 above starred roles could use improvement, as of 2020-05-16.
--- a/roles/nginx/tasks/enable-or-disable.yml
+++ b/roles/nginx/tasks/enable-or-disable.yml
@ -16,7 +16,7 @@
    dest: "/etc/{{ apache_service }}/ports.conf"
  when: not nginx_enabled

- name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it
+- name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
    daemon_reload: yes