diff --git a/LICENSING.md b/LICENSING.md index fac901b1d..53bc9d1ef 100644 --- a/LICENSING.md +++ b/LICENSING.md @@ -15,6 +15,6 @@ this is to include the following two lines at the top of the file: Licensed under the terms of the GNU GPL v2 or later; see LICENSE for details. All files not containing an explicit copyright notice or terms of license in -the file are Copyright © 2015-2021, Unleash Kids, and are licensed under the +the file are Copyright © 2015-2022, Unleash Kids, and are licensed under the terms of the GPLv2 license in the file named LICENSE in the root of the repository. diff --git a/README.md b/README.md index 622024750..64b577547 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Install Internet-in-a-Box (IIAB) from [download.iiab.io](https://download.iiab.i Please see [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) which has 40+ questions and answers to help you along the way, as you put together the "local learning hotspot" most suitable for your own teaching/learning community. Here are 2 ways to install IIAB: - Our [1-line installer](https://download.iiab.io/) gets you the very latest, typically within about an hour, on [different Linux distributions](https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems). -- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. +- [Prefab disk images](https://github.com/iiab/iiab/wiki/Raspberry-Pi-Images:-Summary#iiab-images-for-raspberry-pi) ([.img files](https://archive.org/search.php?query=iiab%20.img&sort=-publicdate)) are sometimes a few months out of date, but can be flashed directly onto a microSD card, for insertion into Raspberry Pi. Our [HOW-TO videos](https://www.youtube.com/channel/UC0cBGCxr_WPBPa3IqPVEe3g) can be very helpful and the [Installation](https://github.com/iiab/iiab/wiki/IIAB-Installation) wiki page has more intricate details e.g. if you're trying to install Internet-in-a-Box (IIAB) onto a [another Linux](https://github.com/iiab/iiab/wiki/IIAB-Platforms) that has not yet been tried. @@ -33,9 +33,11 @@ Finally, you can [customize your Internet-in-a-Box home page](https://wiki.iiab. ## Community -Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds! +Global community updates and videos are regularly posted to: **[@internet_in_box](https://twitter.com/internet_in_box)** -If you would like to volunteer, please [make contact](https://internet-in-a-box.org/pages/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) +_Internet-in-a-Box (IIAB) greatly welcomes contributions from educators, librarians and [IT/UX/QA people](https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide) of all kinds!_ + +If you would like to volunteer, please [make contact](https://internet-in-a-box.org/contributing.html) after looking over "[How can I help?](https://wiki.iiab.io/go/FAQ#How_can_I_help.3F)" at: [FAQ.IIAB.IO](https://wiki.iiab.io/go/FAQ) @@ -52,4 +54,4 @@ Install our latest pre-release using the 1-line installer at: [**download.iiab.i You can also consider earlier official releases at: [github.com/iiab/iiab/releases](https://github.com/iiab/iiab/releases) -For much older versions, see: [github.com/xsce](http://github.com/xsce), [schoolserver.org](http://schoolserver.org) +For much older versions, see: [github.com/xsce](https://github.com/xsce), [schoolserver.org](http://schoolserver.org) diff --git a/iiab-from-cmdline.yml b/iiab-from-cmdline.yml index 74b507b56..68956b3ad 100644 --- a/iiab-from-cmdline.yml +++ b/iiab-from-cmdline.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-from-console.yml b/iiab-from-console.yml index e83aefdb9..fb8282580 100644 --- a/iiab-from-console.yml +++ b/iiab-from-console.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-install b/iiab-install index 037d61b24..b678e7df6 100755 --- a/iiab-install +++ b/iiab-install @@ -1,17 +1,57 @@ #!/bin/bash -e # Running from a git repo # Add cmdline options for passing to ansible -# Todo add proper shift to gobble up --debug --reinstall PLAYBOOK=iiab-stages.yml INVENTORY=ansible_hosts IIAB_STATE_FILE=/etc/iiab/iiab_state.yml -ARGS="" +ARGS="--extra-vars {" # Needs boolean not string so use JSON list. bash forces {...} to '{...}' for Ansible + CWD=`pwd` OS=`grep ^ID= /etc/os-release | cut -d= -f2` -OS=${OS//\"/} +OS=${OS//\"/} # Remove all '"' MIN_RPI_KERN=5.4.0 # Do not use 'rpi-update' unless absolutely necessary: https://github.com/iiab/iiab/issues/1993 -MIN_ANSIBLE_VER=2.11.6 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. +MIN_ANSIBLE_VER=2.12.7 # Ansible 2.8.3 and 2.8.6 had serious bugs, preventing their use with IIAB. + +REINSTALL=false +DEBUG=false +SKIP_ROLE_ON_ERROR=false + +usage() { + echo -e "\n\e[1mUse './iiab-install' for regular installs, or to continue an install." + echo -e "Use './iiab-install --risky' to force 'skip_role_on_error: True'" + echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." + echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." + echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." + echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role." + echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\e[0m\n" +} + +# https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash/14203146#14203146 +while [[ $# -gt 0 ]]; do + case $1 in + --reinstall) + REINSTALL=true + shift + ;; + --debug) + DEBUG=true + shift + ;; + -r|--risky) + SKIP_ROLE_ON_ERROR=true + shift + ;; + *) + usage + exit 1 + ;; + esac +done + +ARGS="$ARGS\"skip_role_on_error\":$SKIP_ROLE_ON_ERROR" # Needs boolean not +# string so use JSON list. Ansible permits these boolean values: (refresher) +# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/validate_vars.yml#L19-L43 if [ ! -f /etc/iiab/local_vars.yml ]; then @@ -27,11 +67,11 @@ if [ ! -f /etc/iiab/local_vars.yml ]; then echo -e "\nEXITING: /opt/iiab/iiab/iiab-install REQUIRES /etc/iiab/local_vars.yml\n" >&2 - echo -e "(1) Please read http://wiki.laptop.org/go/IIAB/local_vars.yml to learn more" >&2 - echo -e "(2) MIN/MEDIUM/BIG samples are included in /opt/iiab/iiab/vars" >&2 + echo -e "(1) See http://FAQ.IIAB.IO -> What is local_vars.yml and how do I customize it?" >&2 + echo -e "(2) SMALL/MEDIUM/LARGE samples are included in /opt/iiab/iiab/vars" >&2 echo -e "(3) NO TIME FOR DETAILS? RUN INTERNET-IN-A-BOX'S FRIENDLY 1-LINE INSTALLER:\n" >&2 - echo -e ' http://download.iiab.io\n' >&2 + echo -e ' https://download.iiab.io\n' >&2 exit 1 fi @@ -57,16 +97,6 @@ if [ ! -f $PLAYBOOK ]; then exit 1 fi -if [ "$1" != "--debug" ] && [ "$1" != "--reinstall" ] && [ "$1" != "" ]; then - echo "Use './iiab-install' for regular installs, or to continue an install." - echo "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." - echo "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." - echo "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." - echo "Use './runrole' to run Stage 0, followed by a single Stage or Role." - echo "Use './iiab-network' to run Stage 0, followed by the Network Role." - exit 1 -fi - # Subroutine compares software version numbers. Generates rare false positives # like "1.0 > 1" and "2.4.0 > 2.4". Avoid risks by structuring conditionals w/ # a consistent # of decimal points e.g. "if version_gt w.x.y.z a.b.c.d; then" @@ -125,27 +155,23 @@ if [ -f /etc/iiab/iiab.env ]; then fi fi - if [ "$1" == "--reinstall" ]; then + if $($REINSTALL); then STAGE=0 - ARGS="$ARGS"" --extra-vars reinstall=True" + #ARGS="$ARGS"" --extra-vars reinstall=True" + ARGS="$ARGS,\"reinstall\":True" # Needs boolean not string so use JSON list sed -i 's/^STAGE=.*/STAGE=0/' /etc/iiab/iiab.env echo "Wrote STAGE=0 (counter) to /etc/iiab/iiab.env" - elif [ "$STAGE" -ge 2 ] && [ "$1" == "--debug" ]; then + elif [ "$STAGE" -ge 2 ] && $($DEBUG); then STAGE=2 sed -i 's/^STAGE=.*/STAGE=2/' /etc/iiab/iiab.env echo "Wrote STAGE=2 (counter) to /etc/iiab/iiab.env" elif [ "$STAGE" -eq 9 ]; then - echo -e "\nEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done." - echo -e "Use './iiab-install --reinstall' to force running all Stages 0-9, followed by the Network Role." - echo -e "Use './iiab-install --debug' to run Stage 0, followed by Stages 3-9, followed by the Network Role." - echo -e "Use './iiab-configure' to run Stage 0, followed by Stages 4-9." - echo -e "Use './runrole' to run Stage 0, followed by a single Stage or Role." - echo -e "Use './iiab-network' to run Stage 0, followed by the Network Role.\n\n" - - exit 0 # Allows rerunning http://download.iiab.io/install.txt + echo -e "\n\e[1mEXITING: STAGE (counter) in /etc/iiab/iiab.env shows Stage 9 Is Already Done.\e[0m" + usage + exit 0 # Allows rerunning https://download.iiab.io/install.txt fi fi -if [ "$STAGE" -lt 2 ] && [ "$1" == "--debug" ]; then +if [ "$STAGE" -lt 2 ] && $($DEBUG); then echo -e "\n'--debug' *ignored* as STAGE (counter) < 2." fi @@ -168,6 +194,8 @@ export ANSIBLE_LOG_PATH="$CWD""/iiab-install.log" ansible -m setup -i $INVENTORY localhost --connection=local | grep python ansible -m setup -i $INVENTORY localhost --connection=local >> /dev/null # So vars are recorded in /opt/iiab/iiab/iiab-install.log -ansible-playbook -i $INVENTORY $PLAYBOOK ${ARGS} --connection=local +ARGS="$ARGS}" +echo -e "\nNOW RUN: ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local\n" +ansible-playbook -i $INVENTORY $PLAYBOOK $ARGS --connection=local echo -e "./iiab-install $* COMPLETED IN $CWD\n\n" diff --git a/iiab-network b/iiab-network index 6ff4b5cd3..5dc831b8e 100755 --- a/iiab-network +++ b/iiab-network @@ -4,11 +4,14 @@ CWD=`pwd` export ANSIBLE_LOG_PATH="$CWD/iiab-network.log" -if [ ! -f iiab-network.yml ]; then - echo "iiab-network.yml not found in current directory." - echo "Please rerun this command from the top level of the git repo." - echo "Exiting." +exit_error() { + echo -e "\nEXITING: "$@ | tee -a /opt/iiab/iiab/iiab-network.log exit 1 +} + +if [ ! -f iiab-network.yml ]; then + exit_error "iiab-network.yml not found in current directory." \ + "Please rerun this command from the top level of the git repo." fi OS="unknown" # will be overridden below, if /etc/iiab/iiab.env is legit @@ -19,26 +22,21 @@ if [ -f /etc/iiab/iiab.env ]; then if grep -q STAGE= /etc/iiab/iiab.env ; then echo -e "\nExtracted STAGE=$STAGE (counter) from /etc/iiab/iiab.env" if ! [ "$STAGE" -eq "$STAGE" ] 2> /dev/null; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is non-integer" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE"" is non-integer" elif [ "$STAGE" -lt 0 ] || [ "$STAGE" -gt 9 ]; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE"" is out-of-range" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE"" is out-of-range" elif [ "$STAGE" -lt 3 ]; then - echo -e "\nEXITING: STAGE (counter) value == ""$STAGE" - echo -e "\nIIAB Stage 3 not complete." - echo -e "\nPlease run: ./iiab-install" - exit 1 + exit_error "STAGE (counter) value == ""$STAGE" \ + "\nIIAB Stage 3 not complete." \ + "\nPlease run: ./iiab-install" fi else - echo -e "\nEXITING: STAGE (counter) not found" - echo -e "\nIIAB not installed." - echo -e "\nPlease run: ./iiab-install" - exit 1 + exit_error "STAGE (counter) not found" \ + "\nIIAB not installed." \ + "\nPlease run: ./iiab-install" fi else - echo -e "\nEXITING: /etc/iiab/iiab.env not found" - exit 1 + exit_error "/etc/iiab/iiab.env not found" fi echo "Ansible will now run iiab-network.yml -- log file is iiab-network.log" @@ -94,3 +92,4 @@ echo "iiab-network run start: $Start" echo "iiab-network run end: $End" echo echo "Please REBOOT to fully verify your network -- graphical desktops MUST reboot!" +exit 0 diff --git a/iiab-network.yml b/iiab-network.yml index a72678367..2725a78c5 100644 --- a/iiab-network.yml +++ b/iiab-network.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/iiab-stages.yml b/iiab-stages.yml index 4b0940db6..32a6ca751 100644 --- a/iiab-stages.yml +++ b/iiab-stages.yml @@ -3,11 +3,11 @@ become: yes vars_files: - - roles/0-init/defaults/main.yml - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - roles/0-init/defaults/main.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml tasks: diff --git a/install-support.yml b/install-support.yml.unused similarity index 51% rename from install-support.yml rename to install-support.yml.unused index f8e6802f6..f2835214d 100644 --- a/install-support.yml +++ b/install-support.yml.unused @@ -2,9 +2,9 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml roles: - { role: 0-init } diff --git a/roles/0-init/defaults/main.yml b/roles/0-init/defaults/main.yml index 95cca916b..a07cde5cf 100644 --- a/roles/0-init/defaults/main.yml +++ b/roles/0-init/defaults/main.yml @@ -23,14 +23,6 @@ # ...after it is set in 0-init/tasks/main.yml first_run: False rpi_model: none # 2021-07-30: Broadly used! -#xo_model: none # 2021-07-30: No longer used -# 2021-07-30: Recorded to /etc/iiab/iiab.ini but not used programmatically: -gw_active: False -# 2021-07-30: Broadly used, but not in an organized way -- most all IIAB -# outfitting/provisioning happens online -- in situations where connectivity -# failures should be reported to the operator, rather than papered over: -internet_available: False -discovered_wan_iface: none # 2021-07-30: Very broadly used! # 2021-07-30: Barely used -- for {named, dhcpd, squid} in # roles/network/tasks/main.yml -- after being set in 0-init/tasks/network.yml diff --git a/roles/0-init/tasks/create_iiab_ini.yml b/roles/0-init/tasks/create_iiab_ini.yml index d29f791c8..239ce570d 100644 --- a/roles/0-init/tasks/create_iiab_ini.yml +++ b/roles/0-init/tasks/create_iiab_ini.yml @@ -29,14 +29,16 @@ value: "{{ ansible_architecture }}" - option: iiab_base_ver value: "{{ iiab_base_ver }}" + - option: iiab_remote_url + value: "{{ ansible_local.local_facts.iiab_remote_url }}" - option: iiab_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: iiab_commit value: "{{ ansible_local.local_facts.iiab_commit }}" + - option: iiab_recent_tag + value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: install_date value: "{{ ansible_date_time.iso8601 }}" - #- option: xo_model - # value: "{{ xo_model }}" - option: rpi_model value: "{{ rpi_model }}" - option: devicetree_model diff --git a/roles/0-init/tasks/hostname.yml b/roles/0-init/tasks/hostname.yml index 3d323b3cc..ed79ccf3b 100644 --- a/roles/0-init/tasks/hostname.yml +++ b/roles/0-init/tasks/hostname.yml @@ -1,3 +1,8 @@ +- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" + set_fact: + iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" + FQDN_changed: False + - name: Does /etc/cloud/cloud.cfg exist e.g. is this Ubuntu Server 18+ ? stat: path: /etc/cloud/cloud.cfg @@ -17,16 +22,10 @@ # 2021-08-31: Periods in /etc/hostname fail with some WiFi routers (#2904) # command: hostnamectl set-hostname "{{ iiab_hostname }}.{{ iiab_domain }}" -#- name: Install /etc/sysconfig/network from template (redhat) -# template: -# src: roles/network/templates/network/sysconfig.network.j2 -# dest: /etc/sysconfig/network -# owner: root -# group: root -# mode: 0644 -# when: is_redhat - -# roles/network/tasks/hosts.yml [no longer in use] ALSO did this: +# 2022-07-11: Should the first entry match just hostname and domain move to +# after localhost? See PR's #1 & #8 -- with discussion on #3302 -- and also: +# 1. /etc/hosts -- #1815 solved by PR #1847 +# 2. /etc/hostname -- #2904 solved by PR #2973 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan"' lineinfile: path: /etc/hosts @@ -36,6 +35,14 @@ #group: root #mode: 0644 +# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is +# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it +# should be reconsidered? See PR #2876: roles/network might become optional? +- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" + set_fact: + FQDN_changed: True + when: iiab_fqdn != ansible_fqdn + #- name: Re-configuring httpd - not initial install # include_tasks: roles/httpd/tasks/main.yml # when: iiab_stage|int > 3 diff --git a/roles/0-init/tasks/main.yml b/roles/0-init/tasks/main.yml index 8d93f2441..c8429a4ea 100644 --- a/roles/0-init/tasks/main.yml +++ b/roles/0-init/tasks/main.yml @@ -11,14 +11,8 @@ set_fact: rpi_model: "{{ ansible_local.local_facts.rpi_model }}" devicetree_model: "{{ ansible_local.local_facts.devicetree_model }}" - #xo_model: "{{ ansible_local.local_facts.xo_model }}" iiab_stage: "{{ ansible_local.local_facts.stage }}" -# 2020-10-29: Appears no longer nec (see 3 above ansible_local.local_facts.*) -#- name: Re-read local_facts.facts from /etc/ansible/facts.d -# setup: -# filter: ansible_local - # Initialize /etc/iiab/iiab.ini writing the 'location' and 'version' sections # once and only once, to preserve the install date and git hash. - name: Create {{ iiab_ini_file }}, if it doesn't exist @@ -27,9 +21,9 @@ # 2021-07-30: The 'first_run' flag isn't much used anymore. In theory it's # still used in these 2 places: -# (1) roles/1-prep/tasks/main.yml for raspberry_pi.yml +# (1) roles/1-prep/tasks/hardware.yml for raspberry_pi.yml # (2) roles/network/tasks/named.yml for "Stop named before copying files" -# In practice however, it's no longer important, and might be reconsidered? +# This needs to be reworked for 0-init speed, and overall understandability. - name: Set first_run flag set_fact: first_run: True @@ -38,11 +32,14 @@ # Copies the latest/known version of iiab-diagnostics into /usr/bin (so it can # be run even if local source tree /opt/iiab/iiab is deleted to conserve disk). -- name: Copy /opt/iiab/iiab/scripts/iiab-diagnostics to /usr/bin/iiab-diagnostics +- name: Copy iiab-summary & iiab-diagnostics from /opt/iiab/iiab/scripts/ to /usr/bin/ copy: - src: "{{ iiab_dir }}/scripts/iiab-diagnostics" + src: "{{ iiab_dir }}/scripts/{{ item }}" dest: /usr/bin/ mode: '0755' + with_items: + - iiab-summary + - iiab-diagnostics - name: Create globally-writable directory /etc/iiab/diag (0777) so non-root users can run 'iiab-diagnostics' file: @@ -57,9 +54,8 @@ - name: "Time Zone / TZ: Set symlink /etc/localtime to UTC if it doesn't exist?" include_tasks: tz.yml -- name: Test Gateway + Test Internet + Set new hostname/domain (hostname.yml) if nec + Set 'gui_port' to 80 or 443 for Admin Console - include_tasks: network.yml - +- name: Set hostname / domain (etc) in various places + include_tasks: hostname.yml - name: Add 'runtime' variable values to {{ iiab_ini_file }} ini_file: @@ -74,10 +70,14 @@ value: "{{ iiab_base_ver }}" - option: iiab_revision value: "{{ iiab_revision }}" + - option: iiab_remote_url + value: "{{ ansible_local.local_facts.iiab_remote_url }}" - option: runtime_branch value: "{{ ansible_local.local_facts.iiab_branch }}" - option: runtime_commit value: "{{ ansible_local.local_facts.iiab_commit }}" + - option: iiab_recent_tag + value: "{{ ansible_local.local_facts.iiab_recent_tag }}" - option: runtime_date value: "{{ ansible_date_time.iso8601 }}" - option: ansible_version @@ -88,10 +88,6 @@ value: "{{ ansible_memtotal_mb }}" - option: swap_mb value: "{{ ansible_swaptotal_mb }}" - - option: gw_active - value: "{{ gw_active }}" - - option: internet_available - value: "{{ internet_available }}" - option: rpi_model value: "{{ rpi_model }}" - option: devicetree_model @@ -102,10 +98,6 @@ value: "{{ local_tz }}" - option: etc_localtime.stdout # e.g. 'America/New_York' direct from symlink /etc/localtime -- or '' if /etc/localtime doesn't exist value: "{{ etc_localtime.stdout }}" - #- option: no_NM_reload - # value: "{{ no_NM_reload }}" - #- option: is_F18 - # value: "{{ is_F18 }}" - option: FQDN_changed value: "{{ FQDN_changed }}" diff --git a/roles/0-init/tasks/network.yml b/roles/0-init/tasks/network.yml deleted file mode 100644 index c0d52ba68..000000000 --- a/roles/0-init/tasks/network.yml +++ /dev/null @@ -1,74 +0,0 @@ -- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here... - debug: - var: ansible_default_ipv4 - -- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" - set_fact: - discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" - when: ansible_default_ipv4.gateway is defined - -- name: "Verify gateway active: ping -c4 {{ ansible_default_ipv4.gateway }} -- using ansible_default_ipv4.gateway" - shell: ping -c4 "{{ ansible_default_ipv4.gateway }}" | grep icmp_seq=4 | wc -l - register: gw_active_test - when: discovered_wan_iface != "none" - -- name: "If gateway responded, set 'gw_active: True' and 'iiab_wan_iface: {{ discovered_wan_iface }}' -- using discovered_wan_iface" - set_fact: - iiab_wan_iface: "{{ discovered_wan_iface }}" - gw_active: True - when: discovered_wan_iface != "none" and gw_active_test.stdout == "1" - - -- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' - get_url: - url: "{{ iiab_download_url }}/heart-beat.txt" - dest: /tmp/heart-beat.txt - #timeout: "{{ download_timeout }}" - # @jvonau recommends: 100sec is too much (keep 10sec default) - ignore_errors: True - #async: 10 - #poll: 2 - register: internet_access_test - -- name: "Set 'internet_available: True' if above download succeeded AND not disregard_network" - set_fact: - internet_available: True # Initialized to 'False' in 0-init/defaults/main.yml - when: not internet_access_test.failed and not disregard_network - -- name: Remove downloaded Internet test file /tmp/heart-beat.txt - file: - path: /tmp/heart-beat.txt - state: absent - - -- name: "Set 'iiab_fqdn: {{ iiab_hostname }}.{{ iiab_domain }}'" - set_fact: - iiab_fqdn: "{{ iiab_hostname }}.{{ iiab_domain }}" - FQDN_changed: False - -- name: Set hostname / domain (etc) in various places -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }}) - include_tasks: hostname.yml - when: iiab_fqdn != ansible_fqdn - -# 2021-07-30: FQDN_changed isn't used as in the past -- its remaining use is -# for {named, dhcpd, squid} in roles/network/tasks/main.yml -- possibly it -# should be reconsidered? See PR #2876: roles/network might become optional? -- name: "Also set 'FQDN_changed: True' -- if iiab_fqdn != ansible_fqdn ({{ ansible_fqdn }})" - set_fact: - FQDN_changed: True - when: iiab_fqdn != ansible_fqdn - - -# 2021-08-17: (1) iiab-gen-iptables works better if gui_port is set directly in -# default_vars.yml and/or local_vars.yml (2) Admin Console's iiab-admin.yml -# and js-menu.yml set 'adm_cons_force_ssl: False' - -# - name: "Set 'gui_port: 80' for Admin Console if not adm_cons_force_ssl" -# set_fact: -# gui_port: 80 -# when: not adm_cons_force_ssl - -# - name: "Set 'gui_port: 443' for Admin Console if adm_cons_force_ssl" -# set_fact: -# gui_port: 443 -# when: adm_cons_force_ssl diff --git a/roles/0-init/tasks/validate_vars.yml b/roles/0-init/tasks/validate_vars.yml index f29525daf..f5277d2d9 100644 --- a/roles/0-init/tasks/validate_vars.yml +++ b/roles/0-init/tasks/validate_vars.yml @@ -63,15 +63,13 @@ # # 2020-11-04: Fix validation of 5 [now 4] core dependencies, for ./runrole etc + - name: Set vars_checklist for 44 + 44 + 40 vars ("XYZ_install" + "XYZ_enabled" + "XYZ_installed") to be checked set_fact: vars_checklist: - hostapd - - dhcpd - - named - dnsmasq - bluetooth - #- wondershaper # Unmaintained - sshd - openvpn - remoteit @@ -80,18 +78,10 @@ #- apache # Unmaintained - former dependency #- mysql # MANDATORY - squid - #- dansguardian # Unmaintained - cups - samba - usb_lib - #- xo_services # Unmaintained - #- activity_server # Unmaintained - #- ejabberd_xs # Unmaintained - #- idmgr # Unmaintained - azuracast - #- dokuwiki # Unmaintained - #- ejabberd # Unmaintained - #- elgg # Unmaintained - gitea - jupyterhub - lokole @@ -111,6 +101,7 @@ - osm_vector_maps - transmission - awstats + - matomo - monit - munin - phpmyadmin @@ -122,6 +113,7 @@ - calibreweb - calibre - pbx + - network - name: Assert that {{ vars_checklist | length }} "XYZ_install" vars are all... defined assert: @@ -165,3 +157,21 @@ quiet: yes when: item != 'nodejs' and item != 'postgresql' and item != 'mongodb' and item != 'yarn' # Exclude auto-installed dependencies loop: "{{ vars_checklist }}" + +- name: 'DISALLOW "XYZ_install: True" if deprecated' + assert: + that: "{{ item }}_install is undefined or not {{ item }}_install" + fail_msg: "DISALLOWED: '{{ item }}_install: True' (e.g. in /etc/iiab/local_vars.yml)" + quiet: yes + with_items: + - dhcpd # Deprecated + - named # Deprecated + - wondershaper # Deprecated + - dansguardian # Deprecated + #- xo_services # Unmaintained + #- activity_server # Unmaintained + #- ejabberd_xs # Unmaintained + #- idmgr # Unmaintained + #- dokuwiki # Unmaintained + #- ejabberd # Unmaintained + #- elgg # Unmaintained diff --git a/roles/1-prep/tasks/hardware.yml b/roles/1-prep/tasks/hardware.yml index 4c50c0d8a..89efd2453 100644 --- a/roles/1-prep/tasks/hardware.yml +++ b/roles/1-prep/tasks/hardware.yml @@ -14,7 +14,7 @@ - name: Download {{ iiab_download_url }}/iwlwifi-8000C-13.ucode to /lib/firmware for built-in WiFi on NUC6 get_url: - url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # http://download.iiab.io/packages + url: "{{ iiab_download_url }}/iwlwifi-8000C-13.ucode" # https://download.iiab.io/packages dest: /lib/firmware timeout: "{{ download_timeout }}" when: usb_NUC6.stdout|int > 0 diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 9f44befc8..929dd04da 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -23,9 +23,21 @@ name: iiab-admin #when: iiab_admin_install # Flag might be created in future? -- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 - include_tasks: roles/network/tasks/dnsmasq.yml - #when: dnsmasq_install # Flag might be used in future? +- name: Copy iiab-apps-to-be-installed from {{ iiab_dir }}/scripts to /usr/bin/ + copy: + src: "{{ iiab_dir }}/scripts/iiab-apps-to-be-installed" # /opt/iiab/iiab + dest: /usr/bin/ + mode: '0755' + +- name: Copy iiab-network from {{ iiab_dir }}/scripts to /usr/local/bin/ + copy: + src: "{{ iiab_dir }}/scripts/iiab-network" + dest: /usr/local/bin/ + mode: '0755' + +- name: Install ~12 network/wifi/related packages + Squid if necessary + configure /etc/sysctl.conf -- full configuration LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/install.yml + when: network_install and network_installed is undefined - include_tasks: uuid.yml - include_tasks: ubermix.yml @@ -62,7 +74,10 @@ # when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed -- name: Recording STAGE 1 HAS COMPLETED ============================ +- name: Install {{ iiab_env_file }} from template -- FYI this file can be run as a script if absolutely nec -- e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT' template: src: roles/1-prep/templates/iiab.env.j2 - dest: "{{ iiab_env_file }}" # Can also be run as a script if absolutely nec, e.g. 'source /etc/iiab/iiab.env && echo $WWWROOT' + dest: "{{ iiab_env_file }}" + +- name: Recording STAGE 1 HAS COMPLETED ============================ + meta: noop diff --git a/roles/1-prep/templates/iiab-expand-rootfs b/roles/1-prep/templates/iiab-expand-rootfs index 82799f8d8..2cd28de46 100644 --- a/roles/1-prep/templates/iiab-expand-rootfs +++ b/roles/1-prep/templates/iiab-expand-rootfs @@ -11,11 +11,11 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then echo "$0: Expanding rootfs partition" -# if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS -# # 2022-02-17: Uses do_expand_rootfs() from: -# # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config -# raspi-config --expand-rootfs # REQUIRES A REBOOT -# else # REQUIRES NO REBOOT; works on all OS's + if [ -x /usr/bin/raspi-config ]; then # Raspberry Pi OS + # 2022-02-17: Uses do_expand_rootfs() from: + # https://github.com/RPi-Distro/raspi-config/blob/master/raspi-config + raspi-config --expand-rootfs # REQUIRES A REBOOT + else # REQUIRES NO REBOOT; BEWARE iiab-expand-rootfs.service RACE CONDITION WITH fsck (PR #2522 & #3325) # 2022-03-15: Borrows from above raspi-config URL's do_expand_rootfs() ROOT_PART="$(findmnt / -o SOURCE -n)" # e.g. /dev/sda2 or /dev/mmcblk0p2 ROOT_DEV="/dev/$(lsblk -no pkname "$ROOT_PART")" # e.g. /dev/sda or /dev/mmcblk0 @@ -53,7 +53,7 @@ if [ -f /.expand-rootfs ] || [ -f /.resize-rootfs ]; then # # Resize partition # growpart /dev/$root_dev $root_part_no # resize2fs /dev/$root_part -# fi + fi rm -f /.expand-rootfs /.resize-rootfs fi diff --git a/roles/2-common/tasks/fl.yml b/roles/2-common/tasks/fl.yml index 30c8266e7..829b8dfbf 100644 --- a/roles/2-common/tasks/fl.yml +++ b/roles/2-common/tasks/fl.yml @@ -1,6 +1,6 @@ # fl.yml signifies "file layout" -- name: "File Layout - Create directories: 1 in /etc, 1 in {{ py3_dist_path }}, 3 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab +- name: "File Layout - Create directories: 1 in {{ py3_dist_path }}, 2 in {{ iiab_base }}, 17 in {{ content_base }}" # iiab_base: /opt/iiab file: path: "{{ item }}" # owner: root @@ -8,9 +8,9 @@ # mode: '0755' state: directory with_items: - - /etc/sysconfig/olpc-scripts/setup.d/installed/ + #- /etc/sysconfig/olpc-scripts/setup.d/installed/ - "{{ py3_dist_path }}/iiab" # /usr/lib/python3/dist-packages - - "{{ yum_packages_dir }}" # /opt/iiab/yum-packages + #- "{{ yum_packages_dir }}" # /opt/iiab/yum-packages - "{{ pip_packages_dir }}" # /opt/iiab/pip-packages - "{{ downloads_dir }}" # /opt/iiab/downloads #- "{{ content_base }}/downloads" # /library/downloads auto-created just below diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index 9ed8ff007..c6fb3f21c 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -8,8 +8,14 @@ - include_tasks: packages.yml -- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) - include_tasks: network.yml +- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' in /etc/sysctl.conf" + sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot + name: "{{ item.name }}" + value: "{{ item.value }}" + with_items: + #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? + - { name: 'kernel.core_uses_pid', value: '1' } + #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - include_tasks: iiab-startup.yml diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml index d731b25fc..889f9bd3f 100644 --- a/roles/2-common/tasks/packages.yml +++ b/roles/2-common/tasks/packages.yml @@ -16,12 +16,12 @@ #- lynx # 505kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml #- make # 376kB download: 2021-07-27: Currently used by roles/pbx and no other roles - mlocate # 92kB download - #- ntfs-3g # 379kB download: RaspiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 + #- ntfs-3g # 379kB download: RasPiOS installs this regardless -- 2021-07-31: But this should no longer be nec with 5.4+ kernels, similar to exfat packages above -- however, see also this symlink warning: https://superuser.com/questions/1050544/mount-with-kernel-ntfs-and-not-ntfs-3g -- and upcoming kernel 5.15 improvements: https://www.phoronix.com/scan.php?page=news_item&px=New-NTFS-Likely-For-Linux-5.15 #- openssh-server # 318kB download: RasPiOS installs this regardless -- this is also installed by 1-prep's roles/sshd/tasks/main.yml to cover all OS's - pandoc # 19kB download: For /usr/bin/iiab-refresh-wiki-docs - pastebinit # 47kB download: For /usr/bin/iiab-diagnostics #- python3-pip # 337kB download: RasPiOS installs this regardless -- 2021-07-29: And already installed by /opt/iiab/iiab/scripts/ansible -- this auto-installs 'python3-setuptools' and 'python3' etc - #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RaspiOS 10 did not. + #- python3-venv # 1188kB download: RasPiOS installs this regardless -- 2021-07-30: For Ansible module 'pip' used in roles like {calibre-web, jupyterhub, lokole} -- whereas roles/kalite uses (virtual) package 'virtualenv' for Python 2 -- all these 3+1 IIAB roles install 'python3-venv' for themselves. FYI: Debian 11 auto-installs 'python3-venv' when you install 'python3' -- whereas Ubuntu (e.g. 20.04 & 21.10) and RasPiOS 10 did not. - rsync # 351kB download: RasPiOS installs this regardless #- screen # 551kB download: Installed by 1-prep's roles/iiab-admin/tasks/main.yml - sqlite3 # 1054kB download diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8ccf6b88b..9bed4e5e8 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -24,23 +24,6 @@ name: sshd when: sshd_install - -# UNMAINTAINED -- name: Install named / BIND - include_tasks: roles/network/tasks/named.yml - when: named_install is defined and named_install - -# UNMAINTAINED -- name: Install dhcpd - include_tasks: roles/network/tasks/dhcpd.yml - when: dhcpd_install is defined and dhcpd_install - -# LESS MAINTAINED -- name: Install Squid - include_tasks: roles/network/tasks/squid.yml - when: squid_install and squid_installed is undefined - - - name: Install Bluetooth - only on Raspberry Pi include_role: name: bluetooth diff --git a/roles/6-generic-apps/tasks/main.yml b/roles/6-generic-apps/tasks/main.yml index 152ff6358..1c36cb5d3 100644 --- a/roles/6-generic-apps/tasks/main.yml +++ b/roles/6-generic-apps/tasks/main.yml @@ -3,6 +3,7 @@ - name: ...IS BEGINNING ==================================== meta: noop +# UNMAINTAINED - name: AZURACAST include_role: name: azuracast @@ -36,10 +37,11 @@ name: jupyterhub when: jupyterhub_install +# UNMAINTAINED - name: LOKOLE include_role: name: lokole - when: lokole_install + when: lokole_install is defined and lokole_install - name: MEDIAWIKI include_role: @@ -59,7 +61,7 @@ - name: NEXTCLOUD include_role: name: nextcloud - when: nextcloud_install and not is_ubuntu_2204 # TEMPORARY + when: nextcloud_install - name: WORDPRESS include_role: diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml index ba3ac6911..b7dd56855 100644 --- a/roles/7-edu-apps/tasks/main.yml +++ b/roles/7-edu-apps/tasks/main.yml @@ -11,7 +11,7 @@ - name: KOLIBRI include_role: name: kolibri - when: kolibri_install and not is_ubuntu_2204 # TEMPORARY + when: kolibri_install - name: KIWIX include_role: @@ -21,7 +21,7 @@ - name: MOODLE include_role: name: moodle - when: moodle_install and not is_ubuntu_2204 # TEMPORARY + when: moodle_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: OSM-VECTOR-MAPS include_role: @@ -43,7 +43,7 @@ - name: SUGARIZER include_role: name: sugarizer - when: sugarizer_install and not is_ubuntu_2204 # TEMPORARY + when: sugarizer_install and not is_ubuntu_2204 and not is_ubuntu_2210 # TEMPORARY - name: Recording STAGE 7 HAS COMPLETED ======================== lineinfile: diff --git a/roles/8-mgmt-tools/tasks/main.yml b/roles/8-mgmt-tools/tasks/main.yml index e75f97e23..61ac785ad 100644 --- a/roles/8-mgmt-tools/tasks/main.yml +++ b/roles/8-mgmt-tools/tasks/main.yml @@ -12,7 +12,12 @@ include_role: name: awstats when: awstats_install - + +- name: MATOMO + include_role: + name: matomo + when: matomo_install + - name: MONIT include_role: name: monit diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index 79615d71a..47ae7b247 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -19,27 +19,34 @@ quiet: yes -- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: awstats_installed is undefined +- block: + - name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: awstats_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'awstats' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: awstats + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: AWStats + - option: description + value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' + - option: awstats_install + value: "{{ awstats_install }}" + - option: awstats_enabled + value: "{{ awstats_enabled }}" -- name: Add 'awstats' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: awstats - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: AWStats - - option: description - value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' - - option: awstats_install - value: "{{ awstats_install }}" - - option: awstats_enabled - value: "{{ awstats_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/awstats/templates/awstats.schoolserver.conf.j2 b/roles/awstats/templates/awstats.schoolserver.conf.j2 index 40816fef5..2a5e8802d 100644 --- a/roles/awstats/templates/awstats.schoolserver.conf.j2 +++ b/roles/awstats/templates/awstats.schoolserver.conf.j2 @@ -261,7 +261,7 @@ AllowToUpdateStatsFromBrowser=1 # 3 - Possible on CLI and CGI # Default: 2 # -AllowFullYearView=2 +AllowFullYearView=3 diff --git a/roles/azuracast/README.rst b/roles/azuracast/README.rst index 420bfb92d..fca21ce96 100644 --- a/roles/azuracast/README.rst +++ b/roles/azuracast/README.rst @@ -1,6 +1,6 @@ -========== +================ AzuraCast README -========== +================ This playbook adds `AzuraCast `_ to Internet-in-a-Box (IIAB) for network radio station functionality. With 'AzuraCast' you and your community can schedule podcasts, music, and even do live streaming of audio content. A variety of streaming formats are supported. @@ -11,7 +11,7 @@ As of 2019-08-04, this will only run on Ubuntu 18.04, and tentatively on Debian Using It -------- -* Do a normal IIAB install (http://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. +* Do a normal IIAB install (https://download.iiab.io), making sure to set both variables ``azuracast_install`` and ``azuracast_enabled`` to ``True`` when it prompts you to edit `/etc/iiab/local_vars.yml `_, as you begin the installation. * When the IIAB software install completes, it will ask you to reboot, and AzuraCast's console will then be available at http://box.lan:10080 * This console site will prompt you to complete AzuraCast's initial setup: user accounts, managing stations, radio streams, etc. * Finally, check out some `how-to videos `_ to learn to manage your own radio station! diff --git a/roles/calibre-web/tasks/nginx.yml b/roles/calibre-web/tasks/enable-or-disable.yml similarity index 67% rename from roles/calibre-web/tasks/nginx.yml rename to roles/calibre-web/tasks/enable-or-disable.yml index 046bc65b8..b196176f9 100644 --- a/roles/calibre-web/tasks/nginx.yml +++ b/roles/calibre-web/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled + systemd: + name: calibre-web + daemon_reload: yes + enabled: yes + state: restarted + when: calibreweb_enabled + +- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled + systemd: + name: calibre-web + enabled: no + state: stopped + when: not calibreweb_enabled + + # TO DO: restore http://box/libros & http://box/livres etc, alongside English (#2195) # RELATED: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy diff --git a/roles/calibre-web/tasks/install.yml b/roles/calibre-web/tasks/install.yml index 8616674e6..65a88168c 100644 --- a/roles/calibre-web/tasks/install.yml +++ b/roles/calibre-web/tasks/install.yml @@ -51,7 +51,7 @@ # VIRTUALENV EXAMPLE COMMANDS: # cd /usr/local/calibre-web-py3 # source bin/activate -# python3 -m pip list +# python3 -m pip list ('pip list' probably sufficient, likewise below) # python3 -m pip freeze > /tmp/requirements.txt # python3 -m pip install -r requirements.txt # deactivate diff --git a/roles/calibre-web/tasks/main.yml b/roles/calibre-web/tasks/main.yml index e8be74274..cc0e89850 100644 --- a/roles/calibre-web/tasks/main.yml +++ b/roles/calibre-web/tasks/main.yml @@ -19,56 +19,47 @@ quiet: yes -- name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: calibreweb_installed is undefined +- block: + - name: Install Calibre-Web if 'calibreweb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: calibreweb_installed is undefined -- name: Enable & Restart 'calibre-web' systemd service, if calibreweb_enabled - systemd: - name: calibre-web - daemon_reload: yes - enabled: yes - state: restarted - when: calibreweb_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'calibre-web' systemd service, if not calibreweb_enabled - systemd: - name: calibre-web - enabled: no - state: stopped - when: not calibreweb_enabled + - name: Add 'calibre-web' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre-web + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Calibre-Web + - option: description + value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."' + - option: calibreweb_install + value: "{{ calibreweb_install }}" + - option: calibreweb_enabled + value: "{{ calibreweb_enabled }}" + - option: calibreweb_url1 + value: "{{ calibreweb_url1 }}" + - option: calibreweb_url2 + value: "{{ calibreweb_url2 }}" + - option: calibreweb_url3 + value: "{{ calibreweb_url3 }}" + - option: calibreweb_path + value: "{{ calibreweb_venv_path }}" + - option: calibreweb_home + value: "{{ calibreweb_home }}" + - option: calibreweb_port + value: "{{ calibreweb_port }}" + - option: calibreweb_settings_database + value: "{{ calibreweb_settings_database }}" -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + rescue: - -- name: Add 'calibre-web' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: calibre-web - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Calibre-Web - - option: description - value: '"Calibre-Web is a web app providing a clean interface for browsing, reading and downloading e-books."' - - option: calibreweb_install - value: "{{ calibreweb_install }}" - - option: calibreweb_enabled - value: "{{ calibreweb_enabled }}" - - option: calibreweb_url1 - value: "{{ calibreweb_url1 }}" - - option: calibreweb_url2 - value: "{{ calibreweb_url2 }}" - - option: calibreweb_url3 - value: "{{ calibreweb_url3 }}" - - option: calibreweb_path - value: "{{ calibreweb_venv_path }}" - - option: calibreweb_home - value: "{{ calibreweb_home }}" - - option: calibreweb_port - value: "{{ calibreweb_port }}" - - option: calibreweb_settings_database - value: "{{ calibreweb_settings_database }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/calibre/defaults/main.yml b/roles/calibre/defaults/main.yml index b41475e23..0f3643735 100644 --- a/roles/calibre/defaults/main.yml +++ b/roles/calibre/defaults/main.yml @@ -34,11 +34,11 @@ calibre_userdb: "{{ calibre_dbpath }}/users.sqlite" # calibre-server --manage-users --userdb /library/calibre/users.sqlite calibre_sample_book: "Metamorphosis-jackson.epub" -# Must be downloadable from http://download.iiab.io/packages +# Must be downloadable from https://download.iiab.io/packages calibre_src_url: "https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py" -calibre_deb_url: "{{ iiab_download_url }}" # http://download.iiab.io/packages +calibre_deb_url: "{{ iiab_download_url }}" # https://download.iiab.io/packages # Above URL must offer both .deb files below: (for scripts/calibre-install-pinned-rpi.sh to run) calibre_deb_pin_version: 3.33.1+dfsg-1 # for calibre_3.33.1+dfsg-1_all.deb (24M, 2018-10-21) calibre_bin_deb_pin_version: "{{ calibre_deb_pin_version }}" # for calibre-bin_3.33.1+dfsg-1_armhf.deb (706K, 2018-10-23) diff --git a/roles/calibre/tasks/enable-or-disable.yml b/roles/calibre/tasks/enable-or-disable.yml new file mode 100644 index 000000000..07a0cc911 --- /dev/null +++ b/roles/calibre/tasks/enable-or-disable.yml @@ -0,0 +1,29 @@ +# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) +# +# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: +# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 +# (anyway this works great for calibre-web, allowing http://box/books +# to work even better than http://box:8083 when box == 192.168.0.x !) +# +#- name: Attempt to enable http://box/calibre via Apache (UNTESTED) +# command: a2ensite calibre.conf +# when: apache_installed and calibre_enabled +# +#- name: Attempt to disable http://box/calibre via Apache (UNTESTED) +# command: a2dissite calibre.conf +# when: apache_installed and not calibre_enabled + +- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled + systemd: + daemon_reload: yes + name: calibre-serve + enabled: yes + state: restarted + when: calibre_enabled + +- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled + systemd: + name: calibre-serve + enabled: no + state: stopped + when: not calibre_enabled diff --git a/roles/calibre/tasks/main.yml b/roles/calibre/tasks/main.yml index bedb960de..a6504b658 100644 --- a/roles/calibre/tasks/main.yml +++ b/roles/calibre/tasks/main.yml @@ -19,65 +19,37 @@ quiet: yes -- name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: calibre_installed is undefined +- block: -# http://box:8080 & http://box:8080/mobile WORK BUT OTHER URL'S LIKE http://box/calibre ARE A MESS (BOOKS RARELY DISPLAY) -# -# 2018-08-27 POSSIBLE FIX...CONSIDER THIS ProxyPass / ProxyPassReverse TECHNIQUE: -# https://github.com/iiab/iiab/tree/master/roles/calibre-web/templates/calibre-web.conf.j2 -# (anyway this works great for calibre-web, allowing http://box/books -# to work even better than http://box:8083 when box == 192.168.0.x !) -# -#- name: Attempt to enable http://box/calibre via Apache (UNTESTED) -# command: a2ensite calibre.conf -# when: apache_installed and calibre_enabled -# -#- name: Attempt to disable http://box/calibre via Apache (UNTESTED) -# command: a2dissite calibre.conf -# when: apache_installed and not calibre_enabled + - name: Install Calibre if 'calibre_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: calibre_installed is undefined -- name: Enable & (Re)Start 'calibre-serve' service, if calibre_enabled - systemd: - daemon_reload: yes - name: calibre-serve - enabled: yes - state: restarted - when: calibre_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'calibre-serve' service, if not calibre_enabled - systemd: - name: calibre-serve - enabled: no - state: stopped - when: not calibre_enabled + - name: Add 'calibre' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: calibre + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Calibre + - option: description + value: '"Calibre is an extremely popular personal library system for e-books."' + - option: calibre_src_url + value: "{{ calibre_src_url }}" + - option: calibre_dbpath + value: "{{ calibre_dbpath }}" + - option: calibre_port + value: "{{ calibre_port }}" + - option: calibre_enabled + value: "{{ calibre_enabled }}" -#- name: Enable/Disable/Restart Apache if primary -# include_tasks: apache.yml -# when: not nginx_enabled -# -#- name: Enable/Disable/Restart NGINX if primary -# include_tasks: nginx.yml -# when: nginx_enabled + rescue: - -- name: Add 'calibre' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: calibre - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Calibre - - option: description - value: '"Calibre is an extremely popular personal library system for e-books."' - - option: calibre_src_url - value: "{{ calibre_src_url }}" - - option: calibre_dbpath - value: "{{ calibre_dbpath }}" - - option: calibre_port - value: "{{ calibre_port }}" - - option: calibre_enabled - value: "{{ calibre_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md index 11736aadd..ddacbe311 100644 --- a/roles/captiveportal/README.md +++ b/roles/captiveportal/README.md @@ -1,4 +1,4 @@ -_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](http://wiki.laptop.org/go/IIAB/FAQ#Captive_Portal_Administration:_What_tips_.26_tricks_exist.3F)_ +_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](https://wiki.iiab.io/go/FAQ#Captive_Portal_Administration:_What_tips_&_tricks_exist%3F)_ ## Theory of Operation diff --git a/roles/captiveportal/tasks/install.yml b/roles/captiveportal/tasks/install.yml index af022f0e9..ab25d50b6 100644 --- a/roles/captiveportal/tasks/install.yml +++ b/roles/captiveportal/tasks/install.yml @@ -26,7 +26,7 @@ mode: "{{ item.mode }}" with_items: - { src: roles/captiveportal/templates/checkurls, dest: /opt/iiab/captiveportal/, mode: '0644' } - - { src: roles/captiveportal/templates/iiab-divert-to-nginx, dest: /usr/sbin/, mode: '0755' } + - { src: roles/captiveportal/templates/iiab-divert-to-nginx.j2, dest: /usr/sbin/iiab-divert-to-nginx, mode: '0755' } - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, dest: /usr/sbin/, mode: '0755' } - name: Install /opt/iiab/captiveportal/capture-wsgi.py from template, mode '0755' (creates the server) diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml index 0b3408b75..bd24b7186 100644 --- a/roles/captiveportal/tasks/main.yml +++ b/roles/captiveportal/tasks/main.yml @@ -19,27 +19,33 @@ quiet: yes -- name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: captiveportal_installed is undefined +- block: + - name: Install Captive Portal if 'captiveportal_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: captiveportal_installed is undefined -- name: Enable or Disable Captive Portal - include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'captiveportal' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: captiveportal + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Captive Portal + - option: description + value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' + - option: captiveportal_install + value: "{{ captiveportal_install }}" + - option: captiveportal_enabled + value: "{{ captiveportal_enabled }}" -- name: Add 'captiveportal' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: captiveportal - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Captive Portal - - option: description - value: '"Captive Portal tries to open the browser automatically, so users don''t have to type in URL''s like http://box.lan in support of kiosk-like situations, in multilingual and less literate communities."' - - option: captiveportal_install - value: "{{ captiveportal_install }}" - - option: captiveportal_enabled - value: "{{ captiveportal_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx.j2 similarity index 63% rename from roles/captiveportal/templates/iiab-divert-to-nginx rename to roles/captiveportal/templates/iiab-divert-to-nginx.j2 index c708de87a..8d6d06b2e 100755 --- a/roles/captiveportal/templates/iiab-divert-to-nginx +++ b/roles/captiveportal/templates/iiab-divert-to-nginx.j2 @@ -1,4 +1,4 @@ #!/bin/bash -x -awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture +awk '{print("address=/" $1 "/{{ lan_ip }}")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture echo "#following tells windows 7 that captive portal is active" >> /etc/dnsmasq.d/capture echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture diff --git a/roles/cups/README.md b/roles/cups/README.md index 493673715..6cf926c88 100644 --- a/roles/cups/README.md +++ b/roles/cups/README.md @@ -2,7 +2,7 @@ [CUPS](https://en.wikipedia.org/wiki/CUPS) (also known as the "Common UNIX Printing System") is the standards-based, open source printing system for Linux and macOS. -It allows your [Internet-in-a-Box (IIAB)](http://internet-in-a-box.org) to act as a print server. +It allows your [Internet-in-a-Box (IIAB)](https://internet-in-a-box.org) to act as a print server. This can be useful if a printer is attached to your IIAB — so student/teacher print jobs from client computers and phones can be processed — and then sent to the appropriate printer. diff --git a/roles/cups/tasks/install.yml b/roles/cups/tasks/install.yml index ea073de16..12296cfe5 100644 --- a/roles/cups/tasks/install.yml +++ b/roles/cups/tasks/install.yml @@ -49,7 +49,7 @@ blockinfile: path: /etc/cups/cupsd.conf insertafter: '^$' - block: |2 # Indent with 2 spaces, and surround block with 2 comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK" + block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below. Also surround block with comment lines: "# BEGIN ANSIBLE MANAGED BLOCK", "# END ANSIBLE MANAGED BLOCK" AuthType Default Require user @SYSTEM @@ -76,14 +76,14 @@ name: cups state: started -# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +# - name: "Authorize Nearby IP Addresses: Run 'cupsctl --remote-admin --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" # command: cupsctl --remote-admin --share-printers --user-cancel-any # 2021-07-11: BOTH FLAGS *CANNOT* BE USED TOGETHER -- CHOOSE ONE OR THE OTHER: # (1) '--remote-admin' AS ABOVE, OR (2) '--remote-any' AS BELOW. # (RUN 'cupsctl' WITHOUT PARAMETERS TO CONFIRM THIS!) -- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://172.18.96.1:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" +- name: "Authorize All IP Addresses: Run 'cupsctl --remote-any --share-printers --user-cancel-any' to enable http://192.168.0.x:631 AND http://{{ lan_ip }}:631 AND http://10.8.0.y:631 (if cups_enabled) -- REPEATED USE OF 'cupsctl' COMMANDS CAN *DAMAGE* /etc/cups/cupsd.conf BY ADDING DUPLICATE LINES (AND WORSE!) -- SO PLEASE ALSO MANUALLY RUN 'sudo cupsctl' AND 'sudo cupsd -t' TO VERIFY /etc/cups/cupsd.conf" command: cupsctl --remote-any --share-printers --user-cancel-any # 2021-07-11: In theory 'cupsctl' stanzas could be put in enable-or-disable.yml @@ -96,7 +96,7 @@ # command: cupsctl --no-remote-admin --no-remote-any --no-share-printers --no-user-cancel-any --no-debug-logging # when: not cups_enabled -# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://172.18.96.1/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://172.18.96.1:631, http://10.8.0.x:631" +# - name: "2021-07-14: EXPERIMENTALLY ADD DIRECTIVES TO /etc/cups/cupsd.conf followed by 'systemctl restart cups'. As should no longer be nec thanks to NEW cups/templates/cups.conf for /etc/nginx/conf.d/cups.conf (followed by 'systemctl restart nginx'). Which FIXED URL'S LIKE: http://box/print, http://box.lan/print, http://192.168.0.x/print, http://{{ lan_ip }}/print and http://10.8.0.x/print (WITH OR WITHOUT THE TRAILING SLASH!) RECAP: (1) So be it that these 2 URL'S STILL DON'T WORK: http://box:631, http://box.lan:631 (due to CUPS' internal web server's overly stringent hostname checks, i.e. '400 Bad Request' and 'Request from \"localhost\" using invalid Host: field \"box[.lan]:631\".' in /var/log/cups/error_log) -- (2) While these 2 URL'S STILL DO WORK: http://localhost:631, http://127.0.0.1:631 -- (3) Whereas these 3 URL'S MAY WORK, DEPENDING ON 'cupsctl' COMMAND(S) ABOVE: http://192.168.0.x:631, http://{{ lan_ip }}:631, http://10.8.0.x:631" # lineinfile: # path: /etc/cups/cupsd.conf # line: "{{ item }}" @@ -105,7 +105,7 @@ # - "HostNameLookups On" # More False Leads: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530027 # - "ServerAlias *" # - "#ServerName {{ iiab_hostname }}.{{ iiab_domain }}" # box.lan -# - "#Listen {{ lan_ip }}:631" # 172.18.96.1 +# - "#Listen {{ lan_ip }}:631" # e.g. 10.10.10.10 # - "#Listen 127.0.0.1:631" # - "#Listen 0.0.0.0:631" # - "#Listen *:631" diff --git a/roles/cups/templates/cups.conf.j2 b/roles/cups/templates/cups.conf.j2 index abec5152d..3d4f4f53f 100644 --- a/roles/cups/templates/cups.conf.j2 +++ b/roles/cups/templates/cups.conf.j2 @@ -21,7 +21,7 @@ location ~ ^/print(|/.*)$ { # '~' -> '~*' for case-insensitive regex return 301 http://localhost:631; } - return 301 http://$host:631; # For 192.168.0.x, 172.18.96.1, 10.8.0.y ETC + return 301 http://$host:631; # For 192.168.0.x, 10.10.10.10, 172.18.96.1, 10.8.0.y ETC } diff --git a/roles/firmware/tasks/download.yml b/roles/firmware/tasks/download.yml index 6b5f83f8b..949ad3583 100644 --- a/roles/firmware/tasks/download.yml +++ b/roles/firmware/tasks/download.yml @@ -9,19 +9,19 @@ - brcmfmac43455-sdio.clm_blob ignore_errors: yes -- name: Download higher-capacity firmware (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) +- name: Download higher-capacity firmwares (for RPi internal WiFi, per https://github.com/iiab/iiab/issues/823#issuecomment-662285202 and https://github.com/iiab/iiab/issues/2853) get_url: - url: "{{ item }}" + url: "{{ iiab_download_url }}/{{ item }}" dest: /lib/firmware/brcm/ timeout: "{{ download_timeout }}" with_items: - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 - - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob - - http://d.iiab.io/packages/brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - http://d.iiab.io/packages/brcmfmac43455-sdio.clm_blob_2018-02-26_rpi - - http://d.iiab.io/packages/brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 - - http://d.iiab.io/packages/brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 + - brcmfmac43455-sdio.bin_2021-11-30_minimal # 19 -- from https://github.com/RPi-Distro/firmware-nonfree/blob/feeeda21e930c2e182484e8e1269b61cca2a8451/debian/config/brcm80211/cypress/cyfmac43455-sdio-minimal.bin + - brcmfmac43455-sdio.bin_2021-10-05_3rd-trial-minimal # 24 -- from https://github.com/iiab/iiab/issues/2853#issuecomment-934293015 + - brcmfmac43455-sdio.clm_blob_2021-11-17_rpi # Works w/ both above -- from https://github.com/RPi-Distro/firmware-nonfree/blob/dc406650e840705957f8403efeacf71d2d7543b3/debian/config/brcm80211/cypress/cyfmac43455-sdio.clm_blob + - brcmfmac43455-sdio.bin_2015-03-01_7.45.18.0_ub19.10.1 # 32 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - brcmfmac43455-sdio.clm_blob_2018-02-26_rpi + - brcmfmac43430-sdio.bin_2018-09-11_7.45.98.65 # 30 -- from https://github.com/iiab/iiab/issues/823#issuecomment-662285202 + - brcmfmac43430-sdio.clm_blob_2018-09-11_7.45.98.65 # RECORD firmware AS DOWNLOADED diff --git a/roles/firmware/tasks/main.yml b/roles/firmware/tasks/main.yml index edbd27da2..3e33890ba 100644 --- a/roles/firmware/tasks/main.yml +++ b/roles/firmware/tasks/main.yml @@ -18,7 +18,7 @@ - name: Install firmware (for RPi internal WiFi) include_tasks: install.yml - #when: firmware_installed is undefined + when: firmware_installed is undefined # Two variables are placed in /etc/iiab/iiab_state.yml: # diff --git a/roles/firmware/templates/iiab-check-firmware b/roles/firmware/templates/iiab-check-firmware index 9e66b6462..b26810440 100644 --- a/roles/firmware/templates/iiab-check-firmware +++ b/roles/firmware/templates/iiab-check-firmware @@ -44,10 +44,11 @@ else echo -e "settings in /etc/iiab/local_vars.yml, please then run:" echo echo -e " cd /opt/iiab/iiab" - echo -e " sudo iiab-hotspot-off # Sometimes nec, eg to restore 'wifi_up_down: True'" - echo -e " sudo ./iiab-network # Or, 'sudo ./runrole firmware' is SOMETIMES enough" - echo -e " sudo iiab-hotspot-on # Sometimes nec, eg to restore 'wifi_up_down: True'" - echo -e " sudo poweroff\n" + echo -e " sudo iiab-hotspot-off # NO LONGER NEC? eg to restore 'wifi_up_down: True'" + echo -e " sudo ./runrole --reinstall firmware" + echo -e " sudo ./iiab-network # SOMETIMES NECESSARY" + echo -e " sudo iiab-hotspot-on # NO LONGER NEC? eg to restore 'wifi_up_down: True'" + echo -e " sudo reboot\n" #echo #echo -e "Disconnect your power cord before rebooting, for better WiFi firmware results.\n" fi diff --git a/roles/firmware/templates/iiab-firmware-warn.sh b/roles/firmware/templates/iiab-firmware-warn.sh index 03e98ba2e..dd2c34dba 100644 --- a/roles/firmware/templates/iiab-firmware-warn.sh +++ b/roles/firmware/templates/iiab-firmware-warn.sh @@ -3,7 +3,7 @@ if [ -f /tmp/.fw_modified ]; then echo -e "\n\e[41;1mWiFi Firmware link(s) modified, per iiab/iiab#2853: PLEASE REBOOT!\e[0m" echo - echo -e "If you want this warning to stop, run: sudo rm /tmp/.fw_modified\n" + echo -e "If you want this warning to stop, reboot to remove /tmp/.fw_modified\n" fi # \e[1m = bright white \e[100;1m = bright white, on gray \n\e[41;1m = bright white, on red diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index d438312de..9fb97153a 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,7 +9,7 @@ # Info needed to install Gitea: -gitea_version: 1.16 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. +gitea_version: 1.17 # 2022-01-30: Grabs latest point release from this branch. Rather than hardcoding (e.g. 1.14.5) every few weeks. iset_suffixes: i386: 386 x86_64: amd64 diff --git a/roles/gitea/tasks/nginx.yml b/roles/gitea/tasks/enable-or-disable.yml similarity index 62% rename from roles/gitea/tasks/nginx.yml rename to roles/gitea/tasks/enable-or-disable.yml index 2014a0d03..3401c3fdd 100644 --- a/roles/gitea/tasks/nginx.yml +++ b/roles/gitea/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Restart 'gitea' systemd service, if gitea_enabled + systemd: + name: gitea + daemon_reload: yes + enabled: yes + state: restarted + when: gitea_enabled + +- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled + systemd: + name: gitea + enabled: no + state: stopped + when: not gitea_enabled + + - name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_conf_dir }}/gitea-nginx.conf from template template: src: gitea-nginx.conf.j2 diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 820e44868..7e064548f 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -43,7 +43,7 @@ msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\"" when: gitea_iset_suffix == "unknown" -- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~103 MB) +- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~100 MB, SLOW DOWNLOAD CAN TAKE ~15 MIN) get_url: url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" # e.g. /library/gitea/bin/gitea-1.16 diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 578c1e590..4fbd7359e 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -19,46 +19,37 @@ quiet: yes -- name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: gitea_installed is undefined +- block: + - name: Install Gitea {{ gitea_version }} if 'gitea_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: gitea_installed is undefined -- name: Enable & Restart 'gitea' systemd service, if gitea_enabled - systemd: - name: gitea - daemon_reload: yes - enabled: yes - state: restarted - when: gitea_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'gitea' systemd service, if not gitea_enabled - systemd: - name: gitea - enabled: no - state: stopped - when: not gitea_enabled + - name: Add 'gitea' to list of services at {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: gitea + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Gitea + - option: description + value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' + - option: gitea_install + value: "{{ gitea_install }}" + - option: gitea_enabled + value: "{{ gitea_enabled }}" + - option: gitea_run_directory + value: "{{ gitea_run_directory }}" + - option: gitea_url + value: "{{ gitea_url }}" -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + rescue: - -- name: Add 'gitea' to list of services at {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: gitea - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Gitea - - option: description - value: '"Gitea is like GitHub for more offline communities: Git with a cup of tea"' - - option: gitea_install - value: "{{ gitea_install }}" - - option: gitea_enabled - value: "{{ gitea_enabled }}" - - option: gitea_run_directory - value: "{{ gitea_run_directory }}" - - option: gitea_url - value: "{{ gitea_url }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index 55def7bde..5017e4186 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -13,7 +13,7 @@ iiab-admin README ================= -`Internet-in-a-Box `_ (IIAB) encourages you to pay attention to the security of your learning community. +`Internet-in-a-Box `_ (IIAB) encourages you to pay attention to the security of your learning community. This Ansible playbook is one of the very first that runs when you install IIAB, and we hope reading this helps you understand your choices: @@ -21,11 +21,11 @@ Configure user 'iiab-admin' --------------------------- * `admin-user.yml `_ configures a Linux user that will give you access to IIAB's Admin Console (http://box.lan/admin) after IIAB is installed — and can also help you at the command-line with IIAB community support commands like {iiab-diagnostics, iiab-hotspot-on, iiab-check-firmware, etc}. - * If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (http://download.iiab.io) or by your underlying OS, that too will be taken care of here. + * If initial creation of the user and password was somehow not already taken care of by IIAB's 1-line installer (https://download.iiab.io) or by your underlying OS, that too will be taken care of here. * By default this user is ``iiab-admin`` with password ``g0adm1n`` * *Do change the default password if you haven't yet, by running:* **sudo passwd iiab-admin** * After IIAB is installed, you can also change the password by logging into Admin Console (http://box.lan/admin) > Utilities > Change Password. -* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB!) +* If you prefer to use a pre-existing user like ``pi`` or ``ubuntu`` (or any other username) customize the variable ``iiab_admin_user`` in your `/etc/iiab/local_vars.yml `_ (preferably do this prior to installing IIAB!) * You can set ``iiab_admin_can_sudo: False`` if you want a strict security lockdown (if you're really sure you won't need IIAB community support commands like `/usr/bin/iiab-diagnostics <../../scripts/iiab-diagnostics.README.md>`_, `/usr/bin/iiab-hotspot-on <../network/templates/network/iiab-hotspot-on>`_, `iiab-check-firmware <../firmware/templates/iiab-check-firmware>`_, etc!) * You can also set ``iiab_admin_user_install: False`` if you're sure you know how to do all this `account and sudo configuration `_ manually. @@ -36,14 +36,14 @@ Security #. ``iiab-admin`` (specified by ``admin_console_group`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_ and `/opt/iiab/iiab-admin-console/vars/default_vars.yml `_) #. ``sudo`` * Please read much more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md -* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: http://wiki.laptop.org/go/IIAB/Security +* If your IIAB includes OpenVPN, ``/root/.ssh/authorized_keys`` should be installed by `roles/openvpn/tasks/install.yml <../openvpn/tasks/install.yml>`_ to facilitate remote community support. Feel free to remove this as mentioned here: https://wiki.iiab.io/go/Security * Auto-checking for the default/published password (as specified by ``iiab_admin_published_pwd`` in `/opt/iiab/iiab/vars/default_vars.yml <../../vars/default_vars.yml>`_) is implemented in `/etc/profile.d `_ (and `/etc/xdg/lxsession/LXDE-pi `_ when it exists, i.e. on Raspberry Pi OS with desktop). Example ======= * If you later change your mind about ``sudo`` privileges for user 'iiab-admin' (as specified by ``iiab_admin_user``) then do this: - #. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml `_ + #. Go ahead and change the value of ``iiab_admin_can_sudo`` (to either True or False) in `/etc/iiab/local_vars.yml `_ #. Make sure that ``iiab_admin_user_install: True`` is also set. #. Then re-run this Ansible playbook, by running ``cd /opt/iiab/iiab`` followed by ``sudo ./runrole --reinstall iiab-admin`` diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index f2a048e33..09a408aa4 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -23,7 +23,7 @@ # (1) by the OS installer # (2) by the OS's graphical desktop tools # (3) at the command-line: sudo passwd iiab-admin -# (4) by IIAB's 1-line installer: http://download.iiab.io +# (4) by IIAB's 1-line installer: https://download.iiab.io # (5) by this role: roles/iiab-admin/tasks/admin-user.yml # (6) by IIAB's Admin Console during installation # ...and/or... diff --git a/roles/iiab-admin/tasks/pwd-warnings.yml b/roles/iiab-admin/tasks/pwd-warnings.yml index d1379b3fb..e63c8841b 100644 --- a/roles/iiab-admin/tasks/pwd-warnings.yml +++ b/roles/iiab-admin/tasks/pwd-warnings.yml @@ -1,3 +1,7 @@ +# 2022-07-22: SIMILAR TO roles/www_options/tasks/main.yml FOR browser +# AND roles/network/tasks/netwarn.yml FOR iiab-network + + - name: Install /etc/profile.d/sshpwd-profile-iiab.sh from template, to issue warnings (during shell/ssh logins) if iiab-admin password is the default template: src: sshpwd-profile-iiab.sh.j2 diff --git a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 index fe7e8ae1b..23d0816ec 100755 --- a/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 +++ b/roles/iiab-admin/templates/sshpwd-lxde-iiab.sh.j2 @@ -19,7 +19,7 @@ check_user_pwd() { # enough when user does not exist. Or uncomment to FORCE ERROR CODE 2. # Either way, overall bash script still returns exit code 0 ("success") - # sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RaspiOS ships w/ + # sudo works below (unlike in sshpwd-profile-iiab.sh) b/c RasPiOS ships w/ # /etc/sudoers.d/010_pi-nopasswd containing "pi ALL=(ALL) NOPASSWD: ALL" # (read access to /etc/shadow is otherwise restricted to just root and # group www-data i.e. Apache, NGINX get special access). SEE: #2431, #2561 diff --git a/roles/internetarchive/README.md b/roles/internetarchive/README.md index 49d8d3f0f..bd32849c3 100644 --- a/roles/internetarchive/README.md +++ b/roles/internetarchive/README.md @@ -8,7 +8,7 @@ Access to our library of millions of books, journals, audio and video recordings This Ansible role installs the Internet Archive's dweb-mirror project on Internet-in-a-Box (IIAB). Use this to build up a dynamic offline library -arising from the materials you can explore at http://dweb.archive.org +arising from the materials you can explore at https://dweb.archive.org The Offline Internet Archive server: @@ -248,7 +248,7 @@ and just checks the content is up to date. ## Managing collections on Internet Archive -You can create and manage your own collections on the [Internet Archive site](http://www.archive.org). +You can create and manage your own collections on the [Internet Archive site](https://www.archive.org). Other people can then crawl those collections. First get in touch with Mitra Ardron at `mitra@archive.org`, as processes may have changed since this is written. diff --git a/roles/internetarchive/tasks/nginx.yml b/roles/internetarchive/tasks/enable-or-disable.yml similarity index 62% rename from roles/internetarchive/tasks/nginx.yml rename to roles/internetarchive/tasks/enable-or-disable.yml index 0469e58c4..47cebe214 100644 --- a/roles/internetarchive/tasks/nginx.yml +++ b/roles/internetarchive/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled + systemd: + name: internetarchive + daemon_reload: yes + enabled: yes + state: restarted + when: internetarchive_enabled + +- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled + systemd: + name: internetarchive + enabled: no + state: stopped + when: not internetarchive_enabled + + - name: Enable http://box/archive via NGINX, by installing {{ nginx_conf_dir }}/internetarchive-nginx.conf from template template: src: internetarchive-nginx.conf.j2 # TO DO: roles/internetarchive/templates/internetarchive-nginx.conf.j2 diff --git a/roles/internetarchive/tasks/main.yml b/roles/internetarchive/tasks/main.yml index c878287a3..7e3a8a2dd 100644 --- a/roles/internetarchive/tasks/main.yml +++ b/roles/internetarchive/tasks/main.yml @@ -19,76 +19,60 @@ quiet: yes -# 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza -# "UPDATE internetarchive" block should run whenever one isn't installing -# (or reinstalling) internetarchive, for now. We're aware this means slowness -# during "./runrole internetarchive" but that's very intentional for now -- as -# it leads to more testing of more recent versions of internetarchive, which -# is strongly desired. Finally, these current norms can and probably will be -# changed in future, when broader IIAB norms develop around "./runrole -# --upgrade internetarchive" or "./runrole --update internetarchive" or such, -# as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178 +- block: -- block: # BEGIN 2-STANZA BLOCK + # 2020-02-11: @mitra42 & @holta agree (#2247) that the following 2-stanza + # "UPDATE internetarchive" portion should run whenever one isn't installing + # (or reinstalling) internetarchive, for now. We're aware this means slowness + # during "./runrole internetarchive" but that's very intentional for now -- as + # it leads to more testing of more recent versions of internetarchive, which + # is strongly desired. Finally, these current norms can and probably will be + # changed in future, when broader IIAB norms develop around "./runrole + # --upgrade internetarchive" or "./runrole --update internetarchive" or such, + # as may evolve @ https://github.com/iiab/iiab/pull/2238#discussion_r376168178 - name: "UPGRADE: Stop 'internetarchive' systemd service, if internetarchive_installed is defined" systemd: name: internetarchive daemon_reload: yes state: stopped + when: internetarchive_installed is defined - name: "UPGRADE: Run 'yarn upgrade' in {{ internetarchive_dir }}, if internetarchive_installed is defined" shell: yarn config set child-concurrency 1 && yarn install && yarn upgrade args: chdir: "{{ internetarchive_dir }}" + when: internetarchive_installed is defined - when: internetarchive_installed is defined # END 2-STANZA BLOCK + # "ELSE" INSTALL... -# "ELSE" INSTALL... - -- name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: internetarchive_installed is undefined + - name: Install Internet Archive if 'internetarchive_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: internetarchive_installed is undefined -# ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ? - -- name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled - systemd: - name: internetarchive - daemon_reload: yes - enabled: yes - state: restarted - when: internetarchive_enabled - -- name: Disable & Stop 'internetarchive' systemd service, if not internetarchive_enabled - systemd: - name: internetarchive - enabled: no - state: stopped - when: not internetarchive_enabled - -# - name: Enable/Disable/Restart Apache if primary -# include_tasks: apache.yml -# when: apache_installed is defined and not nginx_enabled - -- name: Enable/Disable/Restart NGINX if primary - include_tasks: nginx.yml - #when: nginx_enabled + - include_tasks: enable-or-disable.yml -- name: Add 'internetarchive' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: internetarchive - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Internet Archive - - option: description - value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"' - - option: internetarchive_install - value: "{{ internetarchive_install }}" - - option: internetarchive_enabled - value: "{{ internetarchive_enabled }}" + - name: Add 'internetarchive' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: internetarchive + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Internet Archive + - option: description + value: '"Take the Internet Archive experience and materials offline, in a decentralized way!"' + - option: internetarchive_install + value: "{{ internetarchive_install }}" + - option: internetarchive_enabled + value: "{{ internetarchive_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/jupyterhub/README.md b/roles/jupyterhub/README.md index be6fc5719..583466e04 100644 --- a/roles/jupyterhub/README.md +++ b/roles/jupyterhub/README.md @@ -74,4 +74,4 @@ _WARNING: If on login users see "500 : Internal Server Error", you may need to r While PAWS is a little bit off topic, if you have an interest in Wikipedia, please do see this 23m 42s video ["Intro to PAWS/Jupyter notebooks for Python beginners"](https://www.youtube.com/watch?v=AUZkioRI-aA&list=PLeoTcBlDanyNQXBqI1rVXUqUTSSiuSIXN&index=8) by Chico Venancio, from 2021-06-01. -He explains PAWS as a "powerful Python execution environment http://paws.wmcloud.org [allowing] ordinary folks to write interactive scripts to work with Wikimedia content." +He explains PAWS as a "powerful Python execution environment https://paws.wmcloud.org = https://wikitech.wikimedia.org/wiki/PAWS [allowing] ordinary folks to write interactive scripts to work with Wikimedia content." diff --git a/roles/jupyterhub/tasks/install.yml b/roles/jupyterhub/tasks/install.yml index 38f98b370..8ef7ce7d9 100644 --- a/roles/jupyterhub/tasks/install.yml +++ b/roles/jupyterhub/tasks/install.yml @@ -33,21 +33,33 @@ global: yes state: latest -- name: "pip install 7 packages into virtual environment: {{ jupyterhub_venv }} (~229 MB)" +- name: "pip install 3 packages into virtual environment: {{ jupyterhub_venv }} (~304 MB total, after 2 Ansible calls)" pip: name: - pip - wheel - - ipywidgets - jupyterhub + virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub + virtualenv_site_packages: no + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RasPiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below + #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) + extra_args: "--no-cache-dir" # 2021-11-30, 2022-07-07: The "--pre" flag had earlier been needed, for beta-like pre-releases of JupyterHub 2.0.0 + +# 2022-07-07: Attempting to "pip install" all 7 together (3 above + 4 below) +# fails on OS's like 64-bit RasPiOS (but interestingly works on Ubuntu 22.04!) +# https://github.com/iiab/iiab/issues/3283 + +- name: Break up jupyterhub/jupyterlab pip installs into 2 parts (3 packages above + 4 packages here) due to mutual dependency deadlock on some OS's + pip: + name: - jupyterlab - jupyterhub_firstuseauthenticator - jupyterhub-systemdspawner - virtualenv: "{{ jupyterhub_venv }}" # /opt/iiab/jupyterhub + - ipywidgets + virtualenv: "{{ jupyterhub_venv }}" virtualenv_site_packages: no - virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" # 2021-07-29: This works on RaspiOS 10, Debian 11, Ubuntu 20.04 and Mint 20 -- however if you absolutely must use the older Debian 10 -- you can work around errors "can't find Rust compiler" and "This package requires Rust >=1.41.0" if you (1) revert this line to 'virtualenv_command: virtualenv' AND (2) uncomment the line just below - #virtualenv_python: python3 # 2021-07-29: Was needed when above line was 'virtualenv_command: virtualenv' (generally for Python 2) - extra_args: "--no-cache-dir --pre" # 2021-11-30: The "--pre" flag should likely be removed after JupyterHub 2.0.0 is released. + virtualenv_command: python3 -m venv "{{ jupyterhub_venv }}" + extra_args: "--no-cache-dir" - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py" template: @@ -59,20 +71,21 @@ src: jupyterhub.service.j2 dest: /etc/systemd/system/jupyterhub.service -- name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages - template: - src: getsite.py.j2 - dest: "{{ jupyterhub_venv }}/bin/getsite.py" - mode: 0755 - -- name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py - template: - src: patch_FUA.sh.j2 - dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" - mode: 0755 - -- name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh" - command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" +# 2022-07-07: No longer needed, thx to upstream fixes +# - name: Install {{ jupyterhub_venv }}/bin/getsite.py from template, to fetch site_packages path, e.g. {{ jupyterhub_venv }}/lib/python{{ python_ver }}/site-packages +# template: +# src: getsite.py.j2 +# dest: "{{ jupyterhub_venv }}/bin/getsite.py" +# mode: 0755 +# +# - name: Install patch_FUA.sh from template -- to (1) fix async password-changing page, and (2) force usernames to lowercase -- patching $SITE_PACKAGES/firstuseauthenticator/firstuseauthenticator.py +# template: +# src: patch_FUA.sh.j2 +# dest: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" +# mode: 0755 +# +# - name: "Run the above two, via: {{ jupyterhub_venv }}/bin/patch_FUA.sh" +# command: "{{ jupyterhub_venv }}/bin/patch_FUA.sh" - name: Install patch_http-warning.sh from template, to turn off the warning about http insecurity, in {{ jupyterhub_venv }}/share/jupyterhub/templates/login.html template: diff --git a/roles/jupyterhub/tasks/main.yml b/roles/jupyterhub/tasks/main.yml index 01acf8154..9f2d31d13 100644 --- a/roles/jupyterhub/tasks/main.yml +++ b/roles/jupyterhub/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: jupyterhub_installed is undefined +- block: + - name: Install Jupyter if jupyterhub_installed not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: jupyterhub_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'jupyterhub' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: jupyterhub + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: JupyterHub + - option: description + value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."' + - option: jupyterhub_install + value: "{{ jupyterhub_install }}" + - option: jupyterhub_enabled + value: "{{ jupyterhub_enabled }}" -- name: Add 'jupyterhub' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: jupyterhub - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: JupyterHub - - option: description - value: '"High Schools may want to consider JupyterHub to integrate coding with dynamic interactive graphing — A New Way to Think About Programming — allowing students to integrate science experiment results and program output within their notebook/document/blog."' - - option: jupyterhub_install - value: "{{ jupyterhub_install }}" - - option: jupyterhub_enabled - value: "{{ jupyterhub_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/jupyterhub/templates/getsite.py.j2 b/roles/jupyterhub/templates/getsite.py.j2.unused similarity index 100% rename from roles/jupyterhub/templates/getsite.py.j2 rename to roles/jupyterhub/templates/getsite.py.j2.unused diff --git a/roles/jupyterhub/templates/patch_FUA.sh.j2 b/roles/jupyterhub/templates/patch_FUA.sh.j2.unused similarity index 100% rename from roles/jupyterhub/templates/patch_FUA.sh.j2 rename to roles/jupyterhub/templates/patch_FUA.sh.j2.unused diff --git a/roles/kalite/tasks/enable-or-disable.yml b/roles/kalite/tasks/enable-or-disable.yml new file mode 100644 index 000000000..fca843870 --- /dev/null +++ b/roles/kalite/tasks/enable-or-disable.yml @@ -0,0 +1,14 @@ +- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled + systemd: + daemon_reload: yes + name: kalite-serve + enabled: yes + state: restarted + when: kalite_enabled + +- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled + systemd: + name: kalite-serve + enabled: no + state: stopped + when: not kalite_enabled diff --git a/roles/kalite/tasks/install.yml b/roles/kalite/tasks/install.yml index c53230138..2d12f9d17 100644 --- a/roles/kalite/tasks/install.yml +++ b/roles/kalite/tasks/install.yml @@ -65,7 +65,7 @@ replace: 'a-zA-Z0-9\-' when: not (is_debian_9 or is_debian_10 or is_ubuntu_16 or is_ubuntu_17 or is_ubuntu_18 or is_ubuntu_19) # 2020-03-31: Testing for {is_raspbian_9, is_raspbian_10} is not currently nec, as testing for {is_debian_9, is_debian_10} covers that already. - # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RaspiOS 11+ too? + # JV: why not just is_ubuntu_20? AH: to make this work on Ubuntu 21+ and ideally Debian/RasPiOS 11+ too? - name: Fix KA Lite bug in regex parsing ifconfig output (ifcfg/parser.py) for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20 replace: diff --git a/roles/kalite/tasks/main.yml b/roles/kalite/tasks/main.yml index 35bea770c..3786a9c38 100644 --- a/roles/kalite/tasks/main.yml +++ b/roles/kalite/tasks/main.yml @@ -19,43 +19,37 @@ quiet: yes -- name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kalite_installed is undefined +- block: + - name: Install KA Lite if 'kalite_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kalite_installed is undefined -- name: Enable & (Re)Start 'kalite-serve' service, if kalite_enabled - systemd: - daemon_reload: yes - name: kalite-serve - enabled: yes - state: restarted - when: kalite_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'kalite-serve' service, if not kalite_enabled - systemd: - name: kalite-serve - enabled: no - state: stopped - when: not kalite_enabled + - name: Add 'kalite' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kalite + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: "KA Lite" + - option: description + value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' + - option: kalite_install + value: "{{ kalite_install }}" + - option: kalite_enabled + value: "{{ kalite_enabled }}" + - option: path + value: "{{ kalite_root }}" + - option: port + value: "{{ kalite_server_port }}" + rescue: -- name: Add 'kalite' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: kalite - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: "KA Lite" - - option: description - value: '"KA Lite downloads Khan Academy videos for offline use, with exercises and accounts if students want to track their own progress."' - - option: kalite_install - value: "{{ kalite_install }}" - - option: kalite_enabled - value: "{{ kalite_enabled }}" - - option: path - value: "{{ kalite_root }}" - - option: port - value: "{{ kalite_server_port }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kiwix/README.rst b/roles/kiwix/README.rst index 0a6aa1741..e635be2de 100644 --- a/roles/kiwix/README.rst +++ b/roles/kiwix/README.rst @@ -3,21 +3,21 @@ Kiwix README ============ Kiwix develops ZIM file creation & rendering tools for offline action, -as summarized at: http://wiki.kiwix.org/wiki/Software +as summarized at: https://wiki.kiwix.org/wiki/Software -Internet-in-a-Box uses the kiwix-serve and kiwix-manage executables (in -/opt/iiab/kiwix/bin) to set up and render ZIM files such as Wikipedia, and -other educational materials: http://download.kiwix.org/zim/ +Internet-in-a-Box uses `kiwix-tools `_ executables like kiwix-manage, kiwix-serve and kiwix-search (in +``/opt/iiab/kiwix/bin``) to set up and render ZIM files (such as Wikipedia, and +other educational materials) typically from https://download.kiwix.org/zim/ Locations --------- -- Your ZIM files go in /library/zims/content -- Your ZIM index files go in directories under /library/zims/index (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) +- Your ZIM files go in ``/library/zims/content`` +- Your ZIM index files used to go in directories under ``/library/zims/index`` (these index files are increasingly no longer necessary, as most ZIM files produced since 2017 contain an internal search index instead!) - The URL is http://box/kiwix or http://box.lan/kiwix (both proxied for AWStats) -- Use URL http://box:3000/kiwix/ if you want to avoid the proxy +- Use URL http://box:3000/kiwix if you want to avoid the proxy -Your local ZIM catalog (at /library/zims/library.xml) can be regenerated by running: -/usr/bin/iiab-make-kiwix-lib +Your ``/library/zims/library.xml`` (containing essential metadata for the ZIM files you've installed) can be regenerated if necessary, by running: +``/usr/bin/iiab-make-kiwix-lib`` -See "How do I add ZIM files, like Wikipedia?" at http://FAQ.IIAB.IO +See also "How do I add ZIM files, like Wikipedia?" at http://FAQ.IIAB.IO diff --git a/roles/kiwix/defaults/main.yml b/roles/kiwix/defaults/main.yml index 074e593dc..332eb6289 100644 --- a/roles/kiwix/defaults/main.yml +++ b/roles/kiwix/defaults/main.yml @@ -22,13 +22,13 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml" # 3 lines below specify which version(s) of kiwix-tools to download from... -# http://download.iiab.io/packages/ ...as originally obtained from... -# http://download.kiwix.org/release/kiwix-tools/ ...or sometimes... -# http://download.kiwix.org/nightly/ +# https://download.iiab.io/packages/ ...as originally obtained from... +# https://download.kiwix.org/release/kiwix-tools/ ...or sometimes... +# https://download.kiwix.org/nightly/ -kiwix_version_armhf: kiwix-tools_linux-armhf-3.2.0-3 -kiwix_version_linux64: kiwix-tools_linux-x86_64-3.2.0-3 -kiwix_version_i686: kiwix-tools_linux-i586-3.2.0-3 +kiwix_version_armhf: kiwix-tools_linux-armhf-3.3.0-1 +kiwix_version_linux64: kiwix-tools_linux-x86_64-3.3.0-1 +kiwix_version_i686: kiwix-tools_linux-i586-3.3.0-1 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2" # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content") diff --git a/roles/kiwix/tasks/install.yml b/roles/kiwix/tasks/install.yml index 52647ffe9..3a6c6dcba 100644 --- a/roles/kiwix/tasks/install.yml +++ b/roles/kiwix/tasks/install.yml @@ -34,7 +34,7 @@ - name: Download {{ iiab_download_url }}/{{ kiwix_src_file }} to /opt/iiab/downloads get_url: - url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # http://download.iiab.io/packages + url: "{{ iiab_download_url }}/{{ kiwix_src_file }}" # https://download.iiab.io/packages dest: "{{ downloads_dir }}/{{ kiwix_src_file }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" diff --git a/roles/kiwix/tasks/kiwix-apk.yml b/roles/kiwix/tasks/kiwix-apk.yml index 667a45fa8..fa03667f3 100644 --- a/roles/kiwix/tasks/kiwix-apk.yml +++ b/roles/kiwix/tasks/kiwix-apk.yml @@ -6,12 +6,12 @@ - name: Download kiwix.apk to {{ doc_root }}{{ kiwix_apk_url }} get_url: - url: "{{ kiwix_apk_src }}" # https://download.kiwix.org/release/kiwix-android/kiwix.apk + url: "{{ kiwix_apk_src }}" # e.g. https://download.kiwix.org/release/kiwix-android/kiwix.apk formerly kiwix-3.5.0.apk dest: "{{ doc_root }}{{ kiwix_apk_url }}" timeout: "{{ download_timeout }}" - name: Symlink {{ doc_root }}{{ kiwix_apk_url }}/zims -> {{ iiab_zim_path }}/content file: src: "{{ iiab_zim_path }}/content" # /library/zims/content - path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/softare/kiwix/zims + path: "{{ doc_root }}{{ kiwix_apk_url }}/zims" # /library/www/html/software/kiwix/zims state: link diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml index 045707f37..ab5064fba 100644 --- a/roles/kiwix/tasks/main.yml +++ b/roles/kiwix/tasks/main.yml @@ -19,38 +19,45 @@ quiet: yes -- name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kiwix_installed is undefined +- block: + - name: Install Kiwix if 'kiwix_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kiwix_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'kiwix' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" + section: kiwix + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Kiwix + - option: description + value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' + - option: kiwix_install + value: "{{ kiwix_install }}" + - option: kiwix_enabled + value: "{{ kiwix_enabled }}" + - option: kiwix_url + value: "{{ kiwix_url }}" + - option: kiwix_url_plus_slash + value: "{{ kiwix_url_plus_slash }}" + - option: kiwix_path + value: "{{ kiwix_path }}" + - option: kiwix_port + value: "{{ kiwix_port }}" + - option: iiab_zim_path + value: "{{ iiab_zim_path }}" + - option: kiwix_library_xml + value: "{{ kiwix_library_xml }}" -- name: Add 'kiwix' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: kiwix - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Kiwix - - option: description - value: '"Part of https://github.com/kiwix/kiwix-tools/ -- kiwix-serve is the most used web server for ZIM files."' - - option: kiwix_install - value: "{{ kiwix_install }}" - - option: kiwix_enabled - value: "{{ kiwix_enabled }}" - - option: kiwix_url - value: "{{ kiwix_url }}" - - option: kiwix_url_plus_slash - value: "{{ kiwix_url_plus_slash }}" - - option: kiwix_path - value: "{{ kiwix_path }}" - - option: kiwix_port - value: "{{ kiwix_port }}" - - option: iiab_zim_path - value: "{{ iiab_zim_path }}" - - option: kiwix_library_xml - value: "{{ kiwix_library_xml }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kiwix/templates/iiab-make-kiwix-lib b/roles/kiwix/templates/iiab-make-kiwix-lib index 083b87116..e69271949 100644 --- a/roles/kiwix/templates/iiab-make-kiwix-lib +++ b/roles/kiwix/templates/iiab-make-kiwix-lib @@ -19,10 +19,16 @@ if flock -n -e 200; then : # write to {{ kiwix_library_xml }}.tmp to minimize kiwix down # zim map could be out of sync for a few seconds # using new version that does deltas - cp $KIWIXLIB $KIWIXLIB.tmp - /usr/bin/iiab-make-kiwix-lib.py + if [ -f $KIWIXLIB ]; then + cp $KIWIXLIB $KIWIXLIB.tmp + /usr/bin/iiab-make-kiwix-lib.py + else + /usr/bin/iiab-make-kiwix-lib.py -f # force rebuild of library.xml + fi {{ systemctl_program }} stop kiwix-serve - rm $KIWIXLIB + if [ -f $KIWIXLIB ]; then + rm $KIWIXLIB + fi mv $KIWIXLIB.tmp $KIWIXLIB {{ systemctl_program }} start kiwix-serve else diff --git a/roles/kolibri/defaults/main.yml b/roles/kolibri/defaults/main.yml index 0354eb1c4..43f412f79 100644 --- a/roles/kolibri/defaults/main.yml +++ b/roles/kolibri/defaults/main.yml @@ -16,7 +16,8 @@ # https://github.com/iiab/iiab/issues/1675 # https://github.com/learningequality/kolibri/issues/5664 -kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest +# 2022-07-30: UNCOMMENT THE FOLLOWING LINE TO TEST A PARTICULAR .deb INSTALL +# kolibri_deb_url: https://learningequality.org/r/kolibri-deb-latest # 2019-11-21 issue #2045 - above URL had redirected to this broken Kolibri 0.12.9 release: # https://storage.googleapis.com/le-releases/downloads/kolibri/v0.12.9/kolibri_0.12.9-0ubuntu1_all.deb # diff --git a/roles/kolibri/tasks/nginx.yml b/roles/kolibri/tasks/enable-or-disable.yml similarity index 64% rename from roles/kolibri/tasks/nginx.yml rename to roles/kolibri/tasks/enable-or-disable.yml index 379339b68..8204b3aee 100644 --- a/roles/kolibri/tasks/nginx.yml +++ b/roles/kolibri/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled + systemd: + name: kolibri + daemon_reload: yes + enabled: yes + state: started + when: kolibri_enabled + +- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled + systemd: + name: kolibri + enabled: no + state: stopped + when: not kolibri_enabled + + - name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_conf_dir }}/kolibri-nginx.conf from template # http://box/kolibri template: src: kolibri-nginx.conf.j2 diff --git a/roles/kolibri/tasks/install.yml b/roles/kolibri/tasks/install.yml index 77ec7692e..84e742c7b 100644 --- a/roles/kolibri/tasks/install.yml +++ b/roles/kolibri/tasks/install.yml @@ -35,8 +35,57 @@ apt: deb: "{{ kolibri_deb_url }}" # https://learningequality.org/r/kolibri-deb-latest environment: - KOLIBRI_HOME: "{{ kolibri_home }}" # these don't do a thing for now but + KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later + when: kolibri_deb_url is defined + +- block: # ELSE... + + # https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html says: + # "When you use the PPA installation method, upgrades to newer versions + # will be automatic, provided there is internet access available." + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' (if is_ubuntu and not is_linuxmint) + apt_repository: + repo: ppa:learningequality/kolibri + when: is_ubuntu and not is_linuxmint + + # 2022-08-19: 'add-apt-repository ppa:learningequality/kolibri' works at CLI on + # Mint 21 (creating /etc/apt/sources.list.d/learningequality-kolibri-jammy.list) + # BUT equivalent Ansible command (STANZA ABOVE) failed with error... + # "Failed to update apt cache: E:The repository 'http://ppa.launchpad.net/learningequality/kolibri/ubuntu vanessa Release' does not have a Release file." + # ...so for now we special case Mint, similar to Debian (BOTH STANZAS BELOW!) + + # 2022-08-19: https://github.com/learningequality/kolibri/issues/9647 also asks + # about the warning below, arising no matter if codename is 'focal' or 'jammy' + # with Kolibri 0.15.6 on Mint 21 -- if you run '/usr/bin/kolibri --version': + # + # /usr/lib/python3/dist-packages/pkg_resources/__init__.py:116: PkgResourcesDeprecationWarning: 0.1.43ubuntu1 is an invalid version and will not be supported in a future release + # warnings.warn( + + # 2022-08-19: 'apt-key list' & 'apt-key del 3194 DD81' are useful if you also + # want to clear out Kolibri's key from the DEPRECATED /etc/apt/trusted.gpg + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'jammy' (if is_linuxmint_21) + apt_repository: + repo: ppa:learningequality/kolibri + codename: jammy # CONSOLIDATE THIS STANZA WITH UBUNTU ABOVE IN FUTURE? + when: is_linuxmint_21 + + - name: Add Kolibri PPA repo 'ppa:learningequality/kolibri' with codename 'focal' (if is_debian or is_linuxmint_20) + apt_repository: + repo: ppa:learningequality/kolibri + codename: focal # UPDATE THIS TO 'jammy' AFTER "RasPiOS Bookworm" (based on Debian 12) IS RELEASED! (ETA Q3 2023) + when: is_debian or is_linuxmint_20 + + - name: apt install kolibri (populates {{ kolibri_home }}, migrates database) # i.e. /library/kolibri + apt: + name: kolibri + environment: + KOLIBRI_HOME: "{{ kolibri_home }}" # These don't do a thing for now but + KOLIBRI_USER: "{{ kolibri_user }}" # both can't hurt & Might Help Later + + when: kolibri_deb_url is undefined - name: 'Install from template: /etc/systemd/system/kolibri.service' template: @@ -52,20 +101,20 @@ # 2019-10-01: Should no longer be nec, thanks to /etc/kolibri/daemon.conf # containing KOLIBRI_HOME="/library/kolibri" (above) -#- name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri -# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate -# ignore_errors: yes -# become: yes -# become_user: "{{ kolibri_user }}" -# when: kolibri_provision +# - name: Run Kolibri migrations to begin populating {{ kolibri_home }} # i.e. /library/kolibri +# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" manage migrate +# ignore_errors: yes +# become: yes +# become_user: "{{ kolibri_user }}" +# when: kolibri_provision # 2020-01-05: Deprecated per https://github.com/iiab/iiab/issues/2103 -#- name: Set Kolibri default language ({{ kolibri_language }}) -# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" -# ignore_errors: yes -# become: yes -# become_user: "{{ kolibri_user }}" -# when: kolibri_provision +# - name: Set Kolibri default language ({{ kolibri_language }}) +# shell: export KOLIBRI_HOME="{{ kolibri_home }}" && "{{ kolibri_exec_path }}" language setdefault "{{ kolibri_language }}" +# ignore_errors: yes +# become: yes +# become_user: "{{ kolibri_user }}" +# when: kolibri_provision - name: 'Provision Kolibri, while setting: facility name, admin acnt / password, preset type, and language' shell: > @@ -91,9 +140,9 @@ # 2019-10-07: Moved to roles/httpd/tasks/main.yml # 2019-09-29: roles/kiwix/tasks/kiwix_install.yml installs 4 Apache modules # for similar purposes (not all nec?) Only 1 (proxy_http) is needed here. -#- name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri -# apache2_module: -# name: proxy_http +# - name: Enable Apache module proxy_http for http://box{{ kolibri_url }} # i.e. http://box/kolibri +# apache2_module: +# name: proxy_http # RECORD Kolibri AS INSTALLED diff --git a/roles/kolibri/tasks/main.yml b/roles/kolibri/tasks/main.yml index aebecece9..1af098232 100644 --- a/roles/kolibri/tasks/main.yml +++ b/roles/kolibri/tasks/main.yml @@ -19,53 +19,46 @@ quiet: yes -#- name: "Set 'kolibri_provision: False' for a more lightweight (re)install" -# set_fact: -# kolibri_provision: False -# when: ??? +- block: -- name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: kolibri_installed is undefined + #- name: "Set 'kolibri_provision: False' for a more lightweight (re)install" + # set_fact: + # kolibri_provision: False + # when: ??? + + - name: Install Kolibri, if 'kolibri_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: kolibri_installed is undefined -- name: Enable & Start 'kolibri' systemd service, if kolibri_enabled - systemd: - name: kolibri - daemon_reload: yes - enabled: yes - state: started - when: kolibri_enabled - -- name: Disable & Stop 'kolibri' systemd service, if not kolibri_enabled - systemd: - name: kolibri - enabled: no - state: stopped - when: not kolibri_enabled - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - include_tasks: enable-or-disable.yml -- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: kolibri - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Kolibri - - option: description - value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' - - option: kolibri_install - value: "{{ kolibri_install }}" - - option: kolibri_enabled - value: "{{ kolibri_enabled }}" - - option: kolibri_url - value: "{{ kolibri_url }}" - - option: kolibri_path - value: "{{ kolibri_exec_path }}" - - option: kolibri_port - value: "{{ kolibri_http_port }}" + - name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: kolibri + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Kolibri + - option: description + value: '"Kolibri is an open-source educational platform specially designed to provide offline access to a wide range of quality, openly licensed educational contents in low-resource contexts like rural schools, refugee camps, orphanages, and also in non-formal school programs."' + - option: kolibri_install + value: "{{ kolibri_install }}" + - option: kolibri_enabled + value: "{{ kolibri_enabled }}" + - option: kolibri_url + value: "{{ kolibri_url }}" + - option: kolibri_path + value: "{{ kolibri_exec_path }}" + - option: kolibri_port + value: "{{ kolibri_http_port }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/kolibri/templates/kolibri.service.j2 b/roles/kolibri/templates/kolibri.service.j2 index a886aa73e..21d7631b9 100644 --- a/roles/kolibri/templates/kolibri.service.j2 +++ b/roles/kolibri/templates/kolibri.service.j2 @@ -10,7 +10,7 @@ Environment=KOLIBRI_HTTP_PORT={{ kolibri_http_port }} Environment=KOLIBRI_URL_PATH_PREFIX={{ kolibri_url_without_slash }} User={{ kolibri_user }} Group={{ apache_user }} -# 2020-10-03: Kolibri was timing out on RaspiOS & Ubuntu 20 NUC: iiab/iiab#2555 +# 2020-10-03: Kolibri was timing out on RasPiOS & Ubuntu 20 NUC: iiab/iiab#2555 TimeoutStartSec=1200 # The following is the systemd default, which is too much for most teachers in # low-electricity environments (30-60 sec is about all they can handle before diff --git a/roles/lokole/README.rst b/roles/lokole/README.rst index 95da4397c..53add2239 100644 --- a/roles/lokole/README.rst +++ b/roles/lokole/README.rst @@ -17,9 +17,9 @@ For an up-to-date list of supported languages, refer to the `Lokole translations Using It -------- -If your IIAB was `installed `_ with the Lokole web app[*] it can be accessed at http://box/lokole +If your IIAB was `installed `_ with the Lokole web app[*] it can be accessed at http://box/lokole -[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml `_ contains ``lokole_install: True`` and ``lokole_enabled: True`` +[*] If you're not sure, verify that your IIAB's `/etc/iiab/local_vars.yml `_ contains ``lokole_install: True`` and ``lokole_enabled: True`` By default in an offline community, ``lokole_sim_type: LocalOnly`` is set (e.g. instead of ``lokole_sim_type: Ethernet``) and email addresses will look like: @@ -85,7 +85,7 @@ The Lokole software can be configured to access the Internet via USB modem, SIM If configured to work with a USB modem or other form of Internet connection, Lokole will sync with the cloud server (operated by `Ascoderu `_) on a nightly basis to deliver and receive emails globally. *However, arranging this is extremely complicated.* You would need a compatible form of connection and an Internet expert familiar with modem protocols, MX records, etc. Ask that person to read the `Lokole software README `_ in its entirety, to help you understand whether this is realistic for your organization. -Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us `_ if you have the capacity to help make such a social enterprise happen. +Lokole and Internet-in-a-Box would welcome a business plan (whether volunteer-based, grant-based or for-profit) from someone willing to operationalize this — making it relatively hassle-free for schools, clinics, libraries and orphanages around the world — that generally do not have access to technical experts. Please `contact us `_ if you have the capacity to help make such a social enterprise happen. Troubleshooting --------------- diff --git a/roles/lokole/tasks/main.yml b/roles/lokole/tasks/main.yml index 75cc0cc53..45d47d129 100644 --- a/roles/lokole/tasks/main.yml +++ b/roles/lokole/tasks/main.yml @@ -19,53 +19,62 @@ quiet: yes -- name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: lokole_installed is undefined +- block: + + - name: Install Lokole if lokole_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: lokole_installed is undefined -- name: Do a 'systemctl daemon-reload' - systemd: - daemon_reload: yes - when: lokole_enabled + - name: Do a 'systemctl daemon-reload' + systemd: + daemon_reload: yes + when: lokole_enabled -- name: Enable & Restart supervisor systemd service, if lokole_enabled - systemd: - name: supervisor - enabled: yes - state: restarted - when: lokole_enabled + - name: Enable & Restart supervisor systemd service, if lokole_enabled + systemd: + name: supervisor + enabled: yes + state: restarted + when: lokole_enabled -- name: Disable & Stop supervisor systemd service, if not lokole_enabled - systemd: - name: supervisor - enabled: no - state: stopped - when: not lokole_enabled + - name: Disable & Stop supervisor systemd service, if not lokole_enabled + systemd: + name: supervisor + enabled: no + state: stopped + when: not lokole_enabled -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml -- name: Add 'lokole' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: lokole - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Lokole - - option: description - value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."' - #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' - - option: lokole_install - value: "{{ lokole_install }}" - - option: lokole_enabled - value: "{{ lokole_enabled }}" - - option: lokole_settings - value: "{{ lokole_settings }}" - - option: lokole_url - value: "{{ lokole_url }}" - - option: lokole_full_url - value: "{{ lokole_full_url }}" + - name: Add 'lokole' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: lokole + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Lokole + - option: description + value: '"Lokole is an email service that works offline, for rural communities. With a 3G/4G modem, you can arrange to batch-upload / batch-download emails once per night -- for almost no cost at all -- depending on mobile data plans in your country."' + #value: '"Lokole is an email service that works offline, for rural communities. In some cases, emails can also be transmitted to/from the Internet, taking advantage of discounted mobile data rates."' + - option: lokole_install + value: "{{ lokole_install }}" + - option: lokole_enabled + value: "{{ lokole_enabled }}" + - option: lokole_settings + value: "{{ lokole_settings }}" + - option: lokole_url + value: "{{ lokole_url }}" + - option: lokole_full_url + value: "{{ lokole_full_url }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/matomo/README.adoc b/roles/matomo/README.adoc new file mode 100644 index 000000000..0ad39328a --- /dev/null +++ b/roles/matomo/README.adoc @@ -0,0 +1,70 @@ += Matomo README + +https://matomo.org/[Matomo] is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership, that you can use with https://internet-in-a-box.org[Internet-in-a-Box] (IIAB). + +== Install it + +Prior to installing Matomo with IIAB, the default URL (http://box.lan/matomo) can be customized in https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] + +One way to do that is by changing these 2 lines: + +---- +iiab_hostname: box +iiab_domain: lan +---- + +Or, you can change the Matomo URL by putting your IIAB IP Address in a line like: + +---- +matomo_host_url: http://192.168.0.199 +---- + +Either way, consider setting a Matomo username and password using lines like: + +---- +matomo_db_user: Admin +matomo_db_pass: changeme +---- + +Also ensure that your `/etc/iiab/local_vars.yml` contains these lines: + +---- +matomo_install: True +matomo_enabled: True +---- + +_Finally, continue to https://download.iiab.io[install IIAB], e.g. by running `sudo iiab`, until software installation is complete._ + +== Use it + +Log in to your IIAB's full Matomo URL, e.g. http://box.lan/matomo, as arranged above. + +Take a look at Matomo's official guides to further set this up: https://matomo.org/guides/ + +WARNING: If your IIAB URL is *not* http://box.lan, you may run into a big orange warning from Matomo that it has been configured to run from a different address. Here are the steps to fix this problem. + +1. Copy the IP address listed in the box below "How do I fix this problem and how do I log in again?" For example, I see `trusted_hosts[] = "192.168.64.10"`, so I copy `"192.168.64.10"`. +2. Run `sudo nano /library/www/matomo/config/config.ini.php` to edit Matomo's config file. +3. Paste or type the IP address from Step 1 to replace `"box.lan"` in the `trusted_hosts` line, which should be about line 13. When I'm done, my line 13 says `trusted_hosts[] = "192.168.64.10"` instead of `trusted_hosts[] = "box.lan"`. +4. Refresh the Matomo homepage and the warning should be gone. +5. Optionally, see the https://forum.matomo.org/t/trusted-hostname/11963[advanced tips] in https://forum.matomo.org/[Matomo's Forum]. + +WARNING: Matomo won't show any traffic statistics until after 1 day or reboot (which are the events that trigger the log scraper!) + +=== Getting Started + +Matomo is developed with commercial websites in mind. After navigating to http://box.lan/matomo and logging in with the user name and password you set above, you will see a variety of references to revenue, marketplaces, and other terms focused on commercialization and advertising. Don't worry about that. + +The heart of Matomo's value for you is in the navigation bar on the left side of the page. Click on *Visitors* and then below *Visitors*, *Overview*, to see how many different users are visiting your site. The top of the page will show a graph of how many visits occur on each day (although your device can't keep track of time when it is off and has no connection to the Internet, so this graph might not be perfectly accurate). Below the graph, you'll see some overall statistics, like how many unique visitors you've had. Matomo thinks of visitors in terms of devices, so it won't know if two people are connecting to your Internet-in-a-Box using the same phone. There are several other interesting statistics here, like the average visit duration, or average time your visitors are spending using Internet-in-a-Box. + +Below the *Visitors* button is a second button, *Behavior*. Click on the *Pages* button after clicking *Behavior* and you can see the various pages that have been visited by your users. You may not see activity from the most recent day, since Matomo only updates its records once per day. + +=== IIAB Tips, Tricks, and Gotchas + +1. If your Internet-in-a-Box setup is without power and Internet access, it will not be able to keep time correctly. This is okay! But it means that the time-of-visit information in Matomo will not be correct. + +2. One thing Matomo can't track correctly is navigation within Khan Academy pages. If your users are spending a lot of time here, it won't be visible in the Matomo statistics. + +== Credits + +Carl Wivagg diff --git a/roles/matomo/defaults/main.yml b/roles/matomo/defaults/main.yml new file mode 100644 index 000000000..cf332c0e1 --- /dev/null +++ b/roles/matomo/defaults/main.yml @@ -0,0 +1,18 @@ +# matomo_install: True +# matomo_enabled: True + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! + +matomo_dl_url: https://builds.matomo.org/matomo.tar.gz +matomo_path: "{{ doc_base }}" # e.g. /library/www + +matomo_db_name: matomodb +matomo_db_user: Admin +matomo_db_pass: changeme + +#matomo_host_url: http://{{ ansible_default_ipv4.address }} +matomo_host_url: http://{{ iiab_hostname }}.{{ iiab_domain }} # e.g. http://box.lan +matomo_full_url: "{{ matomo_host_url }}/matomo/" + +matomo_cronjob: "sudo python3 {{ matomo_path }}/matomo/misc/log-analytics/import_logs.py --url={{ matomo_full_url }} --idsite=1 --recorders=4 --enable-http-errors --enable-http-redirects --enable-static --enable-bots /var/log/nginx/access.log" diff --git a/roles/matomo/tasks/install.yml b/roles/matomo/tasks/install.yml new file mode 100644 index 000000000..68942ea3c --- /dev/null +++ b/roles/matomo/tasks/install.yml @@ -0,0 +1,196 @@ +# The sections of code interacting with the Matomo website are modified from code found at https://git.coop/webarch/matomo/. This code is distributed under +# Version 3 of the GNU General Public License. We modified this code and applied it here in April 2022. The derived sections correspond to the tasks running +# from "HTTP Get Welcome" through "Finish Matomo Setup", lines 45 through 156. + +- name: "WARNING: './runrole --reinstall matomo' CAN FAIL AS OF 2022-06-15, e.g. if /library/www/matomo already exists" + meta: noop + +# EXAMPLE OF ABOVE ERROR: + +# TASK [matomo : HTTP Get Welcome] *************************************************************************************************************************************** +# fatal: [127.0.0.1]: FAILED! => {"cache_control": "private, no-cache, no-store", "changed": false, "connection": "close", "content_type": "text/html; charset=utf-8", "date": "Wed, 15 Jun 2022 05:07:41 GMT", "elapsed": 0, "expires": "Thu, 19 Nov 1981 08:52:00 GMT", "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "pragma": "no-cache", "redirected": false, "server": "nginx/1.18.0 (Ubuntu)", "set_cookie": "MATOMO_SESSID=psak3aem27vrdrt8t2f016600f; path=/; HttpOnly; SameSite=Lax", "status": 500, "transfer_encoding": "chunked", "url": "http://box.lan/matomo/index.php?action=welcome", "x_matomo_request_id": "fbfd2"} + +- name: Start MariaDB + #action: service name=mysql state=started + systemd: + name: "{{ mysql_service }}" + state: started + +- name: Create MariaDB Database for Matomo + community.mysql.mysql_db: + name: "{{ matomo_db_name }}" + #login_unix_socket: /var/run/mysqld/mysqld.sock + +- name: Add Admin User to MariaDB Database + community.mysql.mysql_user: + name: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + update_password: on_create # OR SHOULD './runrole --reinstall matomo' FORCE A COMPLETELY CLEAN INSTALL? + priv: "{{ matomo_db_name }}.*:ALL" + #login_unix_socket: /var/run/mysqld/mysqld.sock + +- name: Download and Extract Matomo (~1 min) + unarchive: + src: "{{ matomo_dl_url }}" # e.g. https://builds.matomo.org/matomo.tar.gz + dest: "{{ matomo_path }}" # e.g. /library/www + remote_src: yes + +- name: Set Matomo Directory Permissions + file: + path: "{{ matomo_path }}/matomo" + recurse: yes + owner: "{{ apache_user }}" # e.g. www-data + group: "{{ apache_user }}" + +- name: HTTP Get Welcome + uri: + url: "{{ matomo_full_url }}index.php?action=welcome" # e.g. http://box.lan/matomo + method: GET + status_code: 200 + register: matomo_welcome + +- debug: + var: matomo_welcome + +- name: Set a variable for the MATOMO_SESSID cookie + set_fact: + matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" + when: cookie.key == "MATOMO_SESSID" + loop: "{{ matomo_welcome.cookies | dict2items }}" + loop_control: + loop_var: cookie + +- name: Get Matomo System Check + uri: + url: "{{ matomo_full_url }}index.php?action=systemCheck" + method: GET + headers: + Cookie: "{{ matomo_session_cookie }}" + return_content: true + timeout: 120 + status_code: 200 + register: matomo_system_check + +- debug: + var: matomo_system_check + +- name: Matomo Database Setup + uri: + url: "{{ matomo_full_url }}index.php?action=databaseSetup" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + username: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + dbname: "{{ matomo_db_name }}" + tables_prefix: "matomo_" + adapter: "PDO\\MYSQL" + body_format: form-urlencoded + status_code: 302 + #register: matomo_database_setup + +- name: Matomo Table Creation + uri: + url: "{{ matomo_full_url }}index.php?action=tablesCreation&module=Installation" + method: GET + status_code: 200 + register: matomo_table_creation + +- name: Set a variable for the MATOMO_SESSID cookie + set_fact: + matomo_session_cookie: "MATOMO_SESSID={{ cookie.value }}" + when: + - matomo_table_creation.cookies is defined + - matomo_table_creation.cookies | length > 0 + - cookie.key == "MATOMO_SESSID" + loop: "{{ matomo_table_creation.cookies | dict2items }}" + loop_control: + loop_var: cookie + +- debug: + var: matomo_table_creation + +- name: Matomo User Setup + uri: + url: "{{ matomo_full_url }}index.php?action=setupSuperUser&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + login: "{{ matomo_db_user }}" + password: "{{ matomo_db_pass }}" + password_bis: "{{ matomo_db_pass }}" + email: "nobody@dev.null" + subscribe_newsletter_piwikorg: 0 + subscribe_newsletter_professionalservices: 0 + body_format: form-urlencoded + status_code: 302 + #register: matomo_setup_superuser + +- name: Configure Matomo to track IIAB + uri: + url: "{{ matomo_full_url }}index.php?action=firstWebsiteSetup&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + siteName: "IIAB" + url: "{{ matomo_host_url }}" + ecommerce: 0 + body_format: form-urlencoded + status_code: 302 + #register: matomo_first_website_setup + +- name: Matomo Tracking Code + uri: + url: "{{ matomo_full_url }}index.php?action=trackingCode&module=Installation&site_idSite=1&site_name={{ matomo_host_url }}" + method: GET + headers: + Cookie: "{{ matomo_session_cookie }}" + return_content: true + status_code: 200 + #register: matomo_tracking_code + +- name: Finish Matomo Setup + uri: + url: "{{ matomo_full_url }}index.php?action=finished&module=Installation" + method: POST + headers: + Cookie: "{{ matomo_session_cookie }}" + body: + do_not_track: 1 + anonymise_ip: 1 + submit: "Continue to Matomo" + body_format: form-urlencoded + status_code: 302 + +- name: Start Collecting Matomo Data + cron: + name: "MatomoDataIngestionOnReboot" + special_time: reboot + job: "{{ matomo_cronjob }}" + user: root + cron_file: "matomo_reboot" + +- name: Run Daily Job Collecting Matomo Data + cron: + name: "DailyMatomoDataIngestion" + minute: "0" + hour: "0" + job: "{{ matomo_cronjob }}" + user: root + cron_file: "matomo_daily" + + +# RECORD Matomo AS INSTALLED + +- name: "Set 'matomo_installed: True'" + set_fact: + matomo_installed: True + +- name: "Add 'matomo_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^matomo_installed' + line: 'matomo_installed: True' diff --git a/roles/matomo/tasks/main.yml b/roles/matomo/tasks/main.yml new file mode 100644 index 000000000..eec80e81a --- /dev/null +++ b/roles/matomo/tasks/main.yml @@ -0,0 +1,55 @@ +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 + +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "matomo_install is sameas true" (boolean not string etc) + assert: + that: matomo_install is sameas true + fail_msg: "PLEASE SET 'matomo_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "matomo_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: matomo_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'matomo_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- block: + + - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml + + - name: Install Matomo if 'matomo_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: matomo_installed is undefined + + # LET'S ADD THIS "ON/OFF SWITCH" IF POSS! + # - include_tasks: enable-or-disable.yml + + - name: Add 'matomo' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: matomo + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Matomo + - option: description + value: '"Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership."' + - option: matomo_install + value: "{{ matomo_install }}" + - option: matomo_enabled + value: "{{ matomo_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/matomo/tasks/nginx.yml b/roles/matomo/tasks/nginx.yml new file mode 100644 index 000000000..8d432ee8c --- /dev/null +++ b/roles/matomo/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: Enable http://box/maps & http://box/matomo via NGINX, by installing {{ nginx_conf_dir }}/matomo-nginx.conf from template + template: + src: matomo-nginx.conf.j2 + dest: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d + when: matomo_enabled + +- name: Disable http://box/maps & http://box/matomo via NGINX, by removing {{ nginx_conf_dir }}/matomo-nginx.conf + file: + path: "{{ nginx_conf_dir }}/matomo-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not matomo_enabled + +- name: Reload 'nginx' systemd service + systemd: + name: nginx + state: reloaded diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2 new file mode 100644 index 000000000..21ae9ddfa --- /dev/null +++ b/roles/matomo/templates/matomo-nginx.conf.j2 @@ -0,0 +1,17 @@ +location ~ ^/matomo(.*)\.php(.*)$ { + alias /library/www/matomo$1.php$2; # /library/www/matomo + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + fastcgi_pass php; + fastcgi_index index.html; + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param PATH_INFO $2; +} + +location ~ ^/matomo/ { + root /library/www; +} diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml index b49ce8a83..ca21a0ad4 100644 --- a/roles/mediawiki/defaults/main.yml +++ b/roles/mediawiki/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -mediawiki_major_version: 1.37 # "1.35" also works +mediawiki_major_version: 1.38 # "1.35" also works mediawiki_minor_version: 2 mediawiki_version: "{{ mediawiki_major_version }}.{{ mediawiki_minor_version }}" diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index 2318a886d..1a0318e06 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -19,39 +19,46 @@ quiet: yes -- name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mediawiki_installed is undefined +- block: + - name: Install MediaWiki {{ mediawiki_version }} if 'mediawiki_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mediawiki_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'mediawiki' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mediawiki + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MediaWiki + - option: description + value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."' + - option: mediawiki_install + value: "{{ mediawiki_install }}" + - option: mediawiki_enabled + value: "{{ mediawiki_enabled }}" + - option: mediawiki_src + value: "{{ mediawiki_src }}" + - option: mediawiki_abs_path + value: "{{ mediawiki_abs_path }}" + - option: mediawiki_db_name + value: "{{ mediawiki_db_name }}" + - option: mediawiki_db_user + value: "{{ mediawiki_db_user }}" + - option: mediawiki_url + value: "{{ mediawiki_url }}" + - option: mediawiki_full_url + value: "{{ mediawiki_full_url }}" -- name: Add 'mediawiki' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mediawiki - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MediaWiki - - option: description - value: '"MediaWiki is a blog and web site management application, from the people who create Wikipedia."' - - option: mediawiki_install - value: "{{ mediawiki_install }}" - - option: mediawiki_enabled - value: "{{ mediawiki_enabled }}" - - option: mediawiki_src - value: "{{ mediawiki_src }}" - - option: mediawiki_abs_path - value: "{{ mediawiki_abs_path }}" - - option: mediawiki_db_name - value: "{{ mediawiki_db_name }}" - - option: mediawiki_db_user - value: "{{ mediawiki_db_user }}" - - option: mediawiki_url - value: "{{ mediawiki_url }}" - - option: mediawiki_full_url - value: "{{ mediawiki_full_url }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/minetest/README.rst b/roles/minetest/README.rst index 38e04eef6..82dfaa397 100644 --- a/roles/minetest/README.rst +++ b/roles/minetest/README.rst @@ -23,7 +23,7 @@ No password is required. Configurable Parameters ----------------------- -If changes are necessary, please edit `/etc/iiab/local_vars.yml `_ (adding any variables that you need) prior to installation if possible: +If changes are necessary, please edit `/etc/iiab/local_vars.yml `_ (adding any variables that you need) prior to installation if possible: - ``minetest_install:`` set Minetest up to install; default is False - ``minetest_enabled:`` set Minetest up to be enabled; default is False diff --git a/roles/minetest/tasks/main.yml b/roles/minetest/tasks/main.yml index a07d640c7..f5fad6cd1 100644 --- a/roles/minetest/tasks/main.yml +++ b/roles/minetest/tasks/main.yml @@ -19,32 +19,39 @@ quiet: yes -- name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: provision.yml # i.e. install.yml in other roles - when: minetest_installed is undefined +- block: + - name: Install Minetest if 'minetest_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: provision.yml # i.e. install.yml in other roles + when: minetest_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'minetest' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: minetest + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Minetest Server + - option: description + value: '"Minetest is an open source clone of the Minecraft building blocks game."' + - option: minetest_install + value: "{{ minetest_install }}" + - option: minetest_enabled + value: "{{ minetest_enabled }}" + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" + - option: minetest_port + value: "{{ minetest_port }}" + - option: minetest_world_dir + value: "{{ minetest_world_dir }}" -- name: Add 'minetest' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: minetest - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Minetest Server - - option: description - value: '"Minetest is an open source clone of the Minecraft building blocks game."' - - option: minetest_install - value: "{{ minetest_install }}" - - option: minetest_enabled - value: "{{ minetest_enabled }}" - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" - - option: minetest_port - value: "{{ minetest_port }}" - - option: minetest_world_dir - value: "{{ minetest_world_dir }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mongodb/defaults/main.yml b/roles/mongodb/defaults/main.yml index 1c54103e7..f42149f8e 100644 --- a/roles/mongodb/defaults/main.yml +++ b/roles/mongodb/defaults/main.yml @@ -20,6 +20,12 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! +mongodb_64bit_version: 4.4 # 5.0 also works as of 2022-06-09, but can fail on +# "pre-2011" CPU's lacking AVX. VERIFY both X.Y versions exist (+ work!) below: +# +# 1) https://www.mongodb.org/static/pgp/server-X.Y.asc ~= https://pgp.mongodb.com +# 2) http://repo.mongodb.org/apt/debian &/OR https://repo.mongodb.org/apt/ubuntu + mongodb_conf: /etc/mongod.conf mongodb_db_path: "{{ content_base }}/dbdata/mongodb" # /library/dbdata/mongodb mongodb_db_lock_file: "{{ mongodb_db_path }}/mongod.lock" diff --git a/roles/mongodb/tasks/enable-or-disable.yml b/roles/mongodb/tasks/enable-or-disable.yml index 68aaf9e84..851b4fb0e 100644 --- a/roles/mongodb/tasks/enable-or-disable.yml +++ b/roles/mongodb/tasks/enable-or-disable.yml @@ -1,6 +1,7 @@ - name: Enable & (Re)Start 'mongodb.service' if mongodb_enabled systemd: name: mongodb + daemon_reload: yes enabled: yes state: restarted when: mongodb_enabled diff --git a/roles/mongodb/tasks/install.yml b/roles/mongodb/tasks/install.yml index 061a27751..ea749db4b 100644 --- a/roles/mongodb/tasks/install.yml +++ b/roles/mongodb/tasks/install.yml @@ -1,11 +1,16 @@ -# 1. INSTALL MongoDB PACKAGES OR BINARIES +# MongoDB Install Docs: +# https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/ +# https://www.mongodb.com/docs/manual/installation/ + + +# 1. INSTALL MongoDB PACKAGES AND/OR BINARIES # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so # https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/ is # being used on Raspbian, all I found! (Raspbian's apt pkg is MongoDB 2.4.14) # # mongodb_stretch_3_0_14_core.zip (20M) & mongodb_stretch_3_0_14_tools.zip (15M) -# were backed up from andyfelong.com to http://download.iiab.io/packages/ +# were backed up from andyfelong.com to https://download.iiab.io/packages/ # # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT... # mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools) @@ -16,16 +21,16 @@ path: /tmp/mongodb-3.0.1x state: directory - - name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) + - name: Download & unzip 20MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (aarch32) unarchive: remote_src: yes - src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # http://download.iiab.io/packages + src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip" # https://download.iiab.io/packages dest: /tmp/mongodb-3.0.1x - name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (aarch32) shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin - - name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) + - name: Download & unzip 15MB https://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (aarch32) unarchive: remote_src: yes src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip" @@ -51,101 +56,161 @@ template: src: mongod.conf.j2 dest: "{{ mongodb_conf }}" # /etc/mongod.conf - #owner: root - #group: root - #mode: 0644 + + - name: 'Create 2 dirs: /var/lib/mongodb, /var/log/mongodb (mongodb:mongodb)' + file: + state: directory + path: "{{ item }}" + owner: mongodb + group: mongodb + with_items: + - /var/lib/mongodb + - /var/log/mongodb # end block when: not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") -# 32-bit OS's are handled above: this should handle aarch32 including 32-bit Ubuntu -# from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04 32-bit might fail -# untested, and 32-bit Intel might puke as this was orginally deployed for Raspbian. -# (Haven't seen bootable 32-bit Intel installers for a while now.) -# 64-bit OS's proceed below. +# 32-bit OS's are handled above: this should handle aarch32 including 32-bit +# Ubuntu from https://ubuntu.com/download/raspberry-pi but Ubuntu 20.04+ and +# 22.04+ 32-bit might fail untested, and 32-bit Intel might puke as this was +# orginally deployed for Raspbian. (Haven't seen bootable 32-bit Intel +# installers for a while now.) 64-bit OS's proceed below. - block: - - name: Add mongodb.org signing key (only 64-bit support available) - shell: wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - + - name: Add mongodb.org signing key (only 64-bit support available) for MongoDB version {{ mongodb_64bit_version }} + shell: wget -qO - https://www.mongodb.org/static/pgp/server-{{ mongodb_64bit_version }}.asc | apt-key add - + #shell: wget -qO - https://pgp.mongodb.com/server-{{ mongodb_64bit_version }}.asc | apt-key add - args: warn: false - - name: Use mongodb-org's Debian repo for Debian (only amd64 support available) + - name: Install mongodb-org's Debian buster source/repo (we only use x86_64 i.e. arm64) for MongoDB version {{ mongodb_64bit_version }} apt_repository: - # 2020-10-28: http://repo.mongodb.org/apt/debian/dists/ supports only - # {buster 10, stretch 9, jessie 8, wheezy 7} - # so Debian 11 "Bullseye" (testing branch) can revert to buster for now: - repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main - #repo: deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main + # 2020-10-28 and 2022-06-09: https://repo.mongodb.org/apt/debian/dists/ + # supports only {Buster 10, Stretch 9, Jessie 8, Wheezy 7}. So Bullseye + # 11 and Bookworm 12 (testing branch) revert to buster for now: + repo: deb https://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_64bit_version }} main + #repo: deb https://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/4.4 main state: present filename: mongodb-org - when: is_debian and (ansible_architecture == "x86_64") + when: is_debian and ansible_architecture == "x86_64" - # Debian 10 aarch64 might work below but is blocked in main.yml - - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 + - name: Otherwise install mongodb-org's Ubuntu focal source/repo [ arch=amd64,arm64 ] for MongoDB version {{ mongodb_64bit_version }} apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse + repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/{{ mongodb_64bit_version }} multiverse state: present filename: mongodb-org - when: is_raspbian and (ansible_architecture == "aarch64") + when: not (is_debian and ansible_architecture == "x86_64") - - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only - apt_repository: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse - state: present - filename: mongodb-org - when: is_linuxmint + # # Debian 10 aarch64 might work below but is blocked in main.yml + # - name: Use mongodb-org's Ubuntu focal repo for RasPiOS-aarch64 + # apt_repository: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # state: present + # filename: mongodb-org + # when: is_raspbian and ansible_architecture == "aarch64" - - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only - apt_repository: - # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only - # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} - # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: - repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse - #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse - state: present - filename: mongodb-org - when: is_ubuntu and not is_linuxmint + # - name: Use mongodb-org's Ubuntu focal repo for Linux Mint - 64bit only + # apt_repository: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # state: present + # filename: mongodb-org + # when: is_linuxmint + + # - name: Use mongodb-org's Ubuntu repo for all non-Mint Ubuntu - 64bit only + # apt_repository: + # # 2020-10-27: https://repo.mongodb.org/apt/ubuntu/dists/ supports only + # # {focal 20.04, bionic 18.04, xenial 16.04, trusty 14.04, precise 12.04} + # # so other Ubuntu's like groovy 20.10 need to revert to recent LTS repo: + # repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse + # #repo: deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu {{ ansible_distribution_release }}/mongodb-org/4.4 multiverse + # state: present + # filename: mongodb-org + # when: is_ubuntu and not is_linuxmint - name: "Install packages: mongodb-org, mongodb-org-server" package: name: - - mongodb-org + - mongodb-org # Meta-package that's auto-installed anyway (SO PROB UNNEC HERE?) - mongodb-org-server state: present - - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} (mongodb_conf) -- takes effect on next (re)start of the service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + - name: Establish {{ mongodb_conf }} dbPath {{ mongodb_db_path }} -- instead of /var/lib/mongodb default -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand lineinfile: path: "{{ mongodb_conf }}" - regexp: '^\s*port:' # \s = any whitespace char. stackoverflow.com/a/38491899 - #backrefs: yes + regexp: '^\s*dbPath:' # \s = any whitespace char. stackoverflow.com/a/38491899 + line: " dbPath: {{ mongodb_db_path }}" # /library/dbdata/mongodb + + # GRATUITOUS (port 27017 is already the default) + - name: Establish {{ mongodb_conf }} port {{ mongodb_port }} -- takes effect on next (re)start of mongodb.service -- via enable-or-disable.yml or via sugarizer.service auto-starting MongoDB on demand + lineinfile: + path: "{{ mongodb_conf }}" + regexp: '^\s*port:' line: " port: {{ mongodb_port }}" # 27017 + # 2022-06-07 #3236 MongoDB 5.0.9 "Illegal instruction" on RPi 4... + # https://www.mongodb.com/community/forums/t/core-dump-on-mongodb-5-0-on-rpi-4/115291/14 + # ...as ARM v8-A < ARM v8.2-A ...also reveals: + # + # (1) For Intel x86_64, MongoDB 5.x requires Sandy Bridge or later. + # For AMD x86_64, MongoDB 5.x requires Bulldozer or later. + # Roughly speaking, this means post-2011 CPUs with AVX instructions: + # https://github.com/docker-library/mongo/issues/485#issuecomment-891991814 + # (2) dbPath needed fixing in /etc/mongod.conf (~16 lines above) from + # /var/lib/mongodb to /library/dbdata/mongodb + # (3) mongod.lock is effectively NO LONGER A LOCK FILE -- but rather a PID + # file (it may be zero bytes, but never goes away) as confirmed with + # MongoDB 4.4.14 on RPi 4 and 5.0.9 Ubuntu 22.04 on x86_64. And now + # 'mongod --repair --dbpath /library/dbdata/mongodb/' IGNORES mongod.lock + # (4) mongodb.service needed a more graceful way to shut down than + # 'killall mongod' (MongoDB 5+ shuts down w/ 15sec quiesce period). + # (5) MongoDB 6.0 is likely imminent; meantime a 2022-01-12 option (~12 + # lines below) is MongoDB 5.0.5 compiled for 64-bit RPi 4 and RPi 400: + # https://andyfelong.com/downloads/raspbian_mongodb_5.0.5.gz + # https://andyfelong.com/2021/08/mongodb-4-4-under-raspberry-pi-os-64-bit-raspbian64/ + + - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, run 'apt-mark hold mongodb-org mongodb-org-server' -- so MongoDB 5.0.5 binaries {mongo, mongod, mongos} can be installed without apt interfering in future + command: apt-mark hold mongodb-org mongodb-org-server + when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') + + - name: If hardware is Raspberry Pi and mongodb_64bit_version >= 5.0, unarchive 76MB {{ iiab_download_url }}//packages/raspbian_mongodb_5.0.5.gz OVERWRITING 5.0.9+ {mongo, mongod, mongos} in /usr/bin + unarchive: + remote_src: yes + src: "{{ iiab_download_url }}/raspbian_mongodb_5.0.5.gz" + dest: /usr/bin + when: rpi_model != "none" and mongodb_64bit_version is version('5.0', '>=') + # end block - when: (ansible_architecture == "aarch64") or (ansible_architecture == "x86_64") + when: ansible_architecture == "aarch64" or ansible_architecture == "x86_64" # 2. CONFIGURE MongoDB FOR IIAB -- name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}' +# - name: 'Create 3 dirs for MongoDB: /var/lib/mongodb, /var/log/mongodb, {{ mongodb_db_path }}' +# file: +# state: directory +# path: "{{ item }}" +# owner: mongodb +# group: mongodb +# with_items: +# #- { path: '/var/run/mongodb' } +# - /var/lib/mongodb +# - /var/log/mongodb +# - "{{ mongodb_db_path }}" # /library/dbdata/mongodb + +- name: 'Create dir {{ mongodb_db_path }} (mongodb:mongodb)' file: state: directory - path: "{{ item }}" + path: "{{ mongodb_db_path }}" # /library/dbdata/mongodb owner: mongodb group: mongodb - with_items: - #- { path: '/var/run/mongodb' } - - /var/lib/mongodb - - /var/log/mongodb - - "{{ mongodb_db_path }}" # /library/dbdata/mongodb - name: Install mongodb.service, /usr/bin/iiab-mongodb-repair-if-no-lock from templates template: src: "{{ item.src }}" dest: "{{ item.dest }}" - owner: root - group: root mode: "{{ item.mode }}" + #owner: root + #group: root with_items: - { src: 'mongodb.service.j2', dest: '/etc/systemd/system/mongodb.service', mode: '0644' } - { src: 'iiab-mongodb-repair-if-no-lock.j2', dest: '/usr/bin/iiab-mongodb-repair-if-no-lock', mode: '0755' } diff --git a/roles/mongodb/tasks/main.yml b/roles/mongodb/tasks/main.yml index e5e2f20ba..3365e818a 100644 --- a/roles/mongodb/tasks/main.yml +++ b/roles/mongodb/tasks/main.yml @@ -35,37 +35,45 @@ - debug: var: is_raspbian -# might be able to lift this once we know using bionic would work -- name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 - fail: # FORCE IT RED THIS ONCE! - msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) - when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian - ignore_errors: yes +# # might be able to lift this once we know using bionic would work +# - name: EXIT 'mongodb' ROLE & CONTINUE, IF 'is_debian_10 and aarch64 and not is_raspbian' i.e. TRUE DEBIAN with arch64 +# fail: # FORCE IT RED THIS ONCE! +# msg: ATTEMPTED MongoDB INSTALLATION WITH (TRUE) DEBIAN aarch64, which is not supported upstream. Nevertheless IIAB will continue (consider this a warning!) +# when: (ansible_architecture == "aarch64") and is_debian_10 and not is_raspbian +# ignore_errors: yes # ELSE... -- name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) +- block: -- name: Enable or Disable MongoDB, if mongodb_installed is defined (sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) - include_tasks: enable-or-disable.yml - when: mongodb_installed is defined + - name: Install MongoDB if 'mongodb_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mongodb_installed is undefined + # when: mongodb_installed is undefined and not (ansible_architecture == "aarch64" and is_debian_10 and not is_raspbian) + - name: Enable or Disable MongoDB (FYI sugarizer.service auto-starts MongoDB as nec, so doesn't need this or care what happens here!) + include_tasks: enable-or-disable.yml -- name: Add 'mongodb' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mongodb - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: MongoDB - - option: description - value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' - - option: mongodb_install - value: "{{ mongodb_install }}" - - option: mongodb_enabled - value: "{{ mongodb_enabled }}" + - name: Add 'mongodb' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mongodb + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: MongoDB + - option: description + value: '"MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling."' + - option: mongodb_install + value: "{{ mongodb_install }}" + - option: mongodb_enabled + value: "{{ mongodb_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 b/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 index 790748103..433b98c5d 100644 --- a/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 +++ b/roles/mongodb/templates/iiab-mongodb-repair-if-no-lock.j2 @@ -1,5 +1,7 @@ #!/bin/bash +# 2022-06-07: 100% BOGUS+USELESS with MongoDB 4+ -- SEE mongodb.service & #3236 + if [ -f {{ mongodb_db_lock_file }} ]; then echo '"mongod --repair" cannot run when {{ mongodb_db_lock_file }} present.' >&2 # Output to STDERR but keep going, so /etc/systems/system/mongodb.service continues else diff --git a/roles/mongodb/templates/mongodb.service.j2 b/roles/mongodb/templates/mongodb.service.j2 index 1ae050ae8..6e371da7d 100644 --- a/roles/mongodb/templates/mongodb.service.j2 +++ b/roles/mongodb/templates/mongodb.service.j2 @@ -1,3 +1,40 @@ +# 2022-06-07: IS MongoDB's OFFICIAL /lib/systemd/system/mongod.service USEFUL? + +# [Unit] +# Description=MongoDB Database Server +# Documentation=https://docs.mongodb.org/manual +# After=network-online.target +# Wants=network-online.target + +# [Service] +# User=mongodb +# Group=mongodb +# EnvironmentFile=-/etc/default/mongod +# ExecStart=/usr/bin/mongod --config /etc/mongod.conf +# PIDFile=/var/run/mongodb/mongod.pid +# # file size +# LimitFSIZE=infinity +# # cpu time +# LimitCPU=infinity +# # virtual memory size +# LimitAS=infinity +# # open files +# LimitNOFILE=64000 +# # processes/threads +# LimitNPROC=64000 +# # locked memory +# LimitMEMLOCK=infinity +# # total threads (user+kernel) +# TasksMax=infinity +# TasksAccounting=false + +# # Recommended limits for mongod as specified in +# # https://docs.mongodb.com/manual/reference/ulimit/#recommended-ulimit-settings + +# [Install] +# WantedBy=multi-user.target + + [Unit] Description=High-performance, schema-free document-oriented database After=syslog.target network.target @@ -6,15 +43,22 @@ After=syslog.target network.target Type=simple User=mongodb Group=mongodb -# FAILS (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942) +{% if not (ansible_architecture == "x86_64" or ansible_architecture == "aarch64") %} +# USED TO FAIL (after power failures, etc) as --repair cannot run when lock file exists: (https://github.com/iiab/iiab/issues/942) #ExecStartPre=/usr/bin/mongod --repair --dbpath /library/dbdata/mongodb # FAILS as systemd cannot run bash here: #ExecStartPre=if [ ! -f /library/dbdata/mongodb/mongod.lock ]; then /usr/bin/mongod --repair --dbpath {{ mongodb_db_path }}; fi +# 2022-06-07: MIGHT STILL BE USEFUL for MongoDB 3.x (i.e. on 32-bit RasPiOS) ExecStartPre=/usr/bin/iiab-mongodb-repair-if-no-lock +{% endif %} ExecStart=/usr/bin/mongod -f {{ mongodb_conf }} -ExecStop=/usr/bin/killall mongod -# killall's SIGTERM (15) seems fine, to induce a graceful stop. This would work too: -#ExecStop=mongod --dbpath {{ mongodb_db_path }} --shutdown +#ExecStop=/usr/bin/killall mongod +# killall's SIGTERM (15) above no longer induces a graceful stop w/ MongoDB 5+ +# https://www.mongodb.com/docs/manual/reference/method/db.shutdownServer/ +# https://www.mongodb.com/docs/v5.0/reference/command/shutdown/ +# https://www.mongodb.com/docs/v6.0/reference/command/shutdown/ +ExecStop=/usr/bin/mongod -f {{ mongodb_conf }} --shutdown +#ExecStop=/usr/bin/mongod --dbpath {{ mongodb_db_path }} --shutdown [Install] WantedBy=multi-user.target diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index 23340644d..c6c50d042 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -19,43 +19,52 @@ quiet: yes -# 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0 -# "Buster" during the very final days prior to release, as confirmed by the -# sudden disappearance of these 2 pages: -# -# https://packages.debian.org/buster/monit -# https://packages.debian.org/source/buster/monit -# -# And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to -# be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via -# apt -- so eliminating "Debian 10+" requires this funky conditional: +- block: -# 2020-09-21: The 'monit' package appears to be returning to Debian 11, per: -# -# https://packages.debian.org/bullseye/monit -# https://packages.debian.org/source/bullseye/monit -# -# SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc. + # 2019-07-06: The 'monit' package was suddenly removed from Debian 10.0.0 + # "Buster" during the very final days prior to release, as confirmed by the + # sudden disappearance of these 2 pages: + # + # https://packages.debian.org/buster/monit + # https://packages.debian.org/source/buster/monit + # + # And yet Raspbian Buster (is_raspbian_10, which confusingly IIAB declares to + # be is_debian_10 in vars/raspbian-10.yml for now!) still provides 'monit' via + # apt -- so eliminating "Debian 10+" requires this funky conditional: -- name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) - #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) + # 2020-09-21: The 'monit' package appears to be returning to Debian 11, per: + # + # https://packages.debian.org/bullseye/monit + # https://packages.debian.org/source/bullseye/monit + # + # SEE iiab/iiab#1849 re: "Debian 10 Buster no longer includes Monit" etc. + + - name: Install Monit if 'monit_installed' not defined, e.g. in {{ iiab_state_file }} AND not Debian 10 # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: monit_installed is undefined and not (is_debian_10 and not is_raspbian) + #when: monit_installed is undefined and not ((is_debian and not is_raspbian) and (not is_debian_8) and (not is_debian_9)) -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml -- name: Add 'monit' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: monit - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Monit - - option: description - value: '"Monit is a background service monitor which can correct problems, send email, restart services."' - - option: enabled - value: "{{ monit_enabled }}" + - name: Add 'monit' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: monit + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Monit + - option: description + value: '"Monit is a background service monitor which can correct problems, send email, restart services."' + - option: enabled + value: "{{ monit_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/monit/templates/monitrc.unused b/roles/monit/templates/monitrc.unused index e66b3055c..a269d30d3 100644 --- a/roles/monit/templates/monitrc.unused +++ b/roles/monit/templates/monitrc.unused @@ -65,7 +65,7 @@ set daemon 300 # check services at 5-minute intervals # # ## Send status and events to M/Monit (for more informations about M/Monit -## see http://mmonit.com/). By default Monit registers credentials with +## see https://mmonit.com/). By default Monit registers credentials with ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't ## have to register Monit credentials manually in M/Monit. It is possible to ## disable credential registration using the commented out option below. diff --git a/roles/moodle/tasks/nginx.yml b/roles/moodle/tasks/enable-or-disable.yml similarity index 53% rename from roles/moodle/tasks/nginx.yml rename to roles/moodle/tasks/enable-or-disable.yml index 65a8eef08..687d6db1e 100644 --- a/roles/moodle/tasks/nginx.yml +++ b/roles/moodle/tasks/enable-or-disable.yml @@ -1,3 +1,18 @@ +- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" + set_fact: + postgresql_install: True + postgresql_enabled: True # Revert just below if... + +- name: "Set 'postgresql_enabled: False' if not moodle_enabled" + set_fact: + postgresql_enabled: False + when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) + +- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) + include_role: + name: postgresql + + - name: Enable http://box/moodle via NGINX, by installing {{ nginx_conf_dir }}/moodle-nginx.conf from template template: src: moodle-nginx.conf.j2 diff --git a/roles/moodle/tasks/main.yml b/roles/moodle/tasks/main.yml index 5c4e6bf73..aeb40556f 100644 --- a/roles/moodle/tasks/main.yml +++ b/roles/moodle/tasks/main.yml @@ -19,44 +19,35 @@ quiet: yes -- name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: moodle_installed is undefined +- block: + - name: Install Moodle if 'moodle_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: moodle_installed is undefined -- name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'" - set_fact: - postgresql_install: True - postgresql_enabled: True # Revert just below if... + - include_tasks: enable-or-disable.yml -- name: "Set 'postgresql_enabled: False' if not moodle_enabled" - set_fact: - postgresql_enabled: False - when: not moodle_enabled # and not (pathagar_enabled is defined and pathagar_enabled) + - name: Add 'moodle' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: moodle + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Moodle + - option: description + value: '"Access the Moodle learning management system."' + - option: moodle_install + value: "{{ moodle_install }}" + - option: moodle_enabled + value: "{{ moodle_enabled }}" + - option: moodle_base + value: "{{ moodle_base }}" -- name: POSTGRESQL - run 'postgresql' role (Enable&Start or Disable&Stop PostgreSQL) - include_role: - name: postgresql + rescue: - -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml - - -- name: Add 'moodle' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: moodle - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Moodle - - option: description - value: '"Access the Moodle learning management system."' - - option: moodle_install - value: "{{ moodle_install }}" - - option: moodle_enabled - value: "{{ moodle_enabled }}" - - option: moodle_base - value: "{{ moodle_base }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/mosquitto/README.rst b/roles/mosquitto/README.rst index 098ff2831..7ccb29f97 100644 --- a/roles/mosquitto/README.rst +++ b/roles/mosquitto/README.rst @@ -9,7 +9,7 @@ Roughly follows this guide: https://www.digitalocean.com/community/tutorials/how Using It -------- -Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: +Prior to installing IIAB, make sure your `/etc/iiab/local_vars.yml `_ contains:: mosquitto_install: True mosquitto_enabled: True diff --git a/roles/mosquitto/tasks/main.yml b/roles/mosquitto/tasks/main.yml index dd953d37a..1d38ab229 100644 --- a/roles/mosquitto/tasks/main.yml +++ b/roles/mosquitto/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: mosquitto_installed is undefined +- block: + - name: Install Mosquitto if 'mosquitto_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: mosquitto_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'mosquitto' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: mosquitto + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Mosquitto service + - option: description + value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"' + - option: mosquitto_install + value: "{{ mosquitto_install }}" + - option: mosquitto_enabled + value: "{{ mosquitto_enabled }}" -- name: Add 'mosquitto' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: mosquitto - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Mosquitto service - - option: description - value: '"Mosquitto (uses the MQTT protocol) is a pub-sub broker for electronics projects and educational Internet of Things (IoT) experiments. It''s designed for TCP/IP with remote locations where a ''small code footprint'' is required or bandwidth is limited. See also: Node-RED"' - - option: mosquitto_install - value: "{{ mosquitto_install }}" - - option: mosquitto_enabled - value: "{{ mosquitto_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/munin/tasks/nginx.yml b/roles/munin/tasks/enable-or-disable.yml similarity index 64% rename from roles/munin/tasks/nginx.yml rename to roles/munin/tasks/enable-or-disable.yml index cd1094451..1b0d3ac28 100644 --- a/roles/munin/tasks/nginx.yml +++ b/roles/munin/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & Start 'munin-node' systemd service + systemd: + name: munin-node + daemon_reload: yes + enabled: yes + state: started + when: munin_enabled + +- name: Disable & Stop 'munin-node' systemd service + systemd: + name: munin-node + enabled: no + state: stopped + when: not munin_enabled + + - name: Enable http://box/munin via NGINX, by installing {{ nginx_conf_dir }}/munin24-nginx.conf from template template: src: munin24-nginx.conf.j2 diff --git a/roles/munin/tasks/main.yml b/roles/munin/tasks/main.yml index 22a07119a..0ff168fa5 100644 --- a/roles/munin/tasks/main.yml +++ b/roles/munin/tasks/main.yml @@ -19,42 +19,33 @@ quiet: yes -- name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: munin_installed is undefined +- block: + - name: Install Munin if 'munin_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: munin_installed is undefined -- name: Enable & Start 'munin-node' systemd service - systemd: - name: munin-node - daemon_reload: yes - enabled: yes - state: started - when: munin_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'munin-node' systemd service - systemd: - name: munin-node - enabled: no - state: stopped - when: not munin_enabled + - name: Add 'munin' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: munin + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Munin + - option: description + value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."' + - option: munin_install + value: "{{ munin_install }}" + - option: munin_enabled + value: "{{ munin_enabled }}" -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + rescue: - -- name: Add 'munin' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: munin - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Munin - - option: description - value: '"Munin is a networked resource monitoring tool that can help analyze resource trends and ''what just happened to kill our performance?'' problems."' - - option: munin_install - value: "{{ munin_install }}" - - option: munin_enabled - value: "{{ munin_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/network/README.rst b/roles/network/README.rst index cbe01f450..a95e247ff 100644 --- a/roles/network/README.rst +++ b/roles/network/README.rst @@ -2,13 +2,15 @@ Network README ============== -This is run by `Ansible `_ after it has installed the core (`Stages 0-to-9 `_) of `Internet-in-a-Box (IIAB) `_ and its apps/services. +This is run by `Ansible `_ after it has installed the core (`Stages 0-to-9 `_) of `Internet-in-a-Box (IIAB) `_ and its apps/services. Specifically, this 'network' role is run... - ...automatically during IIAB installation, after `/opt/iiab/iiab/iiab-install <../../iiab-install>`_ has run `Stages 0-to-9 <..>`_ (thanks to `iiab-stages.yml <../../iiab-stages.yml>`_). - ...automatically by IIAB's **Admin Console** (http://box/admin) if you click **Configure** -> **Install Configured Options** — this is similar to the above, but only runs Stage 0, then Stage 4-to-9, and then finally this 'network' role/stage (thanks to `iiab-from-console.yml <../../iiab-from-console.yml>`_). -- ...or manually, if you run ``cd /opt/iiab/iiab`` then `sudo ./iiab-network <../../iiab-network>`_ (which is much the same as running ``sudo ./runrole network``). +- ...or manually, if you run `sudo iiab-network <../../scripts/iiab-network>`_ + - A stronger version is also available if necessary: ``cd /opt/iiab/iiab`` then ``sudo ./runrole --reinstall network`` + - If your IIAB was installed prior to August 2022, instead run: ``cd /opt/iiab/iiab`` then `sudo ./iiab-network <../../iiab-network>`_ (which is much the same as running ``sudo ./runrole network``). Many IIAB networking questions can be answered in these 2 documents: diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml index f647af6ec..fd1fa4dcc 100644 --- a/roles/network/defaults/main.yml +++ b/roles/network/defaults/main.yml @@ -27,6 +27,7 @@ # hostapd_enabled: True # Above set in /opt/iiab/iiab/vars/default_vars.yml + hostapd_wait: 10 host_wireless_n: False driver_name: nl80211 @@ -59,10 +60,12 @@ virtual_network_devices: "-e ap0 -e lo -e br0 -e tun -e br- -e docker -e bridge0 # Set defaults for discovery process as strings wifi1: "not found-1" wifi2: "not found-2" +can_be_ap: False exclude_devices: none device_gw: none prior_gw_device: unset - +# 2022-06-29: Legacy vars no longer used by roles/0-init +discovered_wan_iface: none # 2021-07-30: Very broadly used! iiab_wan_iface: none iiab_lan_iface: none discovered_lan_iface: none diff --git a/roles/network/tasks/NM-debian.yml b/roles/network/tasks/NM-debian.yml index 8cf977c8a..d5dad9ffc 100644 --- a/roles/network/tasks/NM-debian.yml +++ b/roles/network/tasks/NM-debian.yml @@ -1,6 +1,6 @@ # NM-debian.yml -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml # provide keyfile layout like the XO's used way back. #- name: Create uuid for NM's keyfile store diff --git a/roles/network/tasks/avahi.yml b/roles/network/tasks/avahi.yml index 15a62de8e..8fe5f7159 100644 --- a/roles/network/tasks/avahi.yml +++ b/roles/network/tasks/avahi.yml @@ -7,7 +7,7 @@ - name: Install avahi announce config file /etc/avahi/services/schoolserver.service template: - src: avahi/schoolserver.service + src: roles/network/templates/avahi/schoolserver.service # Invoked by 1-prep (so full path needed) dest: /etc/avahi/services/schoolserver.service owner: avahi group: avahi diff --git a/roles/network/tasks/computed_network.yml b/roles/network/tasks/computed_network.yml index efe764642..8c7ac5515 100644 --- a/roles/network/tasks/computed_network.yml +++ b/roles/network/tasks/computed_network.yml @@ -172,3 +172,5 @@ value: "{{ iiab_lan_iface }}" - option: iiab_network_mode value: "{{ iiab_network_mode }}" + - option: network_enabled + value: "{{ network_enabled }}" diff --git a/roles/network/tasks/computed_services.yml b/roles/network/tasks/computed_services.yml index 47c3cd7cc..9527ed7d3 100644 --- a/roles/network/tasks/computed_services.yml +++ b/roles/network/tasks/computed_services.yml @@ -20,35 +20,35 @@ iiab_network_mode: "Gateway" when: iiab_lan_iface != "none" and iiab_wan_iface != "none" -- name: No LAN configured - non-dnsmasq - set_fact: - named_enabled: True - dhcpd_enabled: False - dhcp_service2: "dhcpd disabled" - when: not dnsmasq_enabled and iiab_network_mode == "Appliance" +#- name: No LAN configured - non-dnsmasq +# set_fact: +# named_enabled: True +# dhcpd_enabled: False +# dhcp_service2: "dhcpd disabled" +# when: not dnsmasq_enabled and iiab_network_mode == "Appliance" -- name: LAN configured - non-dnsmasq - set_fact: - named_enabled: True - dhcpd_enabled: True - dhcp_service2: "dhcpd" - when: not dnsmasq_enabled and iiab_network_mode != "Appliance" +#- name: LAN configured - non-dnsmasq +# set_fact: +# named_enabled: True +# dhcpd_enabled: True +# dhcp_service2: "dhcpd" +# when: not dnsmasq_enabled and iiab_network_mode != "Appliance" -- name: LAN configured - dnsmasq - set_fact: - named_enabled: False - dhcpd_enabled: False - dnsmasq_enabled: True - dhcp_service2: "dnsmasq" - when: dnsmasq_install and iiab_network_mode != "Appliance" +#- name: LAN configured - dnsmasq +# set_fact: +# named_enabled: False +# dhcpd_enabled: False +# dnsmasq_enabled: True +# dhcp_service2: "dnsmasq" +# when: dnsmasq_install and iiab_network_mode != "Appliance" -- name: LAN not configured - dnsmasq - set_fact: - named_enabled: False - dhcpd_enabled: False - dnsmasq_enabled: True - dhcp_service2: "dnsmasq" - when: dnsmasq_install and iiab_network_mode == "Appliance" +#- name: LAN not configured - dnsmasq +# set_fact: +# named_enabled: False +# dhcpd_enabled: False +# dnsmasq_enabled: True +# dhcp_service2: "dnsmasq" +# when: dnsmasq_install and iiab_network_mode == "Appliance" - name: Add 'network' variable values (from computed_services.yml) to {{ iiab_ini_file }} ini_file: @@ -71,12 +71,12 @@ # value: "{{ wondershaper_enabled }}" - option: iiab_network_mode_applied value: "{{ iiab_network_mode }}" - - option: dhcpd_enabled - value: "{{ dhcpd_enabled }}" - - option: dhcp_service2 - value: "{{ dhcp_service2 }}" - - option: named_enabled - value: "{{ named_enabled }}" +# - option: dhcpd_enabled +# value: "{{ dhcpd_enabled }}" +# - option: dhcp_service2 +# value: "{{ dhcp_service2 }}" +# - option: named_enabled +# value: "{{ named_enabled }}" - option: dnsmasq_enabled value: "{{ dnsmasq_enabled }}" - option: no_net_restart @@ -89,7 +89,7 @@ value: "{{ host_wifi_mode }}" - option: host_channel value: "{{ host_channel }}" - + - name: Add 'network' variable 'current_client_channel' value if defined, to {{ iiab_ini_file }} ini_file: dest: "{{ iiab_ini_file }}" diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml index 74ca452c7..52982af42 100644 --- a/roles/network/tasks/debian.yml +++ b/roles/network/tasks/debian.yml @@ -62,7 +62,7 @@ regexp: "{{ iiab_wan_iface }}" when: wan_ip != "dhcp" and iiab_wan_iface != "none" and is_debian and not is_debian_8 -- include_tasks: down-debian.yml +#- include_tasks: down-debian.yml - name: Reload systemd systemd: diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml index bc37a341b..e04ae0e20 100644 --- a/roles/network/tasks/detected_network.yml +++ b/roles/network/tasks/detected_network.yml @@ -1,3 +1,13 @@ +# Similar code block in roles/vnstat/tasks/install.yml +- name: Do we have a gateway? If 'ip route' specifies a default route, Ansible parses details here... + debug: + var: ansible_default_ipv4 + +- name: "If above ansible_default_ipv4.gateway is defined, set WAN candidate 'discovered_wan_iface: {{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias" + set_fact: + discovered_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + # so this works - name: Interface count shell: ls /sys/class/net | grep -v {{ virtual_network_devices }} | wc | awk '{print $1}' @@ -26,25 +36,22 @@ device_gw: "{{ discovered_wan_iface }}" when: ansible_default_ipv4.gateway is defined -- name: Figure out netplan file name - shell: ls /etc/netplan - register: netplan - ignore_errors: True # pre 17.10 doesn't use netplan - when: is_ubuntu +# 2022-07-22: Moved to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) +# - name: Figure out netplan file name +# shell: ls /etc/netplan +# register: netplan +# ignore_errors: True # pre 17.10 doesn't use netplan +# when: is_ubuntu - name: Setting dhcpcd_test results set_fact: dhcpcd_result: "{{ ansible_local.local_facts.dhcpcd }}" -- name: Setting systemd_networkd results +# 2022-07-22: Copied to netplan.yml (REMOVE DUPLICATE CODE LATER?!) +- name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms" set_fact: systemd_networkd_active: True - when: 'ansible_local.local_facts.systemd_networkd == "enabled"' - -- name: Setting systemd_networkd-2 results - set_fact: - systemd_networkd_active: True - when: 'ansible_local.local_facts.systemd_networkd == "enabled-runtime"' + when: ansible_local.local_facts.systemd_networkd == "enabled" or ansible_local.local_facts.systemd_networkd == "enabled-runtime" - name: Setting network_manager results set_fact: @@ -101,12 +108,31 @@ set_fact: num_wifi_interfaces: "{{ count_wifi_interfaces.stdout|int }}" +- block: + - name: Run 'iw list' to check for Access Point capability -- if discovered_wireless_iface ({{ discovered_wireless_iface }}) != "none" + # shell: iw list | grep -v AP: | grep AP | wc -l # False positives 'EAP' etc + shell: iw list | grep '^[[:space:]]*\* AP$' # If grep doesn't find the regex, it returns 1 (hence 'ignore_errors: yes' 9 lines below) + register: look_for_ap + when: discovered_wireless_iface != "none" # Line not nec (but can't hurt?) + # failed_when: False # Hides red errors and is too strong (renders useless the look_for_ap.failed test below!) + + rescue: # Force another red error msg (to explain) then proceed + - name: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + fail: + msg: WiFi chipset/firmware NOT CAPABLE of AP Mode (details above) + ignore_errors: yes + +- name: "Set 'can_be_ap: True' if 'iw list' output contains suitable '* AP'" + set_fact: + can_be_ap: True + when: look_for_ap.failed is defined and not look_for_ap.failed + - name: Detect wifi gateway active shell: ip r | grep default | grep {{ discovered_wireless_iface }} | wc -l register: wifi_gateway_found when: discovered_wireless_iface != "none" -- name: Set has_wifi_gateway if WiFi has default gateway detected for {{ discovered_wireless_iface }} +- name: "Set 'has_wifi_gateway: True' if WiFi has default gateway detected for discovered_wireless_iface ({{ discovered_wireless_iface }}) -- otherwise leave it undefined" set_fact: has_wifi_gateway: True when: discovered_wireless_iface != "none" and (wifi_gateway_found.stdout|int > 0) @@ -116,6 +142,11 @@ register: second_gateway_found changed_when: False +- name: If multiple secondary gateways are detected, fail intentionally and explain + fail: + msg: "IIAB currently DOES NOT SUPPORT multiple secondary gateways: {{ second_gateway_found.stdout }}" + when: second_gateway_found.stdout_lines is defined and second_gateway_found.stdout_lines | length > 1 + - name: Set exclude_devices if default gateway has been detected for {{ second_gateway_found.stdout }} set_fact: exclude_devices: "{{ second_gateway_found.stdout }}" @@ -165,7 +196,7 @@ with_items: - "{{ lan_list_result.stdout_lines }}" -- name: Set iiab_wireless_lan_iface to {{ discovered_wireless_iface }} if not none +- name: Set iiab_wireless_lan_iface to discovered_wireless_iface ({{ discovered_wireless_iface }}) if not none set_fact: iiab_wireless_lan_iface: "{{ discovered_wireless_iface }}" when: discovered_wireless_iface != "none" and not wifi_up_down @@ -260,6 +291,8 @@ value: "{{ iiab_lan_iface }}" - option: iiab_wan_iface value: "{{ iiab_wan_iface }}" + - option: can_be_ap + value: "{{ can_be_ap }}" # well if there ever was a point to tell the user things are FUBAR this is it. # limit 2 network adapters wifi wired diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml.unused similarity index 100% rename from roles/network/tasks/dhcpd.yml rename to roles/network/tasks/dhcpd.yml.unused diff --git a/roles/network/tasks/down-debian.yml b/roles/network/tasks/down-debian.yml.unused similarity index 100% rename from roles/network/tasks/down-debian.yml rename to roles/network/tasks/down-debian.yml.unused diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml index d87f9ab36..4566c00bb 100644 --- a/roles/network/tasks/enable_services.yml +++ b/roles/network/tasks/enable_services.yml @@ -1,70 +1,72 @@ -- name: Disable dhcpd service - service: - name: dhcpd - enabled: no - when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled +#- name: Disable dhcpd service +# service: +# name: dhcpd +# enabled: no +# when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled # service is restarted with NM dispatcher.d script -- name: Enable dhcpd service - service: - name: dhcpd - enabled: yes - when: dhcpd_install and dhcpd_enabled +#- name: Enable dhcpd service +# service: +# name: dhcpd +# enabled: yes +# when: dhcpd_install and dhcpd_enabled -- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" +#- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates (root:root, 0644 by default) +# template: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" +# # owner: root + # group: root + # mode: "{{ item.mode }}" +# with_items: +# - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' } +# - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' } +# when: dhcpd_install and dhcpd_enabled + +#- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default) +# template: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" # owner: root # group: root # mode: "{{ item.mode }}" - with_items: - - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd' } - - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf' } - when: dhcpd_install and dhcpd_enabled +# with_items: +# - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } +# - { src: 'named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db' } +# - { src: 'named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db' } +# when: named_install and named_enabled -- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab (root:root, 0644 by default) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - # owner: root - # group: root - # mode: "{{ item.mode }}" - with_items: - - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf' } - - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/' } - - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/' } - when: named_install and named_enabled +#- name: Enable named service ({{ dns_service }}) if named_enabled +# systemd: +# name: "{{ dns_service }}" +# enabled: yes +# when: named_install and named_enabled -- name: Enable named service ({{ dns_service }}) if named_enabled - systemd: - name: "{{ dns_service }}" - enabled: yes - when: named_install and named_enabled - -- name: Disable named service ({{ dns_service }}) if not named_enabled - systemd: - name: "{{ dns_service }}" - enabled: no - when: (named_install or named_installed is defined) and not named_enabled +#- name: Disable named service ({{ dns_service }}) if not named_enabled +# systemd: +# name: "{{ dns_service }}" +# enabled: no +# when: (named_install or named_installed is defined) and not named_enabled - name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance template: src: network/dnsmasq.conf.j2 dest: /etc/dnsmasq.d/iiab.conf - when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") + when: iiab_network_mode != "Appliance" +# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Install /etc/hosts.dnsmasq from template for /etc/dnsmasq.d/iiab.conf (instead of using /etc/hosts) template: src: network/hosts-dnsmasq.j2 dest: /etc/hosts.dnsmasq - when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") + when: iiab_network_mode != "Appliance" +# when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance") - name: Update /etc/dnsmasq.d/dnsmasq-iiab for custom dns setting template: src: network/dnsmasq-iiab dest: /etc/dnsmasq.d/dnsmasq-iiab - when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? +# when: dnsmasq_install # 2020-05-10: Are all these dnsmasq_install conditions really still necessary ? ## Another way to skin the cat ##- name: Check if systemd service networkd-dispatcher is enabled @@ -93,6 +95,8 @@ #- debug: # var: nd_dir +# networkd-dispatcher not enabled for is_linuxmint https://github.com/iiab/iiab/issues/3278 +# might need the same dispatcher treatment using networkmanager-dispatcher to bring up dnsmasq or look at dnsmasq-iiab - name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04 or later) (root:root by default) template: src: roles/network/templates/network/dnsmasq.sh.j2 @@ -100,27 +104,28 @@ mode: 0755 # owner: root # group: root - when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") + when: nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") +# when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance") #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance") -- name: Remove /etc/dnsmasq.d/iiab.conf, when not dnsmasq_enabled or is Appliance +- name: Remove /etc/dnsmasq.d/iiab.conf, when is Appliance file: path: /etc/dnsmasq.d/iiab.conf state: absent - when: (not dnsmasq_enabled) or (iiab_network_mode == "Appliance") + when: iiab_network_mode == "Appliance" - name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled systemd: name: iiab-dnsmasq enabled: yes - when: dnsmasq_install and dnsmasq_enabled + when: dnsmasq_enabled - name: Disable iiab-dnsmasq, if not dnsmasq_enabled systemd: name: iiab-dnsmasq enabled: no - when: dnsmasq_install and not dnsmasq_enabled + when: not dnsmasq_enabled # - name: Enable DansGuardian systemd service, if dansguardian_enabled # systemd: @@ -139,13 +144,13 @@ path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=True' - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled - name: Enable systemd service '{{ proxy }}' - if squid_install and squid_enabled systemd: name: "{{ proxy }}" # squid (or 'squid3' on vars/debian-8.yml, vars/raspbian-8.yml) enabled: yes - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled - name: Install /etc/{{ proxy }}/squid.conf from template (root:root, 0644 by default) - and create a timestamped backup of the original - if squid_install and squid_enabled template: @@ -154,7 +159,7 @@ # owner: "{{ proxy_user }}" # proxy (or 'squid' on vars/centos-7.yml, vars/fedora-18.yml, vars/fedora-12.yml) # group: "{{ proxy_user }}" backup: yes - when: squid_install and squid_enabled + when: squid_installed is defined and squid_enabled # - name: Point /etc/init.d/{{ proxy }} to /etc/{{ proxy }}/squid-iiab.conf - if squid_install and squid_enabled # lineinfile: @@ -167,14 +172,14 @@ systemd: name: "{{ proxy }}" enabled: no - when: (squid_install or squid_installed is defined) and not squid_enabled + when: squid_installed is defined and not squid_enabled - name: Revert {{ iiab_env_file }} to 'HTTPCACHE_ON=False' - if squid_install and not squid_enabled lineinfile: path: "{{ iiab_env_file }}" regexp: '^HTTPCACHE_ON=*' line: 'HTTPCACHE_ON=False' - when: squid_install and not squid_enabled + when: squid_installed is defined and not squid_enabled # - name: Enable Wondershaper service, if wondershaper_enabled # systemd: @@ -197,17 +202,6 @@ # group: root mode: 0755 -- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) - template: - src: "{{ item }}" - dest: /usr/bin/ - # owner: root - # group: root - mode: 0755 - with_items: - - gateway/iiab-internet-on - - gateway/iiab-internet-off - - name: Add 'squid' variable values to {{ iiab_ini_file }} - if squid_installed is defined ini_file: diff --git a/roles/network/tasks/hostapd.yml b/roles/network/tasks/hostapd.yml index 33e0a6468..99fb6cf41 100644 --- a/roles/network/tasks/hostapd.yml +++ b/roles/network/tasks/hostapd.yml @@ -1,13 +1,13 @@ -- name: Unmask the Access Point 'hostapd' service +- name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present or support not detected + set_fact: + hostapd_enabled: False + when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" or not can_be_ap + +- name: Disable the Access Point 'hostapd' service systemd: name: hostapd enabled: no - masked: no - -- name: Disable hostapd when not using ap0 and wifi gateway present, or no WiFi hardware present - set_fact: - hostapd_enabled: False - when: (not wifi_up_down and discovered_wireless_iface == iiab_wan_iface) or discovered_wireless_iface == "none" + when: not hostapd_enabled - name: Detect current Wifi channel shell: iw {{ discovered_wireless_iface }} info | grep channel | cut -d' ' -f2 @@ -19,25 +19,15 @@ host_channel: "{{ current_client_channel.stdout }}" when: current_client_channel.stdout is defined and current_client_channel.stdout != "" and current_client_channel.stdout|int <= 13 -- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template - template: - owner: root - group: root - mode: 0644 - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } - - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } - when: discovered_wireless_iface != "none" - - name: Generate new random mac address for ap0 shell: tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/' register: ap0_mac + when: can_be_ap - name: Setting ap0 mac address for use in hostapd service file set_fact: ap0_mac_addr: "{{ ap0_mac.stdout }}" + when: can_be_ap - name: "Use custom 'hostapd' systemd service unit file using ap0 -- install from template: /etc/systemd/system/hostapd.service, /etc/systemd/system/iiab-clone-wifi.service, /etc/systemd/system/iiab-wifi-test.service, /usr/sbin/iiab-test-wifi" template: @@ -51,7 +41,7 @@ - { src: 'hostapd/iiab-clone-wifi.service.j2', dest: '/etc/systemd/system/iiab-clone-wifi.service', mode: '0644' } - { src: 'hostapd/iiab-wifi-test.service.j2', dest: '/etc/systemd/system/iiab-wifi-test.service', mode: '0644'} - { src: 'hostapd/iiab-test-wifi.j2', dest: '/usr/sbin/iiab-test-wifi', mode: '0755' } - when: discovered_wireless_iface != "none" + when: can_be_ap - name: Use custom 'hostapd' systemd service unit file for {{ discovered_wireless_iface }} when not wifi_up_down template: @@ -60,23 +50,10 @@ owner: root group: root mode: 0644 - when: discovered_wireless_iface != "none" and not wifi_up_down + when: not wifi_up_down and can_be_ap -- name: Create /usr/bin/iiab-hotspot-on from template - template: - src: network/iiab-hotspot-on - dest: /usr/bin/iiab-hotspot-on - owner: root - group: root - mode: 0755 - -- name: Create /usr/bin/iiab-hotspot-off from template - template: - src: network/iiab-hotspot-off - dest: /usr/bin/iiab-hotspot-off - owner: root - group: root - mode: 0755 +# 2022-07-11: Install of iiab-hotspot-on|off moved to network/tasks/main.yml +# as required for Admin Console - name: Create dhcpcd hook for hostapd and ap0 when wifi_up_down True template: @@ -143,7 +120,7 @@ systemd: name: "{{ item }}" enabled: no - daemon_reload: yes + daemon_reload: yes with_items: - iiab-clone-wifi.service - iiab-wifi-test.service diff --git a/roles/2-common/tasks/network.yml b/roles/network/tasks/install.yml similarity index 62% rename from roles/2-common/tasks/network.yml rename to roles/network/tasks/install.yml index c043a0bc3..8ac1b8cc6 100644 --- a/roles/2-common/tasks/network.yml +++ b/roles/network/tasks/install.yml @@ -1,10 +1,13 @@ # 2022-03-16: 'apt show | grep Size' revealed download sizes, on 64-bit RasPiOS with desktop. -- name: Install package networkd-dispatcher (OS's other than RaspiOS) +- name: Install dnsmasq -- configure LATER in 'network', after Stage 9 + include_tasks: roles/network/tasks/dnsmasq.yml # Invoked by 1-prep (so full path needed) + +- name: Install package networkd-dispatcher (OS's other than RasPiOS and Linux Mint) package: name: networkd-dispatcher # 15kB download: Dispatcher service for systemd-networkd connection status changes state: present - when: not is_raspbian + when: not is_raspbian or not is_linuxmint # 2021-07-27 from @jvonau: 3 apt packages BELOW (iw, rfkill, wireless-tools) # are provided by RasPiOS. Ubuntu|Debian on the other hand are hit or miss: @@ -16,19 +19,19 @@ # total download size) and they can help IIAB field operators with BOTH # (1) internal WiFi AND (2) USB WiFi devices inserted anytime/later. -- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wpasupplicant, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' +- name: 'Install 11 network packages: avahi-daemon, hostapd, iproute2, iptables-persistent, iw, libnss-mdns, netmask, net-tools, rfkill, wireless-tools, wpasupplicant -- later used by https://github.com/iiab/iiab/tree/master/roles/network' package: name: - - avahi-daemon # 97kB download: RaspiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml + - avahi-daemon # 97kB download: RasPiOS (and package libnss-mnds, below) install this regardless -- holdover from the XO days and used to advertise ssh/admin-console being available via avahi-daemon -- used with https://github.com/iiab/iiab/blob/master/roles/network/tasks/avahi.yml #- avahi-discover # 46kB download: 2021-07-27: Commented out long ago - hostapd # 764kB download: IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator -- has its service masked out of the box, and only used when IIAB's network roles detects the presence of WiFi and an AP is desired #- inetutils-syslogd # 240kB download: 2021-07-27: Error logging facility -- holdover from the XO days, journalctl has replaced this in newer distros - - iproute2 # 902kB download: RaspiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools + - iproute2 # 902kB download: RasPiOS installs this regardless -- the new networking and traffic control tools, meant to replace net-tools - iptables-persistent # 12kB download: Boot-time loader for netfilter rules, iptables (firewall) plugin -- however Netfilter / nftables is ever moving forward so keep an eye on it! - iw # 97kB download: RasPiOS installs this regardless -- configure Linux wireless devices -- hard dependence for ap0 creation, SEE https://github.com/iiab/iiab/blob/master/roles/network/templates/hostapd/iiab-clone-wifi.service.j2 - - libnss-mdns # 27kB download: RaspiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi + - libnss-mdns # 27kB download: RasPiOS (and package avahi-daemon, above) install this regardless -- client-side library -- provides name resolution via mDNS (Multicast DNS) using Zeroconf/Bonjour e.g. Avahi - netmask # 25kB download: Handy utility -- helps determine network masks - - net-tools # 248kB download: RaspiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? + - net-tools # 248kB download: RasPiOS installs this regardless -- @jvonau suggests possibly deleting this...unless oldtimers really want these older commands in iiab-diagnostics output? - rfkill # 87kB download: RasPiOS installs this regardless -- enable & disable wireless devices - wireless-tools # 112kB download: RasPiOS installs this regardless -- manipulate Linux Wireless Extensions - wpasupplicant # 1188kB download: RasPiOS installs this regardless -- client library for connections to a WiFi AP @@ -42,9 +45,17 @@ # dest: /etc/network/if-pre-up.d/iptables # mode: '0755' +- name: Unmask the Access Point 'hostapd' service + systemd: + name: hostapd + enabled: no + masked: no + +- name: Install Avahi (mDNS, Zeroconf/Bonjour) + include_tasks: roles/network/tasks/avahi.yml # Invoked by 1-prep (so full path needed) # Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: "Use 'sysctl' to set 'kernel.core_uses_pid: 1' + 4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" +- name: "4 network settings in /etc/sysctl.conf -- e.g. disabling IPv6 (this might be overkill, as IPv6 should really only be disabled on the LAN side, i.e. br0)" sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot name: "{{ item.name }}" value: "{{ item.value }}" @@ -52,10 +63,55 @@ - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE + + +# UNUSED +#- name: Install named / BIND +# include_tasks: roles/network/tasks/named.yml +# when: named_install is defined and named_install + +# UNUSED +#- name: Install dhcpd +# include_tasks: roles/network/tasks/dhcpd.yml +# when: dhcpd_install is defined and dhcpd_install + +# LESS MAINTAINED +- name: Install Squid + include_tasks: roles/network/tasks/squid.yml # Invoked by 1-prep (so full path needed) + when: squid_install and squid_installed is undefined + + #preprep for backends +- name: Netplan in use on Ubuntu 18.04+ + include_tasks: roles/network/tasks/netplan.yml # Invoked by 1-prep (so full path needed) + when: is_ubuntu + +# all installs + +- name: Install /usr/bin/iiab-internet-on|off from template (root:root by default) + template: + src: "{{ item }}" + dest: /usr/bin/ + mode: 0755 + with_items: + - roles/network/templates/gateway/iiab-internet-on # Invoked by 1-prep (so full path needed) + - roles/network/templates/gateway/iiab-internet-off # Invoked by 1-prep (so full path needed) + +- name: 'Install /usr/local/sbin/netwarn for pop-ups on boot, if iiab-network should be run' + include_tasks: roles/network/tasks/netwarn.yml # Invoked by 1-prep (so full path needed) + + +# RECORD Network AS INSTALLED + +- name: "Set 'network_installed: True'" + set_fact: + network_installed: True + +- name: "Add 'network_installed: True' to {{ iiab_state_file }}" + lineinfile: + path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + regexp: '^network_installed' + line: 'network_installed: True' diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml index d849cebaf..67f9d28e7 100644 --- a/roles/network/tasks/main.yml +++ b/roles/network/tasks/main.yml @@ -21,59 +21,85 @@ - name: computed_network include_tasks: computed_network.yml -# - name: Configure wondershaper -# include_tasks: wondershaper.yml -# when: wondershaper_install or wondershaper_installed is defined +# 2022-07-22: @jvonau asks for this to be (1) BELOW computed_network.yml +# (what goes into iiab-hotspot-on|off depends on can_be_ap and wifi_up_down) +# AND (2) ABOVE install.yml for some reason? REQUIREMENT: Admin Console reads +# iiab_network_mode from /etc/iiab/iiab.ini + uses /usr/bin/iiab-hotspot-on|off +- name: Install /usr/bin/iiab-hotspot-on|off from template (root:root by default) + template: + src: "{{ item }}" + dest: /usr/bin/ + mode: 0755 + with_items: + - hostapd/iiab-hotspot-on + - hostapd/iiab-hotspot-off -- name: (Re)Install named - include_tasks: named.yml - when: named_install and FQDN_changed and iiab_stage|int == 9 +- name: Install network packages (including many WiFi tools, and also iptables-persistent for firewall) + include_tasks: install.yml + when: network_install and network_installed is undefined -- name: (Re)Install dhcpd - include_tasks: dhcpd.yml - when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -- name: (Re)Install Squid - include_tasks: squid.yml - when: squid_install and FQDN_changed and iiab_stage|int == 9 +- name: Configuring Network if enabled + block: -#preprep for backends -- name: Netplan in use on Ubuntu 18.04+ - include_tasks: netplan.yml - when: is_ubuntu and not is_ubuntu_16 + # DEPRECATED + #- name: Configure wondershaper + # include_tasks: wondershaper.yml + # when: wondershaper_install or wondershaper_installed is defined + # + #- name: (Re)Install named + # include_tasks: named.yml + # when: named_install and FQDN_changed and iiab_stage|int == 9 + # + #- name: (Re)Install dhcpd + # include_tasks: dhcpd.yml + # when: dhcpd_install and FQDN_changed and iiab_stage|int == 9 -#### Start services -- name: avahi - include_tasks: avahi.yml -- name: hostapd - include_tasks: hostapd.yml -- name: computed_services - include_tasks: computed_services.yml -- name: enable_services - include_tasks: enable_services.yml -#### End services + # 2022-07-22: Is './runrole --reinstall network' the new way to make this run? + #- name: (Re)Install Squid + # include_tasks: squid.yml + # when: squid_install and FQDN_changed and iiab_stage|int == 9 -#### Start network layout -#- name: Redhat networking -# include_tasks: ifcfg_mods.yml -# when: is_redhat + #### Start services + - name: hostapd + include_tasks: hostapd.yml + - name: computed_services + include_tasks: computed_services.yml + - name: enable_services + include_tasks: enable_services.yml + #### End services -- name: NetworkManager in use - include_tasks: NM-debian.yml - when: is_debuntu and network_manager_active + #### Start network layout + #- name: Redhat networking + # include_tasks: ifcfg_mods.yml + # when: is_redhat -- name: systemd-networkd in use - include_tasks: sysd-netd-debian.yml - when: is_debuntu and systemd_networkd_active + - name: NetworkManager in use + include_tasks: NM-debian.yml + when: is_debuntu and network_manager_active -- name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active - include_tasks: rpi_debian.yml - when: is_raspbian + - name: systemd-networkd in use + include_tasks: sysd-netd-debian.yml + when: is_debuntu and systemd_networkd_active -- name: Not RPi, Not NetworkManager, Not systemd-networkd in use - include_tasks: debian.yml - when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 -#### end network layout + - name: Raspbian uses dhcpcd only with no N-M or SYS-NETD active + include_tasks: rpi_debian.yml + when: is_raspbian -- name: Restart services - include_tasks: restart.yml + - name: Not RPi, Not NetworkManager, Not systemd-networkd in use + include_tasks: debian.yml + when: (not is_raspbian and not network_manager_active and not systemd_networkd_active and is_debuntu) or is_ubuntu_16 + #### end network layout + + - name: Restart services + include_tasks: restart.yml + + # end block + when: network_installed is defined and network_enabled + + +- name: Create {{ iiab_etc_path }}/install-flags/iiab-network-complete on second pass of network role. + file: + path: "{{ iiab_etc_path }}/install-flags/iiab-network-complete" + state: touch + when: iiab_stage|int == 9 diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml.unused similarity index 96% rename from roles/network/tasks/named.yml rename to roles/network/tasks/named.yml.unused index 9183242f9..0123ef03f 100644 --- a/roles/network/tasks/named.yml +++ b/roles/network/tasks/named.yml.unused @@ -58,8 +58,8 @@ - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly - - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } - - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.internal.zone.db.j2', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' } + - { src: 'roles/network/templates/named/school.local.zone.db.j2', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' } - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' } - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' } diff --git a/roles/network/tasks/netplan.yml b/roles/network/tasks/netplan.yml index 799af001d..8af6b807c 100644 --- a/roles/network/tasks/netplan.yml +++ b/roles/network/tasks/netplan.yml @@ -1,3 +1,22 @@ +# 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) +- name: Figure out netplan file name + shell: ls /etc/netplan + register: netplan + #ignore_errors: True # pre 17.10 doesn't use netplan + +# 2022-07-23: PR #3319 "Ubuntu variants [all] use NetworkManager as the backend +# for use with netplan and ship with systemd-networkd present but disabled" +- name: "Force default 'systemd_networkd_active: False' -- nec b/c network/default/main.yml is omitted when 1-prep directly invokes network/tasks/install.yml" + set_fact: + systemd_networkd_active: False + +# 2022-07-22: Copied from detected_network.yml (REMOVE DUPLICATE CODE LATER?!) +- name: "Set 'systemd_networkd_active: True' if local_facts.systemd_networkd confirms" + set_fact: + systemd_networkd_active: True + when: ansible_local.local_facts.systemd_networkd == "enabled" or ansible_local.local_facts.systemd_networkd == "enabled-runtime" + + - name: Disable cloud-init the easy way shell: touch /etc/cloud/cloud-init.disabled when: item|trim == "50-cloud-init.yaml" @@ -59,14 +78,22 @@ with_items: - "{{ netplan.stdout_lines }}" -- name: Replace networkd-dispatcher #2585 for "groovy" - get_url: - url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher - dest: /usr/bin/networkd-dispatcher - timeout: "{{ download_timeout }}" - when: internet_available and fix_dispatcher and ansible_distribution_release == "groovy" - # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later - # should have the fix baked into a newer apt package installed by default. +# 2022-06-30: Ubuntu Groovy (20.10) is ancient history but this code might now +# help Linux Mint ? +# +# 2022-05-29: @jvonau wrote on #3106 "networkd-dispatcher has a traceback, +# I suspect the cause is the same as found #2645, need to confirm the package +# version installed with apt list networkd-dispatcher before suggesting the +# workaround be extended to LinuxMint" +# +# - name: Replace networkd-dispatcher #2585 for "groovy" +# get_url: +# url: https://gitlab.com/craftyguy/networkd-dispatcher/-/raw/2.1/networkd-dispatcher +# dest: /usr/bin/networkd-dispatcher +# timeout: "{{ download_timeout }}" +# when: iiab_stage|int < 9 and fix_dispatcher and ansible_distribution_release == "groovy" +# # 2021-08-29 context from @jvonau: Fix is 'Groovy' specific, 21.04 and later +# # should have the fix baked into a newer apt package installed by default. #- name: Supply netplan template # template: diff --git a/roles/network/tasks/netwarn.yml b/roles/network/tasks/netwarn.yml new file mode 100644 index 000000000..c1f687e28 --- /dev/null +++ b/roles/network/tasks/netwarn.yml @@ -0,0 +1,47 @@ +# 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords +# AND roles/www_options/tasks/main.yml FOR browser + +# 2022-07-22: An /etc/profile.d/ version like /etc/local/sbin/netwarn but for +# ssh sessions (across all OS's/distros/window managers) might also make sense? + + +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? + stat: + path: /etc/xdg/lxsession/LXDE-pi/autostart + register: lxde_pi_autostart_present + +- name: If so, add /usr/local/sbin/netwarn to /etc/xdg/lxsession/LXDE-pi/autostart + lineinfile: + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/local/sbin/netwarn$' + line: '/usr/local/sbin/netwarn' + when: lxde_pi_autostart_present.stat.exists + + +# mate desktop detection based on 'register: nd_dir' in enable_services +- name: Does /usr/share/mate/autostart/ exist? + stat: + path: /usr/share/mate/autostart/ + register: mate_dir + +# contents work with mate as of 'switch to using dash via sh' +# 'text' is up for debate other structural changes I do not recommend JV + +- name: 'Install from template: /usr/share/mate/autostart/netwarn-iiab-network.desktop' + template: + src: roles/network/templates/netwarn/netwarn-iiab-network.desktop # Invoked by 1-prep (so full path needed) + dest: /usr/share/mate/autostart/ + when: mate_dir.stat.exists and mate_dir.stat.isdir + + +# 2022-07-21: Is autostart pop-up logic for Mint & stock Ubuntu much the same? + +# (Let's insert those here if so, and refine the 'when:' line below.) + + +- name: 'If a supported graphical OS is detected, install from template: /usr/local/sbin/netwarn' + template: + src: roles/network/templates/netwarn/netwarn # Invoked by 1-prep (so full path needed) + dest: /usr/local/sbin/ + mode: 0755 + when: lxde_pi_autostart_present or (mate_dir.stat.exists and mate_dir.stat.isdir) diff --git a/roles/network/tasks/restart.yml b/roles/network/tasks/restart.yml index d286e987c..1576a2af3 100644 --- a/roles/network/tasks/restart.yml +++ b/roles/network/tasks/restart.yml @@ -1,3 +1,11 @@ +# 2022-07-22: Moved from detected_network.yml to netplan.yml AND restart.yml (REMOVE DUPLICATE CODE LATER?!) +# - name: Figure out netplan file name +# shell: ls /etc/netplan +# register: netplan +# #ignore_errors: True # pre 17.10 doesn't use netplan +# when: is_ubuntu + + - name: Restart wpa_supplicant service systemd: name: "{{ item }}" @@ -6,15 +14,38 @@ - wpa_supplicant when: wifi_up_down and hostapd_enabled -- name: Reload netplan for Wifi gateway on Ubuntu 18+ - shell: netplan apply - when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 +- name: Create /etc/hostapd/hostapd.conf and backup .iiab from template if needed + template: + owner: root + group: root + mode: 0644 + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf' } + - { src: 'hostapd/hostapd.conf.j2', dest: '/etc/hostapd/hostapd.conf.iiab' } + when: can_be_ap -- name: Start named service +- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False systemd: - name: "{{ dns_service }}" + name: hostapd state: restarted - when: named_enabled and named_install + daemon_reload: yes + when: hostapd_enabled and (wifi_up_down or not no_net_restart) + +# 2022-07-22: @jvonau suggests commenting this out as: "we really don't touch +# any of the config files... netplan.yml renames one file if it's a container +# build like on MATE, could possibly skip netplan.yml in future or toss that in +# the mix now and see what shakes up" [ok, but keep netplan.yml as is for now] +# - name: Reload netplan for Wifi gateway on Ubuntu 18+ +# shell: netplan apply +# when: wifi_up_down and is_ubuntu and netplan.stdout.find("yaml") != -1 + +#- name: Start named service +# systemd: +# name: "{{ dns_service }}" +# state: restarted +# when: named_enabled and named_install - name: Stop Squid service systemd: @@ -79,11 +110,13 @@ #both interfaces.d and systemd-networkd should have br0 available and Appliance lacks br0 #keep an eye on legacy wifi installs where br0 is present but not 'online' with an ip address #due to hostapd didn't go to a carrier state. All others should get dnsmasq restarted -- name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} +#- name: User choice of dnsmasq or dhcpd - restarting {{ dhcp_service2 }} +- name: Restarting dnsmasq systemd: - name: "{{ dhcp_service2 }}" + name: dnsmasq state: restarted - when: (not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9) + when: dnsmasq_enabled and ((not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9)) +# when: (not no_net_restart or (is_ubuntu and wifi_up_down)) or (iiab_stage|int == 9) #when: (not no_net_restart or (is_ubuntu_20 and wifi_up_down)) or (iiab_stage|int == 9) #when: (not no_net_restart or (is_ubuntu_20 and wifi_up_down)) #when: (iiab_network_mode != "Appliance") # Sufficient b/c br0 exists thanks to /etc/network/interfaces.d/iiab diff --git a/roles/network/tasks/rpi_debian.yml b/roles/network/tasks/rpi_debian.yml index 1887a7d15..4d672ad0b 100644 --- a/roles/network/tasks/rpi_debian.yml +++ b/roles/network/tasks/rpi_debian.yml @@ -21,16 +21,21 @@ src: network/dhcpcd.conf.j2 - name: New Raspbian requires country code -- check for it - shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf + shell: grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}' register: country_code ignore_errors: True +- name: Set country code for hostapd to value found in /etc/wpa_supplicant/wpa_supplicant.conf + set_fact: + host_country_code: "{{ country_code.stdout }}" + when: country_code is defined and country_code.stdout | length > 0 + - name: Put country code ({{ host_country_code }}) in /etc/wpa_supplicant/wpa_supplicant.conf if nec - lineinfile: + lineinfile: path: /etc/wpa_supplicant/wpa_supplicant.conf regexp: "^country.*" line: country={{ host_country_code }} - when: country_code is defined and country_code.stdout == "" + when: country_code is defined and country_code.stdout | length == 0 - name: Enable the WiFi with rfkill shell: rfkill unblock 0 @@ -49,8 +54,8 @@ src: network/dnsmasq-iiab when: iiab_lan_iface == "br0" -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml - name: Reload systemd systemd: @@ -60,9 +65,7 @@ systemd: name: iiab-clone-wifi state: started - when: discovered_wireless_iface != "none" - # Whereas sysd-netd-debian.yml uses... - # when: wifi_up_down and discovered_wireless_iface != "none" + when: wifi_up_down and discovered_wireless_iface != "none" - name: Restart the networking service if appropriate systemd: @@ -71,12 +74,6 @@ state: restarted when: iiab_wired_lan_iface is defined -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False - systemd: - name: hostapd - state: restarted - when: hostapd_enabled and (wifi_up_down or not no_net_restart) - #- name: Stop wpa_supplicant on Raspbian # shell: killall wpa_supplicant diff --git a/roles/network/tasks/sysd-netd-debian.yml b/roles/network/tasks/sysd-netd-debian.yml index 4b3048256..35aa0b6b0 100644 --- a/roles/network/tasks/sysd-netd-debian.yml +++ b/roles/network/tasks/sysd-netd-debian.yml @@ -44,8 +44,8 @@ #when: wan_ip != "dhcp" and not is_ubuntu_18 -- name: Stopping services - include_tasks: down-debian.yml +#- name: Stopping services +# include_tasks: down-debian.yml - name: Reload systemd systemd: @@ -64,15 +64,17 @@ enabled: yes masked: no -- name: Enable & Restart networkd-dispatcher.service +- name: Enable & Restart systemd-resolved.service + systemd: + name: systemd-resolved + state: restarted + enabled: yes + masked: no + +- name: Enable & Restart networkd-dispatcher.service except for Linux Mint systemd: name: networkd-dispatcher state: restarted enabled: yes masked: no - -- name: Restart hostapd when WiFi is present but not when using WiFi as gateway with wifi_up_down False - systemd: - name: hostapd - state: restarted - when: hostapd_enabled and (wifi_up_down or not no_net_restart) + when: not is_linuxmint diff --git a/roles/network/templates/captive-portal/captive-portal.py.j2 b/roles/network/templates/captive-portal.unused/captive-portal.py.j2 similarity index 100% rename from roles/network/templates/captive-portal/captive-portal.py.j2 rename to roles/network/templates/captive-portal.unused/captive-portal.py.j2 diff --git a/roles/network/templates/dhcp/dhcpd-env.j2 b/roles/network/templates/dhcp.unused/dhcpd-env.j2 similarity index 100% rename from roles/network/templates/dhcp/dhcpd-env.j2 rename to roles/network/templates/dhcp.unused/dhcpd-env.j2 diff --git a/roles/network/templates/dhcp.unused/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp.unused/dhcpd-iiab.conf.j2 new file mode 100644 index 000000000..66cd3e706 --- /dev/null +++ b/roles/network/templates/dhcp.unused/dhcpd-iiab.conf.j2 @@ -0,0 +1,48 @@ +# +# School server 1 DHCP Server Configuration file. +# +ddns-update-style interim; +#ignore client-updates; + +option domain-name "{{ iiab_domain }}"; +option domain-name-servers {{ lan_ip }}; +option ntp-servers {{ lan_ip }}; + +{% if network_172 %} +subnet 172.18.96.0 netmask 255.255.224.0 { + {% if iiab_network_mode == "Gateway" %} + option routers {{ lan_ip }}; + {% endif %} + option subnet-mask 255.255.224.0; + option broadcast-address 172.18.127.255; + # Description of network allocations in old OLPC school server + # this is the whole range we have available - 8K addresses + # range 172.18.96.2 172.18.127.254; + # instead, we'll save 510 addresses for later. + range 172.18.96.2 172.18.125.254; + # the other /24s: + # -> 172.18.126.0/24 for static IP addresses + # for printers, AP management consoles, etc. + # -> 172.18.127.0/24 for temporary addresses for + # XO activation + + # As this subnet is wired or wifi a/b/g, these lease + # times are on the long side + default-lease-time 10800; + max-lease-time 21600; +} +{% else %} +subnet 10.10.10.0 netmask 255.255.255.0 { + {% if iiab_network_mode == "Gateway" %} + option routers {{ lan_ip }}; + {% endif %} + option subnet-mask 255.255.255.0; + option broadcast-address 10.10.10.255; + range 10.10.10.11 10.10.10.254; + + # As this subnet is wired or wifi a/b/g, these lease + # times are on the long side + default-lease-time 10800; + max-lease-time 21600; +} +{% endif %} diff --git a/roles/network/templates/dhcp/dhcpd.service b/roles/network/templates/dhcp.unused/dhcpd.service similarity index 100% rename from roles/network/templates/dhcp/dhcpd.service rename to roles/network/templates/dhcp.unused/dhcpd.service diff --git a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 b/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 deleted file mode 100644 index a3c844120..000000000 --- a/roles/network/templates/dhcp/dhcpd-iiab.conf.j2 +++ /dev/null @@ -1,31 +0,0 @@ -# -# School server 1 DHCP Server Configuration file. -# -ddns-update-style interim; -#ignore client-updates; - -option domain-name "{{ iiab_domain }}"; -option domain-name-servers 172.18.96.1; -option ntp-servers 172.18.96.1; - -subnet 172.18.96.0 netmask 255.255.224.0 { - {% if iiab_network_mode == "Gateway" %} - option routers 172.18.96.1; - {% endif %} - option subnet-mask 255.255.224.0; - option broadcast-address 172.18.127.255; - # this is the whole range we have available - 8K addresses - # range 172.18.96.2 172.18.127.254; - # instead, we'll save 510 addresses for later. - range 172.18.96.2 172.18.125.254; - # the other /24s: - # -> 172.18.126.0/24 for static IP addresses - # for printers, AP management consoles, etc. - # -> 172.18.127.0/24 for temporary addresses for - # XO activation - - # As this subnet is wired or wifi a/b/g, these lease - # times are on the long side - default-lease-time 10800; - max-lease-time 21600; -} diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 79a112b55..b11cd4fca 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -64,7 +64,7 @@ echo "iiab_gateway_enabled: $iiab_gateway_enabled" echo #network_mode=`grep iiab_network_mode_applied /etc/iiab/iiab.ini | gawk '{print $3}'` #echo -e "Network Mode: $network_mode\n" -lan_ip=$(iiab_var_value lan_ip) # 172.18.96.1 +lan_ip=$(iiab_var_value lan_ip) # e.g. 10.10.10.10 ports_externally_visible=$(iiab_var_value ports_externally_visible) gw_block_https=$(iiab_var_value gw_block_https) diff --git a/roles/network/templates/hostapd/50-hostapd b/roles/network/templates/hostapd/50-hostapd index 37a363b72..5b13b14b5 100644 --- a/roles/network/templates/hostapd/50-hostapd +++ b/roles/network/templates/hostapd/50-hostapd @@ -1,4 +1,14 @@ if [ "$interface" = "br0" ] && [ $if_up = "true" ]; then + WPA=$(grep country /etc/wpa_supplicant/wpa_supplicant.conf | awk -F = '{print $2}') + AP=$(grep country_code /etc/hostapd/hostapd.conf | awk -F = '{print $2}') + if ! [ "$WPA" = "$AP" ]; then + sed -i -e "s/^country_code.*/country_code=$WPA /" /etc/hostapd/hostapd.conf + echo "50-iiab set country_code $WPA" + syslog info "50-iiab set country_code $WPA" + echo "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED 50-iiab country_code" +# systemctl restart hostapd + fi syslog info "50-iiab IF_UP br0 restarting dnsmasq - kicking ap0" ip link set ap0 up systemctl --no-block restart dnsmasq @@ -10,8 +20,9 @@ if [ "$interface" = "wlan0" ]; then syslog info "50-iiab CARRIER change wlan0" # wpa_supplicant wants MHz for frequency= while hostapd wants channel..... whatever # FREQ=`iw wlan0 info|grep channel|cut -d' ' -f9` - FREQ=`iw wlan0 info|grep channel|cut -d' ' -f2` + FREQ=$(iw wlan0 info|grep channel|cut -d' ' -f2) FREQ2="" + for result in $FREQ; do echo "frequency is $result for carrier" if [ $result -lt 13 ]; then @@ -22,14 +33,14 @@ if [ "$interface" = "wlan0" ]; then done echo "Using $FREQ2 for carrier" syslog info "50-iiab set channel $FREQ2" - HOSTAPD=`grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}'` + HOSTAPD=$(grep channel /etc/hostapd/hostapd.conf | awk -F = '{print $2}') echo "Hostapd set for $HOSTAPD" if [ $FREQ2 -ne $HOSTAPD ] && [ ! -z $FREQ2 ]; then echo "Editing Hostapd for channel $FREQ2" cp /etc/hostapd/hostapd.conf.iiab /etc/hostapd/hostapd.conf sed -i -e "s/^channel.*/channel=$FREQ /" /etc/hostapd/hostapd.conf echo "THIS MACHINE SHOULD BE REBOOTED" - syslog info "THIS MACHINE SHOULD BE REBOOTED" + syslog info "THIS MACHINE SHOULD BE REBOOTED 50-iiab channel" # systemctl restart hostapd fi fi diff --git a/roles/network/templates/network/iiab-hotspot-off b/roles/network/templates/hostapd/iiab-hotspot-off similarity index 100% rename from roles/network/templates/network/iiab-hotspot-off rename to roles/network/templates/hostapd/iiab-hotspot-off diff --git a/roles/network/templates/network/iiab-hotspot-on b/roles/network/templates/hostapd/iiab-hotspot-on similarity index 81% rename from roles/network/templates/network/iiab-hotspot-on rename to roles/network/templates/hostapd/iiab-hotspot-on index d92cb5f21..41b5357a7 100755 --- a/roles/network/templates/network/iiab-hotspot-on +++ b/roles/network/templates/hostapd/iiab-hotspot-on @@ -1,4 +1,10 @@ #!/bin/bash +{% if not can_be_ap %} +echo -e "\nUH-OH: Your Wi-Fi firmware doesn't support AP mode, according to 'iw list'\n" +echo -e "If you add Wi-Fi hardware, run 'cd /opt/iiab/iiab' then 'sudo ./iiab-network'\n" +echo -e "For details, see: https://github.com/iiab/iiab/pull/3179\n" +exit 1 +{% else %} sed -i -e "s/^HOSTAPD_ENABLED.*/HOSTAPD_ENABLED=True/" {{ iiab_env_file }} {% if wifi_up_down %} systemctl enable iiab-clone-wifi.service @@ -38,3 +44,4 @@ exit 0 {% endif %} #wifi_up_down {% endif %} +{% endif %} diff --git a/roles/network/templates/named/bind9.service b/roles/network/templates/named.unused/bind9.service similarity index 100% rename from roles/network/templates/named/bind9.service rename to roles/network/templates/named.unused/bind9.service diff --git a/roles/network/templates/named/dns-jail.conf b/roles/network/templates/named.unused/dns-jail.conf similarity index 100% rename from roles/network/templates/named/dns-jail.conf rename to roles/network/templates/named.unused/dns-jail.conf diff --git a/roles/network/templates/named/dummy b/roles/network/templates/named.unused/dummy similarity index 100% rename from roles/network/templates/named/dummy rename to roles/network/templates/named.unused/dummy diff --git a/roles/network/templates/named/localdomain.zone b/roles/network/templates/named.unused/localdomain.zone similarity index 100% rename from roles/network/templates/named/localdomain.zone rename to roles/network/templates/named.unused/localdomain.zone diff --git a/roles/network/templates/named/localhost.zone b/roles/network/templates/named.unused/localhost.zone similarity index 100% rename from roles/network/templates/named/localhost.zone rename to roles/network/templates/named.unused/localhost.zone diff --git a/roles/network/templates/named/named b/roles/network/templates/named.unused/named similarity index 100% rename from roles/network/templates/named/named rename to roles/network/templates/named.unused/named diff --git a/roles/network/templates/named/named-iiab.conf.j2 b/roles/network/templates/named.unused/named-iiab.conf.j2 similarity index 100% rename from roles/network/templates/named/named-iiab.conf.j2 rename to roles/network/templates/named.unused/named-iiab.conf.j2 diff --git a/roles/network/templates/named/named.blackhole b/roles/network/templates/named.unused/named.blackhole similarity index 100% rename from roles/network/templates/named/named.blackhole rename to roles/network/templates/named.unused/named.blackhole diff --git a/roles/network/templates/named/named.broadcast b/roles/network/templates/named.unused/named.broadcast similarity index 100% rename from roles/network/templates/named/named.broadcast rename to roles/network/templates/named.unused/named.broadcast diff --git a/roles/network/templates/named/named.ip6.local b/roles/network/templates/named.unused/named.ip6.local similarity index 100% rename from roles/network/templates/named/named.ip6.local rename to roles/network/templates/named.unused/named.ip6.local diff --git a/roles/network/templates/named/named.j2 b/roles/network/templates/named.unused/named.j2 similarity index 100% rename from roles/network/templates/named/named.j2 rename to roles/network/templates/named.unused/named.j2 diff --git a/roles/network/templates/named/named.local b/roles/network/templates/named.unused/named.local similarity index 100% rename from roles/network/templates/named/named.local rename to roles/network/templates/named.unused/named.local diff --git a/roles/network/templates/named/named.rfc1912.zones b/roles/network/templates/named.unused/named.rfc1912.zones similarity index 100% rename from roles/network/templates/named/named.rfc1912.zones rename to roles/network/templates/named.unused/named.rfc1912.zones diff --git a/roles/network/templates/named/named.root b/roles/network/templates/named.unused/named.root similarity index 100% rename from roles/network/templates/named/named.root rename to roles/network/templates/named.unused/named.root diff --git a/roles/network/templates/named/named.root.hints b/roles/network/templates/named.unused/named.root.hints similarity index 100% rename from roles/network/templates/named/named.root.hints rename to roles/network/templates/named.unused/named.root.hints diff --git a/roles/network/templates/named/named.service b/roles/network/templates/named.unused/named.service similarity index 100% rename from roles/network/templates/named/named.service rename to roles/network/templates/named.unused/named.service diff --git a/roles/network/templates/named/named.zero b/roles/network/templates/named.unused/named.zero similarity index 100% rename from roles/network/templates/named/named.zero rename to roles/network/templates/named.unused/named.zero diff --git a/roles/network/templates/named/school.external.zone.db b/roles/network/templates/named.unused/school.external.zone.db similarity index 100% rename from roles/network/templates/named/school.external.zone.db rename to roles/network/templates/named.unused/school.external.zone.db diff --git a/roles/network/templates/named/school.internal.zone.16.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.16.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.16.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.16.in-addr.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.32.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.32.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.32.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.32.in-addr.db.j2 diff --git a/roles/network/templates/named/school.internal.zone.48.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.48.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.48.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.48.in-addr.db.j2 diff --git a/roles/network/templates/named.unused/school.internal.zone.db.j2 b/roles/network/templates/named.unused/school.internal.zone.db.j2 new file mode 100644 index 000000000..ec930bee8 --- /dev/null +++ b/roles/network/templates/named.unused/school.internal.zone.db.j2 @@ -0,0 +1,27 @@ +@ in soa localhost. root 1 3H 15M 1W 1D + ns localhost. + +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} + + +conference.schoolserver IN A {{ lan_ip }} + + +; translations of school - in plain latin script +; or un punycode of the utf-8 representation + +; es - escuela +escuela IN CNAME school + +; de - schule +schule IN CNAME school + diff --git a/roles/network/templates/named/school.internal.zone.in-addr.db.j2 b/roles/network/templates/named.unused/school.internal.zone.in-addr.db.j2 similarity index 100% rename from roles/network/templates/named/school.internal.zone.in-addr.db.j2 rename to roles/network/templates/named.unused/school.internal.zone.in-addr.db.j2 diff --git a/roles/network/templates/named/school.local.zone.db b/roles/network/templates/named.unused/school.local.zone.db.j2 similarity index 58% rename from roles/network/templates/named/school.local.zone.db rename to roles/network/templates/named.unused/school.local.zone.db.j2 index 3d0619e96..8b4bc384e 100644 --- a/roles/network/templates/named/school.local.zone.db +++ b/roles/network/templates/named.unused/school.local.zone.db.j2 @@ -3,18 +3,18 @@ @ in soa localhost. root 1 3H 15M 1W 1D ns localhost. -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 +{{ iiab_hostname }} IN A {{ lan_ip }} +schoolserver IN A {{ lan_ip }} +school IN A {{ lan_ip }} +www IN A {{ lan_ip }} +ntp IN A {{ lan_ip }} +time IN A {{ lan_ip }} +presence IN A {{ lan_ip }} +xs IN A {{ lan_ip }} +library IN A {{ lan_ip }} +box IN A {{ lan_ip }} -conference.schoolserver IN A 172.18.96.1 +conference.schoolserver IN A {{ lan_ip }} ; translations of school - in plain latin script diff --git a/roles/network/templates/named/school.internal.zone.db b/roles/network/templates/named/school.internal.zone.db deleted file mode 100644 index 99a131aa2..000000000 --- a/roles/network/templates/named/school.internal.zone.db +++ /dev/null @@ -1,27 +0,0 @@ -@ in soa localhost. root 1 3H 15M 1W 1D - ns localhost. - -{{ iiab_hostname }} IN A 172.18.96.1 -schoolserver IN A 172.18.96.1 -school IN A 172.18.96.1 -www IN A 172.18.96.1 -ntp IN A 172.18.96.1 -time IN A 172.18.96.1 -presence IN A 172.18.96.1 -xs IN A 172.18.96.1 -library IN A 172.18.96.1 -box IN A 172.18.96.1 - - -conference.schoolserver IN A 172.18.96.1 - - -; translations of school - in plain latin script -; or un punycode of the utf-8 representation - -; es - escuela -escuela IN CNAME school - -; de - schule -schule IN CNAME school - diff --git a/roles/network/templates/netwarn/netwarn b/roles/network/templates/netwarn/netwarn new file mode 100755 index 000000000..a8f7a7916 --- /dev/null +++ b/roles/network/templates/netwarn/netwarn @@ -0,0 +1,34 @@ +#!/bin/bash + +# CONFUSING BUT FYI: Commands below run *strictly sequentially* when this +# script (/usr/local/sbin/netwarn) is invoked by autostart during OS boot. +# This allows return codes to be meaningful, at each successive step. +# (As of July 2022, this is tested to work well with Ubuntu Mate and "Raspberry +# Pi OS with desktop" on Raspberry Pi 4!) +# +# IN CONTRAST: return codes below are NOT MEANINGFUL when this script is +# invoked from a regularly graphical desktop session -- so make sure to test +# during an actual OS boot-up, with autostart! + +if [ -f /etc/iiab/install-flags/iiab-network-complete ]; then + exit +fi + +zenity --question --width=360 --text="IIAB needs to configure networking:\n\n► Internet must be live before you begin.\n►You might be prompted for your password.\n\nContinue? (This can take 2-3 minutes)" +rc=$? +if [[ $rc != "0" ]]; then + exit $rc +fi + +# mate-terminal always returns 255 w/ autostart, so intercept/record return code +x-terminal-emulator -e "bash -c '/usr/local/bin/iiab-network; echo \"\$?\" > /tmp/iiab-network.rc'" +rc=$(cat /tmp/iiab-network.rc) +if [[ $rc != "0" ]]; then + zenity --warning --width=360 --text="iiab-network exited with error: $rc\n\nPlease review /opt/iiab/iiab/iiab-network.log" + exit $rc +fi + +zenity --question --width=360 --text="iiab-network complete.\n\nWould you like to REBOOT now? (Recommended)" +if [[ $? == "0" ]]; then + x-terminal-emulator -e "sudo reboot" +fi diff --git a/roles/network/templates/netwarn/netwarn-iiab-network.desktop b/roles/network/templates/netwarn/netwarn-iiab-network.desktop new file mode 100644 index 000000000..35547ee41 --- /dev/null +++ b/roles/network/templates/netwarn/netwarn-iiab-network.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name[en_US]=iiab-network +Comment[en_US]=iiab-network +Name[en_CA]=iiab-network +Comment[en_CA]=iiab-network +Type=Application +Exec=/usr/local/sbin/netwarn +Hidden=false +Name=iiab-network +Comment=iiab-network diff --git a/roles/network/templates/network/bridge-br0 b/roles/network/templates/network/bridge-br0 index 8aaa27968..59d85db73 100644 --- a/roles/network/templates/network/bridge-br0 +++ b/roles/network/templates/network/bridge-br0 @@ -6,7 +6,11 @@ interface-name=br0 permissions= [ipv4] +{% if network_172 %} address1={{ lan_ip }}/19 +{% else %} +address1={{ lan_ip }}/24 +{% endif %} dns-search={{ iiab_domain }} method=manual diff --git a/roles/network/templates/network/dhcpcd.conf.j2 b/roles/network/templates/network/dhcpcd.conf.j2 index b44eb297d..cebff6e51 100644 --- a/roles/network/templates/network/dhcpcd.conf.j2 +++ b/roles/network/templates/network/dhcpcd.conf.j2 @@ -58,7 +58,11 @@ denyinterfaces {{ iiab_wired_lan_iface }} {% if dhcpcd_result == "enabled" and iiab_lan_iface != "none" %} interface {{ iiab_lan_iface }} +{% if network_172 %} static ip_address={{ lan_ip }}/19 +{% else %} +static ip_address={{ lan_ip }}/24 +{% endif %} static domain_name_servers=127.0.0.1 {% endif %} diff --git a/roles/network/templates/network/dnsmasq.conf.j2 b/roles/network/templates/network/dnsmasq.conf.j2 index 782f38049..152369cad 100644 --- a/roles/network/templates/network/dnsmasq.conf.j2 +++ b/roles/network/templates/network/dnsmasq.conf.j2 @@ -18,7 +18,12 @@ addn-hosts=/etc/hosts.dnsmasq expand-hosts # Specify the range of IP addresses the DHCP server will lease out to devices, and the duration of the lease +{% if network_172 %} dhcp-range=172.18.100.1,172.18.126.254,1h +{% else %} +dhcp-range=10.10.10.11,10.10.10.254,1h +{% endif %} + # Specify the default route dhcp-option=3,{{ lan_ip }} # Specify the DNS server address diff --git a/roles/network/templates/network/ifcfg-WAN.j2 b/roles/network/templates/network/ifcfg-WAN.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg-WAN.j2 rename to roles/network/templates/network/ifcfg-WAN.j2.unused diff --git a/roles/network/templates/network/ifcfg-slave.j2 b/roles/network/templates/network/ifcfg-slave.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg-slave.j2 rename to roles/network/templates/network/ifcfg-slave.j2.unused diff --git a/roles/network/templates/network/ifcfg.j2 b/roles/network/templates/network/ifcfg.j2.unused similarity index 100% rename from roles/network/templates/network/ifcfg.j2 rename to roles/network/templates/network/ifcfg.j2.unused diff --git a/roles/network/templates/network/sysconfig.network.j2 b/roles/network/templates/network/sysconfig.network.j2.unused similarity index 100% rename from roles/network/templates/network/sysconfig.network.j2 rename to roles/network/templates/network/sysconfig.network.j2.unused diff --git a/roles/network/templates/network/systemd-br0-network.j2 b/roles/network/templates/network/systemd-br0-network.j2 index 619196b8b..07c5a1246 100644 --- a/roles/network/templates/network/systemd-br0-network.j2 +++ b/roles/network/templates/network/systemd-br0-network.j2 @@ -3,7 +3,11 @@ Name=br0 [Network] +{% if network_172 %} Address={{ lan_ip }}/19 +{% else %} +Address={{ lan_ip }}/24 +{% endif %} LinkLocalAddressing=no ConfigureWithoutCarrier=yes RequiredForOnline=degraded-carrier diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index da5ab374f..14af973e0 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -1,6 +1,6 @@ # Nextcloud README -Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](http://internet-in-a-box.org). +Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](https://internet-in-a-box.org). This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017. @@ -43,11 +43,15 @@ Useful PHP recommendations for these settings (while largely tailored to WordPre ## Using It -Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using: Username: Admin Password: changeme +## Known Issues + +Do not install the [Nextcloud News](https://apps.nextcloud.com/apps/news) app (an RSS/Atom Feed reader) if your OS is 32-bits: [#3069](https://github.com/iiab/iiab/issues/3069) + ## Future Directions Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? @@ -56,4 +60,4 @@ Going forward, should Internet-in-a-Box consider integrating optimizations (or m - https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ - https://github.com/nextcloud/nextcloudpi -Please [contact us](http://internet-in-a-box.org/pages/contributing.html) if you can help! +Please [contact us](https://internet-in-a-box.org/contributing.html) if you can help! diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 9fb31c593..1a0b1741d 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -14,7 +14,7 @@ # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # The following line can avoid that: (but might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest.tar.bz2 nextcloud_url: /nextcloud diff --git a/roles/nextcloud/tasks/install.yml b/roles/nextcloud/tasks/install.yml index f1896a263..c576daf13 100644 --- a/roles/nextcloud/tasks/install.yml +++ b/roles/nextcloud/tasks/install.yml @@ -43,7 +43,7 @@ # February 2020: See @m-anish's PR #2119 and follow-up PR #2258. # 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs: # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation -# https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation +# https://docs.nextcloud.com/server/24/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify) package: name: @@ -91,7 +91,7 @@ state: directory path: "{{ nextcloud_root_dir }}" # /library/www/nextcloud -- name: Unarchive {{ nextcloud_dl_url }} (~133 MB) to {{ nextcloud_root_dir }} (~476 MB initially, 498+ MB later, {{ apache_user }}:{{ apache_user }}) +- name: Unarchive {{ nextcloud_dl_url }} (~118 MB) to {{ nextcloud_root_dir }} (~405 MB initially, 428+ MB later, {{ apache_user }}:{{ apache_user }}) unarchive: remote_src: yes # Overwrite even if "already exists on the target" src: "{{ nextcloud_dl_url }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 83877e92e..d98ae5b27 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -19,38 +19,44 @@ quiet: yes -- name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nextcloud_installed is undefined +- block: + - name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nextcloud_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml - when: nginx_enabled + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml + - name: Add 'nextcloud' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: Nextcloud + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Nextcloud + - option: description + value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' + - option: nextcloud_install + value: "{{ nextcloud_install }}" + - option: nextcloud_enabled + value: "{{ nextcloud_enabled }}" + - option: nextcloud_dl_url + value: "{{ nextcloud_dl_url }}" + - option: nextcloud_url + value: "{{ nextcloud_url }}" + - option: nextcloud_base_dir + value: "{{ nextcloud_base_dir }}" + - option: nextcloud_root_dir + value: "{{ nextcloud_root_dir }}" + - option: nextcloud_data_dir + value: "{{ nextcloud_data_dir }}" -- name: Add 'nextcloud' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: Nextcloud - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Nextcloud - - option: description - value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."' - - option: nextcloud_install - value: "{{ nextcloud_install }}" - - option: nextcloud_enabled - value: "{{ nextcloud_enabled }}" - - option: nextcloud_dl_url - value: "{{ nextcloud_dl_url }}" - - option: nextcloud_url - value: "{{ nextcloud_url }}" - - option: nextcloud_base_dir - value: "{{ nextcloud_base_dir }}" - - option: nextcloud_root_dir - value: "{{ nextcloud_root_dir }}" - - option: nextcloud_data_dir - value: "{{ nextcloud_data_dir }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nginx/README.md b/roles/nginx/README.md index e677c7ba2..dd2311a15 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -35,7 +35,7 @@ * usb_lib * wordpress - 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: + 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: * **NONE: Apache support is now fully REMOVED as of 2021-08-08** ([PR #2850](https://github.com/iiab/iiab/pull/2850)) diff --git a/roles/nodejs/README.md b/roles/nodejs/README.md new file mode 100644 index 000000000..7d35c9e3e --- /dev/null +++ b/roles/nodejs/README.md @@ -0,0 +1,27 @@ +Please see IIAB's recommended Node.js version number [around line 439 of /opt/iiab/iiab/vars/default_vars.yml](https://github.com/iiab/iiab/blob/master/vars/default_vars.yml#L434-L439) + +If nodesource.com doesn't yet support your OS +--------------------------------------------- + +If nodesource.com [does not yet support your Linux OS (they often support Debian pre-releases, but generally not other OS pre-releases)](https://github.com/nodesource/distributions#deb) then you can manually install an older version of Node.js and npm as follows: + +- `sudo apt install nodejs npm` +- `sudo echo 'nodejs_installed: True' >> /etc/iiab/iiab_state.yml` + +Best to do this prior to installing IIAB! + +See also late-breaking details about your individual OS: + +- https://github.com/nodesource/distributions#deb +- https://github.com/iiab/iiab/wiki/IIAB-Platforms + +Raspberry Pi Zero W Warning +--------------------------- + +Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). + +If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then ([attempt!](https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards)) to [install Node.js](https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml) _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole --reinstall nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at [#2082](https://github.com/iiab/iiab/issues/2082#issuecomment-569344617)). + +You'll (likely) also need `apt install npm`. + +Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer: [#1799](https://github.com/iiab/iiab/issues/1799) diff --git a/roles/nodejs/tasks/main.yml b/roles/nodejs/tasks/main.yml index 99250321b..07de2bcf8 100644 --- a/roles/nodejs/tasks/main.yml +++ b/roles/nodejs/tasks/main.yml @@ -35,23 +35,31 @@ var: nodejs_installed -- name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nodejs_installed is undefined +- block: + - name: Install Node.js if 'nodejs_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nodejs_installed is undefined -- name: Add 'nodejs' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: nodejs - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Node.js - - option: description - value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."' - - option: nodejs_install - value: "{{ nodejs_install }}" - - option: nodejs_enabled - value: "{{ nodejs_enabled }}" + - name: Add 'nodejs' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodejs + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Node.js + - option: description + value: '"Node.js is a JavaScript runtime environment built on Chrome''s V8 JavaScript engine, that executes JavaScript code outside of a browser."' + - option: nodejs_install + value: "{{ nodejs_install }}" + - option: nodejs_enabled + value: "{{ nodejs_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nodered/README.rst b/roles/nodered/README.rst index 102e4a995..aa3dc3236 100644 --- a/roles/nodered/README.rst +++ b/roles/nodered/README.rst @@ -20,7 +20,7 @@ Username: ``Admin`` Password: ``changeme`` -To change this password, please see: `roles/nodered/defaults/main.yml `_ +To change this password, please see: `roles/nodered/defaults/main.yml `_ You can monitor the Node-RED service with command:: diff --git a/roles/nodered/defaults/main.yml b/roles/nodered/defaults/main.yml index f68a595d3..f7cf092a5 100644 --- a/roles/nodered/defaults/main.yml +++ b/roles/nodered/defaults/main.yml @@ -9,9 +9,10 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -nodered_user: Admin -nodered_password: changeme # REMOVE THIS PASSWORD REMINDER LINE AS NECESSARY -nodered_password_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPMNz7q +nodered_linux_user: nodered + +nodered_admin_user: Admin +nodered_admin_pwd_hash: $2b$08$oxgvoU9et3deSbXY8UNVTOWHSTQAyEASIal86RHVMqYQJhpPMNz7q # Password itself is "changeme" # TO GENERATE A NEW PASSWORD HASH, run 'node-red-admin hash-pw' and enter # the new password. Paste the resulting hash as above, but into your own: diff --git a/roles/nodered/tasks/apache.yml b/roles/nodered/tasks/apache.yml.unused similarity index 100% rename from roles/nodered/tasks/apache.yml rename to roles/nodered/tasks/apache.yml.unused diff --git a/roles/nodered/tasks/nginx.yml b/roles/nodered/tasks/enable-or-disable.yml similarity index 54% rename from roles/nodered/tasks/nginx.yml rename to roles/nodered/tasks/enable-or-disable.yml index e7affdab7..87a1c8d2a 100644 --- a/roles/nodered/tasks/nginx.yml +++ b/roles/nodered/tasks/enable-or-disable.yml @@ -1,3 +1,19 @@ +- name: Enable & (Re)start 'nodered' systemd service, if nodered_enabled + systemd: + name: nodered + daemon_reload: yes + enabled: yes + state: restarted + when: nodered_enabled + +- name: Disable & Stop 'nodered' systemd service, if not nodered_enabled + systemd: + name: nodered + enabled: no + state: stopped + when: not nodered_enabled + + - name: Enable http://box/nodered via NGINX, by installing {{ nginx_conf_dir }}/nodered-nginx.conf from template template: src: nodered-nginx.conf.j2 @@ -6,7 +22,7 @@ - name: Disable http://box/nodered via NGINX, by removing {{ nginx_conf_dir }}/nodered-nginx.conf file: - path: "{{ nginx_conf_dir }}/nodered-nginx.conf" # /etc/nginx/conf.d + path: "{{ nginx_conf_dir }}/nodered-nginx.conf" state: absent when: not nodered_enabled diff --git a/roles/nodered/tasks/group.yml b/roles/nodered/tasks/group.yml deleted file mode 100644 index ad4499023..000000000 --- a/roles/nodered/tasks/group.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: Ensure Linux group 'nodered' exists (if not rpi) - group: - name: nodered - state: present - -- name: Ensure Linux user 'nodered' exists and is added to group 'nodered' (if not rpi) - user: - name: nodered - group: nodered - -- name: Ensure directory /home/nodered/.node-red/ exists (if not rpi) - file: - path: /home/nodered/.node-red - state: directory - owner: nodered - group: nodered - mode: 0775 - -- name: Install /home/nodered/.node-red/settings.js from template, with authentication (if not rpi) - template: - backup: yes - src: settings.js.j2 - dest: /home/nodered/.node-red/settings.js - owner: nodered - group: nodered - mode: 0755 diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 3c95f7408..7ee0a7d73 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -16,7 +16,7 @@ msg: "Node-RED install cannot proceed, as Node.js is not installed." when: nodejs_installed is undefined -# 2020-10-29: not really be nec as Node-RED supports recent Node.js versions +# 2020-10-29: not really nec as Node-RED supports recent Node.js versions #- name: FAIL (STOP THE INSTALL) IF 'nodejs_version != "12.x"' # fail: # msg: "Node-RED install cannot proceed, as it currently requires Node.js 12.x, whereas nodejs_version is set to {{ nodejs_version }}. Please check the value of nodejs_version in /opt/iiab/iiab/vars/default_vars.yml, /etc/iiab/local_vars.yml, /opt/iiab/iiab/roles/nodejs, etc." @@ -36,7 +36,6 @@ package: name: nodered state: absent - when: nodered_install # 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # environment, inspired by: @@ -44,15 +43,22 @@ # https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered # https://github.com/iiab/iiab/pull/1497 -- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" - command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard - #command: npm install -g --unsafe-perm node-red@latest node-red-admin@latest node-red-dashboard@latest - # Above "@latest" is recommended by https://nodered.org/docs/hardware/raspberrypi (SHOULD WE CONSIDER?) - when: nodered_install +# https://nodered.org/docs/user-guide/node-red-admin built in since Node-RED +# 1.1.0 (2020-06-30). Run it using: node-red admin +# If you install it separately, run: node-red-admin +# +#- name: "Globally 'npm install' 3 Node-RED packages: node-red, node-red-admin, node-red-dashboard" +- name: "Globally 'npm install' 2 Node-RED packages: node-red, node-red-dashboard" + #command: npm install -g --unsafe-perm node-red node-red-admin node-red-dashboard + command: npm install -g --unsafe-perm node-red@latest node-red-dashboard@latest + # Above "@latest" recommended by https://nodered.org/docs/hardware/raspberrypi back in 2019 -- name: "Globally 'npm install' 8 Node-RED learning examples for RPi: node-red-contrib-ibm-watson-iot, node-red-contrib-play-audio, node-red-node-ledborg, node-red-node-ping, node-red-node-pi-sense-hat, node-red-node-random, node-red-node-serialport, node-red-node-smooth" - command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth - when: nodered_install and is_raspbian +# 2022-06-08: New list copied from $EXTRANODES in https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +- name: "Globally 'npm install' 6 Node-RED learning examples IF Raspberry Pi hardware detected: node-red-node-pi-gpio, node-red-node-random, node-red-node-ping, node-red-contrib-play-audio, node-red-node-smooth, node-red-node-serialport" + #command: npm install -g --unsafe-perm node-red-contrib-ibm-watson-iot node-red-contrib-play-audio node-red-node-ledborg node-red-node-ping node-red-node-pi-sense-hat node-red-node-random node-red-node-serialport node-red-node-smooth + command: npm install -g --unsafe-perm node-red-node-pi-gpio@latest node-red-node-random@latest node-red-node-ping@latest node-red-contrib-play-audio@latest node-red-node-smooth@latest node-red-node-serialport@latest + #command: npm i --unsafe-perm --save --no-progress --no-update-notifier --no-audit --no-fund node-red-node-pi-gpio@latest node-red-node-random@latest node-red-node-ping@latest node-red-contrib-play-audio@latest node-red-node-smooth@latest node-red-node-serialport@latest 2>&1 + when: rpi_model != "none" ## To protect pre-installed packages within /usr/lib/node_modules in graphical ## desktop OS's like Raspbian Desktop & Ubermix, we now only install those that @@ -89,18 +95,39 @@ # creates: /usr/lib/node_modules/node-red-dashboard # when: nodered_install and internet_available -- include_tasks: group.yml - when: nodered_install and not is_raspbian +- include_tasks: settings.yml + #when: not is_raspbian -- include_tasks: rpi_desk.yml - when: nodered_install and is_raspbian +- include_tasks: os-integration.yml +#- include_tasks: rpi_desk.yml +# when: is_raspbian -- name: Install /etc/systemd/system/nodered.service systemd unit file from template - template: - backup: no - src: nodered.service.j2 +# 2022-06-08 OFFICIALLY RECOMMENDED /lib/systemd/system/nodered.service IS: +# https://github.com/node-red/linux-installers/blob/master/resources/nodered.service +# EXPLAINED AT https://nodered.org/docs/faq/customising-systemd-on-pi +# +# AS RECOMMENDED BY OFFICIAL INSTALLER SCRIPT: +# https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +# OFFICIAL INSTRUCTIONS: https://nodered.org/docs/getting-started/local +# https://nodered.org/docs/getting-started/raspberrypi +# +# Should /lib be considered instead of /etc ? +# - name: Install /etc/systemd/system/nodered.service systemd unit file from template +# template: +# src: nodered.service.j2 +# dest: /etc/systemd/system/nodered.service + +- name: Start by downloading https://github.com/node-red/linux-installers/blob/master/resources/nodered.service to /etc/systemd/system/nodered.service + get_url: + url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/nodered.service dest: /etc/systemd/system/nodered.service - # mode: '0666' + timeout: "{{ download_timeout }}" + +- name: Replace every '[=/]pi' with '[=/]{{ nodered_linux_user }}' (nodered_linux_user) in /etc/systemd/system/nodered.service + replace: + path: /etc/systemd/system/nodered.service + regexp: '([=/])pi' # e.g. nodered_linux_user: nodered + replace: '\1{{ nodered_linux_user }}' # \1 is a back-reference to above '=' or '/' -- like sed, but Ansible uses https://docs.python.org/3/library/re.html # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml #- name: Enable proxy_wstunnel apache2 module diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 2add807b2..2c197013e 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -19,42 +19,33 @@ quiet: yes -- name: Install Node-RED if nodered_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: nodered_installed is undefined +- block: + - name: Install Node-RED if nodered_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: nodered_installed is undefined -- name: Enable & (Re)start 'nodered' systemd service, if nodered_enabled - systemd: - name: nodered - daemon_reload: yes - enabled: yes - state: restarted - when: nodered_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'nodered' systemd service, if not nodered_enabled - systemd: - name: nodered - enabled: no - state: stopped - when: not nodered_enabled + - name: Add 'nodered' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: nodered + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Node-RED + - option: description + value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."' + - option: nodered_install + value: "{{ nodered_install }}" + - option: nodered_enabled + value: "{{ nodered_enabled }}" -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + rescue: - -- name: Add 'nodered' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: nodered - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Node-RED - - option: description - value: '"Node-RED is a flow-based development tool for visual programming developed originally by IBM for wiring together hardware devices, APIs and online services as part of the Internet of Things. Node-RED provides a web browser-based flow editor, which can be used to create JavaScript functions."' - - option: nodered_install - value: "{{ nodered_install }}" - - option: nodered_enabled - value: "{{ nodered_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/nodered/tasks/os-integration.yml b/roles/nodered/tasks/os-integration.yml new file mode 100644 index 000000000..c7b008da3 --- /dev/null +++ b/roles/nodered/tasks/os-integration.yml @@ -0,0 +1,68 @@ +# 2022-06-08: This file used to be rpi_desk.yml + +# 2022-06-09: Crucially, the 3 "dest" dirs (below) exist on all mainline OS's +- name: "Download 3 Node-RED enhancements: Node-RED icon, start menu item, /etc/logrotate.d/nodered" + get_url: + url: "{{ item.url }}" + dest: "{{ item.dest }}" + force: yes + timeout: "{{ download_timeout }}" + with_items: + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-icon.svg + dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/Node-RED.desktop + dest: /usr/share/applications/Node-RED.desktop + - url: https://raw.githubusercontent.com/node-red/linux-installers/master/resources/nodered.rotate + dest: /etc/logrotate.d/nodered + # 2022-06-08: New versions above, pasted from https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg + # dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop + # dest: /usr/share/applications/Node-RED.desktop + # - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate + # dest: /etc/logrotate.d/nodered + # - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' + # dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' + +#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) +# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' +# when: nodered_install and internet_available and is_raspbian + +#- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' +- name: 'Install 5 executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-reload, node-red-log' + get_url: + url: "{{ item }}" + dest: /usr/bin + mode: a+x + force: yes + timeout: "{{ download_timeout }}" + with_items: + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-start + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-stop + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-restart + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-reload + - https://raw.githubusercontent.com/node-red/linux-installers/master/resources/node-red-log + # 2022-08-06: New versions above, pasted from https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart + # - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log + +# 2022-06-08 #3245: Raspberry Pi OS recently removed the 'pi' user. For now, +# until converging on a longer-term strategy, let's comment out both stanzas: + +# - name: Create /home/pi/.node-red/ directory (rpi) +# file: +# path: /home/pi/.node-red +# state: directory +# owner: pi +# group: pi +# mode: 0775 + +# - name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) +# template: +# src: settings.js.j2 +# dest: /home/pi/.node-red/settings.js +# owner: pi +# group: pi +# mode: 0755 diff --git a/roles/nodered/tasks/rpi_desk.yml b/roles/nodered/tasks/rpi_desk.yml deleted file mode 100644 index bc61c971f..000000000 --- a/roles/nodered/tasks/rpi_desk.yml +++ /dev/null @@ -1,47 +0,0 @@ -# TEST UNNEC ICON/MENU FILE PLACEMENT ON RASPIAN LITE TOO ! -- name: 'Download/Install 4 useful items for RPi: Node-RED icon, start menu item, /etc/logrotate.d/nodered, tweaked "Pi cpu temperature.json"' - get_url: - url: "{{ item.url }}" - dest: "{{ item.dest }}" - timeout: "{{ download_timeout }}" - with_items: - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-icon.svg - dest: /usr/share/icons/hicolor/scalable/apps/node-red-icon.svg - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Node-RED.desktop - dest: /usr/share/applications/Node-RED.desktop - - url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.rotate - dest: /etc/logrotate.d/nodered - - url: 'https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' - dest: '/usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json' - -#- name: Replace/Tweak "node-red-contrib-ibm-watson-iot/examples/Pi cpu temperature.json" (rpi) -# command: 'curl -sL -o /usr/lib/node_modules/node-red-contrib-ibm-watson-iot/examples/Pi\ cpu\ temperature.json https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/Pi%20cpu%20temperature.json' -# when: nodered_install and internet_available and is_raspbian - -- name: 'Download/Install 4 RPi executables to /usr/bin: node-red-start, node-red-stop, node-red-restart, node-red-log' - get_url: - url: "{{ item }}" - dest: /usr/bin - mode: a+x - timeout: "{{ download_timeout }}" - with_items: - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-restart - - https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-log - -- name: Create /home/pi/.node-red/ directory (rpi) - file: - path: /home/pi/.node-red - state: directory - owner: pi - group: pi - mode: 0775 - -- name: Install /home/pi/.node-red/settings.js from template, with authentication (rpi) - template: - src: settings.js.j2 - dest: /home/pi/.node-red/settings.js - owner: pi - group: pi - mode: 0755 diff --git a/roles/nodered/tasks/settings.yml b/roles/nodered/tasks/settings.yml new file mode 100644 index 000000000..22b2f33a6 --- /dev/null +++ b/roles/nodered/tasks/settings.yml @@ -0,0 +1,114 @@ +# 2022-06-09: This file used to be group.yml + +- name: Ensure Linux group '{{ nodered_linux_user }}' exists + group: + name: "{{ nodered_linux_user }}" + state: present + +- name: Ensure nodered_linux_user '{{ nodered_linux_user }}' exists and is added to group '{{ nodered_linux_user }}' + user: + name: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" # Primary group + +- name: Ensure directory /home/{{ nodered_linux_user }}/.node-red/ exists + file: + path: /home/{{ nodered_linux_user }}/.node-red + state: directory + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + mode: 0775 + + +# - name: Install /home/{{ nodered_linux_user }}/.node-red/settings.js from template, with authentication +# template: +# backup: yes +# src: settings.js.j2 +# dest: /home/{{ nodered_linux_user }}/.node-red/settings.js +# owner: "{{ nodered_linux_user }}" +# group: "{{ nodered_linux_user }}" +# mode: 0755 + +# 2022-06-08 some alternative options arising from official installer +# https://github.com/node-red/linux-installers/blob/master/deb/update-nodejs-and-nodered +# +# 1) User {{ nodered_linux_user }} run 'node-red admin init' to create /home/{{ NODERED_LINUX_USER }}/.node-red/settings.js +# 2) Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ NODERED_LINUX_USER }}/.node-red/settings.js +# 3) https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js +# +# Approach 1) (THEIR VERY INTERACTIVE SCRIPT) can't be automated like this: +#- name: Run 'node-red admin init' as user '{{ nodered_linux_user }}' to create /home/{{ nodered_linux_user }}/.node-red/settings.js +# command: runuser -u {{ nodered_linux_user }} node-red admin init + +- name: Copy /usr/lib/node_modules/node-red/settings.js to /home/{{ nodered_linux_user }}/.node-red/settings.js + copy: + remote_src: yes + src: /usr/lib/node_modules/node-red/settings.js + dest: /home/{{ nodered_linux_user }}/.node-red/settings.js + owner: "{{ nodered_linux_user }}" + group: "{{ nodered_linux_user }}" + #mode: preserve # Implied (and required) w/ remote_src, since Ansible 2.6 + + +- name: Splice username and password into /home/{{ nodered_linux_user }}/.node-red/settings.js + blockinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + block: |2 # |n MEANS: Set the block's left edge n CHARACTERS TO THE RIGHT of *this line's* indentation -- where n is {1..9} -- instead of setting its left edge to the 1st non-blank line's indentation below + adminAuth: { + type: "credentials", + users: [{ + username: "{{ nodered_admin_user }}", + password: "{{ nodered_admin_pwd_hash }}", + permissions: "*" + }] + }, + marker: "// {mark} ANSIBLE MANAGED BLOCK" # Surround block with comment lines: "// BEGIN ANSIBLE MANAGED BLOCK", "// END ANSIBLE MANAGED BLOCK" + insertafter: '^module.exports = {$' + #insertbefore: '^}$' + +# 2022-06-09: IF ABOVE SNIPPET ALREADY EXISTS *UNCOMMENTED* IN settings.js +# *WITHOUT* ANSIBLE MARKERS, THESE WOULD BE NEEDED INSTEAD OF blockinfile: + +# - name: Splice 'username: "{{ nodered_admin_user }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: 'username:' +# line: ' username: "{{ nodered_admin_user }}",' + +# - name: Splice 'password: "{{ nodered_admin_pwd_hash }}",' into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: 'password:' +# line: ' password: "{{ nodered_admin_pwd_hash }}",' + + +# 2022-06-09: httpRoot might be going away? Increasingly hidden from +# settings.js which used to say: "property can be used in place of +# 'httpAdminRoot' and 'httpNodeRoot', to apply the same root to both parts." +# +# "httpRoot sets the root url for both admin and node endpoints. +# It overrides the values set by httpAdminRoot and httpNodeRoot" +# https://nodered.org/docs/user-guide/runtime/configuration +# +# - name: Splice "httpRoot: '/{{ nodered_web_path }}'," into /home/{{ nodered_linux_user }}/.node-red/settings.js +# lineinfile: +# path: /home/{{ nodered_linux_user }}/.node-red/settings.js +# regexp: '^\s*httpRoot:' +# line: " httpRoot: '/{{ nodered_web_path }}'," +# insertafter: '^module.exports = {$' +# #insertbefore: '^}$' + +- name: 'Splice "httpNodeRoot: ''/{{ nodered_web_path }}''," into /home/{{ nodered_linux_user }}/.node-red/settings.js' + lineinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + regexp: '^\s*httpNodeRoot:' + line: " httpNodeRoot: '/{{ nodered_web_path }}'," + insertafter: '^module.exports = {$' + #insertbefore: '^}$' + +- name: 'Splice "httpAdminRoot: ''/{{ nodered_web_path }}''," into /home/{{ nodered_linux_user }}/.node-red/settings.js' + lineinfile: + path: /home/{{ nodered_linux_user }}/.node-red/settings.js + regexp: '^\s*httpAdminRoot:' + line: " httpAdminRoot: '/{{ nodered_web_path }}'," + insertafter: '^module.exports = {$' + #insertbefore: '^}$' diff --git a/roles/nodered/templates/nodered.service.j2 b/roles/nodered/templates/nodered.service.j2.unused similarity index 100% rename from roles/nodered/templates/nodered.service.j2 rename to roles/nodered/templates/nodered.service.j2.unused diff --git a/roles/nodered/templates/settings.js.j2 b/roles/nodered/templates/settings.js.j2.unused similarity index 99% rename from roles/nodered/templates/settings.js.j2 rename to roles/nodered/templates/settings.js.j2.unused index 50923671c..c484a4bcb 100644 --- a/roles/nodered/templates/settings.js.j2 +++ b/roles/nodered/templates/settings.js.j2.unused @@ -118,8 +118,8 @@ module.exports = { adminAuth: { type: "credentials", users: [{ - username: "{{ nodered_user }}", - password: "{{ nodered_password_hash }}", + username: "{{ nodered_admin_user }}", + password: "{{ nodered_admin_pwd_hash }}", permissions: "*" }] }, diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index 9d3b0d258..6d5003b78 100755 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -3,14 +3,14 @@ # /usr/bin/iiab-remote-off should fully turn off multiple remote support # services like OpenVPN and others, to reduce risk of remote attacks. -echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n' - -echo -e '1) Set this variable in /etc/iiab/local_vars.yml' -echo -e ' openvpn_enabled: False\n' - -echo -e '2) Run:' -echo -e ' cd /opt/iiab/iiab' -echo -e ' sudo ./runrole openvpn\n' +# echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n' +# +# echo -e '1) Set this variable in /etc/iiab/local_vars.yml' +# echo -e ' openvpn_enabled: False\n' +# +# echo -e '2) Run:' +# echo -e ' cd /opt/iiab/iiab' +# echo -e ' sudo ./runrole openvpn\n' # Do nothing if OpenVPN not installed which openvpn @@ -19,13 +19,21 @@ if [ $? -ne 0 ]; then exit 1 fi +if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then + sed -i "s/^openvpn_enabled:.*/openvpn_enabled: False/" /etc/iiab/local_vars.yml +else + echo "openvpn_enabled: False" >> /etc/iiab/local_vars.yml +fi + systemctl disable openvpn systemctl stop openvpn sleep 5 ps -e | grep openvpn # 2018-09-05: "ps -e | grep vpn" no longer works (nor would "pgrep vpn") when invoked from iiab-vpn-off (as filename itself causes [multiple] "vpn" instances to appear in process list!) if [ $? -eq 0 ]; then - echo OpenVPN failed to stop. + echo "OpenVPN failed to stop." else - echo Successfully stopped and disabled OpenVPN. + echo "OpenVPN's systemd service was successfully stopped and disabled." + echo + echo "Also, 'openvpn_enabled: False' was set in /etc/iiab/local_vars.yml" fi diff --git a/roles/osm-vector-maps/README.md b/roles/osm-vector-maps/README.md index 1aff222c9..b87a11dd1 100644 --- a/roles/osm-vector-maps/README.md +++ b/roles/osm-vector-maps/README.md @@ -1,40 +1,54 @@ -## What's New with IIAB Maps in IIAB 7.2? +## What's New with IIAB Maps? -1. If you install [IIAB 7.2](https://github.com/iiab/iiab/wiki/IIAB-7.2-Release-Notes) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps), a new **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-72-), separate from IIAB's Admin Console: +1. If you install [IIAB 8.0+](https://github.com/iiab/iiab/wiki/IIAB-8.0-Release-Notes) (a pre-release is fine!) with [IIAB Maps](https://github.com/iiab/iiab/wiki/IIAB-Maps) an **Install IIAB Maps** page is available (http://box/osm-vector-maps/installer/) with [instructions](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-install-map-packs-and-satellite-photo-regions-on-iiab-80-), separate from IIAB's Admin Console: 1. This [very visual page](https://user-images.githubusercontent.com/2458907/94740848-46c4eb00-0341-11eb-93ea-e3e4758dce48.png) facilitates selecting/downloading/installing of Map Pack(s) for your favorite "continent(s)". (SEE 2. BELOW) - 2. If you've installed at least one Map Pack, you can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) - 3. All these downloads can now happen 10X to 100X faster, thanks to [PR #38](https://github.com/iiab/maps/pull/38) ! + 2. You can then use this same page to select/download/install Hi-Res Satellite Photo Region(s) for your local communities. (SEE 3. BELOW) + 3. All these downloads can now happen 10X to 100X faster, thanks to PR's [iiab/maps#38](https://github.com/iiab/maps/pull/38), [iiab/maps#58](https://github.com/iiab/maps/pull/58) and [iiab/iiab-admin-console#478](https://github.com/iiab/iiab-admin-console/pull/478) ! + 4. _When installing OpenStreetMap "continents" (a.k.a. regions), consider either the command-line ([/usr/bin/iiab-install-map-region](https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region)) or the visual alternative provided by IIAB's Admin Console: http://box.lan/admin > Install Content > Get Map Regions._ 2. **Map Packs** no longer bundle both data and program in a .zip file. All Map Packs are really now just a collection of 3 .mbtiles files: - 1. The main focus of a Map Pack remains Hi-Res Vector Map data from OpenStreetMap, for your selected "continent" — but Lo-Res vector map tiles (1.74GB .mbtiles) and Lo-Res satellite photos (932MB .mbtiles) are also included for the entire planet. Read more at: https://github.com/iiab/iiab/wiki/IIAB-Maps - 2. Every Map Pack's OSM vector tile data (originally from 2017) was updated to [September 2019](https://archive.org/details/osm-vector-mbtiles). - 3. The world view (planetwide OSM vector maps included with all Map Packs) increased zoom levels from 0-9 to 0-10 (1.74GB osm-planet_z0-z10_2019.mbtiles) so that city search is successful more of the time. + 1. The main focus of a Map Pack remains Hi-Res Vector Map data from OpenStreetMap, for your selected "continent" — but Lo-Res vector map tiles (2.0 GB .mbtiles) and Lo-Res satellite photos (1.2 GB .mbtiles) are also included for the entire planet. Read more at: https://github.com/iiab/iiab/wiki/IIAB-Maps + 2. Every Map Pack's OSM vector tile data (originally from 2017, and then September 2019) was updated to [November 2020](https://archive.org/details/osm-vector-mbtiles). + 3. The world view (planetwide OSM vector maps included with all Map Packs) increased zoom levels from 0-9 to 0-10 (2.0 GB osm-planet_z0-z10_2020.mbtiles) so that city search is successful more of the time. 4. Multiple Map Packs can be downloaded/installed (one "continent" at a time). However this can waste disk space with duplicate data, and potentially cause rendering slowness in areas where Map Packs overlap ("continent" bounding boxes have been designed to overlap on purpose, so multiple Map Packs are rarely necessary!) 3. **Hi-Res Satellite Photos** can be downloaded/installed for any 100 x 100 km, 300 x 300 km, or 1000 x 1000 km square region (around any map point that you click!) 1. These new Hi-Res Satellite Photo Regions are "squares" with 4 additional levels of satellite photo zoom (i.e. zoom levels 10-13) giving you 16X the resolution (i.e. 19 x 19 m pixels) and 256X more photographic information density. - 2. As compared to Lo-Res Satellite Photos i.e. zoom levels 0-9 (305 x 305 m pixels) everywhere else on the planet (932MB satellite_z0-z9_v3.mbtiles is included with all Map Packs). (SEE 2. ABOVE) + 2. As compared to Lo-Res Satellite Photos i.e. zoom levels 0-9 (305 x 305 m pixels) everywhere else on the planet (1.2 GB satellite_z0-z9_2020.mbtiles is included with all Map Packs). (SEE 2. ABOVE) 3. Multiple Hi-Res Satellite Photo Regions can be downloaded/installed (one "square" region at a time, thankfully duplicate disk space is avoided when such "squares" overlap!) 4. Some variables have newer meanings: - 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 levels of zoom (about 40MB ?) - 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. + 1. `osm_vector_maps_install` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) means install the map program and 7 basic levels of zoom (48MB for OSM + 25 MB for satellite photos). + 2. `osm_vector_maps_enabled` in [/etc/iiab/local_vars.yml](https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) is once again standardized, solving #2484 install delays. 3. `osm_vector_maps_installed` in `/etc/iiab/iiab_state.yml` means a functioning world map with 7 levels of zoom (z0-z6) has been installed — i.e. a preview of IIAB's mapping system that helps you select Maps Pack(s) and Hi-Res Satellite Photo Region(s) to download and install on your IIAB. (SEE 1. ABOVE) 5. **Drag-and-Drop Map Overlays** — try this by dragging and dropping any relevant GeoJSON file onto the IIAB Maps (http://box/maps) in your browser! For example try this GeoJSON file, to explore the shape of gerrymandered US Congressional districts: https://eric.clst.org/assets/wiki/uploads/Stuff/gz_2010_us_500_11_20m.json +#### How to (Wipe and) Upgrade IIAB Maps + + +In April 2022, IIAB revised our legacy catalog [/etc/iiab/map-catalog.json](https://github.com/iiab/maps/blob/master/2020/map-catalog.json), our new catalog [/library/www/html/common/assets/adm-map-catalog.json](https://github.com/iiab/iiab-admin-console/blob/master/roles/common/files/map/adm-map-catalog.json), associated programs — and the dozen core [OSM continent/region .mbtiles files](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored) listed in our catalog. + +_It's always best to start fresh with a [new install of IIAB](https://download.iiab.io) if you want the latest maps!_ + +Or, if you absolutely must attempt an upgrade (ENTIRELY AT YOUR OWN RISK) run the following — to attempt to delete your existing maps — and then add new IIAB Maps: + + ``` + sudo rm -rf /library/www/osm-vector-maps + cd /opt/iiab/iiab + sudo git pull + sudo ./runrole --reinstall osm-vector-maps + sudo iiab-install-map-region .mbtiles + ``` + +Where `.mbtiles` is one of the [major region files](https://github.com/iiab/iiab/wiki/IIAB-Maps#where-are-iiab-maps-stored) (e.g. with "2020" in its filename) that you choose from IIAB's [map catalog](https://github.com/iiab/iiab/wiki/IIAB-Maps#how-do-i-upgrade-an-iiab-map-pack). + + ~cd /library/www/
+ rm -rf osm-vector-maps/
+ nano /etc/iiab/iiab_state.yml # Delete line 'osm_vector_maps_installed: True'
+ git remote add ghunt git@github.com:/georgejhunt/iiab
+ git fetch --all
+ git checkout -b maps7.3 ghunt/maps7.3
+ ./runroles osm-vector-maps~ #### Please also see the IIAB Maps doc: https://github.com/iiab/iiab/wiki/IIAB-Maps - -#### Notes on upgrading from maps 7.2 to maps 7.3 - -The format of the map-catalog.json has changed. And the programs need to be updated also. This can be accomplished by the following: -``` - cd /library/www/ - rm -rf osm-vector-maps/ - vim /etc/iiab/iiab_state.yml (and delete the line osm-vector-maps) - git remote add ghunt git@github.com:/georgejhunt/iiab - git fetch --all - git checkout -b maps7.3 ghunt/maps7.3 - ./runroles osm-vector-maps -``` diff --git a/roles/osm-vector-maps/defaults/main.yml b/roles/osm-vector-maps/defaults/main.yml index 5801e0773..b000c992a 100644 --- a/roles/osm-vector-maps/defaults/main.yml +++ b/roles/osm-vector-maps/defaults/main.yml @@ -1,23 +1,34 @@ # osm_vector_maps_install: True # osm_vector_maps_enabled: True -# iiab_map_url : http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden -# vector_map_path: "{{ content_base }}/www/osm-vector-maps" +# maps_from_internet_archive: False +# vector_map_path: "{{ content_base }}/www/osm-vector-maps" # /library/www/osm-vector-maps # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# The following soft coded variables allow testing, before pulling PR's into master -osm_repo_url: https://raw.githubusercontent.com/iiab/maps -maps_branch: 'master' # Quotes not required -#osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps -#maps_branch: 'maps7.3' -# soft code sources +# Pulls in ~37 files thx to @jvonau's #3192 -- change these 2 during testing: +osm_repo_url: https://raw.githubusercontent.com/iiab/maps +maps_branch: master # Quotes not required +#osm_repo_url: https://raw.githubusercontent.com/georgejhunt/maps +#maps_branch: maps7.3 + +# 2022-04-30 -- Bluehost (timmoody.com) has become extremely slow! +#maps_assets_url: https://timmoody.com/iiab-files/maps +#maps_assets_url: https://download.iiab.io/content/OSM/vector-tiles +maps_assets_url: https://raw.githubusercontent.com/iiab/maps-assets/main + +# cities1000.sqlite # 26MB +installer_planet: planet_z0-z6_2020.mbtiles # 48MB +installer_satellite: satellite_z0-z6_2020.mbtiles # 25MB + + +# 2022-04-30 WIP -- CLI approach to installing larger .mbtiles OSM "continents" a.k.a. regions: +# https://github.com/iiab/maps/blob/master/osm-source/pages/viewer/scripts/iiab-install-map-region +# 2022-04-30 WIP -- This var might be used in future: (with boolean var maps_from_internet_archive) archive_org_url: https://archive.org/download -#iiab_map_url: http://download.iiab.io/content/OSM/vector-tiles/maplist/hidden -#map_catalog_url: http://download.iiab.io/content/OSM/vector-tiles -map_catalog_url: http://timmoody.com/iiab-files/maps -satellite_version: satellite_z0-z9_v3.mbtiles # 2021-12-20: Var unused, but hard-coded in 11 places within https://github.com/iiab/iiab-admin-console -- #3077 discusses map-catalog.json & adm-map-catalog.json -installer_planet: planet_z0-z6_2020.mbtiles -installer_satellite: satellite_z0-z6_2020.mbtiles + + +# 2022-04-30 -- Unused, but URL illustrates legacy approach: +#iiab_map_url: https://download.iiab.io/content/OSM/vector-tiles/maplist/hidden diff --git a/roles/osm-vector-maps/tasks/install.yml b/roles/osm-vector-maps/tasks/install.yml index 9c304c88c..ab28c7cd6 100644 --- a/roles/osm-vector-maps/tasks/install.yml +++ b/roles/osm-vector-maps/tasks/install.yml @@ -1,3 +1,13 @@ +- name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" + package: + state: present + name: + - python3-geojson + - python3-pil + - python3-wget + #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml + - php{{ php_version }}-sqlite3 + - name: Make 5 directories (0755 by default) file: path: "{{ item }}" @@ -10,29 +20,12 @@ - "{{ vector_map_path }}/viewer/tiles" - "{{ vector_map_path }}/installer" -- name: "Install packages for map installation: python3-geojson, python3-pil, python3-wget, php{{ php_version }}-sqlite3 (can also be installed by www_base/tasks/php-stem.yml)" - package: - state: present - name: - - python3-geojson - - python3-pil - - python3-wget - #- php{{ php_version }}-common # Auto-installed as an apt dependency. REGARDLESS: php{{ php_version }}-common superset php{{ php_version }}-cli is auto-installed by php{{ php_version }}-fpm in nginx/tasks/install.yml - - php{{ php_version }}-sqlite3 - -# - name: Does 26M cities database {{ vector_map_path }}/viewer/cities1000.sqlite exist? -# stat: -# path: "{{ vector_map_path }}/viewer/cities1000.sqlite" -# register: cities_installed - -# - name: If not, download {{ iiab_map_url }}/regional-resources/cities1000.sqlite to {{ vector_map_path }}/viewer/ -# At this point, fetches from github.com/'REPO'/maps from maps_branch -- name: Download 26M {{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite to {{ vector_map_path }}/viewer/ +- name: Download 26MB {{ maps_assets_url }}/cities1000.sqlite to {{ vector_map_path }}/viewer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/2020/cities1000.sqlite" + url: "{{ maps_assets_url }}/cities1000.sqlite" # e.g. https://raw.githubusercontent.com/iiab/maps-assets/main dest: "{{ vector_map_path }}/viewer/" timeout: "{{ download_timeout }}" -# when: not cities_installed.stat.exists + - name: Download {{ osm_repo_url }}/{{ maps_branch }}/2020/map-catalog.json to {{ iiab_etc_path }} get_url: @@ -52,21 +45,10 @@ path: "{{ vector_map_path }}/test-page/assets/map-catalog.json" state: link -#- name: Download {{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json to {{ iiab_etc_path }} -# get_url: -# url: "{{ osm_repo_url }}/{{ maps_branch }}/resources/regions.json" -# dest: "{{ iiab_etc_path }}" -# timeout: "{{ download_timeout }}" - -#- name: Symlink {{ vector_map_path }}/maplist/assets/regions.json -> /etc/iiab/regions.json -# file: -# src: /etc/iiab/regions.json -# path: "{{ vector_map_path }}/maplist/assets/regions.json" -# state: link - name: Download OpenLayers test page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/* to {{ vector_map_path }}/test-page/ -- for test page http://box/osm-vector-maps/installer/ get_url: - url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" # https://raw.githubusercontent.com/iiab/maps / master + url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/test-page/build/{{ item }}" dest: "{{ vector_map_path }}/test-page/" timeout: "{{ download_timeout }}" with_items: @@ -74,7 +56,6 @@ - index.html - name: Download OpenLayers viewer page stuff (JavaScript bundle etc) from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/build/* to {{ vector_map_path }}/viewer/ -# At this point, fetches from github.com/iiab/maps from {{ maps_branch }} branch get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/build/{{ item }}" dest: "{{ vector_map_path }}/viewer/" @@ -95,9 +76,10 @@ - searchapi.php - tileserver.php -- name: Download 34MB {{ map_catalog_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer + +- name: Download 48MB {{ maps_assets_url }}/{{ installer_planet }} to {{ vector_map_path }}/installer/ -- for map installer get_url: - url: "{{ map_catalog_url }}/{{ installer_planet }}" + url: "{{ maps_assets_url }}/{{ installer_planet }}" # e.g. planet_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/installer/" timeout: "{{ download_timeout }}" @@ -113,12 +95,13 @@ path: "{{ vector_map_path }}/viewer/tiles/{{ installer_planet }}" state: link -- name: Download abbreviated satellite images from {{ map_catalog_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ +- name: Download 25MB {{ maps_assets_url }}/{{ installer_satellite }} to {{ vector_map_path }}/viewer/tiles/ -- basic satellite photos get_url: - url: "{{ map_catalog_url }}/{{ installer_satellite }}" + url: "{{ maps_assets_url }}/{{ installer_satellite }}" # e.g. satellite_z0-z6_2020.mbtiles dest: "{{ vector_map_path }}/viewer/tiles/" timeout: "{{ download_timeout }}" + - name: Download {index.html, installer-bundle.js} from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/installer/build/* to {{ vector_map_path }}/installer/ -- for map installer get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/installer/build/{{ item }}" @@ -139,7 +122,6 @@ - installer-functions.js - tileserver.php -# the following was changed to grab from the iiab/maps repo - name: Download 15 common assets from {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/assets/* to {{ vector_map_path }}/viewer/assets/ -- for the general purpose map viewer get_url: url: "{{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/assets/{{ item }}" @@ -149,7 +131,7 @@ - bboxes.geojson - center.png - countries.json - - fonts.css + # - fonts.css - ol-layerswitcher.css - ol-contextmenu.css - pin_drop.png @@ -176,15 +158,19 @@ state: link force: yes -- name: Copy fonts (16 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) + +- name: Copy noto-sans fonts (15 files) to {{ doc_root }}/common/fonts/ for the general purpose map viewer (root:root, 0644 by default) copy: src: "{{ item }}" dest: "{{ doc_root }}/common/fonts/" - # mode: 0644 - # owner: root - # group: root with_fileglob: - - fonts/* + - fonts/noto-sans* + +- name: Copy fonts.css to {{ vector_map_path }}/viewer/assets/ + copy: + src: fonts/fonts.css + dest: "{{ vector_map_path }}/viewer/assets/" + - name: Force Download redirect {{ osm_repo_url }}/{{ maps_branch }}/osm-source/pages/viewer/installer-index.redirect to test page {{ vector_map_path }}/maplist/index.html get_url: diff --git a/roles/osm-vector-maps/tasks/main.yml b/roles/osm-vector-maps/tasks/main.yml index a16cfcd34..388c594d6 100644 --- a/roles/osm-vector-maps/tasks/main.yml +++ b/roles/osm-vector-maps/tasks/main.yml @@ -11,28 +11,34 @@ quiet: yes -- name: Install OSM Vector Maps if 'osm_vector_maps_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: osm_vector_maps_installed is undefined - +- block: -- name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled - include_tasks: nginx.yml - #when: nginx_enabled # NGINX is mandatory starting with IIAB 7.2 + - name: Install OSM Vector Maps if 'osm_vector_maps_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: osm_vector_maps_installed is undefined + - name: Enable/Disable/Reload NGINX for OSM, if nginx_enabled + include_tasks: nginx.yml -- name: Add 'osm-vector-maps' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: osm-vector-maps - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: OSM Vector Maps - - option: description - value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising. Download detailed ''vector maps'' for an entire continent, or the entire world! Also includes 10+ zoom levels of satellite imagery!"' - - option: osm_vector_maps_install - value: "{{ osm_vector_maps_install }}" - - option: osm_vector_maps_enabled - value: "{{ osm_vector_maps_enabled }}" + - name: Add 'osm-vector-maps' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: osm-vector-maps + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: OSM Vector Maps + - option: description + value: '"OpenStreetMap is like Google Maps but better, for schools especially, as it works offline and avoids all the advertising. Download detailed ''vector maps'' for an entire continent, or the entire world! Also includes 10+ zoom levels of satellite imagery!"' + - option: osm_vector_maps_install + value: "{{ osm_vector_maps_install }}" + - option: osm_vector_maps_enabled + value: "{{ osm_vector_maps_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/pbx/README.adoc b/roles/pbx/README.adoc index 6a3d643f6..bef5c3924 100644 --- a/roles/pbx/README.adoc +++ b/roles/pbx/README.adoc @@ -4,7 +4,7 @@ https://internet-in-a-box.org[Internet-in-a-Box (IIAB)] can install https://asterisk.org/[Asterisk] and https://freepbx.org/[FreePBX] for Voice over IP (VoIP) calls using regular Android and iPhone softphone (SIP) apps — e.g. for low-cost and rural telephony. -As of April 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. +As of May 2022, IIAB installs https://wiki.asterisk.org/wiki/display/AST/Asterisk+19+Documentation[Asterisk 19] and https://www.freepbx.org/freepbx-16-is-now-released-for-general-availability/[FreePBX 16]. PHP 7.4 is REQUIRED (https://github.com/iiab/iiab/pull/2899[PR #2899]) and PHP 8.x does not yet work (https://github.com/iiab/iiab/pull/3019#issuecomment-962469346[PR #3109]) — so please consider installing this on https://github.com/iiab/iiab/wiki/IIAB-Platforms#operating-systems[Ubuntu 20.04, Debian 11, or Raspberry Pi OS 11 "Bullseye"]. @@ -28,13 +28,13 @@ https://en.wikipedia.org/wiki/FreePBX[FreePBX] is a web-based open source GUI (g == Install it -. As you begin installing Internet-in-a-Box (IIAB) from http://download.iiab.io[download.iiab.io], it will prompt you: +. As you begin installing Internet-in-a-Box (IIAB) from https://download.iiab.io[download.iiab.io], it will prompt you: + ---- Edit /etc/iiab/local_vars.yml to customize your Internet-in-a-Box? [Y/n] ---- + -Accept the challenge! Make sure your IIAB configuration file (http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: +Accept the challenge! Make sure your IIAB configuration file (https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml]) contains: + ---- pbx_install: True @@ -43,7 +43,7 @@ pbx_enabled: True + FreePBX can be used with either or both web servers, NGINX on port 80 (as is new) and/or Apache on port 83 (as is traditional). + -If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: +If you don't want Apache installed on your IIAB, and you prefer NGINX's shorter URL (http://box/freepbx), optionally set this line in your https://wiki.iiab.io/go/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F[/etc/iiab/local_vars.yml] prior to installing IIAB: + ---- pbx_use_apache: False @@ -55,7 +55,7 @@ Or, if you want to use FreePBX with Apache alone (http://box:83/freepbx), option pbx_use_nginx: False ---- + -If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/php/X.Y/cli/php.ini` and/or `/etc/php/X.Y/nginx/php.ini` (where `X.Y` is typically 7.4) as outlined within https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L88-L131[/opt/iiab/iiab/roles/www_options/tasks/main.yml] — some of which happens automatically if you also set: +If using PBX intensively, please adjust `/etc/php/X.Y/apache2/php.ini`, `/etc/php/X.Y/cli/php.ini` and/or `/etc/php/X.Y/nginx/php.ini` (where `X.Y` is typically 7.4) as outlined within link:../www_options/tasks/main.yml#L86-L129[/opt/iiab/iiab/roles/www_options/tasks/main.yml] — some of which happens automatically if you also set: + ---- nginx_high_php_limits: True @@ -238,6 +238,7 @@ sudo fwconsole reload * Exit the Asterisk CLI, and try Linux commands like: + ---- +asterisk -rx "core show version" asterisk -rx "pjsip show endpoints" asterisk -rx "cdr show status" ---- @@ -284,33 +285,29 @@ image::files/password_change.jpg[] == Known Issues -Please also check the "Known Issues" at the bottom of https://github.com/iiab/iiab/wiki#our-evolution[IIAB's latest release notes]. +Please also check the "Known Issues" at the bottom of https://github.com/iiab/iiab/wiki#past-releases[IIAB's latest release notes]. -_If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/pages/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ - -. As of 2021-11-05, FreePBX 16 needed 2 lines to be manually patched in order to work with the new Asterisk 19 (https://github.com/iiab/iiab/issues/2934#issuecomment-962137815[#2934]). -+ -As of 2021-11-06, these 2 lines are live-patched (automatically) by IIAB when installing FreePBX (https://github.com/iiab/iiab/pull/3019[PR #3019]). We hope that this workaround becomes unnecessary in coming weeks, thanks to subsequent https://github.com/FreePBX/framework/tags[FreePBX 16 point releases]. +_If there's a bug or serious problem with IIAB, please do https://internet-in-a-box.org/contributing.html[make contact] and post an issue here: https://github.com/iiab/iiab/issues_ . Apache's `/var/lib/php/asterisk_sessions/` directory might also be needed for NGINX? + -If not, the https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L151-L163[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` +If not, the link:tasks/freepbx.yml#L175-L187[configuration of /var/lib/php/asterisk_sessions/] might be made conditional upon `when: not pbx_use_apache` -. The https://github.com/iiab/iiab/blob/master/roles/pbx/tasks/freepbx.yml#L208-L211[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? +. The link:tasks/freepbx.yml#L214-L221[installation of /etc/odbc.ini] for CDR (Call Detail Records) database `asteriskcdrdb` might benefit from compiling the ODBC driver for aarch64, per https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html ? + See the output of `asterisk -rx "cdr show status"` as mentioned at https://github.com/iiab/iiab/pull/2938#issuecomment-898693126[#2938] and https://github.com/iiab/iiab/pull/2942[PR #2942]. . Raspberry Pi Zero W Warning + -Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then (https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards[attempt!]) to https://github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml[install Node.js] _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at https://github.com/iiab/iiab/issues/2082#issuecomment-569344617[#2082]). You might also need `apt install npm`. Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer. https://github.com/iiab/iiab/issues/1799[#1799] +Node.js applications like Asterisk/FreePBX, Node-RED and Sugarizer won't work on Raspberry Pi Zero W (ARMv6) if you installed Node.js while on RPi 3, 3 B+ (ARMv7) or RPi 4 (ARMv8). If necessary, run `apt remove nodejs` or `apt purge nodejs` then `rm /etc/apt/sources.list.d/nodesource.list; apt update` then (https://nodered.org/docs/hardware/raspberrypi#swapping-sd-cards[attempt!]) to link:../nodejs/tasks/main.yml[install Node.js] _on the Raspberry Pi Zero W itself_ (a better approach than "cd /opt/iiab/iiab; ./runrole nodejs" is to try `apt install nodejs` or try installing the tar file mentioned at https://github.com/iiab/iiab/issues/2082#issuecomment-569344617[#2082]). You might also need `apt install npm`. Whatever versions of Node.js and npm you install, make sure `/etc/iiab/iiab_state.yml` contains the line `nodejs_installed: True` (add it if nec!) Finally, proceed to install Asterisk/FreePBX, Node-RED and/or Sugarizer. https://github.com/iiab/iiab/issues/1799[#1799] //// == Raspberry Pi Known Issues -As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a http://wiki.laptop.org/go/IIAB/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. +As of 2019-02-14, "systemctl restart freepbx" failed more than 50% of the time when run on a https://wiki.iiab.io/go/FAQ#What_services_.28IIAB_apps.29_are_suggested_during_installation.3F[LARGE-sized] install of IIAB 6.7 on RPi 3 or RPi 3 B+. -It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please http://wiki.laptop.org/go/IIAB/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] +It is possible that FreePBX restarts much more reliably when run on a SMALL-sized install of IIAB? Please https://wiki.iiab.io/go/FAQ#What_are_the_best_places_for_community_support.3F[contact us] if you can assist here in any way: https://github.com/iiab/iiab/issues/1493[#1493] //// @@ -321,7 +318,11 @@ In February 2019, this https://github.com/iiab/iiab/tree/master/roles/pbx[roles/ In August 2021 it was overhauled, with thanks to these 3 sources especially: * "Official" recipe: https://wiki.freepbx.org/display/FOP/Installing+FreePBX+16+on+Debian+10.9 -* Comprehensive & recent recipe for Raspberry Pi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +* Comprehensive & recent recipe for Raspberry Pi: https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html * Popular but dated recipe: https://computingforgeeks.com/how-to-install-asterisk-16-with-freepbx-15-on-ubuntu-debian/ +In May 2022, installation of FreePBX was made more resilient in https://github.com/iiab/iiab/pull/3229[PR #3229] thanks to: + +* Ron Raikes' routine to install FreePBX from GitHub: https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 + Thank you to _ALL_ who've contributed — including Lemuel D'Souza, Jerry Vonau, Adam Holt and Anish Mangal! diff --git a/roles/pbx/defaults/main.yml b/roles/pbx/defaults/main.yml index 3767f690e..1ef7b8125 100644 --- a/roles/pbx/defaults/main.yml +++ b/roles/pbx/defaults/main.yml @@ -1,6 +1,9 @@ # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. -# 2019: Worked on Ubuntu 18.04, Debian 9 w/ Node.js 10.x, and seemingly RPi 3+. +# +# 2022-05-25: PHP 7.4 REQUIRED -- PLEASE READ: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-03: Attempts FreePBX 16 Beta -- as required w/ PHP 7.4 OS's for #2897 +# 2019: Worked on Ubuntu 18.04, Debian 9 w/ Node.js 10.x, and seemingly RPi 3+. # pbx_install: False # pbx_enabled: False @@ -18,12 +21,14 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -asterisk_url: http://downloads.asterisk.org/pub/telephony/asterisk +asterisk_url: https://downloads.asterisk.org/pub/telephony/asterisk asterisk_src_file: asterisk-19-current.tar.gz asterisk_src_dir: "{{ iiab_base }}/asterisk" # /opt/iiab -freepbx_url: http://mirror.freepbx.org/modules/packages/freepbx/7.4 -freepbx_src_file: freepbx-16.0-latest.tgz # Beta as of 2021-06-21 but looking great! Does NOT support PHP < 7.4 (you've been warned!) Please review https://github.com/iiab/iiab/blob/master/roles/pbx/README.rst +# freepbx_url: https://mirror.freepbx.org/modules/packages/freepbx/7.4 +# freepbx_src_file: freepbx-16.0-latest.tgz # 2022-05-25 #3228: Filename has become bogus (as it's not really the latest!) Manually unpacking the latest .tar.gz for FreePBX 16.x from https://github.com/FreePBX/framework/tags to /opt/iiab/freepbx can work if absolutely nec. +freepbx_git_url: https://github.com/FreePBX/framework +freepbx_git_branch: release/16.0 # EMERGING OPTION AS OF MAY 2022: https://github.com/FreePBX/framework/tree/release/17.0 freepbx_src_dir: "{{ iiab_base }}/freepbx" freepbx_install_dir: /var/www/html/freepbx diff --git a/roles/pbx/tasks/asterisk.yml b/roles/pbx/tasks/asterisk.yml index 56ece2541..7c52248bf 100644 --- a/roles/pbx/tasks/asterisk.yml +++ b/roles/pbx/tasks/asterisk.yml @@ -1,5 +1,5 @@ -# 2021-08-16 README.adoc, with screenshots: -# https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# 2022-05-25 README.adoc, with screenshots: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-05: Asterisk's own install_prereq (below) handles essentially all of these @@ -55,7 +55,7 @@ # name: aptitude # state: latest -- name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 5 MIN OR LONGER! +- name: Asterisk - Run 'install_prereq install' for dependencies - CAN TAKE 2-5 MIN OR LONGER! shell: export DEBIAN_FRONTEND=noninteractive && ./contrib/scripts/install_prereq install args: chdir: "{{ asterisk_src_dir }}" @@ -88,13 +88,13 @@ args: chdir: "{{ asterisk_src_dir }}" -- name: Asterisk - Run 'make' - CAN TAKE 8-30 MIN OR LONGER! +- name: Asterisk - Run 'make' - CAN TAKE 4-30 MIN OR LONGER! command: make args: chdir: "{{ asterisk_src_dir }}" creates: defaults.h -- name: Asterisk - Run 'make install' - CAN TAKE 2 MIN OR LONGER! +- name: Asterisk - Run 'make install' - CAN TAKE 1-2 MIN W/ SLOW DISKS? command: make install args: chdir: "{{ asterisk_src_dir }}" diff --git a/roles/pbx/tasks/chan_dongle.yml b/roles/pbx/tasks/chan_dongle.yml index a9fbfcf25..b7b5c5691 100644 --- a/roles/pbx/tasks/chan_dongle.yml +++ b/roles/pbx/tasks/chan_dongle.yml @@ -1,4 +1,4 @@ -# RPi: http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +# RPi: https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html - name: chan_dongle - Download {{ chan_dongle_url }}/{{ chan_dongle_src_file }} to {{ downloads_dir }} get_url: diff --git a/roles/pbx/tasks/freepbx.yml b/roles/pbx/tasks/freepbx.yml index 9a7f34a5a..5480e7722 100644 --- a/roles/pbx/tasks/freepbx.yml +++ b/roles/pbx/tasks/freepbx.yml @@ -1,5 +1,5 @@ -# 2021-08-16 README.adoc, with screenshots: -# https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# 2022-05-25 README.adoc, with screenshots: +# https://github.com/iiab/iiab/tree/master/roles/pbx#readme # 2021-08-04: Non-native systemd service 'asterisk.service' (redirects via @@ -66,35 +66,45 @@ include_tasks: apache.yml when: pbx_use_apache -- name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} - get_url: - url: "{{ freepbx_url }}/{{ freepbx_src_file }}" - dest: "{{ downloads_dir }}" # e.g. /opt/iiab/downloads/freepbx-16.0-latest.tgz - timeout: "{{ download_timeout }}" -- name: FreePBX - Check for {{ downloads_dir }}/{{ freepbx_src_file }} - stat: - path: "{{ downloads_dir }}/{{ freepbx_src_file }}" - register: freepbx_src +# - name: FreePBX - Download {{ freepbx_url }}/{{ freepbx_src_file }} to {{ downloads_dir }} +# get_url: +# url: "{{ freepbx_url }}/{{ freepbx_src_file }}" +# dest: "{{ downloads_dir }}" # e.g. /opt/iiab/downloads/freepbx-16.0-latest.tgz +# timeout: "{{ download_timeout }}" -- name: FreePBX - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ freepbx_src_file }} doesn't exist - fail: - msg: "{{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED to install FreePBX." - when: not freepbx_src.stat.exists +# - name: FreePBX - Check for {{ downloads_dir }}/{{ freepbx_src_file }} +# stat: +# path: "{{ downloads_dir }}/{{ freepbx_src_file }}" +# register: freepbx_src -- name: FreePBX - Create source dir {{ freepbx_src_dir }} - file: - path: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx - state: directory +# - name: FreePBX - FAIL (force Ansible to exit) IF {{ downloads_dir }}/{{ freepbx_src_file }} doesn't exist +# fail: +# msg: "{{ downloads_dir }}/{{ freepbx_src_file }} is REQUIRED to install FreePBX." +# when: not freepbx_src.stat.exists + +# - name: FreePBX - Create source dir {{ freepbx_src_dir }} +# file: +# path: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx +# state: directory + +# - name: FreePBX - Extract to source dir (root:root) +# unarchive: +# src: "{{ downloads_dir }}/{{ freepbx_src_file }}" +# dest: "{{ freepbx_src_dir }}" +# owner: root +# group: root +# extra_opts: [--strip-components=1] +# creates: "{{ freepbx_src_dir }}/install" + +- name: FreePBX - git clone {{ freepbx_git_url }} -b {{ freepbx_git_branch }} --depth 1 {{ freepbx_src_dir }} (force) + git: + repo: "{{ freepbx_git_url }}" # https://github.com/FreePBX/framework + dest: "{{ freepbx_src_dir }}" # /opt/iiab/freepbx + version: "{{ freepbx_git_branch }}" # e.g. release/16.0 + depth: 1 + force: yes -- name: FreePBX - Extract to source dir (root:root) - unarchive: - src: "{{ downloads_dir }}/{{ freepbx_src_file }}" - dest: "{{ freepbx_src_dir }}" - owner: root - group: root - extra_opts: [--strip-components=1] - creates: "{{ freepbx_src_dir }}/install" # No longer needed since approx 2022-01-31 / 2022-02-14, as confirmed by: # https://github.com/FreePBX/framework/blob/release/16.0/install.php#L27 @@ -141,7 +151,6 @@ # login_user: root # login_password: "{{ mysql_root_password }}" host: "{{ (asterisk_db_host == 'localhost') | ternary('localhost', ansible_default_ipv4.address) }}" - state: present - name: FreePBX - Add MySQL db ({{ asterisk_db_dbname }}) mysql_db: @@ -151,7 +160,6 @@ login_host: "{{ asterisk_db_host }}" login_user: "{{ asterisk_db_user }}" login_password: "{{ asterisk_db_password }}" - state: present - name: FreePBX - Add CDR MySQL db ({{ asterisk_db_cdrdbname }}) mysql_db: @@ -161,7 +169,6 @@ login_host: "{{ asterisk_db_host }}" login_user: "{{ asterisk_db_user }}" login_password: "{{ asterisk_db_password }}" - state: present # 2021-08-16: DOES NGINX NEED THE NEXT 2 STANZAS? (If not, should 'when: pbx_use_apache' be added?) @@ -180,17 +187,17 @@ - name: "FreePBX - Populate /etc/asterisk/freepbx_chown.conf to prevent 'fwconsole chown' takeover of /var/lib/php/sessions" # And possibly later /etc/freepbx.conf, /var/log/asterisk/freepbx.log, /var/spool/asterisk/cache blockinfile: - content: | + path: /etc/asterisk/freepbx_chown.conf + block: | [blacklist] directory = /var/lib/php/sessions marker: "; {mark} ANSIBLE MANAGED BLOCK" - dest: /etc/asterisk/freepbx_chown.conf owner: asterisk group: asterisk create: yes -- name: FreePBX - git clone https://github.com/mariadb-corporation/mariadb-connector-odbc to /usr/src/mariadb-connector-odbc +- name: FreePBX - git clone https://github.com/mariadb-corporation/mariadb-connector-odbc --depth 1 /usr/src/mariadb-connector-odbc (force) git: repo: https://github.com/mariadb-corporation/mariadb-connector-odbc dest: /usr/src/mariadb-connector-odbc @@ -203,7 +210,7 @@ args: creates: /usr/local/lib/mariadb/libmaodbc.so -# http://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html +# https://mghadam.blogspot.com/2021/03/install-asterisk-18-freepbx-15-on.html - name: FreePBX - Install /etc/odbc.ini, /etc/odbcinst.ini from template (root:root, 0644 by default) template: src: "{{ item.src }}" @@ -218,7 +225,7 @@ dest: /etc/asterisk/cdr_mysql.conf -- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - CAN TAKE 3-12 MIN OR LONGER! +- name: FreePBX - 2-step install - won't run if {{ freepbx_install_dir }} already exists - FAST W/ GITHUB (OR freepbx-16.0-latest.tgz CAN TAKE 3-12 MIN OR LONGER!) command: "{{ item }}" args: chdir: "{{ freepbx_src_dir }}" @@ -228,6 +235,21 @@ - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} # - ./install -n --webroot {{ freepbx_install_dir }} --dbuser {{ asterisk_db_user }} --dbpass {{ asterisk_db_password }} --dbname {{ asterisk_db_dbname }} --cdrdbname {{ asterisk_db_cdrdbname }} + +# 2022-05-25 BACKGROUND: https://github.com/iiab/iiab/pull/3229#issuecomment-1138061460 +- name: FreePBX - Revert the above just-installed FreePBX 'framework' module by a few weeks-or-so from GitHub's bleeding edge, to a more official version (which can help to install the ~15 modules below!) + command: fwconsole ma downloadinstall framework + +# ERROR IF RUN BELOW: "Unable to connect to remote asterisk" +- name: FreePBX - Run 'fwconsole reload' - as an additional precaution, per Ron Raikes @ https://community.freepbx.org/t/asterisk-19-1-0-and-freepbx-install/81029/15 + command: fwconsole reload + +# DEFAULT MODULE LIST AUG 2021: https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 +# YIELDS 2 MORE AS OF MAY 2022: https://github.com/iiab/iiab/pull/3229#issuecomment-1138566339 +- name: FreePBX - Download + Install 15 additional FreePBX default modules (of about 70 total) as if we were installing freepbx-16.0-latest.tgz - THIS CAN TAKE SEVERAL MIN! + command: fwconsole ma downloadinstall callrecording cdr conferences core customappsreg dashboard featurecodeadmin infoservices logfiles music pm2 recordings sipsettings soundlang voicemail + + - name: FreePBX - Run 'fwconsole stop', 'killall -9 safe_asterisk' to stop both main Asterisk processes - this avoids "Unable to run Pre-Asterisk hooks, because Asterisk is already running" in 'journalctl -u freepbx' logs command: "{{ item }}" with_items: @@ -264,9 +286,10 @@ src: freepbx.service dest: /etc/systemd/system/ -# Default module list https://github.com/iiab/iiab/pull/2916#issuecomment-894601522 -- name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! - command: fwconsole ma upgradeall + +# 2022-05-25: Replaced by 'fwconsole ma downloadinstall' commands above +# - name: FreePBX - Run 'fwconsole ma upgradeall' on installed FreePBX modules, e.g. 16 default modules (of about 70 total) - CAN TAKE 1 MIN OR LONGER! +# command: fwconsole ma upgradeall # - name: FreePBX - Add "$amp_conf['CHECKREFERER'] = false;" to /etc/freepbx.conf #2931 - if pbx_use_nginx" # lineinfile: diff --git a/roles/pbx/tasks/install.yml b/roles/pbx/tasks/install.yml index eb3163fe4..474ddb58d 100644 --- a/roles/pbx/tasks/install.yml +++ b/roles/pbx/tasks/install.yml @@ -1,4 +1,4 @@ -- name: "ONLY PHP 7.4 IS SUPPORTED AS OF AUG 2021 -- PLEASE READ: https://github.com/iiab/iiab/tree/master/roles/pbx/#pbx-readme" +- name: "ONLY PHP 7.4 IS SUPPORTED AS OF MAY 2022 -- PLEASE READ: https://github.com/iiab/iiab/tree/master/roles/pbx#readme" meta: noop diff --git a/roles/pbx/tasks/main.yml b/roles/pbx/tasks/main.yml index 508691965..81a9dcebd 100644 --- a/roles/pbx/tasks/main.yml +++ b/roles/pbx/tasks/main.yml @@ -19,29 +19,38 @@ quiet: yes -- name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: pbx_installed is undefined +- block: -- name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle - include_tasks: chan_dongle.yml - when: asterisk_chan_dongle + - name: Install PBX if pbx_installed is not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: pbx_installed is undefined -- include_tasks: enable-or-disable.yml + - name: Install & Enable chan_dongle for Huawei USB modems - if asterisk_chan_dongle + include_tasks: chan_dongle.yml + when: asterisk_chan_dongle + + - include_tasks: enable-or-disable.yml -- name: Add 'pbx' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: pbx - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: PBX - - option: description - value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' - - option: pbx_install - value: "{{ pbx_install }}" - - option: pbx_enabled - value: "{{ pbx_enabled }}" + - name: Add 'pbx' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: pbx + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: PBX + - option: description + value: '"Full-featured PBX for rural telephony etc, that can integrate with GSM (mobile phone) networks. Based on Asterisk (Voice over IP, SIP telephone numbers) and FreePBX (web-based GUI to administer it)."' + - option: pbx_install + value: "{{ pbx_install }}" + - option: pbx_enabled + value: "{{ pbx_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml index 00c694aef..ff6343c56 100644 --- a/roles/phpmyadmin/defaults/main.yml +++ b/roles/phpmyadmin/defaults/main.yml @@ -4,7 +4,7 @@ # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -phpmyadmin_version: 5.1.3 +phpmyadmin_version: 5.2.0 phpmyadmin_name: "phpMyAdmin-{{ phpmyadmin_version }}-all-languages" phpmyadmin_dl_url: "https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" phpmyadmin_name_zip: "{{ phpmyadmin_version }}/{{ phpmyadmin_name }}.tar.xz" diff --git a/roles/phpmyadmin/tasks/install.yml b/roles/phpmyadmin/tasks/install.yml index eaec8af82..345927a04 100644 --- a/roles/phpmyadmin/tasks/install.yml +++ b/roles/phpmyadmin/tasks/install.yml @@ -3,7 +3,6 @@ url: "{{ phpmyadmin_dl_url }}" # e.g. https://files.phpmyadmin.net/phpMyAdmin/5.0.4/phpMyAdmin-5.0.4-all-languages.zip dest: "{{ downloads_dir }}" # /opt/iiab/downloads timeout: "{{ download_timeout }}" - when: internet_available - name: Does {{ downloads_dir }}/{{ phpmyadmin_name_zip }} exist? stat: @@ -46,6 +45,7 @@ # # recurse: yes # # state: directory + # RECORD phpMyAdmin AS INSTALLED - name: "Set 'phpmyadmin_installed: True'" diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml index 55339f268..b4f04646d 100644 --- a/roles/phpmyadmin/tasks/main.yml +++ b/roles/phpmyadmin/tasks/main.yml @@ -19,29 +19,36 @@ quiet: yes -- name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: phpmyadmin_installed is undefined +- block: + - name: "INCOMPLETE WITHOUT APACHE AS OF 2021-07-06: Install phpMyAdmin if 'phpmyadmin_installed' not defined, e.g. in {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: phpmyadmin_installed is undefined -- name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06 - include_tasks: enable-or-disable.yml + - name: INCOMPLETE WITHOUT APACHE AS OF 2021-07-06 + include_tasks: enable-or-disable.yml + - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: phpmyadmin + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: phpMyAdmin + - option: description + value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' + - option: phpmyadmin_install + value: "{{ phpmyadmin_install }}" + - option: phpmyadmin_enabled + value: "{{ phpmyadmin_enabled }}" + - option: path + value: /opt/phpmyadmin -- name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: phpmyadmin - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: phpMyAdmin - - option: description - value: '"phpMyAdmin is an interface with a MySQL database written in PHP, and available to administer the database engine locally or across the network."' - - option: phpmyadmin_install - value: "{{ phpmyadmin_install }}" - - option: phpmyadmin_enabled - value: "{{ phpmyadmin_enabled }}" - - option: path - value: /opt/phpmyadmin + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/postgresql/tasks/enable-or-disable.yml b/roles/postgresql/tasks/enable-or-disable.yml new file mode 100644 index 000000000..e9deb96d9 --- /dev/null +++ b/roles/postgresql/tasks/enable-or-disable.yml @@ -0,0 +1,14 @@ +- name: Enable & Start 'postgresql-iiab' systemd service, if postgresql_enabled + systemd: + name: postgresql-iiab + daemon_reload: yes + enabled: yes + state: started + when: postgresql_enabled + +- name: Disable & Stop 'postgresql-iiab' systemd service, if not postgresql_enabled + systemd: + name: postgresql-iiab + enabled: no + state: stopped + when: not postgresql_enabled diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index c69396d29..8d7070ea8 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -26,39 +26,33 @@ var: postgresql_installed -- name: Install PostgreSQL if 'postgresql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: postgresql_installed is undefined +- block: + - name: Install PostgreSQL if 'postgresql_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: postgresql_installed is undefined -- name: Enable & Start 'postgresql-iiab' systemd service, if postgresql_enabled - systemd: - name: postgresql-iiab - daemon_reload: yes - enabled: yes - state: started - when: postgresql_enabled + - include_tasks: enable-or-disable.yml -- name: Disable & Stop 'postgresql-iiab' systemd service, if not postgresql_enabled - systemd: - name: postgresql-iiab - enabled: no - state: stopped - when: not postgresql_enabled + - name: Add 'postgresql' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: postgresql + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: PostgreSQL + - option: description + value: '"PostgreSQL is a powerful, open source object-relational database system."' + - option: postgresql_install + value: "{{ postgresql_install }}" + - option: postgresql_enabled + value: "{{ postgresql_enabled }}" + rescue: -- name: Add 'postgresql' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: postgresql - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: PostgreSQL - - option: description - value: '"PostgreSQL is a powerful, open source object-relational database system."' - - option: postgresql_install - value: "{{ postgresql_install }}" - - option: postgresql_enabled - value: "{{ postgresql_enabled }}" + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/pylibs/templates/iiab_lib.py b/roles/pylibs/templates/iiab_lib.py index 84dee97e3..ef9da7e82 100644 --- a/roles/pylibs/templates/iiab_lib.py +++ b/roles/pylibs/templates/iiab_lib.py @@ -85,8 +85,9 @@ def read_library_xml(lib_xml_file, kiwix_exclude_attr=["favicon"]): # duplicated attributes[attr] = child.attrib[attr] # copy if not id or in exclusion list zims_installed[zim_id] = attributes path_to_id_map[child.attrib['path']] = zim_id - except IOError: + except: # though I try how can I carry on zims_installed = {} + path_to_id_map = {} return zims_installed, path_to_id_map def rem_libr_xml(zim_id, kiwix_library_xml): diff --git a/roles/remoteit/tasks/install.yml b/roles/remoteit/tasks/install.yml index ee838b9d3..4e52bd586 100644 --- a/roles/remoteit/tasks/install.yml +++ b/roles/remoteit/tasks/install.yml @@ -76,6 +76,15 @@ - name: Install remote.it Device Package for your CPU/OS, using https://downloads.remote.it/remoteit/install_agent.sh shell: curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh +# 2022-06-29: Ansible misinterprets "IIAB_LIKE=Ubuntu" (interpreting the entire +# OS as Ubuntu instead of Mint, on later Ansible runs) so let's remove line now. +- name: If Linux Mint, remove above "IIAB_LIKE=Ubuntu" from /etc/os-release (for Ansible's sloppy OS recognition logic) + lineinfile: + path: /etc/os-release + line: IIAB_LIKE=Ubuntu + state: absent + when: is_linuxmint + - name: "'rm /etc/remoteit/registration' (empty file used just above)" file: diff --git a/roles/samba/README.rst b/roles/samba/README.rst index 2f65310d0..ff9296f4c 100644 --- a/roles/samba/README.rst +++ b/roles/samba/README.rst @@ -22,4 +22,4 @@ Security Please review the default `/etc/samba/smb.conf `_ file, and revise it appropriately. -Please also review your overall `IIAB Security `_. +Please also review your overall `IIAB Security `_. diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2 index acfc004a7..9b60050d8 100755 --- a/roles/samba/templates/smb.conf.j2 +++ b/roles/samba/templates/smb.conf.j2 @@ -4,10 +4,10 @@ # # The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step # guides for installing, configuring, and using Samba: -# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf +# https://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf # # The Samba-3 by Example guide has working examples for smb.conf. This guide is -# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf +# generated daily: https://www.samba.org/samba/docs/Samba-Guide.pdf # # In this file, lines starting with a semicolon (;) or a hash (#) are # comments and are ignored. This file uses hashes to denote commentary and @@ -92,7 +92,12 @@ ; netbios name = MYSERVER ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 + +{% if network_172 %} hosts allow = 127. 172.18. +{% else %} + hosts allow = 127. 10.10.10. +{% endif %} ; max protocol = SMB2 diff --git a/roles/sugarizer/tasks/install.yml b/roles/sugarizer/tasks/install.yml index 08fabac93..948c128b7 100644 --- a/roles/sugarizer/tasks/install.yml +++ b/roles/sugarizer/tasks/install.yml @@ -46,7 +46,7 @@ # 3. DOWNLOAD+LINK /opt/iiab/sugarizer-server -# 2018-07-11: http://download.iiab.io/packages/sugarizer-server-1.0.tar.gz +# 2018-07-11: https://download.iiab.io/packages/sugarizer-server-1.0.tar.gz # was flawed, as documented at: # https://github.com/iiab/iiab/pull/814#issuecomment-404211098 # Versions of MongoDB, npm (& Node.js ?) matter! Sugarizer 1.0 Context: @@ -159,7 +159,7 @@ # WITH FUTURE UPGRADES BEYOND SUGARIZER 1.1?! # # SOME BACKGROUND -- WHY WE'RE AUTO-EDITING sugarizer-server'S CONFIG FILES: -# http://github.com/iiab/iiab/pull/1430#issuecomment-459129378 +# https://github.com/iiab/iiab/pull/1430#issuecomment-459129378 # sugarizer_port is set to 8089 in /opt/iiab/iiab/vars/default_vars.yml # If you need to change this, edit /etc/iiab/local_vars.yml prior to installing diff --git a/roles/sugarizer/tasks/main.yml b/roles/sugarizer/tasks/main.yml index e1e6b825b..d0c2ac55a 100644 --- a/roles/sugarizer/tasks/main.yml +++ b/roles/sugarizer/tasks/main.yml @@ -19,39 +19,53 @@ quiet: yes -# 3 stanzas moved up from install.yml, so Debian-or-any-OS-where-MongoDB-fails -# still finish their "LARGE-sized" IIAB install: (WITH LOUD RED WARNINGS!) +- block: -- name: "Set 'mongodb_install: True'" - set_fact: - mongodb_install: True + # 3 stanzas moved up from install.yml, so Debian-or-any-OS-where-MongoDB-fails + # still finish their "LARGE-sized" IIAB install: (WITH LOUD RED WARNINGS!) -- name: 'CAUTION: IF ''mongodb.service'' IS STOPPED FOR ANY REASON, IT WILL IMMEDIATELY CAUSE SUGARIZER TO FAIL ("502 Bad Gateway") !' - debug: - msg: "/etc/systemd/system/sugarizer.service Line 4 'Requires=mongodb.service' tries to auto-start MongoDB every time Sugarizer starts. IIAB (roles/mongodb/tasks/enable-or-disable.yml) tries its best to keep Ansible var 'mongodb_enabled' in sync with its systemd equivalent, i.e. the output of 'systemctl is-enabled mongodb' (as of 2020-10-29 both are typically disabled, unless other apps/services/operators choose to use MongoDB)." + - name: "Set 'mongodb_install: True'" + set_fact: + mongodb_install: True -- name: MONGODB - run 'mongodb' role (attempt to install MongoDB) - include_role: - name: mongodb + - name: 'CAUTION: IF ''mongodb.service'' IS STOPPED FOR ANY REASON, IT WILL IMMEDIATELY CAUSE SUGARIZER TO FAIL ("502 Bad Gateway") !' + debug: + msg: "/etc/systemd/system/sugarizer.service Line 4 'Requires=mongodb.service' tries to auto-start MongoDB every time Sugarizer starts. IIAB (roles/mongodb/tasks/enable-or-disable.yml) tries its best to keep Ansible var 'mongodb_enabled' in sync with its systemd equivalent, i.e. the output of 'systemctl is-enabled mongodb' (as of 2020-10-29 both are typically disabled, unless other apps/services/operators choose to use MongoDB)." + + - name: MONGODB - run 'mongodb' role (attempt to install MongoDB) + include_role: + name: mongodb -- name: EXIT 'sugarizer' ROLE & CONTINUE, IF 'mongodb_installed is undefined' - fail: # FORCE IT RED THIS ONCE! - msg: MongoDB INSTALLATION FAILED, perhaps because your OS is Debian 10 on aarch64? Nevertheless IIAB will continue (consider this a warning!) - when: mongodb_installed is undefined - ignore_errors: yes + # - name: EXIT 'sugarizer' ROLE & CONTINUE, IF 'mongodb_installed is undefined' + # fail: # FORCE IT RED THIS ONCE! + # msg: MongoDB INSTALLATION FAILED, perhaps because MongoDB doesn't yet support Ubuntu 22.04 with libssl3? Nevertheless IIAB will continue (consider this a warning!) + # when: mongodb_installed is undefined + # ignore_errors: yes # RESCUE (BELOW) NOW HANDLES THIS -# ELSE... + - name: Verify that mongodb_installed is defined + fail: + msg: MongoDB INSTALLATION FAILED, perhaps because MongoDB doesn't yet support Ubuntu 22.04 with libssl3? #3190 + when: mongodb_installed is undefined -- name: Install/Enable/Disable/Record Sugarizer (main2.yml) IF 'mongodb_installed is defined' - include_tasks: main2.yml - when: mongodb_installed is defined + # ELSE... -# THE block: APPROACH BELOW WORKS JUST LIKE main2.yml ABOVE. -# BUT IT VISUALLY POLLUTES: MANY BLUE "skipping:" MESSAGES IN ANSIBLE'S OUTPUT. + - name: Install/Enable/Disable/Record Sugarizer (main2.yml) IF 'mongodb_installed is defined' + include_tasks: main2.yml + when: mongodb_installed is defined -# - block: # ENTIRE BLOCK CONDITIONED ON 'when: mongodb_installed is defined' -# -# [MOVED TO main2.yml] -# -# when: mongodb_installed is defined # CONDITION FOR ENTIRE ABOVE block: + # THE block: APPROACH BELOW WORKS JUST LIKE main2.yml ABOVE. + # BUT IT VISUALLY POLLUTES: MANY BLUE "skipping:" MESSAGES IN ANSIBLE'S OUTPUT. + + # - block: # ENTIRE BLOCK CONDITIONED ON 'when: mongodb_installed is defined' + # + # [MOVED TO main2.yml] + # + # when: mongodb_installed is defined # CONDITION FOR ENTIRE ABOVE block: + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/sugarizer/tasks/main2.yml b/roles/sugarizer/tasks/main2.yml index 88aa786f8..5a719e233 100644 --- a/roles/sugarizer/tasks/main2.yml +++ b/roles/sugarizer/tasks/main2.yml @@ -3,8 +3,7 @@ when: sugarizer_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: enable-or-disable.yml +- include_tasks: enable-or-disable.yml - name: Add 'sugarizer' variable values to {{ iiab_ini_file }} diff --git a/roles/transmission/README.rst b/roles/transmission/README.rst index 7cc3d2701..40f6e38fc 100644 --- a/roles/transmission/README.rst +++ b/roles/transmission/README.rst @@ -15,7 +15,7 @@ Transmission README Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form). All these incarnations feature a very simple and intuitive interface, on top on an efficient, cross-platform backend: https://transmissionbt.com -Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. +Transmission is intended to download KA Lite content to Internet-in-a-Box (IIAB) from places like https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ — and also to seed content, assisting others. For example, once KA Lite videos and thumbnails are confirmed downloaded, copy them (carefully!) from ``/library/transmission`` into ``/library/ka-lite/content`` as outlined by "KA Lite Administration: What tips & tricks exist?" at http://FAQ.IIAB.IO @@ -28,7 +28,7 @@ Caveat emptor! (That's Latin for "Buyer Beware") Using It -------- -Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml `_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: +Install Transmission by setting 'transmission_install' and 'transmission_enabled' to True in `/etc/iiab/local_vars.yml `_ — carefully choosing language(s) for KA Lite videos you want to download — and then install IIAB. Or, if IIAB is already installed, run as root:: cd /opt/iiab/iiab ./runrole transmission @@ -66,9 +66,9 @@ After saving your changes in 'settings.json', restart Transmission by running:: Adding Torrents --------------- -Transmission can facilitate provisioning content onto your IIAB, e.g. by adding thousands of KA Lite videos from places like: http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +Transmission can facilitate provisioning content onto your IIAB, e.g. by adding thousands of KA Lite videos from places like: https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ -Please read the lettered instructions (A, B, C, D) in `/etc/iiab/local_vars.yml `_ and 'KA Lite Administration: What tips & tricks exist?' at http://FAQ.IIAB.IO outlining how to use Transmission to download and then install KA Lite content. +Please read the lettered instructions (A, B, C, D) in `/etc/iiab/local_vars.yml `_ and 'KA Lite Administration: What tips & tricks exist?' at http://FAQ.IIAB.IO outlining how to use Transmission to download and then install KA Lite content. You can also download other torrents using Transmission's web interface, or by typing `transmission-remote `_ at the command-line:: diff --git a/roles/transmission/defaults/main.yml b/roles/transmission/defaults/main.yml index 380ea6048..f6763f593 100644 --- a/roles/transmission/defaults/main.yml +++ b/roles/transmission/defaults/main.yml @@ -12,11 +12,11 @@ # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme # transmission_http_port: 9091 # transmission_url: /transmission/ -# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +# transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10.*,172.18.96.*,10.8.0.* # transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json # transmission_peer_port: 51413 -# Provision Transmission with torrent(s) from http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# Provision Transmission with torrent(s) from https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ # transmission_provision: True # transmission_kalite_version: 0.17 diff --git a/roles/transmission/tasks/enable-or-disable.yml b/roles/transmission/tasks/enable-or-disable.yml index 8804c5b17..c62a2edda 100644 --- a/roles/transmission/tasks/enable-or-disable.yml +++ b/roles/transmission/tasks/enable-or-disable.yml @@ -14,7 +14,7 @@ /usr/bin/transmission-remote --start-paused -n {{ transmission_username }}:{{ transmission_password }} - -a http://pantry.learningequality.org/downloads/ka-lite/{{ transmission_kalite_version }}/content/ka-lite-0.17-resized-videos-{{ item }}.torrent + -a https://pantry.learningequality.org/downloads/ka-lite/{{ transmission_kalite_version }}/content/ka-lite-0.17-resized-videos-{{ item }}.torrent with_items: "{{ transmission_kalite_languages }}" when: transmission_enabled and transmission_provision and transmission_kalite_languages is defined and transmission_kalite_languages is not none # '!= None' also works (i.e. to avoid var value 'null', with type 'NoneType') ignore_errors: yes diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml index c2f599628..bee271ab3 100644 --- a/roles/transmission/tasks/main.yml +++ b/roles/transmission/tasks/main.yml @@ -19,49 +19,56 @@ quiet: yes -- name: Install Transmission if 'transmission_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: transmission_installed is undefined +- block: + - name: Install Transmission if 'transmission_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: transmission_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'transmission' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: transmission + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Transmission + - option: description + value: '"Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form)."' + - option: transmission_install + value: "{{ transmission_install }}" + - option: transmission_enabled + value: "{{ transmission_enabled }}" + - option: transmission_download_dir + value: "{{ transmission_download_dir }}" + - option: transmission_user + value: "{{ transmission_user }}" + - option: transmission_group + value: "{{ transmission_group }}" + - option: transmission_http_port + value: "{{ transmission_http_port }}" + - option: transmission_url + value: "{{ transmission_url }}" + - option: transmission_peer_port + value: "{{ transmission_peer_port }}" + - option: transmission_provision + value: "{{ transmission_provision }}" + - option: transmission_kalite_version + value: "{{ transmission_kalite_version }}" + - option: transmission_kalite_languages + value: "{{ transmission_kalite_languages }}" + - option: transmission_username + value: "{{ transmission_username }}" + # 2020-04-14: better to redact passwords from /etc/iiab/iiab.ini etc, so iiab-diagnostics command doesn't publish these, etc + #- option: transmission_password + # value: "{{ transmission_password }}" -- name: Add 'transmission' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: transmission - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Transmission - - option: description - value: '"Transmission is a set of lightweight BitTorrent clients (in GUI, CLI and daemon form)."' - - option: transmission_install - value: "{{ transmission_install }}" - - option: transmission_enabled - value: "{{ transmission_enabled }}" - - option: transmission_download_dir - value: "{{ transmission_download_dir }}" - - option: transmission_user - value: "{{ transmission_user }}" - - option: transmission_group - value: "{{ transmission_group }}" - - option: transmission_http_port - value: "{{ transmission_http_port }}" - - option: transmission_url - value: "{{ transmission_url }}" - - option: transmission_peer_port - value: "{{ transmission_peer_port }}" - - option: transmission_provision - value: "{{ transmission_provision }}" - - option: transmission_kalite_version - value: "{{ transmission_kalite_version }}" - - option: transmission_kalite_languages - value: "{{ transmission_kalite_languages }}" - - option: transmission_username - value: "{{ transmission_username }}" - # 2020-04-14: better to redact passwords from /etc/iiab/iiab.ini etc, so iiab-diagnostics command doesn't publish these, etc - #- option: transmission_password - # value: "{{ transmission_password }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/usb_lib/templates/mount.d/70-usb-library b/roles/usb_lib/templates/mount.d/70-usb-library index 11358220d..5b9cfefe8 100644 --- a/roles/usb_lib/templates/mount.d/70-usb-library +++ b/roles/usb_lib/templates/mount.d/70-usb-library @@ -12,7 +12,7 @@ source {{ iiab_env_file }} case $IIAB_USB_LIB_SHOW_ALL in 'True'|'true'|'TRUE') - logger -p user.notice -t "70-usb-library" -- "Displaying root directory on $UM_MOUNTPOINT." + logger -p user.notice -t "70-usb-library" -- "Display entire USB drive is True. Checking for rootfs or /library on $UM_MOUNTPOINT." # regularize the variable IIAB_USB_LIB_SHOW_ALL=True ;; @@ -41,8 +41,20 @@ fi if [ -d $UM_MOUNTPOINT/usb ]; then SHARE_DIR="$UM_MOUNTPOINT/usb" fi + if [ "$IIAB_USB_LIB_SHOW_ALL" == "True" ]; then - SHARE_DIR="$UM_MOUNTPOINT" + UM_DEV=`findmnt $UM_MOUNTPOINT | grep / | awk '{print $2}'` + LIB_DEV=`findmnt /library | grep / | awk '{print $2}' |awk -F '[' '{print $1}'` + ROOT_DEV=`findmnt / | grep / | awk '{print $2}'` + if [ "$UM_DEV" == "$LIB_DEV" ]; then + logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing /library" + #echo "lib on dev" + elif [ "$UM_DEV" == "$ROOT_DEV" ]; then + logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing rootfs" + #echo "rootfs on dev" + else + SHARE_DIR="$UM_MOUNTPOINT" + fi fi if [ ! -z "$SHARE_DIR" ]; then @@ -50,7 +62,7 @@ if [ ! -z "$SHARE_DIR" ]; then else logger -p user.notice -t "70-usb-library" -- "did not find /share, /Share, /Piratebox/Share, /USB, or /usb on USB" fi - + if [ "$SHARE_DIR" != "" ];then CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'` diff --git a/roles/usb_lib/templates/umount.d/70-usb-library b/roles/usb_lib/templates/umount.d/70-usb-library index 7803b880f..5af914c01 100644 --- a/roles/usb_lib/templates/umount.d/70-usb-library +++ b/roles/usb_lib/templates/umount.d/70-usb-library @@ -16,9 +16,9 @@ logger -p user.notice -t "70-usb-library" -- "Attempting to remove link $CONTENT if [ -L $CONTENT_LINK ]; then {% if is_debuntu %} - /bin/rm $CONTENT_LINK + /bin/rm -f $CONTENT_LINK {% else %} - /usr/bin/rm $CONTENT_LINK + /usr/bin/rm -f $CONTENT_LINK {% endif %} logger -p user.notice -t "70-usb-library" -- "$CONTENT_LINK removed." fi diff --git a/roles/vnstat/tasks/install.yml b/roles/vnstat/tasks/install.yml index d015385bf..84bec243c 100644 --- a/roles/vnstat/tasks/install.yml +++ b/roles/vnstat/tasks/install.yml @@ -1,3 +1,10 @@ +# Similar code block in roles/network/tasks/detected_network.yml +- name: "Setting iiab_wan_iface to '{{ ansible_default_ipv4.alias }}' -- using ansible_default_ipv4.alias if detected" + set_fact: + iiab_wan_iface: "{{ ansible_default_ipv4.alias }}" + when: ansible_default_ipv4.gateway is defined + + - name: Install 'vnstat' package package: name: vnstat @@ -7,10 +14,9 @@ template: src: vnstat.conf.j2 dest: /etc/vnstat.conf - # owner: root - # group: root mode: '0744' + - name: Create database for WAN to collect vnStat data shell: /usr/bin/vnstat -i {{ iiab_wan_iface }} diff --git a/roles/vnstat/tasks/main.yml b/roles/vnstat/tasks/main.yml index 5e28f26aa..40ae032f4 100644 --- a/roles/vnstat/tasks/main.yml +++ b/roles/vnstat/tasks/main.yml @@ -19,26 +19,33 @@ quiet: yes -- name: Install vnStat if 'vnstat_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: vnstat_installed is undefined +- block: + - name: Install vnStat if 'vnstat_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: vnstat_installed is undefined -- include_tasks: enable-or-disable.yml + - include_tasks: enable-or-disable.yml + - name: Add 'vnstat' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: vnstat + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: vnStat + - option: description + value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."' + - option: vnstat_install + value: "{{ vnstat_install }}" + - option: vnstat_enabled + value: "{{ vnstat_enabled }}" -- name: Add 'vnstat' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: vnstat - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: vnStat - - option: description - value: '"vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s)."' - - option: vnstat_install - value: "{{ vnstat_install }}" - - option: vnstat_enabled - value: "{{ vnstat_enabled }}" + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml index f0af250be..a22710438 100644 --- a/roles/wordpress/tasks/install.yml +++ b/roles/wordpress/tasks/install.yml @@ -38,29 +38,40 @@ # state: present # when: php_version is version('8.0', '<') -- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }} - get_url: - url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" - dest: "{{ downloads_dir }}" - timeout: "{{ download_timeout }}" - register: wp_download_output - -- name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }} +- name: Delete {{ downloads_dir }}/wordpress.tar.gz if it exists file: - src: "{{ wp_download_output.dest }}" - path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads - state: link - when: wp_download_output.dest is defined + path: "{{ downloads_dir }}/wordpress.tar.gz" + state: absent -- name: Does {{ downloads_dir }}/wordpress.tar.gz link exist? +- name: Download {{ wordpress_download_base_url }}/{{ wordpress_src }} to {{ downloads_dir }}/wordpress.tar.gz + command: wget {{ wordpress_download_base_url }}/{{ wordpress_src }} -O {{ downloads_dir }}/wordpress.tar.gz + # 2022-05-04: Ansible approach below (get_url) fails with HTTP Error 429 + # (Too Many Requests) b/c Ansible's User-Agent string? Affecting 1 user in + # England and another user in Scotland, but not affecting many other + # countries/ISP's apparently? WordPress must have recently changed their + # hosting arrangements for https://wordpress.org/latest.tar.gz + # get_url: + # url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}" + # dest: "{{ downloads_dir }}" + # timeout: "{{ download_timeout }}" +# register: wp_download_output + +# - name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }} +# file: +# src: "{{ wp_download_output.dest }}" +# path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads +# state: link +# when: wp_download_output.dest is defined + +- name: Does {{ downloads_dir }}/wordpress.tar.gz exist? stat: path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads - register: wp_link + register: wp_tar_gz - name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist fail: msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress." - when: not wp_link.stat.exists + when: not wp_tar_gz.stat.exists - name: "Unpack {{ downloads_dir }}/wordpress.tar.gz to permanent location {{ wp_install_path }}/wordpress - owner: root, group: {{ apache_user }}, mode: '0664', keep_newer: yes" unarchive: diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 7204f741e..aa93c6672 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -21,43 +21,52 @@ quiet: yes -- name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: setup.yml - when: wordpress_installed is undefined # and not installing +- block: -- name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: wordpress_installed is undefined + - name: Provision MySQL DB for WordPress, if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: setup.yml + when: wordpress_installed is undefined # and not installing + + - name: Install WordPress if 'wordpress_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: wordpress_installed is undefined -- name: Enable/Disable/Restart NGINX - include_tasks: nginx.yml + - name: Enable/Disable/Restart NGINX + include_tasks: nginx.yml -- name: Add 'wordpress' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: wordpress - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: WordPress - - option: description - value: '"WordPress is a blog and web site management application."' - - option: wordpress_install - value: "{{ wordpress_install }}" - - option: wordpress_enabled - value: "{{ wordpress_enabled }}" - - option: wordpress_src - value: "{{ wordpress_src }}" - - option: wp_abs_path - value: "{{ wp_abs_path }}" - - option: wp_db_name - value: "{{ wp_db_name }}" - - option: wp_db_user - value: "{{ wp_db_user }}" - - option: wp_url - value: "{{ wp_url }}" - - option: wp_full_url - value: "{{ wp_full_url }}" + - name: Add 'wordpress' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: wordpress + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: WordPress + - option: description + value: '"WordPress is a blog and web site management application."' + - option: wordpress_install + value: "{{ wordpress_install }}" + - option: wordpress_enabled + value: "{{ wordpress_enabled }}" + - option: wordpress_src + value: "{{ wordpress_src }}" + - option: wp_abs_path + value: "{{ wp_abs_path }}" + - option: wp_db_name + value: "{{ wp_db_name }}" + - option: wp_db_user + value: "{{ wp_db_user }}" + - option: wp_url + value: "{{ wp_url }}" + - option: wp_full_url + value: "{{ wp_full_url }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/roles/www_base/files/html/html/credits.html b/roles/www_base/files/html/html/credits.html index e6c428260..6ab6950cc 100644 --- a/roles/www_base/files/html/html/credits.html +++ b/roles/www_base/files/html/html/credits.html @@ -23,9 +23,9 @@ All PhET Interactive Simulations content is available for free at phet.colorado.edu.
All MedLine content is available for free at medlineplus.gov.
All Hesperian content is available for free at hesperian.org.
- Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at mawared.org.
+ Arabic translations of Hesperian content were done by Arab Resource Collective and are available for free at mawared.org.
All Gutenberg content is available for free at www.gutenberg.org.
- All OLPC content is available for free at wiki.laptop.org.
+ All OLPC content is available for free at wiki.laptop.org.
All MIT Scratch content is available for free at scratch.mit.edu.
All UNESCO's IICBA content is available for free at www.iicba.unesco.org.
All Math Expression content is available for free at www.mathexpression.com.
@@ -36,9 +36,9 @@ Internet-in-a-Box also includes the work of content aggregators which we gratefully acknowledge:

- RACHEL is a curation of selected offline content at oer2go.org.
- Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
+ Kiwix is a ZIM server and repository of Wikimedia and other content in a compressed ZIM file format at www.kiwix.org.
KA Lite is a server and repository of Khan Academy content in various languages at learningequality.org/ka-lite.

+ OER2Go/RACHEL is a curation of selected offline content at rachel.worldpossible.org/content.
Internet-in-a-Box also contains a number of applications each of which has its own attribution information, which is included.

diff --git a/roles/www_base/tasks/php-stem.yml b/roles/www_base/tasks/php-stem.yml index 8bce0fd08..15332a942 100644 --- a/roles/www_base/tasks/php-stem.yml +++ b/roles/www_base/tasks/php-stem.yml @@ -2,7 +2,7 @@ # README & Code: https://github.com/iiab/php-stem -# Source Code also here: http://download.iiab.io/packages/php-stem.src.tar +# Source Code also here: https://download.iiab.io/packages/php-stem.src.tar # June 2018 debugging & compilation thanks to Tim Moody & George Hunt # Original bug: https://github.com/iiab/iiab/issues/829 @@ -94,9 +94,9 @@ # stem_available: True # when: php_version == 7.4 and (ansible_machine == "aarch64" or ansible_machine == "x86_64") -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar to / (rpi) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar to / (rpi) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.rpi.tar # dest: / # owner: root # group: root @@ -104,9 +104,9 @@ # remote_src: yes # when: (ansible_machine == "armv7l" or ansible_machine == "armv6l") and stem_available is defined -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar to / (rpi) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar to / (rpi) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.aarch64.tar # dest: / # owner: root # group: root @@ -114,9 +114,9 @@ # remote_src: yes # when: ansible_machine == "aarch64" and stem_available is defined -# - name: Unarchive http://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar to / (x64) +# - name: Unarchive https://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar to / (x64) # unarchive: -# src: http://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar +# src: https://download.iiab.io/packages/php{{ php_version }}-stem.x64.tar # dest: / # owner: root # group: root diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b2c1afbc5..05bd3e12f 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -21,33 +21,34 @@ - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install include_tasks: roles/nginx/tasks/homepage.yml when: nginx_installed is defined - #when: nginx_install -- name: Make home page autostart on localhost (the server's console) if session manager is LXDE (rpi) - stat: - path: /etc/xdg/lxsession/LXDE-pi/autostart - register: lxde_present -- name: Check for Chromium name change +# 2022-07-22: SIMILAR TO roles/iiab-admin/tasks/pwd-warnings.yml FOR passwords +# AND roles/network/tasks/netwarn.yml FOR iiab-network + +- name: Does /etc/xdg/lxsession/LXDE-pi/autostart exist? (if so, auto-launch browser on boot, displaying http://box/home IIAB home page) stat: - path: /usr/bin/chromium + path: /etc/xdg/lxsession/LXDE-pi/autostart + register: lxde_pi_autostart_present + +- name: Does /usr/bin/chromium exist? (check for browser filename change) + stat: + path: /usr/bin/chromium register: chromium_present -- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE +- name: Add chromium-browser to /etc/xdg/lxsession/LXDE-pi/autostart lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium-browser' - line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' - when: - lxde_present.stat.exists and not chromium_present.stat.exists + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/bin/chromium-browser' + line: '/usr/bin/chromium-browser --disable-restore-session-state http://box/home' + when: lxde_pi_autostart_present.stat.exists and not chromium_present.stat.exists -- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart if session manager is LXDE +- name: Add chromium to /etc/xdg/lxsession/LXDE-pi/autostart lineinfile: - path: /etc/xdg/lxsession/LXDE-pi/autostart - regexp: '^/usr/bin/chromium' - line: '/usr/bin/chromium --disable-restore-session-state http://box/home' - when: - lxde_present.stat.exists and chromium_present.stat.exists + path: /etc/xdg/lxsession/LXDE-pi/autostart + regexp: '^/usr/bin/chromium' + line: '/usr/bin/chromium --disable-restore-session-state http://box/home' + when: lxde_pi_autostart_present.stat.exists and chromium_present.stat.exists - debug: @@ -156,9 +157,26 @@ when: not apache_allow_sudo +# 2022-06-30: internet_available var removed +- name: 'Test for Internet access, using: {{ iiab_download_url }}/heart-beat.txt' + get_url: + url: "{{ iiab_download_url }}/heart-beat.txt" + dest: /tmp/heart-beat.txt + #timeout: "{{ download_timeout }}" + # @jvonau recommends: 100sec is too much (keep 10sec default) + ignore_errors: True + #async: 10 + #poll: 2 + register: internet_access_test + +- name: Remove downloaded Internet test file /tmp/heart-beat.txt + file: + path: /tmp/heart-beat.txt + state: absent + - name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation. (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml) command: /usr/bin/iiab-refresh-wiki-docs - when: internet_available and not nodocs + when: not internet_access_test.failed and not nodocs - name: (Re)Start '{{ apache_service }}' systemd service, if installed & enabled diff --git a/roles/yarn/tasks/main.yml b/roles/yarn/tasks/main.yml index 5d8844ab9..c44758b22 100644 --- a/roles/yarn/tasks/main.yml +++ b/roles/yarn/tasks/main.yml @@ -26,23 +26,31 @@ var: yarn_installed -- name: Install Yarn if 'yarn_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml - include_tasks: install.yml - when: yarn_installed is undefined +- block: + - name: Install Yarn if 'yarn_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: yarn_installed is undefined -- name: Add 'yarn' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini - section: yarn - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: Yarn - - option: description - value: '"Fast, reliable, and secure dependency management. Comparable to npm. Released by Facebook in October 2016."' - - option: yarn_install - value: "{{ yarn_install }}" - - option: yarn_enabled - value: "{{ yarn_enabled }}" + - name: Add 'yarn' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: yarn + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: Yarn + - option: description + value: '"Fast, reliable, and secure dependency management. Comparable to npm. Released by Facebook in October 2016."' + - option: yarn_install + value: "{{ yarn_install }}" + - option: yarn_enabled + value: "{{ yarn_enabled }}" + + rescue: + + - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})' + fail: + msg: "" + when: not skip_role_on_error diff --git a/run-one-role.yml b/run-one-role.yml index c7dc1b98c..c10a42a2b 100644 --- a/run-one-role.yml +++ b/run-one-role.yml @@ -3,10 +3,10 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml - - /etc/iiab/iiab_state.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml + - /etc/iiab/iiab_state.yml roles: - { role: 0-init } diff --git a/runrole b/runrole index d29bb900b..644665d2f 100755 --- a/runrole +++ b/runrole @@ -8,7 +8,8 @@ INSTALL=false ENABLED=false REINSTALL=false CWD=`pwd` -ARGS="--extra-vars {" # bash forces {...} to '{...}' for Ansible, SEE BOTTOM +#ARGS="--extra-vars {" +ARGS="--extra-vars {\"skip_role_on_error\":False," # bash forces {...} to '{...}' for Ansible, SEE BOTTOM (IFS-like issue) INVENTORY=ansible_hosts PLAYBOOK=run-one-role.yml @@ -44,7 +45,7 @@ fi #fi if [ "$1" == "--reinstall" ]; then - ARGS="$ARGS\"reinstall\":True," # Needs boolean not string so use JSON list + ARGS="$ARGS\"reinstall\":True," # Needs boolean not string so use JSON list REINSTALL=true shift fi @@ -110,7 +111,7 @@ else export ANSIBLE_LOG_PATH="$CWD/iiab-debug.log" fi -ARGS="$ARGS\"role_to_run\":\"$1\"}" # $1 works like \"$1\" if str validated +ARGS="$ARGS\"role_to_run\":\"$1\"}" # $1 works like \"$1\" if str type validated CMD="ansible-playbook -i $INVENTORY $PLAYBOOK --connection=local $ARGS" echo -e "\e[1mbash will now run this, adding single quotes around the {...} curly braces:\e[0m\n\n$CMD\n" ansible -m setup -i $INVENTORY localhost --connection=local | grep python diff --git a/runroles-base.yml b/runroles-base.yml index 55bcb1efd..8df997790 100644 --- a/runroles-base.yml +++ b/runroles-base.yml @@ -3,9 +3,9 @@ become: yes vars_files: - - vars/default_vars.yml - - vars/{{ ansible_local.local_facts.os_ver }}.yml - - /etc/iiab/local_vars.yml + - vars/default_vars.yml + - vars/{{ ansible_local.local_facts.os_ver }}.yml + - /etc/iiab/local_vars.yml roles: - { role: 0-init } diff --git a/scripts/ansible b/scripts/ansible index cb5ec6a5f..a8dfadfae 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -7,8 +7,8 @@ # https://github.com/iiab/iiab/wiki/Technical-Contributors-Guide#understanding-ansible APT_PATH=/usr/bin # Avoids problematic /usr/local/bin/apt on Linux Mint -CURR_VER=undefined # Ansible version you currently have installed -GOOD_VER=2.12.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) +CURR_VER=undefined # Ansible version you have installed, e.g. [core 2.13.3] +GOOD_VER=2.13.3 # Orig for 'yum install [rpm]' & XO laptops (pip install) # 2021-06-22: The apt approach (with PPA source in /etc/apt/sources.list.d/ and # .gpg key etc) are commented out with ### below. Associated guidance/comments @@ -34,6 +34,8 @@ GOOD_VER=2.12.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) # https://www.ansible.com/blog/ansible-3.0.0-qa # https://github.com/ansible/ansible/tags # https://github.com/ansible/ansible/releases (OLD) +# https://github.com/ansible/ansible/commits/stable-2.13 +# https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst # https://github.com/ansible/ansible/commits/stable-2.12 # https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-v2.12.rst # https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_12.rst @@ -59,18 +61,18 @@ GOOD_VER=2.12.5 # Orig for 'yum install [rpm]' & XO laptops (pip install) #pip3 install --upgrade ansible-core # Then start a new shell, so /usr/local/bin works #ansible-galaxy collection install -r collections.yml -# TEMPORARILY USE ansible-base 2.10.16 (REMOVE W/ "pip3 uninstall ansible-base") +# TEMPORARILY USE ansible-base 2.10.17 (REMOVE W/ "pip3 uninstall ansible-base") #apt install python3-pip -#pip3 install ansible-base==2.10.16 # Start new shell, so /usr/local/bin works +#pip3 install ansible-base==2.10.17 # Start new shell, so /usr/local/bin works # TEMPORARILY USE ANSIBLE 2.9.27 (REMOVE IT WITH "pip3 uninstall ansible") #apt install python3-pip #pip3 install ansible==2.9.27 # TEMPORARILY USE ANSIBLE 2.4.2 DUE TO 2.4.3 MEMORY BUG. Details: iiab/iiab#669 -#echo "Install http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" +#echo "Install https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb" #cd /tmp -#wget http://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb +#wget https://download.iiab.io/packages/ansible_2.4.2.0-1ppa~xenial_all.deb #apt -y --allow-downgrades install ./ansible_2.4.2.0-1ppa~xenial_all.deb export DEBIAN_FRONTEND=noninteractive diff --git a/scripts/iiab-apps-to-be-installed b/scripts/iiab-apps-to-be-installed new file mode 100755 index 000000000..84b6e2f11 --- /dev/null +++ b/scripts/iiab-apps-to-be-installed @@ -0,0 +1,44 @@ +#!/bin/bash + +# Lists IIAB Apps set to install BUT not yet installed (according to /etc/iiab/iiab_state.yml) + +iiab_var_value() { + v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") + v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/") + [[ $v2 != "" ]] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS +} + +# https://askubuntu.com/questions/1250974/user-root-cant-write-to-file-in-tmp-owned-by-someone-else-in-20-04-but-can-in +# https://unix.stackexchange.com/questions/503111/group-permissions-for-root-not-working-in-tmp +[[ $(id -un) == "root" ]] && + rm -f /tmp/iiab-apps-list /tmp/iiab-apps-to-be-installed + +# 2022-06-18: 40 apps (list not quite complete) +#grep -l _installed: /opt/iiab/iiab/roles/*/tasks/install.yml | cut -d/ -f6 > /tmp/iiab-apps-list + +# 2022-06-18: 46 apps (list incorrect) -- adds these 6: iiab_admin, minetest, network (HAS NO _installed VAR), pylibs, www_base, www_options +#grep -l _installed: /opt/iiab/iiab/roles/*/tasks/* | cut -d/ -f6 | sort | uniq > /tmp/iiab-apps-list + +# 2022-06-18: 50 apps (list long but ok!) -- adds these 10: dansguardian, dhcpd, iiab_admin, minetest, named, pylibs, squid, wondershaper, www_base, www_options +grep -hro '[A-Za-z_][A-Za-z_]*_installed: True' --exclude-dir=0-DEPRECATED-ROLES /opt/iiab/iiab/roles | sed 's/_installed: True$//' | sort | uniq > /tmp/iiab-apps-list + +# Non-root CANNOT rm files from /tmp, but CAN write to them (unlike root!!) +# This ALSO creates the file (useful when "Apps2B" == 0, for iiab-summary etc) +truncate -s 0 /tmp/iiab-apps-to-be-installed + +# So other (non-root) users CAN later write to these, even if they CAN'T chmod! +chmod 777 /tmp/iiab-apps-list /tmp/iiab-apps-to-be-installed 2>/dev/null + +while read app; do + if [[ $app == "calibre-web" ]]; then + app=calibreweb + elif [[ $app == "osm-vector-maps" ]]; then + app=osm_vector_maps + fi + + # echo ${app}_install: $(iiab_var_value ${app}_install) + + if [[ $(iiab_var_value ${app}_install) =~ ^[Tt]rue$ ]] && ! grep -q "${app}_installed: True" /etc/iiab/iiab_state.yml; then + echo $app | tee -a /tmp/iiab-apps-to-be-installed + fi +done < /tmp/iiab-apps-list diff --git a/scripts/iiab-diagnostics b/scripts/iiab-diagnostics index 42a3ca703..ed243490c 100755 --- a/scripts/iiab-diagnostics +++ b/scripts/iiab-diagnostics @@ -4,13 +4,23 @@ # PLEASE SEE /opt/iiab/iiab/scripts/iiab-diagnostics.README.md OR ONLINE HERE: # https://github.com/iiab/iiab/blob/master/scripts/iiab-diagnostics.README.md -IIAB_RELEASE=`cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2` -OS_VER=`cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2` -#HASH=`cd /opt/iiab/iiab; git log --pretty=format:'%h' -n 1` -HASH1=`cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1` -HASH2=`cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1` +IIAB_RELEASE=$(cat /etc/iiab/iiab.env | grep IIAB_RELEASE | cut -d'=' -f2) +OS_VER=$(cat /etc/iiab/iiab.env | grep OS_VER | cut -d'=' -f2) YMDT=$(date +%F_%T_%Z) +git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root +HASH1=$(cd /opt/iiab/iiab; git log --pretty=format:'%H' -n 1) # --pretty=format:'%h' (8 chars) +BRANCH1=$(cd /opt/iiab/iiab; git branch --show-current) +REMOTE_URL1=$(cd /opt/iiab/iiab; git config remote.$(git config branch.$BRANCH1.remote).url) +PR_COUNT1=$(cd /opt/iiab/iiab; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +TAG_COMMITS1=$(cd /opt/iiab/iiab; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') +git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root +HASH2=$(cd /opt/iiab/iiab-admin-console; git log --pretty=format:'%H' -n 1) +BRANCH2=$(cd /opt/iiab/iiab-admin-console; git branch --show-current) +REMOTE_URL2=$(cd /opt/iiab/iiab-admin-console; git config remote.$(git config branch.$BRANCH2.remote).url) +PR_COUNT2=$(cd /opt/iiab/iiab-admin-console; git log "$(git describe --tags --abbrev=0)..HEAD" --oneline --grep='Merge pull request' | wc -l) +TAG_COMMITS2=$(cd /opt/iiab/iiab-admin-console; git describe --tags | sed 's/-[^-]*$//' | sed 's/-\([[:digit:]][[:digit:]]*\)$/ (\1 commits)/') + echo -e "\nGathers IIAB diagnostics into 1 file, to accelerate troubleshooting. USAGE:" echo echo -e " iiab-diagnostics" @@ -19,7 +29,7 @@ echo -e " sudo iiab-diagnostics PATH/FILE1 PATH/FILE2 ... # COMPLETE RESU echo echo -ne "Can you provide a \e[1mshort public nickname:\e[0m (no spaces!) " read nickname < /dev/tty -if [ "$nickname" = "" ]; then +if [[ $nickname == "" ]]; then nickname="NONAME" fi @@ -38,12 +48,12 @@ function cat_file_raw() { # $1 = path/filename; $2 = # of lines, for tail echo "FILE EXISTS BUT IS EMPTY!" >> $outfile elif [ $# -eq 1 ]; then echo >> $outfile - # Redact most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') - cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + # Redact (mask) most passwords from /etc/iiab/local_vars.yml, /etc/hostapd/hostapd.conf, /etc/wpa_supplicant/wpa_supplicant.conf, /etc/netplan/*, /etc/network/interfaces, /etc/network/interfaces.d/*, /etc/NetworkManager/system-connections/* ETC -- not much to worry about in /etc/iiab/iiab.ini (' = ') + cat "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile else # e.g. last 100 lines, maximum echo " ...ITS LAST $2 LINES FOLLOW..." >> $outfile echo >> $outfile - tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile + tail -$2 "$1" | sed 's/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\):\).*/\1 [REDACTED]/; s/^\(\s*[[:alnum:]#_-]*\(psk\|passphrase\|password\|wep-key[0-3]\)[= \t]\).*/\1[REDACTED]/' | iconv -t UTF-8//IGNORE >> $outfile fi echo >> $outfile elif [ -h "$1" ]; then @@ -82,26 +92,33 @@ function cat_dir() { fi } -function cat_cmd() { # $1 = command + params, $2 = explanation +function cat_cmd() { # $1 = command + params, $2 = explanation echo " $1 # $2" echo "=IIAB==========================================================================" >> $outfile - cmd=$(echo "$1" | sed 's/\s.*$//') # Keep command on left; Drop params on right - pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command on right - if [ "$2" = "" ]; then - echo "COMMAND: $pth$1" >> $outfile + cmd=$(echo "$1" | sed 's/^\s*\(\S\S*\)\b.*$/\1/') # Keep command on left; Drop params on right (NEC b/c 'command -v' interprets every word on the line!) + #pth=$(command -v $cmd | sed 's/[^/]*$//') # Keep only path on left; Drop command & params on right + path_cmd=$(command -v $cmd) # Use canonical path on left (would drop params on right, but over-interpret each word as a cmd!) + spc_params=$(echo "$1" | sed 's/^\s*\S\S*\s*/ /;s/\s*$//') # Drop command on left; Keep a single space + params on right; RTrim + #spc_params=$(echo "$1" | sed 's/^\s*\S*//;s/\s*$//;s/^\s\s*/ /') # LTrim + drop original path + command on left; RTrim; Compress whitespace in between + #spc_params=$(echo "$1" | sed 's/^[[:blank:]]*[^[:blank:]]*//;s/[[:blank:]]*$//;s/^[[:blank:]][[:blank:]]*/ /') # Equivalent (POSIX compliant) + if [[ $2 == "" ]]; then + echo "COMMAND: $path_cmd$spc_params" >> $outfile else - echo "COMMAND: $pth$1 # $2" >> $outfile + echo "COMMAND: $path_cmd$spc_params # $2" >> $outfile fi echo >> $outfile - if [ "$pth" = "" ]; then + if [[ $path_cmd == "" ]]; then echo "COMMAND NOT FOUND: $1" >> $outfile else - $(echo "eval $1") >> $outfile # eval is nec within backticks, so | (pipes) work: https://stackoverflow.com/a/7184782 + bash -c "$1" >> $outfile # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! + #(exec $1 >> $outfile) # Works with | (pipes) and 'ls -l /lib/firmware/brcm/*43455*' etc! Subshell needed (parens) as exec then exits entire shell. + #eval $1 >> $outfile # Should be identical to below, i.e. insufficient -- "eval" combine ARGs into a single string. + #$(echo "eval $1") >> $outfile # "eval" works with | (pipes) per https://stackoverflow.com/a/7184782 BUT globbing like 'ls -l /lib/firmware/brcm/*43455*' FAILS to output lines w/ filenames that contain spaces (ugly IFS issues!) fi echo >> $outfile } -function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail +function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail echo " $1" echo "=IIAB==========================================================================" >> $outfile cat_file_raw "$1" $2 # e.g. last 100 lines, maximum @@ -110,38 +127,27 @@ function cat_tail() { # $1 = path/filename; $2 = # of lines, for tail # START BUILDING UP THE FILE THAT'LL CONTAIN THE DIAGNOSTICS! echo -e "\nCompiling diagnostics..." -echo -e "\n 0. Filename Header + Git Hashes + Raspberry Pi Model + OS" +echo -e "\n 0. HW + SW Quick Summary" echo "This is: $outfile" >> $outfile echo >> $outfile -echo -e "\n\n\n\n0. GIT HASHES + RASPBERRY PI MODEL + OS" >> $outfile -echo >> $outfile -echo "iiab commit: $HASH1" >> $outfile -echo "iiab-admin-console commit: $HASH2" >> $outfile -echo >> $outfile -cat_file /etc/iiab/pr-list-pulled -cat_file /proc/device-tree/model # Should be identical to /sys/firmware/devicetree/base/model -cat_file /etc/rpi-issue -echo "-IIAB-EXPLANATION-OF-THE-ABOVE-------------------------------------------------" >> $outfile +echo -e "\n\n\n0. HW + SW Quick Summary" >> $outfile echo >> $outfile +/opt/iiab/iiab/scripts/iiab-summary >> $outfile if [ -f /etc/rpi-issue ]; then echo "stage2 = Raspberry Pi OS Lite" >> $outfile echo "stage4 = Raspberry Pi OS with desktop" >> $outfile echo "stage5 = Raspberry Pi OS with desktop + recommended software" >> $outfile - echo >> $outfile echo "SEE https://github.com/RPi-Distro/pi-gen#stage-anatomy" >> $outfile -else - echo "(This is NOT Raspberry Pi OS!)" >> $outfile + echo >> $outfile +fi +if [ -s /tmp/iiab-apps-to-be-installed ]; then + echo "iiab-apps-to-be-installed :" >> $outfile + cat /tmp/iiab-apps-to-be-installed >> $outfile + echo >> $outfile fi -echo >> $outfile -cat_file /etc/issue.net -cat_file /etc/debian_version -cat_cmd 'dpkg --print-architecture' 'RaspiOS-on-PC shows: i386' -cat_cmd 'dpkg --print-foreign-architectures' 'RaspiOS-on-PC shows: amd64' -cat_cmd 'systemctl is-active display-manager.service' 'Graphical Desktop?' -cat_cmd 'grep "^openvpn_" /etc/iiab/local_vars.yml' -echo -e '\n\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' -echo -e '\n\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile +echo -e '\n 1. Files Specially Requested: (from "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' +echo -e '\n\n\n1. FILES SPECIALLY REQUESTED (FROM "iiab-diagnostics PATH/FILE1 PATH/FILE2")\n' >> $outfile for f in "$@"; do cat_file $f done @@ -151,7 +157,7 @@ if [ $# -eq 0 ]; then else echo -e "\n 2. Regular Files:\n" fi -echo -e "\n\n\n\n2. REGULAR FILES\n" >> $outfile +echo -e "\n\n\n2. REGULAR FILES\n" >> $outfile #cat_file /dev/sda # Device "file" test #cat_file /nonsense # Non-existence test #cat_file /opt/iiab/iiab # Directory test @@ -175,22 +181,24 @@ cat_file /library/www/html/home/menu.json #cat_file /tmp/all-ansible-vars echo -e "\n 3. Content of Directories: (1-level deep)\n" -echo -e "\n\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile +echo -e "\n\n\n3. CONTENT OF DIRECTORIES (1-LEVEL DEEP)\n" >> $outfile cat_dir /etc/network/interfaces.d cat_dir /etc/systemd/network -cat_dir /etc/NetworkManager/system-connections +cat_dir /etc/NetworkManager/system-connections # Redacts most passwords above cat_dir /etc/netplan # Redacts most passwords above #cat_dir /etc/sysconfig/network-scripts/if-cfg* # No longer common #cat_dir /etc/network # Above file /etc/network/interfaces suffices echo -e "\n 4. Output of Commands:\n" -echo -e "\n\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile +echo -e "\n\n\n\n4. OUTPUT OF COMMANDS\n" >> $outfile cat_cmd 'uname -a' 'Linux kernel' cat_cmd 'free' 'RAM memory' cat_cmd 'lscpu' 'CPU details' cat_cmd 'df -h' 'Disk usage' +cat_cmd 'df -ah' 'Disk usage detail' cat_cmd 'lsblk' 'Partition mount points' cat_cmd 'blkid' 'Mount point details' +cat_file /etc/fstab cat_cmd 'ip addr' 'Network interfaces' cat_cmd 'ifconfig' 'Network interfaces (old view)' cat_cmd 'ip route' 'Routing table' @@ -209,21 +217,25 @@ cat_cmd 'iw list' 'List capabilities of all wireless devices' cat_cmd 'systemctl status hostapd' 'Downstream Wi-Fi: Is hostapd running?' cat_cmd 'ls -l /etc/wpa_supplicant' 'Upstream Wi-Fi' cat_cmd 'ps -AH' 'Process hierarchy: staging of hostapd & wpa_supplicant?' -cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +#cat_cmd 'dmesg | grep brcm' 'Diagnostic messages: RPi Wi-Fi firmware' +cat_cmd 'dmesg | grep -i -e 80211 -e 802\.11 -e wireless -e wifi -e wlan -e broadcom -e brcm -e bcm -e realtek | head -100' 'Wi-Fi firmware/driver msgs' cat_cmd 'lspci -nn' 'Devices on PCI buses' cat_cmd 'ls -l /lib/firmware/brcm/*43430*' 'RPi Zero W & 3 WiFi firmware' cat_cmd 'ls -l /lib/firmware/brcm/*43455*' 'RPi 3 B+ & 4 WiFi firmware' -cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' cat_cmd 'env' 'Environment variables' +cat_cmd '/opt/iiab/kiwix/bin/kiwix-serve --version' 'kiwix-tools' +cat_cmd 'journalctl -t IIAB-CMDSRV' 'Admin Console CMDSRV log' #cat_cmd 'ansible localhost -m setup 2>/dev/null' 'All Ansible facts' # For cleaner scraping of Ansible vars, consider "./runrole all-vars /tmp/all-ansible-vars" 27-31 lines above? echo -e "\n 5. Firewall Rules:\n" -echo -e "\n\n\n\n5. FIREWALL RULES\n" >> $outfile +echo -e "\n\n\n5. FIREWALL RULES\n" >> $outfile #cat_file /usr/bin/iiab-gen-iptables cat_cmd 'sudo iptables-save' 'Firewall rules' +cat_cmd 'sudo ufw status verbose' 'Firewall status & rules' -echo -e "\n 6. Log Files: (last 100 lines of each)\n" -echo -e "\n\n\n\n6. LOG FILES (LAST 100 LINES OF EACH)\n" >> $outfile +echo -e "\n 6. Log Files: (e.g. last 100 lines of each)\n" +echo -e "\n\n\n6. LOG FILES (e.g. LAST 100 LINES OF EACH)\n" >> $outfile +cat_cmd 'grep -B2 "SEE ERROR ABOVE" /opt/iiab/iiab/*.log' 'for skip_role_on_error' cat_tail /opt/iiab/iiab/iiab-install.log 100 cat_tail /opt/iiab/iiab/iiab-configure.log 100 cat_tail /opt/iiab/iiab/iiab-debug.log 100 @@ -243,11 +255,13 @@ echo -e " $outfile\e[0m" #else echo echo -ne "\e[42;1mPublish it to a web pastebin? [Y/n]\e[0m " -read ans < /dev/tty +read -n 1 -r ans < /dev/tty +echo #fi echo -e "\e[1m" -if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then +#if [ "$ans" == "" ] || [ "$ans" == "y" ] || [ "$ans" == "Y" ]; then +if ! [[ $ans =~ ^[nNqQ]$ ]]; then echo -ne "PUBLISHING TO URL... " #pastebinit -b dpaste.com < $outfile pastebinit -b sprunge.us < $outfile # Run 'pastebinit -l' to list other possible pastebin site URLs diff --git a/scripts/iiab-diagnostics.README.md b/scripts/iiab-diagnostics.README.md index 715d99b14..be341bb4f 100644 --- a/scripts/iiab-diagnostics.README.md +++ b/scripts/iiab-diagnostics.README.md @@ -1,10 +1,16 @@ ## Objective -To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable small file, that can be easily circulated online AND offline. Just FYI Raspberry Pi OS's [/usr/bin/raspinfo](https://github.com/raspberrypi/utils/blob/master/raspinfo/raspinfo) serves a very similar purpose, but we do not include that program's 700-to-800 line output at present. +To streamline troubleshooting of remote Internet-in-a-Box (IIAB) installations, we bundle up common machine/software diagnostics, all together in 1 human-readable file of about 2000 lines, that can be easily circulated online AND offline. -Passwords (including Wi-Fi passwords) are auto-redacted from this file, to protect your community confidentiality. +Just FYI Raspberry Pi OS's [/usr/bin/raspinfo](https://github.com/raspberrypi/utils/blob/master/raspinfo/raspinfo) serves a very similar purpose, but we do not include that program's 700-to-800 line output at present. -Finally, the ``pastebinit`` command can then be used to auto-upload this file, creating a short URL that makes it much easier to circulate among [volunteers](http://internet-in-a-box.org/pages/contributing.html). +For a more concise "instant" summary of any IIAB machine (about 20-25 lines) try this command instead: [/usr/bin/iiab-summary](iiab-summary) + +## What `iiab-diagnostics` does + +Passwords (including Wi-Fi passwords) are auto-redacted as the output file is generated, to protect your community confidentiality. + +Finally, the ``pastebinit`` command can be used to auto-upload the output file (human-readable, approx 2000 lines) creating a short URL that makes it much easier to circulate among [volunteers](https://internet-in-a-box.org/contributing.html). But first off, the file is compiled by harvesting 1 + 6 kinds of things: @@ -62,4 +68,4 @@ But first off, the file is compiled by harvesting 1 + 6 kinds of things: ## Source Code -Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 110-233 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. +Please look over the bottom of [iiab-diagnostics](iiab-diagnostics) (lines 127-245 especially) to learn more about which common IIAB files and commands make this rapid troubleshooting possible. diff --git a/scripts/iiab-network b/scripts/iiab-network new file mode 100644 index 000000000..c2d12056f --- /dev/null +++ b/scripts/iiab-network @@ -0,0 +1,3 @@ +#!/bin/bash -e +cd /opt/iiab/iiab +sudo ./iiab-network diff --git a/scripts/iiab-summary b/scripts/iiab-summary new file mode 100755 index 000000000..2e1da90a7 --- /dev/null +++ b/scripts/iiab-summary @@ -0,0 +1,86 @@ +#!/bin/bash + +# Intentionally very concise summary of IIAB details. +# Can evolve for int'l community needs, alongside the much longer: +# https://github.com/iiab/iiab/blob/master/scripts/iiab-diagnostics.README.md + +git config --global --add safe.directory /opt/iiab/iiab # Nec below, if non-root +cd /opt/iiab/iiab +SHORT_HASH1=$(git log --pretty=format:'%h' -n 1) # --pretty=format:'%H' (all 40 chars) +TAG1=$(git describe --tags --abbrev=0) +COMMITS1=$(git log "$TAG1..HEAD" --oneline | wc -l) +PR_COUNT1=$(git log "$TAG1..HEAD" --oneline --grep='Merge pull request' | wc -l) +COMMIT_MSG1=$(git log --format=%B -1 | head -1) +BRANCH1=$(git branch --show-current) +REMOTE_URL1="none" +tmp=$(git config branch.$BRANCH1.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + REMOTE_URL1=$tmp + else + REMOTE_URL1=$(git config remote.$tmp.url) + fi +} + +git config --global --add safe.directory /opt/iiab/iiab-admin-console # Nec below, if non-root +cd /opt/iiab/iiab-admin-console +SHORT_HASH2=$(git log --pretty=format:'%h' -n 1) # --pretty=format:'%H' (all 40 chars) +TAG2=$(git describe --tags --abbrev=0) +COMMITS2=$(git log "$TAG2..HEAD" --oneline | wc -l) +PR_COUNT2=$(git log "$TAG2..HEAD" --oneline --grep='Merge pull request' | wc -l) +COMMIT_MSG2=$(git log --format=%B -1 | head -1) +BRANCH2=$(git branch --show-current) +REMOTE_URL2="none" +tmp=$(git config branch.$BRANCH2.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + REMOTE_URL2=$tmp + else + REMOTE_URL2=$(git config remote.$tmp.url) + fi +} + +echo "$(grep install_date /etc/iiab/iiab.ini) Current TZ: $(date +%Z)" +echo +echo -e "iiab: $SHORT_HASH1, $PR_COUNT1 PR's / $COMMITS1 commits since tag $TAG1" +echo -e " \"$COMMIT_MSG1\"" +echo " $REMOTE_URL1 branch: $BRANCH1" +if [ -f /etc/iiab/pr-list-pulled ]; then + echo + echo "/etc/iiab/pr-list-pulled:" + cat /etc/iiab/pr-list-pulled +fi +echo +if [ -d /opt/iiab/iiab-admin-console ]; then + echo -e "iiab-admin-console: $SHORT_HASH2, $PR_COUNT2 PR's / $COMMITS2 commits since tag $TAG2" + echo -e " \"$COMMIT_MSG2\"" + echo " $REMOTE_URL2 branch: $BRANCH2" +else + echo " WARNING: Directory /opt/iiab/iiab-admin-console does not exist!" +fi +echo +if [ -f /etc/rpi-issue ]; then + cat /etc/rpi-issue + echo "/etc/debian-version: $(cat /etc/debian_version)" +else + echo "$(cat /etc/issue.net) $(cat /etc/debian_version)" +fi +echo "display-manager? $(systemctl is-active display-manager.service) Arch1: $(dpkg --print-architecture) Arch2: $(dpkg --print-foreign-architectures)" +uname -rvp +echo "$(lscpu | grep '^Model name:' | sed 's/^Model name:\s*//') $(lscpu | grep '^CPU(s):' | tr -s ' ') "$(free -m | tail -2 | tr -s ' ' | cut -d' ' -f1-2) +if [ -f /proc/device-tree/model ]; then + cat /proc/device-tree/model ; echo # MORE RPi DETAIL: tail -4 /proc/cpuinfo +fi +if [ -f /sys/class/thermal/thermal_zone0/temp ]; then + echo "Temperature(s): "$(cat /sys/class/thermal/thermal_zone*/temp) # Prettier if avail: vcgencmd measure_temp +fi +#if command -v landscape-sysinfo > /dev/null; then # Slow, Ubuntu Server only +# landscape-sysinfo --sysinfo-plugins=Disk,Temperature,Load # Like: uptime -p +#fi +echo +/opt/iiab/iiab/scripts/iiab-apps-to-be-installed > /dev/null +echo "$(df -h /) ZIMs: $(ls /library/zims/content/ | wc -l) OER2Go: $(ls /library/www/html/modules/ | wc -l) Apps2B: $(cat /tmp/iiab-apps-to-be-installed | wc -l)" +echo +echo $(ip -o link show | awk -F': ' '{print $2}') # Better order than: ls -rt /sys/class/net +grep "^openvpn_enabled:" /etc/iiab/local_vars.yml +grep "^openvpn_handle:" /etc/iiab/local_vars.yml +hostname -I +echo diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact index 164efbb89..57d56575b 100755 --- a/scripts/local_facts.fact +++ b/scripts/local_facts.fact @@ -3,7 +3,7 @@ # Higher-level purpose explained at the bottom of: # https://github.com/iiab/iiab/blob/master/vars/default_vars.yml -# 2020-10-27: Most of the 11 variables require a command[*] to be run to +# 2020-10-27: Most of the 13 variables require a command[*] to be run to # establish the var's value. WE DISPLAY ALL ERRORS / DIAGNOSTICS AND CONTINUE. # # [*] DOESN'T MATTER WHAT COMMAND: so long as it fails with Return Code != 0 @@ -12,9 +12,10 @@ STAGE=0 OS="none" VERSION_ID="none" # This var's combined with the above, before being output +IIAB_REMOTE_URL="none" IIAB_BRANCH="none" IIAB_COMMIT="none" -#XO_MODEL="none" +IIAB_RECENT_TAG="none" RPI_MODEL="none" DEVICETREE_MODEL="none" ANSIBLE_VERSION="none" @@ -63,6 +64,7 @@ OS_VER="$OS-$VERSION_ID" #"ubuntu-18" | \ #"ubuntu-19" | \ #"ubuntu-2104" | \ + #"ubuntu-2110" | \ #"centos-7" | \ #"raspbian-8" | \ #"raspbian-9" | \ @@ -75,8 +77,8 @@ case $OS_VER in "debian-11" | \ "debian-12" | \ "ubuntu-2004" | \ - "ubuntu-2110" | \ "ubuntu-2204" | \ + "ubuntu-2210" | \ "linuxmint-20" | \ "linuxmint-21" | \ "raspbian-11") @@ -85,15 +87,23 @@ case $OS_VER in ;; esac -# These next 2 help indicate what version of IIAB +# These next 4 help indicate what version of IIAB tmp=$(git rev-parse --abbrev-ref HEAD) && IIAB_BRANCH=$tmp +tmp=$(git config branch.$IIAB_BRANCH.remote) && { + if [[ $tmp =~ ^"https://" ]]; then + IIAB_REMOTE_URL=$tmp + else + IIAB_REMOTE_URL=$(git config remote.$tmp.url) + fi +} + tmp=$(git rev-parse --verify HEAD) && IIAB_COMMIT=$tmp -#tmp=$(cat /proc/device-tree/mfg-data/MN) && -# XO_MODEL=$tmp +tmp=$(git describe --tags --abbrev=0) && + IIAB_RECENT_TAG=$tmp grep -iq raspberry /proc/device-tree/model && RPI_MODEL=$(grep -ai raspberry /proc/device-tree/model | tr -d '\0') @@ -140,13 +150,13 @@ cat < "IIAB Networking" +network_install: True +network_enabled: True # NETWORK PARAMETERS FOLLOW ACROSS THE NEXT 100 LINES, as enabled by Ansible's # NETWORK role (/opt/iiab/iiab/roles/network). SEE ALSO: # https://github.com/iiab/iiab/blob/master/roles/network/defaults/main.yml -# The following variable may be useful in debugging: -disregard_network: False # Use cache, or error out if cache does not exist. - iiab_hostname: box iiab_domain: lan -lan_ip: 172.18.96.1 -lan_netmask: 255.255.224.0 +lan_ip: 10.10.10.10 +network_172: False # Change to True if you set the above to 172.18.96.1 +lan_netmask: 255.255.255.0 # Change to 255.255.224.0 if using 172.18.96.1 # Internal Wi-Fi Access Point # Values are used if there is an internal Wi-Fi adapter and hostapd is enabled. @@ -106,7 +112,17 @@ lan_netmask: 255.255.224.0 # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country -- SET THIS IN /etc/iiab/local_vars.yml +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g @@ -185,13 +201,13 @@ dnsmasq_install: True dnsmasq_enabled: True # UNMAINTAINED as of July 2021 -dhcpd_install: False -dhcpd_enabled: False +#dhcpd_install: False +#dhcpd_enabled: False # UNMAINTAINED as of July 2021 # named (BIND) -named_install: False -named_enabled: False +#named_install: False +#named_enabled: False block_DNS: False # Enable in local_vars.yml AFTER installing IIAB! Then run "cd /opt/iiab/iiab; ./iiab-network" @@ -341,20 +357,20 @@ nodocs: False # http://lists.laptop.org/pipermail/server-devel/ if you're able to help test. # UNMAINTAINED since about 2012-2017 -xo_services_install: False # 2020-01-23: UNUSED -xo_services_enabled: False # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html +#xo_services_install: False # 2020-01-23: UNUSED +#xo_services_enabled: False # 2020-01-23: Used in idmgr/tasks/main.yml & iiab-admin-console/roles/console/files/htmlf/20-configure.html # UNMAINTAINED since about 2012-2017 -activity_server_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml) -activity_server_enabled: False # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml) +#activity_server_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml (originally defined in activity-server/defaults/main.yml) +#activity_server_enabled: False # 2020-01-23: Used in activity-server/tasks/main.yml (originally defined in activity-server/defaults/main.yml) # UNMAINTAINED since about 2012-2017: consider 'ejabberd' in Stage 6-GENERIC-APPS below? -ejabberd_xs_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml -ejabberd_xs_enabled: False # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml +#ejabberd_xs_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml & roles/ejabberd_xs/tasks/main.yml +#ejabberd_xs_enabled: False # 2020-01-23: Used in roles/ejabberd_xs/tasks/main.yml # UNMAINTAINED since about 2012-2017: change calibre_port from 8080 to 8010 below, if you use idmgr -idmgr_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml -idmgr_enabled: False # 2020-01-23: UNUSED +#idmgr_install: False # 2020-01-23: Used in 5-xo-services/tasks/main.yml +#idmgr_enabled: False # 2020-01-23: UNUSED # 6-GENERIC-APPS @@ -372,17 +388,17 @@ azuracast_https_port: 10443 azuracast_port_range_prefix: 10 # UNMAINTAINED as of January 2020: https://github.com/iiab/iiab/issues/2056 -dokuwiki_install: False -dokuwiki_enabled: False -dokuwiki_url: /dokuwiki +#dokuwiki_install: False +#dokuwiki_enabled: False +#dokuwiki_url: /dokuwiki # UNMAINTAINED as of November 2019 -ejabberd_install: False -ejabberd_enabled: False +#ejabberd_install: False +#ejabberd_enabled: False # UNMAINTAINED as of July 2021 -elgg_install: False -elgg_enabled: False +#elgg_install: False +#elgg_enabled: False # elgg_mysql_password: $6$iiab51$jeTwnATcbaa92xo0QBTgjLBU.5aVDDrbKeNyyC99R/TAWz6pvfzj.L7lfnOVVjD78nxqT.gkNn6XZmuRV0W3o1 elgg_mysql_password: elgg4kids @@ -442,7 +458,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -528,11 +544,11 @@ transmission_group: debian-transmission # Monitor downloads at http://box:9091 or http://box:9091/transmission using Admin/changeme transmission_http_port: 9091 transmission_url: /transmission/ -transmission_whitelist: 127.0.0.1,::1,192.168.*.*,172.18.96.*,10.8.0.* +transmission_whitelist: 127.0.0.1,::1,192.168.*.*,10.10.10,*,172.18.96.*,10.8.0.* transmission_whitelist_enabled: "false" # LOWERCASE STRING for settings.json transmission_peer_port: 51413 -# Provision Transmission with torrent(s) from http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# Provision Transmission with torrent(s) from https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_provision: True transmission_kalite_version: 0.17 @@ -557,6 +573,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False @@ -647,7 +667,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False @@ -678,7 +698,7 @@ pbx_http_port: 83 # authserver_install: False # authserver_enabled: False -# Unmaintained (better to install from http://teamviewer.com or prep scripts at http://download.iiab.io) +# Unmaintained (better to install from https://teamviewer.com or prep scripts at https://download.iiab.io) # teamviewer_install: False # teamviewer_enabled: False @@ -735,6 +755,7 @@ pbx_http_port: 83 is_debuntu: False # Covers all 4: Ubuntu, Linux Mint, Debian, Raspberry Pi OS (Raspbian) is_ubuntu: False # Covers: Ubuntu, Linux Mint +is_ubuntu_2210: False is_ubuntu_2204: False is_ubuntu_2110: False is_ubuntu_2104: False diff --git a/vars/fedora-18.yml b/vars/fedora-18.yml.unused similarity index 100% rename from vars/fedora-18.yml rename to vars/fedora-18.yml.unused diff --git a/vars/fedora-22.yml b/vars/fedora-22.yml.unused similarity index 100% rename from vars/fedora-22.yml rename to vars/fedora-22.yml.unused diff --git a/vars/linuxmint-20.yml b/vars/linuxmint-20.yml index 0afc95bb0..4e3cc762b 100644 --- a/vars/linuxmint-20.yml +++ b/vars/linuxmint-20.yml @@ -6,23 +6,17 @@ is_ubuntu_20: True is_linuxmint: True is_linuxmint_20: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 7.4 diff --git a/vars/linuxmint-21.yml b/vars/linuxmint-21.yml index 5a1e79131..799915c1e 100644 --- a/vars/linuxmint-21.yml +++ b/vars/linuxmint-21.yml @@ -2,30 +2,24 @@ # /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: is_debuntu: True is_ubuntu: True # Opposite of is_debian for now -is_ubuntu_22: True +is_ubuntu_2204: True is_linuxmint: True is_linuxmint_21: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.10 +python_ver: "3.10" diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index 6478638c3..588868b7f 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g @@ -265,7 +275,7 @@ nextcloud_enabled: True # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: True @@ -281,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True @@ -312,7 +322,7 @@ sugarizer_enabled: True transmission_install: True transmission_enabled: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french @@ -333,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False @@ -398,7 +412,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 6c56bf89e..c2cbb7708 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g @@ -265,7 +275,7 @@ nextcloud_enabled: True # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: True @@ -281,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: True kolibri_enabled: True -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True @@ -312,7 +322,7 @@ sugarizer_enabled: True transmission_install: True transmission_enabled: True # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french @@ -333,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False @@ -398,7 +412,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_none.yml b/vars/local_vars_none.yml new file mode 100644 index 000000000..871068689 --- /dev/null +++ b/vars/local_vars_none.yml @@ -0,0 +1,13 @@ +# turn off defaults +remoteit_install: False +openvpn_install: False +kalite_install: False +kalite_enabled: False +kiwix_install: False +kiwix_enabled: False +osm_vector_maps_install: False +awstats_install: False +awstats_enabled: False +matomo_install: False +matomo_enabled: False +captiveportal_install: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index a3c7ed0bc..783009ab8 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: Internet in a Box host_wifi_mode: g @@ -265,7 +275,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -281,7 +291,7 @@ kalite_enabled: True # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: True @@ -312,7 +322,7 @@ sugarizer_enabled: False transmission_install: False transmission_enabled: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french @@ -333,6 +343,10 @@ transmission_kalite_languages: awstats_install: True awstats_enabled: True +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: True +matomo_enabled: True + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False @@ -398,7 +412,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 585277444..7015d826d 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -54,7 +54,17 @@ iiab_domain: lan # YOU'LL PREVENT OLDER LAPTOPS/PHONES/TABLETS (WHICH REQUIRE 2.4 GHz) FROM # CONNECTING TO YOUR IIAB'S INTERNAL HOTSPOT. See "wifi_up_down: True" below. # -# Raspberry Pi OS requires WiFi country since March 2018. Please set it here: +# Raspberry Pi OS requires WiFi country since March 2018. +# +# If you're running Raspberry Pi OS, you may have already set the country code +# in /etc/wpa_supplicant/wpa_supplicant.conf e.g. if you ran raspi-config or used +# the Wi-Fi widget in the top-right of its graphical desktop. +# +# If so, this detected value will be considered authoritative, and will be used +# to populate /etc/hostapd/hostapd.conf +# +# Finally, if IIAB does not detect a country code from your OS, the following +# fallback variable will be used instead: (to populate /etc/hostapd/hostapd.conf) host_country_code: US host_ssid: unittest host_wifi_mode: g @@ -265,7 +275,7 @@ nextcloud_enabled: False # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112). # Uncomment the following line to end that: (might install an older Nextcloud!) -# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2 +# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2 # If using WordPress intensively, set nginx_high_php_limits further above. wordpress_install: False @@ -281,7 +291,7 @@ kalite_enabled: False # Successor to KA Lite, for offline-first teaching and learning - from learningequality.org kolibri_install: False kolibri_enabled: False -kolibri_language: en # ar,bg-bg,bn-bd,de,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,hi-in,it,km,ko,mr,my,nyn,pt-br,sw-tz,te,ur-pk,vi,yo,zh-hans +kolibri_language: en # ar,bg-bg,bn-bd,de,el,en,es-es,es-419,fa,fr-fr,ff-cm,gu-in,ha,hi-in,id,it,ka,km,ko,mr,my,nyn,pt-br,pt-mz,sw-tz,te,uk,ur-pk,vi,yo,zh-hans # kiwix_install: True is REQUIRED, if you install IIAB's Admin Console kiwix_install: False @@ -312,7 +322,7 @@ sugarizer_enabled: False transmission_install: False transmission_enabled: False # A. UNCOMMENT LANGUAGE(S) TO DOWNLOAD KA Lite VIDEOS TO /library/transmission -# using http://pantry.learningequality.org/downloads/ka-lite/0.17/content/ +# using https://pantry.learningequality.org/downloads/ka-lite/0.17/content/ transmission_kalite_languages: #- english #- french @@ -333,6 +343,10 @@ transmission_kalite_languages: awstats_install: False awstats_enabled: False +# Matomo is a web analytics alternative to Google Analytics, emphasizing privacy and data ownership. +matomo_install: False +matomo_enabled: False + # Process supervision tool - from https://mmonit.com/monit/ # 2020-09-22 WARNING: both vars are IGNORED on Debian 10 due to: iiab/iiab#1849 monit_install: False @@ -398,7 +412,7 @@ calibre_web_path: calibre #NEEDS WORK: https://github.com/iiab/iiab/issues/529 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # REQUIRES PHP 7.4 e.g. Ubuntu 20.04, Debian 11 -- RaspiOS 11 might also work. -# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#pbx-readme +# INSTRUCTIONS: https://github.com/iiab/iiab/tree/master/roles/pbx#readme # If using PBX intensively, investigate nginx_high_php_limits further above. pbx_install: False pbx_enabled: False diff --git a/vars/raspbian-10.yml b/vars/raspbian-10.yml.unused similarity index 87% rename from vars/raspbian-10.yml rename to vars/raspbian-10.yml.unused index b2f3298d8..ed6b61e0f 100644 --- a/vars/raspbian-10.yml +++ b/vars/raspbian-10.yml.unused @@ -35,6 +35,6 @@ minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game minetest_rpi_src_tar: minetest.5.1.1.tar.gz -#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}" +#minetest_rpi_src_url: "https://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_url: "{{ iiab_download_url }}/{{ minetest_rpi_src_tar }}" minetest_rpi_src_untarred: Minetest diff --git a/vars/raspbian-11.yml b/vars/raspbian-11.yml index d1d1d8672..6ad1ebe21 100644 --- a/vars/raspbian-11.yml +++ b/vars/raspbian-11.yml @@ -6,23 +6,17 @@ is_debian_11: True is_raspbian: True is_raspbian_11: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_conf_dir: apache2/sites-available apache_user: www-data apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: ssh sshd_service: ssh php_version: 7.4 @@ -35,6 +29,6 @@ minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game minetest_rpi_src_tar: minetest.5.1.1.tar.gz -#minetest_rpi_src_url: "http://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" -minetest_rpi_src_url: "http://d.iiab.io/packages/{{ minetest_rpi_src_tar }}" +#minetest_rpi_src_url: "https://www.nathansalapat.com/downloads/{{ minetest_rpi_src_tar }}" +minetest_rpi_src_url: "{{ iiab_download_url }}/{{ minetest_rpi_src_tar }}" minetest_rpi_src_untarred: Minetest diff --git a/vars/raspbian-8.yml b/vars/raspbian-8.yml.unused similarity index 100% rename from vars/raspbian-8.yml rename to vars/raspbian-8.yml.unused diff --git a/vars/raspbian-9.yml b/vars/raspbian-9.yml.unused similarity index 92% rename from vars/raspbian-9.yml rename to vars/raspbian-9.yml.unused index abf0acbd2..6d955a00c 100644 --- a/vars/raspbian-9.yml +++ b/vars/raspbian-9.yml.unused @@ -31,5 +31,5 @@ systemd_location: /lib/systemd/system minetest_server_bin: /library/games/minetest/bin/minetestserver minetest_working_dir: /library/games/minetest minetest_game_dir: /library/games/minetest/games/minetest_game -minetest_rpi_src_url: http://www.nathansalapat.com/downloads/0.4.17.1.tar.gz +minetest_rpi_src_url: https://www.nathansalapat.com/downloads/0.4.17.1.tar.gz minetest_rpi_src: minetest-0.4.17.1.tar.gz diff --git a/vars/ubuntu-2004.yml b/vars/ubuntu-2004.yml index 7e7e1a2ad..b5890c330 100644 --- a/vars/ubuntu-2004.yml +++ b/vars/ubuntu-2004.yml @@ -4,23 +4,17 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2004: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 7.4 diff --git a/vars/ubuntu-2104.yml b/vars/ubuntu-2104.yml.unused similarity index 100% rename from vars/ubuntu-2104.yml rename to vars/ubuntu-2104.yml.unused diff --git a/vars/ubuntu-2110.yml b/vars/ubuntu-2110.yml.unused similarity index 100% rename from vars/ubuntu-2110.yml rename to vars/ubuntu-2110.yml.unused diff --git a/vars/ubuntu-2204.yml b/vars/ubuntu-2204.yml index 45228126e..47d60d401 100644 --- a/vars/ubuntu-2204.yml +++ b/vars/ubuntu-2204.yml @@ -4,26 +4,20 @@ is_debuntu: True is_ubuntu: True # Opposite of is_debian for now is_ubuntu_2204: True -# 2019-03-23: These apply if-only-if named_install and/or dhcpd_install are True -# (This is quite rare now that vars/default_vars.yml sets dnsmasq_install: True) -dns_service: bind9 -dns_user: bind -dhcp_service: isc-dhcp-server - proxy: squid proxy_user: proxy apache_service: apache2 apache_user: www-data apache_conf_dir: apache2/sites-available apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log smb_service: smbd nmb_service: nmbd systemctl_program: /bin/systemctl mysql_service: mariadb -apache_log: /var/log/apache2/access.log sshd_package: openssh-server sshd_service: ssh php_version: 8.1 postgresql_version: 14 systemd_location: /lib/systemd/system -python_ver: 3.10 +python_ver: "3.10" diff --git a/vars/ubuntu-2210.yml b/vars/ubuntu-2210.yml new file mode 100644 index 000000000..31d73daf9 --- /dev/null +++ b/vars/ubuntu-2210.yml @@ -0,0 +1,23 @@ +# Every is_ var is initially set to 'False' at the bottom of +# /opt/iiab/iiab/vars/default_vars.yml -- these 'True' lines override that: +is_debuntu: True +is_ubuntu: True # Opposite of is_debian for now +is_ubuntu_2210: True + +proxy: squid +proxy_user: proxy +apache_service: apache2 +apache_user: www-data +apache_conf_dir: apache2/sites-available +apache_log_dir: /var/log/apache2 +apache_log: /var/log/apache2/access.log +smb_service: smbd +nmb_service: nmbd +systemctl_program: /bin/systemctl +mysql_service: mariadb +sshd_package: openssh-server +sshd_service: ssh +php_version: 8.1 +postgresql_version: 14 +systemd_location: /lib/systemd/system +python_ver: "3.10"